summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn-seccomp.c
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-10-24 20:23:21 -0400
committerGitHub <noreply@github.com>2016-10-24 20:23:21 -0400
commit8d3eafa161af22bb04dc0210885ffe79560a59ee (patch)
tree3a98a0dddd08bcc7c66ae527d10e871734db4ff8 /src/nspawn/nspawn-seccomp.c
parentf2e5f466cbd8e0a93325e4ea8c2c38db3bbd1bc8 (diff)
parent171ae2cd86390c17d51121f9dff607911b888c5a (diff)
Merge pull request #4450 from poettering/seccompfixes
Various seccomp fixes and NEWS update.
Diffstat (limited to 'src/nspawn/nspawn-seccomp.c')
-rw-r--r--src/nspawn/nspawn-seccomp.c18
1 files changed, 3 insertions, 15 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 44a0b397ab..03a397d30c 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -135,15 +135,9 @@ int setup_seccomp(uint64_t cap_list_retain) {
return 0;
}
- seccomp = seccomp_init(SCMP_ACT_ALLOW);
- if (!seccomp)
- return log_oom();
-
- r = seccomp_add_secondary_archs(seccomp);
- if (r < 0) {
- log_error_errno(r, "Failed to add secondary archs to seccomp filter: %m");
- goto finish;
- }
+ r = seccomp_init_conservative(&seccomp, SCMP_ACT_ALLOW);
+ if (r < 0)
+ return log_error_errno(r, "Failed to allocate seccomp object: %m");
r = seccomp_add_default_syscall_filter(seccomp, cap_list_retain);
if (r < 0)
@@ -171,12 +165,6 @@ int setup_seccomp(uint64_t cap_list_retain) {
goto finish;
}
- r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
- if (r < 0) {
- log_error_errno(r, "Failed to unset NO_NEW_PRIVS: %m");
- goto finish;
- }
-
r = seccomp_load(seccomp);
if (r < 0) {
log_error_errno(r, "Failed to install seccomp audit filter: %m");