seccomp: RestrictAddressFamilies= is not supported on i386/s390/s390x, make it a NOP

See: #5215
author: Lennart Poettering <lennart@poettering.net> 2017-02-03 18:31:05 +0100
committer: Lennart Poettering <lennart@poettering.net> 2017-02-06 14:17:12 +0100
commit: ad8f1479b46c72d103b7f4f7b8ff4f59f7455285 (patch)
tree: 6209085533eda460591d509f4e2fdee8b1aefb75 /src/shared/seccomp-util.c
parent: 9194199c9894c5fd4f497fbbf5fc0449686c8fe5 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index bd9c0aac60..609e0619af 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -873,6 +873,8 @@ int seccomp_protect_sysctl(void) {
 }
 
 int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
+
+#if !SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
         uint32_t arch;
         int r;
 
@@ -1001,6 +1003,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
                 if (r < 0)
                         log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
         }
+#endif
 
         return 0;
 }
author	Lennart Poettering <lennart@poettering.net>	2017-02-03 18:31:05 +0100
committer	Lennart Poettering <lennart@poettering.net>	2017-02-06 14:17:12 +0100
commit	ad8f1479b46c72d103b7f4f7b8ff4f59f7455285 (patch)
tree	6209085533eda460591d509f4e2fdee8b1aefb75 /src/shared/seccomp-util.c
parent	9194199c9894c5fd4f497fbbf5fc0449686c8fe5 (diff)