Merge pull request #5270 from poettering/seccomp-namespace-fix

swap seccomp filter params on s390
author: Evgeny Vereshchagin <evvers@ya.ru> 2017-02-09 03:31:22 +0300
committer: GitHub <noreply@github.com> 2017-02-09 03:31:22 +0300
commit: 52a4aafb4dd178afae5ce8ceadd852233cac10f3 (patch)
tree: f1a0176cacb9f730e9d774d5467c391a18231996 /src/shared/seccomp-util.h
parent: 2026e39b2d2f9a2951cdf72be53fde1f2dac4c63 (diff)
parent: b8076e3d06dd93664969c774444b74be69d15d23 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index bfbfb5ab3d..61f94de638 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -91,6 +91,13 @@ int seccomp_memory_deny_write_execute(void);
 #define SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN 1
 #endif
 
+/* we don't know the right order of the clone() parameters except for these archs, for now */
+#if defined(__x86_64__) || defined(__i386__) || defined(__s390x__) || defined(__s390__)
+#define SECCOMP_RESTRICT_NAMESPACES_BROKEN 0
+#else
+#define SECCOMP_RESTRICT_NAMESPACES_BROKEN 1
+#endif
+
 extern const uint32_t seccomp_local_archs[];
 
 #define SECCOMP_FOREACH_LOCAL_ARCH(arch) \
author	Evgeny Vereshchagin <evvers@ya.ru>	2017-02-09 03:31:22 +0300
committer	GitHub <noreply@github.com>	2017-02-09 03:31:22 +0300
commit	52a4aafb4dd178afae5ce8ceadd852233cac10f3 (patch)
tree	f1a0176cacb9f730e9d774d5467c391a18231996 /src/shared/seccomp-util.h
parent	2026e39b2d2f9a2951cdf72be53fde1f2dac4c63 (diff)
parent	b8076e3d06dd93664969c774444b74be69d15d23 (diff)