diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-02-18 22:14:00 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-18 22:14:00 +0100 |
commit | e9642be2cce7f5e90406980092a6f71f504a16af (patch) | |
tree | 261c0a274329240ef9c79f618f28fcb51f0a6a07 /src/shared | |
parent | f3d5485b805de60ee71810eeb58e82d44ce24fe1 (diff) |
seccomp: add helper call to add all secondary archs to a seccomp filter
And make use of it where appropriate for executing services and for
nspawn.
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/seccomp-util.c | 26 | ||||
-rw-r--r-- | src/shared/seccomp-util.h | 2 |
2 files changed, 28 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index ee39cc7c1d..d73a74912e 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -61,3 +61,29 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { return 0; } + +int seccomp_add_secondary_archs(scmp_filter_ctx *c) { + +#if defined(__i386__) || defined(__x86_64__) + int r; + + /* Add in all possible secondary archs we are aware of that + * this kernel might support. */ + + r = seccomp_arch_add(c, SCMP_ARCH_X86); + if (r < 0 && r != -EEXIST) + return r; + + r = seccomp_arch_add(c, SCMP_ARCH_X86_64); + if (r < 0 && r != -EEXIST) + return r; + + r = seccomp_arch_add(c, SCMP_ARCH_X32); + if (r < 0 && r != -EEXIST) + return r; + +#endif + + return 0; + +} diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 6b63902f5d..9a51a85b49 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -24,3 +24,5 @@ const char* seccomp_arch_to_string(uint32_t c); int seccomp_arch_from_string(const char *n, uint32_t *ret); + +int seccomp_add_secondary_archs(scmp_filter_ctx *c); |