summaryrefslogtreecommitdiff
path: root/src/shared
diff options
context:
space:
mode:
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/bus-util.c15
-rw-r--r--src/shared/bus-util.h6
-rw-r--r--src/shared/seccomp-util.c30
3 files changed, 38 insertions, 13 deletions
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 6aebe18fc0..8ddfb584ea 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -1116,9 +1116,9 @@ static int map_basic(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_
int bus_message_map_all_properties(
sd_bus_message *m,
const struct bus_properties_map *map,
+ sd_bus_error *error,
void *userdata) {
- _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
assert(m);
@@ -1156,9 +1156,9 @@ int bus_message_map_all_properties(
v = (uint8_t *)userdata + prop->offset;
if (map[i].set)
- r = prop->set(sd_bus_message_get_bus(m), member, m, &error, v);
+ r = prop->set(sd_bus_message_get_bus(m), member, m, error, v);
else
- r = map_basic(sd_bus_message_get_bus(m), member, m, &error, v);
+ r = map_basic(sd_bus_message_get_bus(m), member, m, error, v);
if (r < 0)
return r;
@@ -1184,6 +1184,7 @@ int bus_message_map_all_properties(
int bus_message_map_properties_changed(
sd_bus_message *m,
const struct bus_properties_map *map,
+ sd_bus_error *error,
void *userdata) {
const char *member;
@@ -1192,7 +1193,7 @@ int bus_message_map_properties_changed(
assert(m);
assert(map);
- r = bus_message_map_all_properties(m, map, userdata);
+ r = bus_message_map_all_properties(m, map, error, userdata);
if (r < 0)
return r;
@@ -1222,10 +1223,10 @@ int bus_map_all_properties(
const char *destination,
const char *path,
const struct bus_properties_map *map,
+ sd_bus_error *error,
void *userdata) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
- _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
assert(bus);
@@ -1239,13 +1240,13 @@ int bus_map_all_properties(
path,
"org.freedesktop.DBus.Properties",
"GetAll",
- &error,
+ error,
&m,
"s", "");
if (r < 0)
return r;
- return bus_message_map_all_properties(m, map, userdata);
+ return bus_message_map_all_properties(m, map, error, userdata);
}
int bus_connect_transport(BusTransport transport, const char *host, bool user, sd_bus **ret) {
diff --git a/src/shared/bus-util.h b/src/shared/bus-util.h
index af5f133912..d9ce4263bb 100644
--- a/src/shared/bus-util.h
+++ b/src/shared/bus-util.h
@@ -50,9 +50,9 @@ struct bus_properties_map {
int bus_map_id128(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata);
-int bus_message_map_all_properties(sd_bus_message *m, const struct bus_properties_map *map, void *userdata);
-int bus_message_map_properties_changed(sd_bus_message *m, const struct bus_properties_map *map, void *userdata);
-int bus_map_all_properties(sd_bus *bus, const char *destination, const char *path, const struct bus_properties_map *map, void *userdata);
+int bus_message_map_all_properties(sd_bus_message *m, const struct bus_properties_map *map, sd_bus_error *error, void *userdata);
+int bus_message_map_properties_changed(sd_bus_message *m, const struct bus_properties_map *map, sd_bus_error *error, void *userdata);
+int bus_map_all_properties(sd_bus *bus, const char *destination, const char *path, const struct bus_properties_map *map, sd_bus_error *error, void *userdata);
int bus_async_unregister_and_exit(sd_event *e, sd_bus *bus, const char *name);
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 451669d9d5..84964f750f 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -948,17 +948,42 @@ int seccomp_protect_sysctl(void) {
}
int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
-
-#if !SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
uint32_t arch;
int r;
SECCOMP_FOREACH_LOCAL_ARCH(arch) {
_cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
+ bool supported;
Iterator i;
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
+ switch (arch) {
+
+ case SCMP_ARCH_X86_64:
+ case SCMP_ARCH_X32:
+ case SCMP_ARCH_ARM:
+ case SCMP_ARCH_AARCH64:
+ /* These we know we support (i.e. are the ones that do not use socketcall()) */
+ supported = true;
+ break;
+
+ case SCMP_ARCH_X86:
+ case SCMP_ARCH_S390:
+ case SCMP_ARCH_S390X:
+ case SCMP_ARCH_PPC:
+ case SCMP_ARCH_PPC64:
+ case SCMP_ARCH_PPC64LE:
+ default:
+ /* These we either know we don't support (i.e. are the ones that do use socketcall()), or we
+ * don't know */
+ supported = false;
+ break;
+ }
+
+ if (!supported)
+ continue;
+
r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW);
if (r < 0)
return r;
@@ -1078,7 +1103,6 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
if (r < 0)
log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
-#endif
return 0;
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-05-04 12:15:45 +0000