From 17df7223be064b1542dbe868e3b35cca977ee639 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 12 Feb 2014 18:28:21 +0100
Subject: core: rework syscall filter

- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.
---
 src/core/execute.h | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'src/core/execute.h')

diff --git a/src/core/execute.h b/src/core/execute.h
index b2d70d7d86..baf430a047 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -167,12 +167,9 @@ struct ExecContext {
          * don't enter a trigger loop. */
         bool same_pgrp;
 
-#ifdef HAVE_SECCOMP
-        scmp_filter_ctx syscall_filter;
-        Set *filtered_syscalls;
-        uint32_t syscall_filter_default_action;
-#endif
-        char *syscall_filter_string;
+        Set *syscall_filter;
+        int syscall_errno;
+        bool syscall_whitelist:1;
 
         bool oom_score_adjust_set:1;
         bool nice_set:1;
-- 
cgit v1.2.3-54-g00ecf