From ad8f1479b46c72d103b7f4f7b8ff4f59f7455285 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 3 Feb 2017 18:31:05 +0100
Subject: seccomp: RestrictAddressFamilies= is not supported on
 i386/s390/s390x, make it a NOP

See: #5215
---
 src/shared/seccomp-util.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/shared/seccomp-util.c')

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index bd9c0aac60..609e0619af 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -873,6 +873,8 @@ int seccomp_protect_sysctl(void) {
 }
 
 int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
+
+#if !SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
         uint32_t arch;
         int r;
 
@@ -1001,6 +1003,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
                 if (r < 0)
                         log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
         }
+#endif
 
         return 0;
 }
-- 
cgit v1.2.3-54-g00ecf