From e9642be2cce7f5e90406980092a6f71f504a16af Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 18 Feb 2014 22:14:00 +0100
Subject: seccomp: add helper call to add all secondary archs to a seccomp
 filter

And make use of it where appropriate for executing services and for
nspawn.
---
 src/shared/seccomp-util.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'src/shared/seccomp-util.c')

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index ee39cc7c1d..d73a74912e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -61,3 +61,29 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
 
         return 0;
 }
+
+int seccomp_add_secondary_archs(scmp_filter_ctx *c) {
+
+#if defined(__i386__) || defined(__x86_64__)
+        int r;
+
+        /* Add in all possible secondary archs we are aware of that
+         * this kernel might support. */
+
+        r = seccomp_arch_add(c, SCMP_ARCH_X86);
+        if (r < 0 && r != -EEXIST)
+                return r;
+
+        r = seccomp_arch_add(c, SCMP_ARCH_X86_64);
+        if (r < 0 && r != -EEXIST)
+                return r;
+
+        r = seccomp_arch_add(c, SCMP_ARCH_X32);
+        if (r < 0 && r != -EEXIST)
+                return r;
+
+#endif
+
+        return 0;
+
+}
-- 
cgit v1.2.3-54-g00ecf