From e9642be2cce7f5e90406980092a6f71f504a16af Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 18 Feb 2014 22:14:00 +0100
Subject: seccomp: add helper call to add all secondary archs to a seccomp
 filter

And make use of it where appropriate for executing services and for
nspawn.
---
 src/shared/seccomp-util.c | 26 ++++++++++++++++++++++++++
 src/shared/seccomp-util.h |  2 ++
 2 files changed, 28 insertions(+)

(limited to 'src/shared')

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index ee39cc7c1d..d73a74912e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -61,3 +61,29 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
 
         return 0;
 }
+
+int seccomp_add_secondary_archs(scmp_filter_ctx *c) {
+
+#if defined(__i386__) || defined(__x86_64__)
+        int r;
+
+        /* Add in all possible secondary archs we are aware of that
+         * this kernel might support. */
+
+        r = seccomp_arch_add(c, SCMP_ARCH_X86);
+        if (r < 0 && r != -EEXIST)
+                return r;
+
+        r = seccomp_arch_add(c, SCMP_ARCH_X86_64);
+        if (r < 0 && r != -EEXIST)
+                return r;
+
+        r = seccomp_arch_add(c, SCMP_ARCH_X32);
+        if (r < 0 && r != -EEXIST)
+                return r;
+
+#endif
+
+        return 0;
+
+}
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 6b63902f5d..9a51a85b49 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -24,3 +24,5 @@
 
 const char* seccomp_arch_to_string(uint32_t c);
 int seccomp_arch_from_string(const char *n, uint32_t *ret);
+
+int seccomp_add_secondary_archs(scmp_filter_ctx *c);
-- 
cgit v1.2.3-54-g00ecf