From f9a3d8e2f3063beb07d72a931c75794786280b3e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 29 Apr 2019 12:04:55 +0200
Subject: [PATCH] nspawn: expose the new seccomp actions in the OCI logic

---
 src/nspawn/nspawn-oci.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c
index 97323f31dd..b00ff289a6 100644
--- a/src/nspawn/nspawn-oci.c
+++ b/src/nspawn/nspawn-oci.c
@@ -1656,13 +1656,19 @@ static int oci_seccomp_action_from_string(const char *name, uint32_t *ret) {
                 const char *name;
                 uint32_t action;
         } table[] = {
-                { "SCMP_ACT_ALLOW", SCMP_ACT_ALLOW        },
-                { "SCMP_ACT_ERRNO", SCMP_ACT_ERRNO(EPERM) }, /* the OCI spec doesn't document the error, but it appears EPERM is supposed to be used */
-                { "SCMP_ACT_KILL",  SCMP_ACT_KILL         },
-#ifdef SCMP_ACT_LOG
-                { "SCMP_ACT_LOG",   SCMP_ACT_LOG          },
+                { "SCMP_ACT_ALLOW",         SCMP_ACT_ALLOW        },
+                { "SCMP_ACT_ERRNO",         SCMP_ACT_ERRNO(EPERM) }, /* the OCI spec doesn't document the error, but it appears EPERM is supposed to be used */
+                { "SCMP_ACT_KILL",          SCMP_ACT_KILL         },
+#ifdef SCMP_ACT_KILL_PROCESS
+                { "SCMP_ACT_KILL_PROCESS",  SCMP_ACT_KILL_PROCESS },
 #endif
-                { "SCMP_ACT_TRAP",  SCMP_ACT_TRAP         },
+#ifdef SCMP_ACT_KILL_THREAD
+                { "SCMP_ACT_KILL_THREAD",   SCMP_ACT_KILL_THREAD  },
+#endif
+#ifdef SCMP_ACT_LOG
+                { "SCMP_ACT_LOG",           SCMP_ACT_LOG          },
+#endif
+                { "SCMP_ACT_TRAP",          SCMP_ACT_TRAP         },
 
                 /* We don't support SCMP_ACT_TRACE because that requires a tracer, and that doesn't really make sense
                  * here */