mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 06:25:37 +03:00
core: enforce seccomp for secondary archs too, for all rules
Let's make sure that all our rules apply to all archs the local kernel supports.
This commit is contained in:
parent
6c1e2427df
commit
72246c2a65
@ -1273,6 +1273,10 @@ static int apply_memory_deny_write_execute(const Unit* u, const ExecContext *c)
|
|||||||
if (!seccomp)
|
if (!seccomp)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
r = seccomp_add_secondary_archs(seccomp);
|
||||||
|
if (r < 0)
|
||||||
|
goto finish;
|
||||||
|
|
||||||
r = seccomp_rule_add(
|
r = seccomp_rule_add(
|
||||||
seccomp,
|
seccomp,
|
||||||
SCMP_ACT_ERRNO(EPERM),
|
SCMP_ACT_ERRNO(EPERM),
|
||||||
@ -1322,6 +1326,10 @@ static int apply_restrict_realtime(const Unit* u, const ExecContext *c) {
|
|||||||
if (!seccomp)
|
if (!seccomp)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
r = seccomp_add_secondary_archs(seccomp);
|
||||||
|
if (r < 0)
|
||||||
|
goto finish;
|
||||||
|
|
||||||
/* Determine the highest policy constant we want to allow */
|
/* Determine the highest policy constant we want to allow */
|
||||||
for (i = 0; i < ELEMENTSOF(permitted_policies); i++)
|
for (i = 0; i < ELEMENTSOF(permitted_policies); i++)
|
||||||
if (permitted_policies[i] > max_policy)
|
if (permitted_policies[i] > max_policy)
|
||||||
|
Loading…
Reference in New Issue
Block a user