Improve seccomp printing

author: Topi Miettinen <toiwoton@gmail.com> 2017-07-28 13:50:10 +0300
committer: Topi Miettinen <toiwoton@gmail.com> 2017-07-28 14:06:30 +0300
commit: 9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0 (patch)
tree: b060bcf0ef7da262225c2cdf3812b58e6005ecf9 /src/fseccomp/seccomp_file.c
parent: network testing (diff)
download: firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.tar.gz
firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.tar.zst
firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.zip
1 files changed, 3 insertions, 10 deletions
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c
index c1e8d406f..c74de9faf 100644
--- a/src/fseccomp/seccomp_file.c
+++ b/src/fseccomp/seccomp_file.c
@@ -37,22 +37,15 @@ static void write_to_file(int fd, void *data, int size) {
 }
 void filter_init(int fd) {
-#if defined(__x86_64__)
-#define X32_SYSCALL_BIT 0x40000000
        struct sock_filter filter[] = {
                VALIDATE_ARCHITECTURE,
+#if defined(__x86_64__)
                EXAMINE_SYSCALL,
-                // handle X32 ABI
+                HANDLE_X32
-                BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0),
-                BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0),
-                RETURN_ERRNO(EPERM)
-        };
 #else
-        struct sock_filter filter[] = {
-                VALIDATE_ARCHITECTURE,
                EXAMINE_SYSCALL
-        };
 #endif
+        };
 #if 0
 {
author	Topi Miettinen <toiwoton@gmail.com>	2017-07-28 13:50:10 +0300
committer	Topi Miettinen <toiwoton@gmail.com>	2017-07-28 14:06:30 +0300
commit	9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0 (patch)
tree	b060bcf0ef7da262225c2cdf3812b58e6005ecf9 /src/fseccomp/seccomp_file.c
parent	network testing (diff)
download	firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.tar.gz firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.tar.zst firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.zip