diff options
Diffstat (limited to 'src/fseccomp/seccomp_file.c')
-rw-r--r-- | src/fseccomp/seccomp_file.c | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c index c1e8d406f..c74de9faf 100644 --- a/src/fseccomp/seccomp_file.c +++ b/src/fseccomp/seccomp_file.c | |||
@@ -37,22 +37,15 @@ static void write_to_file(int fd, void *data, int size) { | |||
37 | } | 37 | } |
38 | 38 | ||
39 | void filter_init(int fd) { | 39 | void filter_init(int fd) { |
40 | #if defined(__x86_64__) | ||
41 | #define X32_SYSCALL_BIT 0x40000000 | ||
42 | struct sock_filter filter[] = { | 40 | struct sock_filter filter[] = { |
43 | VALIDATE_ARCHITECTURE, | 41 | VALIDATE_ARCHITECTURE, |
42 | #if defined(__x86_64__) | ||
44 | EXAMINE_SYSCALL, | 43 | EXAMINE_SYSCALL, |
45 | // handle X32 ABI | 44 | HANDLE_X32 |
46 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), | ||
47 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), | ||
48 | RETURN_ERRNO(EPERM) | ||
49 | }; | ||
50 | #else | 45 | #else |
51 | struct sock_filter filter[] = { | ||
52 | VALIDATE_ARCHITECTURE, | ||
53 | EXAMINE_SYSCALL | 46 | EXAMINE_SYSCALL |
54 | }; | ||
55 | #endif | 47 | #endif |
48 | }; | ||
56 | 49 | ||
57 | #if 0 | 50 | #if 0 |
58 | { | 51 | { |