1 files changed, 9 insertions, 0 deletions
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index ced1ed2e3..b1a19a9b6 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -115,6 +115,15 @@ struct seccomp_data {
     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \
     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
+#if defined(__x86_64__)
+// handle X32 ABI
+#define X32_SYSCALL_BIT 0x40000000
+#define HANDLE_X32 \
+                BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \
+                BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \
+                RETURN_ERRNO(EPERM)
+#endif
 #define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS,  \
                 (offsetof(struct seccomp_data, nr)))

diff --git a/src/include/seccomp.h b/src/include/seccomp.h index ced1ed2e3..b1a19a9b6 100644 --- a/src/include/seccomp.h +++ b/src/include/seccomp.h
@@ -115,6 +115,15 @@ struct seccomp_data {
115	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \	115	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \
116	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)	116	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
117		117
		118	#if defined(__x86_64__)
		119	// handle X32 ABI
		120	#define X32_SYSCALL_BIT 0x40000000
		121	#define HANDLE_X32 \
		122	BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \
		123	BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \
		124	RETURN_ERRNO(EPERM)
		125	#endif
		126
118	#define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \	127	#define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
119	(offsetof(struct seccomp_data, nr)))	128	(offsetof(struct seccomp_data, nr)))
120		129