From 214ac208491bbd8369d8c540e3571712d2e6665b Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 19 Jul 2022 14:58:32 +0200
Subject: protocol filter: add x32 ABI handling

---
 src/fseccomp/protocol.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c
index 25742c173..ea5cd5bd4 100644
--- a/src/fseccomp/protocol.c
+++ b/src/fseccomp/protocol.c
@@ -132,15 +132,18 @@ void protocol_build_filter(const char *prlist, const char *fname) {
 		EXAMINE_SYSCALL, // 1
 		// checking SYS_socket only: filtering SYS_socketcall not possible with seccomp
 		ONLY(359), // 1 + 2
-		BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 2), 0, 0), // 1 + 2 + 1
+		BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 3 + 2), 0, 0), // 1 + 2 + 1
 #else
 #warning 32 bit protocol filter not implemented yet for your architecture
 #endif
 		VALIDATE_ARCHITECTURE, // 3
 		EXAMINE_SYSCALL, // 3 + 1
-		ONLY(SYS_socket), // 3 + 1 + 2
+#if defined __x86_64__
+		HANDLE_X32, // 3 + 1 + 3
+#endif
+		ONLY(SYS_socket), // 3 + 1 (+ 3) + 2
 
-		EXAMINE_ARGUMENT(0) // 3 + 1 + 2 + 1
+		EXAMINE_ARGUMENT(0) // 3 + 1 (+ 3) + 2 + 1
 	};
 	memcpy(ptr, &filter_start[0], sizeof(filter_start));
 	ptr += sizeof(filter_start);
-- 
cgit v1.2.3-54-g00ecf