api: disable certain operations with multiple architectures

Certain operations don't make sense with multiple architectures so we disable them only when more than one architecture has been added to the given filter. Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2012-09-25 18:06:39 -0400
committer: Paul Moore <pmoore@redhat.com> 2012-09-27 17:15:02 -0400
commit: 18f9aa8bb547b55d1eb53025b21cdd07194d4c06 (patch)
tree: b412dedb985d6b55ad0364232537bdc4712d39cc /src/api.c
parent: 6ebd717ad64d51eaca892026e937e6da866b0f94 (diff)
download: libseccomp-18f9aa8bb547b55d1eb53025b21cdd07194d4c06.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/api.c b/src/api.c
index f698f54..7fe1a9a 100644
--- a/src/api.c
+++ b/src/api.c
@@ -261,6 +261,9 @@ static int _seccomp_rule_add(struct db_filter_col *col,
 	if (action == col->attr.act_default)
 		return -EPERM;
 
+	if (strict && col->filter_cnt > 1)
+		return -EOPNOTSUPP;
+
 	/* collect the arguments for the filter rule */
 	chain_len_max = ARG_COUNT_MAX;
 	chain = malloc(sizeof(*chain) * chain_len_max);
author	Paul Moore <pmoore@redhat.com>	2012-09-25 18:06:39 -0400
committer	Paul Moore <pmoore@redhat.com>	2012-09-27 17:15:02 -0400
commit	18f9aa8bb547b55d1eb53025b21cdd07194d4c06 (patch)
tree	b412dedb985d6b55ad0364232537bdc4712d39cc /src/api.c
parent	6ebd717ad64d51eaca892026e937e6da866b0f94 (diff)
download	libseccomp-18f9aa8bb547b55d1eb53025b21cdd07194d4c06.tar.gz