diff options
author | Paul Moore <pmoore@redhat.com> | 2012-09-25 18:06:39 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2012-09-27 17:15:02 -0400 |
commit | 18f9aa8bb547b55d1eb53025b21cdd07194d4c06 (patch) | |
tree | b412dedb985d6b55ad0364232537bdc4712d39cc /src/api.c | |
parent | 6ebd717ad64d51eaca892026e937e6da866b0f94 (diff) | |
download | libseccomp-18f9aa8bb547b55d1eb53025b21cdd07194d4c06.tar.gz |
api: disable certain operations with multiple architectures
Certain operations don't make sense with multiple architectures so
we disable them only when more than one architecture has been added
to the given filter.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'src/api.c')
-rw-r--r-- | src/api.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -261,6 +261,9 @@ static int _seccomp_rule_add(struct db_filter_col *col, if (action == col->attr.act_default) return -EPERM; + if (strict && col->filter_cnt > 1) + return -EOPNOTSUPP; + /* collect the arguments for the filter rule */ chain_len_max = ARG_COUNT_MAX; chain = malloc(sizeof(*chain) * chain_len_max); |