arch: enable less strict filter rewrites

At present we fail if we can't completely preserve the caller's filter, while admirable, this does require some knowledge of the architecture to ensure you're adding a "correct" rule. In keeping with our goal of architecture independence, we want to add the ability to do "best effort" rewrites that preserve as much of the original filter rule as possible. Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2012-03-29 16:00:17 -0400
committer: Paul Moore <pmoore@redhat.com> 2012-03-29 16:00:17 -0400
commit: b46f1dc59558d1805ea1221497c5a8a8e36387cf (patch)
tree: 8694f5b12c154733d93742231879dd2d0dff86c1 /src/api.c
parent: 54b428bceef79e8b01d84d7b3660275b113d2ca5 (diff)
download: libseccomp-b46f1dc59558d1805ea1221497c5a8a8e36387cf.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/api.c b/src/api.c
index 78dd45e..8c43546 100644
--- a/src/api.c
+++ b/src/api.c
@@ -190,7 +190,7 @@ int seccomp_rule_add(uint32_t action, int syscall, unsigned int arg_cnt, ...)
 	/* if this is a pseudo syscall (syscall < 0) then we need to rewrite
 	 * the rule for some arch specific reason */
 	if (syscall < 0) {
-		rc = arch_filter_rewrite(filter->arch, &syscall, chain);
+		rc = arch_filter_rewrite(filter->arch, 1, &syscall, chain);
 		if (rc < 0)
 			goto rule_add_return;
 	}
author	Paul Moore <pmoore@redhat.com>	2012-03-29 16:00:17 -0400
committer	Paul Moore <pmoore@redhat.com>	2012-03-29 16:00:17 -0400
commit	b46f1dc59558d1805ea1221497c5a8a8e36387cf (patch)
tree	8694f5b12c154733d93742231879dd2d0dff86c1 /src/api.c
parent	54b428bceef79e8b01d84d7b3660275b113d2ca5 (diff)
download	libseccomp-b46f1dc59558d1805ea1221497c5a8a8e36387cf.tar.gz