diff options
author | Paul Moore <pmoore@redhat.com> | 2012-03-29 16:00:17 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2012-03-29 16:00:17 -0400 |
commit | b46f1dc59558d1805ea1221497c5a8a8e36387cf (patch) | |
tree | 8694f5b12c154733d93742231879dd2d0dff86c1 /src/api.c | |
parent | 54b428bceef79e8b01d84d7b3660275b113d2ca5 (diff) | |
download | libseccomp-b46f1dc59558d1805ea1221497c5a8a8e36387cf.tar.gz |
arch: enable less strict filter rewrites
At present we fail if we can't completely preserve the caller's
filter, while admirable, this does require some knowledge of the
architecture to ensure you're adding a "correct" rule.
In keeping with our goal of architecture independence, we want to
add the ability to do "best effort" rewrites that preserve as much
of the original filter rule as possible.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'src/api.c')
-rw-r--r-- | src/api.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -190,7 +190,7 @@ int seccomp_rule_add(uint32_t action, int syscall, unsigned int arg_cnt, ...) /* if this is a pseudo syscall (syscall < 0) then we need to rewrite * the rule for some arch specific reason */ if (syscall < 0) { - rc = arch_filter_rewrite(filter->arch, &syscall, chain); + rc = arch_filter_rewrite(filter->arch, 1, &syscall, chain); if (rc < 0) goto rule_add_return; } |