db: enable basic filter collection support

In order to support systems that can run applications from multiple
architectures we need to be able to support multiple filter DBs; were
calling this "filter collections".  This patch adds the basic
collection support such that it passes all of the existing tests;
further work may be necessary once we start using the multiple filter
capabilities.

Signed-off-by: Paul Moore <pmoore@redhat.com>

1 files changed, 10 insertions, 4 deletions

diff --git a/src/gen_bpf.c b/src/gen_bpf.c
index 9e2f809..2e8407e 100644
--- a/src/gen_bpf.c
+++ b/src/gen_bpf.c
@@ -1459,20 +1459,26 @@ build_bpf_free_blks:
 
 /**
  * Generate a BPF representation of the filter DB
- * @param db the seccomp filter DB
+ * @param col the seccomp filter collection
  *
- * This function generates a BPF representation of the given filter DB.
+ * This function generates a BPF representation of the given filter collection.
  * Returns a pointer to a valid bpf_program on success, NULL on failure.
  *
  */
-struct bpf_program *gen_bpf_generate(const struct db_filter *db)
+struct bpf_program *gen_bpf_generate(const struct db_filter_col *col)
 {
 	int rc;
+	struct db_filter *db;
 	struct bpf_state state;
 
+	/* NOTE: temporary until we fully support filter collections */
+	if (col->filter_cnt != 1 || col->filters[0]->arch != &arch_def_native)
+		return NULL;
+	db = col->filters[0];
+
 	memset(&state, 0, sizeof(state));
 	state.arch = db->arch;
-	state.attr = &db->attr;
+	state.attr = &col->attr;
 
 	state.bpf = malloc(sizeof(*(state.bpf)));
 	if (state.bpf == NULL)