diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-21 17:21:04 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-24 20:05:09 +0200 |
commit | 000c05207d68658b76af9e1caf9aa3a4e3fa697b (patch) | |
tree | cfb07e7c6eac5b124319d02d4317662d6313e5fd /src/nspawn/nspawn-seccomp.c | |
parent | 752fedbea7c02c82287c7ff2a4139f528b3f7ba8 (diff) | |
download | systemd-000c05207d68658b76af9e1caf9aa3a4e3fa697b.tar.gz |
shared/seccomp-util: added functionality to make list of filtred syscalls
While at it, start removing the "seccomp_" prefix from our
own functions. It is used by libseccomp.
Diffstat (limited to 'src/nspawn/nspawn-seccomp.c')
-rw-r--r-- | src/nspawn/nspawn-seccomp.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c index 79110d90d5..5b0ba46594 100644 --- a/src/nspawn/nspawn-seccomp.c +++ b/src/nspawn/nspawn-seccomp.c @@ -146,13 +146,18 @@ static int seccomp_add_default_syscall_filter( if (allow_list[i].capability != 0 && (cap_list_retain & (1ULL << allow_list[i].capability)) == 0) continue; - r = seccomp_add_syscall_filter_item(ctx, allow_list[i].name, SCMP_ACT_ALLOW, syscall_deny_list, false); + r = seccomp_add_syscall_filter_item(ctx, + allow_list[i].name, + SCMP_ACT_ALLOW, + syscall_deny_list, + false, + NULL); if (r < 0) return log_error_errno(r, "Failed to add syscall filter item %s: %m", allow_list[i].name); } STRV_FOREACH(p, syscall_allow_list) { - r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_deny_list, true); + r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_deny_list, true, NULL); if (r < 0) log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", *p, seccomp_arch_to_string(arch)); |