summaryrefslogtreecommitdiff
path: root/src/shared/seccomp-util.c
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2022-09-30 15:02:18 +0200
committerChristian Brauner (Microsoft) <brauner@kernel.org>2022-10-04 18:51:04 +0200
commit241b15779be7621db5ea20a9c5611c6c8082afd9 (patch)
tree829864bcf45460ab05961bdb396dde95d6503870 /src/shared/seccomp-util.c
parentc3b9c418c0e688892284aa83fefaea313fdabccc (diff)
downloadsystemd-241b15779be7621db5ea20a9c5611c6c8082afd9.tar.gz
nsflags: replace namespace_flag_map with general namespace_info introduced earlier
Diffstat (limited to 'src/shared/seccomp-util.c')
-rw-r--r--src/shared/seccomp-util.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index cd0915e2b2..52ee315dda 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -18,6 +18,7 @@
#include "env-util.h"
#include "errno-list.h"
#include "macro.h"
+#include "namespace-util.h"
#include "nsflags.h"
#include "nulstr-util.h"
#include "process-util.h"
@@ -1289,16 +1290,16 @@ int seccomp_restrict_namespaces(unsigned long retain) {
continue;
}
- for (unsigned i = 0; namespace_flag_map[i].name; i++) {
+ for (unsigned i = 0; namespace_info[i].proc_name; i++) {
unsigned long f;
- f = namespace_flag_map[i].flag;
+ f = namespace_info[i].clone_flag;
if (FLAGS_SET(retain, f)) {
- log_debug("Permitting %s.", namespace_flag_map[i].name);
+ log_debug("Permitting %s.", namespace_info[i].proc_name);
continue;
}
- log_debug("Blocking %s.", namespace_flag_map[i].name);
+ log_debug("Blocking %s.", namespace_info[i].proc_name);
r = seccomp_rule_add_exact(
seccomp,
View Lorry Controller Status