diff options
| -rw-r--r-- | src/shared/seccomp-util.c | 6 | ||||
| -rw-r--r-- | src/test/test-seccomp.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 98c5635803..114f9fbca9 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1331,9 +1331,6 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) { case SCMP_ARCH_X32: case SCMP_ARCH_ARM: case SCMP_ARCH_AARCH64: - case SCMP_ARCH_PPC: - case SCMP_ARCH_PPC64: - case SCMP_ARCH_PPC64LE: case SCMP_ARCH_MIPSEL64N32: case SCMP_ARCH_MIPS64N32: case SCMP_ARCH_MIPSEL64: @@ -1347,6 +1344,9 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) { case SCMP_ARCH_X86: case SCMP_ARCH_MIPSEL: case SCMP_ARCH_MIPS: + case SCMP_ARCH_PPC: + case SCMP_ARCH_PPC64: + case SCMP_ARCH_PPC64LE: default: /* These we either know we don't support (i.e. are the ones that do use socketcall()), or we * don't know */ diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index eeb547a8b8..b685c2df01 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -30,7 +30,7 @@ #include "virt.h" /* __NR_socket may be invalid due to libseccomp */ -#if !defined(__NR_socket) || __NR_socket < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) +#if !defined(__NR_socket) || __NR_socket < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__) || defined(__powerpc__) /* On these archs, socket() is implemented via the socketcall() syscall multiplexer, * and we can't restrict it hence via seccomp. */ # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 |