From: Ruben Jenster <r.jenster@drachenfels.de>
Date: Tue, 13 Oct 2020 14:51:55 +0000 (+0200)
Subject: seccomp: Check if syscall is supported on compat architecture.
X-Git-Tag: lxc-5.0.0~356^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbec5f832bf5871e97619f56a8dd511d379c9d05;p=thirdparty%2Flxc.git

seccomp: Check if syscall is supported on compat architecture.

Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 06296f5d9..61b9954a8 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -531,6 +531,11 @@ static bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
 		return true;
 	}
 
+	if (arch != SCMP_ARCH_NATIVE && seccomp_syscall_resolve_name_arch(arch, line) < 0) {
+		INFO("The syscall \"%s\" nr:%d is not supported on compat arch:%d", line, nr, arch);
+		return true;
+	}
+
 	memset(&arg_cmp, 0, sizeof(arg_cmp));
 	for (i = 0; i < rule->args_num; i++) {
 		INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i,