From fbec5f832bf5871e97619f56a8dd511d379c9d05 Mon Sep 17 00:00:00 2001
From: Ruben Jenster <r.jenster@drachenfels.de>
Date: Tue, 13 Oct 2020 16:51:55 +0200
Subject: [PATCH] seccomp: Check if syscall is supported on compat
 architecture.

Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
---
 src/lxc/seccomp.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 06296f5d9..61b9954a8 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -531,6 +531,11 @@ static bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
 		return true;
 	}
 
+	if (arch != SCMP_ARCH_NATIVE && seccomp_syscall_resolve_name_arch(arch, line) < 0) {
+		INFO("The syscall \"%s\" nr:%d is not supported on compat arch:%d", line, nr, arch);
+		return true;
+	}
+
 	memset(&arg_cmp, 0, sizeof(arg_cmp));
 	for (i = 0; i < rule->args_num; i++) {
 		INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i,
-- 
2.47.2