]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 104fc4b) | patch
seccomp: don't install filters for archs that can't use syscalls
authorGreg Depoire--Ferrer <greg.depoire@gmail.com>
Wed, 28 Oct 2020 23:51:30 +0000 (00:51 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 10 Dec 2020 15:13:02 +0000 (16:13 +0100)
commit6597686865ffcba7450b44814618b94321cfa3cf
treefacc7785d20b1f8ce5fb8ddc0d9ef479d042f1e0tree | snapshot
parent104fc4be11e4429edcb81d39c2299433b71c54f6commit | diff
seccomp: don't install filters for archs that can't use syscalls

When seccomp_restrict_archs is called, architectures that are blocked
are replaced by the SECCOMP_LOCAL_ARCH_BLOCKED marker so that they are
not disabled again and filters are not installed for them.

This can make some service that use SystemCallArchitecture= and
SystemCallFilter= start faster.
TODO diff | blob | blame | history
src/shared/seccomp-util.c diff | blob | blame | history
src/shared/seccomp-util.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.