[systemd-devel] [PATCH] nspawn: allow 32-bit chroots from 64-bit hosts
Dave Reisner
dreisner at archlinux.org
Tue Feb 18 11:44:14 PST 2014
Arch Linux uses nspawn as a container for building packages and needs
to be able to start a 32bit chroot from a 64bit host. 24fb11120756
disrupted this feature when seccomp handling was added.
---
Lennart suggested this approach, and it works nicely.
src/nspawn/nspawn.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 089af07..5a2467d 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1539,6 +1539,14 @@ static int audit_still_doesnt_work_in_containers(void) {
goto finish;
}
+#ifdef __x86_64__
+ r = seccomp_arch_add(seccomp, SCMP_ARCH_X86);
+ if (r < 0 && r != -EEXIST) {
+ log_error("Failed to add x86 to seccomp filter: %s", strerror(-r));
+ goto finish;
+ }
+#endif
+
r = seccomp_load(seccomp);
if (r < 0)
log_error("Failed to install seccomp audit filter: %s", strerror(-r));
--
1.9.0
More information about the systemd-devel
mailing list