X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;ds=sidebyside;f=src%2Fnspawn%2Fnspawn.c;h=54f71877542538507a571068348473e0f22fc399;hb=e9642be2cce7f5e90406980092a6f71f504a16af;hp=01e8611e86651d8943c9e2296af91dfd23650f1a;hpb=32457153f4026ff2bcc73d82d5ad7a09a0169791;p=elogind.git

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 01e8611e8..54f718775 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -79,6 +79,10 @@
 #include "rtnl-util.h"
 #include "udev-util.h"
 
+#ifdef HAVE_SECCOMP
+#include "seccomp-util.h"
+#endif
+
 typedef enum LinkJournal {
         LINK_NO,
         LINK_AUTO,
@@ -1303,7 +1307,7 @@ static int setup_veth(pid_t pid, char iface_name[]) {
                 return r;
         }
 
-        r = sd_rtnl_message_new_link(RTM_NEWLINK, 0, &m);
+        r = sd_rtnl_message_new_link(rtnl, RTM_NEWLINK, 0, &m);
         if (r < 0) {
                 log_error("Failed to allocate netlink message: %s", strerror(-r));
                 return r;
@@ -1404,7 +1408,7 @@ static int setup_bridge(const char veth_name[]) {
                 return r;
         }
 
-        r = sd_rtnl_message_new_link(RTM_SETLINK, 0, &m);
+        r = sd_rtnl_message_new_link(rtnl, RTM_SETLINK, 0, &m);
         if (r < 0) {
                 log_error("Failed to allocate netlink message: %s", strerror(-r));
                 return r;
@@ -1479,7 +1483,7 @@ static int move_network_interfaces(pid_t pid) {
                         return -EBUSY;
                 }
 
-                r = sd_rtnl_message_new_link(RTM_NEWLINK, ifi, &m);
+                r = sd_rtnl_message_new_link(rtnl, RTM_NEWLINK, ifi, &m);
                 if (r < 0) {
                         log_error("Failed to allocate netlink message: %s", strerror(-r));
                         return r;
@@ -1521,6 +1525,12 @@ static int audit_still_doesnt_work_in_containers(void) {
         if (!seccomp)
                 return log_oom();
 
+        r = seccomp_add_secondary_archs(seccomp);
+        if (r < 0 && r != -EEXIST) {
+                log_error("Failed to add secondary archs to seccomp filter: %s", strerror(-r));
+                goto finish;
+        }
+
         r = seccomp_rule_add_exact(
                         seccomp,
                         SCMP_ACT_ERRNO(EAFNOSUPPORT),
@@ -1554,7 +1564,7 @@ finish:
 
 int main(int argc, char *argv[]) {
 
-        _cleanup_close_ int master = -1, kdbus_fd = -1, sync_fd = -1, netns_fd = -1;
+        _cleanup_close_ int master = -1, kdbus_fd = -1, sync_fd = -1;
         _cleanup_close_pipe_ int kmsg_socket_pair[2] = { -1, -1 };
         _cleanup_free_ char *kdbus_domain = NULL;
         _cleanup_fdset_free_ FDSet *fds = NULL;