nspawn: allow 32-bit chroots from 64-bit hosts

Arch Linux uses nspawn as a container for building packages and needs
to be able to start a 32bit chroot from a 64bit host. 24fb11120756
disrupted this feature when seccomp handling was added.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 089af078860bce50546cfb4ff5ac72893261bb3d..5a2467d6e2e7b302fd884b4f220ff65006929af2 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1539,6 +1539,14 @@ static int audit_still_doesnt_work_in_containers(void) {
                 goto finish;
         }
 
+#ifdef __x86_64__
+        r = seccomp_arch_add(seccomp, SCMP_ARCH_X86);
+        if (r < 0 && r != -EEXIST) {
+                log_error("Failed to add x86 to seccomp filter: %s", strerror(-r));
+                goto finish;
+        }
+#endif
+
         r = seccomp_load(seccomp);
         if (r < 0)
                 log_error("Failed to install seccomp audit filter: %s", strerror(-r));