From: Dave Reisner <dreisner@archlinux.org>
Date: Tue, 18 Feb 2014 19:44:14 +0000 (-0500)
Subject: nspawn: allow 32-bit chroots from 64-bit hosts
X-Git-Tag: v209~54
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=f3d5485b805de60ee71810eeb58e82d44ce24fe1;hp=4b462d1a28461b302586b117736ef288fba1012f

nspawn: allow 32-bit chroots from 64-bit hosts

Arch Linux uses nspawn as a container for building packages and needs
to be able to start a 32bit chroot from a 64bit host. 24fb11120756
disrupted this feature when seccomp handling was added.
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 089af0788..5a2467d6e 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1539,6 +1539,14 @@ static int audit_still_doesnt_work_in_containers(void) {
                 goto finish;
         }
 
+#ifdef __x86_64__
+        r = seccomp_arch_add(seccomp, SCMP_ARCH_X86);
+        if (r < 0 && r != -EEXIST) {
+                log_error("Failed to add x86 to seccomp filter: %s", strerror(-r));
+                goto finish;
+        }
+#endif
+
         r = seccomp_load(seccomp);
         if (r < 0)
                 log_error("Failed to install seccomp audit filter: %s", strerror(-r));