From f3d5485b805de60ee71810eeb58e82d44ce24fe1 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Tue, 18 Feb 2014 14:44:14 -0500 Subject: [PATCH] nspawn: allow 32-bit chroots from 64-bit hosts Arch Linux uses nspawn as a container for building packages and needs to be able to start a 32bit chroot from a 64bit host. 24fb11120756 disrupted this feature when seccomp handling was added. --- src/nspawn/nspawn.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 089af0788..5a2467d6e 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1539,6 +1539,14 @@ static int audit_still_doesnt_work_in_containers(void) { goto finish; } +#ifdef __x86_64__ + r = seccomp_arch_add(seccomp, SCMP_ARCH_X86); + if (r < 0 && r != -EEXIST) { + log_error("Failed to add x86 to seccomp filter: %s", strerror(-r)); + goto finish; + } +#endif + r = seccomp_load(seccomp); if (r < 0) log_error("Failed to install seccomp audit filter: %s", strerror(-r)); -- 2.30.2