Commit 65976868 authored Oct 29, 2020 by Greg Depoire--Ferrer Committed by Lennart Poettering Dec 10, 2020

seccomp: don't install filters for archs that can't use syscalls

When seccomp_restrict_archs is called, architectures that are blocked
are replaced by the SECCOMP_LOCAL_ARCH_BLOCKED marker so that they are
not disabled again and filters are not installed for them.

This can make some service that use SystemCallArchitecture= and
SystemCallFilter= start faster.

parent 104fc4be

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 7b746ce0
· Oct 13, 2021

mentioned in commit 7b746ce0

mentioned in commit 7b746ce0addd94e7bdf08f995c174a6e232ed5fc

Toggle commit list
mirror @mirror
mentioned in commit ba8bce7b
· Oct 13, 2021

mentioned in commit ba8bce7b

mentioned in commit ba8bce7b562f9ef83a4de697eae2f97cf1806e3d

Toggle commit list

Please register or to comment