Certain operations don't make sense with multiple architectures so we disable them only when more than one architecture has been added to the given filter.
Signed-off-by: Paul Moore <[email protected]> --- src/api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/api.c b/src/api.c index f698f54..7fe1a9a 100644 --- a/src/api.c +++ b/src/api.c @@ -261,6 +261,9 @@ static int _seccomp_rule_add(struct db_filter_col *col, if (action == col->attr.act_default) return -EPERM; + if (strict && col->filter_cnt > 1) + return -EOPNOTSUPP; + /* collect the arguments for the filter rule */ chain_len_max = ARG_COUNT_MAX; chain = malloc(sizeof(*chain) * chain_len_max); ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
