Certain operations don't make sense with multiple architectures so we disable them only when more than one architecture has been added to the given filter.
Signed-off-by: Paul Moore <[email protected]> --- 0 files changed diff --git a/src/api.c b/src/api.c index f698f54..7fe1a9a 100644 --- a/src/api.c +++ b/src/api.c @@ -261,6 +261,9 @@ static int _seccomp_rule_add(struct db_filter_col *col, if (action == col->attr.act_default) return -EPERM; + if (strict && col->filter_cnt > 1) + return -EOPNOTSUPP; + /* collect the arguments for the filter rule */ chain_len_max = ARG_COUNT_MAX; chain = malloc(sizeof(*chain) * chain_len_max); ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
