Lines Matching refs:arch
204 int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_action) { in seccomp_init_for_arch() argument
215 if (arch != SCMP_ARCH_NATIVE && in seccomp_init_for_arch()
216 arch != seccomp_arch_native()) { in seccomp_init_for_arch()
222 r = seccomp_arch_add(seccomp, arch); in seccomp_init_for_arch()
226 assert(seccomp_arch_exist(seccomp, arch) >= 0); in seccomp_init_for_arch()
1040 uint32_t arch; in seccomp_load_syscall_filter_set() local
1048 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_load_syscall_filter_set()
1051 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_load_syscall_filter_set()
1053 r = seccomp_init_for_arch(&seccomp, arch, default_action); in seccomp_load_syscall_filter_set()
1065 …r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_load_syscall_filter_set()
1072 uint32_t arch; in seccomp_load_syscall_filter_set_raw() local
1081 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_load_syscall_filter_set_raw()
1085 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_load_syscall_filter_set_raw()
1087 r = seccomp_init_for_arch(&seccomp, arch, default_action); in seccomp_load_syscall_filter_set_raw()
1127 seccomp_arch_to_string(arch)); in seccomp_load_syscall_filter_set_raw()
1210 uint32_t arch; in seccomp_restrict_namespaces() local
1224 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_restrict_namespaces()
1227 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1229 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_restrict_namespaces()
1246 …(r, "Failed to add clone3() rule for architecture %s, ignoring: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1266 …o(r, "Failed to add setns() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1288 …r, "Failed to add unshare() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1293 if (!IN_SET(arch, SCMP_ARCH_S390, SCMP_ARCH_S390X)) in seccomp_restrict_namespaces()
1308 …o(r, "Failed to add clone() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1320 …o(r, "Failed to add setns() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1332 …tall namespace restriction rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_namespaces()
1339 uint32_t arch; in seccomp_protect_sysctl() local
1342 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_protect_sysctl()
1345 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_protect_sysctl()
1347 if (IN_SET(arch, in seccomp_protect_sysctl()
1357 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_protect_sysctl()
1367 …r, "Failed to add _sysctl() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_protect_sysctl()
1375 … install sysctl protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_protect_sysctl()
1382 uint32_t arch; in seccomp_protect_syslog() local
1385 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_protect_syslog()
1388 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_protect_syslog()
1399 …o(r, "Failed to add syslog() rule for architecture %s, skipping %m", seccomp_arch_to_string(arch)); in seccomp_protect_syslog()
1407 …o install syslog protection rules for architecture %s, skipping %m", seccomp_arch_to_string(arch)); in seccomp_protect_syslog()
1414 uint32_t arch; in seccomp_restrict_address_families() local
1417 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_restrict_address_families()
1421 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1423 switch (arch) { in seccomp_restrict_address_families()
1458 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_restrict_address_families()
1494 …(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1508 …(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1520 …(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1540 …(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1562 …(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1571 …d to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_address_families()
1585 uint32_t arch; in seccomp_restrict_realtime() local
1593 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_restrict_realtime()
1597 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_restrict_realtime()
1599 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_restrict_realtime()
1626 …r, "Failed to add scheduler rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_realtime()
1640 …r, "Failed to add scheduler rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_realtime()
1648 …nstall realtime protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_realtime()
1655 uint32_t arch, in add_seccomp_syscall_filter() argument
1665 n = seccomp_syscall_resolve_num_arch(arch, nr); in add_seccomp_syscall_filter()
1668 seccomp_arch_to_string(arch)); in add_seccomp_syscall_filter()
1682 uint32_t arch; in seccomp_memory_deny_write_execute() local
1685 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_memory_deny_write_execute()
1689 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); in seccomp_memory_deny_write_execute()
1691 switch (arch) { in seccomp_memory_deny_write_execute()
1738 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_memory_deny_write_execute()
1742 r = add_seccomp_syscall_filter(seccomp, arch, filter_syscall, in seccomp_memory_deny_write_execute()
1749 … r = add_seccomp_syscall_filter(seccomp, arch, block_syscall, 0, (const struct scmp_arg_cmp){} ); in seccomp_memory_deny_write_execute()
1754 r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(mprotect), in seccomp_memory_deny_write_execute()
1760 r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect), in seccomp_memory_deny_write_execute()
1767 r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall, in seccomp_memory_deny_write_execute()
1779 seccomp_arch_to_string(arch)); in seccomp_memory_deny_write_execute()
1809 uint32_t arch = seccomp_local_archs[i]; in seccomp_restrict_archs() local
1812 if (arch == seccomp_arch_native()) in seccomp_restrict_archs()
1816 if (arch == SECCOMP_LOCAL_ARCH_BLOCKED) in seccomp_restrict_archs()
1819 bool block = !set_contains(archs, UINT32_TO_PTR(arch + 1)); in seccomp_restrict_archs()
1825 if (block && arch == SCMP_ARCH_X86_64 && seccomp_arch_native() == SCMP_ARCH_X32) in seccomp_restrict_archs()
1832 r = seccomp_arch_add(seccomp, arch); in seccomp_restrict_archs()
1919 uint32_t arch; in seccomp_lock_personality() local
1925 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_lock_personality()
1928 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_lock_personality()
1939 …r, "Failed to add scheduler rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_lock_personality()
1947 …ailed to enable personality lock for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_lock_personality()
1954 uint32_t arch; in seccomp_protect_hostname() local
1957 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_protect_hostname()
1960 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_protect_hostname()
1970 …Failed to add sethostname() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_protect_hostname()
1980 …iled to add setdomainname() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_protect_hostname()
1988 …d to apply hostname restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_protect_hostname()
2141 uint32_t arch; in seccomp_restrict_suid_sgid() local
2144 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_restrict_suid_sgid()
2147 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_restrict_suid_sgid()
2153 …rrno(r, "Failed to add suid rule for architecture %s, ignoring: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_suid_sgid()
2157 …rrno(r, "Failed to add sgid rule for architecture %s, ignoring: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_suid_sgid()
2166 … to apply suid/sgid restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_restrict_suid_sgid()
2271 uint32_t arch; in seccomp_suppress_sync() local
2277 SECCOMP_FOREACH_LOCAL_ARCH(arch) { in seccomp_suppress_sync()
2281 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); in seccomp_suppress_sync()
2312 …iled to apply sync() suppression for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); in seccomp_suppress_sync()