aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/build.cc
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-07-04 19:00:51 +0200
committerEelco Dolstra <edolstra@gmail.com>2017-07-04 19:00:51 +0200
commita3dc1e65abe29f9d0528d3b5ea45812f4dcd63ed (patch)
tree2311e530fce0677bdb119809a54f180c06fd65f8 /src/libstore/build.cc
parent42c5774e78a9f1422dee9c35adb9c056aa994d3b (diff)
Add X32 to the seccomp filter
Fixes #1432.
Diffstat (limited to 'src/libstore/build.cc')
-rw-r--r--src/libstore/build.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 355fb3b7d..60b0a531f 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2317,6 +2317,10 @@ void setupSeccomp()
seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
throw SysError("unable to add 32-bit seccomp architecture");
+ if (settings.thisSystem == "x86_64-linux" &&
+ seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
+ throw SysError("unable to add X32 seccomp architecture");
+
/* Prevent builders from creating setuid/setgid binaries. */
for (int perm : { S_ISUID, S_ISGID }) {
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,