the specified flags parameters into account. Note that — if this option is used — in addition to restricting
creation and switching of the specified types of namespaces (or all of them, if true) access to the
<function>setns()</function> system call with a zero flags parameter is prohibited. This setting is only
- supported on x86, x86-64, s390 and s390x, and enforces no restrictions on other architectures. If running in user
+ supported on x86, x86-64, mips, mips-le, mips64, mips64-le, mips64-n32, mips64-le-n32, ppc64, ppc64-le,
+ s390 and s390x, and enforces no restrictions on other architectures. If running in user
mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
<varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied. </para></listitem>
</varlistentry>
case SCMP_ARCH_X32:
case SCMP_ARCH_PPC64:
case SCMP_ARCH_PPC64LE:
+ case SCMP_ARCH_MIPS:
+ case SCMP_ARCH_MIPSEL:
+ case SCMP_ARCH_MIPS64:
+ case SCMP_ARCH_MIPSEL64:
+ case SCMP_ARCH_MIPS64N32:
+ case SCMP_ARCH_MIPSEL64N32:
clone_reversed_order = 0;
break;
#endif
/* we don't know the right order of the clone() parameters except for these archs, for now */
-#if defined(__x86_64__) || defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__)
+#if defined(__x86_64__) || defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__) || defined(__mips__)
#define SECCOMP_RESTRICT_NAMESPACES_BROKEN 0
#else
#define SECCOMP_RESTRICT_NAMESPACES_BROKEN 1
projects / platform / upstream / systemd.git / commitdiff