seccomp: fix multiplexed system calls
Since libseccomp 2.4.2 more architectures have shmat handled as multiplexed
call. Those will fail to be added due to seccomp_rule_add_exact failing
on them since they'd need to add multiple rules [1].
See the discussion at https://github.com/seccomp/libseccomp/issues/193
After discussions about the options rejected [2][3] the initial thought of
a fallback to the non '_exact' version of the seccomp rule adding the next
option is to handle those now affected (i386, s390, s390x) the same way as
ppc which ignores and does not block shmat.
[1]: https://github.com/seccomp/libseccomp/issues/193
[2]: https://github.com/systemd/systemd/pull/14167#issuecomment-
559136906
[3]: https://github.com/systemd/systemd/commit/
469830d1
(cherry picked from commit
bed4668d1daeb640c1d55e79e6a1725c81118e39)
projects / systemd / .git / commit