From a3dc1e65abe29f9d0528d3b5ea45812f4dcd63ed Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 4 Jul 2017 19:00:51 +0200
Subject: [PATCH] Add X32 to the seccomp filter

Fixes #1432.
---
 src/libstore/build.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 355fb3b7d..60b0a531f 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2317,6 +2317,10 @@ void setupSeccomp()
         seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
         throw SysError("unable to add 32-bit seccomp architecture");
 
+    if (settings.thisSystem == "x86_64-linux" &&
+        seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
+        throw SysError("unable to add X32 seccomp architecture");
+
     /* Prevent builders from creating setuid/setgid binaries. */
     for (int perm : { S_ISUID, S_ISGID }) {
         if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,
-- 
GitLab