proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 12:37:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

seccomp: handle all errors

Browse Source 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2018-04-13 18:00:23 +02:00
parent 2c80e9cf15
commit adfee3a873
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/lxc/seccomp.c
View File

@ -371,20 +371,34 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_
} }
#endif #endif
if (seccomp_arch_exist(ctx, arch) == -EEXIST) { ret = seccomp_arch_exist(ctx, arch);
ret = seccomp_arch_add(ctx, arch); if (ret < 0) {
if (ret != 0) { if (ret != -EEXIST) {
ERROR("Seccomp error %d (%s) adding arch: %d", ret, ERROR("%s - Failed to determine whether arch %d is "
strerror(-ret), (int)n_arch); "already present in the main seccomp context",
strerror(-ret), (int)n_arch);
seccomp_release(ctx); seccomp_release(ctx);
return NULL; return NULL;
} }
if (seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE) != 0) { ret = seccomp_arch_add(ctx, arch);
ERROR("Seccomp error removing native arch"); if (ret != 0) {
ERROR("%s - Failed to add arch %d to main seccomp context",
strerror(-ret), (int)n_arch);
seccomp_release(ctx); seccomp_release(ctx);
return NULL; return NULL;
} }
TRACE("Added arch %d to main seccomp context", (int)n_arch);
ret = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
if (ret != 0) {
ERROR("Failed to remove native arch from main seccomp context");
seccomp_release(ctx);
return NULL;
}
TRACE("Removed native arch from main seccomp context");
} else {
TRACE("Arch %d already present in main seccomp context", (int)n_arch);
} }
return ctx; return ctx;