summaryrefslogtreecommitdiffstats
path: root/src/shared/seccomp-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-10-05 11:26:09 +0200
committerLennart Poettering <lennart@poettering.net>2017-10-05 11:27:34 +0200
commit448ac526a3fc95c4b4bfa24fe25ea95a88127c49 (patch)
tree69aff7880a68c4cc7944ed9a610cec0dc1b992d6 /src/shared/seccomp-util.c
parentseccomp: always handle seccomp_load() failing the same way (diff)
downloadsystemd-448ac526a3fc95c4b4bfa24fe25ea95a88127c49.tar.xz
systemd-448ac526a3fc95c4b4bfa24fe25ea95a88127c49.zip
seccomp: ignore (and debug log) errors by all invocations of seccomp_rule_add_exact()
System calls might exist on some archs but not on others, or might be multiplexed but not on others. Ignore such errors when putting together a filter at this location like we already do it on all others.
Diffstat (limited to '')
-rw-r--r--src/shared/seccomp-util.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index a3728ff7b2..73dc571b6b 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1549,8 +1549,10 @@ int seccomp_lock_personality(unsigned long personality) {
SCMP_SYS(personality),
1,
SCMP_A0(SCMP_CMP_NE, personality));
- if (r < 0)
- return r;
+ if (r < 0) {
+ log_debug_errno(r, "Failed to add scheduler rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ continue;
+ }
r = seccomp_load(seccomp);
if (IN_SET(r, -EPERM, -EACCES))