[lxc-devel] [PATCH 1/2] seccomp: warn but continue on unresolvable syscalls
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jun 18 19:36:37 UTC 2014
If a syscall is listed which is not resolvable, continue. This allows
us to keep a more complete list of syscalls in a global seccomp policy
without having to worry about older kernels not supporting the newer
syscalls.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/seccomp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index d75defe..fadc190 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -235,8 +235,10 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
}
nr = seccomp_syscall_resolve_name_arch(arch, line);
if (nr < 0) {
- ERROR("Failed to resolve syscall: %s", line);
- goto bad_rule;
+ WARN("Seccomp: failed to resolve syscall: %s (returned %d)",
+ line, nr);
+ WARN("This syscall will NOT be blacklisted");
+ continue;
}
ret = seccomp_rule_add(ctx ? ctx : conf->seccomp_ctx,
action, nr, 0);
--
2.0.0
More information about the lxc-devel
mailing list