[lxc-devel] [lxc/master] Revert "seccomp: make do_resolve_add_rule() more strict"

brauner on Github lxc-bot at linuxcontainers.org
Tue Jun 5 09:22:17 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 446 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180605/9a377e93/attachment.bin>
-------------- next part --------------
From 24b9874f7920a19e4c5ad385405703c2ace98aac Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Jun 2018 11:21:23 +0200
Subject: [PATCH] Revert "seccomp: make do_resolve_add_rule() more strict"

This reverts commit dfddc8aa7ef3362212f8394995088a5f525730dd.

Closes #2376.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 24c69c305..5718ed337 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -500,12 +500,14 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
 	nr = seccomp_syscall_resolve_name(line);
 	if (nr == __NR_SCMP_ERROR) {
 		WARN("Failed to resolve syscall \"%s\"", line);
-		return false;
+		WARN("This syscall will NOT be blacklisted");
+		return true;
 	}
 
 	if (nr < 0) {
 		WARN("Got negative return value %d for syscall \"%s\"", nr, line);
-		return false;
+		WARN("This syscall will NOT be blacklisted");
+		return true;
 	}
 
 	memset(&arg_cmp, 0, sizeof(arg_cmp));


More information about the lxc-devel mailing list