shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-10 01:17:44 +03:00
Code

seccomp: improve error reporting

Browse Source 
Only report OOM if that was actually the error of the operation,
explicitly report the possible error that a syscall was already blocked
with a different errno and translate that into a more sensible errno
(EEXIST only makes sense in connection to the hashmap), and pass through
all other potential errors unmodified. Part of #9939.
This commit is contained in:
Lucas Werkmeister 2018-08-26 00:27:29 +02:00
parent 8f8112f916
commit 851ee70a3d
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/shared/seccomp-util.c
View File

@ -1057,7 +1057,17 @@ int seccomp_parse_syscall_filter_full(
if (!(flags & SECCOMP_PARSE_INVERT) == !!(flags & SECCOMP_PARSE_WHITELIST)) { if (!(flags & SECCOMP_PARSE_INVERT) == !!(flags & SECCOMP_PARSE_WHITELIST)) {
r = hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(errno_num)); r = hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(errno_num));
if (r < 0) if (r < 0)
return flags & SECCOMP_PARSE_LOG ? log_oom() : -ENOMEM; switch (r) {
case -ENOMEM:
return flags & SECCOMP_PARSE_LOG ? log_oom() : -ENOMEM;
case -EEXIST:
if (flags & SECCOMP_PARSE_LOG)
log_warning("System call %s already blocked with different errno: %d",
name, PTR_TO_INT(hashmap_get(filter, INT_TO_PTR(id + 1))));
return -EINVAL;
default:
return r;
}
} else } else
(void) hashmap_remove(filter, INT_TO_PTR(id + 1)); (void) hashmap_remove(filter, INT_TO_PTR(id + 1));
} }