analyze: don't claim "@known" was an unlisted syscall

It's a sycall group of our own definition, and the output is erroneous to claim otherwise. Let's hide it. This adds syscall_set_add() which is nicely symmetric to the existing syscall_set_remove(). Follow-up for: 6d6a08547c03f96dc798cda1ef4a8d3013d292d5 (cherry picked from commit 950c0ed38935198a67a57c645e499555eaf006eb) (cherry picked from commit 7822ae021b795f55f84499d00763e112229ac6b4)
2025-02-15 05:57:26 +03:00 · 2023-03-24 11:35:55 +01:00 · 2023-03-24 11:35:55 +01:00 · f76e47b810
commit f76e47b810
parent 4b0ae9d418
1 changed files with 29 additions and 8 deletions
--- a/src/analyze/analyze-syscall-filter.c
+++ b/src/analyze/analyze-syscall-filter.c
@ -58,17 +58,38 @@ static int load_kernel_syscalls(Set **ret) {
        return 0;
 }

+static int syscall_set_add(Set **s, const SyscallFilterSet *set) {
+        const char *sc;
+        int r;
+
+        assert(s);
+
+        if (!set)
+                return 0;
+
+        NULSTR_FOREACH(sc, set->value) {
+                if (sc[0] == '@')
+                        continue;
+
+                r = set_put_strdup(s, sc);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
 static void syscall_set_remove(Set *s, const SyscallFilterSet *set) {
-        const char *syscall;
+        const char *sc;

        if (!set)
                return;

-        NULSTR_FOREACH(syscall, set->value) {
-                if (syscall[0] == '@')
+        NULSTR_FOREACH(sc, set->value) {
+                if (sc[0] == '@')
                        continue;

-                free(set_remove(s, syscall));
+                free(set_remove(s, sc));
        }
 }

@ -88,17 +109,17 @@ static void dump_syscall_filter(const SyscallFilterSet *set) {

 int verb_syscall_filters(int argc, char *argv[], void *userdata) {
        bool first = true;
+        int r;

        pager_open(arg_pager_flags);

        if (strv_isempty(strv_skip(argv, 1))) {
                _cleanup_set_free_ Set *kernel = NULL, *known = NULL;
-                const char *sys;
                int k = 0;  /* explicit initialization to appease gcc */

-                NULSTR_FOREACH(sys, syscall_filter_sets[SYSCALL_FILTER_SET_KNOWN].value)
-                        if (set_put_strdup(&known, sys) < 0)
-                                return log_oom();
+                r = syscall_set_add(&known, syscall_filter_sets + SYSCALL_FILTER_SET_KNOWN);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to prepare set of known system calls: %m");

                if (!arg_quiet)
                        k = load_kernel_syscalls(&kernel);