shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

seccomp: only abort on syscall name resolution failures (#3701)

Browse Source 
seccomp_syscall_resolve_name() can return a mix of positive and negative
(pseudo-) syscall numbers, while errors are signaled via __NR_SCMP_ERROR.
This commit lets the syscall filter parser only abort on real parsing
failures, letting libseccomp handle pseudo-syscall number on its own
and allowing proper multiplexed syscalls filtering.
This commit is contained in:
Luca Bruno 2016-07-12 11:55:26 +02:00 committed by Lennart Poettering
parent e18ec3c71d
commit 391b81cd03
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/load-fragment.c
View File

@ -2429,7 +2429,7 @@ static int syscall_filter_parse_one(
int id;
id = seccomp_syscall_resolve_name(t);
if (id < 0) {
if (id == __NR_SCMP_ERROR) {
if (warn)
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse system call, ignoring: %s", t);
return 0;