shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-05 15:21:37 +03:00
Code

nspawn: make seccomp loading errors non-fatal

Browse Source 
seccomp_load returns -EINVAL when seccomp support is not enabled in the
kernel [1]. This should be a debug log, not an error that interrupts nspawn.
If the seccomp filter can't be set and audit is enabled, the user will
get an error message anyway.

[1]: http://man7.org/linux/man-pages/man2/prctl.2.html
This commit is contained in:
Iago López Galeiras 2015-06-12 16:22:40 +02:00
parent eb59b60941
commit 9b1cbdc6e1
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/nspawn/nspawn.c
View File

@ -3002,8 +3002,15 @@ static int setup_seccomp(void) {
}
r = seccomp_load(seccomp);
if (r < 0)
if (r == -EINVAL) {
log_debug_errno(r, "Kernel is probably not configured with CONFIG_SECCOMP. Disabling seccomp audit filter: %m");
r = 0;
goto finish;
}
if (r < 0) {
log_error_errno(r, "Failed to install seccomp audit filter: %m");
goto finish;
}
finish:
seccomp_release(seccomp);