shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-11 09:18:07 +03:00
Code

seccomp: improve debug logging

Browse Source 
Let's log explicitly at debug level if we encounter a syscall or group
that doesn#t exist at all.
This commit is contained in:
Lennart Poettering 2017-09-13 19:57:32 +02:00
parent 25e94f8c75
commit cff7bff880
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/shared/seccomp-util.c
View File

@ -799,8 +799,10 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
const SyscallFilterSet *other;
other = syscall_filter_set_find(name);
if (!other)
if (!other) {
log_debug("Filter set %s is not known!", name);
return -EINVAL;
}
r = seccomp_add_syscall_filter_set(seccomp, other, action, exclude);
if (r < 0)
@ -809,8 +811,10 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
int id;
id = seccomp_syscall_resolve_name(name);
if (id == __NR_SCMP_ERROR)
if (id == __NR_SCMP_ERROR) {
log_debug("System call %s is not known!", name);
return -EINVAL; /* Not known at all? Then that's a real error */
}
r = seccomp_rule_add_exact(seccomp, action, id, 0);
if (r < 0)