shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-10-27 10:25:37 +03:00
Code

seccomp: react gracefully if we can't translate a syscall name

Browse Source 
When a libseccomp implementation doesn't know a syscall yet, that's no
reason for us to fail completely. Instead, debug log, and proceed.

This hopefully fixes the preadv2/pwritev2 issues pointed out here:

https://github.com/systemd/systemd/pull/6952#issuecomment-334302923
This commit is contained in:
Lennart Poettering 2017-10-05 11:23:07 +02:00
parent 4c3a917617
commit ff217dc3af
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/shared/seccomp-util.c
View File

@ -807,8 +807,8 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
id = seccomp_syscall_resolve_name(name);
if (id == __NR_SCMP_ERROR) {
log_debug("System call %s is not known!", name);
return -EINVAL; /* Not known at all? Then that's a real error */
log_debug("System call %s is not known, ignoring.", name);
return 0;
}
r = seccomp_rule_add_exact(seccomp, action, id, 0);
@ -1501,7 +1501,6 @@ int seccomp_filter_set_add(Set *filter, bool add, const SyscallFilterSet *set) {
if (!more)
return -ENXIO;
r = seccomp_filter_set_add(filter, add, more);
if (r < 0)
return r;
@ -1509,8 +1508,10 @@ int seccomp_filter_set_add(Set *filter, bool add, const SyscallFilterSet *set) {
int id;
id = seccomp_syscall_resolve_name(i);
if (id == __NR_SCMP_ERROR)
return -ENXIO;
if (id == __NR_SCMP_ERROR) {
log_debug("Couldn't resolve system call, ignoring: %s", i);
continue;
}
if (add) {
r = set_put(filter, INT_TO_PTR(id + 1));