return r;
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return log_error_errno(r, "Failed to install seccomp filter: %m");
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return log_error_errno(r, "Failed to install seccomp filter: %m");
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
SECCOMP_FOREACH_LOCAL_ARCH(arch) {
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return log_error_errno(r, "Failed to install seccomp audit filter: %m");
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return log_error_errno(r, "Failed to install seccomp audit filter: %m");
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
return log_debug_errno(r, "Failed to add filter set: %m");
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install system call filter for architecture %s, skipping: %m",
seccomp_arch_to_string(arch));
+ }
}
return 0;
continue;
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install namespace restriction rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install sysctl protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install syslog protection rules for architecture %s, skipping %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install realtime protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m",
seccomp_arch_to_string(arch));
+ }
loaded++;
}
return r;
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to restrict system call architectures, skipping: %m");
+ }
return 0;
}
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to enable personality lock for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
}
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to apply hostname restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
continue;
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to apply suid/sgid restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;
#endif
r = seccomp_load(seccomp);
- if (ERRNO_IS_SECCOMP_FATAL(r))
- return r;
- if (r < 0)
+ if (r < 0) {
+ if (ERRNO_IS_SECCOMP_FATAL(r))
+ return r;
log_debug_errno(r, "Failed to apply sync() suppression for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+ }
}
return 0;