shared/seccomp: use _cleanup_ in one more place

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Tue, 18 Aug 2020 15:06:28 +0000 (17:06 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 19 Aug 2020 08:57:30 +0000 (10:57 +0200)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 18 Aug 2020 15:06:28 +0000 (17:06 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 19 Aug 2020 08:57:30 +0000 (10:57 +0200)
diff --git a/src/nspawn/nspawn-seccomp.h b/src/nspawn/nspawn-seccomp.h

index 4174323520998faf5529712c6d06c1c0461d4235..6a48e6459b9dc2deced741a38f2208dd1d01063e 100644 (file)
--- a/src/nspawn/nspawn-seccomp.h
+++ b/src/nspawn/nspawn-seccomp.h
@@ -3,4 +3,4 @@
  
  #include <sys/types.h>
  
-int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_ist, char **syscall_deny_list);
+int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list);
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c

index 99585924a0ebc9344b7bd67219352e765747dff7..4dee04481040fe921754bad4fa940c19fdc62827 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -187,7 +187,7 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
  }
  
  int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_action) {
-        scmp_filter_ctx seccomp;
+        _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
          int r;
  
          /* Much like seccomp_init(), but initializes the filter for one specific architecture only, without affecting
@@ -202,11 +202,11 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_
  
                  r = seccomp_arch_remove(seccomp, seccomp_arch_native());
                  if (r < 0)
-                        goto finish;
+                        return r;
  
                  r = seccomp_arch_add(seccomp, arch);
                  if (r < 0)
-                        goto finish;
+                        return r;
  
                  assert(seccomp_arch_exist(seccomp, arch) >= 0);
                  assert(seccomp_arch_exist(seccomp, SCMP_ARCH_NATIVE) == -EEXIST);
@@ -218,18 +218,14 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_
  
          r = seccomp_attr_set(seccomp, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_ALLOW);
          if (r < 0)
-                goto finish;
+                return r;
  
          r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
          if (r < 0)
-                goto finish;
+                return r;
  
-        *ret = seccomp;
+        *ret = TAKE_PTR(seccomp);
          return 0;
-
-finish:
-        seccomp_release(seccomp);
-        return r;
  }
  
  static bool is_basic_seccomp_available(void) {
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 18 Aug 2020 15:06:28 +0000 (17:06 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 19 Aug 2020 08:57:30 +0000 (10:57 +0200)
src/nspawn/nspawn-seccomp.h		patch \| blob \| blame \| history
src/shared/seccomp-util.c		patch \| blob \| blame \| history