From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 18 Aug 2020 15:06:28 +0000 (+0200)
Subject: shared/seccomp: use _cleanup_ in one more place
X-Git-Tag: v247-rc1~401^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F16782%2Fhead;p=thirdparty%2Fsystemd.git

shared/seccomp: use _cleanup_ in one more place

(cherry picked from commit 27605d6a836d85563faf41db9f7a72883d44c0ff)
---

diff --git a/src/nspawn/nspawn-seccomp.h b/src/nspawn/nspawn-seccomp.h
index 41743235209..6a48e6459b9 100644
--- a/src/nspawn/nspawn-seccomp.h
+++ b/src/nspawn/nspawn-seccomp.h
@@ -3,4 +3,4 @@
 
 #include <sys/types.h>
 
-int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_ist, char **syscall_deny_list);
+int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list);
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 99585924a0e..4dee0448104 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -187,7 +187,7 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
 }
 
 int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_action) {
-        scmp_filter_ctx seccomp;
+        _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
         int r;
 
         /* Much like seccomp_init(), but initializes the filter for one specific architecture only, without affecting
@@ -202,11 +202,11 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_
 
                 r = seccomp_arch_remove(seccomp, seccomp_arch_native());
                 if (r < 0)
-                        goto finish;
+                        return r;
 
                 r = seccomp_arch_add(seccomp, arch);
                 if (r < 0)
-                        goto finish;
+                        return r;
 
                 assert(seccomp_arch_exist(seccomp, arch) >= 0);
                 assert(seccomp_arch_exist(seccomp, SCMP_ARCH_NATIVE) == -EEXIST);
@@ -218,18 +218,14 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_
 
         r = seccomp_attr_set(seccomp, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_ALLOW);
         if (r < 0)
-                goto finish;
+                return r;
 
         r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
         if (r < 0)
-                goto finish;
+                return r;
 
-        *ret = seccomp;
+        *ret = TAKE_PTR(seccomp);
         return 0;
-
-finish:
-        seccomp_release(seccomp);
-        return r;
 }
 
 static bool is_basic_seccomp_available(void) {