seccomp: ignore (and debug log) errors by all invocations of seccomp_rule_add_exact()

System calls might exist on some archs but not on others, or might be
multiplexed but not on others. Ignore such errors when putting together
a filter at this location like we already do it on all others.

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index a3728ff7b2f3c9d9c5ba41a79684a967b77ddf81..73dc571b6bbbac4ea774b5777e5f192ddb2b8710 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1549,8 +1549,10 @@ int seccomp_lock_personality(unsigned long personality) {
                                 SCMP_SYS(personality),
                                 1,
                                 SCMP_A0(SCMP_CMP_NE, personality));
-                if (r < 0)
-                        return r;
+                if (r < 0) {
+                        log_debug_errno(r, "Failed to add scheduler rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+                        continue;
+                }
 
                 r = seccomp_load(seccomp);
                 if (IN_SET(r, -EPERM, -EACCES))