return r;
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return log_error_errno(r, "Failed to install seccomp filter: %m");
if (r < 0)
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return log_error_errno(r, "Failed to install seccomp audit filter: %m");
if (r < 0)
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
return log_debug_errno(r, "Failed to add filter set: %m");
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
continue;
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install namespace restriction rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install sysctl protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install realtime protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
return r;
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to restrict system call architectures, skipping: %m");
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to enable personality lock for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
}
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to apply hostname restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
continue;
r = seccomp_load(seccomp);
- if (IN_SET(r, -EPERM, -EACCES))
+ if (ERRNO_IS_SECCOMP_FATAL(r))
return r;
if (r < 0)
log_debug_errno(r, "Failed to apply suid/sgid restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch));