shared/seccomp: avoid possibly writing bogus errno code in debug log

CID 1409488.

This code was added in 903659e7b242c3cc897e32835f1918d380b24e5f. The change
that is done here is a simple fix to avoid use of a
unitialized/wrongly-initialized variable, but the bigger issue is that nothing
looks at the returned result to distinguish between 0 and a positive return
value.

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 6d42b2d573480542a3f985010114a5b24807806f..eeca17f3412c5ea267726487ec7bd870ee55c566 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1583,12 +1583,11 @@ assert_cc(SCMP_SYS(shmdt) > 0);
 
 int seccomp_memory_deny_write_execute(void) {
         uint32_t arch;
-        int r;
-        int loaded = 0;
+        unsigned loaded = 0;
 
         SECCOMP_FOREACH_LOCAL_ARCH(arch) {
                 _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
-                int filter_syscall = 0, block_syscall = 0, shmat_syscall = 0;
+                int filter_syscall = 0, block_syscall = 0, shmat_syscall = 0, r;
 
                 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
 
@@ -1678,12 +1677,13 @@ int seccomp_memory_deny_write_execute(void) {
                 if (ERRNO_IS_SECCOMP_FATAL(r))
                         return r;
                 if (r < 0)
-                        log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+                        log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m",
+                                        seccomp_arch_to_string(arch));
                 loaded++;
         }
 
         if (loaded == 0)
-                log_debug_errno(r, "Failed to install any seccomp rules for MemoryDenyWriteExecute=");
+                log_debug("Failed to install any seccomp rules for MemoryDenyWriteExecute=.");
 
         return loaded;
 }