Refactoring conditional directives.

author Wesley M <wesleymr.27@gmail.com>

Tue, 15 Dec 2015 15:47:22 +0000 (10:47 -0500)

committer Stéphane Graber <stgraber@ubuntu.com>

Thu, 17 Nov 2016 22:23:03 +0000 (17:23 -0500)
author Wesley M <wesleymr.27@gmail.com>
Tue, 15 Dec 2015 15:47:22 +0000 (10:47 -0500)
committer Stéphane Graber <stgraber@ubuntu.com>
Thu, 17 Nov 2016 22:23:03 +0000 (17:23 -0500)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c

index 5982cb475062b72ea2c5d4b7d9371f56f8c02d90..451e31572ff8ce9b7df01cc61744e54906b6b778 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -558,6 +558,7 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
  {
         FILE *f;
         int ret;
+       int check_seccomp_attr_set;
  
         if (!conf->seccomp)
                 return 0;
@@ -578,11 +579,12 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
  
         /* turn of no-new-privs.  We don't want it in lxc, and it breaks
          * with apparmor */
-       if (seccomp_attr_set(
  #if HAVE_SCMP_FILTER_CTX
-                       conf->seccomp_ctx,
+  check_seccomp_attr_set = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0);
+#else
+  check_seccomp_attr_set = seccomp_attr_set(SCMP_FLTATR_CTL_NNP, 0);
  #endif
-                       SCMP_FLTATR_CTL_NNP, 0)) {
+       if (check_seccomp_attr_set) {
                 ERROR("failed to turn off n-new-privs");
                 return -1;
         }
author	Wesley M <wesleymr.27@gmail.com>
	Tue, 15 Dec 2015 15:47:22 +0000 (10:47 -0500)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Thu, 17 Nov 2016 22:23:03 +0000 (17:23 -0500)