seccomp: don't ignore syscalls when there's no proxy

The container process would just hang.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 272eeb766cfbd570c243fdc82c9be369994e46cc..64c3140b563763580d6ba0ce5fb03d2d7764a841 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1366,17 +1366,17 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
        char *cookie = conf->seccomp.notifier.cookie;
        uint64_t req_id;
 
-       if (listener_proxy_fd < 0) {
-               ERROR("No seccomp proxy registered");
-               return minus_one_set_errno(EINVAL);
-       }
-
        ret = seccomp_notify_receive(fd, req);
        if (ret) {
                SYSERROR("Failed to read seccomp notification");
                goto out;
        }
 
+       if (listener_proxy_fd < 0) {
+               ERROR("No seccomp proxy registered");
+               return minus_one_set_errno(EINVAL);
+       }
+
        /* remember the ID in case we receive garbage from the proxy */
        resp->id = req_id = req->id;