]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1ddc138)
seccomp: lxc_read_seccomp_config()
authorChristian Brauner <christian.brauner@ubuntu.com>
Fri, 25 May 2018 11:16:31 +0000 (13:16 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Fri, 25 May 2018 11:16:31 +0000 (13:16 +0200)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/seccomp.c patch | blob | blame | history

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 4ae98120345539afe59ea182497ad4f26fa37415..c7f0dab1cbfbbe67c7d7857e90387d41b80d7624 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1124,7 +1124,7 @@ static bool use_seccomp(void)
 
 int lxc_read_seccomp_config(struct lxc_conf *conf)
 {
-       int check_seccomp_attr_set, ret;
+       int ret;
        FILE *f;
 
        if (!conf->seccomp)
@@ -1148,19 +1148,19 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
 /* turn off no-new-privs. We don't want it in lxc, and it breaks
  * with apparmor */
 #if HAVE_SCMP_FILTER_CTX
-       check_seccomp_attr_set = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0);
+       ret = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0);
 #else
-       check_seccomp_attr_set = seccomp_attr_set(SCMP_FLTATR_CTL_NNP, 0);
+       ret = seccomp_attr_set(SCMP_FLTATR_CTL_NNP, 0);
 #endif
-       if (check_seccomp_attr_set) {
-               ERROR("%s - Failed to turn off no-new-privs", strerror(-check_seccomp_attr_set));
+       if (ret < 0) {
+               ERROR("%s - Failed to turn off no-new-privs", strerror(-ret));
                return -1;
        }
 #ifdef SCMP_FLTATR_ATL_TSKIP
-       check_seccomp_attr_set = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_ATL_TSKIP, 1);
-       if (check_seccomp_attr_set < 0)
+       ret = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_ATL_TSKIP, 1);
+       if (ret < 0)
                WARN("%s - Failed to turn on seccomp nop-skip, continuing",
-                    strerror(-check_seccomp_attr_set));
+                    strerror(-ret));
 #endif
 
        f = fopen(conf->seccomp, "r");
Mirror of https://github.com/lxc/lxc.git