seccomp: re-add action parse error handling

This can happen when the 'errno' action can't parse its
supplied number.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a0d ("seccomp: parse_v2_rules()")

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 057e57082cef6664a36fc28fc96fbdae65bf88b7..dcf37447f4f565a18852d086599cc4b32e84d88e 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -257,6 +257,11 @@ static int parse_v2_rules(char *line, uint32_t def_action,
 
        /* read optional action which follows the syscall */
        rules->action = get_v2_action(tmp, def_action);
+       if (rules->action == -1) {
+               ERROR("Failed to interpret action");
+               ret = -1;
+               goto out;
+       }
 
        ret = 0;
        rules->args_num = 0;