seccomp: error on unrecognized actions

Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 44862983c17520852f20d2f1145e0bd8366dcd2a..4ae98120345539afe59ea182497ad4f26fa37415 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -114,6 +114,9 @@ static uint32_t get_v2_default_action(char *line)
                ret_action = SCMP_ACT_ALLOW;
        } else if (strncmp(line, "trap", 4) == 0) {
                ret_action = SCMP_ACT_TRAP;
+       } else if (line[0]) {
+               ERROR("Unrecognized seccomp action: %s", line);
+               return -2;
        }
 
        return ret_action;