From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Wed, 18 Jun 2014 19:36:37 +0000 (+0000)
Subject: seccomp: warn but continue on unresolvable syscalls
X-Git-Tag: lxc-1.1.0.alpha1~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52036991a0c482ab57c4f01340947aaf817d7ba7;p=thirdparty%2Flxc.git

seccomp: warn but continue on unresolvable syscalls

If a syscall is listed which is not resolvable, continue.  This allows
us to keep a more complete list of syscalls in a global seccomp policy
without having to worry about older kernels not supporting the newer
syscalls.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index d75defecf..fadc19075 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -235,8 +235,10 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		}
 		nr = seccomp_syscall_resolve_name_arch(arch, line);
 		if (nr < 0) {
-			ERROR("Failed to resolve syscall: %s", line);
-			goto bad_rule;
+			WARN("Seccomp: failed to resolve syscall: %s (returned %d)",
+				line, nr);
+			WARN("This syscall will NOT be blacklisted");
+			continue;
 		}
 		ret = seccomp_rule_add(ctx ? ctx : conf->seccomp_ctx,
 				action, nr, 0);