From 881fa65739d12d76935a1042b7c0ee0eb5624663 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Wed, 18 Jun 2014 19:36:37 +0000 Subject: [PATCH] seccomp: warn but continue on unresolvable syscalls MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If a syscall is listed which is not resolvable, continue. This allows us to keep a more complete list of syscalls in a global seccomp policy without having to worry about older kernels not supporting the newer syscalls. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- src/lxc/seccomp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index d75defecf..fadc19075 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -235,8 +235,10 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf) } nr = seccomp_syscall_resolve_name_arch(arch, line); if (nr < 0) { - ERROR("Failed to resolve syscall: %s", line); - goto bad_rule; + WARN("Seccomp: failed to resolve syscall: %s (returned %d)", + line, nr); + WARN("This syscall will NOT be blacklisted"); + continue; } ret = seccomp_rule_add(ctx ? ctx : conf->seccomp_ctx, action, nr, 0); -- 2.47.2