shared/seccomp: reduce scope of indexing variables

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index b21d997b9fa405f231b719e84321b4afe0089a6a..1797f130e77f67e602ee7ea46861836e4825ae1b 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -892,12 +892,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
 };
 
 const SyscallFilterSet *syscall_filter_set_find(const char *name) {
-        unsigned i;
-
         if (isempty(name) || name[0] != '@')
                 return NULL;
 
-        for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
+        for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
                 if (streq(syscall_filter_sets[i].name, name))
                         return syscall_filter_sets + i;
 
@@ -1147,7 +1145,6 @@ int seccomp_restrict_namespaces(unsigned long retain) {
 
         SECCOMP_FOREACH_LOCAL_ARCH(arch) {
                 _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
-                unsigned i;
 
                 log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
 
@@ -1177,7 +1174,7 @@ int seccomp_restrict_namespaces(unsigned long retain) {
                         continue;
                 }
 
-                for (i = 0; namespace_flag_map[i].name; i++) {
+                for (unsigned i = 0; namespace_flag_map[i].name; i++) {
                         unsigned long f;
 
                         f = namespace_flag_map[i].flag;
@@ -1362,7 +1359,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
                         return r;
 
                 if (allow_list) {
-                        int af, first = 0, last = 0;
+                        int first = 0, last = 0;
                         void *afp;
 
                         /* If this is an allow list, we first block the address families that are out of
@@ -1370,7 +1367,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
                          * highest address family in the set. */
 
                         SET_FOREACH(afp, address_families, i) {
-                                af = PTR_TO_INT(afp);
+                                int af = PTR_TO_INT(afp);
 
                                 if (af <= 0 || af >= af_max())
                                         continue;
@@ -1424,7 +1421,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
                                 }
 
                                 /* Block everything between the first and last entry */
-                                for (af = 1; af < af_max(); af++) {
+                                for (int af = 1; af < af_max(); af++) {
 
                                         if (set_contains(address_families, INT_TO_PTR(af)))
                                                 continue;
@@ -1451,7 +1448,6 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
                          * then combined in OR checks. */
 
                         SET_FOREACH(af, address_families, i) {
-
                                 r = seccomp_rule_add_exact(
                                                 seccomp,
                                                 SCMP_ACT_ERRNO(EAFNOSUPPORT),