Do not try to add non-existent syscalls.

author Nick Mathewson <nickm@torproject.org>

Mon, 9 Sep 2013 19:37:45 +0000 (15:37 -0400)

committer Nick Mathewson <nickm@torproject.org>

Mon, 9 Sep 2013 19:37:45 +0000 (15:37 -0400)
author Nick Mathewson <nickm@torproject.org>
Mon, 9 Sep 2013 19:37:45 +0000 (15:37 -0400)
committer Nick Mathewson <nickm@torproject.org>
Mon, 9 Sep 2013 19:37:45 +0000 (15:37 -0400)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c

index c6c93489c8f7e15b902ddb4a348f18942fdd66b1..a5bc892973c24e3802fa8ca578e84a12c3fec0bd 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1187,10 +1187,12 @@ add_noparam_filter(scmp_filter_ctx ctx)
  
    // add general filters
    for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {
+    if (filter_nopar_gen[i] < 0)
+      continue;
      rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter_nopar_gen[i], 0);
      if (rc != 0) {
-      log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, "
-          "received libseccomp error %d", i, rc);
+      log_err(LD_BUG,"(Sandbox) failed to add syscall index %d (NR=%d), "
+          "received libseccomp error %d", i, filter_nopar_gen[i], rc);
        return rc;
      }
    }
author	Nick Mathewson <nickm@torproject.org>
	Mon, 9 Sep 2013 19:37:45 +0000 (15:37 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Mon, 9 Sep 2013 19:37:45 +0000 (15:37 -0400)