From: Zbigniew Jędrzejewski-Szmek Date: Wed, 20 Nov 2019 18:02:36 +0000 (+0100) Subject: nspawn: log syscalls we cannot add at debug level X-Git-Tag: v244-rc1~1^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f47bd0974918abdb2f2453e8efec9be7409d9add;p=thirdparty%2Fsystemd.git nspawn: log syscalls we cannot add at debug level Without out at least a debug log line it is hard to figure out when something goes wrong. Reduce scope of a variable while at it. --- diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c index 0b39cda9ba9..f94f131f22e 100644 --- a/src/nspawn/nspawn-seccomp.c +++ b/src/nspawn/nspawn-seccomp.c @@ -139,11 +139,10 @@ static int seccomp_add_default_syscall_filter( */ }; - int r; - size_t i; char **p; + int r; - for (i = 0; i < ELEMENTSOF(whitelist); i++) { + for (size_t i = 0; i < ELEMENTSOF(whitelist); i++) { if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0) continue; @@ -153,7 +152,7 @@ static int seccomp_add_default_syscall_filter( } STRV_FOREACH(p, syscall_whitelist) { - r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false); + r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true); if (r < 0) log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", *p, seccomp_arch_to_string(arch));