From: Iago López Galeiras <iago@endocode.com>
Date: Fri, 12 Jun 2015 14:22:40 +0000 (+0200)
Subject: nspawn: make seccomp loading errors non-fatal
X-Git-Tag: v221~84^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F205%2Fhead;p=thirdparty%2Fsystemd.git

nspawn: make seccomp loading errors non-fatal

seccomp_load returns -EINVAL when seccomp support is not enabled in the
kernel [1]. This should be a debug log, not an error that interrupts nspawn.
If the seccomp filter can't be set and audit is enabled, the user will
get an error message anyway.

[1]: http://man7.org/linux/man-pages/man2/prctl.2.html
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 6a21ed5471e..5625799ff1a 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3002,8 +3002,15 @@ static int setup_seccomp(void) {
         }
 
         r = seccomp_load(seccomp);
-        if (r < 0)
+        if (r == -EINVAL) {
+                log_debug_errno(r, "Kernel is probably not configured with CONFIG_SECCOMP. Disabling seccomp audit filter: %m");
+                r = 0;
+                goto finish;
+        }
+        if (r < 0) {
                 log_error_errno(r, "Failed to install seccomp audit filter: %m");
+                goto finish;
+        }
 
 finish:
         seccomp_release(seccomp);