From 727c307376f4094f9f48cfd40f330944f3e400e4 Mon Sep 17 00:00:00 2001 From: Wesley M Date: Tue, 15 Dec 2015 10:47:22 -0500 Subject: [PATCH] Refactoring conditional directives. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Wesley Marques Acked-by: Stéphane Graber --- src/lxc/seccomp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index 5982cb475..451e31572 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -558,6 +558,7 @@ int lxc_read_seccomp_config(struct lxc_conf *conf) { FILE *f; int ret; + int check_seccomp_attr_set; if (!conf->seccomp) return 0; @@ -578,11 +579,12 @@ int lxc_read_seccomp_config(struct lxc_conf *conf) /* turn of no-new-privs. We don't want it in lxc, and it breaks * with apparmor */ - if (seccomp_attr_set( #if HAVE_SCMP_FILTER_CTX - conf->seccomp_ctx, + check_seccomp_attr_set = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0); +#else + check_seccomp_attr_set = seccomp_attr_set(SCMP_FLTATR_CTL_NNP, 0); #endif - SCMP_FLTATR_CTL_NNP, 0)) { + if (check_seccomp_attr_set) { ERROR("failed to turn off n-new-privs"); return -1; } -- 2.47.3