summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn-seccomp.c
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2019-11-20 19:02:36 +0100
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2019-11-22 10:23:32 +0100
commitf47bd0974918abdb2f2453e8efec9be7409d9add (patch)
tree42090fcb2651a553347802c9656e3fcf97ebe486 /src/nspawn/nspawn-seccomp.c
parentec562515331ee0d1b8de0e1a3364a35762206fa5 (diff)
downloadsystemd-f47bd0974918abdb2f2453e8efec9be7409d9add.tar.gz
nspawn: log syscalls we cannot add at debug level
Without out at least a debug log line it is hard to figure out when something goes wrong. Reduce scope of a variable while at it.
Diffstat (limited to 'src/nspawn/nspawn-seccomp.c')
-rw-r--r--src/nspawn/nspawn-seccomp.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 0b39cda9ba..f94f131f22 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -139,11 +139,10 @@ static int seccomp_add_default_syscall_filter(
*/
};
- int r;
- size_t i;
char **p;
+ int r;
- for (i = 0; i < ELEMENTSOF(whitelist); i++) {
+ for (size_t i = 0; i < ELEMENTSOF(whitelist); i++) {
if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0)
continue;
@@ -153,7 +152,7 @@ static int seccomp_add_default_syscall_filter(
}
STRV_FOREACH(p, syscall_whitelist) {
- r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false);
+ r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true);
if (r < 0)
log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
*p, seccomp_arch_to_string(arch));
View Lorry Controller Status