diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-20 19:02:36 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-22 10:23:32 +0100 |
commit | f47bd0974918abdb2f2453e8efec9be7409d9add (patch) | |
tree | 42090fcb2651a553347802c9656e3fcf97ebe486 /src/nspawn/nspawn-seccomp.c | |
parent | ec562515331ee0d1b8de0e1a3364a35762206fa5 (diff) | |
download | systemd-f47bd0974918abdb2f2453e8efec9be7409d9add.tar.gz |
nspawn: log syscalls we cannot add at debug level
Without out at least a debug log line it is hard to figure out when something
goes wrong.
Reduce scope of a variable while at it.
Diffstat (limited to 'src/nspawn/nspawn-seccomp.c')
-rw-r--r-- | src/nspawn/nspawn-seccomp.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c index 0b39cda9ba..f94f131f22 100644 --- a/src/nspawn/nspawn-seccomp.c +++ b/src/nspawn/nspawn-seccomp.c @@ -139,11 +139,10 @@ static int seccomp_add_default_syscall_filter( */ }; - int r; - size_t i; char **p; + int r; - for (i = 0; i < ELEMENTSOF(whitelist); i++) { + for (size_t i = 0; i < ELEMENTSOF(whitelist); i++) { if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0) continue; @@ -153,7 +152,7 @@ static int seccomp_add_default_syscall_filter( } STRV_FOREACH(p, syscall_whitelist) { - r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false); + r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true); if (r < 0) log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", *p, seccomp_arch_to_string(arch)); |