diff options
-rw-r--r-- | src/shared/seccomp-util.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 64ea86a677..a3728ff7b2 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1187,7 +1187,6 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { if (r < 0) break; } - if (r < 0) { log_debug_errno(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); continue; @@ -1212,7 +1211,6 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { if (r < 0) break; } - if (r < 0) { log_debug_errno(r, "Failed to add socket() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); continue; @@ -1453,7 +1451,13 @@ int seccomp_restrict_archs(Set *archs) { if (r < 0) return r; - return seccomp_load(seccomp); + r = seccomp_load(seccomp); + if (IN_SET(r, -EPERM, -EACCES)) + return r; + if (r < 0) + log_debug_errno(r, "Failed to restrict system call architectures, skipping: %m"); + + return 0; } int parse_syscall_archs(char **l, Set **archs) { |