picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

shared/seccomp: reduce scope of indexing variables

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-08-19 17:43:40 +02:00
parent 95aac01259
commit 077e8fc0ca
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/shared/seccomp-util.c
View File

@ -892,12 +892,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
};
const SyscallFilterSet *syscall_filter_set_find(const char *name) {
unsigned i;
if (isempty(name) || name[0] != '@')
return NULL;
for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
if (streq(syscall_filter_sets[i].name, name))
return syscall_filter_sets + i;
@ -1147,7 +1145,6 @@ int seccomp_restrict_namespaces(unsigned long retain) {
SECCOMP_FOREACH_LOCAL_ARCH(arch) {
_cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
unsigned i;
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
@ -1177,7 +1174,7 @@ int seccomp_restrict_namespaces(unsigned long retain) {
continue;
}
for (i = 0; namespace_flag_map[i].name; i++) {
for (unsigned i = 0; namespace_flag_map[i].name; i++) {
unsigned long f;
f = namespace_flag_map[i].flag;
@ -1362,7 +1359,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
return r;
if (allow_list) {
int af, first = 0, last = 0;
int first = 0, last = 0;
void *afp;
/* If this is an allow list, we first block the address families that are out of
@ -1370,7 +1367,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
* highest address family in the set. */
SET_FOREACH(afp, address_families, i) {
af = PTR_TO_INT(afp);
int af = PTR_TO_INT(afp);
if (af <= 0 || af >= af_max())
continue;
@ -1424,7 +1421,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
}
/* Block everything between the first and last entry */
for (af = 1; af < af_max(); af++) {
for (int af = 1; af < af_max(); af++) {
if (set_contains(address_families, INT_TO_PTR(af)))
continue;
@ -1451,7 +1448,6 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
* then combined in OR checks. */
SET_FOREACH(af, address_families, i) {
r = seccomp_rule_add_exact(
seccomp,
SCMP_ACT_ERRNO(EAFNOSUPPORT),