seccomp: ignore (and debug log) errors by all invocations of seccomp_rule_add_exact()
System calls might exist on some archs but not on others, or might be multiplexed but not on others. Ignore such errors when putting together a filter at this location like we already do it on all others.
This commit is contained in:
parent
1c6af69b2d
commit
448ac526a3
|
@ -1549,8 +1549,10 @@ int seccomp_lock_personality(unsigned long personality) {
|
||||||
SCMP_SYS(personality),
|
SCMP_SYS(personality),
|
||||||
1,
|
1,
|
||||||
SCMP_A0(SCMP_CMP_NE, personality));
|
SCMP_A0(SCMP_CMP_NE, personality));
|
||||||
if (r < 0)
|
if (r < 0) {
|
||||||
return r;
|
log_debug_errno(r, "Failed to add scheduler rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
r = seccomp_load(seccomp);
|
r = seccomp_load(seccomp);
|
||||||
if (IN_SET(r, -EPERM, -EACCES))
|
if (IN_SET(r, -EPERM, -EACCES))
|
||||||
|
|
Loading…
Reference in a new issue