shared/seccomp: avoid possibly writing bogus errno code in debug log

CID 1409488. This code was added in 903659e7b2. The change that is done here is a simple fix to avoid use of a unitialized/wrongly-initialized variable, but the bigger issue is that nothing looks at the returned result to distinguish between 0 and a positive return value.
2019-12-06 15:04:51 +01:00 · 2019-12-06 15:04:51 +01:00 · b069c2a3f2
parent 36f43076b9
commit b069c2a3f2
1 changed files with 5 additions and 5 deletions
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@ -1583,12 +1583,11 @@ assert_cc(SCMP_SYS(shmdt) > 0);

 int seccomp_memory_deny_write_execute(void) {
        uint32_t arch;
-        int r;
-        int loaded = 0;
+        unsigned loaded = 0;

        SECCOMP_FOREACH_LOCAL_ARCH(arch) {
                _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
-                int filter_syscall = 0, block_syscall = 0, shmat_syscall = 0;
+                int filter_syscall = 0, block_syscall = 0, shmat_syscall = 0, r;

                log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));

@ -1678,12 +1677,13 @@ int seccomp_memory_deny_write_execute(void) {
                if (ERRNO_IS_SECCOMP_FATAL(r))
                        return r;
                if (r < 0)
-                        log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
+                        log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m",
+                                        seccomp_arch_to_string(arch));
                loaded++;
        }

        if (loaded == 0)
-                log_debug_errno(r, "Failed to install any seccomp rules for MemoryDenyWriteExecute=");
+                log_debug("Failed to install any seccomp rules for MemoryDenyWriteExecute=.");

        return loaded;
 }