From cff7bff880b62faa8ee17edb0503449e639a2630 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 13 Sep 2017 19:57:32 +0200 Subject: [PATCH] seccomp: improve debug logging Let's log explicitly at debug level if we encounter a syscall or group that doesn#t exist at all. --- src/shared/seccomp-util.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index e282469155..5e78a088e9 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -799,8 +799,10 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name, const SyscallFilterSet *other; other = syscall_filter_set_find(name); - if (!other) + if (!other) { + log_debug("Filter set %s is not known!", name); return -EINVAL; + } r = seccomp_add_syscall_filter_set(seccomp, other, action, exclude); if (r < 0) @@ -809,8 +811,10 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name, int id; id = seccomp_syscall_resolve_name(name); - if (id == __NR_SCMP_ERROR) + if (id == __NR_SCMP_ERROR) { + log_debug("System call %s is not known!", name); return -EINVAL; /* Not known at all? Then that's a real error */ + } r = seccomp_rule_add_exact(seccomp, action, id, 0); if (r < 0)