[lxc-devel] [lxc/master] seccomp: handle all errors

Fri, 13 Apr 2018 09:01:58 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2275

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>

From adfee3a873291bf2ec1ba0e079bccfd05eefdd1f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Fri, 13 Apr 2018 18:00:23 +0200
Subject: [PATCH] seccomp: handle all errors

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/seccomp.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 5da31a563..60118852d 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -371,20 +371,34 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, 
uint32_t default_policy_
        }
 #endif
 
-       if (seccomp_arch_exist(ctx, arch) == -EEXIST) {
+       ret = seccomp_arch_exist(ctx, arch);
+       if (ret < 0) {
+               if (ret != -EEXIST) {
+                       ERROR("%s - Failed to determine whether arch %d is "
+                             "already present in the main seccomp context",
+                              strerror(-ret), (int)n_arch);
+                       seccomp_release(ctx);
+                       return NULL;
+               }
+
                ret = seccomp_arch_add(ctx, arch);
                if (ret != 0) {
-                       ERROR("Seccomp error %d (%s) adding arch: %d", ret,
-                                       strerror(-ret), (int)n_arch);
+                       ERROR("%s - Failed to add arch %d to main seccomp 
context",
+                             strerror(-ret), (int)n_arch);
                        seccomp_release(ctx);
                        return NULL;
                }
+               TRACE("Added arch %d to main seccomp context", (int)n_arch);
 
-               if (seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE) != 0) {
-                       ERROR("Seccomp error removing native arch");
+               ret = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
+               if (ret != 0) {
+                       ERROR("Failed to remove native arch from main seccomp 
context");
                        seccomp_release(ctx);
                        return NULL;
                }
+               TRACE("Removed native arch from main seccomp context");
+       } else {
+               TRACE("Arch %d already present in main seccomp context", 
(int)n_arch);
        }
 
        return ctx;

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to