seccomp: use lxc_log_get_level()

This will now enable LXD users to dump the seccomp filter in the log when logging at TRACE level. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: use lxc_log_get_level()
25a8b256 · Christian Brauner · 09c8768a · 25a8b256
Unverified Commit 25a8b256 authored Jan 30, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 8 deletions

seccomp.c src/lxc/seccomp.c +10 -8

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1260,14 +1260,16 @@ int lxc_seccomp_load(struct lxc_conf *conf)
 /* After load seccomp filter into the kernel successfully, export the current seccomp
 * filter to log file */
 #if HAVE_SCMP_FILTER_CTX
-	if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE ||
-	     conf->loglevel <= LXC_LOG_LEVEL_TRACE) &&
-	     lxc_log_get_fd() >= 0) {
-		ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, lxc_log_fd);
-		/* Just give an warning when export error */
-		if (ret < 0) {
-			errno = -ret;
-			SYSWARN("Failed to export seccomp filter to log file");
+	if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) {
+		int fd_log;
+
+		fd_log = lxc_log_get_fd();
+		if (fd_log >= 0) {
+			ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, fd_log);
+			if (ret < 0) {
+				errno = -ret;
+				SYSWARN("Failed to export seccomp filter to log file");
+			}
 		}
 	}
 #endif