seccomp: use lxc_log_get_level()

This will now enable LXD users to dump the seccomp filter in the log when logging at TRACE level. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: use lxc_log_get_level()
25a8b256 · Christian Brauner · 09c8768a · 25a8b256
Unverified Commit 25a8b256 authored Jan 30, 2021 by Christian Brauner
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

seccomp.c src/lxc/seccomp.c +7 -5

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1260,16 +1260,18 @@ int lxc_seccomp_load(struct lxc_conf *conf)
 /* After load seccomp filter into the kernel successfully, export the current seccomp
 * filter to log file */
 #if HAVE_SCMP_FILTER_CTX
-	if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE ||
+	if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) {
-	     conf->loglevel <= LXC_LOG_LEVEL_TRACE) &&
+		int fd_log;
-	     lxc_log_get_fd() >= 0) {
-		ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, lxc_log_fd);
+		fd_log = lxc_log_get_fd();
-		/* Just give an warning when export error */
+		if (fd_log >= 0) {
+			ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, fd_log);
 			if (ret < 0) {
 				errno = -ret;
 				SYSWARN("Failed to export seccomp filter to log file");
 			}
 		}
+	}
 #endif
 #if HAVE_DECL_SECCOMP_NOTIFY_FD