seccomp: don't ignore syscalls when there's no proxy

The container process would just hang. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

seccomp: don't ignore syscalls when there's no proxy
5357b872 · Wolfgang Bumiller · 8a99ab01 · 5357b872
Commit 5357b872 authored Jul 05, 2019 by Wolfgang Bumiller
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

seccomp.c src/lxc/seccomp.c +5 -5

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1366,17 +1366,17 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 	char *cookie = conf->seccomp.notifier.cookie;
 	uint64_t req_id;
-	if (listener_proxy_fd < 0) {
-		ERROR("No seccomp proxy registered");
-		return minus_one_set_errno(EINVAL);
-	}
 	ret = seccomp_notify_receive(fd, req);
 	if (ret) {
 		SYSERROR("Failed to read seccomp notification");
 		goto out;
 	}
+	if (listener_proxy_fd < 0) {
+		ERROR("No seccomp proxy registered");
+		return minus_one_set_errno(EINVAL);
+	}
 	/* remember the ID in case we receive garbage from the proxy */
 	resp->id = req_id = req->id;