seccomp: warn but continue on unresolvable syscalls

If a syscall is listed which is not resolvable, continue. This allows us to keep a more complete list of syscalls in a global seccomp policy without having to worry about older kernels not supporting the newer syscalls. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

seccomp: warn but continue on unresolvable syscalls
881fa657 · Serge Hallyn · Stéphane Graber · 7ef2c07c · 881fa657
Commit 881fa657 authored Jun 18, 2014 by Serge Hallyn Committed by Stéphane Graber Jun 18, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

seccomp.c src/lxc/seccomp.c +4 -2

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -235,8 +235,10 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		}
 		nr = seccomp_syscall_resolve_name_arch(arch, line);
 		if (nr < 0) {
-			ERROR("Failed to resolve syscall: %s", line);
-			goto bad_rule;
+			WARN("Seccomp: failed to resolve syscall: %s (returned %d)",
+				line, nr);
+			WARN("This syscall will NOT be blacklisted");
+			continue;
 		}
 		ret = seccomp_rule_add(ctx ? ctx : conf->seccomp_ctx,
 				action, nr, 0);