seccomp: make do_resolve_add_rule() more strict

Let's error out on syscalls that cannot be resolved or fail to resolve instead of just warning users. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: make do_resolve_add_rule() more strict
dfddc8aa · Christian Brauner · 54a051c1 · dfddc8aa
Unverified Commit dfddc8aa authored May 25, 2018 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 4 deletions

seccomp.c src/lxc/seccomp.c +2 -4

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -500,14 +500,12 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
 	nr = seccomp_syscall_resolve_name(line);
 	if (nr == __NR_SCMP_ERROR) {
 		WARN("Failed to resolve syscall \"%s\"", line);
-		WARN("This syscall will NOT be blacklisted");
+		return false;
-		return true;
 	}
 	if (nr < 0) {
 		WARN("Got negative return value %d for syscall \"%s\"", nr, line);
-		WARN("This syscall will NOT be blacklisted");
+		return false;
-		return true;
 	}
 	memset(&arg_cmp, 0, sizeof(arg_cmp));