X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fprocd.git;a=blobdiff_plain;f=jail%2Fseccomp.c;h=fae08f98ee2f4efa47171db7566a2a3eb257e008;hp=1a2bb27a5d4d05f01e08c0cf0097230adf7d8418;hb=fa5ce1c2b4fe3fa6bb4bbc6697961655b952d8d4;hpb=5e4ad0270bedf98da1d47e3e1306f7b66b6b29c7 diff --git a/jail/seccomp.c b/jail/seccomp.c index 1a2bb27..fae08f9 100644 --- a/jail/seccomp.c +++ b/jail/seccomp.c @@ -22,15 +22,15 @@ #include "seccomp.h" #include "../syscall-names.h" -static int max_syscall = ARRAY_SIZE(syscall_names); - static int find_syscall(const char *name) { int i; - for (i = 0; i < max_syscall; i++) - if (syscall_names[i] && !strcmp(syscall_names[i], name)) - return i; + for (i = 0; i < SYSCALL_COUNT; i++) { + int sc = syscall_index_to_number(i); + if (syscall_name(sc) && !strcmp(syscall_name(sc), name)) + return sc; + } return -1; } @@ -67,13 +67,13 @@ int install_syscall_filter(const char *argv, const char *file) blob_buf_init(&b, 0); if (!blobmsg_add_json_from_file(&b, file)) { - INFO("%s: failed to load %s\n", argv, file); + ERROR("%s: failed to load %s\n", argv, file); return -1; } blobmsg_parse(policy, __SECCOMP_MAX, tb, blob_data(b.head), blob_len(b.head)); if (!tb[SECCOMP_WHITELIST]) { - INFO("%s: %s is missing the syscall table\n", argv, file); + ERROR("%s: %s is missing the syscall table\n", argv, file); return -1; } @@ -85,7 +85,7 @@ int install_syscall_filter(const char *argv, const char *file) filter = calloc(sz, sizeof(struct sock_filter)); if (!filter) { - INFO("failed to allocate filter memory\n"); + ERROR("failed to allocate filter memory\n"); return -1; } @@ -125,7 +125,7 @@ int install_syscall_filter(const char *argv, const char *file) set_filter(&filter[idx], BPF_RET + BPF_K, 0, 0, SECCOMP_RET_KILL); if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { - INFO("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %s\n", argv, strerror(errno)); + ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n", argv); return errno; } @@ -133,7 +133,7 @@ int install_syscall_filter(const char *argv, const char *file) prog.filter = filter; if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { - INFO("%s: prctl(PR_SET_SECCOMP) failed: %s\n", argv, strerror(errno)); + ERROR("%s: prctl(PR_SET_SECCOMP) failed: %m\n", argv); return errno; } return 0;