ret = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
if (ret < 0) {
- ERROR("%s - Failed to turn off no-new-privs", strerror(-ret));
+ errno = -ret;
+ SYSERROR("Failed to turn off no-new-privs");
seccomp_release(ctx);
return NULL;
}
ret = seccomp_arch_exist(ctx, arch);
if (ret < 0) {
if (ret != -EEXIST) {
- ERROR("%s - Failed to determine whether arch %d is "
- "already present in the main seccomp context",
- strerror(-ret), (int)n_arch);
+ errno = -ret;
+ SYSERROR("Failed to determine whether arch %d is "
+ "already present in the main seccomp context",
+ (int)n_arch);
seccomp_release(ctx);
return NULL;
}
ret = seccomp_arch_add(ctx, arch);
if (ret != 0) {
- ERROR("%s - Failed to add arch %d to main seccomp context",
- strerror(-ret), (int)n_arch);
+ errno = -ret;
+ SYSERROR("Failed to add arch %d to main seccomp context",
+ (int)n_arch);
seccomp_release(ctx);
return NULL;
}
ret = seccomp_arch_exist(ctx, arch);
if (arch && ret != 0) {
- ERROR("%s - Seccomp: rule and context arch do not match (arch %d)", strerror(-ret), arch);
+ errno = -ret;
+ SYSERROR("Seccomp: rule and context arch do not match (arch %d)", arch);
return false;
}
SCMP_SYS(umount2), 1,
SCMP_A1(SCMP_CMP_MASKED_EQ, MNT_FORCE, MNT_FORCE));
if (ret < 0) {
- ERROR("%s - Failed loading rule to reject force umount", strerror(-ret));
+ errno = -ret;
+ SYSERROR("Failed loading rule to reject force umount");
return false;
}
ret = seccomp_rule_add_exact_array(ctx, rule->action, nr,
rule->args_num, arg_cmp);
if (ret < 0) {
- ERROR("%s - Failed loading rule for %s (nr %d action %d (%s))",
- strerror(-ret), line, nr, rule->action,
- get_action_name(rule->action));
+ errno = -ret;
+ SYSERROR("Failed loading rule for %s (nr %d action %d (%s))",
+ line, nr, rule->action, get_action_name(rule->action));
return false;
}
ret = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0);
if (ret < 0) {
- ERROR("%s - Failed to turn off no-new-privs", strerror(-ret));
+ errno = -ret;
+ SYSERROR("Failed to turn off no-new-privs");
return -1;
}
ret = seccomp_attr_set(SCMP_FLTATR_CTL_NNP, 0);
#endif
if (ret < 0) {
- ERROR("%s - Failed to turn off no-new-privs", strerror(-ret));
+ errno = -ret;
+ SYSERROR("Failed to turn off no-new-privs");
return -1;
}
ret = seccomp_load();
#endif
if (ret < 0) {
- ERROR("%s- Error loading the seccomp policy", strerror(-ret));
+ errno = -ret;
+ SYSERROR("Error loading the seccomp policy");
return -1;
}