seccomp: print action name in log

This patch add function `get_action_name`, so we can print action name
in the log file. for example:

```
lxc-start ubuntu 20170515095416.561 INFO     lxc_seccomp - seccomp.c:parse_config_v2:613 - Adding compat rule for reject_force_umount action 0(kill).
lxc-start ubuntu 20170515095416.562 INFO     lxc_seccomp - seccomp.c:parse_config_v2:613 - Adding compat rule for kexec_load action 327681(errno).
```

Signed-off-by: 0x0916 <w@laoqinren.net>

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 881a498855c6091bb6b9addbe520fd5829019c9f..9369c90bf9e74efcf633fcf476f112af5acbb6ea 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -92,6 +92,23 @@ static uint32_t get_v2_default_action(char *line)
        return ret_action;
 }
 
+static const char *get_action_name(uint32_t action)
+{
+       // The upper 16 bits indicate the type of the seccomp action
+       switch(action & 0xffff0000){
+       case SCMP_ACT_KILL:
+               return "kill";
+       case SCMP_ACT_ALLOW:
+               return "allow";
+       case SCMP_ACT_TRAP:
+               return "trap";
+       case SCMP_ACT_ERRNO(0):
+               return "errno";
+       default:
+               return "invalid action";
+       }
+}
+
 static uint32_t get_and_clear_v2_action(char *line, uint32_t def_action)
 {
        char *p = strchr(line, ' ');
@@ -281,8 +298,8 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
        }
        ret = seccomp_rule_add_exact(ctx, action, nr, 0);
        if (ret < 0) {
-               ERROR("Failed (%d) loading rule for %s (nr %d action %d): %s.",
-                     ret, line, nr, action, strerror(-ret));
+               ERROR("Failed (%d) loading rule for %s (nr %d action %d(%s)): %s.",
+                     ret, line, nr, action, get_action_name(action), strerror(-ret));
                return false;
        }
        return true;
@@ -573,7 +590,8 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
                if (cur_rule_arch == native_arch ||
                    cur_rule_arch == lxc_seccomp_arch_native ||
                    compat_arch[0] == SCMP_ARCH_NATIVE) {
-                       INFO("Adding native rule for %s action %d.", line, action);
+                       INFO("Adding native rule for %s action %d(%s).", line, action,
+                            get_action_name(action));
                        if (!do_resolve_add_rule(SCMP_ARCH_NATIVE, line, conf->seccomp_ctx, action))
                                goto bad_rule;
                }
@@ -582,15 +600,18 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
                                cur_rule_arch == lxc_seccomp_arch_mips64n32 ||
                                cur_rule_arch == lxc_seccomp_arch_mipsel64n32 ? 1 : 0;
 
-                       INFO("Adding compat-only rule for %s action %d.", line, action);
+                       INFO("Adding compat-only rule for %s action %d(%s).", line, action,
+                            get_action_name(action));
                        if (!do_resolve_add_rule(compat_arch[arch_index], line, compat_ctx[arch_index], action))
                                goto bad_rule;
                }
                else {
-                       INFO("Adding native rule for %s action %d.", line, action);
+                       INFO("Adding native rule for %s action %d(%s).", line, action,
+                            get_action_name(action));
                        if (!do_resolve_add_rule(SCMP_ARCH_NATIVE, line, conf->seccomp_ctx, action))
                                goto bad_rule;
-                       INFO("Adding compat rule for %s action %d.", line, action);
+                       INFO("Adding compat rule for %s action %d(%s).", line, action,
+                            get_action_name(action));
                        if (!do_resolve_add_rule(compat_arch[0], line, compat_ctx[0], action))
                                goto bad_rule;
                        if (compat_arch[1] != SCMP_ARCH_NATIVE &&