If a syscall is listed which is not resolvable, continue. This allows
us to keep a more complete list of syscalls in a global seccomp policy
without having to worry about older kernels not supporting the newer
syscalls.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
}
nr = seccomp_syscall_resolve_name_arch(arch, line);
if (nr < 0) {
- ERROR("Failed to resolve syscall: %s", line);
- goto bad_rule;
+ WARN("Seccomp: failed to resolve syscall: %s (returned %d)",
+ line, nr);
+ WARN("This syscall will NOT be blacklisted");
+ continue;
}
ret = seccomp_rule_add(ctx ? ctx : conf->seccomp_ctx,
action, nr, 0);