nspawn: make seccomp loading errors non-fatal

seccomp_load returns -EINVAL when seccomp support is not enabled in the kernel [1]. This should be a debug log, not an error that interrupts nspawn. If the seccomp filter can't be set and audit is enabled, the user will get an error message anyway. [1]: http://man7.org/linux/man-pages/man2/prctl.2.html
author: Iago López Galeiras <iago@endocode.com> 2015-06-12 16:22:40 +0200
committer: Iago López Galeiras <iago@endocode.com> 2015-06-15 10:55:31 +0200
commit: 9b1cbdc6e18ddeddc42df558e574322c64867b24 (patch)
tree: f7ab9da68db2d31c8d3789b9dc4073da20a5c4f8
parent: eb59b6094197a7dcef89639ec3e91eef61b639bb (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 6a21ed5471..5625799ff1 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3002,8 +3002,15 @@ static int setup_seccomp(void) {
         }
 
         r = seccomp_load(seccomp);
-        if (r < 0)
+        if (r == -EINVAL) {
+                log_debug_errno(r, "Kernel is probably not configured with CONFIG_SECCOMP. Disabling seccomp audit filter: %m");
+                r = 0;
+                goto finish;
+        }
+        if (r < 0) {
                 log_error_errno(r, "Failed to install seccomp audit filter: %m");
+                goto finish;
+        }
 
 finish:
         seccomp_release(seccomp);
author	Iago López Galeiras <iago@endocode.com>	2015-06-12 16:22:40 +0200
committer	Iago López Galeiras <iago@endocode.com>	2015-06-15 10:55:31 +0200
commit	9b1cbdc6e18ddeddc42df558e574322c64867b24 (patch)
tree	f7ab9da68db2d31c8d3789b9dc4073da20a5c4f8
parent	eb59b6094197a7dcef89639ec3e91eef61b639bb (diff)