1 files changed, 14 insertions, 9 deletions

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 3f0b3d9182..eea994d0b3 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -90,7 +90,7 @@
 #include "machine-image.h"
 #include "list.h"
 #include "in-addr-util.h"
-#include "fw-util.h"
+#include "firewall-util.h"
 #include "local-addresses.h"
 #include "formats-util.h"
 #include "process-util.h"
@@ -350,7 +350,7 @@ static int custom_mounts_prepare(void) {
                 if (m->read_only)
                         continue;
 
-                r = tempfn_random(m->source, &m->work_dir);
+                r = tempfn_random(m->source, NULL, &m->work_dir);
                 if (r < 0)
                         return log_error_errno(r, "Failed to generate work directory from %s: %m", m->source);
         }
@@ -3002,8 +3002,15 @@ static int setup_seccomp(void) {
         }
 
         r = seccomp_load(seccomp);
-        if (r < 0)
+        if (r == -EINVAL) {
+                log_debug_errno(r, "Kernel is probably not configured with CONFIG_SECCOMP. Disabling seccomp audit filter: %m");
+                r = 0;
+                goto finish;
+        }
+        if (r < 0) {
                 log_error_errno(r, "Failed to install seccomp audit filter: %m");
+                goto finish;
+        }
 
 finish:
         seccomp_release(seccomp);
@@ -4458,7 +4465,7 @@ int main(int argc, char *argv[]) {
         int r, n_fd_passed, loop_nr = -1;
         char veth_name[IFNAMSIZ];
         bool secondary = false, remove_subvol = false;
-        sigset_t mask, mask_chld;
+        sigset_t mask_chld;
         pid_t pid = 0;
         int ret = EXIT_SUCCESS;
         union in_addr_union exposed = {};
@@ -4515,9 +4522,9 @@ int main(int argc, char *argv[]) {
                                 goto finish;
                         }
                         if (r > 0)
-                                r = tempfn_random_child(arg_directory, &np);
+                                r = tempfn_random_child(arg_directory, "machine.", &np);
                         else
-                                r = tempfn_random(arg_directory, &np);
+                                r = tempfn_random(arg_directory, "machine.", &np);
                         if (r < 0) {
                                 log_error_errno(r, "Failed to generate name for snapshot: %m");
                                 goto finish;
@@ -4657,9 +4664,7 @@ int main(int argc, char *argv[]) {
                 log_info("Spawning container %s on %s.\nPress ^] three times within 1s to kill container.",
                          arg_machine, arg_image ?: arg_directory);
 
-        assert_se(sigemptyset(&mask) == 0);
-        sigset_add_many(&mask, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1);
-        assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0);
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
 
         assert_se(sigemptyset(&mask_chld) == 0);
         assert_se(sigaddset(&mask_chld, SIGCHLD) == 0);