[LEDE-DEV] [PATCH procd 12/17] preload-seccomp: Use proper log level for error messages

Michal Sojka sojkam1 at fel.cvut.cz
Tue Sep 12 04:12:44 PDT 2017


Signed-off-by: Michal Sojka <sojkam1 at fel.cvut.cz>
---
 jail/seccomp.c | 10 +++++-----
 jail/seccomp.h |  4 ++++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/jail/seccomp.c b/jail/seccomp.c
index 1a2bb27..27bf3ce 100644
--- a/jail/seccomp.c
+++ b/jail/seccomp.c
@@ -67,13 +67,13 @@ int install_syscall_filter(const char *argv, const char *file)
 
 	blob_buf_init(&b, 0);
 	if (!blobmsg_add_json_from_file(&b, file)) {
-		INFO("%s: failed to load %s\n", argv, file);
+		ERROR("%s: failed to load %s\n", argv, file);
 		return -1;
 	}
 
 	blobmsg_parse(policy, __SECCOMP_MAX, tb, blob_data(b.head), blob_len(b.head));
 	if (!tb[SECCOMP_WHITELIST]) {
-		INFO("%s: %s is missing the syscall table\n", argv, file);
+		ERROR("%s: %s is missing the syscall table\n", argv, file);
 		return -1;
 	}
 
@@ -85,7 +85,7 @@ int install_syscall_filter(const char *argv, const char *file)
 
 	filter = calloc(sz, sizeof(struct sock_filter));
 	if (!filter) {
-		INFO("failed to allocate filter memory\n");
+		ERROR("failed to allocate filter memory\n");
 		return -1;
 	}
 
@@ -125,7 +125,7 @@ int install_syscall_filter(const char *argv, const char *file)
 		set_filter(&filter[idx], BPF_RET + BPF_K, 0, 0, SECCOMP_RET_KILL);
 
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
-		INFO("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %s\n", argv, strerror(errno));
+		ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %s\n", argv, strerror(errno));
 		return errno;
 	}
 
@@ -133,7 +133,7 @@ int install_syscall_filter(const char *argv, const char *file)
 	prog.filter = filter;
 
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
-		INFO("%s: prctl(PR_SET_SECCOMP) failed: %s\n", argv, strerror(errno));
+		ERROR("%s: prctl(PR_SET_SECCOMP) failed: %s\n", argv, strerror(errno));
 		return errno;
 	}
 	return 0;
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6032812..24c1dd7 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -20,6 +20,10 @@
 	syslog(LOG_INFO,"preload-seccomp: "fmt, ## __VA_ARGS__); \
 	fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \
 	} while (0)
+#define ERROR(fmt, ...) do { \
+	syslog(LOG_ERR,"preload-seccomp: "fmt, ## __VA_ARGS__); \
+	fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \
+	} while (0)
 
 int install_syscall_filter(const char *argv, const char *file);
 
-- 
2.14.1




More information about the Lede-dev mailing list