From 7f9b174026a318862d6b2073e81ef62c82a9d18e Mon Sep 17 00:00:00 2001 From: Michal Sojka Date: Tue, 12 Sep 2017 13:12:44 +0200 Subject: [PATCH] preload-seccomp: Use proper log level for error messages Signed-off-by: Michal Sojka --- jail/seccomp.c | 10 +++++----- jail/seccomp.h | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/jail/seccomp.c b/jail/seccomp.c index 1a2bb27..27bf3ce 100644 --- a/jail/seccomp.c +++ b/jail/seccomp.c @@ -67,13 +67,13 @@ int install_syscall_filter(const char *argv, const char *file) blob_buf_init(&b, 0); if (!blobmsg_add_json_from_file(&b, file)) { - INFO("%s: failed to load %s\n", argv, file); + ERROR("%s: failed to load %s\n", argv, file); return -1; } blobmsg_parse(policy, __SECCOMP_MAX, tb, blob_data(b.head), blob_len(b.head)); if (!tb[SECCOMP_WHITELIST]) { - INFO("%s: %s is missing the syscall table\n", argv, file); + ERROR("%s: %s is missing the syscall table\n", argv, file); return -1; } @@ -85,7 +85,7 @@ int install_syscall_filter(const char *argv, const char *file) filter = calloc(sz, sizeof(struct sock_filter)); if (!filter) { - INFO("failed to allocate filter memory\n"); + ERROR("failed to allocate filter memory\n"); return -1; } @@ -125,7 +125,7 @@ int install_syscall_filter(const char *argv, const char *file) set_filter(&filter[idx], BPF_RET + BPF_K, 0, 0, SECCOMP_RET_KILL); if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { - INFO("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %s\n", argv, strerror(errno)); + ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %s\n", argv, strerror(errno)); return errno; } @@ -133,7 +133,7 @@ int install_syscall_filter(const char *argv, const char *file) prog.filter = filter; if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { - INFO("%s: prctl(PR_SET_SECCOMP) failed: %s\n", argv, strerror(errno)); + ERROR("%s: prctl(PR_SET_SECCOMP) failed: %s\n", argv, strerror(errno)); return errno; } return 0; diff --git a/jail/seccomp.h b/jail/seccomp.h index 6032812..24c1dd7 100644 --- a/jail/seccomp.h +++ b/jail/seccomp.h @@ -20,6 +20,10 @@ syslog(LOG_INFO,"preload-seccomp: "fmt, ## __VA_ARGS__); \ fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \ } while (0) +#define ERROR(fmt, ...) do { \ + syslog(LOG_ERR,"preload-seccomp: "fmt, ## __VA_ARGS__); \ + fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \ + } while (0) int install_syscall_filter(const char *argv, const char *file); -- 2.25.1