jail: relax seccomp unknown syscall handling

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
author: Daniel Golle 2020-10-28 01:39:34 +0000
committer: Daniel Golle 2020-10-28 13:47:27 +0000
commit: 6963d5032b51739ad953064da035d1a74c61f7cb (patch)
tree: 6ad08870af08a75a56be747855a98190ea996cb2
parent: bba6de753191bc43d7f5dc7b21db07693fa7d865 (diff)
download: procd-6963d5032b51739ad953064da035d1a74c61f7cb.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/jail/seccomp-oci.c b/jail/seccomp-oci.c
index 06fa2d1..bc9a491 100644
--- a/jail/seccomp-oci.c
+++ b/jail/seccomp-oci.c
@@ -221,7 +221,8 @@ struct sock_fprog *parseOCIlinuxseccomp(struct blob_attr *msg)
 			sc = find_syscall(blobmsg_get_string(curn));
 			if (sc == -1) {
 				ERROR("unknown syscall '%s'\n", blobmsg_get_string(curn));
-				goto errout1;
+				/* TODO: support run.oci.seccomp_fail_unknown_syscall=1 annotation */
+				continue;
 			}
 
 			/* add rule to filter */
author	Daniel Golle	2020-10-28 01:39:34 +0000
committer	Daniel Golle	2020-10-28 13:47:27 +0000
commit	6963d5032b51739ad953064da035d1a74c61f7cb (patch)
tree	6ad08870af08a75a56be747855a98190ea996cb2
parent	bba6de753191bc43d7f5dc7b21db07693fa7d865 (diff)
download	procd-6963d5032b51739ad953064da035d1a74c61f7cb.tar.gz