mirror/ youki
1
0
Fork 0
mirror of https://github.com/containers/youki synced 2024-05-08 00:26:14 +02:00
Code Issues

address review

This commit is contained in:
yihuaf 2021-09-28 01:03:08 +02:00
parent e20bb9982a
commit 88fa0af8d7
1 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/seccomp/mod.rs
View File

@ -1,6 +1,7 @@
use anyhow::bail;
use anyhow::Context;
use anyhow::Result;
use nix::errno::Errno;
use oci_spec::runtime::Arch;
use oci_spec::runtime::LinuxSeccomp;
use oci_spec::runtime::LinuxSeccompAction;
@ -143,29 +144,31 @@ impl FilterContext {
pub fn notify_fd(&self) -> Result<Option<i32>> {
let res = unsafe { seccomp_notify_fd(self.ctx) };
if res > 0 {
return Ok(Some(res));
}
// -1 indicates the notify fd is not set. This can happen if no seccomp
// notify filter is set.
if res == -1 {
return Ok(None);
}
if res == -(libc::EINVAL as i32) {
bail!("invalid seccomp context used to call notify fd");
}
match nix::errno::from_i32(-res) {
Errno::EINVAL => {
bail!("invalid seccomp context used to call notify fd");
}
Errno::EFAULT => {
bail!("internal libseccomp fault; likely no seccomp filter is loaded");
}
Errno::EOPNOTSUPP => {
bail!("seccomp notify filter not supported");
}
if res == -(libc::EFAULT as i32) {
bail!("internal libseccomp fault; likely no seccomp filter is loaded");
}
if res == -(libc::EOPNOTSUPP as i32) {
bail!("seccomp notify filter not supported");
}
if res > 0 {
return Ok(Some(res));
}
unreachable!();
_ => {
bail!("unknown error from return code: {}", res);
}
};
}
}