Commit 65484597 authored by Markus Armbruster's avatar Markus Armbruster
Browse files

seccomp: Clean up error reporting in parse_sandbox() 



Calling error_report() in a function that takes an Error ** argument
is suspicious.  parse_sandbox() does that, and then fails without
setting an error.  Its caller main(), via qemu_opts_foreach(), is fine
with it, but clean it up anyway.

Cc: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: default avatarEduardo Otubo <otubo@redhat.com>
Message-Id: <20181017082702.5581-18-armbru@redhat.com>
parent fff4c9c3

qemu-seccomp.c

+9 −9
Original line number Diff line number Diff line
@@ -12,11 +12,12 @@ 
 * Contributions after 2012-01-13 are licensed under the terms of the

 * GNU GPL, version 2 or (at your option) any later version.

 */



#include "qemu/osdep.h"

#include "qapi/error.h"

#include "qemu/config-file.h"

#include "qemu/option.h"

#include "qemu/module.h"

#include "qemu/error-report.h"

#include <sys/prctl.h>

#include <seccomp.h>

#include "sysemu/seccomp.h"
@@ -190,7 +191,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) 
                 * to provide a little bit of consistency for

                 * the command line */

            } else {

                error_report("invalid argument for obsolete");

                error_setg(errp, "invalid argument for obsolete");

                return -1;

            }

        }
@@ -205,14 +206,13 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) 
                /* calling prctl directly because we're

                 * not sure if host has CAP_SYS_ADMIN set*/

                if (prctl(PR_SET_NO_NEW_PRIVS, 1)) {

                    error_report("failed to set no_new_privs "

                                 "aborting");

                    error_setg(errp, "failed to set no_new_privs aborting");

                    return -1;

                }

            } else if (g_str_equal(value, "allow")) {

                /* default value */

            } else {

                error_report("invalid argument for elevateprivileges");

                error_setg(errp, "invalid argument for elevateprivileges");

                return -1;

            }

        }
@@ -224,7 +224,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) 
            } else if (g_str_equal(value, "allow")) {

                /* default value */

            } else {

                error_report("invalid argument for spawn");

                error_setg(errp, "invalid argument for spawn");

                return -1;

            }

        }
@@ -236,13 +236,13 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) 
            } else if (g_str_equal(value, "allow")) {

                /* default value */

            } else {

                error_report("invalid argument for resourcecontrol");

                error_setg(errp, "invalid argument for resourcecontrol");

                return -1;

            }

        }



        if (seccomp_start(seccomp_opts) < 0) {

            error_report("failed to install seccomp syscall filter "

            error_setg(errp, "failed to install seccomp syscall filter "

                       "in the kernel");

            return -1;

        }

vl.c

+2 −2
Original line number Diff line number Diff line
@@ -3973,8 +3973,8 @@ int main(int argc, char **argv, char **envp) 


#ifdef CONFIG_SECCOMP

    olist = qemu_find_opts_err("sandbox", NULL);

    if (olist && qemu_opts_foreach(olist, parse_sandbox, NULL, NULL)) {

        exit(1);

    if (olist) {

        qemu_opts_foreach(olist, parse_sandbox, NULL, &error_fatal);

    }

#endif