From 875108c91193ba530242e953bc1029d4ded65bc0 Mon Sep 17 00:00:00 2001 From: Sebastian Ramacher Date: Wed, 28 Nov 2018 00:06:50 +0100 Subject: [PATCH] Extend error messages --- zathura/seccomp-filters.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/zathura/seccomp-filters.c b/zathura/seccomp-filters.c index d93c592..b27385a 100644 --- a/zathura/seccomp-filters.c +++ b/zathura/seccomp-filters.c @@ -12,8 +12,26 @@ #include #include -#define DENY_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0) < 0) goto out; } -#define ALLOW_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; } +#define DENY_RULE(call) \ + do { \ + girara_debug("denying " G_STRINGIFY(call)); \ + const int err = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0); \ + if (err < 0) { \ + girara_error("failed to deny " G_STRINGIFY(call) ": %s", \ + g_strerror(-err)); \ + goto out; \ + } \ + } while (0) +#define ALLOW_RULE(call) \ + do { \ + girara_debug("allowing " G_STRINGIFY(call)); \ + const int err = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0); \ + if (err < 0) { \ + girara_error("failed to allow " G_STRINGIFY(call) ": %s", \ + g_strerror(-err)); \ + goto out; \ + } \ + } while (0) int seccomp_enable_basic_filter(void)