cleanup

1 files changed, 2 insertions, 30 deletions

diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index 7ae74c340..8abc249ec 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -164,6 +164,8 @@ void seccomp_default_drop(const char *fname1, const char *fname2, char *list, in
 }
 
 void seccomp_keep(const char *fname1, const char *fname2, char *list) {
+        (void) fname2;
+        
         // open file for pre-exec filter
         int fd = open(fname1, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
         if (fd < 0) {
@@ -187,36 +189,6 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) {
 
         // close file
         close(fd);
-
-#if 0
-// There is something very wrong here with the file descriptors, "ls -l /proc/self/fd" will show no file
-// after running this code. We don't need the postexec filter in this case anyway.
-printf("@@seccomp_keep start %s %s %s\n", fname1, fname2, list);
-system("ls -l /proc/self/fd");
-printf("@@seccomp_keep start %s %s %s\n", fname1, fname2, list);
-        // open file for post-exec filter
-        fd = open(fname2, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-        if (fd < 0) {
-                fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname2);
-                exit(1);
-        }
-
-        // build post-exec filter: whitelist without @default-keep
-        filter_init(fd);
-
-        if (syscall_check_list(list, filter_add_whitelist, fd, 0, NULL)) {
-                fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n");
-                exit(1);
-        }
-
-        filter_end_whitelist(fd);
-
-        // close file
-        close(fd);
-printf("@@seccomp_keep end %s %s %s\n", fname1, fname2, list);
-system("ls -l /proc/self/fd");
-printf("@@seccomp_keep end %s %s %s\n", fname1, fname2, list);
-#endif
 }
 
 void memory_deny_write_execute(const char *fname) {