1 files changed, 340 insertions, 16 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index 0a86dade0..ecf057ee0 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -21,11 +21,16 @@
 #include <sys/syscall.h>
 typedef struct {
-        char *name;
+        const char * const name;
        int nr;
 } SyscallEntry;
-static SyscallEntry syslist[] = {
+typedef struct {
+        const char * const name;
+        const char * const list;
+} SyscallGroupList;
+static const SyscallEntry syslist[] = {
 //
 // code generated using tools/extract-syscall
 //
@@ -35,8 +40,302 @@ static SyscallEntry syslist[] = {
 //
 }; // end of syslist
+static const SyscallGroupList sysgroups[] = {
+        { .name = "@default", .list =
+#ifdef SYS_mount
+          "mount,"
+#endif
+#ifdef SYS_umount2
+          "umount2,"
+#endif
+#ifdef SYS_kexec_load
+          "kexec_load,"
+#endif
+#ifdef SYS_kexec_file_load
+          "kexec_file_load,"
+#endif
+#ifdef SYS_open_by_handle_at
+          "open_by_handle_at,"
+#endif
+#ifdef SYS_name_to_handle_at
+          "name_to_handle_at,"
+#endif
+#ifdef SYS_init_module
+          "init_module,"
+#endif
+#ifdef SYS_finit_module
+          "finit_module,"
+#endif
+#ifdef SYS_create_module
+          "create_module,"
+#endif
+#ifdef SYS_delete_module
+          "delete_module,"
+#endif
+#ifdef SYS_iopl
+          "iopl,"
+#endif
+#ifdef SYS_ioperm
+          "ioperm,"
+#endif
+#ifdef SYS_ioprio_set
+          "ioprio_set,"
+#endif
+#ifdef SYS_ni_syscall
+          "ni_syscall,"
+#endif
+#ifdef SYS_swapon
+          "swapon,"
+#endif
+#ifdef SYS_swapoff
+          "swapoff,"
+#endif
+#ifdef SYS_syslog
+          "syslog,"
+#endif
+#ifdef SYS_process_vm_writev
+          "process_vm_writev,"
+#endif
+#ifdef SYS_sysfs
+          "sysfs,"
+#endif
+#ifdef SYS__sysctl
+          "_sysctl,"
+#endif
+#ifdef SYS_adjtimex
+          "adjtimex,"
+#endif
+#ifdef SYS_clock_adjtime
+          "clock_adjtime,"
+#endif
+#ifdef SYS_lookup_dcookie
+          "lookup_dcookie,"
+#endif
+#ifdef SYS_perf_event_open
+          "perf_event_open,"
+#endif
+#ifdef SYS_fanotify_init
+          "fanotify_init,"
+#endif
+#ifdef SYS_kcmp
+          "kcmp,"
+#endif
+#ifdef SYS_add_key
+          "add_key,"
+#endif
+#ifdef SYS_request_key
+          "request_key,"
+#endif
+#ifdef SYS_keyctl
+          "keyctl,"
+#endif
+#ifdef SYS_uselib
+          "uselib,"
+#endif
+#ifdef SYS_acct
+          "acct,"
+#endif
+#ifdef SYS_modify_ldt
+          "modify_ldt,"
+#endif
+#ifdef SYS_pivot_root
+          "pivot_root,"
+#endif
+#ifdef SYS_io_setup
+          "io_setup,"
+#endif
+#ifdef SYS_io_destroy
+          "io_destroy,"
+#endif
+#ifdef SYS_io_getevents
+          "io_getevents,"
+#endif
+#ifdef SYS_io_submit
+          "io_submit,"
+#endif
+#ifdef SYS_io_cancel
+          "io_cancel,"
+#endif
+#ifdef SYS_remap_file_pages
+          "remap_file_pages,"
+#endif
+#ifdef SYS_mbind
+          "mbind,"
+#endif
+#ifdef SYS_set_mempolicy
+          "set_mempolicy,"
+#endif
+#ifdef SYS_migrate_pages
+          "migrate_pages,"
+#endif
+#ifdef SYS_move_pages
+          "move_pages,"
+#endif
+#ifdef SYS_vmsplice
+          "vmsplice,"
+#endif
+#ifdef SYS_chroot
+          "chroot,"
+#endif
+#ifdef SYS_tuxcall
+          "tuxcall,"
+#endif
+#ifdef SYS_reboot
+          "reboot,"
+#endif
+#ifdef SYS_nfsservctl
+          "nfsservctl,"
+#endif
+#ifdef SYS_get_kernel_syms
+          "get_kernel_syms,"
+#endif
+#ifdef SYS_bpf
+          "bpf,"
+#endif
+#ifdef SYS_clock_settime
+          "clock_settime,"
+#endif
+#ifdef SYS_personality
+          "personality,"
+#endif
+#ifdef SYS_process_vm_writev
+          "process_vm_writev,"
+#endif
+#ifdef SYS_query_module
+          "query_module,"
+#endif
+#ifdef SYS_settimeofday
+          "settimeofday,"
+#endif
+#ifdef SYS_stime
+          "stime,"
+#endif
+#ifdef SYS_umount
+          "umount,"
+#endif
+#ifdef SYS_userfaultfd
+          "userfaultfd,"
+#endif
+#ifdef SYS_ustat
+          "ustat,"
+#endif
+#ifdef SYS_vm86
+          "vm86,"
+#endif
+#ifdef SYS_vm86old
+          "vm86old,"
+#endif
+#ifdef SYS_afs_syscall
+          "afs_syscall,"
+#endif
+#ifdef SYS_bdflush
+          "bdflush,"
+#endif
+#ifdef SYS_break
+          "break,"
+#endif
+#ifdef SYS_ftime
+          "ftime,"
+#endif
+#ifdef SYS_getpmsg
+          "getpmsg,"
+#endif
+#ifdef SYS_gtty
+          "gtty,"
+#endif
+#ifdef SYS_lock
+          "lock,"
+#endif
+#ifdef SYS_mpx
+          "mpx,"
+#endif
+#ifdef SYS_pciconfig_iobase
+          "pciconfig_iobase,"
+#endif
+#ifdef SYS_pciconfig_read
+          "pciconfig_read,"
+#endif
+#ifdef SYS_pciconfig_write
+          "pciconfig_write,"
+#endif
+#ifdef SYS_prof
+          "prof,"
+#endif
+#ifdef SYS_profil
+          "profil,"
+#endif
+#ifdef SYS_putpmsg
+          "putpmsg,"
+#endif
+#ifdef SYS_rtas
+          "rtas,"
+#endif
+#ifdef SYS_s390_runtime_instr
+          "s390_runtime_instr,"
+#endif
+#ifdef SYS_s390_mmio_read
+          "s390_mmio_read,"
+#endif
+#ifdef SYS_s390_mmio_write
+          "s390_mmio_write,"
+#endif
+#ifdef SYS_security
+          "security,"
+#endif
+#ifdef SYS_setdomainname
+          "setdomainname,"
+#endif
+#ifdef SYS_sethostname
+          "sethostname,"
+#endif
+#ifdef SYS_sgetmask
+          "sgetmask,"
+#endif
+#ifdef SYS_ssetmask
+          "ssetmask,"
+#endif
+#ifdef SYS_stty
+          "stty,"
+#endif
+#ifdef SYS_subpage_prot
+          "subpage_prot,"
+#endif
+#ifdef SYS_switch_endian
+          "switch_endian,"
+#endif
+#ifdef SYS_sys_debug_setcontext
+          "sys_debug_setcontext,"
+#endif
+#ifdef SYS_ulimit
+          "ulimit,"
+#endif
+#ifdef SYS_vhangup
+          "vhangup,"
+#endif
+#ifdef SYS_vserver
+          "vserver"
+#endif
+        },
+        { .name = "@default-nodebuggers", .list =
+          "@default,"
+#ifdef SYS_ptrace
+          "ptrace,"
+#endif
+#ifdef SYS_process_vm_readv
+          "process_vm_readv"
+#endif
+        },
+        { .name = "@default-keep", .list =
+          "dup,"
+          "prctl,"
+          "setgid,"
+          "setgroups,"
+          "setuid"
+        }
+};
 // return -1 if error, or syscall number
-int syscall_find_name(const char *name) {
+static int syscall_find_name(const char *name) {
        int i;
        int elems = sizeof(syslist) / sizeof(syslist[0]);
        for (i = 0; i < elems; i++) {
@@ -47,7 +346,7 @@ int syscall_find_name(const char *name) {
        return -1;
 }
-char *syscall_find_nr(int nr) {
+const char *syscall_find_nr(int nr) {
        int i;
        int elems = sizeof(syslist) / sizeof(syslist[0]);
        for (i = 0; i < elems; i++) {
@@ -67,6 +366,17 @@ void syscall_print(void) {
        printf("\n");
 }
+static const char *syscall_find_group(const char *name) {
+        int i;
+        int elems = sizeof(sysgroups) / sizeof(sysgroups[0]);
+        for (i = 0; i < elems; i++) {
+                if (strcmp(name, sysgroups[i].name) == 0)
+                        return sysgroups[i].list;
+        }
+        return NULL;
+}
 // allowed input:
 // - syscall
 // - syscall(error)
@@ -92,7 +402,10 @@ static void syscall_process_name(const char *name, int *syscall_nr, int *error_n
                goto error;
        }
-        *syscall_nr = syscall_find_name(syscall_name);
+        if (*syscall_name == '$')
+                *syscall_nr = strtol(syscall_name + 1, NULL, 0);
+        else
+                *syscall_nr = syscall_find_name(syscall_name);
        if (error_name) {
                *error_nr = errno_find_name(error_name);
                if (*error_nr == -1)
@@ -120,7 +433,8 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall,
        if (!str)
                errExit("strdup");
-        char *ptr =strtok(str, ",");
+        char *saveptr;
+        char *ptr = strtok_r(str, ",", &saveptr);
        if (ptr == NULL) {
                fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n");
                exit(1);
@@ -129,18 +443,28 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall,
        while (ptr) {
                int syscall_nr;
                int error_nr;
-                syscall_process_name(ptr, &syscall_nr, &error_nr);
+                if (*ptr == '@') {
-                if (syscall_nr == -1) {
+                        const char *new_list = syscall_find_group(ptr);
-                        if (!arg_quiet)
+                        if (!new_list) {
-                                fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr);
+                                fprintf(stderr, "Error fseccomp: unknown syscall group %s\n", ptr);
+                                exit(1);
+                        }
+                        syscall_check_list(new_list, callback, fd, arg);
                }
-                else if (callback != NULL) {
+                else {
-                        if (error_nr != -1)
+                        syscall_process_name(ptr, &syscall_nr, &error_nr);
-                                filter_add_errno(fd, syscall_nr, error_nr);
+                        if (syscall_nr == -1) {
-                        else
+                                if (!arg_quiet)
-                                callback(fd, syscall_nr, arg);
+                                        fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr);
+                        }
+                        else if (callback != NULL) {
+                                if (error_nr != -1)
+                                        filter_add_errno(fd, syscall_nr, error_nr);
+                                else
+                                        callback(fd, syscall_nr, arg);
+                        }
                }
-                ptr = strtok(NULL, ",");
+                ptr = strtok_r(NULL, ",", &saveptr);
        }
        free(str);

diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 0a86dade0..ecf057ee0 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c
@@ -21,11 +21,16 @@
21	#include <sys/syscall.h>	21	#include <sys/syscall.h>
22		22
23	typedef struct {	23	typedef struct {
24	char *name;	24	const char * const name;
25	int nr;	25	int nr;
26	} SyscallEntry;	26	} SyscallEntry;
27		27
28	static SyscallEntry syslist[] = {	28	typedef struct {
		29	const char * const name;
		30	const char * const list;
		31	} SyscallGroupList;
		32
		33	static const SyscallEntry syslist[] = {
29	//	34	//
30	// code generated using tools/extract-syscall	35	// code generated using tools/extract-syscall
31	//	36	//
@@ -35,8 +40,302 @@ static SyscallEntry syslist[] = {
35	//	40	//
36	}; // end of syslist	41	}; // end of syslist
37		42
		43	static const SyscallGroupList sysgroups[] = {
		44	{ .name = "@default", .list =
		45	#ifdef SYS_mount
		46	"mount,"
		47	#endif
		48	#ifdef SYS_umount2
		49	"umount2,"
		50	#endif
		51	#ifdef SYS_kexec_load
		52	"kexec_load,"
		53	#endif
		54	#ifdef SYS_kexec_file_load
		55	"kexec_file_load,"
		56	#endif
		57	#ifdef SYS_open_by_handle_at
		58	"open_by_handle_at,"
		59	#endif
		60	#ifdef SYS_name_to_handle_at
		61	"name_to_handle_at,"
		62	#endif
		63	#ifdef SYS_init_module
		64	"init_module,"
		65	#endif
		66	#ifdef SYS_finit_module
		67	"finit_module,"
		68	#endif
		69	#ifdef SYS_create_module
		70	"create_module,"
		71	#endif
		72	#ifdef SYS_delete_module
		73	"delete_module,"
		74	#endif
		75	#ifdef SYS_iopl
		76	"iopl,"
		77	#endif
		78	#ifdef SYS_ioperm
		79	"ioperm,"
		80	#endif
		81	#ifdef SYS_ioprio_set
		82	"ioprio_set,"
		83	#endif
		84	#ifdef SYS_ni_syscall
		85	"ni_syscall,"
		86	#endif
		87	#ifdef SYS_swapon
		88	"swapon,"
		89	#endif
		90	#ifdef SYS_swapoff
		91	"swapoff,"
		92	#endif
		93	#ifdef SYS_syslog
		94	"syslog,"
		95	#endif
		96	#ifdef SYS_process_vm_writev
		97	"process_vm_writev,"
		98	#endif
		99	#ifdef SYS_sysfs
		100	"sysfs,"
		101	#endif
		102	#ifdef SYS__sysctl
		103	"_sysctl,"
		104	#endif
		105	#ifdef SYS_adjtimex
		106	"adjtimex,"
		107	#endif
		108	#ifdef SYS_clock_adjtime
		109	"clock_adjtime,"
		110	#endif
		111	#ifdef SYS_lookup_dcookie
		112	"lookup_dcookie,"
		113	#endif
		114	#ifdef SYS_perf_event_open
		115	"perf_event_open,"
		116	#endif
		117	#ifdef SYS_fanotify_init
		118	"fanotify_init,"
		119	#endif
		120	#ifdef SYS_kcmp
		121	"kcmp,"
		122	#endif
		123	#ifdef SYS_add_key
		124	"add_key,"
		125	#endif
		126	#ifdef SYS_request_key
		127	"request_key,"
		128	#endif
		129	#ifdef SYS_keyctl
		130	"keyctl,"
		131	#endif
		132	#ifdef SYS_uselib
		133	"uselib,"
		134	#endif
		135	#ifdef SYS_acct
		136	"acct,"
		137	#endif
		138	#ifdef SYS_modify_ldt
		139	"modify_ldt,"
		140	#endif
		141	#ifdef SYS_pivot_root
		142	"pivot_root,"
		143	#endif
		144	#ifdef SYS_io_setup
		145	"io_setup,"
		146	#endif
		147	#ifdef SYS_io_destroy
		148	"io_destroy,"
		149	#endif
		150	#ifdef SYS_io_getevents
		151	"io_getevents,"
		152	#endif
		153	#ifdef SYS_io_submit
		154	"io_submit,"
		155	#endif
		156	#ifdef SYS_io_cancel
		157	"io_cancel,"
		158	#endif
		159	#ifdef SYS_remap_file_pages
		160	"remap_file_pages,"
		161	#endif
		162	#ifdef SYS_mbind
		163	"mbind,"
		164	#endif
		165	#ifdef SYS_set_mempolicy
		166	"set_mempolicy,"
		167	#endif
		168	#ifdef SYS_migrate_pages
		169	"migrate_pages,"
		170	#endif
		171	#ifdef SYS_move_pages
		172	"move_pages,"
		173	#endif
		174	#ifdef SYS_vmsplice
		175	"vmsplice,"
		176	#endif
		177	#ifdef SYS_chroot
		178	"chroot,"
		179	#endif
		180	#ifdef SYS_tuxcall
		181	"tuxcall,"
		182	#endif
		183	#ifdef SYS_reboot
		184	"reboot,"
		185	#endif
		186	#ifdef SYS_nfsservctl
		187	"nfsservctl,"
		188	#endif
		189	#ifdef SYS_get_kernel_syms
		190	"get_kernel_syms,"
		191	#endif
		192	#ifdef SYS_bpf
		193	"bpf,"
		194	#endif
		195	#ifdef SYS_clock_settime
		196	"clock_settime,"
		197	#endif
		198	#ifdef SYS_personality
		199	"personality,"
		200	#endif
		201	#ifdef SYS_process_vm_writev
		202	"process_vm_writev,"
		203	#endif
		204	#ifdef SYS_query_module
		205	"query_module,"
		206	#endif
		207	#ifdef SYS_settimeofday
		208	"settimeofday,"
		209	#endif
		210	#ifdef SYS_stime
		211	"stime,"
		212	#endif
		213	#ifdef SYS_umount
		214	"umount,"
		215	#endif
		216	#ifdef SYS_userfaultfd
		217	"userfaultfd,"
		218	#endif
		219	#ifdef SYS_ustat
		220	"ustat,"
		221	#endif
		222	#ifdef SYS_vm86
		223	"vm86,"
		224	#endif
		225	#ifdef SYS_vm86old
		226	"vm86old,"
		227	#endif
		228	#ifdef SYS_afs_syscall
		229	"afs_syscall,"
		230	#endif
		231	#ifdef SYS_bdflush
		232	"bdflush,"
		233	#endif
		234	#ifdef SYS_break
		235	"break,"
		236	#endif
		237	#ifdef SYS_ftime
		238	"ftime,"
		239	#endif
		240	#ifdef SYS_getpmsg
		241	"getpmsg,"
		242	#endif
		243	#ifdef SYS_gtty
		244	"gtty,"
		245	#endif
		246	#ifdef SYS_lock
		247	"lock,"
		248	#endif
		249	#ifdef SYS_mpx
		250	"mpx,"
		251	#endif
		252	#ifdef SYS_pciconfig_iobase
		253	"pciconfig_iobase,"
		254	#endif
		255	#ifdef SYS_pciconfig_read
		256	"pciconfig_read,"
		257	#endif
		258	#ifdef SYS_pciconfig_write
		259	"pciconfig_write,"
		260	#endif
		261	#ifdef SYS_prof
		262	"prof,"
		263	#endif
		264	#ifdef SYS_profil
		265	"profil,"
		266	#endif
		267	#ifdef SYS_putpmsg
		268	"putpmsg,"
		269	#endif
		270	#ifdef SYS_rtas
		271	"rtas,"
		272	#endif
		273	#ifdef SYS_s390_runtime_instr
		274	"s390_runtime_instr,"
		275	#endif
		276	#ifdef SYS_s390_mmio_read
		277	"s390_mmio_read,"
		278	#endif
		279	#ifdef SYS_s390_mmio_write
		280	"s390_mmio_write,"
		281	#endif
		282	#ifdef SYS_security
		283	"security,"
		284	#endif
		285	#ifdef SYS_setdomainname
		286	"setdomainname,"
		287	#endif
		288	#ifdef SYS_sethostname
		289	"sethostname,"
		290	#endif
		291	#ifdef SYS_sgetmask
		292	"sgetmask,"
		293	#endif
		294	#ifdef SYS_ssetmask
		295	"ssetmask,"
		296	#endif
		297	#ifdef SYS_stty
		298	"stty,"
		299	#endif
		300	#ifdef SYS_subpage_prot
		301	"subpage_prot,"
		302	#endif
		303	#ifdef SYS_switch_endian
		304	"switch_endian,"
		305	#endif
		306	#ifdef SYS_sys_debug_setcontext
		307	"sys_debug_setcontext,"
		308	#endif
		309	#ifdef SYS_ulimit
		310	"ulimit,"
		311	#endif
		312	#ifdef SYS_vhangup
		313	"vhangup,"
		314	#endif
		315	#ifdef SYS_vserver
		316	"vserver"
		317	#endif
		318	},
		319	{ .name = "@default-nodebuggers", .list =
		320	"@default,"
		321	#ifdef SYS_ptrace
		322	"ptrace,"
		323	#endif
		324	#ifdef SYS_process_vm_readv
		325	"process_vm_readv"
		326	#endif
		327	},
		328	{ .name = "@default-keep", .list =
		329	"dup,"
		330	"prctl,"
		331	"setgid,"
		332	"setgroups,"
		333	"setuid"
		334	}
		335	};
		336
38	// return -1 if error, or syscall number	337	// return -1 if error, or syscall number
39	int syscall_find_name(const char *name) {	338	static int syscall_find_name(const char *name) {
40	int i;	339	int i;
41	int elems = sizeof(syslist) / sizeof(syslist[0]);	340	int elems = sizeof(syslist) / sizeof(syslist[0]);
42	for (i = 0; i < elems; i++) {	341	for (i = 0; i < elems; i++) {
@@ -47,7 +346,7 @@ int syscall_find_name(const char *name) {
47	return -1;	346	return -1;
48	}	347	}
49		348
50	char *syscall_find_nr(int nr) {	349	const char *syscall_find_nr(int nr) {
51	int i;	350	int i;
52	int elems = sizeof(syslist) / sizeof(syslist[0]);	351	int elems = sizeof(syslist) / sizeof(syslist[0]);
53	for (i = 0; i < elems; i++) {	352	for (i = 0; i < elems; i++) {
@@ -67,6 +366,17 @@ void syscall_print(void) {
67	printf("\n");	366	printf("\n");
68	}	367	}
69		368
		369	static const char syscall_find_group(const char name) {
		370	int i;
		371	int elems = sizeof(sysgroups) / sizeof(sysgroups[0]);
		372	for (i = 0; i < elems; i++) {
		373	if (strcmp(name, sysgroups[i].name) == 0)
		374	return sysgroups[i].list;
		375	}
		376
		377	return NULL;
		378	}
		379
70	// allowed input:	380	// allowed input:
71	// - syscall	381	// - syscall
72	// - syscall(error)	382	// - syscall(error)
@@ -92,7 +402,10 @@ static void syscall_process_name(const char name, int syscall_nr, int *error_n
92	goto error;	402	goto error;
93	}	403	}
94		404
95	*syscall_nr = syscall_find_name(syscall_name);	405	if (*syscall_name == '$')
		406	*syscall_nr = strtol(syscall_name + 1, NULL, 0);
		407	else
		408	*syscall_nr = syscall_find_name(syscall_name);
96	if (error_name) {	409	if (error_name) {
97	*error_nr = errno_find_name(error_name);	410	*error_nr = errno_find_name(error_name);
98	if (*error_nr == -1)	411	if (*error_nr == -1)
@@ -120,7 +433,8 @@ int syscall_check_list(const char slist, void (callback)(int fd, int syscall,
120	if (!str)	433	if (!str)
121	errExit("strdup");	434	errExit("strdup");
122		435
123	char *ptr =strtok(str, ",");	436	char *saveptr;
		437	char *ptr = strtok_r(str, ",", &saveptr);
124	if (ptr == NULL) {	438	if (ptr == NULL) {
125	fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n");	439	fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n");
126	exit(1);	440	exit(1);
@@ -129,18 +443,28 @@ int syscall_check_list(const char slist, void (callback)(int fd, int syscall,
129	while (ptr) {	443	while (ptr) {
130	int syscall_nr;	444	int syscall_nr;
131	int error_nr;	445	int error_nr;
132	syscall_process_name(ptr, &syscall_nr, &error_nr);	446	if (*ptr == '@') {
133	if (syscall_nr == -1) {	447	const char *new_list = syscall_find_group(ptr);
134	if (!arg_quiet)	448	if (!new_list) {
135	fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr);	449	fprintf(stderr, "Error fseccomp: unknown syscall group %s\n", ptr);
		450	exit(1);
		451	}
		452	syscall_check_list(new_list, callback, fd, arg);
136	}	453	}
137	else if (callback != NULL) {	454	else {
138	if (error_nr != -1)	455	syscall_process_name(ptr, &syscall_nr, &error_nr);
139	filter_add_errno(fd, syscall_nr, error_nr);	456	if (syscall_nr == -1) {
140	else	457	if (!arg_quiet)
141	callback(fd, syscall_nr, arg);	458	fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr);
		459	}
		460	else if (callback != NULL) {
		461	if (error_nr != -1)
		462	filter_add_errno(fd, syscall_nr, error_nr);
		463	else
		464	callback(fd, syscall_nr, arg);
		465	}
142	}	466	}
143	ptr = strtok(NULL, ",");	467	ptr = strtok_r(NULL, ",", &saveptr);
144	}	468	}
145		469
146	free(str);	470	free(str);