From 262e6517dbc1c97ab31a27376aeba1af1fe3ca4a Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Wed, 5 Aug 2020 15:14:34 +0300
Subject: seccomp: logging

Allow `log` as an alternative seccomp error action instead of killing
or returning an errno code.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 src/fseccomp/main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/fseccomp')

diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 892a88e25..3b3c92b46 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -20,7 +20,7 @@
 #include "fseccomp.h"
 #include "../include/seccomp.h"
 int arg_quiet = 0;
-int arg_seccomp_error_action = EPERM; // error action: errno or kill
+int arg_seccomp_error_action = EPERM; // error action: errno, log or kill
 
 static void usage(void) {
 	printf("Usage:\n");
@@ -73,6 +73,8 @@ printf("\n");
 	if (error_action) {
 		if (strcmp(error_action, "kill") == 0)
 			arg_seccomp_error_action = SECCOMP_RET_KILL;
+		else if (strcmp(error_action, "log") == 0)
+			arg_seccomp_error_action = SECCOMP_RET_LOG;
 		else {
 			arg_seccomp_error_action = errno_find_name(error_action);
 			if (arg_seccomp_error_action == -1)
-- 
cgit v1.2.3-54-g00ecf