From e9ec0cb5506b81f7f7c54e06a95dafac4acb38e3 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 9 Sep 2013 15:37:45 -0400
Subject: [PATCH] Do not try to add non-existent syscalls.

---
 src/common/sandbox.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index c6c93489c8..a5bc892973 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1187,10 +1187,12 @@ add_noparam_filter(scmp_filter_ctx ctx)
 
   // add general filters
   for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {
+    if (filter_nopar_gen[i] < 0)
+      continue;
     rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter_nopar_gen[i], 0);
     if (rc != 0) {
-      log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, "
-          "received libseccomp error %d", i, rc);
+      log_err(LD_BUG,"(Sandbox) failed to add syscall index %d (NR=%d), "
+          "received libseccomp error %d", i, filter_nopar_gen[i], rc);
       return rc;
     }
   }
-- 
GitLab