Merge pull request #550 from smcv/seccomp-einval-hint

Attempt to clarify error message for missing CONFIG_SECCOMP_FILTER
2023-02-17 09:30:19 +00:00
parent 41fd02ad14 2f873fa8ae
commit a319fd5dc3
1 changed files with 9 additions and 1 deletions
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -288,7 +288,15 @@ seccomp_programs_apply (void)
  for (program = seccomp_programs; program != NULL; program = program->next)
    {
      if (prctl (PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &program->program) != 0)
-        die_with_error ("prctl(PR_SET_SECCOMP)");
+        {
+          if (errno == EINVAL)
+            die ("Unable to set up system call filtering as requested: "
+                 "prctl(PR_SET_SECCOMP) reported EINVAL. "
+                 "(Hint: this requires a kernel configured with "
+                 "CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER.)");
+
+          die_with_error ("prctl(PR_SET_SECCOMP)");
+        }
    }
 }