From 81a1dd046fae0abf5fc27ce0f86269f940319721 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Barnab=C3=A1s=20P=C5=91cze?= <pobrn@protonmail.com>
Date: Thu, 7 Nov 2024 23:04:11 +0100
Subject: [PATCH] linux/seccomp_filter: accept pseudo syscall numbers

If the given architecture does not have the given system call,
then a negative pseudo system call number is returned. This is
not an error, and can be passed to other libseccomp functions.

In the case of an unknown syscall name the constant
`__NR_SCMP_ERROR` is returned, so check for that.

For example, aarch64 does not have a separate `chmod()` system call,
so task-maker-rust was not really usable because pseudo system call
numbers were rejected.
---
 src/linux/seccomp_filter.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/linux/seccomp_filter.rs b/src/linux/seccomp_filter.rs
index 458d925..7c78f8b 100644
--- a/src/linux/seccomp_filter.rs
+++ b/src/linux/seccomp_filter.rs
@@ -44,8 +44,11 @@ impl SeccompFilter {
         let syscall_name = CString::new(name).unwrap();
         let syscall_num =
             unsafe { seccomp_sys::seccomp_syscall_resolve_name(syscall_name.as_ptr()) };
-        if syscall_num < 0 {
-            bail!("Error calling seccomp_syscall_resolve_name: {}", strerror());
+        if syscall_num == seccomp_sys::__NR_SCMP_ERROR {
+            bail!(
+                "Error calling seccomp_syscall_resolve_name: unknown system call: {}",
+                name
+            );
         }
         if unsafe {
             seccomp_sys::seccomp_rule_add(self.ctx, action.to_seccomp_param(), syscall_num, 0)