Closed kolyshkin closed 2 years ago
Thanks @kolyshkin.
I'm still wondering if we are better off returning -EACCES in this case or changing it to -EEXIST, but I guess sticking with -EACCES is probably for the best as that is what we have done starting with v2.5.x and the beginning of our "API promise".
My next question is if we want to be a specific as this patch when explaining the reason for the error code, "The action argument equals the default action of the filter" is pretty specific. Perhaps consider changing it to: "The rule conflicts with the default filter settings"?
Thoughts?
My next question is if we want to be a specific as this patch when explaining the reason for the error code, "The action argument equals the default action of the filter" is pretty specific. Perhaps consider changing it to: "The rule conflicts with the default filter settings"?
Thoughts?
What about something like "The rule conflicts with the filter (for example, the rule action equals the default action of the filter)"? This way we are specific (and clear) but still leave room for other similar errors.
My next question is if we want to be a specific as this patch when explaining the reason for the error code, "The action argument equals the default action of the filter" is pretty specific. Perhaps consider changing it to: "The rule conflicts with the default filter settings"? Thoughts?
What about something like "The rule conflicts with the filter (for example, the rule action equals the default action of the filter)"? This way we are specific (and clear) but still leave room for other similar errors.
I'm fine with either of these.
Updated to
-EACCCES
The rule conflicts with the filter (for example, the rule action
equals the default action of the filter).
and fix a typesetting error I made earlier (missing .TP
).
Since @drakenclimber is okay with either approach I went ahead and merged this via 50da6c1c61c1237cc3af2240b294af66de505018, thanks @kolyshkin!
Ported to the release-2.5 branch via 5535f144901267ae768a17969b989e2edee7b0a2.
The
-EACCES
return value fromseccomp_rule_add
and friends was added by commit 83989be02 (included into 2.5.0), which tells that this is "part of our ... API promise", so it needs to be documented accordingly. Add it.The discussion leading to this PR is in https://github.com/seccomp/libseccomp-golang/pull/74, however we did not came to the agreement whether
-EACCES
is the best choice.Fixes: 83989be02