seccomp: use lxc_log_get_level()

This will now enable LXD users to dump the seccomp filter in the log when logging at TRACE level. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc · Feb 8, 2021 · 5e651c8 · 5e651c8
1 parent 599086c
commit 5e651c8
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
@@ -1260,14 +1260,16 @@ int lxc_seccomp_load(struct lxc_conf *conf)
 /* After load seccomp filter into the kernel successfully, export the current seccomp
  * filter to log file */
 #if HAVE_SCMP_FILTER_CTX
-	if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE ||
-	     conf->loglevel <= LXC_LOG_LEVEL_TRACE) &&
-	     lxc_log_get_fd() >= 0) {
-		ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, lxc_log_fd);
-		/* Just give an warning when export error */
-		if (ret < 0) {
-			errno = -ret;
-			SYSWARN("Failed to export seccomp filter to log file");
+	if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) {
+		int fd_log;
+
+		fd_log = lxc_log_get_fd();
+		if (fd_log >= 0) {
+			ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, fd_log);
+			if (ret < 0) {
+				errno = -ret;
+				SYSWARN("Failed to export seccomp filter to log file");
+			}
 		}
 	}
 #endif