From 6963d5032b51739ad953064da035d1a74c61f7cb Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 28 Oct 2020 01:39:34 +0000
Subject: [PATCH] jail: relax seccomp unknown syscall handling

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 jail/seccomp-oci.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/jail/seccomp-oci.c b/jail/seccomp-oci.c
index 06fa2d1..bc9a491 100644
--- a/jail/seccomp-oci.c
+++ b/jail/seccomp-oci.c
@@ -221,7 +221,8 @@ struct sock_fprog *parseOCIlinuxseccomp(struct blob_attr *msg)
 			sc = find_syscall(blobmsg_get_string(curn));
 			if (sc == -1) {
 				ERROR("unknown syscall '%s'\n", blobmsg_get_string(curn));
-				goto errout1;
+				/* TODO: support run.oci.seccomp_fail_unknown_syscall=1 annotation */
+				continue;
 			}
 
 			/* add rule to filter */
-- 
2.30.2