On 10/30, Kees Cook wrote: > > I'd like to avoid changing the return value of __secure_computing() to > just avoid having to touch all the callers. And I'd prefer not to > change __seccomp_filter() to a bool, since I'd like the return values > to be consistent through the call chain. Sure, please forget. > I find the existing code more readable than a single-line return, just > because it's very explicit. I don't want to have to think any harder > when reading seccomp. ;) Heh ;) Again, please forget, this is cosmetic. But I simply can't resist. I asked this question exactly because I was confused by these 2 lines: if (__seccomp_filter(this_syscall, NULL, true)) return -1; return 0; to me it looks as if we need to filter out some non-zero return values and turn them into -1. I had to spend some time (and think harder ;) to verify that this is just the recursive call and nothing more. nevermind, please ignore. Oleg.
