From e44bee1026f83beec3f0aad64566fa9e6bfe6a04 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Fri, 23 Jul 2021 12:30:14 -0700
Subject: [PATCH] libct/seccomp: warn about unknown syscalls

Rather than silently ignoring unknown syscalls, print a warning.

While at it, fix imports ordering (stdlib, others, ours).

[v2: demote Warn to Debug]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 libcontainer/seccomp/seccomp_linux.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go
index fbbe8219782..0265062a28e 100644
--- a/libcontainer/seccomp/seccomp_linux.go
+++ b/libcontainer/seccomp/seccomp_linux.go
@@ -6,11 +6,12 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/seccomp/patchbpf"
-
 	libseccomp "github.com/seccomp/libseccomp-golang"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
+
+	"github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/opencontainers/runc/libcontainer/seccomp/patchbpf"
 )
 
 var (
@@ -151,10 +152,11 @@ func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall) error {
 		return errors.New("empty string is not a valid syscall")
 	}
 
-	// If we can't resolve the syscall, assume it's not supported on this kernel
-	// Ignore it, don't error out
+	// If we can't resolve the syscall, assume it is not supported
+	// by this kernel. Warn about it, don't error out.
 	callNum, err := libseccomp.GetSyscallFromName(call.Name)
 	if err != nil {
+		logrus.Debugf("unknown seccomp syscall %q ignored", call.Name)
 		return nil
 	}