Check negative value in GetSyscallFromName

[foreverpersist]

GetSyscallFromName in seccomp.go may returns negative syscall nr without error. It is not reasonable since syscall can not be negative.

Test case:

[[Code]]
	callNum, err := libseccomp.GetSyscallFromName(call.Name)
	if err != nil {
		logrus.Debugf("unknown seccomp syscall %q ignored", call.Name)
		return nil
	}
	if callNum < 0 {
		fmt.Println("In Seccomp, invalid call", call, callNum, uint32(callNum))
	}

[[Output]]
In Seccomp, invalid call &{timer_settime64 4 <nil> []} -10237 4294957059

Fix:

From ca9418a3e0b73a4f317225ad90c47f095ad6feb6 Mon Sep 17 00:00:00 2001
From: Joy Allen <persisttao@gmail.com>
Date: Tue, 5 Dec 2023 15:57:01 +0800
Subject: [PATCH] Consider negative syscall nr as NotExist error

C libseccomp may return negative pseudo syscall nr. In this case,
the syscall does not exist.

Signed-off-by: Joy Allen <persisttao@gmail.com>
---
 seccomp.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/seccomp.go b/seccomp.go
index b707c43..54b6aac 100644
--- a/seccomp.go
+++ b/seccomp.go
@@ -495,7 +495,9 @@ func GetSyscallFromName(name string) (ScmpSyscall, error) {
        defer C.free(unsafe.Pointer(cString))
 
        result := C.seccomp_syscall_resolve_name(cString)
-       if result == scmpError {
+       // C libseccomp may return negative pseudo syscall nr on NotExist.
+       // Just checking scmpError is not sufficient here
+       if result < 0 {
                return 0, ErrSyscallDoesNotExist
        }
 
-- 
2.25.1