[CRIU] [PATCH 1/2] don't assume the kernel has CONFIG_SECCOMP
Tycho Andersen
tycho.andersen at canonical.com
Wed Jun 24 13:34:29 PDT 2015
linux/seccomp.h may not be available, and the seccomp mode might not be
listed in /proc/pid/status, so let's not assume those two things are
present.
I'm doing this by just #defining the various constants that we use from
linux/seccomp.h, although we could just always #define them as we do for
some ptrace constants, instead of including the header sometimes.
Reported-by: Mr. Jenkins
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
Makefile.config | 3 +++
cr-dump.c | 4 ++++
cr-restore.c | 4 ++++
proc_parse.c | 15 +++++++++++++--
ptrace.c | 4 ++++
scripts/feature-tests.mak | 11 +++++++++++
6 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/Makefile.config b/Makefile.config
index d2b5a3d..5cc6b77 100644
--- a/Makefile.config
+++ b/Makefile.config
@@ -35,6 +35,9 @@ endif
ifeq ($(call try-cc,$(PTRACE_PEEKSIGINFO_TEST),),y)
$(Q) @echo '#define CONFIG_HAS_PEEKSIGINFO_ARGS' >> $@
endif
+ifeq ($(call try-cc,$(SECCOMP_HEADER_TEST),),y)
+ $(Q) @echo '#define CONFIG_HAS_SECCOMP' >> $@
+endif
ifeq ($(call try-cc,$(PTRACE_SUSPEND_SECCOMP_TEST),),y)
$(Q) @echo '#define CONFIG_HAS_SUSPEND_SECCOMP' >> $@
endif
diff --git a/cr-dump.c b/cr-dump.c
index 8936a64..caad694 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -19,7 +19,11 @@
#include <sched.h>
#include <sys/resource.h>
+#ifdef CONFIG_HAS_SECCOMP
#include <linux/seccomp.h>
+#else
+#define SECCOMP_MODE_DISABLED 0
+#endif
#include "protobuf.h"
#include "protobuf/fdinfo.pb-c.h"
diff --git a/cr-restore.c b/cr-restore.c
index 45c746e..a516c09 100644
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -24,7 +24,11 @@
#include <sys/sendfile.h>
+#ifdef CONFIG_HAS_SECCOMP
#include <linux/seccomp.h>
+#else
+#define SECCOMP_MODE_DISABLED 0
+#endif
#include "ptrace.h"
#include "compiler.h"
diff --git a/proc_parse.c b/proc_parse.c
index 168afcb..3ef9729 100644
--- a/proc_parse.c
+++ b/proc_parse.c
@@ -9,7 +9,12 @@
#include <string.h>
#include <ctype.h>
#include <linux/fs.h>
+
+#ifdef CONFIG_HAS_SECCOMP
#include <linux/seccomp.h>
+#else
+#define SECCOMP_MODE_FILTER 2
+#endif
#include "asm/types.h"
#include "list.h"
@@ -780,7 +785,13 @@ int parse_pid_status(pid_t pid, struct proc_status_creds *cr)
if (bfdopenr(&f))
return -1;
- while (done < 9) {
+#ifdef CONFIG_HAS_SECCOMP
+#define THINGS_TO_PARSE 9
+#else
+#define THINGS_TO_PARSE 8
+#endif
+
+ while (done < THINGS_TO_PARSE) {
str = breadline(&f);
if (str == NULL)
break;
@@ -856,7 +867,7 @@ int parse_pid_status(pid_t pid, struct proc_status_creds *cr)
}
}
- if (done == 9)
+ if (done == THINGS_TO_PARSE)
ret = 0;
err_parse:
diff --git a/ptrace.c b/ptrace.c
index 4f9e66e..79a1013 100644
--- a/ptrace.c
+++ b/ptrace.c
@@ -14,7 +14,11 @@
#include <sys/resource.h>
#include <sys/wait.h>
+#ifdef CONFIG_HAS_SECCOMP
#include <linux/seccomp.h>
+#else
+#define SECCOMP_MODE_DISABLED 0
+#endif
#include "compiler.h"
#include "asm/types.h"
diff --git a/scripts/feature-tests.mak b/scripts/feature-tests.mak
index ec7972a..d9de0d4 100644
--- a/scripts/feature-tests.mak
+++ b/scripts/feature-tests.mak
@@ -103,3 +103,14 @@ int main(void)
}
endef
+
+define SECCOMP_HEADER_TEST
+
+#include <linux/seccomp.h>
+
+int main()
+{
+ return 0;
+}
+
+endef
--
2.1.4
More information about the CRIU
mailing list