[CRIU] [PATCH 1/2] don't assume the kernel has CONFIG_SECCOMP

Pavel Emelyanov xemul at parallels.com
Thu Jun 25 04:13:49 PDT 2015


On 06/24/2015 11:34 PM, Tycho Andersen wrote:
> linux/seccomp.h may not be available, and the seccomp mode might not be
> listed in /proc/pid/status, so let's not assume those two things are
> present.
> 
> I'm doing this by just #defining the various constants that we use from
> linux/seccomp.h, although we could just always #define them as we do for
> some ptrace constants, instead of including the header sometimes.

If all we need from seccomp.h is those SECCOMP_MODE-s then I think the
easiest way would be providing them our own. All the more so we have
them in pie/restorer.c already.

And one more thing:

> diff --git a/proc_parse.c b/proc_parse.c
> index 168afcb..3ef9729 100644
> --- a/proc_parse.c
> +++ b/proc_parse.c
> @@ -780,7 +785,13 @@ int parse_pid_status(pid_t pid, struct proc_status_creds *cr)
>  	if (bfdopenr(&f))
>  		return -1;
>  
> -	while (done < 9) {
> +#ifdef CONFIG_HAS_SECCOMP
> +#define THINGS_TO_PARSE 9
> +#else
> +#define THINGS_TO_PARSE 8
> +#endif

Why is this required? If criu finds seccomp mark in /proc, then shouldn't
it properly parse one?

> +
> +	while (done < THINGS_TO_PARSE) {
>  		str = breadline(&f);
>  		if (str == NULL)
>  			break;

-- Pavel


More information about the CRIU mailing list