[CRIU] [PATCH] seccomp: define required constants

Andrey Vagin avagin at openvz.org
Thu Jun 25 12:42:55 PDT 2015


seccomp was merged in 3.12, but criu should work on 3.11.

Installed kernel headers and a current kernel may have different version
and it's not good idea to compile seccomp code if PTRACE_O_TRACESECCOMP
is defined int sys/ptrace.h.

Cc: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 cr-dump.c         |  3 +--
 include/ptrace.h  |  5 +++++
 include/seccomp.h |  5 +++++
 ptrace.c          | 10 +---------
 4 files changed, 12 insertions(+), 11 deletions(-)
 create mode 100644 include/seccomp.h

diff --git a/cr-dump.c b/cr-dump.c
index 8936a64..9505f5e 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -19,8 +19,6 @@
 #include <sched.h>
 #include <sys/resource.h>
 
-#include <linux/seccomp.h>
-
 #include "protobuf.h"
 #include "protobuf/fdinfo.pb-c.h"
 #include "protobuf/fs.pb-c.h"
@@ -77,6 +75,7 @@
 #include "aio.h"
 #include "security.h"
 #include "lsm.h"
+#include "seccomp.h"
 
 #include "asm/dump.h"
 
diff --git a/include/ptrace.h b/include/ptrace.h
index 44b66c9..4d53b6c 100644
--- a/include/ptrace.h
+++ b/include/ptrace.h
@@ -65,6 +65,11 @@ struct ptrace_peeksiginfo_args {
 #define PTRACE_O_TRACEVFORKDONE	0x00000020
 #define PTRACE_O_TRACEEXIT	0x00000040
 
+#ifndef PTRACE_EVENT_SECCOMP
+#define PTRACE_EVENT_SECCOMP	7
+#define PTRACE_O_TRACESECCOMP	(1 << PTRACE_EVENT_SECCOMP)
+#endif /* PTRACE_EVENT_SECCOMP */
+
 #define SI_EVENT(_si_code)	(((_si_code) & 0xFFFF) >> 8)
 
 extern int seize_task(pid_t pid, pid_t ppid, struct proc_status_creds **creds);
diff --git a/include/seccomp.h b/include/seccomp.h
new file mode 100644
index 0000000..982392b
--- /dev/null
+++ b/include/seccomp.h
@@ -0,0 +1,5 @@
+#ifndef __CR_SECCOMP_H__
+
+#define SECCOMP_MODE_DISABLED	0 /* seccomp is not in use. */
+
+#endif /* __CR_SECCOMP_H__ */
diff --git a/ptrace.c b/ptrace.c
index 4f9e66e..5bd5ea5 100644
--- a/ptrace.c
+++ b/ptrace.c
@@ -14,7 +14,7 @@
 #include <sys/resource.h>
 #include <sys/wait.h>
 
-#include <linux/seccomp.h>
+#include "seccomp.h"
 
 #include "compiler.h"
 #include "asm/types.h"
@@ -41,7 +41,6 @@ int unseize_task(pid_t pid, int orig_st, int st)
 	return ptrace(PTRACE_DETACH, pid, NULL, NULL);
 }
 
-#ifdef CONFIG_HAS_SUSPEND_SECCOMP
 int suspend_seccomp(pid_t pid)
 {
 	if (ptrace(PTRACE_SETOPTIONS, pid, NULL, PTRACE_O_SUSPEND_SECCOMP) < 0) {
@@ -51,13 +50,6 @@ int suspend_seccomp(pid_t pid)
 
 	return 0;
 }
-#else
-int suspend_seccomp(pid_t pid)
-{
-	pr_err("seccomp enabled and seccomp suspending not supported\n");
-	return -1;
-}
-#endif
 
 /*
  * This routine seizes task putting it into a special
-- 
2.1.0



More information about the CRIU mailing list