[CRIU] [PATCH] seccomp: define required constants

Thu Jun 25 16:33:09 PDT 2015

On Thu, Jun 25, 2015 at 10:42:55PM +0300, Andrey Vagin wrote:
> seccomp was merged in 3.12, but criu should work on 3.11.
> 
> Installed kernel headers and a current kernel may have different version
> and it's not good idea to compile seccomp code if PTRACE_O_TRACESECCOMP
> is defined int sys/ptrace.h.
> 
> Cc: Tycho Andersen <tycho.andersen at canonical.com>

Isn't there some in proc_parse that needs to be done too?
(SECCOMP_MODE_FILTER there).

Tycho

> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> ---
>  cr-dump.c         |  3 +--
>  include/ptrace.h  |  5 +++++
>  include/seccomp.h |  5 +++++
>  ptrace.c          | 10 +---------
>  4 files changed, 12 insertions(+), 11 deletions(-)
>  create mode 100644 include/seccomp.h
> 
> diff --git a/cr-dump.c b/cr-dump.c
> index 8936a64..9505f5e 100644
> --- a/cr-dump.c
> +++ b/cr-dump.c
> @@ -19,8 +19,6 @@
>  #include <sched.h>
>  #include <sys/resource.h>
>  
> -#include <linux/seccomp.h>
> -
>  #include "protobuf.h"
>  #include "protobuf/fdinfo.pb-c.h"
>  #include "protobuf/fs.pb-c.h"
> @@ -77,6 +75,7 @@
>  #include "aio.h"
>  #include "security.h"
>  #include "lsm.h"
> +#include "seccomp.h"
>  
>  #include "asm/dump.h"
>  
> diff --git a/include/ptrace.h b/include/ptrace.h
> index 44b66c9..4d53b6c 100644
> --- a/include/ptrace.h
> +++ b/include/ptrace.h
> @@ -65,6 +65,11 @@ struct ptrace_peeksiginfo_args {
>  #define PTRACE_O_TRACEVFORKDONE	0x00000020
>  #define PTRACE_O_TRACEEXIT	0x00000040
>  
> +#ifndef PTRACE_EVENT_SECCOMP
> +#define PTRACE_EVENT_SECCOMP	7
> +#define PTRACE_O_TRACESECCOMP	(1 << PTRACE_EVENT_SECCOMP)
> +#endif /* PTRACE_EVENT_SECCOMP */
> +
>  #define SI_EVENT(_si_code)	(((_si_code) & 0xFFFF) >> 8)
>  
>  extern int seize_task(pid_t pid, pid_t ppid, struct proc_status_creds **creds);
> diff --git a/include/seccomp.h b/include/seccomp.h
> new file mode 100644
> index 0000000..982392b
> --- /dev/null
> +++ b/include/seccomp.h
> @@ -0,0 +1,5 @@
> +#ifndef __CR_SECCOMP_H__
> +
> +#define SECCOMP_MODE_DISABLED	0 /* seccomp is not in use. */
> +
> +#endif /* __CR_SECCOMP_H__ */
> diff --git a/ptrace.c b/ptrace.c
> index 4f9e66e..5bd5ea5 100644
> --- a/ptrace.c
> +++ b/ptrace.c
> @@ -14,7 +14,7 @@
>  #include <sys/resource.h>
>  #include <sys/wait.h>
>  
> -#include <linux/seccomp.h>
> +#include "seccomp.h"
>  
>  #include "compiler.h"
>  #include "asm/types.h"
> @@ -41,7 +41,6 @@ int unseize_task(pid_t pid, int orig_st, int st)
>  	return ptrace(PTRACE_DETACH, pid, NULL, NULL);
>  }
>  
> -#ifdef CONFIG_HAS_SUSPEND_SECCOMP
>  int suspend_seccomp(pid_t pid)
>  {
>  	if (ptrace(PTRACE_SETOPTIONS, pid, NULL, PTRACE_O_SUSPEND_SECCOMP) < 0) {
> @@ -51,13 +50,6 @@ int suspend_seccomp(pid_t pid)
>  
>  	return 0;
>  }
> -#else
> -int suspend_seccomp(pid_t pid)
> -{
> -	pr_err("seccomp enabled and seccomp suspending not supported\n");
> -	return -1;
> -}
> -#endif
>  
>  /*
>   * This routine seizes task putting it into a special
> -- 
> 2.1.0
> 