[CRIU] [PATCH 1/2] don't assume the kernel has CONFIG_SECCOMP

Thu Jun 25 22:34:02 PDT 2015

linux/seccomp.h may not be available, and the seccomp mode might not be
listed in /proc/pid/status, so let's not assume those two things are
present.

v2: add a seccomp.h with all the constants we use from linux/seccomp.h

Reported-by: Mr. Jenkins
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
 cr-dump.c         |  3 +--
 cr-restore.c      |  3 +--
 include/seccomp.h | 16 ++++++++++++++++
 pie/restorer.c    | 13 +------------
 proc_parse.c      |  4 ++--
 ptrace.c          |  3 +--
 6 files changed, 22 insertions(+), 20 deletions(-)
 create mode 100644 include/seccomp.h

diff --git a/cr-dump.c b/cr-dump.c
index 8936a64..9505f5e 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -19,8 +19,6 @@
 #include <sched.h>
 #include <sys/resource.h>
 
-#include <linux/seccomp.h>
-
 #include "protobuf.h"
 #include "protobuf/fdinfo.pb-c.h"
 #include "protobuf/fs.pb-c.h"
@@ -77,6 +75,7 @@
 #include "aio.h"
 #include "security.h"
 #include "lsm.h"
+#include "seccomp.h"
 
 #include "asm/dump.h"
 
diff --git a/cr-restore.c b/cr-restore.c
index 45c746e..7439a05 100644
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -24,8 +24,6 @@
 
 #include <sys/sendfile.h>
 
-#include <linux/seccomp.h>
-
 #include "ptrace.h"
 #include "compiler.h"
 #include "asm/types.h"
@@ -77,6 +75,7 @@
 #include "aio.h"
 #include "security.h"
 #include "lsm.h"
+#include "seccomp.h"
 
 #include "parasite-syscall.h"
 
diff --git a/include/seccomp.h b/include/seccomp.h
new file mode 100644
index 0000000..017dcd4
--- /dev/null
+++ b/include/seccomp.h
@@ -0,0 +1,16 @@
+#ifndef __CR_SECCOMP_H__
+#define __CR_SECCOMP_H__
+
+#ifndef SECCOMP_MODE_DISABLED
+#define SECCOMP_MODE_DISABLED 0
+#endif
+
+#ifndef SECCOMP_MODE_STRICT
+#define SECCOMP_MODE_STRICT 1
+#endif
+
+#ifndef SECCOMP_MODE_FILTER
+#define SECCOMP_MODE_FILTER 2
+#endif
+
+#endif
diff --git a/pie/restorer.c b/pie/restorer.c
index 4150b49..8c6b421 100644
--- a/pie/restorer.c
+++ b/pie/restorer.c
@@ -30,6 +30,7 @@
 #include "lock.h"
 #include "restorer.h"
 #include "aio.h"
+#include "seccomp.h"
 
 #include "protobuf/creds.pb-c.h"
 #include "protobuf/mm.pb-c.h"
@@ -40,18 +41,6 @@
 #define PR_SET_PDEATHSIG 1
 #endif
 
-#ifndef SECCOMP_MODE_DISABLED
-#define SECCOMP_MODE_DISABLED 0
-#endif
-
-#ifndef SECCOMP_MODE_STRICT
-#define SECCOMP_MODE_STRICT 1
-#endif
-
-#ifndef SECCOMP_MODE_FILTER
-#define SECCOMP_MODE_FILTER 2
-#endif
-
 #define sys_prctl_safe(opcode, val1, val2, val3)			\
 	({								\
 		long __ret = sys_prctl(opcode, val1, val2, val3, 0);	\
diff --git a/proc_parse.c b/proc_parse.c
index 168afcb..e940fc1 100644
--- a/proc_parse.c
+++ b/proc_parse.c
@@ -9,7 +9,6 @@
 #include <string.h>
 #include <ctype.h>
 #include <linux/fs.h>
-#include <linux/seccomp.h>
 
 #include "asm/types.h"
 #include "list.h"
@@ -28,6 +27,7 @@
 #include "proc_parse.h"
 #include "cr_options.h"
 #include "sysfs_parse.h"
+#include "seccomp.h"
 #include "protobuf.h"
 #include "protobuf/fdinfo.pb-c.h"
 #include "protobuf/mnt.pb-c.h"
@@ -856,7 +856,7 @@ int parse_pid_status(pid_t pid, struct proc_status_creds *cr)
 		}
 	}
 
-	if (done == 9)
+	if (done >= 8)
 		ret = 0;
 
 err_parse:
diff --git a/ptrace.c b/ptrace.c
index 4f9e66e..3dfa4c6 100644
--- a/ptrace.c
+++ b/ptrace.c
@@ -14,8 +14,6 @@
 #include <sys/resource.h>
 #include <sys/wait.h>
 
-#include <linux/seccomp.h>
-
 #include "compiler.h"
 #include "asm/types.h"
 #include "util.h"
@@ -23,6 +21,7 @@
 #include "proc_parse.h"
 #include "crtools.h"
 #include "security.h"
+#include "seccomp.h"
 
 int unseize_task(pid_t pid, int orig_st, int st)
 {
-- 
2.1.4

