[CRIU] [PATCH] seccomp: define required constants (v2)
Andrey Vagin
avagin at openvz.org
Thu Jun 25 23:23:35 PDT 2015
seccomp was merged in 3.12, but criu should work on 3.11.
Installed kernel headers and a current kernel may have different version
and it's not good idea to compile seccomp code if PTRACE_O_TRACESECCOMP
is defined int sys/ptrace.h.
v2: fix all places
Cc: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
cr-dump.c | 2 +-
cr-restore.c | 2 +-
include/ptrace.h | 5 +++++
include/seccomp.h | 7 +++++++
proc_parse.c | 3 ++-
ptrace.c | 10 +---------
test/zdtm/live/static/seccomp_strict.c | 7 ++++++-
7 files changed, 23 insertions(+), 13 deletions(-)
create mode 100644 include/seccomp.h
diff --git a/cr-dump.c b/cr-dump.c
index 8936a64..ffcc3e3 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -19,7 +19,7 @@
#include <sched.h>
#include <sys/resource.h>
-#include <linux/seccomp.h>
+#include "seccomp.h"
#include "protobuf.h"
#include "protobuf/fdinfo.pb-c.h"
diff --git a/cr-restore.c b/cr-restore.c
index 45c746e..765388a 100644
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -24,7 +24,7 @@
#include <sys/sendfile.h>
-#include <linux/seccomp.h>
+#include "seccomp.h"
#include "ptrace.h"
#include "compiler.h"
diff --git a/include/ptrace.h b/include/ptrace.h
index 44b66c9..4d53b6c 100644
--- a/include/ptrace.h
+++ b/include/ptrace.h
@@ -65,6 +65,11 @@ struct ptrace_peeksiginfo_args {
#define PTRACE_O_TRACEVFORKDONE 0x00000020
#define PTRACE_O_TRACEEXIT 0x00000040
+#ifndef PTRACE_EVENT_SECCOMP
+#define PTRACE_EVENT_SECCOMP 7
+#define PTRACE_O_TRACESECCOMP (1 << PTRACE_EVENT_SECCOMP)
+#endif /* PTRACE_EVENT_SECCOMP */
+
#define SI_EVENT(_si_code) (((_si_code) & 0xFFFF) >> 8)
extern int seize_task(pid_t pid, pid_t ppid, struct proc_status_creds **creds);
diff --git a/include/seccomp.h b/include/seccomp.h
new file mode 100644
index 0000000..f46929b
--- /dev/null
+++ b/include/seccomp.h
@@ -0,0 +1,7 @@
+#ifndef __CR_SECCOMP_H__
+
+#define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */
+#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */
+#define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */
+
+#endif /* __CR_SECCOMP_H__ */
diff --git a/proc_parse.c b/proc_parse.c
index 168afcb..06c85c8 100644
--- a/proc_parse.c
+++ b/proc_parse.c
@@ -9,7 +9,6 @@
#include <string.h>
#include <ctype.h>
#include <linux/fs.h>
-#include <linux/seccomp.h>
#include "asm/types.h"
#include "list.h"
@@ -28,6 +27,8 @@
#include "proc_parse.h"
#include "cr_options.h"
#include "sysfs_parse.h"
+#include "seccomp.h"
+
#include "protobuf.h"
#include "protobuf/fdinfo.pb-c.h"
#include "protobuf/mnt.pb-c.h"
diff --git a/ptrace.c b/ptrace.c
index 4f9e66e..5bd5ea5 100644
--- a/ptrace.c
+++ b/ptrace.c
@@ -14,7 +14,7 @@
#include <sys/resource.h>
#include <sys/wait.h>
-#include <linux/seccomp.h>
+#include "seccomp.h"
#include "compiler.h"
#include "asm/types.h"
@@ -41,7 +41,6 @@ int unseize_task(pid_t pid, int orig_st, int st)
return ptrace(PTRACE_DETACH, pid, NULL, NULL);
}
-#ifdef CONFIG_HAS_SUSPEND_SECCOMP
int suspend_seccomp(pid_t pid)
{
if (ptrace(PTRACE_SETOPTIONS, pid, NULL, PTRACE_O_SUSPEND_SECCOMP) < 0) {
@@ -51,13 +50,6 @@ int suspend_seccomp(pid_t pid)
return 0;
}
-#else
-int suspend_seccomp(pid_t pid)
-{
- pr_err("seccomp enabled and seccomp suspending not supported\n");
- return -1;
-}
-#endif
/*
* This routine seizes task putting it into a special
diff --git a/test/zdtm/live/static/seccomp_strict.c b/test/zdtm/live/static/seccomp_strict.c
index 97db19b..bd9c39b 100644
--- a/test/zdtm/live/static/seccomp_strict.c
+++ b/test/zdtm/live/static/seccomp_strict.c
@@ -2,7 +2,6 @@
#include <stdbool.h>
#include <signal.h>
#include <sys/prctl.h>
-#include <linux/seccomp.h>
#include <linux/limits.h>
#include "zdtmtst.h"
@@ -41,6 +40,12 @@ int get_seccomp_mode(pid_t pid, bool after_checkpoint)
return -1;
}
+#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */
+
+#ifndef PR_SET_SECCOMP
+#define PR_SET_SECCOMP 22
+#endif
+
int main(int argc, char ** argv)
{
pid_t pid;
--
2.1.0
More information about the CRIU
mailing list