[CRIU] [PATCH] seccomp: define required constants (v2)

Andrey Vagin avagin at openvz.org
Fri Jun 26 10:31:26 PDT 2015 

2015-06-26 18:18 GMT+03:00 Tycho Andersen <tycho.andersen at canonical.com>:
> On Fri, Jun 26, 2015 at 09:23:35AM +0300, Andrey Vagin wrote:
>> seccomp was merged in 3.12, but criu should work on 3.11.
>>
>> Installed kernel headers and a current kernel may have different version
>> and it's not good idea to compile seccomp code if PTRACE_O_TRACESECCOMP
>> is defined int sys/ptrace.h.
>>
>> v2: fix all places
>>
>> Cc: Tycho Andersen <tycho.andersen at canonical.com>
>
> Ok, I think this basically overlaps with my patch (although I still
> think you need something about parsing /proc/pid/status). Anyway,
> either works for me.

Hi Tycho,

I've not known that you sent a patch too. Sorry for this. I have a bad
internet connection here, so I can't read the criu mail list. If this
patch does the same, we can drop this one. If you want, you can send
me your patch to avagin at gmail.com and I will review it.

Thanks,
Andrew.

>
> Tycho
>
>> Signed-off-by: Andrey Vagin <avagin at openvz.org>
>> ---
>>  cr-dump.c                              |  2 +-
>>  cr-restore.c                           |  2 +-
>>  include/ptrace.h                       |  5 +++++
>>  include/seccomp.h                      |  7 +++++++
>>  proc_parse.c                           |  3 ++-
>>  ptrace.c                               | 10 +---------
>>  test/zdtm/live/static/seccomp_strict.c |  7 ++++++-
>>  7 files changed, 23 insertions(+), 13 deletions(-)
>>  create mode 100644 include/seccomp.h
>>
>> diff --git a/cr-dump.c b/cr-dump.c
>> index 8936a64..ffcc3e3 100644
>> --- a/cr-dump.c
>> +++ b/cr-dump.c
>> @@ -19,7 +19,7 @@
>>  #include <sched.h>
>>  #include <sys/resource.h>
>>
>> -#include <linux/seccomp.h>
>> +#include "seccomp.h"
>>
>>  #include "protobuf.h"
>>  #include "protobuf/fdinfo.pb-c.h"
>> diff --git a/cr-restore.c b/cr-restore.c
>> index 45c746e..765388a 100644
>> --- a/cr-restore.c
>> +++ b/cr-restore.c
>> @@ -24,7 +24,7 @@
>>
>>  #include <sys/sendfile.h>
>>
>> -#include <linux/seccomp.h>
>> +#include "seccomp.h"
>>
>>  #include "ptrace.h"
>>  #include "compiler.h"
>> diff --git a/include/ptrace.h b/include/ptrace.h
>> index 44b66c9..4d53b6c 100644
>> --- a/include/ptrace.h
>> +++ b/include/ptrace.h
>> @@ -65,6 +65,11 @@ struct ptrace_peeksiginfo_args {
>>  #define PTRACE_O_TRACEVFORKDONE      0x00000020
>>  #define PTRACE_O_TRACEEXIT   0x00000040
>>
>> +#ifndef PTRACE_EVENT_SECCOMP
>> +#define PTRACE_EVENT_SECCOMP 7
>> +#define PTRACE_O_TRACESECCOMP        (1 << PTRACE_EVENT_SECCOMP)
>> +#endif /* PTRACE_EVENT_SECCOMP */
>> +
>>  #define SI_EVENT(_si_code)   (((_si_code) & 0xFFFF) >> 8)
>>
>>  extern int seize_task(pid_t pid, pid_t ppid, struct proc_status_creds **creds);
>> diff --git a/include/seccomp.h b/include/seccomp.h
>> new file mode 100644
>> index 0000000..f46929b
>> --- /dev/null
>> +++ b/include/seccomp.h
>> @@ -0,0 +1,7 @@
>> +#ifndef __CR_SECCOMP_H__
>> +
>> +#define SECCOMP_MODE_DISABLED        0 /* seccomp is not in use. */
>> +#define SECCOMP_MODE_STRICT     1 /* uses hard-coded filter. */
>> +#define SECCOMP_MODE_FILTER     2 /* uses user-supplied filter. */
>> +
>> +#endif /* __CR_SECCOMP_H__ */
>> diff --git a/proc_parse.c b/proc_parse.c
>> index 168afcb..06c85c8 100644
>> --- a/proc_parse.c
>> +++ b/proc_parse.c
>> @@ -9,7 +9,6 @@
>>  #include <string.h>
>>  #include <ctype.h>
>>  #include <linux/fs.h>
>> -#include <linux/seccomp.h>
>>
>>  #include "asm/types.h"
>>  #include "list.h"
>> @@ -28,6 +27,8 @@
>>  #include "proc_parse.h"
>>  #include "cr_options.h"
>>  #include "sysfs_parse.h"
>> +#include "seccomp.h"
>> +
>>  #include "protobuf.h"
>>  #include "protobuf/fdinfo.pb-c.h"
>>  #include "protobuf/mnt.pb-c.h"
>> diff --git a/ptrace.c b/ptrace.c
>> index 4f9e66e..5bd5ea5 100644
>> --- a/ptrace.c
>> +++ b/ptrace.c
>> @@ -14,7 +14,7 @@
>>  #include <sys/resource.h>
>>  #include <sys/wait.h>
>>
>> -#include <linux/seccomp.h>
>> +#include "seccomp.h"
>>
>>  #include "compiler.h"
>>  #include "asm/types.h"
>> @@ -41,7 +41,6 @@ int unseize_task(pid_t pid, int orig_st, int st)
>>       return ptrace(PTRACE_DETACH, pid, NULL, NULL);
>>  }
>>
>> -#ifdef CONFIG_HAS_SUSPEND_SECCOMP
>>  int suspend_seccomp(pid_t pid)
>>  {
>>       if (ptrace(PTRACE_SETOPTIONS, pid, NULL, PTRACE_O_SUSPEND_SECCOMP) < 0) {
>> @@ -51,13 +50,6 @@ int suspend_seccomp(pid_t pid)
>>
>>       return 0;
>>  }
>> -#else
>> -int suspend_seccomp(pid_t pid)
>> -{
>> -     pr_err("seccomp enabled and seccomp suspending not supported\n");
>> -     return -1;
>> -}
>> -#endif
>>
>>  /*
>>   * This routine seizes task putting it into a special
>> diff --git a/test/zdtm/live/static/seccomp_strict.c b/test/zdtm/live/static/seccomp_strict.c
>> index 97db19b..bd9c39b 100644
>> --- a/test/zdtm/live/static/seccomp_strict.c
>> +++ b/test/zdtm/live/static/seccomp_strict.c
>> @@ -2,7 +2,6 @@
>>  #include <stdbool.h>
>>  #include <signal.h>
>>  #include <sys/prctl.h>
>> -#include <linux/seccomp.h>
>>  #include <linux/limits.h>
>>  #include "zdtmtst.h"
>>
>> @@ -41,6 +40,12 @@ int get_seccomp_mode(pid_t pid, bool after_checkpoint)
>>       return -1;
>>  }
>>
>> +#define SECCOMP_MODE_STRICT     1 /* uses hard-coded filter. */
>> +
>> +#ifndef PR_SET_SECCOMP
>> +#define PR_SET_SECCOMP  22
>> +#endif
>> +
>>  int main(int argc, char ** argv)
>>  {
>>       pid_t pid;
>> --
>> 2.1.0
>>

More information about the CRIU mailing list