[CRIU] [PATCH] criu: Fix compilation when seccomp mode filter is not supported
Pavel Emelyanov
xemul at parallels.com
Thu Nov 19 06:48:41 PST 2015
I have two issues in my VM -- no SECCOMP_SET_MODE_FILTER in header
and no linux/bpf.h header.
Signed-off-by: Pavel Emelyanov <xemul at parallels.com>
---
cr-check.c | 7 +++++++
pie/restorer.c | 5 +++++
2 files changed, 12 insertions(+)
diff --git a/cr-check.c b/cr-check.c
index 8669576..5ee98c4 100644
--- a/cr-check.c
+++ b/cr-check.c
@@ -13,7 +13,9 @@
#include <signal.h>
#include <linux/if.h>
#include <linux/filter.h>
+#ifdef SECCOMP_MODE_FILTER
#include <linux/bpf.h>
+#endif
#include <linux/seccomp.h>
#include <sys/syscall.h>
#include <sys/ioctl.h>
@@ -646,6 +648,7 @@ static int check_ptrace_suspend_seccomp(void)
static int setup_seccomp_filter(void)
{
+#ifdef SECCOMP_MODE_FILTER
struct sock_filter filter[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),
/* Allow all syscalls except ptrace */
@@ -663,6 +666,10 @@ static int setup_seccomp_filter(void)
return -1;
return 0;
+#else
+ pr_err("Can't check seccomp filter support");
+ return -1;
+#endif
}
static int check_ptrace_dump_seccomp_filters(void)
diff --git a/pie/restorer.c b/pie/restorer.c
index 4665c5d..02173f0 100644
--- a/pie/restorer.c
+++ b/pie/restorer.c
@@ -41,6 +41,11 @@
#define PR_SET_PDEATHSIG 1
#endif
+#ifndef SECCOMP_SET_MODE_FILTER
+#define SECCOMP_SET_MODE_FILTER 1
+#define SECCOMP_FILTER_FLAG_TSYNC 1
+#endif
+
#define sys_prctl_safe(opcode, val1, val2, val3) \
({ \
long __ret = sys_prctl(opcode, val1, val2, val3, 0); \
--
1.9.3
More information about the CRIU
mailing list