[CRIU] [PATCH] criu: Fix compilation when seccomp mode filter is not supported
Tycho Andersen
tycho.andersen at canonical.com
Thu Nov 19 07:14:05 PST 2015
Hi Pavel,
On Thu, Nov 19, 2015 at 05:48:41PM +0300, Pavel Emelyanov wrote:
> I have two issues in my VM -- no SECCOMP_SET_MODE_FILTER in header
> and no linux/bpf.h header.
This patch is fine with me, or I can re-send the one I sent that
Cyrill asked about. One thing that has that this doesn't is a runtime
fix if seccomp doesn't exists. It doesn't have the bpf ifdef, though,
so some combination of both is needed. Let me know what you want.
Acked-by: Tycho Andersen <tycho.andersen at canonical.com>
> Signed-off-by: Pavel Emelyanov <xemul at parallels.com>
> ---
> cr-check.c | 7 +++++++
> pie/restorer.c | 5 +++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/cr-check.c b/cr-check.c
> index 8669576..5ee98c4 100644
> --- a/cr-check.c
> +++ b/cr-check.c
> @@ -13,7 +13,9 @@
> #include <signal.h>
> #include <linux/if.h>
> #include <linux/filter.h>
> +#ifdef SECCOMP_MODE_FILTER
> #include <linux/bpf.h>
> +#endif
> #include <linux/seccomp.h>
> #include <sys/syscall.h>
> #include <sys/ioctl.h>
> @@ -646,6 +648,7 @@ static int check_ptrace_suspend_seccomp(void)
>
> static int setup_seccomp_filter(void)
> {
> +#ifdef SECCOMP_MODE_FILTER
> struct sock_filter filter[] = {
> BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),
> /* Allow all syscalls except ptrace */
> @@ -663,6 +666,10 @@ static int setup_seccomp_filter(void)
> return -1;
>
> return 0;
> +#else
> + pr_err("Can't check seccomp filter support");
> + return -1;
> +#endif
> }
>
> static int check_ptrace_dump_seccomp_filters(void)
> diff --git a/pie/restorer.c b/pie/restorer.c
> index 4665c5d..02173f0 100644
> --- a/pie/restorer.c
> +++ b/pie/restorer.c
> @@ -41,6 +41,11 @@
> #define PR_SET_PDEATHSIG 1
> #endif
>
> +#ifndef SECCOMP_SET_MODE_FILTER
> +#define SECCOMP_SET_MODE_FILTER 1
> +#define SECCOMP_FILTER_FLAG_TSYNC 1
> +#endif
> +
> #define sys_prctl_safe(opcode, val1, val2, val3) \
> ({ \
> long __ret = sys_prctl(opcode, val1, val2, val3, 0); \
> --
> 1.9.3
>
More information about the CRIU
mailing list