[CRIU] [PATCH 4/9] seccomp: Fetch seccomp flags if kernel provides
Dmitry Safonov
0x7f454c46 at gmail.com
Fri May 4 22:07:33 MSK 2018
> @@ -47,6 +54,7 @@ static struct seccomp_info *find_inherited(struct pstree_item *parent,
>
> static int collect_filter_for_pstree(struct pstree_item *item)
> {
> + struct seccomp_metadata meta_buf, *meta = &meta_buf;
> struct seccomp_info *infos = NULL, *cursor;
> int info_count, i, ret = -1;
> struct sock_filter buf[BPF_MAXINSNS];
> @@ -75,7 +83,29 @@ static int collect_filter_for_pstree(struct pstree_item *item)
> }
> }
>
> - inherited = find_inherited(item->parent, buf, len);
> + if (!meta)
> + meta = &meta_buf;
> +
> + meta->flags = 0;
> + meta->filter_off = i;
> +
> + if (ptrace(PTRACE_SECCOMP_GET_METADATA, item->pid->real, sizeof(meta), meta) < 0) {
Maybe sizeof(*meta), huh?
^
At this moment, if I see correctly in linux code - kernel will not write flags.
So, also a nit: meta->flags needs no initialization.
It would be cleaner with kdat feature..
But at least, can we do something:
if (meta && ptrace())?
It'll evaporate dirty lines with
if (!meta) meta = &meta_buf;
and will make it a bit faster on kernels without support even without kdat.
Thanks,
Dmitry
More information about the CRIU
mailing list