diff options
| author | Alice Frosi <afrosi@redhat.com> | 2023-08-31 15:41:41 +0200 |
|---|---|---|
| committer | Alice Frosi <afrosi@redhat.com> | 2023-08-31 15:41:41 +0200 |
| commit | 75738f0ac9cde3b1aaebd6d700cb9329a419555e (patch) | |
| tree | cc1dd6262bad0c126546b19d7a3465cc89831373 | |
| parent | 143e0d2118f9cd038a9d2f29abfe8179d05e7824 (diff) | |
| download | seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.tar seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.tar.gz seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.tar.bz2 seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.tar.lz seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.tar.xz seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.tar.zst seitan-75738f0ac9cde3b1aaebd6d700cb9329a419555e.zip | |
seitan: small fixes
Fixes:
- return an error message in do_clone instead of exit
- check if the type of context is out-of-bound
| -rw-r--r-- | common/util.h | 8 | ||||
| -rw-r--r-- | operations.c | 19 |
2 files changed, 18 insertions, 9 deletions
diff --git a/common/util.h b/common/util.h index 4b59e77..1367c0d 100644 --- a/common/util.h +++ b/common/util.h @@ -130,4 +130,12 @@ void debug(const char *format, ...); #define BITS_PER_NUM(n) (const_ilog2(n) + 1) #define N_SYSCALL 512 extern const char *syscall_name_str[N_SYSCALL + 1]; + +#define ret_clone_err(c, ...) \ + do { \ + c->err = -1; \ + err(__VA_ARGS__); \ + return -1; \ + } while (0) + #endif /* UTIL_H */ diff --git a/operations.c b/operations.c index 306d1ab..0121023 100644 --- a/operations.c +++ b/operations.c @@ -178,12 +178,13 @@ static int prepare_arg_clone(const struct seccomp_notif *req, struct gluten *g, return 0; } - for (dst = c->ns_path; cdesc->spec != CONTEXT_SPEC_NONE; cdesc++) { + for (dst = c->ns_path; cdesc->spec != CONTEXT_SPEC_NONE && cdesc->type < CONTEXT_TYPE_MAX; cdesc++) { enum context_spec_type spec = cdesc->spec; enum context_type type = cdesc->type; - debug(" op_call: adding context for %s, type: %s", - context_type_name[type], context_spec_type_name[spec]); + debug(" op_call: adding context for %s, type: %s %u, pid: %d", + context_type_name[type], context_spec_type_name[spec], type, + req->pid); if (spec == CONTEXT_SPEC_NONE) break; @@ -265,10 +266,10 @@ static int set_namespaces(struct arg_clone *c) for (path = c->ns_path; **path; *path++) { if ((fd = open(*path, O_CLOEXEC)) < 0) - ret_err(-1, "open for file %s", *path); + ret_err(-1, " failed opening %s", *path); if (setns(fd, 0) != 0) - ret_err(-1, "setns"); + ret_err(-1, " setns"); } return 0; } @@ -281,16 +282,16 @@ static int execute_syscall(void *args) * non-zero UID/GID to zero. */ if (c->uid && setuid(c->uid)) - exit(EXIT_FAILURE); + ret_clone_err(c, " failed setting uid"); if (c->gid && setgid(c->gid)) - exit(EXIT_FAILURE); + ret_clone_err(c, " failed setting gid"); if (*c->cwd && chdir(c->cwd) < 0) - exit(EXIT_FAILURE); + ret_clone_err(c, " failed setting current directory"); if (set_namespaces(c) < 0) - exit(EXIT_FAILURE); + ret_clone_err(c, " failed setting the namespace for the clone"); errno = 0; /* execute syscall */ |