diff options
author | Alice Frosi <afrosi@redhat.com> | 2023-01-16 09:28:06 +0100 |
---|---|---|
committer | Alice Frosi <afrosi@redhat.com> | 2023-01-17 13:05:41 +0100 |
commit | bad10920fe6c8bb443a8640e2534aa27dabd80b1 (patch) | |
tree | 207ea096d1262ce0f2837c63ab8c5a81c276a4de | |
parent | 6dd9d3294a3099dbf570186cf2b34a1f89a9ce1f (diff) | |
download | seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.gz seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.bz2 seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.lz seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.xz seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.zst seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.zip |
seitan: replace ioctl with epoll
Repeatedly listen for seccomp notification events using epoll.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
-rw-r--r-- | seitan.c | 55 |
1 files changed, 41 insertions, 14 deletions
@@ -14,6 +14,7 @@ #include <stddef.h> #include <stdlib.h> #include <string.h> +#include <stdbool.h> #include <fcntl.h> #include <unistd.h> #include <limits.h> @@ -23,6 +24,7 @@ #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/un.h> +#include <sys/epoll.h> #include <argp.h> #include <linux/netlink.h> #include <linux/connector.h> @@ -32,6 +34,8 @@ #include <linux/filter.h> #include <linux/seccomp.h> +#define EPOLL_EVENTS 8 + static char doc[] = "Usage: seitan: setain -pid <pid> -i <input file> "; /* Seitan options */ @@ -209,12 +213,16 @@ int handle(struct seccomp_notif *req, int notifyfd) int main(int argc, char **argv) { + int s = nl_init(), ret, pidfd, notifier; char resp_b[BUFSIZ], req_b[BUFSIZ]; + struct epoll_event ev, events[EPOLL_EVENTS]; struct seccomp_notif_resp *resp = (struct seccomp_notif_resp *)resp_b; struct seccomp_notif *req = (struct seccomp_notif *)req_b; struct arguments arguments; - int fd; + bool running = true; + int fd, epollfd; + int nevents,i; arguments.pid = -1; argp_parse(&argp, argc, argv, 0, 0, &arguments); @@ -234,7 +242,6 @@ int main(int argc, char **argv) perror("pidfd_open"); exit(EXIT_FAILURE); } - sleep(1); if ((notifier = syscall(SYS_pidfd_getfd, pidfd, 3, 0)) < 0) { @@ -242,21 +249,41 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - while (1) { + if ((epollfd = epoll_create1(0)) < 0) { + perror("epoll_create"); + exit(EXIT_FAILURE); + } + ev.events = EPOLLIN; + ev.data.fd = notifier; + if (epoll_ctl(epollfd, EPOLL_CTL_ADD, notifier, &ev) == -1) { + perror("epoll_ctl: notifier"); + exit(EXIT_FAILURE); + } + while(running) { + nevents = epoll_wait(epollfd, events, EPOLL_EVENTS, -1); + if (nevents < 0 ) { + perror("epoll_wait"); + exit(EXIT_FAILURE); + } /* TODO: Open syscall transformation table blob, actually handle * syscalls actions as parsed */ memset(req, 0, sizeof(*req)); - ioctl(notifier, SECCOMP_IOCTL_NOTIF_RECV, req); - - if (!handle(req, notifier)) - continue; - - resp->flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE; - resp->id = req->id; - resp->error = 0; - resp->val = 0; - - ioctl(notifier, SECCOMP_IOCTL_NOTIF_SEND, resp); + for (i = 0; i < nevents; ++i) { + if (events[i].events & EPOLLHUP) { + /* The notifier fd was closed by the target */ + running = false; + } else if (notifier == events[i].data.fd) { + if (!handle(req, events[i].data.fd)) + continue; + + resp->flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE; + resp->id = req->id; + resp->error = 0; + resp->val = 0; + + ioctl(notifier, SECCOMP_IOCTL_NOTIF_SEND, resp); + } + } } } |