aboutgitcodelistschat:MatrixIRC
diff options
context:
space:
mode:
authorAlice Frosi <afrosi@redhat.com>2023-01-16 09:28:06 +0100
committerAlice Frosi <afrosi@redhat.com>2023-01-17 13:05:41 +0100
commitbad10920fe6c8bb443a8640e2534aa27dabd80b1 (patch)
tree207ea096d1262ce0f2837c63ab8c5a81c276a4de
parent6dd9d3294a3099dbf570186cf2b34a1f89a9ce1f (diff)
downloadseitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar
seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.gz
seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.bz2
seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.lz
seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.xz
seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.tar.zst
seitan-bad10920fe6c8bb443a8640e2534aa27dabd80b1.zip
seitan: replace ioctl with epoll
Repeatedly listen for seccomp notification events using epoll. Signed-off-by: Alice Frosi <afrosi@redhat.com>
-rw-r--r--seitan.c55
1 files changed, 41 insertions, 14 deletions
diff --git a/seitan.c b/seitan.c
index 2e71b27..b227fc8 100644
--- a/seitan.c
+++ b/seitan.c
@@ -14,6 +14,7 @@
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
+#include <stdbool.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>
@@ -23,6 +24,7 @@
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/epoll.h>
#include <argp.h>
#include <linux/netlink.h>
#include <linux/connector.h>
@@ -32,6 +34,8 @@
#include <linux/filter.h>
#include <linux/seccomp.h>
+#define EPOLL_EVENTS 8
+
static char doc[] = "Usage: seitan: setain -pid <pid> -i <input file> ";
/* Seitan options */
@@ -209,12 +213,16 @@ int handle(struct seccomp_notif *req, int notifyfd)
int main(int argc, char **argv)
{
+
int s = nl_init(), ret, pidfd, notifier;
char resp_b[BUFSIZ], req_b[BUFSIZ];
+ struct epoll_event ev, events[EPOLL_EVENTS];
struct seccomp_notif_resp *resp = (struct seccomp_notif_resp *)resp_b;
struct seccomp_notif *req = (struct seccomp_notif *)req_b;
struct arguments arguments;
- int fd;
+ bool running = true;
+ int fd, epollfd;
+ int nevents,i;
arguments.pid = -1;
argp_parse(&argp, argc, argv, 0, 0, &arguments);
@@ -234,7 +242,6 @@ int main(int argc, char **argv)
perror("pidfd_open");
exit(EXIT_FAILURE);
}
-
sleep(1);
if ((notifier = syscall(SYS_pidfd_getfd, pidfd, 3, 0)) < 0) {
@@ -242,21 +249,41 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
- while (1) {
+ if ((epollfd = epoll_create1(0)) < 0) {
+ perror("epoll_create");
+ exit(EXIT_FAILURE);
+ }
+ ev.events = EPOLLIN;
+ ev.data.fd = notifier;
+ if (epoll_ctl(epollfd, EPOLL_CTL_ADD, notifier, &ev) == -1) {
+ perror("epoll_ctl: notifier");
+ exit(EXIT_FAILURE);
+ }
+ while(running) {
+ nevents = epoll_wait(epollfd, events, EPOLL_EVENTS, -1);
+ if (nevents < 0 ) {
+ perror("epoll_wait");
+ exit(EXIT_FAILURE);
+ }
/* TODO: Open syscall transformation table blob, actually handle
* syscalls actions as parsed
*/
memset(req, 0, sizeof(*req));
- ioctl(notifier, SECCOMP_IOCTL_NOTIF_RECV, req);
-
- if (!handle(req, notifier))
- continue;
-
- resp->flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;
- resp->id = req->id;
- resp->error = 0;
- resp->val = 0;
-
- ioctl(notifier, SECCOMP_IOCTL_NOTIF_SEND, resp);
+ for (i = 0; i < nevents; ++i) {
+ if (events[i].events & EPOLLHUP) {
+ /* The notifier fd was closed by the target */
+ running = false;
+ } else if (notifier == events[i].data.fd) {
+ if (!handle(req, events[i].data.fd))
+ continue;
+
+ resp->flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;
+ resp->id = req->id;
+ resp->error = 0;
+ resp->val = 0;
+
+ ioctl(notifier, SECCOMP_IOCTL_NOTIF_SEND, resp);
+ }
+ }
}
}