diff options
| author | Alice Frosi <afrosi@redhat.com> | 2023-06-08 17:43:56 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-06-09 10:31:35 +0200 |
| commit | f1f136577a52b1588da5f74683f41d14df410300 (patch) | |
| tree | 10a66b9f78cc87182e9aac12db7b02dd6834bd6b /cooker/emit.c | |
| parent | 15b54482241083d52b6e9857a66fecbf915d467d (diff) | |
| download | seitan-f1f136577a52b1588da5f74683f41d14df410300.tar seitan-f1f136577a52b1588da5f74683f41d14df410300.tar.gz seitan-f1f136577a52b1588da5f74683f41d14df410300.tar.bz2 seitan-f1f136577a52b1588da5f74683f41d14df410300.tar.lz seitan-f1f136577a52b1588da5f74683f41d14df410300.tar.xz seitan-f1f136577a52b1588da5f74683f41d14df410300.tar.zst seitan-f1f136577a52b1588da5f74683f41d14df410300.zip | |
seitan,cooker: add wd to change work directory and mknod
./seitan-cooker demo/mknod.hjson demo/mknod.gluten demo/mknod.bpf
Start seitan with the socket option:
./seitan -s /tmp/seitan.sock -i demo/mknod.gluten
Start the container:
sudo rm -f /dev/lol
sudo chown $USER:$USER /tmp/seitan.sock
podman run -ti --runtime /usr/bin/crun \
--security-opt label=disable \
-v $(pwd)/test:/test \
--annotation run.oci.seccomp_bpf_data="$(base64 -w0 demo/mknod.bpf)" \
--annotation run.oci.seccomp.receiver=/tmp/seitan.sock fedora \
sh -c 'mknod /dev/lol c 1 7 && ls -l /dev/lol'
Diffstat (limited to 'cooker/emit.c')
| -rw-r--r-- | cooker/emit.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/cooker/emit.c b/cooker/emit.c index d4ca97b..41b64a6 100644 --- a/cooker/emit.c +++ b/cooker/emit.c @@ -81,31 +81,31 @@ void emit_fd(struct gluten_ctx *g, struct fd_desc *desc) /** * emit_call() - Emit OP_CALL instruction: execute a system call * @g: gluten context - * @ns: NS_SPEC_NONE-terminated array of namespaces references + * @context: CONTEXT_SPEC_NONE-terminated array of context references * @nr: System call number * @count: Argument count * @is_ptr: Array indicating whether arguments need to be dereferenced * @args: Offsets of arguments * @ret_offset: Offset where return value must be saved, can be OFFSET_NULL */ -void emit_call(struct gluten_ctx *g, struct ns_spec *ns, long nr, +void emit_call(struct gluten_ctx *g, struct context_desc *cdesc, long nr, unsigned count, bool is_ptr[6], struct gluten_offset offset[6], struct gluten_offset ret_offset) { struct op *op = (struct op *)gluten_ptr(&g->g, g->ip); struct gluten_offset o1 = { 0 }, o2 = { 0 }; struct op_call *call = &op->op.call; + struct context_desc *c = cdesc; struct syscall_desc *desc; - unsigned ns_count, i; - struct ns_spec *ctx; + unsigned i; op->type = OP_CALL; - for (ns_count = 0; ns[ns_count].spec != NS_SPEC_NONE; ns_count++); - if (ns_count) { - o1 = gluten_ro_alloc(g, sizeof(struct ns_spec) * ns_count); - ctx = (struct ns_spec *)gluten_ptr(&g->g, o1); - memcpy(ctx, ns, sizeof(struct ns_spec) * ns_count); + for (i = 0; c[i].spec != CONTEXT_SPEC_NONE; i++); + if (i) { + o1 = gluten_ro_alloc(g, sizeof(struct context_desc) * i); + c = (struct context_desc *)gluten_ptr(&g->g, o1); + memcpy(c, cdesc, sizeof(struct context_desc) * i); } o2 = gluten_ro_alloc(g, sizeof(struct syscall_desc) + |