diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2024-05-15 08:49:56 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-05-15 08:49:56 +0200 |
commit | 5a9302bab9c9bb3d1577f04678d074fb7af4115f (patch) | |
tree | 21d04573dfa733e020315d08853c00fc119fb959 /cooker/filter.c | |
parent | bdbec30a849807fb5e6841a38cfe0d168e5962b9 (diff) | |
download | seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.tar seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.tar.gz seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.tar.bz2 seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.tar.lz seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.tar.xz seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.tar.zst seitan-5a9302bab9c9bb3d1577f04678d074fb7af4115f.zip |
Add fsetxattr(), fremovexattr(), open_by_handle_at(), and "virtiofsd demo"
Mostly assorted fixes, a new FDGET operation (get a copy of the
target file descriptor via pidfd_getfd()) and a new "FD" flag that
means we have to do that on direct tag reference.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'cooker/filter.c')
-rw-r--r-- | cooker/filter.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/cooker/filter.c b/cooker/filter.c index e0c8081..765fa25 100644 --- a/cooker/filter.c +++ b/cooker/filter.c @@ -540,6 +540,11 @@ unsigned int filter_build(struct sock_filter filter[], unsigned n) /* pre-check instruction + load syscall number (4 instructions) */ accept = size + n_nodes + n; + + /* FIXME: See below */ + if (n > 1 && n % 2) + accept++; + notify = accept + 1; /* Insert nodes */ @@ -570,6 +575,13 @@ unsigned int filter_build(struct sock_filter filter[], unsigned n) */ next_offset += get_n_args_syscall_instr(nr) - 1; } + + /* FIXME: If we have an odd number of leaves, duplicate the last one, + * otherwise, left_child() will miscalculate terminal jump offsets. + */ + if (n > 1 && n % 2) + filter[size++] = EQ(nr, offset - 1, accept - size); + /* Seccomp accept and notify instruction */ filter[size++] = STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW); filter[size++] = STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF); |