diff options
author | Alice Frosi <afrosi@redhat.com> | 2023-01-16 17:22:51 +0100 |
---|---|---|
committer | Alice Frosi <afrosi@redhat.com> | 2023-01-17 13:05:41 +0100 |
commit | 8d44fb83386c1834163f037b077c03cf6cc7f748 (patch) | |
tree | b2355286bf41b2b0210df6f4563b5d5a70bfc5c6 /eater.c | |
parent | f9c6d862789eb5961502862882d2dc33eff854b8 (diff) | |
download | seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.tar seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.tar.gz seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.tar.bz2 seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.tar.lz seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.tar.xz seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.tar.zst seitan-8d44fb83386c1834163f037b077c03cf6cc7f748.zip |
Use signals instead of connect for synchronization
The connect syscall was used to synchronize seitan and the eater for the
seccomp installation filter and notifier initialization. However, we
assume that the fd 0 is always free, and this might not always be the
case.
Try to implement an alternative and more robust solution.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Diffstat (limited to 'eater.c')
-rw-r--r-- | eater.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -20,6 +20,7 @@ #include <sys/prctl.h> #include <sys/syscall.h> #include <sys/socket.h> +#include <signal.h> #include <linux/audit.h> #include <linux/filter.h> @@ -75,6 +76,8 @@ static int seccomp(unsigned int operation, unsigned int flags, void *args) return syscall(__NR_seccomp, operation, flags, args); } +static void signal_handler(__attribute__((unused))int s){} + /** * main() - Entry point * @argc: Argument count @@ -87,6 +90,7 @@ int main(int argc, char **argv) struct sock_filter filter[1024]; struct arguments arguments; struct sock_fprog prog; + struct sigaction act; size_t n; int fd; @@ -106,8 +110,10 @@ int main(int argc, char **argv) perror("seccomp"); exit(EXIT_FAILURE); } + act.sa_handler = signal_handler; + sigaction(SIGCONT, &act, NULL); + pause(); - connect(0, NULL, 0); /* Wait for seitan to unblock this */ execvpe(argv[arguments.program_index], &argv[arguments.program_index], environ); if (errno != ENOENT) { |