diff options
| author | Alice Frosi <afrosi@redhat.com> | 2023-01-19 16:53:09 +0100 |
|---|---|---|
| committer | Alice Frosi <afrosi@redhat.com> | 2023-02-15 11:31:46 +0100 |
| commit | cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48 (patch) | |
| tree | 21eb59ba0455e8e631d57007e71ea73070866dd2 /seitan.c | |
| parent | e657e7d936209ebe2ed5a0cb5fd057810acb508b (diff) | |
| download | seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.tar seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.tar.gz seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.tar.bz2 seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.tar.lz seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.tar.xz seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.tar.zst seitan-cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48.zip | |
seitan: separate function in common
Move find_fd_seccomp_notifier to common.c to be reused
in other places.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Diffstat (limited to 'seitan.c')
| -rw-r--r-- | seitan.c | 55 |
1 files changed, 5 insertions, 50 deletions
@@ -19,14 +19,12 @@ #include <unistd.h> #include <limits.h> #include <signal.h> -#include <dirent.h> #include <sys/prctl.h> #include <sys/syscall.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/un.h> #include <sys/epoll.h> -#include <sys/stat.h> #include <sys/types.h> #include <argp.h> #include <linux/netlink.h> @@ -37,6 +35,8 @@ #include <linux/filter.h> #include <linux/seccomp.h> +#include "common.h" + #define EPOLL_EVENTS 8 static char doc[] = "Usage: seitan: setain -pid <pid> -i <input file> "; @@ -184,51 +184,6 @@ static void unblock_eater(int pidfd){ } } -static int find_fd_seccomp_notifier(int pid) -{ - char path[PATH_MAX + 1]; - char entry[2*PATH_MAX + 1]; - char buf[PATH_MAX + 1]; - struct dirent *dp; - ssize_t nbytes; - struct stat sb; - DIR *dirp; - - snprintf(path, sizeof(path), "/proc/%i/fd", pid); - if ((dirp = opendir(path)) == NULL) { - fprintf(stderr,"failed reading fds from proc \n"); - return -1; - } - while ((dp = readdir (dirp)) != NULL) { - snprintf(entry, sizeof(entry), "%s/%s", path, dp->d_name); - if (lstat(entry, &sb) == -1) { - perror("lstat"); - } - /* Skip the entry if it isn't a symbolic link */ - if (!S_ISLNK(sb.st_mode)) - continue; - - nbytes = readlink(entry, buf, PATH_MAX); - if (nbytes == -1) { - perror("readlink"); - } - if (nbytes == PATH_MAX) { - perror("buffer overflow"); - continue; - } - /* - * From man proc: For file descriptors that have no - * corresponding inode (e.g., file descriptors produced by - * bpf(2)..), the entry will be a symbolic link with contents - * of the form: - * anon_inode:<file-type> - */ - if (strcmp(buf, "anon_inode:seccomp notify") == 0) - return atoi(dp->d_name); - } - return -1; -} - int handle(struct seccomp_notif *req, int notifyfd) { char path[PATH_MAX + 1]; @@ -281,6 +236,7 @@ int main(int argc, char **argv) struct seccomp_notif_resp *resp = (struct seccomp_notif_resp *)resp_b; struct seccomp_notif *req = (struct seccomp_notif *)req_b; struct arguments arguments; + char path[PATH_MAX + 1]; bool running = true; int fd, epollfd; int notifierfd; @@ -299,18 +255,17 @@ int main(int argc, char **argv) if (ret < 0) exit(EXIT_FAILURE); - if ((pidfd = syscall(SYS_pidfd_open, ret, 0)) < 0) { perror("pidfd_open"); exit(EXIT_FAILURE); } sleep(1); - if ((notifierfd = find_fd_seccomp_notifier(ret)) < 0){ + snprintf(path, sizeof(path), "/proc/%d/fd", ret); + if ((notifierfd = find_fd_seccomp_notifier(path)) < 0){ fprintf(stderr, "failed getting fd of the notifier\n"); exit(EXIT_FAILURE); } - printf("fd notifier: %d \n", notifierfd); if ((notifier = syscall(SYS_pidfd_getfd, pidfd, notifierfd, 0)) < 0) { perror("pidfd_getfd"); exit(EXIT_FAILURE); |