diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | common.c | 51 | ||||
| -rw-r--r-- | common.h | 7 | ||||
| -rw-r--r-- | seitan.c | 55 |
4 files changed, 65 insertions, 52 deletions
@@ -24,8 +24,8 @@ bpf_dbg: disasm.c disasm.h bpf_dbg.c seitan-eater: eater.c $(CC) $(CFLAGS) -o seitan-eater eater.c -seitan: seitan.c transform.h - $(CC) $(CFLAGS) -o seitan seitan.c +seitan: seitan.c transform.h common.h common.c + $(CC) $(CFLAGS) -o seitan seitan.c common.c numbers.h: ./nr_syscalls.sh diff --git a/common.c b/common.c new file mode 100644 index 0000000..a8f79a2 --- /dev/null +++ b/common.c @@ -0,0 +1,51 @@ +#include <stddef.h> +#include <stdio.h> +#include <string.h> +#include <dirent.h> +#include <unistd.h> +#include <stdlib.h> +#include <sys/stat.h> + +int find_fd_seccomp_notifier(const char *path) +{ + char entry[2 * PATH_MAX + 1]; + char buf[PATH_MAX + 1]; + struct dirent *dp; + ssize_t nbytes; + struct stat sb; + DIR *dirp; + + if ((dirp = opendir(path)) == NULL) { + fprintf(stderr, "failed reading fds from proc: %s \n", path); + return -1; + } + while ((dp = readdir(dirp)) != NULL) { + snprintf(entry, sizeof(entry), "%s/%s", path, dp->d_name); + if (lstat(entry, &sb) == -1) { + perror("lstat"); + } + /* Skip the entry if it isn't a symbolic link */ + if (!S_ISLNK(sb.st_mode)) + continue; + + nbytes = readlink(entry, buf, PATH_MAX); + if (nbytes == -1) { + perror("readlink"); + } + if (nbytes == PATH_MAX) { + perror("buffer overflow"); + continue; + } + /* + * From man proc: For file descriptors that have no + * corresponding inode (e.g., file descriptors produced by + * bpf(2)..), the entry will be a symbolic link with contents + * of the form: + * anon_inode:<file-type> + */ + if (strstr(buf, "anon_inode:seccomp notify") != NULL) + return atoi(dp->d_name); + } + fprintf(stderr, "seccomp notifier not found in %s\n", path); + return -1; +} diff --git a/common.h b/common.h new file mode 100644 index 0000000..eb1093d --- /dev/null +++ b/common.h @@ -0,0 +1,7 @@ +#ifndef COMMON_H_ +#define COMMON_H_ + +int find_fd_seccomp_notifier(const char *pid); + +#endif + @@ -19,14 +19,12 @@ #include <unistd.h> #include <limits.h> #include <signal.h> -#include <dirent.h> #include <sys/prctl.h> #include <sys/syscall.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/un.h> #include <sys/epoll.h> -#include <sys/stat.h> #include <sys/types.h> #include <argp.h> #include <linux/netlink.h> @@ -37,6 +35,8 @@ #include <linux/filter.h> #include <linux/seccomp.h> +#include "common.h" + #define EPOLL_EVENTS 8 static char doc[] = "Usage: seitan: setain -pid <pid> -i <input file> "; @@ -184,51 +184,6 @@ static void unblock_eater(int pidfd){ } } -static int find_fd_seccomp_notifier(int pid) -{ - char path[PATH_MAX + 1]; - char entry[2*PATH_MAX + 1]; - char buf[PATH_MAX + 1]; - struct dirent *dp; - ssize_t nbytes; - struct stat sb; - DIR *dirp; - - snprintf(path, sizeof(path), "/proc/%i/fd", pid); - if ((dirp = opendir(path)) == NULL) { - fprintf(stderr,"failed reading fds from proc \n"); - return -1; - } - while ((dp = readdir (dirp)) != NULL) { - snprintf(entry, sizeof(entry), "%s/%s", path, dp->d_name); - if (lstat(entry, &sb) == -1) { - perror("lstat"); - } - /* Skip the entry if it isn't a symbolic link */ - if (!S_ISLNK(sb.st_mode)) - continue; - - nbytes = readlink(entry, buf, PATH_MAX); - if (nbytes == -1) { - perror("readlink"); - } - if (nbytes == PATH_MAX) { - perror("buffer overflow"); - continue; - } - /* - * From man proc: For file descriptors that have no - * corresponding inode (e.g., file descriptors produced by - * bpf(2)..), the entry will be a symbolic link with contents - * of the form: - * anon_inode:<file-type> - */ - if (strcmp(buf, "anon_inode:seccomp notify") == 0) - return atoi(dp->d_name); - } - return -1; -} - int handle(struct seccomp_notif *req, int notifyfd) { char path[PATH_MAX + 1]; @@ -281,6 +236,7 @@ int main(int argc, char **argv) struct seccomp_notif_resp *resp = (struct seccomp_notif_resp *)resp_b; struct seccomp_notif *req = (struct seccomp_notif *)req_b; struct arguments arguments; + char path[PATH_MAX + 1]; bool running = true; int fd, epollfd; int notifierfd; @@ -299,18 +255,17 @@ int main(int argc, char **argv) if (ret < 0) exit(EXIT_FAILURE); - if ((pidfd = syscall(SYS_pidfd_open, ret, 0)) < 0) { perror("pidfd_open"); exit(EXIT_FAILURE); } sleep(1); - if ((notifierfd = find_fd_seccomp_notifier(ret)) < 0){ + snprintf(path, sizeof(path), "/proc/%d/fd", ret); + if ((notifierfd = find_fd_seccomp_notifier(path)) < 0){ fprintf(stderr, "failed getting fd of the notifier\n"); exit(EXIT_FAILURE); } - printf("fd notifier: %d \n", notifierfd); if ((notifier = syscall(SYS_pidfd_getfd, pidfd, notifierfd, 0)) < 0) { perror("pidfd_getfd"); exit(EXIT_FAILURE); |