aboutgitcodelistschat:MatrixIRC
path: root/cooker
diff options
context:
space:
mode:
Diffstat (limited to 'cooker')
-rw-r--r--cooker/Makefile2
-rw-r--r--cooker/call.c19
-rw-r--r--cooker/calls.c3
-rw-r--r--cooker/calls/scheduler.c41
-rw-r--r--cooker/calls/scheduler.h12
5 files changed, 71 insertions, 6 deletions
diff --git a/cooker/Makefile b/cooker/Makefile
index 8cf8691..12b9c1d 100644
--- a/cooker/Makefile
+++ b/cooker/Makefile
@@ -33,11 +33,13 @@ SRCS := call.c calls.c emit.c gluten.c filter.c main.c match.c \
parse.c parson.c \
$(COMMON)/util.c \
calls/net.c calls/ioctl.c calls/process.c calls/fs.c calls/io.c \
+ calls/scheduler.c \
seccomp_profile.c
HEADERS := call.h calls.h cooker.h emit.h filter.h gluten.h match.h \
parse.h parson.h \
$(COMMON)/gluten.h $(COMMON)/util.h \
calls/net.h calls/ioctl.h calls/process.h calls/fs.h calls/io.h \
+ calls/scheduler.h \
seccomp_profile.h
$(BIN): $(SRCS) $(HEADERS)
diff --git a/cooker/call.c b/cooker/call.c
index 173bdb4..a09194a 100644
--- a/cooker/call.c
+++ b/cooker/call.c
@@ -16,6 +16,15 @@
#include "parse.h"
#include "util.h"
+static bool is_metadata_obj(JSON_Object *metadata)
+{
+ if (!metadata)
+ return false;
+ return ((!json_object_get_string(metadata, "caller")) ||
+ (!json_object_get_string(metadata, "set")) ||
+ (!json_object_get_string(metadata, "get")));
+}
+
/* TODO: refactor and simplify this horrible function */
static union value parse_metadata(struct gluten_ctx *g, struct field *f,
struct gluten_offset **base_offset,
@@ -29,10 +38,12 @@ static union value parse_metadata(struct gluten_ctx *g, struct field *f,
if ((tag = json_object_get_string(metadata, "caller"))) {
debug(" args reference value at runtime '%s' with metadata %s", tag, tag);
(*base_offset)->type = OFFSET_METADATA;
- if (strcmp(tag, "uid") == 0) {
+ if (!strcmp(tag, "uid")) {
(*base_offset)->offset = UID_TARGET;
- } else if (strcmp(tag, "gid") == 0) {
+ } else if (!strcmp(tag, "gid")) {
(*base_offset)->offset = GID_TARGET;
+ } else if (!strcmp(tag, "pid")) {
+ (*base_offset)->offset = PID_TARGET;
} else {
die(" unrecognized metadata tag: %s", tag);
}
@@ -151,9 +162,7 @@ static union value parse_field(struct gluten_ctx *g, struct arg *args,
if (offset.type != OFFSET_NULL)
offset.offset += f->offset;
-
- if (json_value_get_type(jvalue) == JSONObject &&
- (tmp1 = json_value_get_object(jvalue)))
+ if (!(tmp1 = json_value_get_object(jvalue)) && is_metadata_obj(tmp1))
v = parse_metadata(g, f, &base_offset, offset, tmp1, dry_run,
add);
if (v.v_num == 0)
diff --git a/cooker/calls.c b/cooker/calls.c
index f486777..f4e7d49 100644
--- a/cooker/calls.c
+++ b/cooker/calls.c
@@ -16,9 +16,10 @@
#include "calls/process.h"
#include "calls/fs.h"
#include "calls/io.h"
+#include "calls/scheduler.h"
struct call *call_sets[] = {
syscalls_net, syscalls_ioctl, syscalls_process, syscalls_fs,
- syscalls_io,
+ syscalls_io, syscalls_scheduler,
NULL,
};
diff --git a/cooker/calls/scheduler.c b/cooker/calls/scheduler.c
new file mode 100644
index 0000000..436d3c2
--- /dev/null
+++ b/cooker/calls/scheduler.c
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright 2023 Red Hat GmbH
+ * Author: Alice Frosi <afrosi@redhat.com>
+ */
+#define _GNU_SOURCE
+#include <sys/syscall.h>
+#include <sched.h>
+
+#include "../cooker.h"
+#include "../calls.h"
+
+static struct num sched_policy[] = {
+ { "SCHED_OTHER", SCHED_OTHER },
+ { "SCHED_BATCH", SCHED_BATCH },
+ { "SCHED_IDLE", SCHED_IDLE },
+ { "SCHED_FIFO", SCHED_FIFO },
+ { "SCHED_RR", SCHED_RR },
+ { "SCHED_RESET_ON_FORK", SCHED_RESET_ON_FORK }, /* ORed in policy */
+ { 0 },
+};
+
+static struct field sched_param[] = {
+ { "sched_priority",
+ INT,
+ 0,
+ offsetof(struct sched_param, sched_priority),
+ sizeof(int),
+ { 0 } },
+ { 0 },
+};
+
+static struct arg sched_setscheduler_args[] = {
+ { 0, { "pid", PID, 0, 0, 0, { 0 } } },
+ { 1, { "policy", INT, FLAGS, 0, 0, { .d_num = sched_policy } } },
+ { 2, { "param", STRUCT, 0, 0, 0, { .d_struct = sched_param } } }
+};
+
+struct call syscalls_scheduler[] = {
+ { __NR_sched_setscheduler, "sched_setscheduler", sched_setscheduler_args },
+ { 0 },
+};
diff --git a/cooker/calls/scheduler.h b/cooker/calls/scheduler.h
new file mode 100644
index 0000000..751d65b
--- /dev/null
+++ b/cooker/calls/scheduler.h
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright 2023 Red Hat GmbH
+ * Author: Alice Frosi <afrosi@redhat.com>
+ */
+
+#ifndef CALLS_SCHEDULER_H
+#define CALLS_SCHEDULER_H
+
+extern struct call syscalls_scheduler[];
+
+#endif /* CALLS_IO_H */
+