| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
The connect syscall was used to synchronize seitan and the eater for the
seccomp installation filter and notifier initialization. However, we
assume that the fd 0 is always free, and this might not always be the
case.
Try to implement an alternative and more robust solution.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
| |
Check for errors for prctl and seccomp syscall.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
| |
Repeatedly listen for seccomp notification events using epoll.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
| |
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
| |
The action file needs to be set from the seitan command line.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
|
|
| |
Avoid hardcoded values and set the option from command line:
Example:
./seitan -i action -p 1234
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
|
|
| |
Extend seitan-eatar for launching a generich program with arguments.
Example:
./seitan-eater -i input.json -- ls
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
| |
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
| |
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test-filter verifies that the create_bfp_program builds the filter
correctly.
The test suite includes the tests for checking a filter with:
* a single instruction
* a single instruction with arguments
* 2 instructions
* multiple instructions
* multiple instructions with arguments
* multiple instructions with multiple instance of the same instruction
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bpf_dbg binary prints the instructions included in the BPF filter.
This is particurarly useful for debugging and verifing the generated
filter. E.g:
./bpf_dbg test.bpf
Read 7 entries
l0: ld [4]
l1: jeq #0xc000003e, l2, l5
l2: ld [0]
l3: jeq #0x2a, l4, l5
l4: ja 5
l5: ret #0x7fff0000
l6: ret #0x7fc00000
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
| |
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build binary creates the bpf filter based on the syscalls defined in
struct bpf_call. E.g:
./build test.bpf
First, a table with the filtered syscalls is built in ascending order of
syscall number and including the amount of syscalls of that type.
After, the BPF filter with a binary search tree is constructed with:
1. the nodes for the tree search
2. the leaves with all the syscall numbers
3. every syscall arguments if present
Then, the BPF instructions are written in the input file.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
| |
The flags aren't necessary anymore as the filter is built at runtime.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Refactor filter.sh script by:
* renaming the filter.sh to nr_syscalls.sh
* removing the BPF filter generation
* simplifying the syscall number and header generation
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
| |
|
|
| |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
| |
|
|
|
|
|
| |
...the PROC_EVENT_EXEC we're looking for might be hiding there. Also,
avoid a possible endless loop on NLMSG_NOOP.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
