From 9b2dd57a6e6ba4faae483efac8e4a43daba8155f Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Mon, 16 Jan 2023 09:52:20 +0100 Subject: Rename loader to eater Signed-off-by: Alice Frosi --- Makefile | 8 +++--- README.md | 4 +-- eater.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ loader.c | 94 --------------------------------------------------------------- seitan.c | 4 +-- 5 files changed, 102 insertions(+), 102 deletions(-) create mode 100644 eater.c delete mode 100644 loader.c diff --git a/Makefile b/Makefile index f45b1de..e3688c2 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ CFLAGS += -Wall -Wextra -pedantic export CFLAGS -all: t.out seitan-loader seitan +all: t.out seitan-eater seitan build: build.c filter.c filter.h numbers.h $(CC) $(CFLAGS) -o build filter.c build.c @@ -22,8 +22,8 @@ build: build.c filter.c filter.h numbers.h bpf_dbg: disasm.c disasm.h bpf_dbg.c $(CC) $(CFLAGS) -o bpf_dbg bpf_dbg.c disasm.c -seitan-loader: loader.c - $(CC) $(CFLAGS) -o seitan-loader loader.c +seitan-eater: eater.c + $(CC) $(CFLAGS) -o seitan-eater eater.c seitan: seitan.c transform.h $(CC) $(CFLAGS) -o seitan seitan.c @@ -38,4 +38,4 @@ transform.h: qemu_filter ./transform.sh qemu_filter clean: - rm -f filter.h numbers.h transform.h t.out bpf.out build seitan-loader seitan + rm -f filter.h numbers.h transform.h t.out bpf.out build seitan-eater seitan diff --git a/README.md b/README.md index 048b30f..a690327 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ div > ul { * **build-table** * build transformation table -* **seitan-loader** +* **seitan-eater** * load BPF blob * attach filter * call blocking syscall @@ -30,7 +30,7 @@ div > ul { * **seitan** * load transformation table blob * listen to netlink proc connector - * look for seitan-loader, once found: + * look for seitan-eater, once found: * get seccomp notifier via pidfd_getfd() * listen to it, new syscall: * look up in transformation table diff --git a/eater.c b/eater.c new file mode 100644 index 0000000..a7a6b5f --- /dev/null +++ b/eater.c @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: AGPL-3.0-or-later + +/* SEITAN - Syscall Expressive Interpreter, Transformer and Notifier + * + * eater.c - Load BPF program and execute binary + * + * Copyright (c) 2022 Red Hat GmbH + * Author: Stefano Brivio + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +extern char **environ; + +static char *qemu_names[] = { + "kvm", + "qemu-kvm", +#ifdef ARCH + ( "qemu-system-" ARCH ), +#endif + "/usr/libexec/qemu-kvm", + NULL, +}; + +/** + * usage() - Print usage and exit + */ +void usage(void) +{ + fprintf(stderr, "Usage: seitan-eater [QEMU_ARG]...\n"); + fprintf(stderr, "\n"); + + exit(EXIT_FAILURE); +} + +static int seccomp(unsigned int operation, unsigned int flags, void *args) +{ + return syscall(__NR_seccomp, operation, flags, args); +} + +/** + * main() - Entry point + * @argc: Argument count + * @argv: qemu arguments + * + * Return: 0 once interrupted, non-zero on failure + */ +int main(int argc, char **argv) +{ + int fd = open("bpf.out", O_CLOEXEC | O_RDONLY); + struct sock_filter filter[1024]; + struct sock_fprog prog; + char **name; + size_t n; + + (void)argc; + + n = read(fd, filter, sizeof(filter)); + close(fd); + + prog.filter = filter; + prog.len = (unsigned short)(n / sizeof(filter[0])); + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + fd = seccomp(SECCOMP_SET_MODE_FILTER, + SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog); + + connect(0, NULL, 0); /* Wait for seitan to unblock this */ + + for (name = qemu_names; *name; name++) { + argv[0] = *name; + execvpe(*name, argv, environ); + if (errno != ENOENT) { + perror("execvpe"); + usage(); + } + } + + perror("execvpe"); + return EXIT_FAILURE; +} diff --git a/loader.c b/loader.c deleted file mode 100644 index bd2530e..0000000 --- a/loader.c +++ /dev/null @@ -1,94 +0,0 @@ -// SPDX-License-Identifier: AGPL-3.0-or-later - -/* SEITAN - Syscall Expressive Interpreter, Transformer and Notifier - * - * loader.c - Load BPF program and execute binary - * - * Copyright (c) 2022 Red Hat GmbH - * Author: Stefano Brivio - */ - -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -extern char **environ; - -static char *qemu_names[] = { - "kvm", - "qemu-kvm", -#ifdef ARCH - ( "qemu-system-" ARCH ), -#endif - "/usr/libexec/qemu-kvm", - NULL, -}; - -/** - * usage() - Print usage and exit - */ -void usage(void) -{ - fprintf(stderr, "Usage: seitan-loader [QEMU_ARG]...\n"); - fprintf(stderr, "\n"); - - exit(EXIT_FAILURE); -} - -static int seccomp(unsigned int operation, unsigned int flags, void *args) -{ - return syscall(__NR_seccomp, operation, flags, args); -} - -/** - * main() - Entry point - * @argc: Argument count - * @argv: qemu arguments - * - * Return: 0 once interrupted, non-zero on failure - */ -int main(int argc, char **argv) -{ - int fd = open("bpf.out", O_CLOEXEC | O_RDONLY); - struct sock_filter filter[1024]; - struct sock_fprog prog; - char **name; - size_t n; - - (void)argc; - - n = read(fd, filter, sizeof(filter)); - close(fd); - - prog.filter = filter; - prog.len = (unsigned short)(n / sizeof(filter[0])); - prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - fd = seccomp(SECCOMP_SET_MODE_FILTER, - SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog); - - connect(0, NULL, 0); /* Wait for seitan to unblock this */ - - for (name = qemu_names; *name; name++) { - argv[0] = *name; - execvpe(*name, argv, environ); - if (errno != ENOENT) { - perror("execvpe"); - usage(); - } - } - - perror("execvpe"); - return EXIT_FAILURE; -} diff --git a/seitan.c b/seitan.c index d1e55a6..178dc38 100644 --- a/seitan.c +++ b/seitan.c @@ -92,8 +92,8 @@ static int event(int s) ev->event_data.exec.process_pid); readlink(path, exe, PATH_MAX); - if (!strcmp(exe, "/usr/local/bin/seitan-loader") || - !strcmp(exe, "/usr/bin/seitan-loader")) + if (!strcmp(exe, "/usr/local/bin/seitan-eater") || + !strcmp(exe, "/usr/bin/seitan-eater")) return ev->event_data.exec.process_pid; if (nlh->nlmsg_type == NLMSG_DONE) -- cgit v1.2.3