From cc0ae5b0b0418ba6cebd7f6b7b45001de15a0c48 Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Thu, 19 Jan 2023 16:53:09 +0100
Subject: seitan: separate function in common

Move find_fd_seccomp_notifier to common.c to be reused
in other places.

Signed-off-by: Alice Frosi <afrosi@redhat.com>
---
 Makefile |  4 ++--
 common.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 common.h |  7 +++++++
 seitan.c | 55 +++++--------------------------------------------------
 4 files changed, 65 insertions(+), 52 deletions(-)
 create mode 100644 common.c
 create mode 100644 common.h

diff --git a/Makefile b/Makefile
index e3ca02d..5d0ca95 100644
--- a/Makefile
+++ b/Makefile
@@ -24,8 +24,8 @@ bpf_dbg: disasm.c disasm.h bpf_dbg.c
 seitan-eater: eater.c
 	$(CC) $(CFLAGS) -o seitan-eater eater.c
 
-seitan: seitan.c transform.h
-	$(CC) $(CFLAGS) -o seitan seitan.c
+seitan: seitan.c transform.h common.h common.c
+	$(CC) $(CFLAGS) -o seitan seitan.c common.c
 
 numbers.h:
 	./nr_syscalls.sh
diff --git a/common.c b/common.c
new file mode 100644
index 0000000..a8f79a2
--- /dev/null
+++ b/common.c
@@ -0,0 +1,51 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <dirent.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+
+int find_fd_seccomp_notifier(const char *path)
+{
+	char entry[2 * PATH_MAX + 1];
+	char buf[PATH_MAX + 1];
+	struct dirent *dp;
+	ssize_t nbytes;
+	struct stat sb;
+	DIR *dirp;
+
+	if ((dirp = opendir(path)) == NULL) {
+		fprintf(stderr, "failed reading fds from proc: %s \n", path);
+		return -1;
+	}
+	while ((dp = readdir(dirp)) != NULL) {
+		snprintf(entry, sizeof(entry), "%s/%s", path, dp->d_name);
+		if (lstat(entry, &sb) == -1) {
+			perror("lstat");
+		}
+		/* Skip the entry if it isn't a symbolic link */
+		if (!S_ISLNK(sb.st_mode))
+			continue;
+
+		nbytes = readlink(entry, buf, PATH_MAX);
+		if (nbytes == -1) {
+			perror("readlink");
+		}
+		if (nbytes == PATH_MAX) {
+			perror("buffer overflow");
+			continue;
+		}
+		/*
+                 * From man proc: For  file  descriptors  that  have no
+                 * corresponding inode (e.g., file descriptors produced by
+                 * bpf(2)..), the  entry  will be a symbolic link with contents
+                 * of the form:
+                 *      anon_inode:<file-type>
+                 */
+		if (strstr(buf, "anon_inode:seccomp notify") != NULL)
+			return atoi(dp->d_name);
+	}
+	fprintf(stderr, "seccomp notifier not found in %s\n", path);
+	return -1;
+}
diff --git a/common.h b/common.h
new file mode 100644
index 0000000..eb1093d
--- /dev/null
+++ b/common.h
@@ -0,0 +1,7 @@
+#ifndef COMMON_H_
+#define COMMON_H_
+
+int find_fd_seccomp_notifier(const char *pid);
+
+#endif
+
diff --git a/seitan.c b/seitan.c
index dd4bd9c..96662e0 100644
--- a/seitan.c
+++ b/seitan.c
@@ -19,14 +19,12 @@
 #include <unistd.h>
 #include <limits.h>
 #include <signal.h>
-#include <dirent.h>
 #include <sys/prctl.h>
 #include <sys/syscall.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <sys/epoll.h>
-#include <sys/stat.h>
 #include <sys/types.h>
 #include <argp.h>
 #include <linux/netlink.h>
@@ -37,6 +35,8 @@
 #include <linux/filter.h>
 #include <linux/seccomp.h>
 
+#include "common.h"
+
 #define EPOLL_EVENTS 8
 
 static char doc[] = "Usage: seitan: setain -pid <pid> -i <input file> ";
@@ -184,51 +184,6 @@ static void unblock_eater(int pidfd){
 	}
 }
 
-static int find_fd_seccomp_notifier(int pid)
-{
-	char path[PATH_MAX + 1];
-	char entry[2*PATH_MAX + 1];
-	char buf[PATH_MAX + 1];
-	struct dirent *dp;
-	ssize_t nbytes;
-	struct stat sb;
-	DIR *dirp;
-
-	snprintf(path, sizeof(path), "/proc/%i/fd", pid);
-	if ((dirp = opendir(path)) == NULL) {
-		fprintf(stderr,"failed reading fds from proc \n");
-		return -1;
-	}
-	while ((dp = readdir (dirp)) != NULL) {
-		snprintf(entry, sizeof(entry), "%s/%s", path, dp->d_name);
-		if (lstat(entry, &sb) == -1) {
-			perror("lstat");
-		}
-		/* Skip the entry if it isn't a symbolic link */
-		if (!S_ISLNK(sb.st_mode))
-			continue;
-
-		nbytes = readlink(entry, buf, PATH_MAX);
-		if (nbytes == -1) {
-			perror("readlink");
-		}
-		if (nbytes == PATH_MAX) {
-			perror("buffer overflow");
-			continue;
-		}
-		/*
-		 * From man proc: For  file  descriptors  that  have no
-		 * corresponding inode (e.g., file descriptors produced by
-		 * bpf(2)..), the  entry  will be a symbolic link with contents
-		 * of the form:
-		 * 	anon_inode:<file-type>
-		 */
-		if (strcmp(buf, "anon_inode:seccomp notify") == 0)
-			return atoi(dp->d_name);
-	}
-	return -1;
-}
-
 int handle(struct seccomp_notif *req, int notifyfd)
 {
 	char path[PATH_MAX + 1];
@@ -281,6 +236,7 @@ int main(int argc, char **argv)
 	struct seccomp_notif_resp *resp = (struct seccomp_notif_resp *)resp_b;
 	struct seccomp_notif *req = (struct seccomp_notif *)req_b;
 	struct arguments arguments;
+	char path[PATH_MAX + 1];
 	bool running = true;
 	int fd, epollfd;
 	int notifierfd;
@@ -299,18 +255,17 @@ int main(int argc, char **argv)
 
 	if (ret < 0)
 		exit(EXIT_FAILURE);
-
 	if ((pidfd = syscall(SYS_pidfd_open, ret, 0)) < 0) {
 		perror("pidfd_open");
 		exit(EXIT_FAILURE);
 	}
 	sleep(1);
 
-	if ((notifierfd = find_fd_seccomp_notifier(ret)) < 0){
+	snprintf(path, sizeof(path), "/proc/%d/fd", ret);
+	if ((notifierfd = find_fd_seccomp_notifier(path)) < 0){
 		fprintf(stderr, "failed getting fd of the notifier\n");
 		exit(EXIT_FAILURE);
 	}
-	printf("fd notifier: %d \n", notifierfd);
 	if ((notifier = syscall(SYS_pidfd_getfd, pidfd, notifierfd, 0)) < 0) {
 		perror("pidfd_getfd");
 		exit(EXIT_FAILURE);
-- 
cgit v1.2.3