From 6455b9dff0554adc11e8dbe8027d134c8584bc5d Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Fri, 2 Jun 2023 16:48:29 +0200 Subject: cooker, seitan: OP_FD Signed-off-by: Stefano Brivio --- operations.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) (limited to 'operations.c') diff --git a/operations.c b/operations.c index 304b39b..e210e2f 100644 --- a/operations.c +++ b/operations.c @@ -309,42 +309,39 @@ int op_continue(const struct seccomp_notif *req, int notifier, struct gluten *g, return 0; } -static int do_inject(const struct seccomp_notif *req, int notifier, - struct gluten *g, struct op_inject *op, bool atomic) +static int op_fd(const struct seccomp_notif *req, int notifier, + struct gluten *g, struct op_fd *op) { + const struct fd_desc *desc = gluten_ptr(&req->data, g, op->desc); struct seccomp_notif_addfd resp; + void *fd; + + if (!desc) + return -1; resp.flags = SECCOMP_ADDFD_FLAG_SETFD; - resp.newfd_flags = 0; + resp.flags |= desc->do_return ? SECCOMP_ADDFD_FLAG_SEND : 0; + resp.newfd_flags = desc->cloexec ? O_CLOEXEC : 0; resp.id = req->id; - if (gluten_read(&req->data, g, &resp.newfd, op->new_fd, - sizeof(resp.newfd)) == -1) - return -1; - if (gluten_read(&req->data, g, &resp.srcfd, op->old_fd, - sizeof(resp.srcfd)) == -1) + if (!(fd = gluten_ptr(&req->data, g, desc->srcfd))) return -1; + resp.srcfd = *(uint32_t *)fd; + + if (desc->setfd) { + if (!(fd = gluten_ptr(&req->data, g, desc->newfd))) + return -1; + resp.newfd = *(uint32_t *)fd; + } else { + resp.newfd = 0; + } - if (atomic) - resp.flags |= SECCOMP_ADDFD_FLAG_SEND; if (send_inject_target(&resp, notifier) == -1) return -1; return 0; } -int op_inject(const struct seccomp_notif *req, int notifier, struct gluten *g, - struct op_inject *op) -{ - return do_inject(req, notifier, g, op, false); -} - -int op_inject_a(const struct seccomp_notif *req, int notifier, struct gluten *g, - struct op_inject *op) -{ - return do_inject(req, notifier, g, op, true); -} - int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g, struct op_cmp *op) { -- cgit v1.2.3