From b2e31a6e7493c56f923cb7d86f7a8a32940393ec Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Wed, 7 Jun 2023 14:07:23 +0200 Subject: seitan,cooker: op_resolvefd ops: - update resolvefd with the description - add debug prints cooker: - add emit_resolvefd when match has type FDPATH --- operations.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'operations.c') diff --git a/operations.c b/operations.c index 78206bd..50fdcfb 100644 --- a/operations.c +++ b/operations.c @@ -427,24 +427,29 @@ int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g, } int op_resolve_fd(const struct seccomp_notif *req, int notifier, - struct gluten *g, struct op_resolvedfd *op) + struct gluten *g, struct op_resolvefd *op) { - char fdpath[PATH_MAX], buf[PATH_MAX], path[PATH_MAX]; + const struct resolvefd_desc *desc = gluten_ptr(&req->data, g, op->desc); + char fdpath[PATH_MAX], buf[PATH_MAX]; ssize_t nbytes; int fd; (void)notifier; - if (gluten_read(NULL, g, &path, op->path, sizeof(op->path_size)) == -1) - return -1; - if (gluten_read(&req->data, g, &fd, op->fd, sizeof(fd)) == -1) + debug(" op_resolvefd: fd=(%s %d) path=(%s %d) path_max=%d", + gluten_offset_name[desc->fd.type], desc->fd.offset, + gluten_offset_name[desc->path.type], desc->path.offset, + desc->path_max); + + if (gluten_read(&req->data, g, &fd, desc->fd, sizeof(fd)) == -1) return -1; snprintf(fdpath, PATH_MAX, "/proc/%d/fd/%d", req->pid, fd); - if ((nbytes = readlink(fdpath, buf, op->path_size)) < 0) - ret_err(-1, "error reading %s", fdpath); - if (strcmp(path, buf) == 0) - return op->jmp; + if ((nbytes = readlink(fdpath, buf, desc->path_max)) < 0) + ret_err(-1, "error reading %s", buf); + + debug(" op_resolvefd: fd %d -> path: %s", fd, buf); + gluten_write(g, desc->path, &buf, desc->path_max); return 0; } -- cgit v1.2.3