From ef403b6687ec5739933f9f215093e1ea5c923666 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Wed, 17 May 2023 15:46:57 +0200 Subject: cooker, seitan: simple working example parser: - add OP_BLOCK and OP_RETURN to the parser seitan: - fix op_cmp in seitan, it was jmp when comparison was true Working example: demo.json: [ { "match": [ /* qemu-pr-helper and similar */ { "connect": { "addr": { "family": "unix", "path": "/tmp/test.sock" } } } ], "return": 0 } ] Create gluten and the bpf filter: $ seitan-cooker demo.hjson demo.gluten demo.bpf Launch the seitan eater with the target program: $ seitan-eater -i demo.bpf -- strace -e connect tests-utils/test-syscalls connect Start seitan with gluten: $ seitan -i demo.gluten -p $(pgrep seitan-eater) Seitan mocks the connect syscall and `connect` returns successfully: $ seitan-eater -i demo.bpf -- strace -e connect tests-utils/test-syscalls connect Test syscall: connect connect(4, {sa_family=AF_UNIX, sun_path="/tmp/test.sock"}, 108) = 0 --- operations.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'operations.c') diff --git a/operations.c b/operations.c index f79c41c..60c8410 100644 --- a/operations.c +++ b/operations.c @@ -357,9 +357,9 @@ int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g, (res < 0 && (cmp == CMP_LT || cmp == CMP_LE)) || (res > 0 && (cmp == CMP_GT || cmp == CMP_GE)) || (res != 0 && (cmp == CMP_NE))) - return op->jmp.offset; /* TODO: check boundaries */ + return 0; - return 0; + return op->jmp.offset; } int op_resolve_fd(const struct seccomp_notif *req, int notifier, -- cgit v1.2.3