mirror of
https://git.yoctoproject.org/poky
synced 2026-02-10 02:33:02 +01:00
65aa038fa0
It fails to compile pseudo-native on centos 7:
| ports/linux/pseudo_wrappers.c: In function ‘prctl’:
| ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function)
| if (cmd == SECCOMP_SET_MODE_FILTER) {
| ^
Add macro guard for the definition to avoid the failure.
(From OE-Core rev: 9fff03afb8e67b360042e80fda8213a67472b9ec)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
138 lines
4.1 KiB
Diff
138 lines
4.1 KiB
Diff
Pseudo changes the syscall access patterns which makes it incompatible with
|
||
seccomp. Therefore intercept the seccomp syscall and alter it, pretending that
|
||
seccomp was setup when in fact we do nothing. If we error as unsupported,
|
||
utilities like file will exit with errors so we can't just disable it.
|
||
|
||
Upstream-Status: Pending
|
||
RP 2020/4/3
|
||
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
||
|
||
It fails to compile pseudo-native on centos 7:
|
||
|
||
| ports/linux/pseudo_wrappers.c: In function ‘prctl’:
|
||
| ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function)
|
||
| if (cmd == SECCOMP_SET_MODE_FILTER) {
|
||
| ^
|
||
|
||
Add macro guard for seccomp to avoid the failure.
|
||
|
||
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
||
|
||
Index: git/ports/linux/pseudo_wrappers.c
|
||
===================================================================
|
||
--- git.orig/ports/linux/pseudo_wrappers.c
|
||
+++ git/ports/linux/pseudo_wrappers.c
|
||
@@ -57,6 +57,7 @@ int pseudo_capset(cap_user_header_t hdrp
|
||
long
|
||
syscall(long number, ...) {
|
||
long rc = -1;
|
||
+ va_list ap;
|
||
|
||
if (!pseudo_check_wrappers() || !real_syscall) {
|
||
/* rc was initialized to the "failure" value */
|
||
@@ -77,6 +78,20 @@ syscall(long number, ...) {
|
||
(void) number;
|
||
#endif
|
||
|
||
+#ifdef SYS_seccomp
|
||
+ /* pseudo and seccomp are incompatible as pseudo uses different syscalls
|
||
+ * so pretend to enable seccomp but really do nothing */
|
||
+ if (number == SYS_seccomp) {
|
||
+ unsigned long cmd;
|
||
+ va_start(ap, number);
|
||
+ cmd = va_arg(ap, unsigned long);
|
||
+ va_end(ap);
|
||
+ if (cmd == SECCOMP_SET_MODE_FILTER) {
|
||
+ return 0;
|
||
+ }
|
||
+ }
|
||
+#endif
|
||
+
|
||
/* gcc magic to attempt to just pass these args to syscall. we have to
|
||
* guess about the number of args; the docs discuss calling conventions
|
||
* up to 7, so let's try that?
|
||
@@ -92,3 +108,44 @@ static long wrap_syscall(long nr, va_lis
|
||
(void) ap;
|
||
return -1;
|
||
}
|
||
+
|
||
+int
|
||
+prctl(int option, ...) {
|
||
+ int rc = -1;
|
||
+ va_list ap;
|
||
+
|
||
+ if (!pseudo_check_wrappers() || !real_prctl) {
|
||
+ /* rc was initialized to the "failure" value */
|
||
+ pseudo_enosys("prctl");
|
||
+ return rc;
|
||
+ }
|
||
+
|
||
+#ifdef SECCOMP_SET_MODE_FILTER
|
||
+ /* pseudo and seccomp are incompatible as pseudo uses different syscalls
|
||
+ * so pretend to enable seccomp but really do nothing */
|
||
+ if (option == PR_SET_SECCOMP) {
|
||
+ unsigned long cmd;
|
||
+ va_start(ap, option);
|
||
+ cmd = va_arg(ap, unsigned long);
|
||
+ va_end(ap);
|
||
+ if (cmd == SECCOMP_SET_MODE_FILTER) {
|
||
+ return 0;
|
||
+ }
|
||
+ }
|
||
+#endif
|
||
+
|
||
+ /* gcc magic to attempt to just pass these args to prctl. we have to
|
||
+ * guess about the number of args; the docs discuss calling conventions
|
||
+ * up to 5, so let's try that?
|
||
+ */
|
||
+ void *res = __builtin_apply((void (*)()) real_prctl, __builtin_apply_args(), sizeof(long) * 5);
|
||
+ __builtin_return(res);
|
||
+}
|
||
+
|
||
+/* unused.
|
||
+ */
|
||
+static int wrap_prctl(int option, va_list ap) {
|
||
+ (void) option;
|
||
+ (void) ap;
|
||
+ return -1;
|
||
+}
|
||
Index: git/ports/linux/guts/prctl.c
|
||
===================================================================
|
||
--- /dev/null
|
||
+++ git/ports/linux/guts/prctl.c
|
||
@@ -0,0 +1,15 @@
|
||
+/*
|
||
+ * Copyright (c) 2020 Richard Purdie
|
||
+ *
|
||
+ * SPDX-License-Identifier: LGPL-2.1-only
|
||
+ *
|
||
+ * int prctl(int option, ...)
|
||
+ * int rc = -1;
|
||
+ */
|
||
+
|
||
+ /* we should never get here, prctl is hand-wrapped */
|
||
+ rc = -1;
|
||
+
|
||
+/* return rc;
|
||
+ * }
|
||
+ */
|
||
Index: git/ports/linux/portdefs.h
|
||
===================================================================
|
||
--- git.orig/ports/linux/portdefs.h
|
||
+++ git/ports/linux/portdefs.h
|
||
@@ -32,3 +32,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.0);
|
||
|
||
#include <linux/capability.h>
|
||
#include <sys/syscall.h>
|
||
+#include <sys/prctl.h>
|
||
+#include <linux/seccomp.h>
|
||
Index: git/ports/linux/wrapfuncs.in
|
||
===================================================================
|
||
--- git.orig/ports/linux/wrapfuncs.in
|
||
+++ git/ports/linux/wrapfuncs.in
|
||
@@ -56,3 +56,4 @@ int getgrent_r(struct group *gbuf, char
|
||
int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */
|
||
long syscall(long nr, ...); /* hand_wrapped=1 */
|
||
int renameat2(int olddirfd, const char *oldpath, int newdirfd, const char *newpath, unsigned int flags); /* flags=AT_SYMLINK_NOFOLLOW */
|
||
+int prctl(int option, ...); /* hand_wrapped=1 */
|