Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add seccomp errno filter support #66

Merged
merged 1 commit into from
Sep 26, 2015
Merged

Add seccomp errno filter support #66

merged 1 commit into from
Sep 26, 2015

Conversation

wader
Copy link
Contributor

@wader wader commented Sep 23, 2015

No tests yet. Tried to get the existing tests running without much success :(
Would users like to mix errno and black/white -lists? i currently only need errno filter and default allow.
Tried to keep same code style, hope it is ok.

wader
wader reviewed Sep 23, 2015
View reviewed changes
src/firejail/seccomp.c
@@ -157,6 +161,11 @@ void filter_debug(void) {
printf(" BLACKLIST %d %s\n", *nr, syscall_find_nr(*nr));
i += 2;
}
else if (*ptr == 0x15 && *(ptr +14) == 0x5 && *(ptr + 15) == 0) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe this function could be rewritten using sock_filter struct pointer instead hmm would also take care of the endian stuff

@wader
Copy link
Contributor Author

wader commented Sep 24, 2015

For some context, i myself use this to workaround buggy virtualbox shared filesystem that has broken sendfile support, the application will fallback to userland buffered IO if it gets ENOTSUP.

@netblue30
Copy link
Owner

Looks fine, I'll merge it over the weekend. Thanks!

@wader
Copy link
Contributor Author

wader commented Sep 24, 2015

Ok. Please run the tests to make sure it didn't break anything. Any pointers how to run the tests? i installed expect and messed around but did not really work hmm

@netblue30
Copy link
Owner

I go in test directory and run:

sudo ./configure

Take a look at configure script first, it creates a number of bridge devices. To get rid of them I usually reboot my computer after the test.

I start the test as "./test.sh | grep TESTING"

netblue30 pushed a commit that referenced this pull request Sep 26, 2015
Merge pull request #66 from wader/seccomp-errno
98cbf1e 
Add seccomp errno filter support
@netblue30 netblue30 merged commit 98cbf1e into netblue30:master Sep 26, 2015
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 16, 2022
@kmk3
Fix file mode of shell scripts
66053f8 
Some shell scripts are not executable, so fix their file modes:

    $ git grep -Elz '^#!/bin/(ba)?sh' | xargs -0 -I '{}' \
      chmod +x '{}'

Note: I have manually checked that the files changed are indeed intended
to be executable directly and not just sourced, as a script of the
latter kind could also contain a shebang (for example, to help ensure
proper syntax highlighting).

The affected scripts were added on commit 081d1fb ("Add seccomp errno
filter support", 2015-09-23) / PR netblue30#66 and on commit e46dd3e
("git-install", 2017-02-04).
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 16, 2022
@kmk3
Fix file mode of shell scripts (644 -> 755)
9bfdc4d 
Some shell scripts are not executable, so fix their file modes:

    $ git grep -Elz '^#!/bin/(ba)?sh' | xargs -0 -I '{}' \
      chmod +x '{}'

Files changed:

* src/fgit/fgit-uninstall.sh
* src/tools/extract_errnos.sh

Note: I have manually checked that the files above are indeed intended
to be executable directly and not just sourced, as a script of the
latter kind could also contain a shebang (for example, to help ensure
proper syntax highlighting).

Misc: The affected files were added on commit e46dd3e ("git-install",
2017-02-04) and on commit 081d1fb ("Add seccomp errno filter support",
2015-09-23) / PR netblue30#66, respectively.
@kmk3 kmk3 mentioned this pull request Jun 16, 2022
Merged
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 16, 2022
@kmk3
build: fix file mode of shell scripts (644 -> 755)
8169369 
Some shell scripts are not executable, so fix their file modes:

    $ git grep -Elz '^#!/bin/(ba)?sh' | xargs -0 -I '{}' \
      chmod +x '{}'

Files changed:

* src/fgit/fgit-uninstall.sh
* src/tools/extract_errnos.sh

Note: I have manually checked that the files above are indeed intended
to be executable directly and not just sourced, as a script of the
latter kind could also contain a shebang (for example, to help ensure
proper syntax highlighting).

Misc: The affected files were added on commit e46dd3e ("git-install",
2017-02-04) and on commit 081d1fb ("Add seccomp errno filter support",
2015-09-23) / PR netblue30#66, respectively.
kmk3 added a commit that referenced this pull request Jun 18, 2022
@kmk3
errno.c: fix reference to extract_errnos.sh in comment
c48b257 
See src/tools/extract_errnos.sh.

Added on commit 081d1fb ("Add seccomp errno filter support",
2015-09-23) / PR #66.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wader @netblue30