diff options
Diffstat (limited to 'meta/recipes-devtools/pseudo/files/seccomp.patch')
| -rw-r--r-- | meta/recipes-devtools/pseudo/files/seccomp.patch | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/meta/recipes-devtools/pseudo/files/seccomp.patch b/meta/recipes-devtools/pseudo/files/seccomp.patch deleted file mode 100644 index 283f997941..0000000000 --- a/meta/recipes-devtools/pseudo/files/seccomp.patch +++ /dev/null @@ -1,137 +0,0 @@ -Pseudo changes the syscall access patterns which makes it incompatible with -seccomp. Therefore intercept the seccomp syscall and alter it, pretending that -seccomp was setup when in fact we do nothing. If we error as unsupported, -utilities like file will exit with errors so we can't just disable it. - -Upstream-Status: Pending -RP 2020/4/3 -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -It fails to compile pseudo-native on centos 7: - -| ports/linux/pseudo_wrappers.c: In function ‘prctl’: -| ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function) -| if (cmd == SECCOMP_SET_MODE_FILTER) { -| ^ - -Add macro guard for seccomp to avoid the failure. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -Index: git/ports/linux/pseudo_wrappers.c -=================================================================== ---- git.orig/ports/linux/pseudo_wrappers.c -+++ git/ports/linux/pseudo_wrappers.c -@@ -57,6 +57,7 @@ int pseudo_capset(cap_user_header_t hdrp - long - syscall(long number, ...) { - long rc = -1; -+ va_list ap; - - if (!pseudo_check_wrappers() || !real_syscall) { - /* rc was initialized to the "failure" value */ -@@ -77,6 +78,20 @@ syscall(long number, ...) { - (void) number; - #endif - -+#ifdef SYS_seccomp -+ /* pseudo and seccomp are incompatible as pseudo uses different syscalls -+ * so pretend to enable seccomp but really do nothing */ -+ if (number == SYS_seccomp) { -+ unsigned long cmd; -+ va_start(ap, number); -+ cmd = va_arg(ap, unsigned long); -+ va_end(ap); -+ if (cmd == SECCOMP_SET_MODE_FILTER) { -+ return 0; -+ } -+ } -+#endif -+ - /* gcc magic to attempt to just pass these args to syscall. we have to - * guess about the number of args; the docs discuss calling conventions - * up to 7, so let's try that? -@@ -92,3 +108,44 @@ static long wrap_syscall(long nr, va_lis - (void) ap; - return -1; - } -+ -+int -+prctl(int option, ...) { -+ int rc = -1; -+ va_list ap; -+ -+ if (!pseudo_check_wrappers() || !real_prctl) { -+ /* rc was initialized to the "failure" value */ -+ pseudo_enosys("prctl"); -+ return rc; -+ } -+ -+#ifdef SECCOMP_SET_MODE_FILTER -+ /* pseudo and seccomp are incompatible as pseudo uses different syscalls -+ * so pretend to enable seccomp but really do nothing */ -+ if (option == PR_SET_SECCOMP) { -+ unsigned long cmd; -+ va_start(ap, option); -+ cmd = va_arg(ap, unsigned long); -+ va_end(ap); -+ if (cmd == SECCOMP_SET_MODE_FILTER) { -+ return 0; -+ } -+ } -+#endif -+ -+ /* gcc magic to attempt to just pass these args to prctl. we have to -+ * guess about the number of args; the docs discuss calling conventions -+ * up to 5, so let's try that? -+ */ -+ void *res = __builtin_apply((void (*)()) real_prctl, __builtin_apply_args(), sizeof(long) * 5); -+ __builtin_return(res); -+} -+ -+/* unused. -+ */ -+static int wrap_prctl(int option, va_list ap) { -+ (void) option; -+ (void) ap; -+ return -1; -+} -Index: git/ports/linux/guts/prctl.c -=================================================================== ---- /dev/null -+++ git/ports/linux/guts/prctl.c -@@ -0,0 +1,15 @@ -+/* -+ * Copyright (c) 2020 Richard Purdie -+ * -+ * SPDX-License-Identifier: LGPL-2.1-only -+ * -+ * int prctl(int option, ...) -+ * int rc = -1; -+ */ -+ -+ /* we should never get here, prctl is hand-wrapped */ -+ rc = -1; -+ -+/* return rc; -+ * } -+ */ -Index: git/ports/linux/portdefs.h -=================================================================== ---- git.orig/ports/linux/portdefs.h -+++ git/ports/linux/portdefs.h -@@ -32,3 +32,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.0); - - #include <linux/capability.h> - #include <sys/syscall.h> -+#include <sys/prctl.h> -+#include <linux/seccomp.h> -Index: git/ports/linux/wrapfuncs.in -=================================================================== ---- git.orig/ports/linux/wrapfuncs.in -+++ git/ports/linux/wrapfuncs.in -@@ -56,3 +56,4 @@ int getgrent_r(struct group *gbuf, char - int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */ - long syscall(long nr, ...); /* hand_wrapped=1 */ - int renameat2(int olddirfd, const char *oldpath, int newdirfd, const char *newpath, unsigned int flags); /* flags=AT_SYMLINK_NOFOLLOW */ -+int prctl(int option, ...); /* hand_wrapped=1 */ |