Open
Conversation
Member
Author
|
Continuous integration is failing because coveralls is down... again :( |
Member
Coveralls seems to be up at the moment so let's try to re-run that failed CI job ... |
Add a new action macro, SCMP_ACT_TRAPX(), which accepts user-specified data in the lower 16-bits. When a userspace signal handler has been specified, the Linux kernel populates the si_errno field in the siginfo structure with these lower 16-bits from the trap action. To maintain backward compatibility, redefine SCMP_ACT_TRAP to map to SCMP_ACT_TRAPX(0). This will guarantee that filters that utilize SCMP_ACT_TRAP will behave identically. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
drakenclimber
force-pushed
the
issue466
branch
from
904402f to
85eca32
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is my first cut at addressing Issue #466. I'm open to discussion on other or better ways to handle it.
I decided to add
SCMP_ACT_TRAPX()(similar toSCMP_ACT_ERRNO()) where the user can specify the lower 16 bits of the action. These lower 16 bits are then fed into the si_errno field in the siginfo structure that is sent to the signal trap handler.With that said, this feature has been in seccomp since it was added in 2012, and no user has requested it. In fact, it looks like it was found by debugging and snooping around in the source code :). I don't think most users care about it, so I have chosen to make this invisible to users by remapping
SCMP_ACT_TRAPtoSCMP_ACT_TRAPX(0). When users upgrade to a version of libseccomp with this feature, everything will behave as they have before.If a user wants to use this feature, then they'll have to specifically use the
SCMP_ACT_TRAPX()action. Its usage is clearly outlined in test 63-live-trapx.c