[1/7] seccomp: compel -- Add PTRACE_SECCOMP_GET_METADATA definition

Submitted by Cyrill Gorcunov on April 6, 2018, 7:17 p.m.

Details

Message ID 20180406191708.11325-2-gorcunov@gmail.com
State Accepted
Series "seccomp, v2: Add support for per-thread c/r"
Commit f525d4176396965c4a02e3661261d24208648d09
Headers show

Commit Message

Cyrill Gorcunov April 6, 2018, 7:17 p.m.
We will use it to figure out if filter log target is used.
Metadata associated with seccomp filter is relatively new
feature which allows userspace to get and set it back.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 compel/include/uapi/ptrace.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

Patch hide | download patch | download mbox

diff --git a/compel/include/uapi/ptrace.h b/compel/include/uapi/ptrace.h
index 7024efef3c27..fcc2d62b08e4 100644
--- a/compel/include/uapi/ptrace.h
+++ b/compel/include/uapi/ptrace.h
@@ -8,6 +8,7 @@ 
  * so there is no way they can be used together. Let's rely on libc one.
  */
 #include <sys/ptrace.h>
+#include <stdint.h>
 
 #include <compel/asm/breakpoints.h>
 
@@ -49,6 +50,16 @@ 
 #define PTRACE_SECCOMP_GET_FILTER	0x420c
 #endif
 
+#ifndef PTRACE_SECCOMP_GET_METADATA
+# define PTRACE_SECCOMP_GET_METADATA	0x420d
+
+struct seccomp_metadata {
+	uint64_t	filter_off;	/* Input: which filter */
+	uint64_t	flags;		/* Output: filter's flags */
+};
+
+#endif /* PTRACE_SECCOMP_GET_METADATA */
+
 #ifdef PTRACE_EVENT_STOP
 # if PTRACE_EVENT_STOP == 7 /* Bad value from Linux 3.1-3.3, fixed in 3.4 */
 #  undef PTRACE_EVENT_STOP

Comments

Andrey Vagin April 25, 2018, 6:30 p.m.
Do we need to update criu check to detect this feature?

On Fri, Apr 06, 2018 at 10:17:02PM +0300, Cyrill Gorcunov wrote:
> We will use it to figure out if filter log target is used.
> Metadata associated with seccomp filter is relatively new
> feature which allows userspace to get and set it back.
> 
> Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
> ---
>  compel/include/uapi/ptrace.h | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/compel/include/uapi/ptrace.h b/compel/include/uapi/ptrace.h
> index 7024efef3c27..fcc2d62b08e4 100644
> --- a/compel/include/uapi/ptrace.h
> +++ b/compel/include/uapi/ptrace.h
> @@ -8,6 +8,7 @@
>   * so there is no way they can be used together. Let's rely on libc one.
>   */
>  #include <sys/ptrace.h>
> +#include <stdint.h>
>  
>  #include <compel/asm/breakpoints.h>
>  
> @@ -49,6 +50,16 @@
>  #define PTRACE_SECCOMP_GET_FILTER	0x420c
>  #endif
>  
> +#ifndef PTRACE_SECCOMP_GET_METADATA
> +# define PTRACE_SECCOMP_GET_METADATA	0x420d
> +
> +struct seccomp_metadata {
> +	uint64_t	filter_off;	/* Input: which filter */
> +	uint64_t	flags;		/* Output: filter's flags */
> +};
> +
> +#endif /* PTRACE_SECCOMP_GET_METADATA */
> +
>  #ifdef PTRACE_EVENT_STOP
>  # if PTRACE_EVENT_STOP == 7 /* Bad value from Linux 3.1-3.3, fixed in 3.4 */
>  #  undef PTRACE_EVENT_STOP
> -- 
> 2.14.3
>
Cyrill Gorcunov April 25, 2018, 7:04 p.m.
On Wed, Apr 25, 2018 at 11:30:46AM -0700, Andrey Vagin wrote:
> Do we need to update criu check to detect this feature?
> 

I don't this there is a strong need for it. Surely we can optimize
the code and and some kind of dectection later.