commit 2af6903f456b549fd57ba8beceddec961803cb3d
author Dmitry V. Levin <ldv@altlinux.org> Wed Feb 04 23:50:50 2015 +0000
committer Dmitry V. Levin <ldv@altlinux.org> Fri Feb 06 01:23:05 2015 +0000
tree 99f59e6ca0ffb8db0c4c75318b6446b1a09d0311
parent 094605225580ffbbcf76a632b0069da946180646

Implement seccomp decoding

* configure.ac (AC_CHECK_HEADERS): Add linux/filter.h
and linux/seccomp.h.
* defs.h (print_seccomp_filter): New prototype.
* linux/dummy.h (sys_seccomp): Remove.
* linux/syscall.h (sys_seccomp): New prototype.
* prctl.c: Include <linux/seccomp.h>.
(sys_prctl): Decode PR_SET_SECCOMP.
* seccomp.c: New file.
* Makefile.am (strace_SOURCES): Add it.
* xlat/bpf_class.in: New file.
* xlat/bpf_miscop.in: Likewise.
* xlat/bpf_mode.in: Likewise.
* xlat/bpf_op_alu.in: Likewise.
* xlat/bpf_op_jmp.in: Likewise.
* xlat/bpf_rval.in: Likewise.
* xlat/bpf_size.in: Likewise.
* xlat/bpf_src.in: Likewise.
* xlat/seccomp_filter_flags.in: Likewise.
* xlat/seccomp_mode.in: Likewise.
* xlat/seccomp_ops.in: Likewise.
* xlat/seccomp_ret_action.in: Likewise.

prctl.c

diff --git a/prctl.c b/prctl.c
index 234d11d..935f399 100644
--- a/prctl.c
+++ b/prctl.c
@@ -25,6 +25,12 @@
 	return buf;
 }
 
+#ifdef HAVE_LINUX_SECCOMP_H
+# include <linux/seccomp.h>
+#endif
+
+#include "xlat/seccomp_mode.h"
+
 int
 sys_prctl(struct tcb *tcp)
 {
@@ -74,6 +80,28 @@
 		case PR_GET_KEEPCAPS:
 			break;
 #endif
+
+#ifdef PR_SET_SECCOMP
+		case PR_SET_SECCOMP:
+			tprints(", ");
+			printxval(seccomp_mode, tcp->u_arg[1],
+				  "SECCOMP_MODE_???");
+# ifdef SECCOMP_MODE_STRICT
+			if (SECCOMP_MODE_STRICT == tcp->u_arg[1])
+				break;
+# endif
+# ifdef SECCOMP_MODE_FILTER
+			if (SECCOMP_MODE_FILTER == tcp->u_arg[1]) {
+				tprints(", ");
+				print_seccomp_filter(tcp, tcp->u_arg[2]);
+				break;
+			}
+# endif
+			for (i = 2; i < tcp->s_ent->nargs; i++)
+				tprintf(", %#lx", tcp->u_arg[i]);
+			break;
+#endif /* PR_SET_SECCOMP */
+
 		default:
 			for (i = 1; i < tcp->s_ent->nargs; i++)
 				tprintf(", %#lx", tcp->u_arg[i]);