[PATCH RFC v2 1/3] Introduce seccomp-assisted syscall filtering
Paul Chaignon
paul.chaignon at gmail.com
Mon Aug 5 16:35:19 UTC 2019
On Wed, Jul 31, 2019 at 05:35:56PM +0200, Paul Chaignon wrote:
[...]
> diff --git a/linux/aarch64/arch_defs_.h b/linux/aarch64/arch_defs_.h
> index ed9261f5..213e7fad 100644
> --- a/linux/aarch64/arch_defs_.h
> +++ b/linux/aarch64/arch_defs_.h
> @@ -9,3 +9,7 @@
> #define HAVE_ARCH_OLD_SELECT 1
> #define HAVE_ARCH_UID16_SYSCALLS 1
> #define SUPPORTED_PERSONALITIES 2
> +#ifdef AUDIT_ARCH_AARCH64
> +# define PERSONALITY0_AUDIT_ARCH { AUDIT_ARCH_AARCH64, 0 }
> +# define PERSONALITY1_AUDIT_ARCH { AUDIT_ARCH_ARM, 0 }
> +#endif
This code fails to produce the desired behavior: define
PERSONALITY{0,1}_AUDIT_ARCH only if kernel has AUDIT_ARCH_AARCH64. It
looks like, when compiling on aarch64, this file is included before
<linux/audit.h>. Thus, AUDIT_ARCH_AARCH64 is always undefined.
I fixed it by including <linux/audit.h> at the top of this file, but I'm
not sure that's the correct way to address the issue (none of the
arch_defs_.h files have includes). Is that okay or should I change
something else to have <linux/audit.h> included before
"linux/aarch64/arch_defs_.h"?
Paul
More information about the Strace-devel
mailing list