[PATCH RFC v2 1/3] Introduce seccomp-assisted syscall filtering

Dmitry V. Levin ldv at altlinux.org
Mon Aug 5 16:52:34 UTC 2019


On Mon, Aug 05, 2019 at 05:50:52PM +0200, Paul Chaignon wrote:
[...]
> > I was thinking of something like
> >
> > static struct audit_arch_t audit_arch_vec[SUPPORTED_PERSONALITIES] = {
> > #ifdef PERSONALITY0_AUDIT_ARCH
> > [0] = PERSONALITY0_AUDIT_ARCH,
> > #endif
> > #ifdef PERSONALITY1_AUDIT_ARCH
> > [1] = PERSONALITY1_AUDIT_ARCH,
> > #endif
> > #ifdef PERSONALITY2_AUDIT_ARCH
> > [2] = PERSONALITY2_AUDIT_ARCH,
> > #endif
> > };
> >
> > This way you don't need any fallback PERSONALITY{0,1,2}_AUDIT_ARCH macros.
> 
> We'll still need to define PERSONALITY{0,1}_AUDIT_ARCH in case e.g.
> AUDIT_ARCH_RISCV64 is undefined.  Do you mean that it would be best to
> handle this case directly in e.g. linux/riscv/arch_defs_.h?  I defined the
> fallback macros to avoid having duplicated #ifndef AUDIT_ARCH_XXX code in
> arch_defs_.h files.

I've pushed some changes in this area, now you can do

#include <linux/audit.h>
#define XLAT_MACROS_ONLY
# include "xlat/elf_em.h"
# include "xlat/audit_arch.h"
#undef XLAT_MACROS_ONLY

and have all AUDIT_ARCH_* macros defined.  This is already used e.g.
in get_personality.c file.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20190805/f034270b/attachment.bin>


More information about the Strace-devel mailing list