[PATCH RFC v2 1/3] Introduce seccomp-assisted syscall filtering
Dmitry V. Levin
ldv at altlinux.org
Mon Aug 5 16:58:19 UTC 2019
On Mon, Aug 05, 2019 at 06:35:19PM +0200, Paul Chaignon wrote:
> On Wed, Jul 31, 2019 at 05:35:56PM +0200, Paul Chaignon wrote:
>
> [...]
>
> > diff --git a/linux/aarch64/arch_defs_.h b/linux/aarch64/arch_defs_.h
> > index ed9261f5..213e7fad 100644
> > --- a/linux/aarch64/arch_defs_.h
> > +++ b/linux/aarch64/arch_defs_.h
> > @@ -9,3 +9,7 @@
> > #define HAVE_ARCH_OLD_SELECT 1
> > #define HAVE_ARCH_UID16_SYSCALLS 1
> > #define SUPPORTED_PERSONALITIES 2
> > +#ifdef AUDIT_ARCH_AARCH64
> > +# define PERSONALITY0_AUDIT_ARCH { AUDIT_ARCH_AARCH64, 0 }
> > +# define PERSONALITY1_AUDIT_ARCH { AUDIT_ARCH_ARM, 0 }
> > +#endif
>
> This code fails to produce the desired behavior: define
> PERSONALITY{0,1}_AUDIT_ARCH only if kernel has AUDIT_ARCH_AARCH64. It
> looks like, when compiling on aarch64, this file is included before
> <linux/audit.h>. Thus, AUDIT_ARCH_AARCH64 is always undefined.
Looks like your <linux/audit.h> is incomplete, otherwise the issue would
arise on all architectures including x86-64.
Could you rebase to the latest master, include AUDIT_ARCH_* definitions
from xlat/audit_arch.h, and try again, please?
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20190805/71d834c7/attachment.bin>
More information about the Strace-devel
mailing list