[PATCH RFC v2 1/3] Introduce seccomp-assisted syscall filtering

Paul Chaignon paul.chaignon at gmail.com
Wed Aug 14 20:39:28 UTC 2019


On Tue, Aug 13, 2019 at 01:00:47PM +0200, Eugene Syromiatnikov wrote:
> On Tue, Aug 13, 2019 at 10:26:33AM +0200, Paul Chaignon wrote:
> > On Mon, Aug 12, 2019 at 5:18 PM Paul Chaignon <paul.chaignon at gmail.com> wrote:
> > > On Mon, Aug 12, 2019 at 02:28:00PM +0200, Eugene Syromiatnikov wrote:
> > > > On Wed, Aug 07, 2019 at 06:03:38PM +0200, Paul Chaignon wrote:
> > > > > On Mon, Aug 05, 2019 at 07:59:25PM +0200, Eugene Syromiatnikov wrote:
> > > > > > On Wed, Jul 31, 2019 at 05:35:56PM +0200, Paul Chaignon wrote:
> > 
> > [...]
> > 
> > > > > > There's already some code which does nearly the same job,
> > > > > > bpf_filter.c:print_bpf_filter_block(), I wonder if it can be re-used.
> > > > >
> > > > > We could even reuse print_bpf_fprog() I think.  I'm not sure how to do
> > > > > that though as we'll need to output to stderr instead of current_tcp.  We
> > > > > could create a fake current_tcp, but that sounds very hacky...  Any other
> > > > > idea?
> > > >
> > > > The common approach is print to string in the intermal functions and
> > > > just have different top-level wrappers.
> > >
> > > I thought that would be too heavy a change.  I'll do that.
> > 
> > Wait, that *is* too heavy a change.  The print_bpf_filter_xxx functions
> > call tprints, tprintf, and printxval.  I can replace tprints and tprintf
> > with print to string functions, but printxval is a bit more involved.  I'd
> > have to make a number of changes in defs.h plus rewrite printxvals_ex in
> > xlat.c.
> > 
> > Then, to print to a string, I'd have to either allocate a buffer once and
> > for all and correctly guess the maximum required size, which seems error
> > prone, or reallocate the buffer as I'm printing into it...
> > 
> > Would all these changes be okay?  Are they worth it?  Is there a simpler
> > way I missed?
> 
> I don't think it is _needed_ at this stage, more like "a good to have";
> it's a debug output, which we already have duplicating elsewhere anyway
> (like ptrace-related debug printing).  And I have to check, but in some
> cases sprintxval_ex is enough (and multiple-xlat cases can be worked around
> to some extent).

Ok, I'll leave that to a later patch.  I'd really like to merge the first
patchset before end of summer.

Paul


More information about the Strace-devel mailing list