enosys: allow dumping to file

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>

diff --git a/bash-completion/enosys b/bash-completion/enosys
index 24971c349d42846f416766ef1b5f7ff4f4790c14..14bc8236928bcc7f036b48196a4dc764213c4709 100644 (file)
--- a/bash-completion/enosys
+++ b/bash-completion/enosys
@@ -17,6 +17,7 @@ _waitpid_module()
                '-m'|'--list-ioctl')
                        return 0
                '-d'|'--dump')
+                       COMPREPLY=( $(compgen -f -- $cur) )
                        return 0
                        ;;
                '-h'|'--help'|'-V'|'--version')

diff --git a/misc-utils/enosys.1.adoc b/misc-utils/enosys.1.adoc
index 7eba7efffc2c381f7b7f2699874c9fdec46c6f7a..7f7d0576bf191e1ec7a8cfd5b0151d206ce549f5 100644 (file)
--- a/misc-utils/enosys.1.adoc
+++ b/misc-utils/enosys.1.adoc
@@ -38,7 +38,7 @@ List syscalls known to *enosys*.
 *-m*, *--list-ioctl*::
 List ioctls known to *enosys*.
 
-*-d*, *--dump*::
+*-d*, *--dump*[=_file_]::
 Dump seccomp bytecode filter to standard output.
 +
 The dump can for example be used by *setpriv --seccomp-filter*.

diff --git a/misc-utils/enosys.c b/misc-utils/enosys.c
index dc120cd83d4f19ec8484c323a6a029d0ab762fcf..1410676dd3c5f4dd2bcb93bf54b9eb3b45c15829 100644 (file)
--- a/misc-utils/enosys.c
+++ b/misc-utils/enosys.c
@@ -84,7 +84,7 @@ static void __attribute__((__noreturn__)) usage(void)
        fputs(_(" -s, --syscall           syscall to block\n"), out);
        fputs(_(" -i, --ioctl             ioctl to block\n"), out);
        fputs(_(" -l, --list              list known syscalls\n"), out);
-       fputs(_(" -d, --dump              dump seccomp bytecode\n"), out);
+       fputs(_(" -d, --dump[=<file>]     dump seccomp bytecode\n"), out);
 
        fputs(USAGE_SEPARATOR, out);
        fprintf(out, USAGE_HELP_OPTIONS(25));
@@ -155,13 +155,13 @@ int main(int argc, char **argv)
 {
        int c;
        size_t i;
-       bool dump = false;
+       FILE *dump = NULL;
        static const struct option longopts[] = {
                { "syscall",    required_argument, NULL, 's' },
                { "ioctl",      required_argument, NULL, 'i' },
                { "list",       no_argument,       NULL, 'l' },
                { "list-ioctl", no_argument,       NULL, 'm' },
-               { "dump",       no_argument,       NULL, 'd' },
+               { "dump",       optional_argument, NULL, 'd' },
                { "version",    no_argument,       NULL, 'V' },
                { "help",       no_argument,       NULL, 'h' },
                { 0 }
@@ -179,7 +179,7 @@ int main(int argc, char **argv)
        bindtextdomain(PACKAGE, LOCALEDIR);
        textdomain(PACKAGE);
 
-       while ((c = getopt_long (argc, argv, "+Vhs:i:lmd", longopts, NULL)) != -1) {
+       while ((c = getopt_long (argc, argv, "+Vhs:i:lmd::", longopts, NULL)) != -1) {
                switch (c) {
                case 's':
                        blocked = parse_block(optarg, ENOSYS, syscalls, ARRAY_SIZE(syscalls));
@@ -202,7 +202,13 @@ int main(int argc, char **argv)
                                printf("%5ld %s\n", ioctls[i].number, ioctls[i].name);
                        return EXIT_SUCCESS;
                case 'd':
-                       dump = true;
+                       if (optarg) {
+                               dump = fopen(optarg, "w");
+                               if (!dump)
+                                       err(EXIT_FAILURE, _("Could not open %s"), optarg);
+                       } else {
+                               dump = stdout;
+                       }
                        break;
                case 'V':
                        print_version(EXIT_SUCCESS);
@@ -271,7 +277,7 @@ int main(int argc, char **argv)
        INSTR(BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW));
 
        if (dump) {
-               if (write_all(STDOUT_FILENO, filter, (f - filter) * sizeof(filter[0])))
+               if (fwrite_all(filter, (f - filter) * sizeof(filter[0]), 1, dump))
                        err(EXIT_FAILURE, _("Could not dump seccomp filter"));
                return EXIT_SUCCESS;
        }

diff --git a/tests/ts/setpriv/seccomp b/tests/ts/setpriv/seccomp
index cebc366acfdd846ca86e5c2d0f3c83f7bf5d5086..119f3bc0d7bbf3432e63262e44c1e10dade33dca 100755 (executable)
--- a/tests/ts/setpriv/seccomp
+++ b/tests/ts/setpriv/seccomp
@@ -28,7 +28,7 @@ ts_check_enosys_syscalls fallocate
 FALLOCATE_TEST="$TS_HELPER_ENOSYS fallocate"
 
 $FALLOCATE_TEST > /dev/null 2>> "$TS_OUTPUT"
-"$TS_CMD_ENOSYS" -s fallocate --dump > "$TS_OUTDIR"/fallocate.seccomp
+"$TS_CMD_ENOSYS" -s fallocate --dump="$TS_OUTDIR"/fallocate.seccomp
 "$TS_CMD_SETPRIV" --seccomp-filter "$TS_OUTDIR"/fallocate.seccomp $FALLOCATE_TEST > /dev/null 2>> "$TS_OUTPUT"
 
 ts_finalize