From 90cb38259a3adbe640bc3d8c7fb0ef83df650bfa Mon Sep 17 00:00:00 2001 From: =?utf8?q?Thomas=20Wei=C3=9Fschuh?= Date: Thu, 22 Feb 2024 22:54:41 +0100 Subject: [PATCH] enosys: allow dumping to file MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Weißschuh --- bash-completion/enosys | 1 + misc-utils/enosys.1.adoc | 2 +- misc-utils/enosys.c | 18 ++++++++++++------ tests/ts/setpriv/seccomp | 2 +- 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/bash-completion/enosys b/bash-completion/enosys index 24971c349..14bc82369 100644 --- a/bash-completion/enosys +++ b/bash-completion/enosys @@ -17,6 +17,7 @@ _waitpid_module() '-m'|'--list-ioctl') return 0 '-d'|'--dump') + COMPREPLY=( $(compgen -f -- $cur) ) return 0 ;; '-h'|'--help'|'-V'|'--version') diff --git a/misc-utils/enosys.1.adoc b/misc-utils/enosys.1.adoc index 7eba7efff..7f7d0576b 100644 --- a/misc-utils/enosys.1.adoc +++ b/misc-utils/enosys.1.adoc @@ -38,7 +38,7 @@ List syscalls known to *enosys*. *-m*, *--list-ioctl*:: List ioctls known to *enosys*. -*-d*, *--dump*:: +*-d*, *--dump*[=_file_]:: Dump seccomp bytecode filter to standard output. + The dump can for example be used by *setpriv --seccomp-filter*. diff --git a/misc-utils/enosys.c b/misc-utils/enosys.c index dc120cd83..1410676dd 100644 --- a/misc-utils/enosys.c +++ b/misc-utils/enosys.c @@ -84,7 +84,7 @@ static void __attribute__((__noreturn__)) usage(void) fputs(_(" -s, --syscall syscall to block\n"), out); fputs(_(" -i, --ioctl ioctl to block\n"), out); fputs(_(" -l, --list list known syscalls\n"), out); - fputs(_(" -d, --dump dump seccomp bytecode\n"), out); + fputs(_(" -d, --dump[=] dump seccomp bytecode\n"), out); fputs(USAGE_SEPARATOR, out); fprintf(out, USAGE_HELP_OPTIONS(25)); @@ -155,13 +155,13 @@ int main(int argc, char **argv) { int c; size_t i; - bool dump = false; + FILE *dump = NULL; static const struct option longopts[] = { { "syscall", required_argument, NULL, 's' }, { "ioctl", required_argument, NULL, 'i' }, { "list", no_argument, NULL, 'l' }, { "list-ioctl", no_argument, NULL, 'm' }, - { "dump", no_argument, NULL, 'd' }, + { "dump", optional_argument, NULL, 'd' }, { "version", no_argument, NULL, 'V' }, { "help", no_argument, NULL, 'h' }, { 0 } @@ -179,7 +179,7 @@ int main(int argc, char **argv) bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); - while ((c = getopt_long (argc, argv, "+Vhs:i:lmd", longopts, NULL)) != -1) { + while ((c = getopt_long (argc, argv, "+Vhs:i:lmd::", longopts, NULL)) != -1) { switch (c) { case 's': blocked = parse_block(optarg, ENOSYS, syscalls, ARRAY_SIZE(syscalls)); @@ -202,7 +202,13 @@ int main(int argc, char **argv) printf("%5ld %s\n", ioctls[i].number, ioctls[i].name); return EXIT_SUCCESS; case 'd': - dump = true; + if (optarg) { + dump = fopen(optarg, "w"); + if (!dump) + err(EXIT_FAILURE, _("Could not open %s"), optarg); + } else { + dump = stdout; + } break; case 'V': print_version(EXIT_SUCCESS); @@ -271,7 +277,7 @@ int main(int argc, char **argv) INSTR(BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW)); if (dump) { - if (write_all(STDOUT_FILENO, filter, (f - filter) * sizeof(filter[0]))) + if (fwrite_all(filter, (f - filter) * sizeof(filter[0]), 1, dump)) err(EXIT_FAILURE, _("Could not dump seccomp filter")); return EXIT_SUCCESS; } diff --git a/tests/ts/setpriv/seccomp b/tests/ts/setpriv/seccomp index cebc366ac..119f3bc0d 100755 --- a/tests/ts/setpriv/seccomp +++ b/tests/ts/setpriv/seccomp @@ -28,7 +28,7 @@ ts_check_enosys_syscalls fallocate FALLOCATE_TEST="$TS_HELPER_ENOSYS fallocate" $FALLOCATE_TEST > /dev/null 2>> "$TS_OUTPUT" -"$TS_CMD_ENOSYS" -s fallocate --dump > "$TS_OUTDIR"/fallocate.seccomp +"$TS_CMD_ENOSYS" -s fallocate --dump="$TS_OUTDIR"/fallocate.seccomp "$TS_CMD_SETPRIV" --seccomp-filter "$TS_OUTDIR"/fallocate.seccomp $FALLOCATE_TEST > /dev/null 2>> "$TS_OUTPUT" ts_finalize -- 2.47.3