From: Christian Brauner Date: Fri, 10 Dec 2021 16:05:11 +0000 (+0100) Subject: seccomp: only guard seccomp notify behind HAVE_DECL_SECCOMP_NOTIFY_FD X-Git-Tag: lxc-5.0.0~45^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4047%2Fhead;p=thirdparty%2Flxc.git seccomp: only guard seccomp notify behind HAVE_DECL_SECCOMP_NOTIFY_FD Signed-off-by: Christian Brauner --- diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h index 334f470fe..6a0b9fe98 100644 --- a/src/lxc/api_extensions.h +++ b/src/lxc/api_extensions.h @@ -27,9 +27,9 @@ static char *api_extensions[] = { "cgroup_relative", "mount_injection_file", "seccomp_allow_nesting", -#ifdef HAVE_SECCOMP_NOTIFY +#ifdef HAVE_DECL_SECCOMP_NOTIFY_FD "seccomp_notify", -#endif /* HAVE_SECCOMP_NOTIFY */ +#endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */ "network_veth_routes", "network_ipvlan", "network_l2proxy", @@ -44,10 +44,10 @@ static char *api_extensions[] = { "time_namespace", "seccomp_allow_deny_syntax", "devpts_fd", -#ifdef HAVE_SECCOMP_NOTIFY +#ifdef HAVE_DECL_SECCOMP_NOTIFY_FD "seccomp_notify_fd_active", "seccomp_proxy_send_notify_fd", -#endif /* HAVE_SECCOMP_NOTIFY */ +#endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */ "idmapped_mounts", "idmapped_mounts_v2", "core_scheduling", diff --git a/src/lxc/commands.c b/src/lxc/commands.c index 4b52ff736..0261fa316 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -701,7 +701,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD bool stopped = false; int fd; ssize_t ret; @@ -732,7 +732,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re struct lxc_handler *handler, struct lxc_async_descr *descr) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD struct lxc_cmd_rsp rsp = { .ret = -EBADF, }; @@ -1543,7 +1543,7 @@ int lxc_cmd_seccomp_notify_add_listener(const char *name, const char *lxcpath, /* unused */ unsigned int flags) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD bool stopped = false; ssize_t ret; struct lxc_cmd_rr cmd; @@ -1568,7 +1568,7 @@ static int lxc_cmd_seccomp_notify_add_listener_callback(int fd, { struct lxc_cmd_rsp rsp = {0}; -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD int ret; __do_close int recv_fd = -EBADF; diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 7f259b625..40f34af45 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1204,7 +1204,7 @@ static int set_config_seccomp_allow_nesting(const char *key, const char *value, static int set_config_seccomp_notify_cookie(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD return set_config_string_item(&lxc_conf->seccomp.notifier.cookie, value); #else return ret_errno(ENOSYS); @@ -1214,7 +1214,7 @@ static int set_config_seccomp_notify_cookie(const char *key, const char *value, static int set_config_seccomp_notify_proxy(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD const char *offset; if (lxc_config_value_empty(value)) @@ -4399,7 +4399,7 @@ static int get_config_seccomp_allow_nesting(const char *key, char *retv, static int get_config_seccomp_notify_cookie(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD return lxc_get_conf_str(retv, inlen, c->seccomp.notifier.cookie); #else return ret_errno(ENOSYS); @@ -4409,7 +4409,7 @@ static int get_config_seccomp_notify_cookie(const char *key, char *retv, int inl static int get_config_seccomp_notify_proxy(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD return lxc_get_conf_str(retv, inlen, (c->seccomp.notifier.proxy_addr.sun_path[0]) == '/' ? &c->seccomp.notifier.proxy_addr.sun_path[0] @@ -5142,7 +5142,7 @@ static inline int clr_config_seccomp_allow_nesting(const char *key, static inline int clr_config_seccomp_notify_cookie(const char *key, struct lxc_conf *c, void *data) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD free_disarm(c->seccomp.notifier.cookie); return 0; #else @@ -5153,7 +5153,7 @@ static inline int clr_config_seccomp_notify_cookie(const char *key, static inline int clr_config_seccomp_notify_proxy(const char *key, struct lxc_conf *c, void *data) { -#ifdef HAVE_SECCOMP_NOTIFY +#if HAVE_DECL_SECCOMP_NOTIFY_FD memset(&c->seccomp.notifier.proxy_addr, 0, sizeof(c->seccomp.notifier.proxy_addr)); return 0; diff --git a/src/lxc/lxcseccomp.h b/src/lxc/lxcseccomp.h index 070dcaf5a..dcfb52d23 100644 --- a/src/lxc/lxcseccomp.h +++ b/src/lxc/lxcseccomp.h @@ -6,10 +6,12 @@ #include "config.h" #include + #ifdef HAVE_SECCOMP #include #include #endif + #if HAVE_DECL_SECCOMP_NOTIFY_FD #include #include @@ -60,8 +62,6 @@ struct seccomp_notify { char *cookie; }; -#define HAVE_SECCOMP_NOTIFY 1 - #endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */ struct lxc_seccomp {