| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Rather than relying on close(2) being called.
Whilst a bit less performant with many open/close, there is also
no guarantee that close(2) will actually be called as
shutdown(2) could be used instead.
|
| | |
|
| |
|
|
|
| |
They might not be added as they are inactive and its just noise
as no operation is done anymore even for kqueue or epoll.
|
| |
|
|
| |
Should disard a harmless diagnostic.
|
| |
|
|
| |
Just free it entirely.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_{ARCOMPACT,ARCV2} is only defined
since kernel 5.2 and
https://github.com/torvalds/linux/commit/67f2a8a29311841ba6ab9b0e2d1b8f1e9978cd84
Detection of arc compact and arc v2 have been "copy/pasted" from
https://github.com/wbx-github/uclibc-ng/commit/afab56958f1cbb47b831ee3ebff231dfbae74af2
Fixes:
- http://autobuild.buildroot.org/results/d29083700a80dd647621eed06faeeae03f0587d3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_OPENRISC is defined since kernel 3.7:
https://github.com/torvalds/linux/commit/e2bebb4ae6d9ac4ffc524db67f7ecb205a173f77
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:203: warning: "AUDIT_ARCH_SPARC64" redefined
203 | # define AUDIT_ARCH_SPARC64
|
In file included from privsep-linux.c:35:
/srv/storage/autobuild/run/instance-0/output-1/host/sparc64-buildroot-linux-gnu/sysroot/usr/include/linux/audit.h:392: note: this is the location of the previous definition
392 | #define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT)
|
In file included from privsep-linux.c:36:
privsep-linux.c:215:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
215 | BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_{SH,SHEL,SH64,SHEL64} are defined at
least since kernel 3.7 and
https://github.com/torvalds/linux/commit/607ca46e97a1b6594b29647d98a32d545c24bdff
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | |
|
| |
|
|
| |
Sadly actioneer is not a real word.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Just have the one callback, but return an abstracted event mask
to work out if we can read/write have something else.
Log diagnostics if the event mask is unexpected.
While here add more logging if we fail to register an event to
monitor.
|
| | |
|
| |
|
|
|
|
| |
The default is ppoll(2), but we still allow epoll(7) so
allowing pselect(2) makes perfect sense and allows the user
to pick the polling mechanism they want.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_MICROBLAZE is only defined since
kernel 3.18 and
https://github.com/torvalds/linux/commit/ce5d112827e5c2e9864323d0efd7ec2a62c6dce0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_NIOS2 is only defined since kernel
5.2 and
https://github.com/torvalds/linux/commit/1660aac45e5b49a5ace29fb5b73254617533fcbd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_XTENSA is only defined since kernel
5.0 and
https://github.com/torvalds/linux/commit/98c3115a4ec56f03056efd9295e0fcb4c5c57a85
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | |
|
| |
|
|
|
| |
While here, if we cannot find ypbind to work out how the hook script
should be configured, guess according to OS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure:
privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet"
# error "Platform does not support seccomp filter yet"
^~~~~
In file included from privsep-linux.c:36:
privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'?
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
^~~~~~~~~~~~~~~~~~
It should be noted that AUDIT_ARCH_NDS32 is only defined since kernel
5.2 and
https://github.com/torvalds/linux/commit/fa562447e154334523daa44c0b60625d71a345f5
Fixes:
- http://autobuild.buildroot.org/results/af8ba07ea0c12ab8cd24d528ef98db05521f3d36
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
| |
This makes the code smaller yet and also use less memory then ppoll!
Still, the API blows chunks and we still have arbitary fd limits
which we'll realistically never hit.
Also, some BSD's note potential issues with select on the same fd
across processes so ppoll is still the winner.
|
| |
|
|
|
|
|
|
|
|
| |
Even though we now have fully working kqueue(2) and epoll(7)
with our privsep code, ppoll(2) is faster and smaller for our
workload.
This time though, we will keep the code here as it's fully working
and while fixing kqueue we also fixed other bugs in dhcpcd as a result
so it's not time wasted at all.
|
| | |
|
| |
|
|
|
|
| |
And set the flag to re-create it before the next run.
This allows us to always ensure it's small if the prior run
used more signals and fds.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
eloop allows for O(1) processing of active fd's.
The problems with the prior implementation have now been fixed.
|
| | |
|
| |
|
|
| |
It wasn't fixed, it was using kqueue so avoided!
|
| | |
|
| |
|
|
| |
NetBSD uses size_t, FreeBSD uses int for changelist length.
|
| |
|
|
| |
It shoud no longer be needed for OpenBSD, Linux and Solaris.
|
| | |
|
| |
|
|
|
|
|
|
| |
kqueue allows for O(1) processing of active fd's an a more
robust signal handling method without the need to use global
variables to avoid calling functions during signal delivery.
The problems with the prior implemenation have now been fixed.
|
| | |
|
| | |
|
| |
|
|
| |
This mirrors the inet listener.
|
