Browse Source

filter_seccomp: fix build for no-MMU targets

Avoid unsupported fork() call on no-MMU Linux systems to fix
the following link error:

ld: strace-filter_seccomp.o: in function `check_seccomp_filter':
filter_seccomp.c:(.text+0x39a): undefined reference to `fork'
collect2: error: ld returned 1 exit status

* filter_seccomp.c (__gcov_flush, check_seccomp_order_do_child,
check_seccomp_order_tracer): Move under HAVE_FORK guard.
(check_seccomp_order): Move fork code under HAVE_FORK guard.
(check_seccomp_filter_properties): Do not check for NOMMU_SYSTEM.
* NEWS: Mention this fix.

Reported-and-tested-by: Baruch Siach <baruch@tkos.co.il>
Fixes: v5.3~7 "Introduce seccomp-assisted syscall filtering"
Dmitry V. Levin 1 month ago
parent
commit
509400106a
2 changed files with 13 additions and 9 deletions
  1. 3
    0
      NEWS
  2. 10
    9
      filter_seccomp.c

+ 3
- 0
NEWS View File

@@ -1,6 +1,9 @@
1 1
 Noteworthy changes in release ?.? (????-??-??)
2 2
 ==============================================
3 3
 
4
+* Bug fixes
5
+  * Fixed build on no-MMU architectures.
6
+
4 7
 Noteworthy changes in release 5.3 (2019-09-25)
5 8
 ==============================================
6 9
 

+ 10
- 9
filter_seccomp.c View File

@@ -59,9 +59,11 @@ static const struct audit_arch_t audit_arch_vec[SUPPORTED_PERSONALITIES] = {
59 59
 # endif
60 60
 };
61 61
 
62
-# ifdef ENABLE_COVERAGE_GCOV
62
+# ifdef HAVE_FORK
63
+
64
+#  ifdef ENABLE_COVERAGE_GCOV
63 65
 extern void __gcov_flush(void);
64
-# endif
66
+#  endif
65 67
 
66 68
 static void ATTRIBUTE_NORETURN
67 69
 check_seccomp_order_do_child(void)
@@ -91,9 +93,9 @@ check_seccomp_order_do_child(void)
91 93
 		perror_func_msg_and_die("PTRACE_TRACEME");
92 94
 	}
93 95
 
94
-# ifdef ENABLE_COVERAGE_GCOV
96
+#  ifdef ENABLE_COVERAGE_GCOV
95 97
 	__gcov_flush();
96
-# endif
98
+#  endif
97 99
 
98 100
 	kill(pid, SIGSTOP);
99 101
 	syscall(__NR_gettid);
@@ -223,12 +225,15 @@ check_seccomp_order_tracer(int pid)
223 225
 
224 226
 	return pid;
225 227
 }
228
+# endif /* HAVE_FORK */
226 229
 
227 230
 static void
228 231
 check_seccomp_order(void)
229 232
 {
230 233
 	seccomp_filtering = false;
231 234
 
235
+	/* NOMMU provides no forks necessary for the test.  */
236
+# ifdef HAVE_FORK
232 237
 	int pid = fork();
233 238
 	if (pid < 0) {
234 239
 		perror_func_msg("fork");
@@ -248,6 +253,7 @@ check_seccomp_order(void)
248 253
 			break;
249 254
 		}
250 255
 	}
256
+# endif /* HAVE_FORK */
251 257
 }
252 258
 
253 259
 static bool
@@ -340,11 +346,6 @@ check_bpf_program_size(void)
340 346
 static void
341 347
 check_seccomp_filter_properties(void)
342 348
 {
343
-	if (NOMMU_SYSTEM) {
344
-		seccomp_filtering = false;
345
-		return;
346
-	}
347
-
348 349
 	int rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
349 350
 	seccomp_filtering = rc < 0 && errno != EINVAL;
350 351
 	if (!seccomp_filtering)

Loading…
Cancel
Save