Browse Source

Fix -b execve when --seccomp-bpf option is specified

As --seccomp-bpf does not support detaching, explicitly turn off
this option when -b execve is specified.

* strace.c (init): Turn off --seccomp-bpf when -b execve is specified.
* NEWS: Mention this fix.
* tests/bexecve.test: Check it.

Fixes: v5.3~7 "Introduce seccomp-assisted syscall filtering"
Dmitry V. Levin 2 months ago
parent
commit
e9cb6ff5e2
3 changed files with 21 additions and 0 deletions
  1. 1
    0
      NEWS
  2. 6
    0
      strace.c
  3. 14
    0
      tests/bexecve.test

+ 1
- 0
NEWS View File

@@ -2,6 +2,7 @@ Noteworthy changes in release ?.? (????-??-??)
2 2
 ==============================================
3 3
 
4 4
 * Bug fixes
5
+  * Fixed -b execve when --seccomp-bpf option is specified.
5 6
   * Fixed build on no-MMU architectures.
6 7
 
7 8
 Noteworthy changes in release 5.3 (2019-09-25)

+ 6
- 0
strace.c View File

@@ -1786,6 +1786,12 @@ init(int argc, char *argv[])
1786 1786
 		error_msg_and_help("PROG [ARGS] must be specified with -D");
1787 1787
 	}
1788 1788
 
1789
+	if (seccomp_filtering && detach_on_execve) {
1790
+		error_msg("--seccomp-bpf is not enabled because"
1791
+			  " it is not compatible with -b");
1792
+		seccomp_filtering = false;
1793
+	}
1794
+
1789 1795
 	if (seccomp_filtering) {
1790 1796
 		if (nprocs && (!argc || debug_flag))
1791 1797
 			error_msg("--seccomp-bpf is not enabled for processes"

+ 14
- 0
tests/bexecve.test View File

@@ -36,4 +36,18 @@ if LC_ALL=C grep -E -v -x "($pattern_detached|$pattern_personality)" "$LOG" > /d
36 36
 	dump_log_and_fail_with "$STRACE $args: unexpected output"
37 37
 fi
38 38
 
39
+run_strace_redir --seccomp-bpf -bexecve -enone ../set_ptracer_any false ||
40
+	dump_log_and_fail_with "$STRACE $args: unexpected exit status"
41
+
42
+pattern_seccomp='[^:]*strace: --seccomp-bpf is not enabled because it is not compatible with -b'
43
+
44
+LC_ALL=C grep -x "$pattern_detached" "$LOG" > /dev/null &&
45
+LC_ALL=C grep -x "$pattern_seccomp" "$LOG" > /dev/null ||
46
+	dump_log_and_fail_with "$STRACE $args: output mismatch"
47
+
48
+pattern_all="$pattern_detached|$pattern_seccomp|$pattern_personality"
49
+if LC_ALL=C grep -E -v -x "$pattern_all" "$LOG" > /dev/null; then
50
+	dump_log_and_fail_with "$STRACE $args: unexpected output"
51
+fi
52
+
39 53
 exit 0

Loading…
Cancel
Save