passt/Makefile, branch 2022_09_23.d6f865a Plug A Simple Socket Transport Makefile: Include seccomp.h in HEADERS and require it for static checkers 2022-09-22T14:53:35+00:00 Stefano Brivio sbrivio@redhat.com 2022-09-14T13:49:32+00:00 6655625c30baf7100514c2f008512e72bae8f861 Targets running static checkers (cppcheck and clang-tidy) need seccomp.h, but the latter is not included in HEADERS. Add it. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> 
Targets running static checkers (cppcheck and clang-tidy) need
seccomp.h, but the latter is not included in HEADERS. Add it.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Makefile: Allow define overrides by prepending, not appending, CFLAGS 2022-09-22T14:53:09+00:00 Stefano Brivio sbrivio@redhat.com 2022-09-14T13:34:28+00:00 512f5b1aab2a09faf8d63894ebadc8a2a96c6925 If we append CFLAGS to the ones passed via command line (if any), -D options we append will override -D options passed on command line (if any). For example, OpenSUSE build flags include -D_FORTIFY_SOURCE=3, and we want to have -D_FORTIFY_SOURCE=2, if and only if not overridden. The current behaviour implies we redefine _FORTIFY_SOURCE as 2, though. Instead of appending CFLAGS, prepend them by adding all the default build flags to another variable, a simply expanded one (defined with :=), named FLAGS, and pass that *before* CFLAGS in targets, so that defines from command line can override default flags. Reported-by: Dario Faggioli <dfaggioli@suse.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Tested-by: Dario Faggioli <dfaggioli@suse.com> 
If we append CFLAGS to the ones passed via command line (if any),
-D options we append will override -D options passed on command line
(if any).

For example, OpenSUSE build flags include -D_FORTIFY_SOURCE=3, and we
want to have -D_FORTIFY_SOURCE=2, if and only if not overridden. The
current behaviour implies we redefine _FORTIFY_SOURCE as 2, though.

Instead of appending CFLAGS, prepend them by adding all the default
build flags to another variable, a simply expanded one (defined with
:=), named FLAGS, and pass that *before* CFLAGS in targets, so that
defines from command line can override default flags.

Reported-by: Dario Faggioli <dfaggioli@suse.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Dario Faggioli <dfaggioli@suse.com>
Move self-isolation code into a separate file 2022-09-13T03:31:51+00:00 David Gibson david@gibson.dropbear.id.au 2022-09-12T12:24:03+00:00 d72a1e7bb96b461eb47d921436f7fe344e7b268a passt/pasta contains a number of routines designed to isolate passt from the rest of the system for security. These are spread through util.c and passt.c. Move them together into a new isolation.c file. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
passt/pasta contains a number of routines designed to isolate passt from
the rest of the system for security.  These are spread through util.c and
passt.c.  Move them together into a new isolation.c file.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Makefile: Honour LDFLAGS for binary targets 2022-09-07T09:01:10+00:00 Stefano Brivio sbrivio@redhat.com 2022-09-06T15:44:57+00:00 b2ee37ad38fe6629b4648e18ca4dd338ac9c017d We don't set any, but we should use them if they are passed in the environment. On a Fedora Rawhide package build, annocheck (https://sourceware.org/annobin/) reports: Hardened: /usr/bin/passt: FAIL: bind-now test because not linked with -Wl,-z,now ...despite the build system exporting -Wl,-z,now in LDFLAGS. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> 
We don't set any, but we should use them if they are passed in the
environment. On a Fedora Rawhide package build, annocheck
(https://sourceware.org/annobin/) reports:

  Hardened: /usr/bin/passt: FAIL: bind-now test because not linked with -Wl,-z,now

...despite the build system exporting -Wl,-z,now in LDFLAGS.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Makefile: Use more GNU-style directory variables, explicit docdir for OpenSUSE 2022-08-21T20:25:51+00:00 Stefano Brivio sbrivio@redhat.com 2022-08-21T09:23:54+00:00 7b710946b152fabab0f3c838e5518576beb9020c It turns out that, while on most distributions "docdir" would be /usr/share/doc, it's /usr/share/doc/packages/ on OpenSUSE Tumbleweed. Use an explicit docdir as shown in: https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto and don't unnecessarily hardcode directory variables in the Makefile. Otherwise, RPM builds for OpenSUSE will fail now that we have a README there. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
It turns out that, while on most distributions "docdir" would be
/usr/share/doc, it's /usr/share/doc/packages/ on OpenSUSE Tumbleweed.
Use an explicit docdir as shown in:
  https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto

and don't unnecessarily hardcode directory variables in the Makefile.
Otherwise, RPM builds for OpenSUSE will fail now that we have a README
there.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Makefile: Install demo.sh too, uninstall stuff under /usr/share 2022-08-20T17:07:12+00:00 Stefano Brivio sbrivio@redhat.com 2022-08-17T11:33:38+00:00 be0fe6502f4fa893e2f960d8caef1bd6faeb0062 Suggested-by: Benson Muite <benson_muite@emailplus.org> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Suggested-by: Benson Muite <benson_muite@emailplus.org>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Makefile: Ugly hack to get a "plain" Markdown version of README 2022-08-20T17:07:12+00:00 Stefano Brivio sbrivio@redhat.com 2022-08-09T22:21:09+00:00 c5f4ba1b1b27a6879855127dcd4947a081e0d249 Distribution packages reasonably expect to have a human-readable Markdown version of the README under /usr/share/doc/, but all we have right now is a heavily web-oriented version. Introduce a ugly hack to strip web-oriented parts from the current README and install it. It should probably work the other way around: a human-readable README could be used as a source for the web page. But cgit needs a file that's in the tree, not something that can be built, and https://passt.top/ is based on cgit. It should eventually be doable to work around this in cgit, instead. Reported-by: Benson Muite <benson_muite@emailplus.org> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Distribution packages reasonably expect to have a human-readable
Markdown version of the README under /usr/share/doc/, but all we have
right now is a heavily web-oriented version.

Introduce a ugly hack to strip web-oriented parts from the current
README and install it.

It should probably work the other way around: a human-readable README
could be used as a source for the web page. But cgit needs a file
that's in the tree, not something that can be built, and
https://passt.top/ is based on cgit. It should eventually be doable
to work around this in cgit, instead.

Reported-by: Benson Muite <benson_muite@emailplus.org>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
valgrind needs futex 2022-07-22T17:41:42+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-15T05:21:33+00:00 05dc1c65c11c05709ebde73e74d91fd29226ba9c Some versions of valgrind (such as the version on my Fedora laptop - valgrind-3.19.0-3.fc36.x86_64) use futexes. But futex is currently not allowed in the seccomp filter, even with the extra calls added for valgrind builds. Add it, to avoid spurious valgrind failures. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
Some versions of valgrind (such as the version on my Fedora laptop -
valgrind-3.19.0-3.fc36.x86_64) use futexes.  But futex is currently not
allowed in the seccomp filter, even with the extra calls added for
valgrind builds.  Add it, to avoid spurious valgrind failures.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
passt: Allow exit_group() system call in seccomp profiles 2022-07-13T23:36:05+00:00 Stefano Brivio sbrivio@redhat.com 2022-07-13T01:36:09+00:00 1d223e4b4c3b625383ceb368deb8d01e755a585f We handle SIGQUIT and SIGTERM calling exit(), which is usually implemented with the exit_group() system call. If we don't allow exit_group(), we'll get a SIGSYS while handling SIGQUIT and SIGTERM, which means a misleading non-zero exit code. Reported-by: Wenli Quan <wquan@redhat.com> Link: https://bugzilla.redhat.com/show_bug.cgi?id=2101990 Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
We handle SIGQUIT and SIGTERM calling exit(), which is usually
implemented with the exit_group() system call.

If we don't allow exit_group(), we'll get a SIGSYS while handling
SIGQUIT and SIGTERM, which means a misleading non-zero exit code.

Reported-by: Wenli Quan <wquan@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2101990
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Clean up passt.pid file 2022-07-13T23:32:42+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-06T07:29:02+00:00 ed63892a16940261055f08853914d8d8a456659a If the tests are interrupted at the right point a passt.pid file can be left over. Clean it up with "make clean" and add it to .gitignore so it doesn't get accidentally committed. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
If the tests are interrupted at the right point a passt.pid file can be
left over.  Clean it up with "make clean" and add it to .gitignore so it
doesn't get accidentally committed.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>