diff options
| author | Laurent Vivier <lvivier@redhat.com> | 2025-11-03 13:08:34 +0100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2025-11-04 18:53:41 +0100 |
| commit | a36031a4d807ca3197b6b14c50a93816d4d28f18 (patch) | |
| tree | 218fcc9a7a1d7a529c8c2436df6a7fb09dc54222 | |
| parent | 1d164396397799088b6dad13178781553333f2aa (diff) | |
| download | passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.tar passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.tar.gz passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.tar.bz2 passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.tar.lz passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.tar.xz passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.tar.zst passt-a36031a4d807ca3197b6b14c50a93816d4d28f18.zip | |
seccomp.sh: Quote tr character ranges to prevent glob expansion
we use [a-z] and [A-Z] patterns with 'tr', but
if there are files with names matching these patterns they will be
replaced by the name of the file and seccomp.h will not be generated
correctly:
$ rm seccomp.h
$ touch a b
$ make
tr: extra operand '[A-Z]'
Try 'tr --help' for more information.
seccomp profile passt allows: accept accept4 bind clock_gettime close connect epoll_ctl epoll_pwait epoll_wait exit_group
fallocate fcntl fsync ftruncate getsockname getsockopt listen lseek read recvfrom recvmmsg recvmsg sendmmsg sendmsg sendto
...
cc -Wall -Wextra -Wno-format-zero-length -Wformat-security -pedantic -std=c11 -D_XOPEN_SOURCE=700 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE -DPAGE_SIZE=4096 -DVERSION="2025_09_19.623dbf6-54-gf6b6118fcabd" -DDUAL_STACK_SOCKETS=1 -DHAS_GETRANDOM -fstack-protector-strong arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c epoll_ctl.c flow.c fwd.c icmp.c igmp.c inany.c iov.c ip.c isolation.c lineread.c log.c mld.c ndp.c netlink.c migrate.c packet.c passt.c pasta.c pcap.c pif.c repair.c tap.c tcp.c tcp_buf.c tcp_splice.c tcp_vu.c udp.c udp_flow.c udp_vu.c util.c vhost_user.c virtio.c vu_common.c -o passt
In file included from isolation.c:83:
seccomp.h:11:45: error: 'AUDIT_ARCH_' undeclared here (not in a function); did you mean 'AUDIT_ARCH'?
11 | BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_, 0, 80),
| ^~~~~~~~~~~
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rwxr-xr-x | seccomp.sh | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -22,7 +22,7 @@ IN="$@" [ -z "${ARCH}" ] && ARCH="$(uname -m)" [ -z "${CC}" ] && CC="cc" -AUDIT_ARCH="AUDIT_ARCH_$(echo ${ARCH} | tr [a-z] [A-Z] \ +AUDIT_ARCH="AUDIT_ARCH_$(echo ${ARCH} | tr '[a-z]' '[A-Z]' \ | sed 's/^ARM.*/ARM/' \ | sed 's/I[456]86/I386/' \ | sed 's/PPC64/PPC/' \ |