diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2021-10-14 01:21:29 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2021-10-14 13:16:03 +0200 |
commit | 32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05 (patch) | |
tree | d5cc1d83190b38f58eb86bd094fc5ce6f5d3eef9 /passt.c | |
parent | 66d5930ec77caed942404ceef4829f2c4ca431bd (diff) | |
download | passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.tar passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.tar.gz passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.tar.bz2 passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.tar.lz passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.tar.xz passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.tar.zst passt-32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05.zip |
passt, pasta: Completely avoid dynamic memory allocation
Replace libc functions that might dynamically allocate memory with own
implementations or wrappers.
Drop brk(2) from list of allowed syscalls in seccomp profile.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'passt.c')
-rw-r--r-- | passt.c | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -192,10 +192,10 @@ static void seccomp(struct ctx *c) * * Return: 0 once interrupted, non-zero on failure * - * #syscalls read write open close fork dup2 exit chdir brk ioctl writev syslog + * #syscalls read write open close fork dup2 exit chdir ioctl writev syslog * #syscalls prlimit64 epoll_ctl epoll_create1 epoll_wait accept4 accept listen * #syscalls socket bind connect getsockopt setsockopt recvfrom sendto shutdown - * #syscalls openat fstat fcntl lseek + * #syscalls openat fstat fcntl lseek clone setsid exit_group * #syscalls:pasta rt_sigreturn */ int main(int argc, char **argv) @@ -226,16 +226,16 @@ int main(int argc, char **argv) if (madvise(pkt_buf, TAP_BUF_BYTES, MADV_HUGEPAGE)) perror("madvise"); - openlog(log_name, 0, LOG_DAEMON); + __openlog(log_name, 0, LOG_DAEMON); - setlogmask(LOG_MASK(LOG_EMERG)); + __setlogmask(LOG_MASK(LOG_EMERG)); conf(&c, argc, argv); seccomp(&c); if (!c.debug && (c.stderr || isatty(fileno(stdout)))) - openlog(log_name, LOG_PERROR, LOG_DAEMON); + __openlog(log_name, LOG_PERROR, LOG_DAEMON); c.epollfd = epoll_create1(0); if (c.epollfd == -1) { @@ -271,11 +271,11 @@ int main(int argc, char **argv) dhcpv6_init(&c); if (c.debug) - setlogmask(LOG_UPTO(LOG_DEBUG)); + __setlogmask(LOG_UPTO(LOG_DEBUG)); else if (c.quiet) - setlogmask(LOG_UPTO(LOG_ERR)); + __setlogmask(LOG_UPTO(LOG_ERR)); else - setlogmask(LOG_UPTO(LOG_INFO)); + __setlogmask(LOG_UPTO(LOG_INFO)); if (isatty(fileno(stdout)) && !c.foreground) daemon(0, 0); |