aboutgitcodebugslistschat
path: root/tap.c
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2021-10-13 22:25:03 +0200
committerStefano Brivio <sbrivio@redhat.com>2021-10-14 13:15:46 +0200
commit66d5930ec77caed942404ceef4829f2c4ca431bd (patch)
treecef75db6ce37ddd50de819f1dc53dcd602b97c36 /tap.c
parentf318174a9387ecd94d83ed0b9356940c60753846 (diff)
downloadpasst-66d5930ec77caed942404ceef4829f2c4ca431bd.tar
passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.gz
passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.bz2
passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.lz
passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.xz
passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.zst
passt-66d5930ec77caed942404ceef4829f2c4ca431bd.zip
passt, pasta: Add seccomp support
List of allowed syscalls comes from comments in the form: #syscalls <list> for syscalls needed both in passt and pasta mode, and: #syscalls:pasta <list> #syscalls:passt <list> for syscalls specifically needed in pasta or passt mode only. seccomp.sh builds a list of BPF statements from those comments, prefixed by a binary search tree to keep lookup fast. While at it, clean up a bit the Makefile using wildcards. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tap.c')
-rw-r--r--tap.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/tap.c b/tap.c
index ec2b8b5..d20503d 100644
--- a/tap.c
+++ b/tap.c
@@ -10,6 +10,8 @@
*
* Copyright (c) 2020-2021 Red Hat GmbH
* Author: Stefano Brivio <sbrivio@redhat.com>
+ *
+ * #syscalls recvfrom sendto
*/
#define _GNU_SOURCE
@@ -768,6 +770,8 @@ restart:
/**
* tap_sock_init_unix() - Create and bind AF_UNIX socket, wait for connection
* @c: Execution context
+ *
+ * #syscalls:passt unlink
*/
static void tap_sock_init_unix(struct ctx *c)
{
@@ -819,8 +823,13 @@ static void tap_sock_init_unix(struct ctx *c)
}
info("UNIX domain socket bound at %s\n", addr.sun_path);
+#ifdef PASST_LEGACY_NO_OPTIONS
+ /*
+ * syscalls:passt chmod
+ */
chmod(addr.sun_path,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+#endif
pcap_init(c, i);
@@ -850,6 +859,8 @@ static int tun_ns_fd = -1;
* @c: Execution context
*
* Return: 0
+ *
+ * #syscalls:pasta ioctl
*/
static int tap_ns_tun(void *arg)
{