From b27d6d121c8fad94658bbcf433e99f7fff542550 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 14 Nov 2022 23:00:27 +0100 Subject: arp, tap, util: Don't use perror() after seccomp filter is installed If stderr is closed, after we fork to background, glibc's implementation of perror() will try to re-open it by calling dup(), upon which the seccomp filter causes the process to terminate, because dup() is not included in the list of allowed syscalls. Replace perror() calls that might happen after isolation_postfork(). We could probably replace all of them, but early ones need a bit more attention as we have to check whether log.c functions work in early stages. Signed-off-by: Stefano Brivio Reviewed-by: David Gibson --- util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'util.c') diff --git a/util.c b/util.c index 514bd44..be102e3 100644 --- a/util.c +++ b/util.c @@ -125,7 +125,7 @@ int sock_l4(const struct ctx *c, int af, uint8_t proto, fd = socket(af, SOCK_DGRAM | SOCK_NONBLOCK, proto); if (fd < 0) { - perror("L4 socket"); + warn("L4 socket: %s", strerror(errno)); return -1; } @@ -193,7 +193,7 @@ int sock_l4(const struct ctx *c, int af, uint8_t proto, } if (proto == IPPROTO_TCP && listen(fd, 128) < 0) { - perror("TCP socket listen"); + warn("TCP socket listen: %s", strerror(errno)); close(fd); return -1; } @@ -201,7 +201,7 @@ int sock_l4(const struct ctx *c, int af, uint8_t proto, ev.events = EPOLLIN; ev.data.u64 = ref.u64; if (epoll_ctl(c->epollfd, EPOLL_CTL_ADD, fd, &ev) == -1) { - perror("L4 epoll_ctl"); + warn("L4 epoll_ctl: %s", strerror(errno)); return -1; } -- cgit v1.2.3