[lxc-devel] [lxc/master] seccomp: cleanup

brauner on Github lxc-bot at linuxcontainers.org
Thu May 24 14:56:55 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180524/98ee6e92/attachment.bin>
-------------- next part --------------
From 5fdc4e77a6433b65ace7372e486b12363f344a32 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:34:49 +0200
Subject: [PATCH 01/17] lxcseccomp: cleanup header

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxcseccomp.h | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/lxc/lxcseccomp.h b/src/lxc/lxcseccomp.h
index bfafe3aec..93d57bbdc 100644
--- a/src/lxc/lxcseccomp.h
+++ b/src/lxc/lxcseccomp.h
@@ -27,23 +27,24 @@
 #include "conf.h"
 
 #ifdef HAVE_SECCOMP
-int lxc_seccomp_load(struct lxc_conf *conf);
-int lxc_read_seccomp_config(struct lxc_conf *conf);
-void lxc_seccomp_free(struct lxc_conf *conf);
+extern int lxc_seccomp_load(struct lxc_conf *conf);
+extern int lxc_read_seccomp_config(struct lxc_conf *conf);
+extern void lxc_seccomp_free(struct lxc_conf *conf);
 #else
-static inline int lxc_seccomp_load(struct lxc_conf *conf) {
+static inline int lxc_seccomp_load(struct lxc_conf *conf)
+{
 	return 0;
 }
 
-static inline int lxc_read_seccomp_config(struct lxc_conf *conf) {
+static inline int lxc_read_seccomp_config(struct lxc_conf *conf)
+{
 	return 0;
 }
 
-static inline void lxc_seccomp_free(struct lxc_conf *conf) {
-	if (conf->seccomp) {
-		free(conf->seccomp);
-		conf->seccomp = NULL;
-	}
+static inline void lxc_seccomp_free(struct lxc_conf *conf)
+{
+	free(conf->seccomp);
+	conf->seccomp = NULL;
 }
 #endif
 

From ccf8d128e43076d96ab8509a42dfb7bb2133ae59 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:35:01 +0200
Subject: [PATCH 02/17] seccomp: parse_config_v1()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index c7b8c1219..817b53633 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -23,9 +23,9 @@
 
 #define _GNU_SOURCE
 #include <errno.h>
+#include <seccomp.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <seccomp.h>
 #include <sys/mount.h>
 #include <sys/utsname.h>
 
@@ -38,25 +38,30 @@ lxc_log_define(lxc_seccomp, lxc);
 
 static int parse_config_v1(FILE *f, struct lxc_conf *conf)
 {
-	char line[1024];
-	int ret;
+	int ret = 0;
+	size_t line_bufsz = 0;
+	char *line = NULL;
 
-	while (fgets(line, 1024, f)) {
+	while (getline(&line, &line_bufsz, f) != -1) {
 		int nr;
+
 		ret = sscanf(line, "%d", &nr);
 		if (ret != 1)
 			return -1;
-		ret = seccomp_rule_add(
+
 #if HAVE_SCMP_FILTER_CTX
-		    conf->seccomp_ctx,
+		ret = seccomp_rule_add(conf->seccomp_ctx, SCMP_ACT_ALLOW, nr, 0);
+#else
+		ret = seccomp_rule_add(SCMP_ACT_ALLOW, nr, 0);
 #endif
-		    SCMP_ACT_ALLOW, nr, 0);
 		if (ret < 0) {
 			ERROR("Failed loading allow rule for %d", nr);
-			return ret;
+			break;
 		}
 	}
-	return 0;
+	free(line);
+
+	return ret;
 }
 
 #if HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH

From 7ad3767052a663d6d2c4e4309cdac78ac388dca6 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:38:08 +0200
Subject: [PATCH 03/17] utils: add remove_trailing_newlines()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxccontainer.c | 15 ++++-----------
 src/lxc/seccomp.c      | 10 ----------
 src/lxc/utils.c        | 11 +++++++++++
 src/lxc/utils.h        |  1 +
 4 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 16182332c..fa66060db 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -2685,15 +2685,6 @@ static bool mod_rdep(struct lxc_container *c0, struct lxc_container *c, bool inc
 	return bret;
 }
 
-static void strip_newline(char *p)
-{
-	size_t len = strlen(p);
-	if (len < 1)
-		return;
-	if (p[len-1] == '\n')
-		p[len-1] = '\0';
-}
-
 void mod_all_rdeps(struct lxc_container *c, bool inc)
 {
 	struct lxc_container *p;
@@ -2716,8 +2707,10 @@ void mod_all_rdeps(struct lxc_container *c, bool inc)
 			ERROR("badly formatted file %s", path);
 			goto out;
 		}
-		strip_newline(lxcpath);
-		strip_newline(lxcname);
+
+		remove_trailing_newlines(lxcpath);
+		remove_trailing_newlines(lxcname);
+
 		if ((p = lxc_container_new(lxcname, lxcpath)) == NULL) {
 			ERROR("Unable to find dependent container %s:%s",
 				lxcpath, lxcname);
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 817b53633..1e754db22 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -65,16 +65,6 @@ static int parse_config_v1(FILE *f, struct lxc_conf *conf)
 }
 
 #if HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH
-static void remove_trailing_newlines(char *l)
-{
-	char *p = l;
-
-	while (*p)
-		p++;
-	while (--p >= l && *p == '\n')
-		*p = '\0';
-}
-
 static uint32_t get_v2_default_action(char *line)
 {
 	uint32_t ret_action = -1;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 2669a4d4b..7525346e9 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -2533,3 +2533,14 @@ int lxc_set_death_signal(int signal)
 
 	return 0;
 }
+
+void remove_trailing_newlines(char *l)
+{
+	char *p = l;
+
+	while (*p)
+		p++;
+
+	while (--p >= l && *p == '\n')
+		*p = '\0';
+}
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index dd4510644..93e2a3ee4 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -453,6 +453,7 @@ extern void lxc_free_array(void **array, lxc_free_fn element_free_fn);
 extern size_t lxc_array_len(void **array);
 
 extern void **lxc_append_null_to_array(void **array, size_t count);
+extern void remove_trailing_newlines(char *l);
 
 /* initialize rand with urandom */
 extern int randseed(bool);

From 30448a13abc70e4de7578bf8ca4a26a58655b0ea Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:42:47 +0200
Subject: [PATCH 04/17] seccomp: get_v2_default_action()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 1e754db22..aae1921b4 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -71,20 +71,26 @@ static uint32_t get_v2_default_action(char *line)
 
 	while (*line == ' ')
 		line++;
+
 	/* After 'whitelist' or 'blacklist' comes default behavior. */
-	if (strncmp(line, "kill", 4) == 0)
+	if (strncmp(line, "kill", 4) == 0) {
 		ret_action = SCMP_ACT_KILL;
-	else if (strncmp(line, "errno", 5) == 0) {
-		int e;
-		if (sscanf(line + 5, "%d", &e) != 1) {
-			ERROR("Bad errno value in %s", line);
+	} else if (strncmp(line, "errno", 5) == 0) {
+		int e, ret;
+
+		ret = sscanf(line + 5, "%d", &e);
+		if (ret != 1) {
+			ERROR("Failed to parse errno value from %s", line);
 			return -2;
 		}
+
 		ret_action = SCMP_ACT_ERRNO(e);
-	} else if (strncmp(line, "allow", 5) == 0)
+	} else if (strncmp(line, "allow", 5) == 0) {
 		ret_action = SCMP_ACT_ALLOW;
-	else if (strncmp(line, "trap", 4) == 0)
+	} else if (strncmp(line, "trap", 4) == 0) {
 		ret_action = SCMP_ACT_TRAP;
+	}
+
 	return ret_action;
 }
 

From f0fd80ae3d90185dc169f0871b6e1d08e0c9d8ff Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:46:06 +0200
Subject: [PATCH 05/17] seccomp: get_action_name()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index aae1921b4..f03dc4ab5 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -97,7 +97,7 @@ static uint32_t get_v2_default_action(char *line)
 static const char *get_action_name(uint32_t action)
 {
 	/* The upper 16 bits indicate the type of the seccomp action. */
-	switch(action & 0xffff0000){
+	switch (action & 0xffff0000) {
 	case SCMP_ACT_KILL:
 		return "kill";
 	case SCMP_ACT_ALLOW:
@@ -106,9 +106,9 @@ static const char *get_action_name(uint32_t action)
 		return "trap";
 	case SCMP_ACT_ERRNO(0):
 		return "errno";
-	default:
-		return "invalid action";
 	}
+
+	return "invalid action";
 }
 
 static uint32_t get_v2_action(char *line, uint32_t def_action)

From 1ab6b4a12eb5c1ad55659886779d9ef864581d56 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:47:59 +0200
Subject: [PATCH 06/17] seccomp: get_v2_action()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 51 +++++++++++++++++++++++++++++----------------------
 1 file changed, 29 insertions(+), 22 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index f03dc4ab5..d2f80cb70 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -65,6 +65,23 @@ static int parse_config_v1(FILE *f, struct lxc_conf *conf)
 }
 
 #if HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH
+static const char *get_action_name(uint32_t action)
+{
+	/* The upper 16 bits indicate the type of the seccomp action. */
+	switch (action & 0xffff0000) {
+	case SCMP_ACT_KILL:
+		return "kill";
+	case SCMP_ACT_ALLOW:
+		return "allow";
+	case SCMP_ACT_TRAP:
+		return "trap";
+	case SCMP_ACT_ERRNO(0):
+		return "errno";
+	}
+
+	return "invalid action";
+}
+
 static uint32_t get_v2_default_action(char *line)
 {
 	uint32_t ret_action = -1;
@@ -94,41 +111,31 @@ static uint32_t get_v2_default_action(char *line)
 	return ret_action;
 }
 
-static const char *get_action_name(uint32_t action)
-{
-	/* The upper 16 bits indicate the type of the seccomp action. */
-	switch (action & 0xffff0000) {
-	case SCMP_ACT_KILL:
-		return "kill";
-	case SCMP_ACT_ALLOW:
-		return "allow";
-	case SCMP_ACT_TRAP:
-		return "trap";
-	case SCMP_ACT_ERRNO(0):
-		return "errno";
-	}
-
-	return "invalid action";
-}
-
 static uint32_t get_v2_action(char *line, uint32_t def_action)
 {
-	char *p = strchr(line, ' ');
+	char *p;
 	uint32_t ret;
 
+	p = strchr(line, ' ');
 	if (!p)
 		return def_action;
 	p++;
+
 	while (*p == ' ')
 		p++;
+
 	if (!*p || *p == '#')
 		return def_action;
+
 	ret = get_v2_default_action(p);
-	switch(ret) {
-	case -2: return -1;
-	case -1: return def_action;
-	default: return ret;
+	switch (ret) {
+	case -2:
+		return -1;
+	case -1:
+		return def_action;
 	}
+
+	return ret;
 }
 
 struct v2_rule_args {

From 63a49b03f4fcc4b62cbd29bdfe6844cd248af7bd Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 13:49:36 +0200
Subject: [PATCH 07/17] seccomp: fix get_seccomp_arg_value()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index d2f80cb70..176964c3a 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -138,7 +138,7 @@ static uint32_t get_v2_action(char *line, uint32_t def_action)
 	return ret;
 }
 
-struct v2_rule_args {
+struct seccomp_v2_rule_args {
 	uint32_t index;
 	uint64_t value;
 	uint64_t mask;
@@ -148,7 +148,7 @@ struct v2_rule_args {
 struct seccomp_v2_rule {
 	uint32_t action;
 	uint32_t args_num;
-	struct v2_rule_args args_value[6];
+	struct seccomp_v2_rule_args args_value[6];
 };
 
 static enum scmp_compare parse_v2_rule_op(char *s)
@@ -171,7 +171,8 @@ static enum scmp_compare parse_v2_rule_op(char *s)
 	return _SCMP_CMP_MAX;
 }
 
-/* This function is used to parse the args string into the structure.
+/*
+ * This function is used to parse the args string into the structure.
  * args string format:[index,value,op,valueTwo] or [index,value,op]
  * index: the index for syscall arguments (type uint)
  * value: the value for syscall arguments (type uint64)
@@ -182,21 +183,21 @@ static enum scmp_compare parse_v2_rule_op(char *s)
  * valueTwo: the value for syscall arguments only used for mask eq (type uint64, optional)
  * Returns 0 on success, < 0 otherwise.
  */
-static int get_seccomp_arg_value(char *key, struct v2_rule_args *rule_args)
+static int get_seccomp_arg_value(char *key, struct seccomp_v2_rule_args *rule_args)
 {
 	int ret = 0;
-	uint64_t value = 0;
-	uint64_t mask = 0;
-	enum scmp_compare op = 0;
 	uint32_t index = 0;
-	char s[31] = {0}, v[24] = {0}, m[24] = {0};
+	uint64_t mask = 0, value = 0;
+	enum scmp_compare op = 0;
 	char *tmp = NULL;
+	char s[31] = {0}, v[24] = {0}, m[24] = {0};
 
 	tmp = strchr(key, '[');
 	if (!tmp) {
 		ERROR("Failed to interpret args");
 		return -1;
 	}
+
 	ret = sscanf(tmp, "[%i,%23[^,],%30[^0-9^,],%23[^,]", &index, v, s, m);
 	if ((ret != 3 && ret != 4) || index >= 6) {
 		ERROR("Failed to interpret args value");
@@ -209,7 +210,7 @@ static int get_seccomp_arg_value(char *key, struct v2_rule_args *rule_args)
 		return -1;
 	}
 
-	ret = lxc_safe_uint64(v, &mask);
+	ret = lxc_safe_uint64(m, &mask);
 	if (ret < 0) {
 		ERROR("Invalid argument mask");
 		return -1;

From 4336105aad566f9072296538c638f3b0bb93d8c4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:22:58 +0200
Subject: [PATCH 08/17] seccomp: parse_v2_rules()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 176964c3a..1a56a49d9 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -235,13 +235,11 @@ static int get_seccomp_arg_value(char *key, struct seccomp_v2_rule_args *rule_ar
  * @rules	: output struct.
  * Returns 0 on success, < 0 otherwise.
  */
-static int parse_v2_rules(char *line, uint32_t def_action, struct seccomp_v2_rule *rules)
+static int parse_v2_rules(char *line, uint32_t def_action,
+			  struct seccomp_v2_rule *rules)
 {
-	int ret = 0 ;
-	int i = 0;
-	char *tmp = NULL;
-	char *key = NULL;
-	char *saveptr = NULL;
+	int i = 0, ret = -1;
+	char *key = NULL, *saveptr = NULL, *tmp = NULL;
 
 	tmp = strdup(line);
 	if (!tmp)
@@ -249,33 +247,33 @@ static int parse_v2_rules(char *line, uint32_t def_action, struct seccomp_v2_rul
 
 	/* read optional action which follows the syscall */
 	rules->action = get_v2_action(tmp, def_action);
-	if (rules->action == -1) {
+	if (rules->action < 0) {
 		ERROR("Failed to interpret action");
-		ret = -1;
 		goto out;
 	}
 
+	ret = 0;
 	rules->args_num = 0;
-	if (!strchr(tmp, '[')) {
-		ret = 0;
+	if (!strchr(tmp, '['))
 		goto out;
-	}
 
-	for ((key = strtok_r(tmp, "]", &saveptr)), i = 0; key && i < 6; (key = strtok_r(NULL, "]", &saveptr)), i++) {
+	ret = -1;
+	for ((key = strtok_r(tmp, "]", &saveptr)), i = 0; key && i < 6;
+	     (key = strtok_r(NULL, "]", &saveptr)), i++) {
 		ret = get_seccomp_arg_value(key, &rules->args_value[i]);
-		if (ret < 0) {
-			ret = -1;
+		if (ret < 0)
 			goto out;
-		}
+
 		rules->args_num++;
 	}
 
 	ret = 0;
+
 out:
 	free(tmp);
+
 	return ret;
 }
-
 #endif
 
 #if HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH

From 5ae10abd9d1202ecffa5a93adbb6555912794984 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:24:09 +0200
Subject: [PATCH 09/17] seccomp: move #ifdefines

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 1a56a49d9..bf15c8a6b 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -34,6 +34,14 @@
 #include "lxcseccomp.h"
 #include "utils.h"
 
+#ifdef __MIPSEL__
+#define MIPS_ARCH_O32 lxc_seccomp_arch_mipsel
+#define MIPS_ARCH_N64 lxc_seccomp_arch_mipsel64
+#else
+#define MIPS_ARCH_O32 lxc_seccomp_arch_mips
+#define MIPS_ARCH_N64 lxc_seccomp_arch_mips64
+#endif
+
 lxc_log_define(lxc_seccomp, lxc);
 
 static int parse_config_v1(FILE *f, struct lxc_conf *conf)
@@ -298,14 +306,6 @@ enum lxc_hostarch_t {
 	lxc_seccomp_arch_unknown = 999,
 };
 
-#ifdef __MIPSEL__
-# define MIPS_ARCH_O32 lxc_seccomp_arch_mipsel
-# define MIPS_ARCH_N64 lxc_seccomp_arch_mipsel64
-#else
-# define MIPS_ARCH_O32 lxc_seccomp_arch_mips
-# define MIPS_ARCH_N64 lxc_seccomp_arch_mips64
-#endif
-
 int get_hostarch(void)
 {
 	struct utsname uts;

From 2fba3515bada608fb22e90c0be55b38dd67f578f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:24:59 +0200
Subject: [PATCH 10/17] seccomp: get_hostarch()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index bf15c8a6b..69509d0c7 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -313,6 +313,7 @@ int get_hostarch(void)
 		SYSERROR("Failed to read host arch");
 		return -1;
 	}
+
 	if (strcmp(uts.machine, "i686") == 0)
 		return lxc_seccomp_arch_i386;
 	/* no x32 kernels */
@@ -334,6 +335,7 @@ int get_hostarch(void)
 		return MIPS_ARCH_O32;
 	else if (strncmp(uts.machine, "s390x", 5) == 0)
 		return lxc_seccomp_arch_s390x;
+
 	return lxc_seccomp_arch_unknown;
 }
 

From 857cc7571a09a9670c3f3ec50efe0b8ba9de4a23 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:28:02 +0200
Subject: [PATCH 11/17] seccomp: scmp_filter_ctx get_new_ctx()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 88 +++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 62 insertions(+), 26 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 69509d0c7..092cc538a 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -339,56 +339,92 @@ int get_hostarch(void)
 	return lxc_seccomp_arch_unknown;
 }
 
-scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_action, bool *needs_merge)
+scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch,
+			    uint32_t default_policy_action, bool *needs_merge)
 {
-	scmp_filter_ctx ctx;
 	int ret;
 	uint32_t arch;
+	scmp_filter_ctx ctx;
 
-	switch(n_arch) {
-	case lxc_seccomp_arch_i386: arch = SCMP_ARCH_X86; break;
-	case lxc_seccomp_arch_x32: arch = SCMP_ARCH_X32; break;
-	case lxc_seccomp_arch_amd64: arch = SCMP_ARCH_X86_64; break;
-	case lxc_seccomp_arch_arm: arch = SCMP_ARCH_ARM; break;
+	switch (n_arch) {
+	case lxc_seccomp_arch_i386:
+		arch = SCMP_ARCH_X86;
+		break;
+	case lxc_seccomp_arch_x32:
+		arch = SCMP_ARCH_X32;
+		break;
+	case lxc_seccomp_arch_amd64:
+		arch = SCMP_ARCH_X86_64;
+		break;
+	case lxc_seccomp_arch_arm:
+		arch = SCMP_ARCH_ARM;
+		break;
 #ifdef SCMP_ARCH_AARCH64
-	case lxc_seccomp_arch_arm64: arch = SCMP_ARCH_AARCH64; break;
+	case lxc_seccomp_arch_arm64:
+		arch = SCMP_ARCH_AARCH64;
+		break;
 #endif
 #ifdef SCMP_ARCH_PPC64LE
-	case lxc_seccomp_arch_ppc64le: arch = SCMP_ARCH_PPC64LE; break;
+	case lxc_seccomp_arch_ppc64le:
+		arch = SCMP_ARCH_PPC64LE;
+		break;
 #endif
 #ifdef SCMP_ARCH_PPC64
-	case lxc_seccomp_arch_ppc64: arch = SCMP_ARCH_PPC64; break;
+	case lxc_seccomp_arch_ppc64:
+		arch = SCMP_ARCH_PPC64;
+		break;
 #endif
 #ifdef SCMP_ARCH_PPC
-	case lxc_seccomp_arch_ppc: arch = SCMP_ARCH_PPC; break;
+	case lxc_seccomp_arch_ppc:
+		arch = SCMP_ARCH_PPC;
+		break;
 #endif
 #ifdef SCMP_ARCH_MIPS
-	case lxc_seccomp_arch_mips: arch = SCMP_ARCH_MIPS; break;
-	case lxc_seccomp_arch_mips64: arch = SCMP_ARCH_MIPS64; break;
-	case lxc_seccomp_arch_mips64n32: arch = SCMP_ARCH_MIPS64N32; break;
-	case lxc_seccomp_arch_mipsel: arch = SCMP_ARCH_MIPSEL; break;
-	case lxc_seccomp_arch_mipsel64: arch = SCMP_ARCH_MIPSEL64; break;
-	case lxc_seccomp_arch_mipsel64n32: arch = SCMP_ARCH_MIPSEL64N32; break;
+	case lxc_seccomp_arch_mips:
+		arch = SCMP_ARCH_MIPS;
+		break;
+	case lxc_seccomp_arch_mips64:
+		arch = SCMP_ARCH_MIPS64;
+		break;
+	case lxc_seccomp_arch_mips64n32:
+		arch = SCMP_ARCH_MIPS64N32;
+		break;
+	case lxc_seccomp_arch_mipsel:
+		arch = SCMP_ARCH_MIPSEL;
+		break;
+	case lxc_seccomp_arch_mipsel64:
+		arch = SCMP_ARCH_MIPSEL64;
+		break;
+	case lxc_seccomp_arch_mipsel64n32:
+		arch = SCMP_ARCH_MIPSEL64N32;
+		break;
 #endif
 #ifdef SCMP_ARCH_S390X
-	case lxc_seccomp_arch_s390x: arch = SCMP_ARCH_S390X; break;
+	case lxc_seccomp_arch_s390x:
+		arch = SCMP_ARCH_S390X;
+		break;
 #endif
-	default: return NULL;
+	default:
+		return NULL;
 	}
 
-	if ((ctx = seccomp_init(default_policy_action)) == NULL) {
+	ctx = seccomp_init(default_policy_action);
+	if (!ctx) {
 		ERROR("Error initializing seccomp context");
 		return NULL;
 	}
-	if (seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0)) {
-		ERROR("Failed to turn off no-new-privs");
+
+	ret = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
+	if (ret < 0) {
+		ERROR("%s - Failed to turn off no-new-privs", strerror(-ret));
 		seccomp_release(ctx);
 		return NULL;
 	}
+
 #ifdef SCMP_FLTATR_ATL_TSKIP
-	if (seccomp_attr_set(ctx, SCMP_FLTATR_ATL_TSKIP, 1)) {
-		WARN("Failed to turn on seccomp nop-skip, continuing");
-	}
+	ret = seccomp_attr_set(ctx, SCMP_FLTATR_ATL_TSKIP, 1);
+	if (ret < 0)
+		WARN("%s - Failed to turn on seccomp nop-skip, continuing", strerror(-ret));
 #endif
 
 	ret = seccomp_arch_exist(ctx, arch);
@@ -396,7 +432,7 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_
 		if (ret != -EEXIST) {
 			ERROR("%s - Failed to determine whether arch %d is "
 			      "already present in the main seccomp context",
-			       strerror(-ret), (int)n_arch);
+			      strerror(-ret), (int)n_arch);
 			seccomp_release(ctx);
 			return NULL;
 		}

From 3462394306d6297cebc154f0b7c594667b249344 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:35:21 +0200
Subject: [PATCH 12/17] seccomp: do_resolve_add_rule()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 57 ++++++++++++++++++++++++++++++-------------------------
 1 file changed, 31 insertions(+), 26 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 092cc538a..4ab551134 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -464,18 +464,14 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch,
 }
 
 bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
-			struct seccomp_v2_rule *rule)
+			 struct seccomp_v2_rule *rule)
 {
-	int nr, ret, i;
-	struct scmp_arg_cmp arg_cmp[6];
-
-	memset(arg_cmp, 0 ,sizeof(arg_cmp));
+	int i, nr, ret;
+	struct scmp_arg_cmp arg_cmp[6] = {0};
 
 	ret = seccomp_arch_exist(ctx, arch);
 	if (arch && ret != 0) {
-		ERROR("BUG: Seccomp: rule and context arch do not match (arch "
-		      "%d): %s",
-		      arch, strerror(-ret));
+		ERROR("%s - Seccomp: rule and context arch do not match (arch %d)", strerror(-ret), arch);
 		return false;
 	}
 
@@ -485,49 +481,58 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
 		*p = '\0';
 
 	if (strncmp(line, "reject_force_umount", 19) == 0) {
-		INFO("Setting Seccomp rule to reject force umounts");
-		ret = seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(umount2),
-				1, SCMP_A1(SCMP_CMP_MASKED_EQ , MNT_FORCE , MNT_FORCE ));
+		ret = seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EACCES),
+					     SCMP_SYS(umount2), 1,
+					     SCMP_A1(SCMP_CMP_MASKED_EQ, MNT_FORCE, MNT_FORCE));
 		if (ret < 0) {
-			ERROR("Failed (%d) loading rule to reject force "
-			      "umount: %s",
-			      ret, strerror(-ret));
+			ERROR("%s - Failed loading rule to reject force umount", strerror(-ret));
 			return false;
 		}
+
+		INFO("Set seccomp rule to reject force umounts");
 		return true;
 	}
 
 	nr = seccomp_syscall_resolve_name(line);
 	if (nr == __NR_SCMP_ERROR) {
-		WARN("Seccomp: failed to resolve syscall: %s", line);
+		WARN("Failed to resolve syscall \"%s\"", line);
 		WARN("This syscall will NOT be blacklisted");
 		return true;
 	}
+
 	if (nr < 0) {
-		WARN("Seccomp: got negative for syscall: %d: %s", nr, line);
+		WARN("Got negative return value %d for syscall \"%s\"", nr, line);
 		WARN("This syscall will NOT be blacklisted");
 		return true;
 	}
 
 	for (i = 0; i < rule->args_num; i++) {
-		INFO("arg_cmp[%d]:SCMP_CMP(%u, %llu, %llu, %llu)", i,
-		      rule->args_value[i].index,
-		      (long long unsigned int)rule->args_value[i].op,
-		      (long long unsigned int)rule->args_value[i].mask,
-		      (long long unsigned int)rule->args_value[i].value);
+		INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i,
+		     rule->args_value[i].index,
+		     (long long unsigned int)rule->args_value[i].op,
+		     (long long unsigned int)rule->args_value[i].mask,
+		     (long long unsigned int)rule->args_value[i].value);
 
 		if (SCMP_CMP_MASKED_EQ == rule->args_value[i].op)
-			arg_cmp[i] = SCMP_CMP(rule->args_value[i].index, rule->args_value[i].op, rule->args_value[i].mask, rule->args_value[i].value);
+			arg_cmp[i] = SCMP_CMP(rule->args_value[i].index,
+					      rule->args_value[i].op,
+					      rule->args_value[i].mask,
+					      rule->args_value[i].value);
 		else
-			arg_cmp[i] = SCMP_CMP(rule->args_value[i].index, rule->args_value[i].op, rule->args_value[i].value);
+			arg_cmp[i] = SCMP_CMP(rule->args_value[i].index,
+					      rule->args_value[i].op,
+					      rule->args_value[i].value);
 	}
 
-	ret = seccomp_rule_add_exact_array(ctx, rule->action, nr, rule->args_num, arg_cmp);
+	ret = seccomp_rule_add_exact_array(ctx, rule->action, nr,
+					   rule->args_num, arg_cmp);
 	if (ret < 0) {
-		ERROR("Failed (%d) loading rule for %s (nr %d action %d(%s)): %s",
-		      ret, line, nr, rule->action, get_action_name(rule->action), strerror(-ret));
+		ERROR("%s - Failed loading rule for %s (nr %d action %d (%s))",
+		      strerror(-ret), line, nr, rule->action,
+		      get_action_name(rule->action));
 		return false;
 	}
+
 	return true;
 }
 

From 3bbf11ebf7ed5d66b339a67884fb81d8b18f057f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:47:08 +0200
Subject: [PATCH 13/17] seccomp: parse_config_v2()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 85 ++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 62 insertions(+), 23 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 4ab551134..6ce3d5559 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -552,12 +552,13 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
  */
 static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 {
-	char *p;
 	int ret;
+	char *p;
+	enum lxc_hostarch_t cur_rule_arch, native_arch;
+	size_t line_bufsz = 0;
 	bool blacklist = false;
+	char *rule_line = NULL;
 	uint32_t default_policy_action = -1, default_rule_action = -1;
-	enum lxc_hostarch_t native_arch = get_hostarch(),
-			    cur_rule_arch = native_arch;
 	struct seccomp_v2_rule rule;
 	struct scmp_ctx_info {
 		uint32_t architectures[3];
@@ -568,11 +569,12 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 	if (strncmp(line, "blacklist", 9) == 0)
 		blacklist = true;
 	else if (strncmp(line, "whitelist", 9) != 0) {
-		ERROR("Bad seccomp policy style: %s", line);
+		ERROR("Bad seccomp policy style \"%s\"", line);
 		return -1;
 	}
 
-	if ((p = strchr(line, ' '))) {
+	p = strchr(line, ' ');
+	if (p) {
 		default_policy_action = get_v2_default_action(p + 1);
 		if (default_policy_action == -2)
 			return -1;
@@ -582,11 +584,13 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 	if (blacklist) {
 		if (default_policy_action == -1)
 			default_policy_action = SCMP_ACT_ALLOW;
+
 		if (default_rule_action == -1)
 			default_rule_action = SCMP_ACT_KILL;
 	} else {
 		if (default_policy_action == -1)
 			default_policy_action = SCMP_ACT_KILL;
+
 		if (default_rule_action == -1)
 			default_rule_action = SCMP_ACT_ALLOW;
 	}
@@ -595,6 +599,8 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 	ctx.architectures[0] = SCMP_ARCH_NATIVE;
 	ctx.architectures[1] = SCMP_ARCH_NATIVE;
 	ctx.architectures[2] = SCMP_ARCH_NATIVE;
+	native_arch = get_hostarch();
+	cur_rule_arch = native_arch;
 	if (native_arch == lxc_seccomp_arch_amd64) {
 		cur_rule_arch = lxc_seccomp_arch_all;
 
@@ -641,17 +647,17 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		cur_rule_arch = lxc_seccomp_arch_all;
 
 		ctx.architectures[0] = SCMP_ARCH_ARM;
-		ctx.contexts[0] =
-		    get_new_ctx(lxc_seccomp_arch_arm, default_policy_action,
-				&ctx.needs_merge[0]);
+		ctx.contexts[0] = get_new_ctx(lxc_seccomp_arch_arm,
+					      default_policy_action,
+					      &ctx.needs_merge[0]);
 		if (!ctx.contexts[0])
 			goto bad;
 
 #ifdef SCMP_ARCH_AARCH64
 		ctx.architectures[2] = SCMP_ARCH_AARCH64;
-		ctx.contexts[2] =
-		    get_new_ctx(lxc_seccomp_arch_arm64, default_policy_action,
-				&ctx.needs_merge[2]);
+		ctx.contexts[2] = get_new_ctx(lxc_seccomp_arch_arm64,
+					      default_policy_action,
+					      &ctx.needs_merge[2]);
 		if (!ctx.contexts[2])
 			goto bad;
 #endif
@@ -712,25 +718,30 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 			ERROR("Error re-initializing Seccomp");
 			return -1;
 		}
-		if (seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0)) {
-			ERROR("Failed to turn off no-new-privs");
+
+		ret = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0);
+		if (ret < 0) {
+			ERROR("%s - Failed to turn off no-new-privs", strerror(-ret));
 			return -1;
 		}
+
 #ifdef SCMP_FLTATR_ATL_TSKIP
-		if (seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_ATL_TSKIP, 1)) {
-			WARN("Failed to turn on seccomp nop-skip, continuing");
-		}
+		ret = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_ATL_TSKIP, 1);
+		if (ret < 0)
+			WARN("%s - Failed to turn on seccomp nop-skip, continuing", strerror(-ret));
 #endif
 	}
 
-	while (fgets(line, 1024, f)) {
-
+	while (getline(&rule_line, &line_bufsz, f) != -1) {
 		if (line[0] == '#')
 			continue;
-		if (strlen(line) == 0)
+
+		if (line[0] == '\0')
 			continue;
+
 		remove_trailing_newlines(line);
-		INFO("processing: .%s", line);
+
+		INFO("Processing \"%s\"", line);
 		if (line[0] == '[') {
 			/* Read the architecture for next set of rules. */
 			if (strcmp(line, "[x86]") == 0 ||
@@ -740,6 +751,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_i386;
 			} else if (strcmp(line, "[x32]") == 0 ||
 				   strcmp(line, "[X32]") == 0) {
@@ -747,6 +759,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_x32;
 			} else if (strcmp(line, "[X86_64]") == 0 ||
 				   strcmp(line, "[x86_64]") == 0) {
@@ -754,6 +767,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_amd64;
 			} else if (strcmp(line, "[all]") == 0 ||
 				   strcmp(line, "[ALL]") == 0) {
@@ -767,6 +781,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_arm;
 			}
 #endif
@@ -777,6 +792,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_arm64;
 			}
 #endif
@@ -787,6 +803,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_ppc64le;
 			}
 #endif
@@ -797,6 +814,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_ppc64;
 			}
 #endif
@@ -808,6 +826,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_ppc;
 			}
 #endif
@@ -818,6 +837,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_mips64;
 			} else if (strcmp(line, "[mips64n32]") == 0 ||
 				   strcmp(line, "[MIPS64N32]") == 0) {
@@ -825,6 +845,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_mips64n32;
 			} else if (strcmp(line, "[mips]") == 0 ||
 				   strcmp(line, "[MIPS]") == 0) {
@@ -833,6 +854,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_mips;
 			} else if (strcmp(line, "[mipsel64]") == 0 ||
 				   strcmp(line, "[MIPSEL64]") == 0) {
@@ -840,6 +862,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_mipsel64;
 			} else if (strcmp(line, "[mipsel64n32]") == 0 ||
 				   strcmp(line, "[MIPSEL64N32]") == 0) {
@@ -847,6 +870,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_mipsel64n32;
 			} else if (strcmp(line, "[mipsel]") == 0 ||
 				   strcmp(line, "[MIPSEL]") == 0) {
@@ -855,6 +879,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_mipsel;
 			}
 #endif
@@ -865,11 +890,12 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 					cur_rule_arch = lxc_seccomp_arch_unknown;
 					continue;
 				}
+
 				cur_rule_arch = lxc_seccomp_arch_s390x;
-			}
 #endif
-			else
+			} else {
 				goto bad_arch;
+			}
 
 			continue;
 		}
@@ -889,6 +915,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		if (!do_resolve_add_rule(SCMP_ARCH_NATIVE, line,
 					 conf->seccomp_ctx, &rule))
 			goto bad_rule;
+
 		INFO("Added native rule for arch %d for %s action %d(%s)",
 		     SCMP_ARCH_NATIVE, line, rule.action,
 		     get_action_name(rule.action));
@@ -897,6 +924,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 			if (!do_resolve_add_rule(ctx.architectures[0], line,
 						 ctx.contexts[0], &rule))
 				goto bad_rule;
+
 			INFO("Added compat rule for arch %d for %s action %d(%s)",
 			     ctx.architectures[0], line, rule.action,
 			     get_action_name(rule.action));
@@ -906,6 +934,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 			if (!do_resolve_add_rule(ctx.architectures[1], line,
 						 ctx.contexts[1], &rule))
 				goto bad_rule;
+
 			INFO("Added compat rule for arch %d for %s action %d(%s)",
 			     ctx.architectures[1], line, rule.action,
 			     get_action_name(rule.action));
@@ -915,6 +944,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 			if (!do_resolve_add_rule(ctx.architectures[2], line,
 						ctx.contexts[2], &rule))
 				goto bad_rule;
+
 			INFO("Added native rule for arch %d for %s action %d(%s)",
 			     ctx.architectures[2], line, rule.action,
 			     get_action_name(rule.action));
@@ -930,6 +960,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 				      "context into main context");
 				goto bad;
 			}
+
 			TRACE("Merged first compat seccomp context into main context");
 		} else {
 			seccomp_release(ctx.contexts[0]);
@@ -945,6 +976,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 				      "context into main context");
 				goto bad;
 			}
+
 			TRACE("Merged second compat seccomp context into main context");
 		} else {
 			seccomp_release(ctx.contexts[1]);
@@ -960,6 +992,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 				      "context into main context");
 				goto bad;
 			}
+
 			TRACE("Merged third compat seccomp context into main context");
 		} else {
 			seccomp_release(ctx.contexts[2]);
@@ -967,19 +1000,25 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		}
 	}
 
+	free(rule_line);
 	return 0;
 
 bad_arch:
-	ERROR("Unsupported arch: %s.", line);
+	ERROR("Unsupported architecture \"%s\"", line);
+
 bad_rule:
 bad:
 	if (ctx.contexts[0])
 		seccomp_release(ctx.contexts[0]);
+
 	if (ctx.contexts[1])
 		seccomp_release(ctx.contexts[1]);
+
 	if (ctx.contexts[2])
 		seccomp_release(ctx.contexts[2]);
 
+	free(rule_line);
+
 	return -1;
 }
 #else /* HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH */

From 64828b5e0be5ffe54464b7583289901eb12d3006 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:49:28 +0200
Subject: [PATCH 14/17] seccomp: parse_config()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 6ce3d5559..e22752cd7 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1038,7 +1038,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
  */
 static int parse_config(FILE *f, struct lxc_conf *conf)
 {
-	char line[1024];
+	char line[MAXPATHLEN];
 	int ret, version;
 
 	ret = fscanf(f, "%d\n", &version);
@@ -1046,10 +1046,12 @@ static int parse_config(FILE *f, struct lxc_conf *conf)
 		ERROR("Invalid version");
 		return -1;
 	}
-	if (!fgets(line, 1024, f)) {
+
+	if (!fgets(line, MAXPATHLEN, f)) {
 		ERROR("Invalid config file");
 		return -1;
 	}
+
 	if (version == 1 && !strstr(line, "whitelist")) {
 		ERROR("Only whitelist policy is supported");
 		return -1;
@@ -1062,6 +1064,7 @@ static int parse_config(FILE *f, struct lxc_conf *conf)
 
 	if (version == 1)
 		return parse_config_v1(f, conf);
+
 	return parse_config_v2(f, line, conf);
 }
 

From 24130b72641d2fdd7283e77e688db1e3520dd7a6 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:51:18 +0200
Subject: [PATCH 15/17] seccomp: parse_config()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index e22752cd7..991f5d6f2 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1077,34 +1077,40 @@ static int parse_config(FILE *f, struct lxc_conf *conf)
  */
 static bool use_seccomp(void)
 {
-	FILE *f = fopen("/proc/self/status", "r");
-	char line[1024];
-	bool already_enabled = false;
-	bool found = false;
 	int ret, v;
+	FILE *f;
+	size_t line_bufsz = 0;
+	char *line = NULL;
+	bool already_enabled = false, found = false;
 
+	f = fopen("/proc/self/status", "r");
 	if (!f)
 		return true;
 
-	while (fgets(line, 1024, f)) {
+	while (getline(&line, &line_bufsz, f) != -1) {
 		if (strncmp(line, "Seccomp:", 8) == 0) {
 			found = true;
+
 			ret = sscanf(line + 8, "%d", &v);
 			if (ret == 1 && v != 0)
 				already_enabled = true;
+
 			break;
 		}
 	}
-
+	free(line);
 	fclose(f);
-	if (!found) { /* no Seccomp line, no seccomp in kernel */
+
+	if (!found) {
 		INFO("Seccomp is not enabled in the kernel");
 		return false;
 	}
-	if (already_enabled) { /* already seccomp-confined */
+
+	if (already_enabled) {
 		INFO("Already seccomp-confined, not loading new policy");
 		return false;
 	}
+
 	return true;
 }
 

From 8515d22d7fc60b1c739a9a7bc498c9388d258e7c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:53:31 +0200
Subject: [PATCH 16/17] seccomp: lxc_read_seccomp_config()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 991f5d6f2..8d01d1f67 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1116,15 +1116,15 @@ static bool use_seccomp(void)
 
 int lxc_read_seccomp_config(struct lxc_conf *conf)
 {
+	int check_seccomp_attr_set, ret;
 	FILE *f;
-	int ret;
-	int check_seccomp_attr_set;
 
 	if (!conf->seccomp)
 		return 0;
 
 	if (!use_seccomp())
 		return 0;
+
 #if HAVE_SCMP_FILTER_CTX
 	/* XXX for debug, pass in SCMP_ACT_TRAP */
 	conf->seccomp_ctx = seccomp_init(SCMP_ACT_KILL);
@@ -1137,7 +1137,7 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
 		return -1;
 	}
 
-/* turn off no-new-privs.  We don't want it in lxc, and it breaks
+/* turn off no-new-privs. We don't want it in lxc, and it breaks
  * with apparmor */
 #if HAVE_SCMP_FILTER_CTX
 	check_seccomp_attr_set = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_CTL_NNP, 0);
@@ -1145,13 +1145,14 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
 	check_seccomp_attr_set = seccomp_attr_set(SCMP_FLTATR_CTL_NNP, 0);
 #endif
 	if (check_seccomp_attr_set) {
-		ERROR("Failed to turn off no-new-privs");
+		ERROR("%s - Failed to turn off no-new-privs", strerror(-check_seccomp_attr_set));
 		return -1;
 	}
 #ifdef SCMP_FLTATR_ATL_TSKIP
-	if (seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_ATL_TSKIP, 1)) {
-		WARN("Failed to turn on seccomp nop-skip, continuing");
-	}
+	check_seccomp_attr_set = seccomp_attr_set(conf->seccomp_ctx, SCMP_FLTATR_ATL_TSKIP, 1);
+	if (check_seccomp_attr_set < 0)
+		WARN("%s - Failed to turn on seccomp nop-skip, continuing",
+		     strerror(-check_seccomp_attr_set));
 #endif
 
 	f = fopen(conf->seccomp, "r");
@@ -1159,8 +1160,10 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
 		SYSERROR("Failed to open seccomp policy file %s", conf->seccomp);
 		return -1;
 	}
+
 	ret = parse_config(f, conf);
 	fclose(f);
+
 	return ret;
 }
 

From 9599aff095b34cf8327f3499e5ddd498ba0fd573 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 24 May 2018 16:55:21 +0200
Subject: [PATCH 17/17] seccomp: lxc_read_seccomp_config()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/seccomp.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 8d01d1f67..f3c27c699 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1170,31 +1170,36 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
 int lxc_seccomp_load(struct lxc_conf *conf)
 {
 	int ret;
+
 	if (!conf->seccomp)
 		return 0;
+
 	if (!use_seccomp())
 		return 0;
-	ret = seccomp_load(
+
 #if HAVE_SCMP_FILTER_CTX
-	    conf->seccomp_ctx
+	ret = seccomp_load(conf->seccomp_ctx);
+#else
+	ret = seccomp_load();
 #endif
-	    );
 	if (ret < 0) {
-		ERROR("Error loading the seccomp policy: %s", strerror(-ret));
+		ERROR("%s- Error loading the seccomp policy", strerror(-ret));
 		return -1;
 	}
 
 /* After load seccomp filter into the kernel successfully, export the current seccomp
  * filter to log file */
 #if HAVE_SCMP_FILTER_CTX
-	if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE || conf->loglevel <= LXC_LOG_LEVEL_TRACE) &&
+	if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE ||
+	     conf->loglevel <= LXC_LOG_LEVEL_TRACE) &&
 	    lxc_log_fd >= 0) {
 		ret = seccomp_export_pfc(conf->seccomp_ctx, lxc_log_fd);
 		/* Just give an warning when export error */
 		if (ret < 0)
-			WARN("Failed to export seccomp filter to log file: %s", strerror(-ret));
+			WARN("%s - Failed to export seccomp filter to log file", strerror(-ret));
 	}
 #endif
+
 	return 0;
 }
 
@@ -1202,6 +1207,7 @@ void lxc_seccomp_free(struct lxc_conf *conf)
 {
 	free(conf->seccomp);
 	conf->seccomp = NULL;
+
 #if HAVE_SCMP_FILTER_CTX
 	if (conf->seccomp_ctx) {
 		seccomp_release(conf->seccomp_ctx);


More information about the lxc-devel mailing list