Hello,
My apologies, I didn't look close enough at your original example
code, but Tom is correct regarding SCMP_SYS (thanks Tom!).
As far as seccomp_syscall_resolve_name() is concerned, no, it does not
rewrite the syscall number for the multiplexed syscalls; if run on
32-bit x86 seccomp_syscall_resolve_name("socket") will return -101
(negative syscall numbers are special pseudo-syscall numbers used by
libseccomp when the syscall does not exist for a given ABI. If you
want libseccomp to rewrite the syscall number to a valid syscall you
should use seccomp_syscall_resolve_name_rewrite();
seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_X86, "socket") returns
102 which is the syscall number for socketcall() on 32-bit x86.
On Tue, May 22, 2018 at 1:33 PM, Amit Malav <[email protected]> wrote:
> Hi,
> Thanks for clarifying.
> I have changed that line of code to
> seccomp_rule_add(ctx, SCMP_ACT_ALLOW,
> seccomp_syscall_resolve_name(argv[iterator]), 0)
> It seems to do the job.
> Although on man page for seccomp_syscall_resolve_name, it is mentioned
> "seccomp_syscall_resolve_name_rewrite() functions resolve the commonly used
> syscall name to the syscall number used by the kernel and the rest of the
> libseccomp API".
> Does it mean that this method does not resolve to correct syscall number for
> multiplexed syscall, like socketcall(2) or ipc(2) on x86 ?
>
> On Tuesday, May 22, 2018 at 10:56:09 PM UTC+5:30, Tom Hromatka wrote:
>> On 05/21/2018 09:01 PM, Amit Malav wrote:
>>
>> > Hi Pautl.
>> > Thanks for the swift response.
>> > But i'm getting following error while compiling above code.
>> >
>> > #gcc test-seccomp.c -l seccomp -o seccomp
>> >
>> > In file included from test-seccomp.c:6:0:
>> > test-seccomp.c: In function ‘main’:
>> > test-seccomp.c:37:51: error: ‘__NR_argv’ undeclared (first use in this
>> > function)
>> > seccomp_rule_add(ctx, SCMP_ACT_ALLOW,
>> > SCMP_SYS(argv[iterator]), 0);
>> > ^
>> > test-seccomp.c:37:51: note: each undeclared identifier is reported only
>> > once for each function it appears in
>> >
>> > Am i doing something wrong here? Can this be achieved differently?
>>
>> I admit I didn't look through the entire thread, so my apologies
>> up front.
>>
>> SCMP_SYS() is a helper macro that converts syscall names (read,
>> write, open, mmap, etc.) into their respective numbers for that
>> particular architecture (0, 1, 2, 9, etc. for the aforementioned
>> list on x86_64).
>>
>> /**
>> * Convert a syscall name into the associated syscall number
>> * @param x the syscall name
>> */
>> #define SCMP_SYS(x) (__NR_##x)
>>
>> Passing argv[] into SCMP_SYS will be stringified into __NR_argv[]
>> which is not a valid syscall number.
>>
>> Regards.
>>
>> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
> "libseccomp" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
paul moore
www.paul-moore.com
--
You received this message because you are subscribed to the Google Groups
"libseccomp" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/d/optout.
