This is an automated email from the ASF dual-hosted git repository. abudnik pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push: new a679eb4 Added support of `null` values for syscall `args` in Seccomp. a679eb4 is described below commit a679eb4bc35bd2d7c4cffdd9440ab301d8fc8986 Author: Andrei Budnik <abud...@apache.org> AuthorDate: Wed Jun 10 17:39:05 2020 +0200 Added support of `null` values for syscall `args` in Seccomp. This patch adds support for `null` values of syscall arguments. If the value is `null`, then syscall arguments are ignored. Review: https://reviews.apache.org/r/72596 --- src/linux/seccomp/seccomp_parser.cpp | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/linux/seccomp/seccomp_parser.cpp b/src/linux/seccomp/seccomp_parser.cpp index 3dcfcd6..8242bd5 100644 --- a/src/linux/seccomp/seccomp_parser.cpp +++ b/src/linux/seccomp/seccomp_parser.cpp @@ -435,23 +435,26 @@ Try<Nothing> parseSyscalls( // Parse `args` section which contains seccomp filtering rules for syscall // arguments. - const auto args = item.as<JSON::Object>().at<JSON::Array>("args"); + const auto args = item.as<JSON::Object>().find<JSON::Value>("args"); if (!args.isSome()) { return Error( "Cannot determine 'args' field for 'syscalls' item: " + (args.isError() ? args.error() : "Not found")); } - foreach (const JSON::Value& argsItem, args->values) { - if (!argsItem.is<JSON::Object>()) { - return Error("'names' contains a non-object item"); - } + // `args` can be either `null` or an array. + if (args->is<JSON::Array>()) { + foreach (const JSON::Value& argsItem, args->as<JSON::Array>().values) { + if (!argsItem.is<JSON::Object>()) { + return Error("'args' contains a non-object item"); + } - Try<Nothing> arg = - parseSyscallArgument(argsItem.as<JSON::Object>(), syscall.add_args()); + Try<Nothing> arg = + parseSyscallArgument(argsItem.as<JSON::Object>(), syscall.add_args()); - if (arg.isError()) { - return Error(arg.error()); + if (arg.isError()) { + return Error(arg.error()); + } } }