Re: [OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

On Sat, 2020-04-04 at 17:13 -0500, Seebs wrote: > On Sat, 4 Apr 2020 14:32:03 -0700 > "Andre McCurdy" wrote: > > > Also, since prctl() is Linux specific, it looks like this patch > > will > > make pseudo Linux specific. Is that OK? If so maybe worth making an > > official statement that OE is onl

Re: [OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

On Sat, 4 Apr 2020 14:32:03 -0700 "Andre McCurdy" wrote: > Also, since prctl() is Linux specific, it looks like this patch will > make pseudo Linux specific. Is that OK? If so maybe worth making an > official statement that OE is only supported for Linux hosts? We have existing hooks for making

Re: [OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

On Sat, Apr 4, 2020 at 3:17 AM Richard Purdie wrote: > On Fri, 2020-04-03 at 15:39 -0700, Andre McCurdy wrote: > > On Fri, Apr 3, 2020 at 2:59 PM Richard Purdie > > wrote: > > > ++ /* gcc magic to attempt to just pass these args to syscall. > > > we have to > > > > Comment needs updating - y

Re: [OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

On Fri, 2020-04-03 at 15:39 -0700, Andre McCurdy wrote: > On Fri, Apr 3, 2020 at 2:59 PM Richard Purdie > wrote: > > ++ /* gcc magic to attempt to just pass these args to syscall. > > we have to > > Comment needs updating - you are calling prctl() here, not syscall(). > > > ++ * guess

Re: [OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

On Fri, Apr 3, 2020 at 2:59 PM Richard Purdie wrote: > > Pseudo changes the syscall access patterns which makes it incompatible with > seccomp. Therefore intercept the seccomp syscall and alter it, pretending that > seccomp was setup when in fact we do nothing. If we error as unsupported, > utilit

Re: [OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

On Fri, Apr 3, 2020 at 2:59 PM Richard Purdie wrote: > > Pseudo changes the syscall access patterns which makes it incompatible with > seccomp. Therefore intercept the seccomp syscall and alter it, pretending that > seccomp was setup when in fact we do nothing. If we error as unsupported, > utilit

[OE-core] [PATCH] pseudo: Force seccomp to return success when in fact doing nothing

Pseudo changes the syscall access patterns which makes it incompatible with seccomp. Therefore intercept the seccomp syscall and alter it, pretending that seccomp was setup when in fact we do nothing. If we error as unsupported, utilities like file will exit with errors so we can't just disable it.