Trying to get file to work under systrace(1).
Is this a reasonable patch?
According to systrace(4) ioctl(STRIOCATTACH) can fail for one of
five reasons. In context of file(1), the only possible one is
number "3. It's being traced already".
file(1) still fails with systrace because of sendmsg(2), any
help with correcting systrace.policy for this case would be
appreciated.
--patrick
Index: sandbox.c
===================================================================
RCS file: /cvs/obsd/src/usr.bin/file/sandbox.c,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 sandbox.c
--- sandbox.c 29 May 2015 15:58:34 -0000 1.7
+++ sandbox.c 4 Jun 2015 18:29:55 -0000
@@ -129,8 +129,11 @@ sandbox_fork(const char *user)
err(1, "ioctl(STRIOCCLONE)");
close(devfd);
- if (ioctl(fd, STRIOCATTACH, &pid) == -1)
- err(1, "ioctl(STRIOCATTACH)");
+ if (ioctl(fd, STRIOCATTACH, &pid) == -1) {
+ /* Already attached; i.e., running under systrace */
+ warn("ioctl(STRIOCATTACH)");
+ goto out;
+ }
memset(&policy, 0, sizeof policy);
policy.strp_op = SYSTR_POLICY_NEW;
@@ -150,7 +153,7 @@ sandbox_fork(const char *user)
err(1, "ioctl(STRIOCPOLICY/MODIFY)");
}
- if (kill(pid, SIGCONT) != 0)
+out: if (kill(pid, SIGCONT) != 0)
err(1, "kill(SIGCONT)");
return (pid);
}
