colin/passt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

arp, tap, util: Don't use perror() after seccomp filter is installed

Browse Source 
If stderr is closed, after we fork to background, glibc's
implementation of perror() will try to re-open it by calling dup(),
upon which the seccomp filter causes the process to terminate,
because dup() is not included in the list of allowed syscalls.

Replace perror() calls that might happen after isolation_postfork().
We could probably replace all of them, but early ones need a bit more
attention as we have to check whether log.c functions work in early
stages.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
Stefano Brivio
2022-11-14 23:00:27 +01:00
parent 5f74465010
commit b27d6d121c
3 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tap.c
View File

@@ -899,7 +899,7 @@ static void tap_sock_unix_init(struct ctx *c)
int i;
if (fd < 0) {
perror("UNIX socket");
err("UNIX socket: %s", strerror(errno));
exit(EXIT_FAILURE);
}
@@ -920,7 +920,7 @@ static void tap_sock_unix_init(struct ctx *c)
ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
if (ex < 0) {
perror("UNIX domain socket check");
err("UNIX domain socket check: %s", strerror(errno));
exit(EXIT_FAILURE);
}
@@ -944,7 +944,7 @@ static void tap_sock_unix_init(struct ctx *c)
}
if (i == UNIX_SOCK_MAX) {
perror("UNIX socket bind");
err("UNIX socket bind: %s", strerror(errno));
exit(EXIT_FAILURE);
}