helper: use generic extra files interface
This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -1,22 +1,15 @@
|
||||
package seccomp
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"io"
|
||||
"os"
|
||||
"syscall"
|
||||
|
||||
"git.gensokyo.uk/security/fortify/helper/proc"
|
||||
)
|
||||
|
||||
func Export(opts SyscallOpts) (f *os.File, err error) {
|
||||
if f, err = tmpfile(); err != nil {
|
||||
return
|
||||
}
|
||||
if err = exportFilter(f.Fd(), opts); err != nil {
|
||||
return
|
||||
}
|
||||
_, err = f.Seek(0, io.SeekStart)
|
||||
return
|
||||
}
|
||||
// New returns an inactive Encoder instance.
|
||||
func New(opts SyscallOpts) *Encoder { return &Encoder{newExporter(opts)} }
|
||||
|
||||
/*
|
||||
An Encoder writes a BPF program to an output stream.
|
||||
@@ -45,7 +38,31 @@ func (e *Encoder) Close() error {
|
||||
return errors.Join(e.closeWrite(), <-e.exportErr)
|
||||
}
|
||||
|
||||
// New returns an inactive Encoder instance.
|
||||
func New(opts SyscallOpts) *Encoder {
|
||||
return &Encoder{newExporter(opts)}
|
||||
// NewFile returns an instance of exporter implementing [proc.File].
|
||||
func NewFile(opts SyscallOpts) proc.File { return &File{opts: opts} }
|
||||
|
||||
// File implements [proc.File] and provides access to the read end of exporter pipe.
|
||||
type File struct {
|
||||
opts SyscallOpts
|
||||
proc.BaseFile
|
||||
}
|
||||
|
||||
func (f *File) ErrCount() int { return 2 }
|
||||
func (f *File) Fulfill(ctx context.Context, dispatchErr func(error)) error {
|
||||
e := newExporter(f.opts)
|
||||
if err := e.prepare(); err != nil {
|
||||
return err
|
||||
}
|
||||
f.Set(e.r)
|
||||
go func() {
|
||||
select {
|
||||
case err := <-e.exportErr:
|
||||
dispatchErr(nil)
|
||||
dispatchErr(err)
|
||||
case <-ctx.Done():
|
||||
dispatchErr(e.closeWrite())
|
||||
dispatchErr(<-e.exportErr)
|
||||
}
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -48,14 +48,6 @@ struct f_syscall_act {
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
|
||||
int f_tmpfile_fd() {
|
||||
FILE *f = tmpfile();
|
||||
if (f == NULL)
|
||||
return -1;
|
||||
return fileno(f);
|
||||
}
|
||||
|
||||
int32_t f_export_bpf(int fd, uint32_t arch, uint32_t multiarch, f_syscall_opts opts) {
|
||||
int32_t res = 0; // refer to resErr for meaning
|
||||
int allow_multiarch = opts & F_MULTIARCH;
|
||||
|
||||
@@ -20,5 +20,4 @@ typedef enum {
|
||||
} f_syscall_opts;
|
||||
|
||||
extern void F_println(char *v);
|
||||
int f_tmpfile_fd();
|
||||
int32_t f_export_bpf(int fd, uint32_t arch, uint32_t multiarch, f_syscall_opts opts);
|
||||
@@ -9,7 +9,6 @@ import "C"
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"runtime"
|
||||
)
|
||||
|
||||
@@ -47,14 +46,6 @@ const (
|
||||
FlagBluetooth SyscallOpts = C.F_BLUETOOTH
|
||||
)
|
||||
|
||||
func tmpfile() (*os.File, error) {
|
||||
fd, err := C.f_tmpfile_fd()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return os.NewFile(uintptr(fd), "tmpfile"), err
|
||||
}
|
||||
|
||||
func exportFilter(fd uintptr, opts SyscallOpts) error {
|
||||
var (
|
||||
arch C.uint32_t = 0
|
||||
|
||||
Reference in New Issue
Block a user