Ophestra
e574042d76
All checks were successful
Test / Hakurei (push) Successful in 42s
Test / Sandbox (push) Successful in 39s
Test / Hakurei (race detector) (push) Successful in 41s
Test / Create distribution (push) Successful in 33s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Planterette (push) Successful in 41s
Test / Flake checks (push) Successful in 1m17s
This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>
88 lines
1.9 KiB
Go
88 lines
1.9 KiB
Go
//go:build testtool
|
|
|
|
package sandbox
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"syscall"
|
|
"unsafe"
|
|
)
|
|
|
|
const (
|
|
NULL = 0
|
|
|
|
PTRACE_ATTACH = 16
|
|
PTRACE_DETACH = 17
|
|
PTRACE_SECCOMP_GET_FILTER = 0x420c
|
|
)
|
|
|
|
type ptraceError struct {
|
|
op string
|
|
errno syscall.Errno
|
|
}
|
|
|
|
func (p *ptraceError) Error() string { return fmt.Sprintf("%s: %v", p.op, p.errno) }
|
|
|
|
func (p *ptraceError) Unwrap() error {
|
|
if p.errno == 0 {
|
|
return nil
|
|
}
|
|
return p.errno
|
|
}
|
|
|
|
func ptrace(op uintptr, pid, addr int, data unsafe.Pointer) (r uintptr, errno syscall.Errno) {
|
|
r, _, errno = syscall.Syscall6(syscall.SYS_PTRACE, op, uintptr(pid), uintptr(addr), uintptr(data), NULL, NULL)
|
|
return
|
|
}
|
|
|
|
func ptraceAttach(pid int) error {
|
|
if _, errno := ptrace(PTRACE_ATTACH, pid, 0, nil); errno != 0 {
|
|
return &ptraceError{"PTRACE_ATTACH", errno}
|
|
}
|
|
|
|
var status syscall.WaitStatus
|
|
for {
|
|
if _, err := syscall.Wait4(pid, &status, syscall.WALL, nil); err != nil {
|
|
if errors.Is(err, syscall.EINTR) {
|
|
continue
|
|
}
|
|
fatalf("cannot waitpid: %v", err)
|
|
}
|
|
break
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func ptraceDetach(pid int) error {
|
|
if _, errno := ptrace(PTRACE_DETACH, pid, 0, nil); errno != 0 {
|
|
return &ptraceError{"PTRACE_DETACH", errno}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
type sockFilter struct { /* Filter block */
|
|
code uint16 /* Actual filter code */
|
|
jt uint8 /* Jump true */
|
|
jf uint8 /* Jump false */
|
|
k uint32 /* Generic multiuse field */
|
|
}
|
|
|
|
func getFilter[T comparable](pid, index int) ([]T, error) {
|
|
if s := unsafe.Sizeof(*new(T)); s != 8 {
|
|
panic(fmt.Sprintf("invalid filter block size %d", s))
|
|
}
|
|
|
|
var buf []T
|
|
if n, errno := ptrace(PTRACE_SECCOMP_GET_FILTER, pid, index, nil); errno != 0 {
|
|
return nil, &ptraceError{"PTRACE_SECCOMP_GET_FILTER", errno}
|
|
} else {
|
|
buf = make([]T, n)
|
|
}
|
|
if _, errno := ptrace(PTRACE_SECCOMP_GET_FILTER, pid, index, unsafe.Pointer(&buf[0])); errno != 0 {
|
|
return nil, &ptraceError{"PTRACE_SECCOMP_GET_FILTER", errno}
|
|
}
|
|
return buf, nil
|
|
}
|