aboutsummaryrefslogtreecommitdiffstats
path: root/src/fbuilder/build_seccomp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/fbuilder/build_seccomp.c')
-rw-r--r--src/fbuilder/build_seccomp.c47
1 files changed, 24 insertions, 23 deletions
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
index 18a767518..63f37e34a 100644
--- a/src/fbuilder/build_seccomp.c
+++ b/src/fbuilder/build_seccomp.c
@@ -20,11 +20,12 @@
20 20
21#include "fbuilder.h" 21#include "fbuilder.h"
22 22
23void build_seccomp(const char *fname) { 23void build_seccomp(const char *fname, FILE *fp) {
24 assert(fname); 24 assert(fname);
25 assert(fp);
25 26
26 FILE *fp = fopen(fname, "r"); 27 FILE *fp2 = fopen(fname, "r");
27 if (!fp) { 28 if (!fp2) {
28 fprintf(stderr, "Error: cannot open %s\n", fname); 29 fprintf(stderr, "Error: cannot open %s\n", fname);
29 exit(1); 30 exit(1);
30 } 31 }
@@ -33,7 +34,7 @@ void build_seccomp(const char *fname) {
33 int line = 1; 34 int line = 1;
34 int position = 0; 35 int position = 0;
35 int cnt = 0; 36 int cnt = 0;
36 while (fgets(buf, MAX_BUF, fp)) { 37 while (fgets(buf, MAX_BUF, fp2)) {
37 // remove \n 38 // remove \n
38 char *ptr = strchr(buf, '\n'); 39 char *ptr = strchr(buf, '\n');
39 if (ptr) 40 if (ptr)
@@ -62,20 +63,20 @@ void build_seccomp(const char *fname) {
62 break; 63 break;
63 64
64 if (line == 3) 65 if (line == 3)
65 printf("# seccomp.keep %s", buf + position); 66 fprintf(fp, "# seccomp.keep %s", buf + position);
66 else 67 else
67 printf(",%s", buf + position); 68 fprintf(fp, ",%s", buf + position);
68 cnt++; 69 cnt++;
69 } 70 }
70 line++; 71 line++;
71 } 72 }
72 printf("\n"); 73 fprintf(fp, "\n");
73 printf("# %d syscalls total\n", cnt); 74 fprintf(fp, "# %d syscalls total\n", cnt);
74 printf("# Probably you will need to add more syscalls to seccomp.keep. Look for\n"); 75 fprintf(fp, "# Probably you will need to add more syscalls to seccomp.keep. Look for\n");
75 printf("# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while\n"); 76 fprintf(fp, "# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while\n");
76 printf("# running your sandbox.\n"); 77 fprintf(fp, "# running your sandbox.\n");
77 78
78 fclose(fp); 79 fclose(fp2);
79} 80}
80 81
81//*************************************** 82//***************************************
@@ -141,7 +142,7 @@ static void process_protocol(const char *fname) {
141 142
142 143
143// process fname, fname.1, fname.2, fname.3, fname.4, fname.5 144// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
144void build_protocol(const char *fname) { 145void build_protocol(const char *fname, FILE *fp) {
145 assert(fname); 146 assert(fname);
146 147
147 // run fname 148 // run fname
@@ -161,31 +162,31 @@ void build_protocol(const char *fname) {
161 162
162 int net = 0; 163 int net = 0;
163 if (unix_s || inet || inet6 || netlink || packet) { 164 if (unix_s || inet || inet6 || netlink || packet) {
164 printf("protocol "); 165 fprintf(fp, "protocol ");
165 if (unix_s) 166 if (unix_s)
166 printf("unix,"); 167 fprintf(fp, "unix,");
167 if (inet) { 168 if (inet) {
168 printf("inet,"); 169 fprintf(fp, "inet,");
169 net = 1; 170 net = 1;
170 } 171 }
171 if (inet6) { 172 if (inet6) {
172 printf("inet6,"); 173 fprintf(fp, "inet6,");
173 net = 1; 174 net = 1;
174 } 175 }
175 if (netlink) 176 if (netlink)
176 printf("netlink,"); 177 fprintf(fp, "netlink,");
177 if (packet) { 178 if (packet) {
178 printf("packet"); 179 fprintf(fp, "packet");
179 net = 1; 180 net = 1;
180 } 181 }
181 printf("\n"); 182 fprintf(fp, "\n");
182 } 183 }
183 184
184 if (net == 0) 185 if (net == 0)
185 printf("net none\n"); 186 fprintf(fp, "net none\n");
186 else { 187 else {
187 printf("# net eth0\n"); 188 fprintf(fp, "# net eth0\n");
188 printf("netfilter\n"); 189 fprintf(fp, "netfilter\n");
189 } 190 }
190} 191}
191 192
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-25 18:16:47 +0000