diff mbox series

[pseudo,2/4] ports/linux/pseudo_wrappers.c: Reorder the syscall operations

Message ID 1768439403-23665-3-git-send-email-mark.hatle@kernel.crashing.org
State New
Headers show
Series Implement openat2 wrapper | expand

Commit Message

Mark Hatle Jan. 15, 2026, 1:10 a.m. UTC 
From: "mark.hatle" <mark.hatle@kernel.crashing.org>

The seccomp wrap always takes effect when pseudo is running, this will
prevent various behavior, even if pseudo is generally considered to be
disabled, but in memory.

The openat2 and renameat2 however should only run if pseudo is enabled.

Signed-off-by: mark.hatle <mark.hatle@kernel.crashing.org>
---
 ports/linux/pseudo_wrappers.c | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)
diff mbox series

Patch

diff --git a/ports/linux/pseudo_wrappers.c b/ports/linux/pseudo_wrappers.c
index 6b54083..b486c34 100644
--- a/ports/linux/pseudo_wrappers.c
+++ b/ports/linux/pseudo_wrappers.c
@@ -65,19 +65,6 @@  syscall(long number, ...) {
 		return rc;
 	}
 
-#ifdef SYS_renameat2
-	/* concerns exist about trying to parse arguments because syscall(2)
-	 * specifies strange ABI behaviors. If we can get better clarity on
-	 * that, it could make sense to redirect to wrap_renameat2().
-	 */
-	if (number == SYS_renameat2) {
-		errno = ENOSYS;
-		return -1;
-	}
-#else
-	(void) number;
-#endif
-
 #ifdef SYS_seccomp
 	/* pseudo and seccomp are incompatible as pseudo uses different syscalls
 	 * so pretend to enable seccomp but really do nothing */
@@ -92,6 +79,10 @@  syscall(long number, ...) {
 	}
 #endif
 
+        if (pseudo_disabled) {
+                goto call_syscall;
+        }
+
 #ifdef SYS_openat2
 	/* concerns exist about trying to parse arguments because syscall(2)
 	 * specifies strange ABI behaviors. If we can get better clarity on
@@ -105,6 +96,18 @@  syscall(long number, ...) {
 	}
 #endif
 
+#ifdef SYS_renameat2
+	/* concerns exist about trying to parse arguments because syscall(2)
+	 * specifies strange ABI behaviors. If we can get better clarity on
+	 * that, it could make sense to redirect to wrap_renameat2().
+	 */
+	if (number == SYS_renameat2) {
+		errno = ENOSYS;
+		return -1;
+	}
+#endif
+
+call_syscall:
 	/* gcc magic to attempt to just pass these args to syscall. we have to
 	 * guess about the number of args; the docs discuss calling conventions
 	 * up to 7, so let's try that?