Re: [libseccomp-discuss] allowing select() fails in i686
High level interface to the Linux Kernel's seccomp filter
Brought to you by:
pcmoore
Menu
▾
▴
Re: [libseccomp-discuss] allowing select() fails in i686
|
From: Paul M. <pm...@re...> - 2015-01-27 16:02:47
|
On Tuesday, January 27, 2015 04:45:52 PM Nikos Mavrogiannopoulos wrote: > Hello, > The attached program as far as I understand creates a filter which > allows select(). That works well on my x86-64: > $ gcc test.c -lseccomp;./a.out > all ok > > However, if I run the same thing under i686 emulation, I have: > $ gcc -m32 test.c -lseccomp;./a.out > select is blocked! Since you are running on an x86_64 system, you probably want to explicitly add support for the x86 ABI if you are interested in creating a filter that works on both x86_64 and x86. This is probably not strictly necessary if you are certain that you are linking to a properly build native x86 library, but I can't be certain based on what you've posted. Look at the seccomp_arch_add(3) man page. > Note that allow others calls (e.g., write) are properly executed as > expected. Have you verified this via strace, or similar? Without digging to deeply, it looks like you test select() before you test write(); if select() fails you'll never know if write() worked correctly or not. > Running strace without seccomp being applied shows: > select(4, [3], NULL, NULL, NULL) = 1 (in [3]) > So as far as I understand the syscall select() is being called. > Am I missing something here? > > regards, > Nikos -- paul moore security @ redhat |
