diff options
Diffstat (limited to 'po/ru/man2/seccomp_unotify.2.po')
| -rw-r--r-- | po/ru/man2/seccomp_unotify.2.po | 4430 |
1 files changed, 4430 insertions, 0 deletions
diff --git a/po/ru/man2/seccomp_unotify.2.po b/po/ru/man2/seccomp_unotify.2.po new file mode 100644 index 00000000..459bf8c5 --- /dev/null +++ b/po/ru/man2/seccomp_unotify.2.po @@ -0,0 +1,4430 @@ +# Russian translation of manpages +# This file is distributed under the same license as the manpages-l10n package. +# Copyright © of this file: +# Alexander Golubev <fatzer2@gmail.com>, 2018. +# Azamat Hackimov <azamat.hackimov@gmail.com>, 2011, 2014-2016. +# Hotellook, 2014. +# Nikita <zxcvbnm3230@mail.ru>, 2014. +# Spiros Georgaras <sng@hellug.gr>, 2016. +# Vladislav <ivladislavefimov@gmail.com>, 2015. +# Yuri Kozlov <yuray@komyakino.ru>, 2011-2019. +# Иван Павлов <pavia00@gmail.com>, 2017. +msgid "" +msgstr "" +"Project-Id-Version: manpages-l10n\n" +"POT-Creation-Date: 2024-03-01 17:07+0100\n" +"PO-Revision-Date: 2019-10-15 18:55+0300\n" +"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" +"Language-Team: Russian <man-pages-ru-talks@lists.sourceforge.net>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +"n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || " +"(n%100>=11 && n%100<=14)? 2 : 3);\n" +"X-Generator: Lokalize 2.0\n" + +#. type: TH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "seccomp_unotify" +msgstr "seccomp_unotify" + +#. type: TH +#: archlinux fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "2023-10-31" +msgstr "31 октября 2023 г." + +#. type: TH +#: archlinux fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Linux man-pages 6.06" +msgstr "Linux man-pages 6.06" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "NAME" +msgstr "ИМЯ" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "seccomp_unotify - Seccomp user-space notification mechanism" +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "LIBRARY" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Standard C library (I<libc>, I<-lc>)" +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SYNOPSIS" +msgstr "СИНТАКСИС" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"B<#include E<lt>linux/seccomp.hE<gt>>\n" +"B<#include E<lt>linux/filter.hE<gt>>\n" +"B<#include E<lt>linux/audit.hE<gt>>\n" +msgstr "" +"B<#include E<lt>linux/seccomp.hE<gt>>\n" +"B<#include E<lt>linux/filter.hE<gt>>\n" +"B<#include E<lt>linux/audit.hE<gt>>\n" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<int seccomp(unsigned int >I<operation>B<, unsigned int >I<flags>B<, void *>I<args>B<);>\n" +msgstr "B<int seccomp(unsigned int >I<operation>B<, unsigned int >I<flags>B<, void *>I<args>B<);>\n" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<#include E<lt>sys/ioctl.hE<gt>>\n" +msgstr "B<#include E<lt>sys/ioctl.hE<gt>>\n" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_RECV,>\n" +"B< struct seccomp_notif *>I<req>B<);>\n" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_SEND,>\n" +"B< struct seccomp_notif_resp *>I<resp>B<);>\n" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_ID_VALID, __u64 *>I<id>B<);>\n" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_ADDFD,>\n" +"B< struct seccomp_notif_addfd *>I<addfd>B<);>\n" +msgstr "" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_RECV,>\n" +"B< struct seccomp_notif *>I<req>B<);>\n" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_SEND,>\n" +"B< struct seccomp_notif_resp *>I<resp>B<);>\n" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_ID_VALID, __u64 *>I<id>B<);>\n" +"B<int ioctl(int >I<fd>B<, SECCOMP_IOCTL_NOTIF_ADDFD,>\n" +"B< struct seccomp_notif_addfd *>I<addfd>B<);>\n" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "DESCRIPTION" +msgstr "ОПИСАНИЕ" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This page describes the user-space notification mechanism provided by the " +"Secure Computing (seccomp) facility. As well as the use of the " +"B<SECCOMP_FILTER_FLAG_NEW_LISTENER> flag, the B<SECCOMP_RET_USER_NOTIF> " +"action value, and the B<SECCOMP_GET_NOTIF_SIZES> operation described in " +"B<seccomp>(2), this mechanism involves the use of a number of related " +"B<ioctl>(2) operations (described below)." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Overview" +msgstr "Обзор" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In conventional usage of a seccomp filter, the decision about how to treat a " +"system call is made by the filter itself. By contrast, the user-space " +"notification mechanism allows the seccomp filter to delegate the handling of " +"the system call to another user-space process. Note that this mechanism is " +"explicitly B<not> intended as a method implementing security policy; see " +"NOTES." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the discussion that follows, the thread(s) on which the seccomp filter is " +"installed is (are) referred to as the I<target>, and the process that is " +"notified by the user-space notification mechanism is referred to as the " +"I<supervisor>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A suitably privileged supervisor can use the user-space notification " +"mechanism to perform actions on behalf of the target. The advantage of the " +"user-space notification mechanism is that the supervisor will usually be " +"able to retrieve information about the target and the performed system call " +"that the seccomp filter itself cannot. (A seccomp filter is limited in the " +"information it can obtain and the actions that it can perform because it is " +"running on a virtual machine inside the kernel.)" +msgstr "" + +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"An overview of the steps performed by the target and the supervisor is as " +"follows:" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(1)" +msgstr "(1)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The target establishes a seccomp filter in the usual manner, but with two " +"differences:" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "\\[bu]" +msgstr "\\[bu]" + +# +# +#. FIXME +#. Is the last sentence above correct? +#. Kees Cook (25 Oct 2020) notes: +#. I like this limitation, but I expect that it'll need to change in the +#. future. Even with LSMs, we see the need for arbitrary stacking, and the +#. idea of there being only 1 supervisor will eventually break down. Right +#. now there is only 1 because only container managers are using this +#. feature. But if some daemon starts using it to isolate some thread, +#. suddenly it might break if a container manager is trying to listen to it +#. too, etc. I expect it won't be needed soon, but I do think it'll change. +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<seccomp>(2) I<flags> argument includes the flag " +"B<SECCOMP_FILTER_FLAG_NEW_LISTENER>. Consequently, the return value of the " +"(successful) B<seccomp>(2) call is a new \"listening\" file descriptor " +"that can be used to receive notifications. Only one \"listening\" seccomp " +"filter can be installed for a thread." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In cases where it is appropriate, the seccomp filter returns the action " +"value B<SECCOMP_RET_USER_NOTIF>. This return value will trigger a " +"notification event." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(2)" +msgstr "(2)" + +#. Jann Horn: +#. Instead of using unix domain sockets to send the fd to the +#. parent, I think you could also use clone3() with +#. flags==CLONE_FILES|SIGCHLD, dup2() the seccomp fd to an fd +#. that was reserved in the parent, call unshare(CLONE_FILES) +#. in the child after setting up the seccomp fd, and wake +#. up the parent with something like pthread_cond_signal()? +#. I'm not sure whether that'd look better or worse in the +#. end though, so maybe just ignore this comment. +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In order that the supervisor can obtain notifications using the listening " +"file descriptor, (a duplicate of) that file descriptor must be passed from " +"the target to the supervisor. One way in which this could be done is by " +"passing the file descriptor over a UNIX domain socket connection between the " +"target and the supervisor (using the B<SCM_RIGHTS> ancillary message type " +"described in B<unix>(7)). Another way to do this is through the use of " +"B<pidfd_getfd>(2)." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(3)" +msgstr "(3)" + +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The supervisor will receive notification events on the listening file " +"descriptor. These events are returned as structures of type " +"I<seccomp_notif>. Because this structure and its size may evolve over " +"kernel versions, the supervisor must first determine the size of this " +"structure using the B<seccomp>(2) B<SECCOMP_GET_NOTIF_SIZES> operation, " +"which returns a structure of type I<seccomp_notif_sizes>. The supervisor " +"allocates a buffer of size I<seccomp_notif_sizes.seccomp_notif> bytes to " +"receive notification events. In addition,the supervisor allocates another " +"buffer of size I<seccomp_notif_sizes.seccomp_notif_resp> bytes for the " +"response (a I<struct seccomp_notif_resp> structure) that it will provide to " +"the kernel (and thus the target)." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(4)" +msgstr "(4)" + +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The target then performs its workload, which includes system calls that will " +"be controlled by the seccomp filter. Whenever one of these system calls " +"causes the filter to return the B<SECCOMP_RET_USER_NOTIF> action value, the " +"kernel does I<not> (yet) execute the system call; instead, execution of the " +"target is temporarily blocked inside the kernel (in a sleep state that is " +"interruptible by signals) and a notification event is generated on the " +"listening file descriptor." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(5)" +msgstr "(5)" + +# +# +# +#. FIXME +#. Christian Brauner: +#. Do we support O_NONBLOCK with SECCOMP_IOCTL_NOTIF_RECV and if +#. not should we? +#. Michael Kerrisk: +#. A quick test suggests that O_NONBLOCK has no effect on the blocking +#. behavior of SECCOMP_IOCTL_NOTIF_RECV. +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The supervisor can now repeatedly monitor the listening file descriptor for " +"B<SECCOMP_RET_USER_NOTIF>-triggered events. To do this, the supervisor uses " +"the B<SECCOMP_IOCTL_NOTIF_RECV> B<ioctl>(2) operation to read information " +"about a notification event; this operation blocks until an event is " +"available. The operation returns a I<seccomp_notif> structure containing " +"information about the system call that is being attempted by the target. " +"(As described in NOTES, the file descriptor can also be monitored with " +"B<select>(2), B<poll>(2), or B<epoll>(7).)" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(6)" +msgstr "(6)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The I<seccomp_notif> structure returned by the B<SECCOMP_IOCTL_NOTIF_RECV> " +"operation includes the same information (a I<seccomp_data> structure) that " +"was passed to the seccomp filter. This information allows the supervisor to " +"discover the system call number and the arguments for the target's system " +"call. In addition, the notification event contains the ID of the thread " +"that triggered the notification and a unique cookie value that is used in " +"subsequent B<SECCOMP_IOCTL_NOTIF_ID_VALID> and B<SECCOMP_IOCTL_NOTIF_SEND> " +"operations." +msgstr "" + +#. Tycho Andersen mentioned that there are alternatives to /proc/PID/mem, +#. such as ptrace() and /proc/PID/map_files +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The information in the notification can be used to discover the values of " +"pointer arguments for the target's system call. (This is something that " +"can't be done from within a seccomp filter.) One way in which the " +"supervisor can do this is to open the corresponding I</proc/>tidI</mem> file " +"(see B<proc>(5)) and read bytes from the location that corresponds to one " +"of the pointer arguments whose value is supplied in the notification event. " +"(The supervisor must be careful to avoid a race condition that can occur " +"when doing this; see the description of the B<SECCOMP_IOCTL_NOTIF_ID_VALID> " +"B<ioctl>(2) operation below.) In addition, the supervisor can access other " +"system information that is visible in user space but which is not accessible " +"from a seccomp filter." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(7)" +msgstr "(7)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Having obtained information as per the previous step, the supervisor may " +"then choose to perform an action in response to the target's system call " +"(which, as noted above, is not executed when the seccomp filter returns the " +"B<SECCOMP_RET_USER_NOTIF> action value)." +msgstr "" + +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"One example use case here relates to containers. The target may be located " +"inside a container where it does not have sufficient capabilities to mount a " +"filesystem in the container's mount namespace. However, the supervisor may " +"be a more privileged process that does have sufficient capabilities to " +"perform the mount operation." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(8)" +msgstr "(8)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The supervisor then sends a response to the notification. The information " +"in this response is used by the kernel to construct a return value for the " +"target's system call and provide a value that will be assigned to the " +"I<errno> variable of the target." +msgstr "" + +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The response is sent using the B<SECCOMP_IOCTL_NOTIF_SEND> B<ioctl>(2) " +"operation, which is used to transmit a I<seccomp_notif_resp> structure to " +"the kernel. This structure includes a cookie value that the supervisor " +"obtained in the I<seccomp_notif> structure returned by the " +"B<SECCOMP_IOCTL_NOTIF_RECV> operation. This cookie value allows the kernel " +"to associate the response with the target. This structure must include the " +"cookie value that the supervisor obtained in the I<seccomp_notif> structure " +"returned by the B<SECCOMP_IOCTL_NOTIF_RECV> operation; the cookie allows the " +"kernel to associate the response with the target." +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(9)" +msgstr "(9)" + +#. ------------------------------------- +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Once the notification has been sent, the system call in the target thread " +"unblocks, returning the information that was provided by the supervisor in " +"the notification response." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"As a variation on the last two steps, the supervisor can send a response " +"that tells the kernel that it should execute the target thread's system " +"call; see the discussion of B<SECCOMP_USER_NOTIF_FLAG_CONTINUE>, below." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "OPTIONS" +msgid "IOCTL OPERATIONS" +msgstr "ПАРАМЕТРЫ" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The following B<ioctl>(2) operations are supported by the seccomp user-" +"space notification file descriptor. For each of these operations, the first " +"(file descriptor) argument of B<ioctl>(2) is the listening file descriptor " +"returned by a call to B<seccomp>(2) with the " +"B<SECCOMP_FILTER_FLAG_NEW_LISTENER> flag." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SECCOMP_IOCTL_NOTIF_RECV" +msgstr "SECCOMP_IOCTL_NOTIF_RECV" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_IOCTL_NOTIF_RECV> operation (available since Linux 5.0) is " +"used to obtain a user-space notification event. If no such event is " +"currently pending, the operation blocks until an event occurs. The third " +"B<ioctl>(2) argument is a pointer to a structure of the following form " +"which contains information about the event. This structure must be zeroed " +"out before the call." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"struct seccomp_notif {\n" +" __u64 id; /* Cookie */\n" +" __u32 pid; /* TID of target thread */\n" +" __u32 flags; /* Currently unused (0) */\n" +" struct seccomp_data data; /* See seccomp(2) */\n" +"};\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "The fields in this structure are as follows:" +msgstr "Поля этой структуры имеют следующее назначение:" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<id>" +msgstr "I<id>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is a cookie for the notification. Each such cookie is guaranteed to be " +"unique for the corresponding seccomp filter." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The cookie can be used with the B<SECCOMP_IOCTL_NOTIF_ID_VALID> B<ioctl>(2) " +"operation described below." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When returning a notification response to the kernel, the supervisor must " +"include the cookie value in the I<seccomp_notif_resp> structure that is " +"specified as the argument of the B<SECCOMP_IOCTL_NOTIF_SEND> operation." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<pid>" +msgstr "I<pid>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is the thread ID of the target thread that triggered the notification " +"event." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<flags>" +msgstr "I<flags>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is a bit mask of flags providing further information on the event. In " +"the current implementation, this field is always zero." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<data>" +msgstr "I<data>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is a I<seccomp_data> structure containing information about the system " +"call that triggered the notification. This is the same structure that is " +"passed to the seccomp filter. See B<seccomp>(2) for details of this " +"structure." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "On success, B<shmdt>() returns 0; on error -1 is returned, and I<errno> " +#| "is set to indicate the cause of the error." +msgid "" +"On success, this operation returns 0; on failure, -1 is returned, and " +"I<errno> is set to indicate the cause of the error. This operation can fail " +"with the following errors:" +msgstr "" +"При успешном выполнении B<shmdt>() возвращается 0; при ошибке возвращается " +"-1, а в I<errno> содержится код ошибки." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<EINVAL> (since Linux 5.5)" +msgstr "B<EINVAL> (начиная с Linux 5.5)" + +#. commit 2882d53c9c6f3b8311d225062522f03772cf0179 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The I<seccomp_notif> structure that was passed to the call contained nonzero " +"fields." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<ENOENT>" +msgstr "B<ENOENT>" + +# +# +# +# +# +#. FIXME +#. From my experiments, +#. it appears that if a SECCOMP_IOCTL_NOTIF_RECV is done after +#. the target thread terminates, then the ioctl() simply +#. blocks (rather than returning an error to indicate that the +#. target no longer exists). +#. I found that surprising, and it required some contortions in +#. the example program. It was not possible to code my SIGCHLD +#. handler (which reaps the zombie when the worker/target +#. terminates) to simply set a flag checked in the main +#. handleNotifications() loop, since this created an +#. unavoidable race where the child might terminate just after +#. I had checked the flag, but before I blocked (forever!) in the +#. SECCOMP_IOCTL_NOTIF_RECV operation. Instead, I had to code +#. the signal handler to simply call _exit(2) in order to +#. terminate the parent process (the supervisor). +#. Is this expected behavior? It seems to me rather +#. desirable that SECCOMP_IOCTL_NOTIF_RECV should give an error +#. if the target has terminated. +#. Jann posted a patch to rectify this, but there was no response +#. (Lore link: https://bit.ly/3jvUBxk) to his question about fixing +#. this issue. (I've tried building with the patch, but encountered +#. an issue with the target process entering D state after a signal.) +#. For now, this behavior is documented in BUGS. +#. Kees Cook commented: Let's change [this] ASAP! +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The target thread was killed by a signal as the notification information was " +"being generated, or the target's (blocked) system call was interrupted by a " +"signal handler." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SECCOMP_IOCTL_NOTIF_ID_VALID" +msgstr "SECCOMP_IOCTL_NOTIF_ID_VALID" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_IOCTL_NOTIF_ID_VALID> operation (available since Linux 5.0) is " +"used to check that a notification ID returned by an earlier " +"B<SECCOMP_IOCTL_NOTIF_RECV> operation is still valid (i.e., that the target " +"still exists and its system call is still blocked waiting for a response)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The third B<ioctl>(2) argument is a pointer to the cookie (I<id>) returned " +"by the B<SECCOMP_IOCTL_NOTIF_RECV> operation." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This operation is necessary to avoid race conditions that can occur when the " +"I<pid> returned by the B<SECCOMP_IOCTL_NOTIF_RECV> operation terminates, and " +"that process ID is reused by another process. An example of this kind of " +"race is the following" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A notification is generated on the listening file descriptor. The returned " +"I<seccomp_notif> contains the TID of the target thread (in the I<pid> field " +"of the structure)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "The stat structure" +msgid "The target terminates." +msgstr "Структура stat" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Another thread or process is created on the system that by chance reuses the " +"TID that was freed when the target terminated." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The supervisor B<open>(2)s the I</proc/>tidI</mem> file for the TID obtained " +"in step 1, with the intention of (say) inspecting the memory location(s) " +"that containing the argument(s) of the system call that triggered the " +"notification in step 1." +msgstr "" + +#. Jann Horn: +#. the PID can be reused, but the /proc/$pid directory is +#. internally not associated with the numeric PID, but, +#. conceptually speaking, with a specific incarnation of the +#. PID, or something like that. (Actually, it is associated +#. with the "struct pid", which is not reused, instead of the +#. numeric PID. +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the above scenario, the risk is that the supervisor may try to access the " +"memory of a process other than the target. This race can be avoided by " +"following the call to B<open>(2) with a B<SECCOMP_IOCTL_NOTIF_ID_VALID> " +"operation to verify that the process that generated the notification is " +"still alive. (Note that if the target terminates after the latter step, a " +"subsequent B<read>(2) from the file descriptor may return 0, indicating end " +"of file.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"See NOTES for a discussion of other cases where " +"B<SECCOMP_IOCTL_NOTIF_ID_VALID> checks must be performed." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"On success (i.e., the notification ID is still valid), this operation " +"returns 0. On failure (i.e., the notification ID is no longer valid), -1 is " +"returned, and I<errno> is set to B<ENOENT>." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SECCOMP_IOCTL_NOTIF_SEND" +msgstr "SECCOMP_IOCTL_NOTIF_SEND" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_IOCTL_NOTIF_SEND> operation (available since Linux 5.0) is " +"used to send a notification response back to the kernel. The third " +"B<ioctl>(2) argument of this structure is a pointer to a structure of the " +"following form:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"struct seccomp_notif_resp {\n" +" __u64 id; /* Cookie value */\n" +" __s64 val; /* Success return value */\n" +" __s32 error; /* 0 (success) or negative error number */\n" +" __u32 flags; /* See below */\n" +"};\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "The fields of this structure are as follows:" +msgstr "Поля этой структуры имеют следующее назначение:" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is the cookie value that was obtained using the " +"B<SECCOMP_IOCTL_NOTIF_RECV> operation. This cookie value allows the kernel " +"to correctly associate this response with the system call that triggered the " +"user-space notification." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<val>" +msgstr "I<val>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is the value that will be used for a spoofed success return for the " +"target's system call; see below." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<error>" +msgstr "I<error>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is the value that will be used as the error number (I<errno>) for a " +"spoofed error return for the target's system call; see below." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "The I<flags> argument is a bit mask that is composed by ORing together " +#| "zero or more of the following values:" +msgid "This is a bit mask that includes zero or more of the following flags:" +msgstr "" +"Аргумент I<flags> представляет собой битовую маску, которая составляется " +"логическим сложением (OR) следующих значений:" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> (since Linux 5.5)" +msgstr "B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> (начиная с Linux 5.5)" + +#. commit fb3c5386b382d4097476ce9647260fc89b34afdb +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Tell the kernel to execute the target's system call." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Two kinds of response are possible:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A response to the kernel telling it to execute the target's system call. In " +"this case, the I<flags> field includes B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> " +"and the I<error> and I<val> fields must be zero." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This kind of response can be useful in cases where the supervisor needs to " +"do deeper analysis of the target's system call than is possible from a " +"seccomp filter (e.g., examining the values of pointer arguments), and, " +"having decided that the system call does not require emulation by the " +"supervisor, the supervisor wants the system call to be executed normally in " +"the target." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> flag should be used with caution; " +"see NOTES." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A spoofed return value for the target's system call. In this case, the " +"kernel does not execute the target's system call, instead causing the system " +"call to return a spoofed value as specified by fields of the " +"I<seccomp_notif_resp> structure. The supervisor should set the fields of " +"this structure as follows:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<flags> does not contain B<SECCOMP_USER_NOTIF_FLAG_CONTINUE>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<error> is set either to 0 for a spoofed \"success\" return or to a " +"negative error number for a spoofed \"failure\" return. In the former case, " +"the kernel causes the target's system call to return the value specified in " +"the I<val> field. In the latter case, the kernel causes the target's system " +"call to return -1, and I<errno> is assigned the negated I<error> value." +msgstr "" + +# +# +# +#. FIXME +#. Kees Cook suggested: +#. Strictly speaking, this is architecture specific, but +#. all architectures do it this way. Should seccomp enforce +#. val == 0 when err != 0 ? +#. Christian Brauner +#. Feels like it should, at least for the SEND ioctl where we already +#. verify that val and err are both 0 when CONTINUE is specified (as you +#. pointed out correctly above). +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<val> is set to a value that will be used as the return value for a spoofed " +"\"success\" return for the target's system call. The value in this field is " +"ignored if the I<error> field contains a nonzero value." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<EINPROGRESS>" +msgstr "B<EINPROGRESS>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "A response to this notification has already been sent." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<EINVAL>" +msgstr "B<EINVAL>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "An invalid flag value was specified in I<flags>." +msgid "An invalid value was specified in the I<flags field.>" +msgstr "В I<flags> указано неверное значение флага." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The I<flags> field contained B<SECCOMP_USER_NOTIF_FLAG_CONTINUE>, and the " +"I<error> or I<val> field was not zero." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "The call was interrupted by a signal handler; see B<signal>(7)." +msgid "" +"The blocked system call in the target has been interrupted by a signal " +"handler or the target has terminated." +msgstr "Вызов был прерван обработчиком сигнала; смотрите B<signal>(7)." + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SECCOMP_IOCTL_NOTIF_ADDFD" +msgstr "SECCOMP_IOCTL_NOTIF_ADDFD" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_IOCTL_NOTIF_ADDFD> operation (available since Linux 5.9) " +"allows the supervisor to install a file descriptor into the target's file " +"descriptor table. Much like the use of B<SCM_RIGHTS> messages described in " +"B<unix>(7), this operation is semantically equivalent to duplicating a file " +"descriptor from the supervisor's file descriptor table into the target's " +"file descriptor table." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_IOCTL_NOTIF_ADDFD> operation permits the supervisor to emulate " +"a target system call (such as B<socket>(2) or B<openat>(2)) that generates " +"a file descriptor. The supervisor can perform the system call that " +"generates the file descriptor (and associated open file description) and " +"then use this operation to allocate a file descriptor that refers to the " +"same open file description in the target. (For an explanation of open file " +"descriptions, see B<open>(2).)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Once this operation has been performed, the supervisor can close its copy of " +"the file descriptor." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the target, the received file descriptor is subject to the same Linux " +"Security Module (LSM) checks as are applied to a file descriptor that is " +"received in an B<SCM_RIGHTS> ancillary message. If the file descriptor " +"refers to a socket, it inherits the cgroup version 1 network controller " +"settings (I<classid> and I<netprioidx>) of the target." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Both of these system calls take an argument that is a pointer to a " +#| "structure of the following type:" +msgid "" +"The third B<ioctl>(2) argument is a pointer to a structure of the following " +"form:" +msgstr "Этим системным вызовам передаётся указатель на структуру вида:" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"struct seccomp_notif_addfd {\n" +" __u64 id; /* Cookie value */\n" +" __u32 flags; /* Flags */\n" +" __u32 srcfd; /* Local file descriptor number */\n" +" __u32 newfd; /* 0 or desired file descriptor\n" +" number in target */\n" +" __u32 newfd_flags; /* Flags to set on target file\n" +" descriptor */\n" +"};\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This field should be set to the notification ID (cookie value) that was " +"obtained via B<SECCOMP_IOCTL_NOTIF_RECV>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This field is a bit mask of flags that modify the behavior of the " +"operation. Currently, only one flag is supported:" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECCOMP_ADDFD_FLAG_SETFD>" +msgstr "B<SECCOMP_ADDFD_FLAG_SETFD>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When allocating the file descriptor in the target, use the file descriptor " +"number specified in the I<newfd> field." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECCOMP_ADDFD_FLAG_SEND> (since Linux 5.14)" +msgstr "B<SECCOMP_ADDFD_FLAG_SEND> (начиная с Linux 5.14)" + +#. commit 0ae71c7720e3ae3aabd2e8a072d27f7bd173d25c +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Perform the equivalent of B<SECCOMP_IOCTL_NOTIF_ADDFD> plus " +"B<SECCOMP_IOCTL_NOTIF_SEND> as an atomic operation. On successful " +"invocation, the target process's I<errno> will be 0 and the return value " +"will be the file descriptor number that was allocated in the target. If " +"allocating the file descriptor in the target fails, the target's system call " +"continues to be blocked until a successful response is sent." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<srcfd>" +msgstr "I<srcfd>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "The per-process limit on the number of open file descriptors has been " +#| "reached." +msgid "" +"This field should be set to the number of the file descriptor in the " +"supervisor that is to be duplicated." +msgstr "" +"Было достигнуто ограничение по количеству открытых файловых дескрипторов на " +"процесс." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<newfd>" +msgstr "I<newfd>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This field determines which file descriptor number is allocated in the " +"target. If the B<SECCOMP_ADDFD_FLAG_SETFD> flag is set, then this field " +"specifies which file descriptor number should be allocated. If this file " +"descriptor number is already open in the target, it is atomically closed and " +"reused. If the descriptor duplication fails due to an LSM check, or if " +"I<srcfd> is not a valid file descriptor, the file descriptor I<newfd> will " +"not be closed in the target process." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the B<SECCOMP_ADDFD_FLAG_SETFD> flag it not set, then this field must be " +"0, and the kernel allocates the lowest unused file descriptor number in the " +"target." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<newfd_flags>" +msgstr "I<newfd_flags>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This field is a bit mask specifying flags that should be set on the file " +"descriptor that is received in the target process. Currently, only the " +"following flag is implemented:" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<O_CLOEXEC>" +msgstr "B<O_CLOEXEC>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Set the close-on-exec flag on the received file descriptor." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"On success, this B<ioctl>(2) call returns the number of the file descriptor " +"that was allocated in the target. Assuming that the emulated system call is " +"one that returns a file descriptor as its function result (e.g., " +"B<socket>(2)), this value can be used as the return value (I<resp.val>) " +"that is supplied in the response that is subsequently sent with the " +"B<SECCOMP_IOCTL_NOTIF_SEND> operation." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"On error, -1 is returned and I<errno> is set to indicate the cause of the " +"error." +msgstr "При ошибке возвращается -1, а в I<errno> содержится код ошибки." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "B<seccomp>() can fail for the following reasons:" +msgid "This operation can fail with the following errors:" +msgstr "" +"Функция B<seccomp>() может завершиться с ошибкой по следующим причинам:" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<EBADF>" +msgstr "B<EBADF>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Allocating the file descriptor in the target would cause the target's " +"B<RLIMIT_NOFILE> limit to be exceeded (see B<getrlimit>(2))." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<EBUSY>" +msgstr "B<EBUSY>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the flag B<SECCOMP_IOCTL_NOTIF_SEND> is used, this means the operation " +"can't proceed until other B<SECCOMP_IOCTL_NOTIF_ADDFD> requests are " +"processed." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The user-space notification specified in the I<id> field exists but has not " +"yet been fetched (by a B<SECCOMP_IOCTL_NOTIF_RECV>) or has already been " +"responded to (by a B<SECCOMP_IOCTL_NOTIF_SEND>)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"An invalid flag was specified in the I<flags> or I<newfd_flags> field, or " +"the I<newfd> field is nonzero and the B<SECCOMP_ADDFD_FLAG_SETFD> flag was " +"not specified in the I<flags> field." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<EMFILE>" +msgstr "B<EMFILE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The file descriptor number specified in I<newfd> exceeds the limit specified " +"in I</proc/sys/fs/nr_open>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Here is some sample code (with error handling omitted) that uses the " +"B<SECCOMP_ADDFD_FLAG_SETFD> operation (here, to emulate a call to " +"B<openat>(2)):" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"int fd, removeFd;\n" +"\\&\n" +"fd = openat(req-E<gt>data.args[0], path, req-E<gt>data.args[2],\n" +" req-E<gt>data.args[3]);\n" +"\\&\n" +"struct seccomp_notif_addfd addfd;\n" +"addfd.id = req-E<gt>id; /* Cookie from SECCOMP_IOCTL_NOTIF_RECV */\n" +"addfd.srcfd = fd;\n" +"addfd.newfd = 0;\n" +"addfd.flags = 0;\n" +"addfd.newfd_flags = O_CLOEXEC;\n" +"\\&\n" +"targetFd = ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);\n" +"\\&\n" +"close(fd); /* No longer needed in supervisor */\n" +"\\&\n" +"struct seccomp_notif_resp *resp;\n" +" /* Code to allocate 'resp' omitted */\n" +"resp-E<gt>id = req-E<gt>id;\n" +"resp-E<gt>error = 0; /* \"Success\" */\n" +"resp-E<gt>val = targetFd;\n" +"resp-E<gt>flags = 0;\n" +"ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_SEND, resp);\n" +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "NOTES" +msgstr "ЗАМЕЧАНИЯ" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"One example use case for the user-space notification mechanism is to allow a " +"container manager (a process which is typically running with more privilege " +"than the processes inside the container) to mount block devices or create " +"device nodes for the container. The mount use case provides an example of " +"where the B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> B<ioctl>(2) operation is " +"useful. Upon receiving a notification for the B<mount>(2) system call, the " +"container manager (the \"supervisor\") can distinguish a request to mount a " +"block filesystem (which would not be possible for a \"target\" process " +"inside the container) and mount that file system. If, on the other hand, " +"the container manager detects that the operation could be performed by the " +"process inside the container (e.g., a mount of a B<tmpfs>(5) filesystem), " +"it can notify the kernel that the target process's B<mount>(2) system call " +"can continue." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "epoll(7) semantics" +msgid "select()/poll()/epoll semantics" +msgstr "Поведение epoll(7)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The file descriptor returned when B<seccomp>(2) is employed with the " +"B<SECCOMP_FILTER_FLAG_NEW_LISTENER> flag can be monitored using B<poll>(2), " +"B<epoll>(7), and B<select>(2). These interfaces indicate that the file " +"descriptor is ready as follows:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When a notification is pending, these interfaces indicate that the file " +"descriptor is readable. Following such an indication, a subsequent " +"B<SECCOMP_IOCTL_NOTIF_RECV> B<ioctl>(2) will not block, returning either " +"information about a notification or else failing with the error B<EINTR> if " +"the target has been killed by a signal or its system call has been " +"interrupted by a signal handler." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"After the notification has been received (i.e., by the " +"B<SECCOMP_IOCTL_NOTIF_RECV> B<ioctl>(2) operation), these interfaces " +"indicate that the file descriptor is writable, meaning that a notification " +"response can be sent using the B<SECCOMP_IOCTL_NOTIF_SEND> B<ioctl>(2) " +"operation." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"After the last thread using the filter has terminated and been reaped using " +"B<waitpid>(2) (or similar), the file descriptor indicates an end-of-file " +"condition (readable in B<select>(2); B<POLLHUP>/B<EPOLLHUP> in B<poll>(2)/ " +"B<epoll_wait>(2))." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Design goals; use of SECCOMP_USER_NOTIF_FLAG_CONTINUE" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The intent of the user-space notification feature is to allow system calls " +"to be performed on behalf of the target. The target's system call should " +"either be handled by the supervisor or allowed to continue normally in the " +"kernel (where standard security policies will be applied)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"B<Note well>: this mechanism must not be used to make security policy " +"decisions about the system call, which would be inherently race-prone for " +"reasons described next." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> flag must be used with caution. If " +"set by the supervisor, the target's system call will continue. However, " +"there is a time-of-check, time-of-use race here, since an attacker could " +"exploit the interval of time where the target is blocked waiting on the " +"\"continue\" response to do things such as rewriting the system call " +"arguments." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note furthermore that a user-space notifier can be bypassed if the existing " +"filters allow the use of B<seccomp>(2) or B<prctl>(2) to install a filter " +"that returns an action value with a higher precedence than " +"B<SECCOMP_RET_USER_NOTIF> (see B<seccomp>(2))." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"It should thus be absolutely clear that the seccomp user-space notification " +"mechanism B<can not> be used to implement a security policy! It should only " +"ever be used in scenarios where a more privileged process supervises the " +"system calls of a lesser privileged target to get around kernel-enforced " +"security restrictions when the supervisor deems this safe. In other words, " +"in order to continue a system call, the supervisor should be sure that " +"another security mechanism or the kernel itself will sufficiently block the " +"system call if its arguments are rewritten to something unsafe." +msgstr "" + +#. type: SS +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Caveats regarding the use of I</proc/>tidI</mem>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The discussion above noted the need to use the " +"B<SECCOMP_IOCTL_NOTIF_ID_VALID> B<ioctl>(2) when opening the I</proc/>tidI</" +"mem> file of the target to avoid the possibility of accessing the memory of " +"the wrong process in the event that the target terminates and its ID is " +"recycled by another (unrelated) thread. However, the use of this " +"B<ioctl>(2) operation is also necessary in other situations, as explained " +"in the following paragraphs." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Consider the following scenario, where the supervisor tries to read the " +"pathname argument of a target's blocked B<mount>(2) system call:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"From one of its functions (I<func()>), the target calls B<mount>(2), which " +"triggers a user-space notification and causes the target to block." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The supervisor receives the notification, opens I</proc/>tidI</mem>, and " +"(successfully) performs the B<SECCOMP_IOCTL_NOTIF_ID_VALID> check." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "The target receives a signal, which causes the B<mount>(2) to abort." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "The signal handler executes in the target, and returns." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Upon return from the handler, the execution of I<func()> resumes, and it " +"returns (and perhaps other functions are called, overwriting the memory that " +"had been used for the stack frame of I<func()>)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Using the address provided in the notification information, the supervisor " +"reads from the target's memory location that used to contain the pathname." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The supervisor now calls B<mount>(2) with some arbitrary bytes obtained in " +"the previous step." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The conclusion from the above scenario is this: since the target's blocked " +"system call may be interrupted by a signal handler, the supervisor must be " +"written to expect that the target may abandon its system call at B<any> " +"time; in such an event, any information that the supervisor obtained from " +"the target's memory must be considered invalid." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"To prevent such scenarios, every read from the target's memory must be " +"separated from use of the bytes so obtained by a " +"B<SECCOMP_IOCTL_NOTIF_ID_VALID> check. In the above example, the check " +"would be placed between the two final steps. An example of such a check is " +"shown in EXAMPLES." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Following on from the above, it should be clear that a write by the " +"supervisor into the target's memory can B<never> be considered safe." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Caveats regarding blocking system calls" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Suppose that the target performs a blocking system call (e.g., " +"B<accept>(2)) that the supervisor should handle. The supervisor might then " +"in turn execute the same blocking system call." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In this scenario, it is important to note that if the target's system call " +"is now interrupted by a signal, the supervisor is I<not> informed of this. " +"If the supervisor does not take suitable steps to actively discover that the " +"target's system call has been canceled, various difficulties can occur. " +"Taking the example of B<accept>(2), the supervisor might remain blocked in " +"its B<accept>(2) holding a port number that the target (which, after the " +"interruption by the signal handler, perhaps closed its listening socket) " +"might expect to be able to reuse in a B<bind>(2) call." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Therefore, when the supervisor wishes to emulate a blocking system call, it " +"must do so in such a way that it gets informed if the target's system call " +"is interrupted by a signal handler. For example, if the supervisor itself " +"executes the same blocking system call, then it could employ a separate " +"thread that uses the B<SECCOMP_IOCTL_NOTIF_ID_VALID> operation to check if " +"the target is still blocked in its system call. Alternatively, in the " +"B<accept>(2) example, the supervisor might use B<poll>(2) to monitor both " +"the notification file descriptor (so as to discover when the target's " +"B<accept>(2) call has been interrupted) and the listening file descriptor " +"(so as to know when a connection is available)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the target's system call is interrupted, the supervisor must take care to " +"release resources (e.g., file descriptors) that it acquired on behalf of " +"the target." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Interaction with SA_RESTART signal handlers" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Note the following:" +msgid "Consider the following scenario:" +msgstr "Также заметим следующее:" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The target process has used B<sigaction>(2) to install a signal handler " +"with the B<SA_RESTART> flag." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The target has made a system call that triggered a seccomp user-space " +"notification and the target is currently blocked until the supervisor sends " +"a notification response." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "A signal is delivered to the target and the signal handler is executed." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When (if) the supervisor attempts to send a notification response, the " +"B<SECCOMP_IOCTL_NOTIF_SEND> B<ioctl>(2)) operation will fail with the " +"B<ENOENT> error." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In this scenario, the kernel will restart the target's system call. " +"Consequently, the supervisor will receive another user-space notification. " +"Thus, depending on how many times the blocked system call is interrupted by " +"a signal handler, the supervisor may receive multiple notifications for the " +"same instance of a system call in the target." +msgstr "" + +# +# +#. FIXME +#. About the above, Kees Cook commented: +#. Does this need fixing? I imagine the correct behavior for this case +#. would be a response to _SEND of EINPROGRESS and the target would see +#. EINTR normally? +#. I mean, it's not like seccomp doesn't already expose weirdness with +#. syscall restarts. Not even arm64 compat agrees[3] with arm32 in this +#. regard. :( +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"One oddity is that system call restarting as described in this scenario will " +"occur even for the blocking system calls listed in B<signal>(7) that would " +"B<never> normally be restarted by the B<SA_RESTART> flag." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Furthermore, if the supervisor response is a file descriptor added with " +"B<SECCOMP_IOCTL_NOTIF_ADDFD>, then the flag B<SECCOMP_ADDFD_FLAG_SEND> can " +"be used to atomically add the file descriptor and return that value, making " +"sure no file descriptors are inadvertently leaked into the target." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "BUGS" +msgstr "ДЕФЕКТЫ" + +# +#. or a poll/epoll/select +#. FIXME +#. Comment from Kees Cook: +#. I want this fixed. It caused me no end of pain when building the +#. selftests, and ended up spawning my implementing a global test timeout +#. in kselftest. :P Before the usage counter refactor, there was no sane +#. way to deal with this, but now I think we're close. +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If a B<SECCOMP_IOCTL_NOTIF_RECV> B<ioctl>(2) operation is performed after " +"the target terminates, then the B<ioctl>(2) call simply blocks (rather than " +"returning an error to indicate that the target no longer exists)." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "EXAMPLES" +msgstr "ПРИМЕРЫ" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The (somewhat contrived) program shown below demonstrates the use of the " +"interfaces described in this page. The program creates a child process that " +"serves as the \"target\" process. The child process installs a seccomp " +"filter that returns the B<SECCOMP_RET_USER_NOTIF> action value if a call is " +"made to B<mkdir>(2). The child process then calls B<mkdir>(2) once for " +"each of the supplied command-line arguments, and reports the result returned " +"by the call. After processing all arguments, the child process terminates." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The parent process acts as the supervisor, listening for the notifications " +"that are generated when the target process calls B<mkdir>(2). When such a " +"notification occurs, the supervisor examines the memory of the target " +"process (using I</proc/>pidI</mem>) to discover the pathname argument that " +"was supplied to the B<mkdir>(2) call, and performs one of the following " +"actions:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the pathname begins with the prefix \"/tmp/\", then the supervisor " +"attempts to create the specified directory, and then spoofs a return for the " +"target process based on the return value of the supervisor's B<mkdir>(2) " +"call. In the event that that call succeeds, the spoofed success return " +"value is the length of the pathname." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the pathname begins with \"./\" (i.e., it is a relative pathname), the " +"supervisor sends a B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> response to the " +"kernel to say that the kernel should execute the target process's " +"B<mkdir>(2) call." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the pathname begins with some other prefix, the supervisor spoofs an " +"error return for the target process, so that the target process's " +"B<mkdir>(2) call appears to fail with the error B<EOPNOTSUPP> (\"Operation " +"not supported\"). Additionally, if the specified pathname is exactly \"/" +"bye\", then the supervisor terminates." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This program can be used to demonstrate various aspects of the behavior of " +"the seccomp user-space notification mechanism. To help aid such " +"demonstrations, the program logs various messages to show the operation of " +"the target process (lines prefixed \"T:\") and the supervisor (indented " +"lines prefixed \"S:\")." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the following example, the target attempts to create the directory I</tmp/" +"x>. Upon receiving the notification, the supervisor creates the directory " +"on the target's behalf, and spoofs a success return to be received by the " +"target process's B<mkdir>(2) call." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /tmp/x>\n" +"T: PID = 23168\n" +"\\&\n" +"T: about to mkdir(\"/tmp/x\")\n" +" S: got notification (ID 0x17445c4a0f4e0e3c) for PID 23168\n" +" S: executing: mkdir(\"/tmp/x\", 0700)\n" +" S: success! spoofed return = 6\n" +" S: sending response (flags = 0; val = 6; error = 0)\n" +"T: SUCCESS: mkdir(2) returned 6\n" +"\\&\n" +"T: terminating\n" +" S: target has terminated; bye\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the above output, note that the spoofed return value seen by the target " +"process is 6 (the length of the pathname I</tmp/x>), whereas a normal " +"B<mkdir>(2) call returns 0 on success." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the next example, the target attempts to create a directory using the " +"relative pathname I<./sub>. Since this pathname starts with \"./\", the " +"supervisor sends a B<SECCOMP_USER_NOTIF_FLAG_CONTINUE> response to the " +"kernel, and the kernel then (successfully) executes the target process's " +"B<mkdir>(2) call." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"$ B<./seccomp_unotify ./sub>\n" +"T: PID = 23204\n" +"\\&\n" +"T: about to mkdir(\"./sub\")\n" +" S: got notification (ID 0xddb16abe25b4c12) for PID 23204\n" +" S: target can execute system call\n" +" S: sending response (flags = 0x1; val = 0; error = 0)\n" +"T: SUCCESS: mkdir(2) returned 0\n" +"\\&\n" +"T: terminating\n" +" S: target has terminated; bye\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the target process attempts to create a directory with a pathname that " +"doesn't start with \".\" and doesn't begin with the prefix \"/tmp/\", then " +"the supervisor spoofs an error return (B<EOPNOTSUPP>, \"Operation not " +"supported\") for the target's B<mkdir>(2) call (which is not executed):" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /xxx>\n" +"T: PID = 23178\n" +"\\&\n" +"T: about to mkdir(\"/xxx\")\n" +" S: got notification (ID 0xe7dc095d1c524e80) for PID 23178\n" +" S: spoofing error response (Operation not supported)\n" +" S: sending response (flags = 0; val = 0; error = -95)\n" +"T: ERROR: mkdir(2): Operation not supported\n" +"\\&\n" +"T: terminating\n" +" S: target has terminated; bye\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the next example, the target process attempts to create a directory with " +"the pathname B</tmp/nosuchdir/b>. Upon receiving the notification, the " +"supervisor attempts to create that directory, but the B<mkdir>(2) call " +"fails because the directory B</tmp/nosuchdir> does not exist. Consequently, " +"the supervisor spoofs an error return that passes the error that it received " +"back to the target process's B<mkdir>(2) call." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /tmp/nosuchdir/b>\n" +"T: PID = 23199\n" +"\\&\n" +"T: about to mkdir(\"/tmp/nosuchdir/b\")\n" +" S: got notification (ID 0x8744454293506046) for PID 23199\n" +" S: executing: mkdir(\"/tmp/nosuchdir/b\", 0700)\n" +" S: failure! (errno = 2; No such file or directory)\n" +" S: sending response (flags = 0; val = 0; error = -2)\n" +"T: ERROR: mkdir(2): No such file or directory\n" +"\\&\n" +"T: terminating\n" +" S: target has terminated; bye\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the supervisor receives a notification and sees that the argument of the " +"target's B<mkdir>(2) is the string \"/bye\", then (as well as spoofing an " +"B<EOPNOTSUPP> error), the supervisor terminates. If the target process " +"subsequently executes another B<mkdir>(2) that triggers its seccomp filter " +"to return the B<SECCOMP_RET_USER_NOTIF> action value, then the kernel causes " +"the target process's system call to fail with the error B<ENOSYS> " +"(\"Function not implemented\"). This is demonstrated by the following " +"example:" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /bye /tmp/y>\n" +"T: PID = 23185\n" +"\\&\n" +"T: about to mkdir(\"/bye\")\n" +" S: got notification (ID 0xa81236b1d2f7b0f4) for PID 23185\n" +" S: spoofing error response (Operation not supported)\n" +" S: sending response (flags = 0; val = 0; error = -95)\n" +" S: terminating **********\n" +"T: ERROR: mkdir(2): Operation not supported\n" +"\\&\n" +"T: about to mkdir(\"/tmp/y\")\n" +"T: ERROR: mkdir(2): Function not implemented\n" +"\\&\n" +"T: terminating\n" +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Program source" +msgstr "Исходный код программы" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"#define _GNU_SOURCE\n" +"#include E<lt>err.hE<gt>\n" +"#include E<lt>errno.hE<gt>\n" +"#include E<lt>fcntl.hE<gt>\n" +"#include E<lt>limits.hE<gt>\n" +"#include E<lt>linux/audit.hE<gt>\n" +"#include E<lt>linux/filter.hE<gt>\n" +"#include E<lt>linux/seccomp.hE<gt>\n" +"#include E<lt>signal.hE<gt>\n" +"#include E<lt>stdbool.hE<gt>\n" +"#include E<lt>stddef.hE<gt>\n" +"#include E<lt>stdint.hE<gt>\n" +"#include E<lt>stdio.hE<gt>\n" +"#include E<lt>stdlib.hE<gt>\n" +"#include E<lt>string.hE<gt>\n" +"#include E<lt>sys/ioctl.hE<gt>\n" +"#include E<lt>sys/prctl.hE<gt>\n" +"#include E<lt>sys/socket.hE<gt>\n" +"#include E<lt>sys/stat.hE<gt>\n" +"#include E<lt>sys/syscall.hE<gt>\n" +"#include E<lt>sys/types.hE<gt>\n" +"#include E<lt>sys/un.hE<gt>\n" +"#include E<lt>unistd.hE<gt>\n" +"\\&\n" +"#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))\n" +"\\&\n" +"/* Send the file descriptor \\[aq]fd\\[aq] over the connected UNIX domain socket\n" +" \\[aq]sockfd\\[aq]. Returns 0 on success, or -1 on error. */\n" +"\\&\n" +"static int\n" +"sendfd(int sockfd, int fd)\n" +"{\n" +" int data;\n" +" struct iovec iov;\n" +" struct msghdr msgh;\n" +" struct cmsghdr *cmsgp;\n" +"\\&\n" +" /* Allocate a char array of suitable size to hold the ancillary data.\n" +" However, since this buffer is in reality a \\[aq]struct cmsghdr\\[aq], use a\n" +" union to ensure that it is suitably aligned. */\n" +" union {\n" +" char buf[CMSG_SPACE(sizeof(int))];\n" +" /* Space large enough to hold an \\[aq]int\\[aq] */\n" +" struct cmsghdr align;\n" +" } controlMsg;\n" +"\\&\n" +" /* The \\[aq]msg_name\\[aq] field can be used to specify the address of the\n" +" destination socket when sending a datagram. However, we do not\n" +" need to use this field because \\[aq]sockfd\\[aq] is a connected socket. */\n" +"\\&\n" +" msgh.msg_name = NULL;\n" +" msgh.msg_namelen = 0;\n" +"\\&\n" +" /* On Linux, we must transmit at least one byte of real data in\n" +" order to send ancillary data. We transmit an arbitrary integer\n" +" whose value is ignored by recvfd(). */\n" +"\\&\n" +" msgh.msg_iov = &iov;\n" +" msgh.msg_iovlen = 1;\n" +" iov.iov_base = &data;\n" +" iov.iov_len = sizeof(int);\n" +" data = 12345;\n" +"\\&\n" +" /* Set \\[aq]msghdr\\[aq] fields that describe ancillary data */\n" +"\\&\n" +" msgh.msg_control = controlMsg.buf;\n" +" msgh.msg_controllen = sizeof(controlMsg.buf);\n" +"\\&\n" +" /* Set up ancillary data describing file descriptor to send */\n" +"\\&\n" +" cmsgp = CMSG_FIRSTHDR(&msgh);\n" +" cmsgp-E<gt>cmsg_level = SOL_SOCKET;\n" +" cmsgp-E<gt>cmsg_type = SCM_RIGHTS;\n" +" cmsgp-E<gt>cmsg_len = CMSG_LEN(sizeof(int));\n" +" memcpy(CMSG_DATA(cmsgp), &fd, sizeof(int));\n" +"\\&\n" +" /* Send real plus ancillary data */\n" +"\\&\n" +" if (sendmsg(sockfd, &msgh, 0) == -1)\n" +" return -1;\n" +"\\&\n" +" return 0;\n" +"}\n" +"\\&\n" +"/* Receive a file descriptor on a connected UNIX domain socket. Returns\n" +" the received file descriptor on success, or -1 on error. */\n" +"\\&\n" +"static int\n" +"recvfd(int sockfd)\n" +"{\n" +" int data, fd;\n" +" ssize_t nr;\n" +" struct iovec iov;\n" +" struct msghdr msgh;\n" +"\\&\n" +" /* Allocate a char buffer for the ancillary data. See the comments\n" +" in sendfd() */\n" +" union {\n" +" char buf[CMSG_SPACE(sizeof(int))];\n" +" struct cmsghdr align;\n" +" } controlMsg;\n" +" struct cmsghdr *cmsgp;\n" +"\\&\n" +" /* The \\[aq]msg_name\\[aq] field can be used to obtain the address of the\n" +" sending socket. However, we do not need this information. */\n" +"\\&\n" +" msgh.msg_name = NULL;\n" +" msgh.msg_namelen = 0;\n" +"\\&\n" +" /* Specify buffer for receiving real data */\n" +"\\&\n" +" msgh.msg_iov = &iov;\n" +" msgh.msg_iovlen = 1;\n" +" iov.iov_base = &data; /* Real data is an \\[aq]int\\[aq] */\n" +" iov.iov_len = sizeof(int);\n" +"\\&\n" +" /* Set \\[aq]msghdr\\[aq] fields that describe ancillary data */\n" +"\\&\n" +" msgh.msg_control = controlMsg.buf;\n" +" msgh.msg_controllen = sizeof(controlMsg.buf);\n" +"\\&\n" +" /* Receive real plus ancillary data; real data is ignored */\n" +"\\&\n" +" nr = recvmsg(sockfd, &msgh, 0);\n" +" if (nr == -1)\n" +" return -1;\n" +"\\&\n" +" cmsgp = CMSG_FIRSTHDR(&msgh);\n" +"\\&\n" +" /* Check the validity of the \\[aq]cmsghdr\\[aq] */\n" +"\\&\n" +" if (cmsgp == NULL\n" +" || cmsgp-E<gt>cmsg_len != CMSG_LEN(sizeof(int))\n" +" || cmsgp-E<gt>cmsg_level != SOL_SOCKET\n" +" || cmsgp-E<gt>cmsg_type != SCM_RIGHTS)\n" +" {\n" +" errno = EINVAL;\n" +" return -1;\n" +" }\n" +"\\&\n" +" /* Return the received file descriptor to our caller */\n" +"\\&\n" +" memcpy(&fd, CMSG_DATA(cmsgp), sizeof(int));\n" +" return fd;\n" +"}\n" +"\\&\n" +"static void\n" +"sigchldHandler(int sig)\n" +"{\n" +" char msg[] = \"\\etS: target has terminated; bye\\en\";\n" +"\\&\n" +" write(STDOUT_FILENO, msg, sizeof(msg) - 1);\n" +" _exit(EXIT_SUCCESS);\n" +"}\n" +"\\&\n" +"static int\n" +"seccomp(unsigned int operation, unsigned int flags, void *args)\n" +"{\n" +" return syscall(SYS_seccomp, operation, flags, args);\n" +"}\n" +"\\&\n" +"/* The following is the x86-64-specific BPF boilerplate code for checking\n" +" that the BPF program is running on the right architecture + ABI. At\n" +" completion of these instructions, the accumulator contains the system\n" +" call number. */\n" +"\\&\n" +"/* For the x32 ABI, all system call numbers have bit 30 set */\n" +"\\&\n" +"#define X32_SYSCALL_BIT 0x40000000\n" +"\\&\n" +"#define X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR \\e\n" +" BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \\e\n" +" (offsetof(struct seccomp_data, arch))), \\e\n" +" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_X86_64, 0, 2), \\e\n" +" BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \\e\n" +" (offsetof(struct seccomp_data, nr))), \\e\n" +" BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, X32_SYSCALL_BIT, 0, 1), \\e\n" +" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)\n" +"\\&\n" +"/* installNotifyFilter() installs a seccomp filter that generates\n" +" user-space notifications (SECCOMP_RET_USER_NOTIF) when the process\n" +" calls mkdir(2); the filter allows all other system calls.\n" +"\\&\n" +" The function return value is a file descriptor from which the\n" +" user-space notifications can be fetched. */\n" +"\\&\n" +"static int\n" +"installNotifyFilter(void)\n" +"{\n" +" int notifyFd;\n" +"\\&\n" +" struct sock_filter filter[] = {\n" +" X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR,\n" +"\\&\n" +" /* mkdir() triggers notification to user-space supervisor */\n" +"\\&\n" +" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SYS_mkdir, 0, 1),\n" +" BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_USER_NOTIF),\n" +"\\&\n" +" /* Every other system call is allowed */\n" +"\\&\n" +" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),\n" +" };\n" +"\\&\n" +" struct sock_fprog prog = {\n" +" .len = ARRAY_SIZE(filter),\n" +" .filter = filter,\n" +" };\n" +"\\&\n" +" /* Install the filter with the SECCOMP_FILTER_FLAG_NEW_LISTENER flag;\n" +" as a result, seccomp() returns a notification file descriptor. */\n" +"\\&\n" +" notifyFd = seccomp(SECCOMP_SET_MODE_FILTER,\n" +" SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog);\n" +" if (notifyFd == -1)\n" +" err(EXIT_FAILURE, \"seccomp-install-notify-filter\");\n" +"\\&\n" +" return notifyFd;\n" +"}\n" +"\\&\n" +"/* Close a pair of sockets created by socketpair() */\n" +"\\&\n" +"static void\n" +"closeSocketPair(int sockPair[2])\n" +"{\n" +" if (close(sockPair[0]) == -1)\n" +" err(EXIT_FAILURE, \"closeSocketPair-close-0\");\n" +" if (close(sockPair[1]) == -1)\n" +" err(EXIT_FAILURE, \"closeSocketPair-close-1\");\n" +"}\n" +"\\&\n" +"/* Implementation of the target process; create a child process that:\n" +"\\&\n" +" (1) installs a seccomp filter with the\n" +" SECCOMP_FILTER_FLAG_NEW_LISTENER flag;\n" +" (2) writes the seccomp notification file descriptor returned from\n" +" the previous step onto the UNIX domain socket, \\[aq]sockPair[0]\\[aq];\n" +" (3) calls mkdir(2) for each element of \\[aq]argv\\[aq].\n" +"\\&\n" +" The function return value in the parent is the PID of the child\n" +" process; the child does not return from this function. */\n" +"\\&\n" +"static pid_t\n" +"targetProcess(int sockPair[2], char *argv[])\n" +"{\n" +" int notifyFd, s;\n" +" pid_t targetPid;\n" +"\\&\n" +" targetPid = fork();\n" +"\\&\n" +" if (targetPid == -1)\n" +" err(EXIT_FAILURE, \"fork\");\n" +"\\&\n" +" if (targetPid E<gt> 0) /* In parent, return PID of child */\n" +" return targetPid;\n" +"\\&\n" +" /* Child falls through to here */\n" +"\\&\n" +" printf(\"T: PID = %ld\\en\", (long) getpid());\n" +"\\&\n" +" /* Install seccomp filter(s) */\n" +"\\&\n" +" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))\n" +" err(EXIT_FAILURE, \"prctl\");\n" +"\\&\n" +" notifyFd = installNotifyFilter();\n" +"\\&\n" +" /* Pass the notification file descriptor to the tracing process over\n" +" a UNIX domain socket */\n" +"\\&\n" +" if (sendfd(sockPair[0], notifyFd) == -1)\n" +" err(EXIT_FAILURE, \"sendfd\");\n" +"\\&\n" +" /* Notification and socket FDs are no longer needed in target */\n" +"\\&\n" +" if (close(notifyFd) == -1)\n" +" err(EXIT_FAILURE, \"close-target-notify-fd\");\n" +"\\&\n" +" closeSocketPair(sockPair);\n" +"\\&\n" +" /* Perform a mkdir() call for each of the command-line arguments */\n" +"\\&\n" +" for (char **ap = argv; *ap != NULL; ap++) {\n" +" printf(\"\\enT: about to mkdir(\\e\"%s\\e\")\\en\", *ap);\n" +"\\&\n" +" s = mkdir(*ap, 0700);\n" +" if (s == -1)\n" +" perror(\"T: ERROR: mkdir(2)\");\n" +" else\n" +" printf(\"T: SUCCESS: mkdir(2) returned %d\\en\", s);\n" +" }\n" +"\\&\n" +" printf(\"\\enT: terminating\\en\");\n" +" exit(EXIT_SUCCESS);\n" +"}\n" +"\\&\n" +"/* Check that the notification ID provided by a SECCOMP_IOCTL_NOTIF_RECV\n" +" operation is still valid. It will no longer be valid if the target\n" +" process has terminated or is no longer blocked in the system call that\n" +" generated the notification (because it was interrupted by a signal).\n" +"\\&\n" +" This operation can be used when doing such things as accessing\n" +" /proc/PID files in the target process in order to avoid TOCTOU race\n" +" conditions where the PID that is returned by SECCOMP_IOCTL_NOTIF_RECV\n" +" terminates and is reused by another process. */\n" +"\\&\n" +"static bool\n" +"cookieIsValid(int notifyFd, uint64_t id)\n" +"{\n" +" return ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ID_VALID, &id) == 0;\n" +"}\n" +"\\&\n" +"/* Access the memory of the target process in order to fetch the\n" +" pathname referred to by the system call argument \\[aq]argNum\\[aq] in\n" +" \\[aq]req-E<gt>data.args[]\\[aq]. The pathname is returned in \\[aq]path\\[aq],\n" +" a buffer of \\[aq]len\\[aq] bytes allocated by the caller.\n" +"\\&\n" +" Returns true if the pathname is successfully fetched, and false\n" +" otherwise. For possible causes of failure, see the comments below. */\n" +"\\&\n" +"static bool\n" +"getTargetPathname(struct seccomp_notif *req, int notifyFd,\n" +" int argNum, char *path, size_t len)\n" +"{\n" +" int procMemFd;\n" +" char procMemPath[PATH_MAX];\n" +" ssize_t nread;\n" +"\\&\n" +" snprintf(procMemPath, sizeof(procMemPath), \"/proc/%d/mem\", req-E<gt>pid);\n" +"\\&\n" +" procMemFd = open(procMemPath, O_RDONLY | O_CLOEXEC);\n" +" if (procMemFd == -1)\n" +" return false;\n" +"\\&\n" +" /* Check that the process whose info we are accessing is still alive\n" +" and blocked in the system call that caused the notification.\n" +" If the SECCOMP_IOCTL_NOTIF_ID_VALID operation (performed in\n" +" cookieIsValid()) succeeded, we know that the /proc/PID/mem file\n" +" descriptor that we opened corresponded to the process for which we\n" +" received a notification. If that process subsequently terminates,\n" +" then read() on that file descriptor will return 0 (EOF). */\n" +"\\&\n" +" if (!cookieIsValid(notifyFd, req-E<gt>id)) {\n" +" close(procMemFd);\n" +" return false;\n" +" }\n" +"\\&\n" +" /* Read bytes at the location containing the pathname argument */\n" +"\\&\n" +" nread = pread(procMemFd, path, len, req-E<gt>data.args[argNum]);\n" +"\\&\n" +" close(procMemFd);\n" +"\\&\n" +" if (nread E<lt>= 0)\n" +" return false;\n" +"\\&\n" +" /* Once again check that the notification ID is still valid. The\n" +" case we are particularly concerned about here is that just\n" +" before we fetched the pathname, the target\\[aq]s blocked system\n" +" call was interrupted by a signal handler, and after the handler\n" +" returned, the target carried on execution (past the interrupted\n" +" system call). In that case, we have no guarantees about what we\n" +" are reading, since the target\\[aq]s memory may have been arbitrarily\n" +" changed by subsequent operations. */\n" +"\\&\n" +" if (!cookieIsValid(notifyFd, req-E<gt>id)) {\n" +" perror(\"\\etS: notification ID check failed!!!\");\n" +" return false;\n" +" }\n" +"\\&\n" +" /* Even if the target\\[aq]s system call was not interrupted by a signal,\n" +" we have no guarantees about what was in the memory of the target\n" +" process. (The memory may have been modified by another thread, or\n" +" even by an external attacking process.) We therefore treat the\n" +" buffer returned by pread() as untrusted input. The buffer should\n" +" contain a terminating null byte; if not, then we will trigger an\n" +" error for the target process. */\n" +"\\&\n" +" if (strnlen(path, nread) E<lt> nread)\n" +" return true;\n" +"\\&\n" +" return false;\n" +"}\n" +"\\&\n" +"/* Allocate buffers for the seccomp user-space notification request and\n" +" response structures. It is the caller\\[aq]s responsibility to free the\n" +" buffers returned via \\[aq]req\\[aq] and \\[aq]resp\\[aq]. */\n" +"\\&\n" +"static void\n" +"allocSeccompNotifBuffers(struct seccomp_notif **req,\n" +" struct seccomp_notif_resp **resp,\n" +" struct seccomp_notif_sizes *sizes)\n" +"{\n" +" size_t resp_size;\n" +"\\&\n" +" /* Discover the sizes of the structures that are used to receive\n" +" notifications and send notification responses, and allocate\n" +" buffers of those sizes. */\n" +"\\&\n" +" if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, sizes) == -1)\n" +" err(EXIT_FAILURE, \"seccomp-SECCOMP_GET_NOTIF_SIZES\");\n" +"\\&\n" +" *req = malloc(sizes-E<gt>seccomp_notif);\n" +" if (*req == NULL)\n" +" err(EXIT_FAILURE, \"malloc-seccomp_notif\");\n" +"\\&\n" +" /* When allocating the response buffer, we must allow for the fact\n" +" that the user-space binary may have been built with user-space\n" +" headers where \\[aq]struct seccomp_notif_resp\\[aq] is bigger than the\n" +" response buffer expected by the (older) kernel. Therefore, we\n" +" allocate a buffer that is the maximum of the two sizes. This\n" +" ensures that if the supervisor places bytes into the response\n" +" structure that are past the response size that the kernel expects,\n" +" then the supervisor is not touching an invalid memory location. */\n" +"\\&\n" +" resp_size = sizes-E<gt>seccomp_notif_resp;\n" +" if (sizeof(struct seccomp_notif_resp) E<gt> resp_size)\n" +" resp_size = sizeof(struct seccomp_notif_resp);\n" +"\\&\n" +" *resp = malloc(resp_size);\n" +" if (*resp == NULL)\n" +" err(EXIT_FAILURE, \"malloc-seccomp_notif_resp\");\n" +"\\&\n" +"}\n" +"\\&\n" +"/* Handle notifications that arrive via the SECCOMP_RET_USER_NOTIF file\n" +" descriptor, \\[aq]notifyFd\\[aq]. */\n" +"\\&\n" +"static void\n" +"handleNotifications(int notifyFd)\n" +"{\n" +" bool pathOK;\n" +" char path[PATH_MAX];\n" +" struct seccomp_notif *req;\n" +" struct seccomp_notif_resp *resp;\n" +" struct seccomp_notif_sizes sizes;\n" +"\\&\n" +" allocSeccompNotifBuffers(&req, &resp, &sizes);\n" +"\\&\n" +" /* Loop handling notifications */\n" +"\\&\n" +" for (;;) {\n" +"\\&\n" +" /* Wait for next notification, returning info in \\[aq]*req\\[aq] */\n" +"\\&\n" +" memset(req, 0, sizes.seccomp_notif);\n" +" if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_RECV, req) == -1) {\n" +" if (errno == EINTR)\n" +" continue;\n" +" err(EXIT_FAILURE, \"\\etS: ioctl-SECCOMP_IOCTL_NOTIF_RECV\");\n" +" }\n" +"\\&\n" +" printf(\"\\etS: got notification (ID %#llx) for PID %d\\en\",\n" +" req-E<gt>id, req-E<gt>pid);\n" +"\\&\n" +" /* The only system call that can generate a notification event\n" +" is mkdir(2). Nevertheless, we check that the notified system\n" +" call is indeed mkdir() as kind of future-proofing of this\n" +" code in case the seccomp filter is later modified to\n" +" generate notifications for other system calls. */\n" +"\\&\n" +" if (req-E<gt>data.nr != SYS_mkdir) {\n" +" printf(\"\\etS: notification contained unexpected \"\n" +" \"system call number; bye!!!\\en\");\n" +" exit(EXIT_FAILURE);\n" +" }\n" +"\\&\n" +" pathOK = getTargetPathname(req, notifyFd, 0, path, sizeof(path));\n" +"\\&\n" +" /* Prepopulate some fields of the response */\n" +"\\&\n" +" resp-E<gt>id = req-E<gt>id; /* Response includes notification ID */\n" +" resp-E<gt>flags = 0;\n" +" resp-E<gt>val = 0;\n" +"\\&\n" +" /* If getTargetPathname() failed, trigger an EINVAL error\n" +" response (sending this response may yield an error if the\n" +" failure occurred because the notification ID was no longer\n" +" valid); if the directory is in /tmp, then create it on behalf\n" +" of the supervisor; if the pathname starts with \\[aq].\\[aq], tell the\n" +" kernel to let the target process execute the mkdir();\n" +" otherwise, give an error for a directory pathname in any other\n" +" location. */\n" +"\\&\n" +" if (!pathOK) {\n" +" resp-E<gt>error = -EINVAL;\n" +" printf(\"\\etS: spoofing error for invalid pathname (%s)\\en\",\n" +" strerror(-resp-E<gt>error));\n" +" } else if (strncmp(path, \"/tmp/\", strlen(\"/tmp/\")) == 0) {\n" +" printf(\"\\etS: executing: mkdir(\\e\"%s\\e\", %#llo)\\en\",\n" +" path, req-E<gt>data.args[1]);\n" +"\\&\n" +" if (mkdir(path, req-E<gt>data.args[1]) == 0) {\n" +" resp-E<gt>error = 0; /* \"Success\" */\n" +" resp-E<gt>val = strlen(path); /* Used as return value of\n" +" mkdir() in target */\n" +" printf(\"\\etS: success! spoofed return = %lld\\en\",\n" +" resp-E<gt>val);\n" +" } else {\n" +"\\&\n" +" /* If mkdir() failed in the supervisor, pass the error\n" +" back to the target */\n" +"\\&\n" +" resp-E<gt>error = -errno;\n" +" printf(\"\\etS: failure! (errno = %d; %s)\\en\", errno,\n" +" strerror(errno));\n" +" }\n" +" } else if (strncmp(path, \"./\", strlen(\"./\")) == 0) {\n" +" resp-E<gt>error = resp-E<gt>val = 0;\n" +" resp-E<gt>flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;\n" +" printf(\"\\etS: target can execute system call\\en\");\n" +" } else {\n" +" resp-E<gt>error = -EOPNOTSUPP;\n" +" printf(\"\\etS: spoofing error response (%s)\\en\",\n" +" strerror(-resp-E<gt>error));\n" +" }\n" +"\\&\n" +" /* Send a response to the notification */\n" +"\\&\n" +" printf(\"\\etS: sending response \"\n" +" \"(flags = %#x; val = %lld; error = %d)\\en\",\n" +" resp-E<gt>flags, resp-E<gt>val, resp-E<gt>error);\n" +"\\&\n" +" if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_SEND, resp) == -1) {\n" +" if (errno == ENOENT)\n" +" printf(\"\\etS: response failed with ENOENT; \"\n" +" \"perhaps target process\\[aq]s syscall was \"\n" +" \"interrupted by a signal?\\en\");\n" +" else\n" +" perror(\"ioctl-SECCOMP_IOCTL_NOTIF_SEND\");\n" +" }\n" +"\\&\n" +" /* If the pathname is just \"/bye\", then the supervisor breaks out\n" +" of the loop and terminates. This allows us to see what happens\n" +" if the target process makes further calls to mkdir(2). */\n" +"\\&\n" +" if (strcmp(path, \"/bye\") == 0)\n" +" break;\n" +" }\n" +"\\&\n" +" free(req);\n" +" free(resp);\n" +" printf(\"\\etS: terminating **********\\en\");\n" +" exit(EXIT_FAILURE);\n" +"}\n" +"\\&\n" +"/* Implementation of the supervisor process:\n" +"\\&\n" +" (1) obtains the notification file descriptor from \\[aq]sockPair[1]\\[aq]\n" +" (2) handles notifications that arrive on that file descriptor. */\n" +"\\&\n" +"static void\n" +"supervisor(int sockPair[2])\n" +"{\n" +" int notifyFd;\n" +"\\&\n" +" notifyFd = recvfd(sockPair[1]);\n" +"\\&\n" +" if (notifyFd == -1)\n" +" err(EXIT_FAILURE, \"recvfd\");\n" +"\\&\n" +" closeSocketPair(sockPair); /* We no longer need the socket pair */\n" +"\\&\n" +" handleNotifications(notifyFd);\n" +"}\n" +"\\&\n" +"int\n" +"main(int argc, char *argv[])\n" +"{\n" +" int sockPair[2];\n" +" struct sigaction sa;\n" +"\\&\n" +" setbuf(stdout, NULL);\n" +"\\&\n" +" if (argc E<lt> 2) {\n" +" fprintf(stderr, \"At least one pathname argument is required\\en\");\n" +" exit(EXIT_FAILURE);\n" +" }\n" +"\\&\n" +" /* Create a UNIX domain socket that is used to pass the seccomp\n" +" notification file descriptor from the target process to the\n" +" supervisor process. */\n" +"\\&\n" +" if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockPair) == -1)\n" +" err(EXIT_FAILURE, \"socketpair\");\n" +"\\&\n" +" /* Create a child process--the \"target\"--that installs seccomp\n" +" filtering. The target process writes the seccomp notification\n" +" file descriptor onto \\[aq]sockPair[0]\\[aq] and then calls mkdir(2) for\n" +" each directory in the command-line arguments. */\n" +"\\&\n" +" (void) targetProcess(sockPair, &argv[optind]);\n" +"\\&\n" +" /* Catch SIGCHLD when the target terminates, so that the\n" +" supervisor can also terminate. */\n" +"\\&\n" +" sa.sa_handler = sigchldHandler;\n" +" sa.sa_flags = 0;\n" +" sigemptyset(&sa.sa_mask);\n" +" if (sigaction(SIGCHLD, &sa, NULL) == -1)\n" +" err(EXIT_FAILURE, \"sigaction\");\n" +"\\&\n" +" supervisor(sockPair);\n" +"\\&\n" +" exit(EXIT_SUCCESS);\n" +"}\n" +msgstr "" + +#. SRC END +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SEE ALSO" +msgstr "СМ. ТАКЖЕ" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "B<ioctl>(2), B<pidfd_getfd>(2), B<pidfd_open>(2), B<seccomp>(2)" +msgstr "B<ioctl>(2), B<pidfd_getfd>(2), B<pidfd_open>(2), B<seccomp>(2)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A further example program can be found in the kernel source file I<samples/" +"seccomp/user-trap.c>." +msgstr "" + +#. type: TH +#: debian-bookworm +#, no-wrap +msgid "2023-02-10" +msgstr "10 февраля 2023 г." + +#. type: TH +#: debian-bookworm +#, no-wrap +msgid "Linux man-pages 6.03" +msgstr "Linux man-pages 6.03" + +#. type: IP +#: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "+" +msgstr "+" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "int fd, removeFd;\n" +msgstr "int fd, removeFd;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"fd = openat(req-E<gt>data.args[0], path, req-E<gt>data.args[2],\n" +" req-E<gt>data.args[3]);\n" +msgstr "" +"fd = openat(req-E<gt>data.args[0], path, req-E<gt>data.args[2],\n" +" req-E<gt>data.args[3]);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"struct seccomp_notif_addfd addfd;\n" +"addfd.id = req-E<gt>id; /* Cookie from SECCOMP_IOCTL_NOTIF_RECV */\n" +"addfd.srcfd = fd;\n" +"addfd.newfd = 0;\n" +"addfd.flags = 0;\n" +"addfd.newfd_flags = O_CLOEXEC;\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "targetFd = ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);\n" +msgstr "targetFd = ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "close(fd); /* No longer needed in supervisor */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"struct seccomp_notif_resp *resp;\n" +" /* Code to allocate 'resp' omitted */\n" +"resp-E<gt>id = req-E<gt>id;\n" +"resp-E<gt>error = 0; /* \"Success\" */\n" +"resp-E<gt>val = targetFd;\n" +"resp-E<gt>flags = 0;\n" +"ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_SEND, resp);\n" +msgstr "" + +#. type: SS +#: debian-bookworm +#, no-wrap +msgid "Caveats regarding the use of /proc/[tid]/mem" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /tmp/x>\n" +"T: PID = 23168\n" +msgstr "" +"$ B<./seccomp_unotify /tmp/x>\n" +"T: PID = 23168\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: about to mkdir(\"/tmp/x\")\n" +" S: got notification (ID 0x17445c4a0f4e0e3c) for PID 23168\n" +" S: executing: mkdir(\"/tmp/x\", 0700)\n" +" S: success! spoofed return = 6\n" +" S: sending response (flags = 0; val = 6; error = 0)\n" +"T: SUCCESS: mkdir(2) returned 6\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: terminating\n" +" S: target has terminated; bye\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"$ B<./seccomp_unotify ./sub>\n" +"T: PID = 23204\n" +msgstr "" +"$ B<./seccomp_unotify ./sub>\n" +"T: PID = 23204\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: about to mkdir(\"./sub\")\n" +" S: got notification (ID 0xddb16abe25b4c12) for PID 23204\n" +" S: target can execute system call\n" +" S: sending response (flags = 0x1; val = 0; error = 0)\n" +"T: SUCCESS: mkdir(2) returned 0\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /xxx>\n" +"T: PID = 23178\n" +msgstr "" +"$ B<./seccomp_unotify /xxx>\n" +"T: PID = 23178\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: about to mkdir(\"/xxx\")\n" +" S: got notification (ID 0xe7dc095d1c524e80) for PID 23178\n" +" S: spoofing error response (Operation not supported)\n" +" S: sending response (flags = 0; val = 0; error = -95)\n" +"T: ERROR: mkdir(2): Operation not supported\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /tmp/nosuchdir/b>\n" +"T: PID = 23199\n" +msgstr "" +"$ B<./seccomp_unotify /tmp/nosuchdir/b>\n" +"T: PID = 23199\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: about to mkdir(\"/tmp/nosuchdir/b\")\n" +" S: got notification (ID 0x8744454293506046) for PID 23199\n" +" S: executing: mkdir(\"/tmp/nosuchdir/b\", 0700)\n" +" S: failure! (errno = 2; No such file or directory)\n" +" S: sending response (flags = 0; val = 0; error = -2)\n" +"T: ERROR: mkdir(2): No such file or directory\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"$ B<./seccomp_unotify /bye /tmp/y>\n" +"T: PID = 23185\n" +msgstr "" +"$ B<./seccomp_unotify /bye /tmp/y>\n" +"T: PID = 23185\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: about to mkdir(\"/bye\")\n" +" S: got notification (ID 0xa81236b1d2f7b0f4) for PID 23185\n" +" S: spoofing error response (Operation not supported)\n" +" S: sending response (flags = 0; val = 0; error = -95)\n" +" S: terminating **********\n" +"T: ERROR: mkdir(2): Operation not supported\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"T: about to mkdir(\"/tmp/y\")\n" +"T: ERROR: mkdir(2): Function not implemented\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "Termination signal" +msgid "T: terminating\n" +msgstr "Сигнал завершения" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"#define _GNU_SOURCE\n" +"#include E<lt>err.hE<gt>\n" +"#include E<lt>errno.hE<gt>\n" +"#include E<lt>fcntl.hE<gt>\n" +"#include E<lt>limits.hE<gt>\n" +"#include E<lt>linux/audit.hE<gt>\n" +"#include E<lt>linux/filter.hE<gt>\n" +"#include E<lt>linux/seccomp.hE<gt>\n" +"#include E<lt>signal.hE<gt>\n" +"#include E<lt>stdbool.hE<gt>\n" +"#include E<lt>stddef.hE<gt>\n" +"#include E<lt>stdint.hE<gt>\n" +"#include E<lt>stdio.hE<gt>\n" +"#include E<lt>stdlib.hE<gt>\n" +"#include E<lt>string.hE<gt>\n" +"#include E<lt>sys/ioctl.hE<gt>\n" +"#include E<lt>sys/prctl.hE<gt>\n" +"#include E<lt>sys/socket.hE<gt>\n" +"#include E<lt>sys/stat.hE<gt>\n" +"#include E<lt>sys/syscall.hE<gt>\n" +"#include E<lt>sys/types.hE<gt>\n" +"#include E<lt>sys/un.hE<gt>\n" +"#include E<lt>unistd.hE<gt>\n" +msgstr "" +"#define _GNU_SOURCE\n" +"#include E<lt>err.hE<gt>\n" +"#include E<lt>errno.hE<gt>\n" +"#include E<lt>fcntl.hE<gt>\n" +"#include E<lt>limits.hE<gt>\n" +"#include E<lt>linux/audit.hE<gt>\n" +"#include E<lt>linux/filter.hE<gt>\n" +"#include E<lt>linux/seccomp.hE<gt>\n" +"#include E<lt>signal.hE<gt>\n" +"#include E<lt>stdbool.hE<gt>\n" +"#include E<lt>stddef.hE<gt>\n" +"#include E<lt>stdint.hE<gt>\n" +"#include E<lt>stdio.hE<gt>\n" +"#include E<lt>stdlib.hE<gt>\n" +"#include E<lt>string.hE<gt>\n" +"#include E<lt>sys/ioctl.hE<gt>\n" +"#include E<lt>sys/prctl.hE<gt>\n" +"#include E<lt>sys/socket.hE<gt>\n" +"#include E<lt>sys/stat.hE<gt>\n" +"#include E<lt>sys/syscall.hE<gt>\n" +"#include E<lt>sys/types.hE<gt>\n" +"#include E<lt>sys/un.hE<gt>\n" +"#include E<lt>unistd.hE<gt>\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))\n" +msgstr "#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* Send the file descriptor \\[aq]fd\\[aq] over the connected UNIX domain socket\n" +" \\[aq]sockfd\\[aq]. Returns 0 on success, or -1 on error. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static int\n" +"sendfd(int sockfd, int fd)\n" +"{\n" +" int data;\n" +" struct iovec iov;\n" +" struct msghdr msgh;\n" +" struct cmsghdr *cmsgp;\n" +msgstr "" +"static int\n" +"sendfd(int sockfd, int fd)\n" +"{\n" +" int data;\n" +" struct iovec iov;\n" +" struct msghdr msgh;\n" +" struct cmsghdr *cmsgp;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Allocate a char array of suitable size to hold the ancillary data.\n" +" However, since this buffer is in reality a \\[aq]struct cmsghdr\\[aq], use a\n" +" union to ensure that it is suitably aligned. */\n" +" union {\n" +" char buf[CMSG_SPACE(sizeof(int))];\n" +" /* Space large enough to hold an \\[aq]int\\[aq] */\n" +" struct cmsghdr align;\n" +" } controlMsg;\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* The \\[aq]msg_name\\[aq] field can be used to specify the address of the\n" +" destination socket when sending a datagram. However, we do not\n" +" need to use this field because \\[aq]sockfd\\[aq] is a connected socket. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" msgh.msg_name = NULL;\n" +" msgh.msg_namelen = 0;\n" +msgstr "" +" msgh.msg_name = NULL;\n" +" msgh.msg_namelen = 0;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* On Linux, we must transmit at least one byte of real data in\n" +" order to send ancillary data. We transmit an arbitrary integer\n" +" whose value is ignored by recvfd(). */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" msgh.msg_iov = &iov;\n" +" msgh.msg_iovlen = 1;\n" +" iov.iov_base = &data;\n" +" iov.iov_len = sizeof(int);\n" +" data = 12345;\n" +msgstr "" +" msgh.msg_iov = &iov;\n" +" msgh.msg_iovlen = 1;\n" +" iov.iov_base = &data;\n" +" iov.iov_len = sizeof(int);\n" +" data = 12345;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Set \\[aq]msghdr\\[aq] fields that describe ancillary data */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" msgh.msg_control = controlMsg.buf;\n" +" msgh.msg_controllen = sizeof(controlMsg.buf);\n" +msgstr "" +" msgh.msg_control = controlMsg.buf;\n" +" msgh.msg_controllen = sizeof(controlMsg.buf);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Set up ancillary data describing file descriptor to send */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" cmsgp = CMSG_FIRSTHDR(&msgh);\n" +" cmsgp-E<gt>cmsg_level = SOL_SOCKET;\n" +" cmsgp-E<gt>cmsg_type = SCM_RIGHTS;\n" +" cmsgp-E<gt>cmsg_len = CMSG_LEN(sizeof(int));\n" +" memcpy(CMSG_DATA(cmsgp), &fd, sizeof(int));\n" +msgstr "" +" cmsgp = CMSG_FIRSTHDR(&msgh);\n" +" cmsgp-E<gt>cmsg_level = SOL_SOCKET;\n" +" cmsgp-E<gt>cmsg_type = SCM_RIGHTS;\n" +" cmsgp-E<gt>cmsg_len = CMSG_LEN(sizeof(int));\n" +" memcpy(CMSG_DATA(cmsgp), &fd, sizeof(int));\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Send real plus ancillary data */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (sendmsg(sockfd, &msgh, 0) == -1)\n" +" return -1;\n" +msgstr "" +" if (sendmsg(sockfd, &msgh, 0) == -1)\n" +" return -1;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" return 0;\n" +"}\n" +msgstr "" +" return 0;\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* Receive a file descriptor on a connected UNIX domain socket. Returns\n" +" the received file descriptor on success, or -1 on error. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static int\n" +"recvfd(int sockfd)\n" +"{\n" +" int data, fd;\n" +" ssize_t nr;\n" +" struct iovec iov;\n" +" struct msghdr msgh;\n" +msgstr "" +"static int\n" +"recvfd(int sockfd)\n" +"{\n" +" int data, fd;\n" +" ssize_t nr;\n" +" struct iovec iov;\n" +" struct msghdr msgh;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Allocate a char buffer for the ancillary data. See the comments\n" +" in sendfd() */\n" +" union {\n" +" char buf[CMSG_SPACE(sizeof(int))];\n" +" struct cmsghdr align;\n" +" } controlMsg;\n" +" struct cmsghdr *cmsgp;\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* The \\[aq]msg_name\\[aq] field can be used to obtain the address of the\n" +" sending socket. However, we do not need this information. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Specify buffer for receiving real data */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "" +#| " msgh.msg_iov = &iov;\n" +#| " msgh.msg_iovlen = 1;\n" +#| " iov.iov_base = &data;\n" +#| " iov.iov_len = sizeof(int);\n" +#| " data = 12345;\n" +msgid "" +" msgh.msg_iov = &iov;\n" +" msgh.msg_iovlen = 1;\n" +" iov.iov_base = &data; /* Real data is an \\[aq]int\\[aq] */\n" +" iov.iov_len = sizeof(int);\n" +msgstr "" +" msgh.msg_iov = &iov;\n" +" msgh.msg_iovlen = 1;\n" +" iov.iov_base = &data;\n" +" iov.iov_len = sizeof(int);\n" +" data = 12345;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Receive real plus ancillary data; real data is ignored */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" nr = recvmsg(sockfd, &msgh, 0);\n" +" if (nr == -1)\n" +" return -1;\n" +msgstr "" +" nr = recvmsg(sockfd, &msgh, 0);\n" +" if (nr == -1)\n" +" return -1;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " cmsgp = CMSG_FIRSTHDR(&msgh);\n" +msgstr " cmsgp = CMSG_FIRSTHDR(&msgh);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Check the validity of the \\[aq]cmsghdr\\[aq] */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (cmsgp == NULL\n" +" || cmsgp-E<gt>cmsg_len != CMSG_LEN(sizeof(int))\n" +" || cmsgp-E<gt>cmsg_level != SOL_SOCKET\n" +" || cmsgp-E<gt>cmsg_type != SCM_RIGHTS)\n" +" {\n" +" errno = EINVAL;\n" +" return -1;\n" +" }\n" +msgstr "" +" if (cmsgp == NULL\n" +" || cmsgp-E<gt>cmsg_len != CMSG_LEN(sizeof(int))\n" +" || cmsgp-E<gt>cmsg_level != SOL_SOCKET\n" +" || cmsgp-E<gt>cmsg_type != SCM_RIGHTS)\n" +" {\n" +" errno = EINVAL;\n" +" return -1;\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Return the received file descriptor to our caller */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" memcpy(&fd, CMSG_DATA(cmsgp), sizeof(int));\n" +" return fd;\n" +"}\n" +msgstr "" +" memcpy(&fd, CMSG_DATA(cmsgp), sizeof(int));\n" +" return fd;\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static void\n" +"sigchldHandler(int sig)\n" +"{\n" +" char msg[] = \"\\etS: target has terminated; bye\\en\";\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" write(STDOUT_FILENO, msg, sizeof(msg) - 1);\n" +" _exit(EXIT_SUCCESS);\n" +"}\n" +msgstr "" +" write(STDOUT_FILENO, msg, sizeof(msg) - 1);\n" +" _exit(EXIT_SUCCESS);\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static int\n" +"seccomp(unsigned int operation, unsigned int flags, void *args)\n" +"{\n" +" return syscall(SYS_seccomp, operation, flags, args);\n" +"}\n" +msgstr "" +"static int\n" +"seccomp(unsigned int operation, unsigned int flags, void *args)\n" +"{\n" +" return syscall(SYS_seccomp, operation, flags, args);\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* The following is the x86-64-specific BPF boilerplate code for checking\n" +" that the BPF program is running on the right architecture + ABI. At\n" +" completion of these instructions, the accumulator contains the system\n" +" call number. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "/* For the x32 ABI, all system call numbers have bit 30 set */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "#define X32_SYSCALL_BIT 0x40000000\n" +msgstr "#define X32_SYSCALL_BIT 0x40000000\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"#define X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR \\e\n" +" BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \\e\n" +" (offsetof(struct seccomp_data, arch))), \\e\n" +" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_X86_64, 0, 2), \\e\n" +" BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \\e\n" +" (offsetof(struct seccomp_data, nr))), \\e\n" +" BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, X32_SYSCALL_BIT, 0, 1), \\e\n" +" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)\n" +msgstr "" +"#define X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR \\e\n" +" BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \\e\n" +" (offsetof(struct seccomp_data, arch))), \\e\n" +" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_X86_64, 0, 2), \\e\n" +" BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \\e\n" +" (offsetof(struct seccomp_data, nr))), \\e\n" +" BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, X32_SYSCALL_BIT, 0, 1), \\e\n" +" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* installNotifyFilter() installs a seccomp filter that generates\n" +" user-space notifications (SECCOMP_RET_USER_NOTIF) when the process\n" +" calls mkdir(2); the filter allows all other system calls.\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" The function return value is a file descriptor from which the\n" +" user-space notifications can be fetched. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static int\n" +"installNotifyFilter(void)\n" +"{\n" +" int notifyFd;\n" +msgstr "" +"static int\n" +"installNotifyFilter(void)\n" +"{\n" +" int notifyFd;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" struct sock_filter filter[] = {\n" +" X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR,\n" +msgstr "" +" struct sock_filter filter[] = {\n" +" X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR,\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* mkdir() triggers notification to user-space supervisor */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SYS_mkdir, 0, 1),\n" +" BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_USER_NOTIF),\n" +msgstr "" +" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SYS_mkdir, 0, 1),\n" +" BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_USER_NOTIF),\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Every other system call is allowed */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),\n" +" };\n" +msgstr "" +" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),\n" +" };\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" struct sock_fprog prog = {\n" +" .len = ARRAY_SIZE(filter),\n" +" .filter = filter,\n" +" };\n" +msgstr "" +" struct sock_fprog prog = {\n" +" .len = ARRAY_SIZE(filter),\n" +" .filter = filter,\n" +" };\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Install the filter with the SECCOMP_FILTER_FLAG_NEW_LISTENER flag;\n" +" as a result, seccomp() returns a notification file descriptor. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" notifyFd = seccomp(SECCOMP_SET_MODE_FILTER,\n" +" SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog);\n" +" if (notifyFd == -1)\n" +" err(EXIT_FAILURE, \"seccomp-install-notify-filter\");\n" +msgstr "" +" notifyFd = seccomp(SECCOMP_SET_MODE_FILTER,\n" +" SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog);\n" +" if (notifyFd == -1)\n" +" err(EXIT_FAILURE, \"seccomp-install-notify-filter\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" return notifyFd;\n" +"}\n" +msgstr "" +" return notifyFd;\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "/* Close a pair of sockets created by socketpair() */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static void\n" +"closeSocketPair(int sockPair[2])\n" +"{\n" +" if (close(sockPair[0]) == -1)\n" +" err(EXIT_FAILURE, \"closeSocketPair-close-0\");\n" +" if (close(sockPair[1]) == -1)\n" +" err(EXIT_FAILURE, \"closeSocketPair-close-1\");\n" +"}\n" +msgstr "" +"static void\n" +"closeSocketPair(int sockPair[2])\n" +"{\n" +" if (close(sockPair[0]) == -1)\n" +" err(EXIT_FAILURE, \"closeSocketPair-close-0\");\n" +" if (close(sockPair[1]) == -1)\n" +" err(EXIT_FAILURE, \"closeSocketPair-close-1\");\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "/* Implementation of the target process; create a child process that:\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" (1) installs a seccomp filter with the\n" +" SECCOMP_FILTER_FLAG_NEW_LISTENER flag;\n" +" (2) writes the seccomp notification file descriptor returned from\n" +" the previous step onto the UNIX domain socket, \\[aq]sockPair[0]\\[aq];\n" +" (3) calls mkdir(2) for each element of \\[aq]argv\\[aq].\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" The function return value in the parent is the PID of the child\n" +" process; the child does not return from this function. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static pid_t\n" +"targetProcess(int sockPair[2], char *argv[])\n" +"{\n" +" int notifyFd, s;\n" +" pid_t targetPid;\n" +msgstr "" +"static pid_t\n" +"targetProcess(int sockPair[2], char *argv[])\n" +"{\n" +" int notifyFd, s;\n" +" pid_t targetPid;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " targetPid = fork();\n" +msgstr " targetPid = fork();\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (targetPid == -1)\n" +" err(EXIT_FAILURE, \"fork\");\n" +msgstr "" +" if (targetPid == -1)\n" +" err(EXIT_FAILURE, \"fork\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (targetPid E<gt> 0) /* In parent, return PID of child */\n" +" return targetPid;\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid " /* Parent falls through to here */\n" +msgid " /* Child falls through to here */\n" +msgstr " /* предок попадает сюда */\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " printf(\"T: PID = %ld\\en\", (long) getpid());\n" +msgstr " printf(\"T: PID = %ld\\en\", (long) getpid());\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid " /* Console input */\n" +msgid " /* Install seccomp filter(s) */\n" +msgstr " /* ввод с консоли */\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))\n" +" err(EXIT_FAILURE, \"prctl\");\n" +msgstr "" +" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))\n" +" err(EXIT_FAILURE, \"prctl\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " notifyFd = installNotifyFilter();\n" +msgstr " notifyFd = installNotifyFilter();\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Pass the notification file descriptor to the tracing process over\n" +" a UNIX domain socket */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (sendfd(sockPair[0], notifyFd) == -1)\n" +" err(EXIT_FAILURE, \"sendfd\");\n" +msgstr "" +" if (sendfd(sockPair[0], notifyFd) == -1)\n" +" err(EXIT_FAILURE, \"sendfd\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Notification and socket FDs are no longer needed in target */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (close(notifyFd) == -1)\n" +" err(EXIT_FAILURE, \"close-target-notify-fd\");\n" +msgstr "" +" if (close(notifyFd) == -1)\n" +" err(EXIT_FAILURE, \"close-target-notify-fd\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " closeSocketPair(sockPair);\n" +msgstr " closeSocketPair(sockPair);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Perform a mkdir() call for each of the command-line arguments */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" for (char **ap = argv; *ap != NULL; ap++) {\n" +" printf(\"\\enT: about to mkdir(\\e\"%s\\e\")\\en\", *ap);\n" +msgstr "" +" for (char **ap = argv; *ap != NULL; ap++) {\n" +" printf(\"\\enT: about to mkdir(\\e\"%s\\e\")\\en\", *ap);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "" +#| " s = read(sockfd, buf, BUF_LEN);\n" +#| " if (s == -1)\n" +#| " perror(\"read\");\n" +#| " if (s E<lt>= 0)\n" +#| " break;\n" +#| " }\n" +msgid "" +" s = mkdir(*ap, 0700);\n" +" if (s == -1)\n" +" perror(\"T: ERROR: mkdir(2)\");\n" +" else\n" +" printf(\"T: SUCCESS: mkdir(2) returned %d\\en\", s);\n" +" }\n" +msgstr "" +" s = read(sockfd, buf, BUF_LEN);\n" +" if (s == -1)\n" +" perror(\"read\");\n" +" if (s E<lt>= 0)\n" +" break;\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" printf(\"\\enT: terminating\\en\");\n" +" exit(EXIT_SUCCESS);\n" +"}\n" +msgstr "" +" printf(\"\\enT: terminating\\en\");\n" +" exit(EXIT_SUCCESS);\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* Check that the notification ID provided by a SECCOMP_IOCTL_NOTIF_RECV\n" +" operation is still valid. It will no longer be valid if the target\n" +" process has terminated or is no longer blocked in the system call that\n" +" generated the notification (because it was interrupted by a signal).\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" This operation can be used when doing such things as accessing\n" +" /proc/PID files in the target process in order to avoid TOCTOU race\n" +" conditions where the PID that is returned by SECCOMP_IOCTL_NOTIF_RECV\n" +" terminates and is reused by another process. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static bool\n" +"cookieIsValid(int notifyFd, uint64_t id)\n" +"{\n" +" return ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ID_VALID, &id) == 0;\n" +"}\n" +msgstr "" +"static bool\n" +"cookieIsValid(int notifyFd, uint64_t id)\n" +"{\n" +" return ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ID_VALID, &id) == 0;\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* Access the memory of the target process in order to fetch the\n" +" pathname referred to by the system call argument \\[aq]argNum\\[aq] in\n" +" \\[aq]req-E<gt>data.args[]\\[aq]. The pathname is returned in \\[aq]path\\[aq],\n" +" a buffer of \\[aq]len\\[aq] bytes allocated by the caller.\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" Returns true if the pathname is successfully fetched, and false\n" +" otherwise. For possible causes of failure, see the comments below. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static bool\n" +"getTargetPathname(struct seccomp_notif *req, int notifyFd,\n" +" int argNum, char *path, size_t len)\n" +"{\n" +" int procMemFd;\n" +" char procMemPath[PATH_MAX];\n" +" ssize_t nread;\n" +msgstr "" +"static bool\n" +"getTargetPathname(struct seccomp_notif *req, int notifyFd,\n" +" int argNum, char *path, size_t len)\n" +"{\n" +" int procMemFd;\n" +" char procMemPath[PATH_MAX];\n" +" ssize_t nread;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " snprintf(procMemPath, sizeof(procMemPath), \"/proc/%d/mem\", req-E<gt>pid);\n" +msgstr " snprintf(procMemPath, sizeof(procMemPath), \"/proc/%d/mem\", req-E<gt>pid);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" procMemFd = open(procMemPath, O_RDONLY | O_CLOEXEC);\n" +" if (procMemFd == -1)\n" +" return false;\n" +msgstr "" +" procMemFd = open(procMemPath, O_RDONLY | O_CLOEXEC);\n" +" if (procMemFd == -1)\n" +" return false;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Check that the process whose info we are accessing is still alive\n" +" and blocked in the system call that caused the notification.\n" +" If the SECCOMP_IOCTL_NOTIF_ID_VALID operation (performed in\n" +" cookieIsValid()) succeeded, we know that the /proc/PID/mem file\n" +" descriptor that we opened corresponded to the process for which we\n" +" received a notification. If that process subsequently terminates,\n" +" then read() on that file descriptor will return 0 (EOF). */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (!cookieIsValid(notifyFd, req-E<gt>id)) {\n" +" close(procMemFd);\n" +" return false;\n" +" }\n" +msgstr "" +" if (!cookieIsValid(notifyFd, req-E<gt>id)) {\n" +" close(procMemFd);\n" +" return false;\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Read bytes at the location containing the pathname argument */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " nread = pread(procMemFd, path, len, req-E<gt>data.args[argNum]);\n" +msgstr " nread = pread(procMemFd, path, len, req-E<gt>data.args[argNum]);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " close(procMemFd);\n" +msgstr " close(procMemFd);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (nread E<lt>= 0)\n" +" return false;\n" +msgstr "" +" if (nread E<lt>= 0)\n" +" return false;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Once again check that the notification ID is still valid. The\n" +" case we are particularly concerned about here is that just\n" +" before we fetched the pathname, the target\\[aq]s blocked system\n" +" call was interrupted by a signal handler, and after the handler\n" +" returned, the target carried on execution (past the interrupted\n" +" system call). In that case, we have no guarantees about what we\n" +" are reading, since the target\\[aq]s memory may have been arbitrarily\n" +" changed by subsequent operations. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "" +#| " if (fd E<lt> 0) {\n" +#| " perror(\"socket\");\n" +#| " return 1;\n" +#| " }\n" +msgid "" +" if (!cookieIsValid(notifyFd, req-E<gt>id)) {\n" +" perror(\"\\etS: notification ID check failed!!!\");\n" +" return false;\n" +" }\n" +msgstr "" +" if (fd E<lt> 0) {\n" +" perror(\"socket\");\n" +" return 1;\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Even if the target\\[aq]s system call was not interrupted by a signal,\n" +" we have no guarantees about what was in the memory of the target\n" +" process. (The memory may have been modified by another thread, or\n" +" even by an external attacking process.) We therefore treat the\n" +" buffer returned by pread() as untrusted input. The buffer should\n" +" contain a terminating null byte; if not, then we will trigger an\n" +" error for the target process. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (strnlen(path, nread) E<lt> nread)\n" +" return true;\n" +msgstr "" +" if (strnlen(path, nread) E<lt> nread)\n" +" return true;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" return false;\n" +"}\n" +msgstr "" +" return false;\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* Allocate buffers for the seccomp user-space notification request and\n" +" response structures. It is the caller\\[aq]s responsibility to free the\n" +" buffers returned via \\[aq]req\\[aq] and \\[aq]resp\\[aq]. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static void\n" +"allocSeccompNotifBuffers(struct seccomp_notif **req,\n" +" struct seccomp_notif_resp **resp,\n" +" struct seccomp_notif_sizes *sizes)\n" +"{\n" +" size_t resp_size;\n" +msgstr "" +"static void\n" +"allocSeccompNotifBuffers(struct seccomp_notif **req,\n" +" struct seccomp_notif_resp **resp,\n" +" struct seccomp_notif_sizes *sizes)\n" +"{\n" +" size_t resp_size;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Discover the sizes of the structures that are used to receive\n" +" notifications and send notification responses, and allocate\n" +" buffers of those sizes. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, sizes) == -1)\n" +" err(EXIT_FAILURE, \"seccomp-SECCOMP_GET_NOTIF_SIZES\");\n" +msgstr "" +" if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, sizes) == -1)\n" +" err(EXIT_FAILURE, \"seccomp-SECCOMP_GET_NOTIF_SIZES\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" *req = malloc(sizes-E<gt>seccomp_notif);\n" +" if (*req == NULL)\n" +" err(EXIT_FAILURE, \"malloc-seccomp_notif\");\n" +msgstr "" +" *req = malloc(sizes-E<gt>seccomp_notif);\n" +" if (*req == NULL)\n" +" err(EXIT_FAILURE, \"malloc-seccomp_notif\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* When allocating the response buffer, we must allow for the fact\n" +" that the user-space binary may have been built with user-space\n" +" headers where \\[aq]struct seccomp_notif_resp\\[aq] is bigger than the\n" +" response buffer expected by the (older) kernel. Therefore, we\n" +" allocate a buffer that is the maximum of the two sizes. This\n" +" ensures that if the supervisor places bytes into the response\n" +" structure that are past the response size that the kernel expects,\n" +" then the supervisor is not touching an invalid memory location. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" resp_size = sizes-E<gt>seccomp_notif_resp;\n" +" if (sizeof(struct seccomp_notif_resp) E<gt> resp_size)\n" +" resp_size = sizeof(struct seccomp_notif_resp);\n" +msgstr "" +" resp_size = sizes-E<gt>seccomp_notif_resp;\n" +" if (sizeof(struct seccomp_notif_resp) E<gt> resp_size)\n" +" resp_size = sizeof(struct seccomp_notif_resp);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "" +#| " *resp = malloc(resp_size);\n" +#| " if (resp == NULL)\n" +#| " err(EXIT_FAILURE, \"malloc-seccomp_notif_resp\");\n" +msgid "" +" *resp = malloc(resp_size);\n" +" if (*resp == NULL)\n" +" err(EXIT_FAILURE, \"malloc-seccomp_notif_resp\");\n" +msgstr "" +" *resp = malloc(resp_size);\n" +" if (resp == NULL)\n" +" err(EXIT_FAILURE, \"malloc-seccomp_notif_resp\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "}\n" +msgstr "}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"/* Handle notifications that arrive via the SECCOMP_RET_USER_NOTIF file\n" +" descriptor, \\[aq]notifyFd\\[aq]. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static void\n" +"handleNotifications(int notifyFd)\n" +"{\n" +" bool pathOK;\n" +" char path[PATH_MAX];\n" +" struct seccomp_notif *req;\n" +" struct seccomp_notif_resp *resp;\n" +" struct seccomp_notif_sizes sizes;\n" +msgstr "" +"static void\n" +"handleNotifications(int notifyFd)\n" +"{\n" +" bool pathOK;\n" +" char path[PATH_MAX];\n" +" struct seccomp_notif *req;\n" +" struct seccomp_notif_resp *resp;\n" +" struct seccomp_notif_sizes sizes;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " allocSeccompNotifBuffers(&req, &resp, &sizes);\n" +msgstr " allocSeccompNotifBuffers(&req, &resp, &sizes);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Loop handling notifications */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " for (;;) {\n" +msgstr " for (;;) {\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " /* Wait for next notification, returning info in \\[aq]*req\\[aq] */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" memset(req, 0, sizes.seccomp_notif);\n" +" if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_RECV, req) == -1) {\n" +" if (errno == EINTR)\n" +" continue;\n" +" err(EXIT_FAILURE, \"\\etS: ioctl-SECCOMP_IOCTL_NOTIF_RECV\");\n" +" }\n" +msgstr "" +" memset(req, 0, sizes.seccomp_notif);\n" +" if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_RECV, req) == -1) {\n" +" if (errno == EINTR)\n" +" continue;\n" +" err(EXIT_FAILURE, \"\\etS: ioctl-SECCOMP_IOCTL_NOTIF_RECV\");\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" printf(\"\\etS: got notification (ID %#llx) for PID %d\\en\",\n" +" req-E<gt>id, req-E<gt>pid);\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* The only system call that can generate a notification event\n" +" is mkdir(2). Nevertheless, we check that the notified system\n" +" call is indeed mkdir() as kind of future-proofing of this\n" +" code in case the seccomp filter is later modified to\n" +" generate notifications for other system calls. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (req-E<gt>data.nr != SYS_mkdir) {\n" +" printf(\"\\etS: notification contained unexpected \"\n" +" \"system call number; bye!!!\\en\");\n" +" exit(EXIT_FAILURE);\n" +" }\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " pathOK = getTargetPathname(req, notifyFd, 0, path, sizeof(path));\n" +msgstr " pathOK = getTargetPathname(req, notifyFd, 0, path, sizeof(path));\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid " /* Read some events. */\n" +msgid " /* Prepopulate some fields of the response */\n" +msgstr " /* читаем несколько событий */\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" resp-E<gt>id = req-E<gt>id; /* Response includes notification ID */\n" +" resp-E<gt>flags = 0;\n" +" resp-E<gt>val = 0;\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* If getTargetPathname() failed, trigger an EINVAL error\n" +" response (sending this response may yield an error if the\n" +" failure occurred because the notification ID was no longer\n" +" valid); if the directory is in /tmp, then create it on behalf\n" +" of the supervisor; if the pathname starts with \\[aq].\\[aq], tell the\n" +" kernel to let the target process execute the mkdir();\n" +" otherwise, give an error for a directory pathname in any other\n" +" location. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (!pathOK) {\n" +" resp-E<gt>error = -EINVAL;\n" +" printf(\"\\etS: spoofing error for invalid pathname (%s)\\en\",\n" +" strerror(-resp-E<gt>error));\n" +" } else if (strncmp(path, \"/tmp/\", strlen(\"/tmp/\")) == 0) {\n" +" printf(\"\\etS: executing: mkdir(\\e\"%s\\e\", %#llo)\\en\",\n" +" path, req-E<gt>data.args[1]);\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (mkdir(path, req-E<gt>data.args[1]) == 0) {\n" +" resp-E<gt>error = 0; /* \"Success\" */\n" +" resp-E<gt>val = strlen(path); /* Used as return value of\n" +" mkdir() in target */\n" +" printf(\"\\etS: success! spoofed return = %lld\\en\",\n" +" resp-E<gt>val);\n" +" } else {\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* If mkdir() failed in the supervisor, pass the error\n" +" back to the target */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" resp-E<gt>error = -errno;\n" +" printf(\"\\etS: failure! (errno = %d; %s)\\en\", errno,\n" +" strerror(errno));\n" +" }\n" +" } else if (strncmp(path, \"./\", strlen(\"./\")) == 0) {\n" +" resp-E<gt>error = resp-E<gt>val = 0;\n" +" resp-E<gt>flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;\n" +" printf(\"\\etS: target can execute system call\\en\");\n" +" } else {\n" +" resp-E<gt>error = -EOPNOTSUPP;\n" +" printf(\"\\etS: spoofing error response (%s)\\en\",\n" +" strerror(-resp-E<gt>error));\n" +" }\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid " /* Read some events. */\n" +msgid " /* Send a response to the notification */\n" +msgstr " /* читаем несколько событий */\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" printf(\"\\etS: sending response \"\n" +" \"(flags = %#x; val = %lld; error = %d)\\en\",\n" +" resp-E<gt>flags, resp-E<gt>val, resp-E<gt>error);\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_SEND, resp) == -1) {\n" +" if (errno == ENOENT)\n" +" printf(\"\\etS: response failed with ENOENT; \"\n" +" \"perhaps target process\\[aq]s syscall was \"\n" +" \"interrupted by a signal?\\en\");\n" +" else\n" +" perror(\"ioctl-SECCOMP_IOCTL_NOTIF_SEND\");\n" +" }\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* If the pathname is just \"/bye\", then the supervisor breaks out\n" +" of the loop and terminates. This allows us to see what happens\n" +" if the target process makes further calls to mkdir(2). */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (strcmp(path, \"/bye\") == 0)\n" +" break;\n" +" }\n" +msgstr "" +" if (strcmp(path, \"/bye\") == 0)\n" +" break;\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" free(req);\n" +" free(resp);\n" +" printf(\"\\etS: terminating **********\\en\");\n" +" exit(EXIT_FAILURE);\n" +"}\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "/* Implementation of the supervisor process:\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" (1) obtains the notification file descriptor from \\[aq]sockPair[1]\\[aq]\n" +" (2) handles notifications that arrive on that file descriptor. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"static void\n" +"supervisor(int sockPair[2])\n" +"{\n" +" int notifyFd;\n" +msgstr "" +"static void\n" +"supervisor(int sockPair[2])\n" +"{\n" +" int notifyFd;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " notifyFd = recvfd(sockPair[1]);\n" +msgstr " notifyFd = recvfd(sockPair[1]);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (notifyFd == -1)\n" +" err(EXIT_FAILURE, \"recvfd\");\n" +msgstr "" +" if (notifyFd == -1)\n" +" err(EXIT_FAILURE, \"recvfd\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " closeSocketPair(sockPair); /* We no longer need the socket pair */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" handleNotifications(notifyFd);\n" +"}\n" +msgstr "" +" handleNotifications(notifyFd);\n" +"}\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"int\n" +"main(int argc, char *argv[])\n" +"{\n" +" int sockPair[2];\n" +" struct sigaction sa;\n" +msgstr "" +"int\n" +"main(int argc, char *argv[])\n" +"{\n" +" int sockPair[2];\n" +" struct sigaction sa;\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " setbuf(stdout, NULL);\n" +msgstr " setbuf(stdout, NULL);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "" +#| " if (argc E<lt> 2) {\n" +#| " fprintf(stderr, \"Usage: %s str [base]\\en\", argv[0]);\n" +#| " exit(EXIT_FAILURE);\n" +#| " }\n" +msgid "" +" if (argc E<lt> 2) {\n" +" fprintf(stderr, \"At least one pathname argument is required\\en\");\n" +" exit(EXIT_FAILURE);\n" +" }\n" +msgstr "" +" if (argc E<lt> 2) {\n" +" fprintf(stderr, \"Использование: %s строка [система_счисления]\\en\", argv[0]);\n" +" exit(EXIT_FAILURE);\n" +" }\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Create a UNIX domain socket that is used to pass the seccomp\n" +" notification file descriptor from the target process to the\n" +" supervisor process. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockPair) == -1)\n" +" err(EXIT_FAILURE, \"socketpair\");\n" +msgstr "" +" if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockPair) == -1)\n" +" err(EXIT_FAILURE, \"socketpair\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Create a child process--the \"target\"--that installs seccomp\n" +" filtering. The target process writes the seccomp notification\n" +" file descriptor onto \\[aq]sockPair[0]\\[aq] and then calls mkdir(2) for\n" +" each directory in the command-line arguments. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " (void) targetProcess(sockPair, &argv[optind]);\n" +msgstr " (void) targetProcess(sockPair, &argv[optind]);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" /* Catch SIGCHLD when the target terminates, so that the\n" +" supervisor can also terminate. */\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" sa.sa_handler = sigchldHandler;\n" +" sa.sa_flags = 0;\n" +" sigemptyset(&sa.sa_mask);\n" +" if (sigaction(SIGCHLD, &sa, NULL) == -1)\n" +" err(EXIT_FAILURE, \"sigaction\");\n" +msgstr "" +" sa.sa_handler = sigchldHandler;\n" +" sa.sa_flags = 0;\n" +" sigemptyset(&sa.sa_mask);\n" +" if (sigaction(SIGCHLD, &sa, NULL) == -1)\n" +" err(EXIT_FAILURE, \"sigaction\");\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid " supervisor(sockPair);\n" +msgstr " supervisor(sockPair);\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" exit(EXIT_SUCCESS);\n" +"}\n" +msgstr "" +" exit(EXIT_SUCCESS);\n" +"}\n" + +#. type: TH +#: debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "2023-05-03" +msgstr "3 мая 2023 г." + +#. type: TH +#: debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Linux man-pages 6.05.01" +msgstr "Linux man-pages 6.05.01" + +#. type: TH +#: opensuse-leap-15-6 +#, no-wrap +msgid "2023-04-03" +msgstr "3 апреля 2023 г." + +#. type: TH +#: opensuse-leap-15-6 +#, no-wrap +msgid "Linux man-pages 6.04" +msgstr "Linux man-pages 6.04" |