1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
From f2aa0359bcc776239bda8a4eb84957b97ef55c35 Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Fri, 28 Jan 2022 14:44:56 -0800
Subject: [PATCH] Define ActKillThread equal to ActKill
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
These constants are equal in libseccomp but Go definitions
were defined separately. This resulted in dead code that
never executed due to identical case statements in switch.
Go can usually detect these error cases and refuses to build
but for some reason this detection doesn’t work with cgo+gcc.
Clang detects the equal constants correctly and therefore
libseccomp-golang builds with clang broke after ActKillThread
was added.
In order to fix the clang build only removal of the
switch case is needed. But I assumed that the setter/getter
logic is supposed to work for ActKillThread as well
and only way to ensure that is to set them equal like they
are in C.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Upstream-status: Backport [https://github.com/seccomp/libseccomp-golang/commit/c35397d0ea8f285a0be78693bb2fd37b06952453]
---
seccomp.go | 8 ++++----
seccomp_internal.go | 4 ----
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/seccomp.go b/seccomp.go
index e9b92e2..32f6ab2 100644
--- a/seccomp.go
+++ b/seccomp.go
@@ -214,14 +214,14 @@ const (
// This action is only usable when libseccomp API level 3 or higher is
// supported.
ActLog ScmpAction = iota
- // ActKillThread kills the thread that violated the rule. It is the same as ActKill.
- // All other threads from the same thread group will continue to execute.
- ActKillThread ScmpAction = iota
// ActKillProcess kills the process that violated the rule.
// All threads in the thread group are also terminated.
// This action is only usable when libseccomp API level 3 or higher is
// supported.
ActKillProcess ScmpAction = iota
+ // ActKillThread kills the thread that violated the rule. It is the same as ActKill.
+ // All other threads from the same thread group will continue to execute.
+ ActKillThread = ActKill
)
const (
@@ -394,7 +394,7 @@ func (a ScmpCompareOp) String() string {
// String returns a string representation of a seccomp match action
func (a ScmpAction) String() string {
switch a & 0xFFFF {
- case ActKill, ActKillThread:
+ case ActKillThread:
return "Action: Kill thread"
case ActKillProcess:
return "Action: Kill process"
diff --git a/seccomp_internal.go b/seccomp_internal.go
index 8dc7b29..8fc9914 100644
--- a/seccomp_internal.go
+++ b/seccomp_internal.go
@@ -612,8 +612,6 @@ func (a ScmpCompareOp) toNative() C.int {
func actionFromNative(a C.uint32_t) (ScmpAction, error) {
aTmp := a & 0xFFFF
switch a & 0xFFFF0000 {
- case C.C_ACT_KILL:
- return ActKill, nil
case C.C_ACT_KILL_PROCESS:
return ActKillProcess, nil
case C.C_ACT_KILL_THREAD:
@@ -638,8 +636,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) {
// Only use with sanitized actions, no error handling
func (a ScmpAction) toNative() C.uint32_t {
switch a & 0xFFFF {
- case ActKill:
- return C.C_ACT_KILL
case ActKillProcess:
return C.C_ACT_KILL_PROCESS
case ActKillThread:
--
2.25.1
|
