commit c6c253305a9975a7ebcbe0dbf0531b5e758a389a
parent 0314521658f1e55cd2cdef8261d4ec525c886d1b
Author: Joris Vink <joris@coders.se>
Date: Thu, 26 Sep 2019 07:52:31 +0000
swap sockets to use send/recv and update seccomp.
Diffstat:
4 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/keymgr.c b/src/keymgr.c
@@ -60,6 +60,7 @@ static struct sock_filter filter_keymgr[] = {
/* Required to deal with private keys and certs. */
KORE_SYSCALL_ALLOW(open),
KORE_SYSCALL_ALLOW(read),
+ KORE_SYSCALL_ALLOW(write),
KORE_SYSCALL_ALLOW(close),
KORE_SYSCALL_ALLOW(fstat),
KORE_SYSCALL_ALLOW(futex),
@@ -67,8 +68,8 @@ static struct sock_filter filter_keymgr[] = {
/* Net related. */
KORE_SYSCALL_ALLOW(poll),
- KORE_SYSCALL_ALLOW(read),
- KORE_SYSCALL_ALLOW(write),
+ KORE_SYSCALL_ALLOW(sendto),
+ KORE_SYSCALL_ALLOW(recvfrom),
KORE_SYSCALL_ALLOW(epoll_wait),
/* Process things. */
diff --git a/src/net.c b/src/net.c
@@ -424,7 +424,7 @@ net_write(struct connection *c, size_t len, size_t *written)
{
ssize_t r;
- r = write(c->fd, (c->snb->buf + c->snb->s_off), len);
+ r = send(c->fd, (c->snb->buf + c->snb->s_off), len, 0);
if (r == -1) {
switch (errno) {
case EINTR:
@@ -449,8 +449,8 @@ net_read(struct connection *c, size_t *bytes)
{
ssize_t r;
- r = read(c->fd, (c->rnb->buf + c->rnb->s_off),
- (c->rnb->b_len - c->rnb->s_off));
+ r = recv(c->fd, (c->rnb->buf + c->rnb->s_off),
+ (c->rnb->b_len - c->rnb->s_off), 0);
if (r == -1) {
switch (errno) {
case EINTR:
diff --git a/src/seccomp.c b/src/seccomp.c
@@ -76,8 +76,10 @@ static struct sock_filter filter_kore[] = {
/* Net related. */
KORE_SYSCALL_ALLOW(poll),
+ KORE_SYSCALL_ALLOW(sendto),
KORE_SYSCALL_ALLOW(accept),
KORE_SYSCALL_ALLOW(sendfile),
+ KORE_SYSCALL_ALLOW(recvfrom),
KORE_SYSCALL_ALLOW(epoll_ctl),
KORE_SYSCALL_ALLOW(setsockopt),
KORE_SYSCALL_ALLOW(epoll_wait),
diff --git a/src/tasks.c b/src/tasks.c
@@ -279,7 +279,7 @@ task_channel_write(int fd, void *data, u_int32_t len)
d = data;
offset = 0;
while (offset != len) {
- r = write(fd, d + offset, len - offset);
+ r = send(fd, d + offset, len - offset, 0);
if (r == -1 && errno == EINTR)
continue;
if (r == -1)
