On May 14, 2014, at 10:49, Philip Guenther <guent...@gmail.com> wrote:
> On Tue, May 13, 2014 at 8:06 AM, ÐлÑÑ ÐÑжанников <iarzhanni...@gmail.com> wrote: > I am trying to use linux port systrace. And I found the problem. When I run under systrace (it does not matter with -A or -a (actually it never came till -a)) something that use vfork systrace and children processes hangup. I saw in sources that linux port uses ptrace as backend because it's not a native systrace subsystem. And linux systrace try to rewrite vfork system call on sys_clone, but it give nothing. With fork everything is ok, because fork is wrap around clone syscall and systrace just add one more flag to call it. > > Has anyone experience this problem? > > This isn't too surprising: vfork() is defined as stopping the parent process until the child exits or execs, but ptrace() works by reparenting the target process, so the child that you're supposed to block for isn't yours anymore. Rewriting vfork() into a clone() call isn't any easier: Linux follows the original semantics which preserve the the exact stack contents and registers. That's why on some Linux archs vfork() is a syscall and not just a wrapper of clone(): clone() has so many args that it requires stack manipulations that vfork() can't do. > > Stepping back, I would suggest you look at what native control subsystems are offered by Linux that might do what you need to do. For example, can your problem be solved with SELinux? > > (systrace is only used in the OpenBSD base for some ports building work and for sshd privsep sandboxing... but as soon as I or someone else comes up with a simpler replacement for it for those functions, it'll be removed.) > > > Philip Guenther > Hi. I fixed hangup on vfork syscall. But now when child process that was vforked calls exec* function ptrace return user_regs_struct (after call ptrace(PTRACE_GETREGS, ...)) with rdi rsi rdx rcx r8 r9 register equal to 0 (zero). How it could be?
