Re: linux port of systrace
On May 14, 2014, at 10:49, Philip Guenther wrote: > On Tue, May 13, 2014 at 8:06 AM, ÐлÑÑ ÐÑжанников wrote: > I am trying to use linux port systrace. And I found the problem. When I run under systrace (it does not matter with -A or -a (actually it never came till -a)) something that use vfork systrace and children processes hangup. I saw in sources that linux port uses ptrace as backend because it's not a native systrace subsystem. And linux systrace try to rewrite vfork system call on sys_clone, but it give nothing. With fork everything is ok, because fork is wrap around clone syscall and systrace just add one more flag to call it. > > Has anyone experience this problem? > > This isn't too surprising: vfork() is defined as stopping the parent process until the child exits or execs, but ptrace() works by reparenting the target process, so the child that you're supposed to block for isn't yours anymore. Rewriting vfork() into a clone() call isn't any easier: Linux follows the original semantics which preserve the the exact stack contents and registers. That's why on some Linux archs vfork() is a syscall and not just a wrapper of clone(): clone() has so many args that it requires stack manipulations that vfork() can't do. > > Stepping back, I would suggest you look at what native control subsystems are offered by Linux that might do what you need to do. For example, can your problem be solved with SELinux? > > (systrace is only used in the OpenBSD base for some ports building work and for sshd privsep sandboxing... but as soon as I or someone else comes up with a simpler replacement for it for those functions, it'll be removed.) > > > Philip Guenther > Hi. I fixed hangup on vfork syscall. But now when child process that was vforked calls exec* function ptrace return user_regs_struct (after call ptrace(PTRACE_GETREGS, ...)) with rdi rsi rdx rcx r8 r9 register equal to 0 (zero). How it could be?
Re: linux port of systrace
net.ipv6.conf.eth1.optimistic_dad = 0 net.ipv6.conf.eth1.mc_forwarding = 0 net.ipv6.conf.eth1.disable_ipv6 = 0 net.ipv6.conf.eth1.accept_dad = 1 net.ipv6.ip6frag_high_thresh = 262144 net.ipv6.ip6frag_low_thresh = 196608 net.ipv6.ip6frag_time = 60 net.ipv6.route.gc_thresh = 1024 net.ipv6.route.max_size = 4096 net.ipv6.route.gc_min_interval = 0 net.ipv6.route.gc_timeout = 60 net.ipv6.route.gc_interval = 30 net.ipv6.route.gc_elasticity = 0 net.ipv6.route.mtu_expires = 600 net.ipv6.route.min_adv_mss = 1 net.ipv6.route.gc_min_interval_ms = 500 net.ipv6.icmp.ratelimit = 1000 net.ipv6.bindv6only = 0 net.ipv6.nf_conntrack_frag6_timeout = 60 net.ipv6.nf_conntrack_frag6_low_thresh = 196608 net.ipv6.nf_conntrack_frag6_high_thresh = 262144 net.ipv6.ip6frag_secret_interval = 600 net.ipv6.mld_max_msf = 64 net.nf_conntrack_max = 15692 net.unix.max_dgram_qlen = 10 abi.vsyscall32 = 1 crypto.fips_enabled = 0 On May 13, 2014, at 21:37, Илья Аржанников wrote: > > On May 13, 2014, at 21:13, Vadim Zhukov wrote: > >> 2014-05-13 19:06 GMT+04:00 Илья Аржанников : >>> Hello. >>> >>> I am trying to use linux port systrace. And I found the problem. When I run &
Re: linux port of systrace
On May 13, 2014, at 21:13, Vadim Zhukov wrote: > 2014-05-13 19:06 GMT+04:00 Илья Аржанников : >> Hello. >> >> I am trying to use linux port systrace. And I found the problem. When I run >> under systrace (it does not matter with -A or -a (actually it never came >> till -a)) something that use vfork systrace and children processes hangup. I >> saw in sources that linux port uses ptrace as backend because it's not a >> native systrace subsystem. And linux systrace try to rewrite vfork system >> call on sys_clone, but it give nothing. With fork everything is ok, because >> fork is wrap around clone syscall and systrace just add one more flag to >> call it. >> >> Has anyone experience this problem? > > Does this also happen with only one CPU? Not applicable, I'm already trying it under virtual box with one cpu. And on dedicated server with core-i7. > -- > WBR, > Vadim Zhukov
linux port of systrace
Hello. I am trying to use linux port systrace. And I found the problem. When I run under systrace (it does not matter with -A or -a (actually it never came till -a)) something that use vfork systrace and children processes hangup. I saw in sources that linux port uses ptrace as backend because it's not a native systrace subsystem. And linux systrace try to rewrite vfork system call on sys_clone, but it give nothing. With fork everything is ok, because fork is wrap around clone syscall and systrace just add one more flag to call it. Has anyone experience this problem?
