Start seccomp-enabled services via seccomp-trace

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
author: Michal Sojka <sojkam1@fel.cvut.cz> 2017-09-12 13:12:43 +0200
committer: John Crispin <john@phrozen.org> 2017-09-28 08:26:56 +0200
commit: e3c4302c3a9735bf46c98f5b34a12d5ce864f49f (patch)
tree: 7882c84504b747695882ce634e655e4ad0551033 /service
parent: 5e4ad0270bedf98da1d47e3e1306f7b66b6b29c7 (diff)
download: procd-e3c4302c3a9735bf46c98f5b34a12d5ce864f49f.tar.gz
1 files changed, 4 insertions, 5 deletions
diff --git a/service/instance.c b/service/instance.c
index 1760a09..7703686 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -303,16 +303,13 @@ instance_run(struct service_instance *in, int _stdout, int _stderr)
 	if (seccomp)
 		setenv("SECCOMP_FILE", in->seccomp, 1);
 
-	if ((seccomp || setlbf) && asprintf(&ld_preload, "LD_PRELOAD=%s%s%s",
-			seccomp ? "/lib/libpreload-seccomp.so" : "",
-			seccomp && setlbf ? ":" : "",
-			setlbf ? "/lib/libsetlbf.so" : "") > 0)
+	if (setlbf && asprintf(&ld_preload, "LD_PRELOAD=/lib/libsetlbf.so") > 0)
 		putenv(ld_preload);
 
 	blobmsg_list_for_each(&in->limits, var)
 		instance_limits(blobmsg_name(var->data), blobmsg_data(var->data));
 
-	if (in->trace)
+	if (in->trace || seccomp)
 		argc += 1;
 
 	argv = alloca(sizeof(char *) * (argc + in->jail.argc));
@@ -320,6 +317,8 @@ instance_run(struct service_instance *in, int _stdout, int _stderr)
 
 	if (in->trace)
 		argv[argc++] = trace;
+	else if (seccomp)
+		argv[argc++] = "/sbin/seccomp-trace";
 
 	if (in->has_jail)
 		argc = jail_run(in, argv);
author	Michal Sojka <sojkam1@fel.cvut.cz>	2017-09-12 13:12:43 +0200
committer	John Crispin <john@phrozen.org>	2017-09-28 08:26:56 +0200
commit	e3c4302c3a9735bf46c98f5b34a12d5ce864f49f (patch)
tree	7882c84504b747695882ce634e655e4ad0551033 /service
parent	5e4ad0270bedf98da1d47e3e1306f7b66b6b29c7 (diff)
download	procd-e3c4302c3a9735bf46c98f5b34a12d5ce864f49f.tar.gz