MCPcopy
hub / github.com/lxc/incus / HandleMountSyscall

Method HandleMountSyscall

internal/server/seccomp/seccomp.go:1990–2208  ·  view source on GitHub ↗

HandleMountSyscall handles mount syscalls.

(c Instance, siov *Iovec)

Source from the content-addressed store, hash-verified

1988
1989// HandleMountSyscall handles mount syscalls.
1990func (srv *Server) HandleMountSyscall(c Instance, siov *Iovec) int {
1991 ctx := logger.Ctx{
1992 "container": c.Name(),
1993 "project": c.Project().Name,
1994 "syscall_number": siov.req.data.nr,
1995 "audit_architecture": siov.req.data.arch,
1996 "seccomp_notify_id": siov.req.id,
1997 "seccomp_notify_flags": siov.req.flags,
1998 "seccomp_notify_pid": siov.req.pid,
1999 "seccomp_notify_fd": siov.notifyFd,
2000 "seccomp_notify_mem_fd": siov.memFd,
2001 }
2002
2003 defer logger.Debug("Handling mount syscall", ctx)
2004
2005 args := MountArgs{
2006 pid: int(siov.req.pid),
2007 }
2008
2009 pidFdNr, pidFd, err := MakePidFd(args.pid)
2010 if err != nil {
2011 ctx["err"] = fmt.Sprintf("Failed to open pidfd: %s", err)
2012 ctx["syscall_continue"] = "true"
2013 C.seccomp_notify_update_response(siov.resp, 0, C.uint32_t(seccompUserNotifFlagContinue))
2014 return 0
2015 }
2016
2017 defer logger.WarnOnError(pidFd.Close, "Failed to close pidfd")
2018
2019 mntSource := [unix.PathMax]C.char{}
2020 mntTarget := [unix.PathMax]C.char{}
2021 mntFs := [unix.PathMax]C.char{}
2022 mntData := [unix.PathMax]C.char{}
2023
2024 // const char *source
2025 if siov.req.data.args[0] != 0 {
2026 _, err := C.pread(C.int(siov.memFd), unsafe.Pointer(&mntSource[0]), C.size_t(unix.PathMax), C.off_t(siov.req.data.args[0]))
2027 if err != nil {
2028 ctx["err"] = fmt.Sprintf("Failed to read source path for of mount syscall: %s", err)
2029 ctx["syscall_continue"] = "true"
2030 C.seccomp_notify_update_response(siov.resp, 0, C.uint32_t(seccompUserNotifFlagContinue))
2031 return 0
2032 }
2033 }
2034 args.source = C.GoString(&mntSource[0])
2035 ctx["source"] = args.source
2036
2037 // const char *target
2038 if siov.req.data.args[1] != 0 {
2039 _, err := C.pread(C.int(siov.memFd), unsafe.Pointer(&mntTarget[0]), C.size_t(unix.PathMax), C.off_t(siov.req.data.args[1]))
2040 if err != nil {
2041 ctx["err"] = fmt.Sprintf("Failed to read target path for of mount syscall: %s", err)
2042 ctx["syscall_continue"] = "true"
2043 C.seccomp_notify_update_response(siov.resp, 0, C.uint32_t(seccompUserNotifFlagContinue))
2044 return 0
2045 }
2046 }
2047 args.target = C.GoString(&mntTarget[0])

Callers 1

handleSyscallMethod · 0.95

Implementers 3

ProtocolSimpleStreamsclient/simplestreams.go
ProtocolIncusclient/incus.go
ProtocolOCIclient/oci.go

Calls 15

MountSyscallShiftMethod · 0.95
MountSyscallValidMethod · 0.95
DebugFunction · 0.92
WarnOnErrorFunction · 0.92
PathExistsFunction · 0.92
PidfdSendSignalFunction · 0.92
RunCommandSplitFunction · 0.92
MakePidFdFunction · 0.85
TaskIDsFunction · 0.85
mountFlagsToOptsFunction · 0.85
ShiftFromNSMethod · 0.80

Tested by

no test coverage detected