HandleMountSyscall handles mount syscalls.
(c Instance, siov *Iovec)
| 1988 | |
| 1989 | // HandleMountSyscall handles mount syscalls. |
| 1990 | func (srv *Server) HandleMountSyscall(c Instance, siov *Iovec) int { |
| 1991 | ctx := logger.Ctx{ |
| 1992 | "container": c.Name(), |
| 1993 | "project": c.Project().Name, |
| 1994 | "syscall_number": siov.req.data.nr, |
| 1995 | "audit_architecture": siov.req.data.arch, |
| 1996 | "seccomp_notify_id": siov.req.id, |
| 1997 | "seccomp_notify_flags": siov.req.flags, |
| 1998 | "seccomp_notify_pid": siov.req.pid, |
| 1999 | "seccomp_notify_fd": siov.notifyFd, |
| 2000 | "seccomp_notify_mem_fd": siov.memFd, |
| 2001 | } |
| 2002 | |
| 2003 | defer logger.Debug("Handling mount syscall", ctx) |
| 2004 | |
| 2005 | args := MountArgs{ |
| 2006 | pid: int(siov.req.pid), |
| 2007 | } |
| 2008 | |
| 2009 | pidFdNr, pidFd, err := MakePidFd(args.pid) |
| 2010 | if err != nil { |
| 2011 | ctx["err"] = fmt.Sprintf("Failed to open pidfd: %s", err) |
| 2012 | ctx["syscall_continue"] = "true" |
| 2013 | C.seccomp_notify_update_response(siov.resp, 0, C.uint32_t(seccompUserNotifFlagContinue)) |
| 2014 | return 0 |
| 2015 | } |
| 2016 | |
| 2017 | defer logger.WarnOnError(pidFd.Close, "Failed to close pidfd") |
| 2018 | |
| 2019 | mntSource := [unix.PathMax]C.char{} |
| 2020 | mntTarget := [unix.PathMax]C.char{} |
| 2021 | mntFs := [unix.PathMax]C.char{} |
| 2022 | mntData := [unix.PathMax]C.char{} |
| 2023 | |
| 2024 | // const char *source |
| 2025 | if siov.req.data.args[0] != 0 { |
| 2026 | _, err := C.pread(C.int(siov.memFd), unsafe.Pointer(&mntSource[0]), C.size_t(unix.PathMax), C.off_t(siov.req.data.args[0])) |
| 2027 | if err != nil { |
| 2028 | ctx["err"] = fmt.Sprintf("Failed to read source path for of mount syscall: %s", err) |
| 2029 | ctx["syscall_continue"] = "true" |
| 2030 | C.seccomp_notify_update_response(siov.resp, 0, C.uint32_t(seccompUserNotifFlagContinue)) |
| 2031 | return 0 |
| 2032 | } |
| 2033 | } |
| 2034 | args.source = C.GoString(&mntSource[0]) |
| 2035 | ctx["source"] = args.source |
| 2036 | |
| 2037 | // const char *target |
| 2038 | if siov.req.data.args[1] != 0 { |
| 2039 | _, err := C.pread(C.int(siov.memFd), unsafe.Pointer(&mntTarget[0]), C.size_t(unix.PathMax), C.off_t(siov.req.data.args[1])) |
| 2040 | if err != nil { |
| 2041 | ctx["err"] = fmt.Sprintf("Failed to read target path for of mount syscall: %s", err) |
| 2042 | ctx["syscall_continue"] = "true" |
| 2043 | C.seccomp_notify_update_response(siov.resp, 0, C.uint32_t(seccompUserNotifFlagContinue)) |
| 2044 | return 0 |
| 2045 | } |
| 2046 | } |
| 2047 | args.target = C.GoString(&mntTarget[0]) |
no test coverage detected