handleStatx handles the statx(2) syscall.
(n *seccomp.Notif, dirfd int, pathAddr uintptr, flags int, mask int, bufAddr uintptr)
| 214 | |
| 215 | // handleStatx handles the statx(2) syscall. |
| 216 | func (p *Process) handleStatx(n *seccomp.Notif, dirfd int, pathAddr uintptr, flags int, mask int, bufAddr uintptr) error { |
| 217 | path, errno, err := p.resolvePath(n, dirfd, pathAddr) |
| 218 | if err != nil { |
| 219 | return fmt.Errorf("resolve path: %w", err) |
| 220 | } |
| 221 | if errno != 0 { |
| 222 | return n.Return(0, errno) |
| 223 | } |
| 224 | if !tls.Enabled || !tls.IsKnownPath(path) { |
| 225 | return n.Skip() |
| 226 | } |
| 227 | |
| 228 | ephemeralPEM := tls.GetEphemeralCAPEM() |
| 229 | |
| 230 | pathb := []byte(path) |
| 231 | |
| 232 | var orig linux.Statx |
| 233 | b := make([]byte, orig.SizeBytes(), orig.SizeBytes()) |
| 234 | if _, _, errno := unix.Syscall6(unix.SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(&pathb[0])), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(&b[0])), 0); errno != 0 { |
| 235 | return n.Skip() |
| 236 | } |
| 237 | orig.UnmarshalBytes(b) |
| 238 | |
| 239 | repl := orig |
| 240 | repl.Size += uint64(len(ephemeralPEM)) |
| 241 | b = make([]byte, repl.SizeBytes(), repl.SizeBytes()) |
| 242 | repl.MarshalBytes(b) |
| 243 | |
| 244 | errno, err = p.vmWriteBytes(n, bufAddr, b) |
| 245 | if err != nil { |
| 246 | return fmt.Errorf("write statx to process memory: %w", err) |
| 247 | } |
| 248 | return n.Return(0, errno) |
| 249 | } |
| 250 | |
| 251 | // handleClose handles the close(2) syscall. |
| 252 | func (p *Process) handleClose(n *seccomp.Notif, fd int) error { |
no test coverage detected