installSocket installs a socket into the process's file descriptor table and completes the seccomp notification.
(n *seccomp.Notif, sock *socket.Socket, flags int)
| 111 | // installSocket installs a socket into the process's file descriptor table and |
| 112 | // completes the seccomp notification. |
| 113 | func (p *Process) installSocket(n *seccomp.Notif, sock *socket.Socket, flags int) error { |
| 114 | if !sock.FD.IncRef() { |
| 115 | return unix.EBADF |
| 116 | } |
| 117 | defer sock.FD.DecRef() |
| 118 | |
| 119 | // Acquire the mutex because we want all subsequent getSocket calls to see |
| 120 | // that this is a socket we care about. Since the tracer engine may have |
| 121 | // multiple concurrent workers, we need synchronization until the end of this |
| 122 | // function. |
| 123 | p.mu.Lock() |
| 124 | defer p.mu.Unlock() |
| 125 | |
| 126 | p.itab.Add(sock.Inode) |
| 127 | |
| 128 | fd, err := n.AddFD(sock.FD, flags) |
| 129 | if err != nil { |
| 130 | return fmt.Errorf("addfd: %w", err) |
| 131 | } |
| 132 | if p.sockets[fd] != nil { |
| 133 | return fmt.Errorf("register: socket already exists") |
| 134 | } |
| 135 | p.sockets[fd] = sock |
| 136 | |
| 137 | slog.Debug("registered socket", "proc", p, "sock", sock, "fd", fmt.Sprintf("targfd_%d", fd)) |
| 138 | return nil |
| 139 | } |
| 140 | |
| 141 | func (p *Process) ImportInode(targetFD int, inode *socket.Inode) error { |
| 142 | fd, errno := p.getFD(targetFD) |
no test coverage detected