Implementation of setns decoding

Luca Marturana · Luca Marturana · commit a353da7dfac9 · 2015-06-19T18:17:01.000+02:00
diff --git a/driver/event_table.c b/driver/event_table.c
@@ -262,4 +262,6 @@ const struct ppm_event_info g_event_info[PPM_EVENT_MAX] = {
 	/* PPME_SYSCALL_GETDENTS_X */{"getdents", EC_FILE, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC} } },
 	/* PPME_SYSCALL_GETDENTS64_E */{"getdents64", EC_FILE, EF_USES_FD, 1, {{"fd", PT_FD, PF_NA} } },
 	/* PPME_SYSCALL_GETDENTS64_X */{"getdents64", EC_FILE, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC} } },
+	/* PPME_SYSCALL_SETNS_E */ {"setns", EC_PROCESS, EF_USES_FD, 2, {{"fd", PT_FD, PF_NA}, {"nstype", PT_FLAGS32, PF_HEX, clone_flags}}},
+	/* PPME_SYSCALL_SETNS_X */ {"setns", EC_PROCESS, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC}}},
 };
diff --git a/driver/ppm_events_public.h b/driver/ppm_events_public.h
@@ -642,7 +642,9 @@ enum ppm_event_type {
 	PPME_SYSCALL_GETDENTS_X = 237,
 	PPME_SYSCALL_GETDENTS64_E = 238,
 	PPME_SYSCALL_GETDENTS64_X = 239,
-	PPM_EVENT_MAX = 240
+	PPME_SYSCALL_SETNS_E = 240,
+	PPME_SYSCALL_SETNS_X = 241,
+	PPM_EVENT_MAX = 242
 };
 /*@}*/
 
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
@@ -123,6 +123,7 @@ static int f_sys_getresuid_and_gid_x(struct event_filler_arguments *args);
 #ifdef CAPTURE_SIGNAL_DELIVERIES
 static int f_sys_signaldeliver_e(struct event_filler_arguments *args);
 #endif
+static int f_sys_setns_e(struct event_filler_arguments *args);
 
 /*
  * Note, this is not part of g_event_info because we want to share g_event_info with userland.
@@ -333,6 +334,8 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = {
 	[PPME_SYSCALL_GETDENTS_X] = {f_sys_single_x},
 	[PPME_SYSCALL_GETDENTS64_E] = {f_sys_single},
 	[PPME_SYSCALL_GETDENTS64_X] = {f_sys_single_x},
+	[PPME_SYSCALL_SETNS_E] = {f_sys_setns_e},
+	[PPME_SYSCALL_SETNS_X] = {PPM_AUTOFILL, 1, APT_REG, {{AF_ID_RETVAL} } },
 };
 
 /*
@@ -3177,9 +3180,7 @@ static int f_sched_switch_e(struct event_filler_arguments *args)
 	steal = cputime64_to_clock_t(kcpustat_this_cpu->cpustat[CPUTIME_STEAL]);
 	res = val_to_ring(args, steal, 0, false);
 	if(unlikely(res != PPM_SUCCESS))
-	{
 		return res;
-	}
 #endif
 
 	return add_sentinel(args);
@@ -4303,6 +4304,32 @@ static int f_sys_getresuid_and_gid_x(struct event_filler_arguments *args)
 	return add_sentinel(args);
 }
 
+static int f_sys_setns_e(struct event_filler_arguments *args)
+{
+	unsigned long val;
+	int res;
+	u32 flags;
+
+	/*
+	 * parse fd
+	 */
+	syscall_get_arguments(current, args->regs, 0, 1, &val);
+	res = val_to_ring(args, val, 0, true, 0);
+	if (unlikely(res != PPM_SUCCESS))
+		return res;
+
+	/*
+	 * get type, parse as clone flags as it's a subset of it
+	 */
+	syscall_get_arguments(current, args->regs, 1, 1, &val);
+	flags = clone_flags_to_scap(val);
+	res = val_to_ring(args, flags, 0, true, 0);
+	if (unlikely(res != PPM_SUCCESS))
+		return res;
+
+	return add_sentinel(args);
+}
+
 #ifdef CAPTURE_SIGNAL_DELIVERIES
 static int f_sys_signaldeliver_e(struct event_filler_arguments *args)
 {
diff --git a/driver/syscall_table.c b/driver/syscall_table.c
@@ -243,6 +243,9 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = {
 #endif
 	[__NR_getdents - SYSCALL_TABLE_ID0] =                   {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_GETDENTS_E, PPME_SYSCALL_GETDENTS_X},
 	[__NR_getdents64 - SYSCALL_TABLE_ID0] =                 {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_GETDENTS64_E, PPME_SYSCALL_GETDENTS64_X},
+#ifdef __NR_setns
+    [__NR_setns - SYSCALL_TABLE_ID0] =                      {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_SETNS_E, PPME_SYSCALL_SETNS_X},
+#endif
 };
 
 /*
@@ -775,4 +778,7 @@ const enum ppm_syscall_code g_syscall_code_routing_table[SYSCALL_TABLE_SIZE] = {
 #ifdef __NR_getresgid32
 	[__NR_getresgid32 - SYSCALL_TABLE_ID0] = PPM_SC_GETRESGID32,
 #endif
+#ifdef __NR_setns
+	[__NR_setns - SYSCALL_TABLE_ID0] = PPM_SC_SETNS,
+#endif
 };
diff --git a/userspace/libscap/event_table.c b/userspace/libscap/event_table.c
@@ -262,4 +262,6 @@ const struct ppm_event_info g_event_info[PPM_EVENT_MAX] = {
 	/* PPME_SYSCALL_GETDENTS_X */{"getdents", EC_FILE, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC} } },
 	/* PPME_SYSCALL_GETDENTS64_E */{"getdents64", EC_FILE, EF_USES_FD, 1, {{"fd", PT_FD, PF_NA} } },
 	/* PPME_SYSCALL_GETDENTS64_X */{"getdents64", EC_FILE, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC} } },
+	/* PPME_SYSCALL_SETNS_E */ {"setns", EC_PROCESS, EF_USES_FD, 2, {{"fd", PT_FD, PF_NA}, {"nstype", PT_FLAGS32, PF_HEX, clone_flags}}},
+	/* PPME_SYSCALL_SETNS_X */ {"setns", EC_PROCESS, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC}}},
 };
