subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)

2021-02-01 23:22:43 +01:00 · 2021-02-01 23:22:43 +01:00 · e1e80e8efa
commit e1e80e8efa
parent 88647a0819
4 changed files with 21 additions and 11 deletions
--- a/caps.cc
+++ b/caps.cc
@ -256,8 +256,8 @@ bool initNs(nsjconf_t* nsjconf) {
 			if (getInheritable(cap_data, i.val)) {
 				continue;
 			}
-			if (prctl(PR_CAPBSET_READ, (unsigned long)i.val, 0UL, 0UL, 0UL) ==
-				-1 && errno == EINVAL) {
+			if (prctl(PR_CAPBSET_READ, (unsigned long)i.val, 0UL, 0UL, 0UL) == -1 &&
+			    errno == EINVAL) {
 				LOG_D("Skipping unsupported capability: %s", i.name);
 				continue;
 			}
--- a/macros.h
+++ b/macros.h
@ -58,7 +58,7 @@ static void __attribute__ ((unused)) __clang_cleanup_func(void (^*dfunc) (void))
 #define _DEFER(a, count)                                                                          \
 	auto void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused)));         \
 	int _STRMERGE(__defer_var_, count) __attribute__((cleanup(_STRMERGE(__defer_f_, count)))) \
-	    __attribute__((unused));                                                              \
+	__attribute__((unused));                                                                  \
 	void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused)))
 #define defer _DEFER(a, __COUNTER__)
 #endif
--- a/subproc.cc
+++ b/subproc.cc
@ -194,7 +194,7 @@ static void subprocNewProc(
 #if defined(__NR_execveat)
 		util::syscall(__NR_execveat, nsjconf->exec_fd, (uintptr_t) "",
 		    (uintptr_t)argv.data(), (uintptr_t)environ, AT_EMPTY_PATH);
-#else /* defined(__NR_execveat) */
+#else  /* defined(__NR_execveat) */
 		LOG_E("Your system doesn't support execveat() syscall");
 		return;
 #endif /* defined(__NR_execveat) */
@ -259,8 +259,11 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {

 	const auto& p = nsjconf->pids.find(si->si_pid);
 	if (p == nsjconf->pids.end()) {
-		LOG_W("pid=%d SiSyscall: %d, SiCode: %d, SiErrno: %d, SiSigno: %d", (int)si->si_pid,
-		    si->si_syscall, si->si_code, si->si_errno, si->si_signo);
+		LOG_W(
+		    "pid=%d SiSyscall: %d, SiCode: %d, SiErrno: %d, SiSigno: %d. (If "
+		    "SiSyscall==31, then it's most likely the SIGSYS value. See 'dmesg' or "
+		    "'journalctl -ek' for possible auditd report with more data)",
+		    (int)si->si_pid, si->si_syscall, si->si_code, si->si_errno, si->si_signo);
 		LOG_E("Couldn't find pid element in the subproc list for pid=%d", (int)si->si_pid);
 		return;
 	}
@ -268,7 +271,10 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
 	char buf[4096];
 	ssize_t rdsize = util::readFromFd(p->second.pid_syscall_fd, buf, sizeof(buf) - 1);
 	if (rdsize < 1) {
-		LOG_W("pid=%d, SiSyscall: %d, SiCode: %d, SiErrno: %d, SiSigno: %d",
+		LOG_W(
+		    "pid=%d, SiSyscall: %d, SiCode: %d, SiErrno: %d, SiSigno: %d. (If "
+		    "SiSyscall==31, then it's most likely the SIGSYS value. See 'dmesg' or "
+		    "'journalctl -ek' for possible auditd report with more data)",
 		    (int)si->si_pid, si->si_syscall, si->si_code, si->si_errno, si->si_signo);
 		return;
 	}
@ -287,11 +293,15 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
 	} else if (ret == 3) {
 		LOG_W(
 		    "pid=%d, SiSyscall: %d, SiCode: %d, SiErrno: %d, SiSigno: %d, SP: %#tx, PC: "
-		    "%#tx",
+		    "%#tx (If SiSyscall==31, then it's most likely the SIGSYS value. See 'dmesg' "
+		    "or 'journalctl -ek' for possible auditd report with more data)",
 		    (int)si->si_pid, si->si_syscall, si->si_code, si->si_errno, si->si_signo, arg1,
 		    arg2);
 	} else {
-		LOG_W("pid=%d, SiSyscall: %d, SiCode: %d, SiErrno: %d, Syscall string '%s'",
+		LOG_W(
+		    "pid=%d, SiSyscall: %d, SiCode: %d, SiErrno: %d, Syscall string '%s'. (If "
+		    "SiSyscall==31, then it's most likely the SIGSYS value. See 'dmesg' or "
+		    "'journalctl -ek' for possible auditd report with more data)",
 		    (int)si->si_pid, si->si_syscall, si->si_code, si->si_errno, buf);
 	}
 }
--- a/user.cc
+++ b/user.cc
@ -68,7 +68,7 @@ static bool setResGid(gid_t gid) {
 		PLOG_W("setresgid32(%d)", (int)gid);
 		return false;
 	}
-#else /* defined(__NR_setresgid32) */
+#else  /* defined(__NR_setresgid32) */
 	if (util::syscall(__NR_setresgid, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
 		PLOG_W("setresgid(%d)", gid);
 		return false;
@ -84,7 +84,7 @@ static bool setResUid(uid_t uid) {
 		PLOG_W("setresuid32(%d)", (int)uid);
 		return false;
 	}
-#else /* defined(__NR_setresuid32) */
+#else  /* defined(__NR_setresuid32) */
 	if (util::syscall(__NR_setresuid, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
 		PLOG_W("setresuid(%d)", uid);
 		return false;