Do not require ptrace any more

mildred · Dec 14, 2023 · ac66df4 · ac66df4
1 parent d7eeb8d
commit ac66df4
Show file tree

Hide file tree

Showing 4 changed files with 244 additions and 159 deletions.
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -16,7 +16,7 @@ jobs:
   # This workflow contains a single job called "build"
   build:
     # The type of runner that the job will run on
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:

diff --git a/README.md b/README.md
@@ -15,10 +15,13 @@ Under the hood, it works in two ways:
 
   It uses `SECCOMP_RET_USER_NOTIF` which is only available on recent kernels.
 
-- if systemd socket activation is needed, then it uses seccomp in combinaison
-  with ptrace and when a `bind()` system call is detected, then the process is
-  stopped and ptrace is used to alter the process. The system call registers are
-  dumped and if the address bound matches a pattern:
+  If systemd socket activation is needed, then it uses
+  `SECCOMP_IOCTL_NOTIF_ADDFD` which is even newer.
+
+- if `-p` flag is specified, then it uses seccomp in combinaison with ptrace and
+  when a `bind()` system call is detected, then the process is stopped and
+  ptrace is used to alter the process. The system call registers are dumped and
+  if the address bound matches a pattern:
 
     - either ptrace is used to replace the address with a replacement address,
       just like with seccomp, and the bind system call continues
@@ -27,10 +30,6 @@ Under the hood, it works in two ways:
       call is replaced by the `dup2()` system call and the return value is
       altered to return `0` in case of success.
 
-In the future, when `SECCOMP_NOTIFY_IOCTL_ADDFD` will become available, then
-ptrace could be entirely replaced by seccomp, including when systemd socket
-activation is needed.
-
 This is still a young project. Don't hesitate to report bugs or submit fixes.
 
 Known bugs

diff --git a/ip_funcs.h b/ip_funcs.h
@@ -3,6 +3,7 @@
 
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/un.h>
 #include <netdb.h>
 
 
@@ -49,14 +50,24 @@ get_ip_str(const struct sockaddr *sa, char *s, size_t maxlen)
 {
 #define sa4 ((struct sockaddr_in *)sa)
 #define sa6 ((struct sockaddr_in6 *)sa)
+#define sun ((struct sockaddr_un *)sa)
     char addr[1024];
 
     if(!sa) {
-        strncpy(s, "(null)", maxlen);
+        strncpy(s, "(nullptr)", maxlen);
         return s;
     }
 
     switch(sa->sa_family) {
+        case AF_UNIX: {
+            if (sun->sun_path[0] == 0) {
+                snprintf(s, maxlen, "\"\\0%s\"", &sun->sun_path[1]);
+            } else {
+                snprintf(s, maxlen, "\"%s\"", sun->sun_path);
+            }
+            break;
+        }
+
         case AF_INET: {
             inet_ntop(AF_INET, &(sa4->sin_addr), addr, sizeof(addr));
             snprintf(s, maxlen, "%s:%d", addr, ntohs(sa4->sin_port));
@@ -69,12 +80,14 @@ get_ip_str(const struct sockaddr *sa, char *s, size_t maxlen)
             break;
 
         default:
-            return NULL;
+            snprintf(s, maxlen, "(family=%d)", sa->sa_family);
+            break;
     }
 
     return s;
 #undef sa4
 #undef sa6
+#undef sun
 }
 
 #endif