As --seccomp-bpf does not support detaching, explicitly turn off
this option when -b execve is specified.
* strace.c (init): Turn off --seccomp-bpf when -b execve is specified.
* NEWS: Mention this fix.
* tests/bexecve.test: Check it.
Fixes: v5.3~7 "Introduce seccomp-assisted syscall filtering"
==============================================
* Bug fixes
+ * Fixed -b execve when --seccomp-bpf option is specified.
* Fixed build on no-MMU architectures.
Noteworthy changes in release 5.3 (2019-09-25)
error_msg_and_help("PROG [ARGS] must be specified with -D");
}
+ if (seccomp_filtering && detach_on_execve) {
+ error_msg("--seccomp-bpf is not enabled because"
+ " it is not compatible with -b");
+ seccomp_filtering = false;
+ }
+
if (seccomp_filtering) {
if (nprocs && (!argc || debug_flag))
error_msg("--seccomp-bpf is not enabled for processes"
dump_log_and_fail_with "$STRACE $args: unexpected output"
fi
+run_strace_redir --seccomp-bpf -bexecve -enone ../set_ptracer_any false ||
+ dump_log_and_fail_with "$STRACE $args: unexpected exit status"
+
+pattern_seccomp='[^:]*strace: --seccomp-bpf is not enabled because it is not compatible with -b'
+
+LC_ALL=C grep -x "$pattern_detached" "$LOG" > /dev/null &&
+LC_ALL=C grep -x "$pattern_seccomp" "$LOG" > /dev/null ||
+ dump_log_and_fail_with "$STRACE $args: output mismatch"
+
+pattern_all="$pattern_detached|$pattern_seccomp|$pattern_personality"
+if LC_ALL=C grep -E -v -x "$pattern_all" "$LOG" > /dev/null; then
+ dump_log_and_fail_with "$STRACE $args: unexpected output"
+fi
+
exit 0