The code uses ByteSliceFromString first, which
- checks that the string does not contain \0;
- copies the string to a byte slice which ends with \0.
Next, it does one more copy, to sa.raw fields.
Double copying is not needed because:
- the code already checks that there's an extra byte for \0 in the
sa.raw field;
- there is no need to check for \0 byte in the middle of the fields
(those are hash and cipher names, and an unknown name will result in
EINVAL from the kernel).
While at it, remove the use of magic numbers.
Change-Id: I0cf096fad6f974507d4aa8d429f077000b3bb639
Reviewed-on: https://go-review.googlesource.com/c/sys/+/527836
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Kirill Kolyshkin <kolyshkin@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Add wrappers for sched_getattr(2) and sched_setattr(2), as well as
various SCHED_ values usable for these.
The kludge in linux/types.go is needed so we can include both
linux/sched/types.h (for struct sched_attr) and sched.h (for a few
defines from include/bits/cpu-set.h).
Unfortunately, they both define struct sched_param, thus the need to
mask one of the definitions.
Change-Id: I3e13cf49ccef7ae81a75d33826d18de84a52106d
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Reviewed-on: https://go-review.googlesource.com/c/sys/+/516756
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
On Linux, the last argument of pselect6 system call is **not** a
sigseg_t * pointer, but instead it is a structure of the form:
struct {
const sigset_t *ss; /* Pointer to signal set */
size_t ss_len; /* Size (in bytes) of object pointed
};
See man 2 pselect6.
Fixes#61251
Change-Id: Id0aa122a77796713bc6d624dc395d396fbc0c5e2
GitHub-Last-Rev: cb3c6d7da9
GitHub-Pull-Request: golang/sys#167
Reviewed-on: https://go-review.googlesource.com/c/sys/+/510195
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
As of Go 1.21 syscall.Setrlimit and syscall.prlimit can affect
starting a new process, by restoring the original NOFILE rlimit.
That is recorded locally in the syscall package, so just always
call the syscall functions.
For golang/go#46279
Change-Id: I2f3dafe5562a7dde1297bad6f5d34a80af5d620b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/476695
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
CL 469835 broke the syscall wrapper generation on linux and freebsd by
generating a wrapper for the inexistent SYS_PTRACE_PTR syscall. The
ptracePtr added by CL 469835 correctly uses SYS_PTRACE, likely because
it was manually edited in that CL. However, the incorrect SYS_PTRACE_PTR
syscall is used when regenerating the syscall wrappers.
Change-Id: I270d66511f926d30a9d347930e977a026e033998
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470175
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
CL 126516 added support for flags argument, implemented in the same way
as glibc does (it tries to guess what the kernel would do).
CL 246537 added using faccess2(2) Linux syscall which supports the flags
directly. For older kernels, though, the syscall is not available, and
the code uses glibc-like fallback.
There is one very specific scenario in which the fallback fails.
The scenario involves all these conditions:
- no faccessat2 support available (i.e. either Linux kernel < 5.8,
or a seccomp set up to disable faccessat2);
- the current user is not root (i.e. geteuid() != 0);
- CAP_DAC_OVERRIDE capability is set for the current process;
- the file to be executed does not have executable permission
bit set for either the current EUID or EGID;
- the file to be executed have at least one executable bit set.
Unfortunately, this set of conditions was observed in the wild -- a
container run as a non-root user with the binary file owned by root with
executable permission set for a user only [1]. Essentially it means it
is not as rare as it may seem.
Now, CAP_DAC_OVERRIDE essentially makes the kernel bypass most of the
checks, so execve(2) and friends work the same was as for root user,
i.e. if at least one executable bit it set, the permission to execute
is granted (see generic_permission() function in the Linux kernel).
Modify the code to check for CAP_DAC_OVERRIDE and mimic the kernel
behavior for permission checks.
This is essentially the same fix as CL 468735 for Go syscall package.
Tested on CentOS 7 with the repro similar to the one from [2].
[1] https://github.com/opencontainers/runc/issues/3715
[2] https://github.com/golang/go/issues/58552#issuecomment-1432505621
Change-Id: I726b6acab6a6e6d0358ef98e6a582b405c347614
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Reviewed-on: https://go-review.googlesource.com/c/sys/+/468877
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
This provides a ClockAdjtime function providing access to the clock_adjtime system call on Linux.
The clock_adjtime system call is like adjtimex, but takes a clockid_t as its first argument.
The unix package already provides Adjtimex and the associated Timex struct; it also provides
the other functions that take a clockid_t (like ClockGettime). ClockAdjtime is an essential
system call for programs that want to use the Linux PTP hardware clock infrastructure (see
https://docs.kernel.org/driver-api/ptp.html).
Fixesgolang/go#57618
Change-Id: I68d022425eb9cd394a204ad7fedab985c0496fee
Reviewed-on: https://go-review.googlesource.com/c/sys/+/463056
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Add a syscall wrapper for SYS_RT_SIGPROCMASK and export it as
PthreadSigmask. The latter is defined by POSIX and can therefore
be implemented by Darwin, etc. later on.
Follow the approach used by Signalfd of passing _C__NSIG/8 as
sigsetsize. This avoids exporting _C__NSIG and allows the syscall
to work with the current definition of Sigset_t, which doesn't
match the kernel definition of Sigset_t.
Updates golang/go#55349
Change-Id: I49dc93366a7d316d820b0c25ecdef2ebb584634b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/435095
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
This was originally copied over from package syscall where it was
replaced by internal/itoa in CL 301549.
For golang.org/x/sys/unix we may import strconv, so use strconv.Itoa
instead.
Change-Id: Iac125fbd0f64c385f9f0c02d4a7af762364b67aa
Reviewed-on: https://go-review.googlesource.com/c/sys/+/425304
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Don't shadow the empty var when determining whether to send a single
byte when iovecs are empty but oob is non-empty. This will lead to the
n value correctly being reset to 0 before return.
No test because it's not possible to trigger this case on all platforms,
e.g. darwin where sendmsg with empty buf and non-empty oob returns
EINVAL.
This was introduced by CL 412497 and CL 419396.
Updates golang/go#52885
Change-Id: Iafc5a4b22e10b396ba5f7d4f2ac1c50df195a125
Reviewed-on: https://go-review.googlesource.com/c/sys/+/419914
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Florian Lehner <lehner.florian86@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
The Faccessat call checks the user, group, or other permission bits of a
file to see if the calling process can access it. The test to see if the
group permissions should be used was made with the wrong group id, using
the process's group id rather than the file's group id. Fix this to use
the correct group id.
This change only affects Linux versions prior to 5.8. Linux 5.8 added
the faccessat2 system call, which we use in preference to the internal
implementation.
No test since we cannot easily change file permissions when not running
as root and the test is meaningless if running as root.
For golang/go#52313
Change-Id: I6fa64379a50c9380207eab9d095ef7fbd05a2d59
Reviewed-on: https://go-review.googlesource.com/c/sys/+/400074
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Wrap the low-level system calls with a more idiomatic Go API and a set of
constants to indicate which timer should be queried or modified.
man 2 getitimer indicates that these system calls are obsolete as of
POSIX.1-2008, but the code I am working on has not been ported to the modern
timer_gettime(2) and timer_settime(2) APIs as of yet.
Change-Id: I91482e141047846cadf47aa2417b8770955986bf
Reviewed-on: https://go-review.googlesource.com/c/sys/+/384054
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dominik Honnef <dominik@honnef.co>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Matt Layher <mdlayher@gmail.com>
