If we use glibc's perror(), we need to allow dup() and fcntl() in our
seccomp profiles, which are a bit too much for this simple helper. On
top of that, we would probably need a wrapper to avoid allocation for
translated messages.
While at it: ECONNRESET is just a close() from passt, treat it like
EOF.
Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>
---
passt-repair.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/passt-repair.c b/passt-repair.c
index 3c3247b..d137a18 100644
--- a/passt-repair.c
+++ b/passt-repair.c
@@ -95,7 +95,7 @@ int main(int argc, char **argv)
}
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
- perror("Failed to create AF_UNIX socket");
+ fprintf(stderr, "Failed to create AF_UNIX socket: %i\n", errno);
_exit(1);
}
@@ -108,8 +108,12 @@ int main(int argc, char **argv)
loop:
ret = recvmsg(s, &msg, 0);
if (ret < 0) {
- perror("Failed to receive message");
- _exit(1);
+ if (errno == ECONNRESET) {
+ ret = 0;
+ } else {
+ fprintf(stderr, "Failed to read message: %i\n", errno);
+ _exit(1);
+ }
}
if (!ret) /* Done */
--
2.43.0
On Fri, Feb 07, 2025 at 01:54:39AM +0100, Stefano Brivio wrote:If we use glibc's perror(), we need to allow dup() and fcntl() in our seccomp profiles, which are a bit too much for this simple helper. On top of that, we would probably need a wrapper to avoid allocation for translated messages. While at it: ECONNRESET is just a close() from passt, treat it like EOF. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>--- passt-repair.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/passt-repair.c b/passt-repair.c index 3c3247b..d137a18 100644 --- a/passt-repair.c +++ b/passt-repair.c @@ -95,7 +95,7 @@ int main(int argc, char **argv) } if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { - perror("Failed to create AF_UNIX socket"); + fprintf(stderr, "Failed to create AF_UNIX socket: %i\n", errno);We could use strerror_() here, couldn't we?_exit(1); } @@ -108,8 +108,12 @@ int main(int argc, char **argv) loop: ret = recvmsg(s, &msg, 0); if (ret < 0) { - perror("Failed to receive message"); - _exit(1); + if (errno == ECONNRESET) { + ret = 0; + } else { + fprintf(stderr, "Failed to read message: %i\n", errno); + _exit(1); + } } if (!ret) /* Done */-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson
On Fri, 7 Feb 2025 12:15:35 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:On Fri, Feb 07, 2025 at 01:54:39AM +0100, Stefano Brivio wrote:We would need to link that, which is quite some code (the whole strerrordesc_np())... I mean, this runs privileged. -- StefanoIf we use glibc's perror(), we need to allow dup() and fcntl() in our seccomp profiles, which are a bit too much for this simple helper. On top of that, we would probably need a wrapper to avoid allocation for translated messages. While at it: ECONNRESET is just a close() from passt, treat it like EOF. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>--- passt-repair.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/passt-repair.c b/passt-repair.c index 3c3247b..d137a18 100644 --- a/passt-repair.c +++ b/passt-repair.c @@ -95,7 +95,7 @@ int main(int argc, char **argv) } if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { - perror("Failed to create AF_UNIX socket"); + fprintf(stderr, "Failed to create AF_UNIX socket: %i\n", errno);We could use strerror_() here, couldn't we?
On Fri, Feb 07, 2025 at 02:29:23AM +0100, Stefano Brivio wrote:On Fri, 7 Feb 2025 12:15:35 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:Hrm, is the non-locale one really that much code though? Shouldn't it be about 5 lines of code and a table of strings? But then.. glibc is really good at making things complicated. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibsonOn Fri, Feb 07, 2025 at 01:54:39AM +0100, Stefano Brivio wrote:We would need to link that, which is quite some code (the whole strerrordesc_np())... I mean, this runs privileged.If we use glibc's perror(), we need to allow dup() and fcntl() in our seccomp profiles, which are a bit too much for this simple helper. On top of that, we would probably need a wrapper to avoid allocation for translated messages. While at it: ECONNRESET is just a close() from passt, treat it like EOF. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>--- passt-repair.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/passt-repair.c b/passt-repair.c index 3c3247b..d137a18 100644 --- a/passt-repair.c +++ b/passt-repair.c @@ -95,7 +95,7 @@ int main(int argc, char **argv) } if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { - perror("Failed to create AF_UNIX socket"); + fprintf(stderr, "Failed to create AF_UNIX socket: %i\n", errno);We could use strerror_() here, couldn't we?
On Fri, 7 Feb 2025 13:38:10 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:On Fri, Feb 07, 2025 at 02:29:23AM +0100, Stefano Brivio wrote:Right, and the "table of strings" is probably not great to have here. But the lines of code I was referring to are the weak aliasing trick (musl doesn't have strerrordesc_np(), which is not POSIX). I could include util.h, but that means including even more code... Really, I think numbers fit error messages printed by a privileged component pretty well. -- StefanoOn Fri, 7 Feb 2025 12:15:35 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:Hrm, is the non-locale one really that much code though? Shouldn't it be about 5 lines of code and a table of strings? But then.. glibc is really good at making things complicated.On Fri, Feb 07, 2025 at 01:54:39AM +0100, Stefano Brivio wrote:We would need to link that, which is quite some code (the whole strerrordesc_np())... I mean, this runs privileged.If we use glibc's perror(), we need to allow dup() and fcntl() in our seccomp profiles, which are a bit too much for this simple helper. On top of that, we would probably need a wrapper to avoid allocation for translated messages. While at it: ECONNRESET is just a close() from passt, treat it like EOF. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>--- passt-repair.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/passt-repair.c b/passt-repair.c index 3c3247b..d137a18 100644 --- a/passt-repair.c +++ b/passt-repair.c @@ -95,7 +95,7 @@ int main(int argc, char **argv) } if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { - perror("Failed to create AF_UNIX socket"); + fprintf(stderr, "Failed to create AF_UNIX socket: %i\n", errno);We could use strerror_() here, couldn't we?