[apparmor] [patch 17/26] Add the ability to mediate signals.

Sat Apr 19 00:03:08 UTC 2014

On 04/18/2014 04:38 PM, Seth Arnold wrote:
> On Tue, Apr 15, 2014 at 10:22:24AM -0700, john.johansen at canonical.com wrote:
>> Add signal rules and make sure the parser encodes support for them
>> if the supported feature set reports supporting them.
> 
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
> 
> Would it make more sense to put "exists" as entry 0 in the following
> tables? It is exercised by sending signal 0, so it'd make more sense to me
> to pick the userspace number here.
> 
No. I considered doing this, and nearly did it. It is remapped higher for
a few reasons. Having it not be 0 allowed catching a few things during
dev, where an 0 initialized value was being passed through (remapping
after that could have been done). However 0 is used a lot of places
in the dfa to indicate a special transition between certain elements
and I wanted to keep that flexibility here, if we ever decided to
use it.

Finally the biggest reason being now that we have shipped it having it
move back to 0 means an abi bump and more code to handle that.

Just think of it as internal coding. Userspace has to map to it and
kernel map to/from it.  We have to do this for several types, like
rlimits, and signals which can have different positional values for
different architectures.

> Thanks
> 
> 
>> +/* Signal names mapped to and internal ordering */
>> +static struct signal_map { const char *name; int num; } signal_map[] = {
>> +	{"hup",		1},
>> +	{"int",		2},
>> +	{"quit",	3},
>> +	{"ill",		4},
>> +	{"trap",	5},
>> +	{"abrt",	6},
>> +	{"bus",		7},
>> +	{"fpe",		8},
>> +	{"kill",	9},
>> +	{"usr1",	10},
>> +	{"segv",	11},
>> +	{"usr2",	12},
>> +	{"pipe",	13},
>> +	{"alrm",	14},
>> +	{"term",	15},
>> +	{"stkflt",	16},
>> +	{"chld",	17},
>> +	{"cont",	18},
>> +	{"stop",	19},
>> +	{"stp",		20},
>> +	{"ttin",	21},
>> +	{"ttou",	22},
>> +	{"urg",		23},
>> +	{"xcpu",	24},
>> +	{"xfsz",	25},
>> +	{"vtalrm",	26},
>> +	{"prof",	27},
>> +	{"winch",	28},
>> +	{"io",		29},
>> +	{"pwr",		30},
>> +	{"sys",		31},
>> +	{"emt",		32},
>> +	{"exists",	35},
>> +
>> +	/* terminate */
>> +	{NULL,		0}
>> +};
>> +
>> +/* this table is ordered post sig_map[sig] mapping */
>> +static const char *const sig_names[MAXMAPPED_SIG + 1] = {
>> +	"unknown",
>> +	"hup",
>> +	"int",
>> +	"quit",
>> +	"ill",
>> +	"trap",
>> +	"abrt",
>> +	"bus",
>> +	"fpe",
>> +	"kill",
>> +	"usr1",
>> +	"segv",
>> +	"usr2",
>> +	"pipe",
>> +	"alrm",
>> +	"term",
>> +	"stkflt",
>> +	"chld",
>> +	"cont",
>> +	"stop",
>> +	"stp",
>> +	"ttin",
>> +	"ttou",
>> +	"urg",
>> +	"xcpu",
>> +	"xfsz",
>> +	"vtalrm",
>> +	"prof",
>> +	"winch",
>> +	"io",
>> +	"pwr",
>> +	"sys",
>> +	"emt",
>> +	"lost",
>> +	"unused",
>> +
>> +	"exists",	/* always last existance test mapped to MAXMAPPED_SIG */
>> +};
> 
> 
> 