seccomp: Make seccomp.sh re-entrancy safe
seccomp.sh generates seccomp.h piece by piece using >> directives. This means that if two instances of seccomp.h are run concurrently a corrupted version of seccomp.h will be generated. Amongst other problems this can cause spurious failures on clang-tidy. Alter seccomp.sh to build the output in a temporary file and atomic move it to seccomp.h, so concurrent invocations will still result in valud output. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson
Stefano Brivio
parent
3c6d1b9bb2
commit
db29fd281a
1 changed files with 4 additions and 2 deletions
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
TMP="$(mktemp)"
|
||||
IN="$@"
|
||||
OUT="seccomp.h"
|
||||
OUT="$(mktemp)"
|
||||
|
||||
[ -z "${ARCH}" ] && ARCH="$(uname -m)"
|
||||
[ -z "${CC}" ] && CC="cc"
|
||||
|
|
@ -53,7 +53,7 @@ BST=' BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, @NR@, @R@, @L@),'
|
|||
|
||||
# cleanup() - Remove temporary file if it exists
|
||||
cleanup() {
|
||||
rm -f "${TMP}"
|
||||
rm -f "${TMP}" "${OUT}"
|
||||
}
|
||||
trap "cleanup" EXIT
|
||||
|
||||
|
|
@ -254,3 +254,5 @@ for __p in ${__profiles}; do
|
|||
|
||||
gen_profile "${__p}" ${__calls}
|
||||
done
|
||||
|
||||
mv "${OUT}" seccomp.h
|
||||
|
|
|
|||
Loading…
Reference in a new issue