seccomp: remove reconnect-loop

When we fail to send a message, we send a default seccomp response and try to reconnect to the proxy. It doesn't really make much sense to retry to send the request over the new connection as the syscall has already been answered. The same goes for receiving the response - after reconnecting to the proxy, we're a new client to a potentially new proxy process, so awaiting a response without having sent a request doesn't make all too much sense either. In the future we should probably have a timeout or retry count for the entire proxy _transaction_ before sending a response to seccomp at all (and probably handle requests asynchronously). Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

seccomp: remove reconnect-loop
8a99ab01 · Wolfgang Bumiller · 045ee721 · 8a99ab01
Commit 8a99ab01 authored Jul 05, 2019 by Wolfgang Bumiller
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 22 deletions

seccomp.c src/lxc/seccomp.c +14 -22

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1349,7 +1349,7 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 #if HAVE_DECL_SECCOMP_NOTIFY_FD
 	__do_close_prot_errno int fd_mem = -EBADF;
-	int reconnect_count, ret;
+	int ret;
 	ssize_t bytes;
 	struct iovec iov[4];
 	size_t iov_len, msg_base_size, msg_full_size;
@@ -1425,17 +1425,13 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 		iov_len = 3;
 	}
-	reconnect_count = 0;
+	bytes = lxc_abstract_unix_send_fds_iov(listener_proxy_fd, &fd_mem, 1,
-	do {
+					       iov, iov_len);
-		bytes = lxc_abstract_unix_send_fds_iov(listener_proxy_fd,
+	if (bytes != (ssize_t)msg_full_size) {
-						       &fd_mem, 1, iov,
+		SYSERROR("Failed to forward message to seccomp proxy");
-						       iov_len);
+		(void)seccomp_notify_default_answer(fd, req, resp, hdlr);
-		if (bytes != (ssize_t)msg_full_size) {
+		goto out;
-			SYSERROR("Failed to forward message to seccomp proxy");
+	}
-			if (seccomp_notify_default_answer(fd, req, resp, hdlr))
-				goto out;
-		}
-	} while (reconnect_count++);
 	close_prot_errno_disarm(fd_mem);
@@ -1452,16 +1448,12 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 		goto out;
 	}
-	reconnect_count = 0;
+	bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len, 0);
-	do {
+	if (bytes != (ssize_t)msg_base_size) {
-		bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len,
+		SYSERROR("Failed to receive message from seccomp proxy");
-		                               0);
+		(void)seccomp_notify_default_answer(fd, req, resp, hdlr);
-		if (bytes != (ssize_t)msg_base_size) {
+		goto out;
-			SYSERROR("Failed to receive message from seccomp proxy");
+	}
-			if (seccomp_notify_default_answer(fd, req, resp, hdlr))
-				goto out;
-		}
-	} while (reconnect_count++);
 	ret = seccomp_notify_respond(fd, resp);
 	if (ret)