From d212fc3993db13849a671dcb7e67baddbe438526 Mon Sep 17 00:00:00 2001 From: Marco Edoardo Santimaria Date: Wed, 24 Sep 2025 10:05:07 +0200 Subject: [PATCH 1/3] Logs --- capio-common/capio/filesystem.hpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/capio-common/capio/filesystem.hpp b/capio-common/capio/filesystem.hpp index f9513c9c4..26388b98c 100644 --- a/capio-common/capio/filesystem.hpp +++ b/capio-common/capio/filesystem.hpp @@ -73,10 +73,16 @@ inline bool is_capio_path(const std::filesystem::path &path_to_check) { START_LOG(capio_syscall(SYS_gettid), "call(path_to_check=%s)", path_to_check.c_str()); // check if path_to_check begins with CAPIO_DIR - const auto res = - is_prefix(get_capio_dir(), path_to_check) && !is_forbidden_path(path_to_check.string()); - LOG("is_capio_path:%s", res ? "yes" : "no"); - return res; + const auto is_prefix_res = is_prefix(get_capio_dir(), path_to_check); + + LOG("IS PREFIX=%s", is_prefix_res ? "TRUE" : "FALSE"); + + const auto is_forbidden_res = is_forbidden_path(path_to_check.string()); + + LOG("IS FORBIDDEN=%s", is_forbidden_res ? "TRUE" : "FALSE"); + + LOG("is_capio_path:%s", is_prefix_res && !is_forbidden_res ? "yes" : "no"); + return is_prefix_res && !is_forbidden_res; } /** From 880010b6aabdf8a16e79a186cc0cc9e732b8cd99 Mon Sep 17 00:00:00 2001 From: Marco Edoardo Santimaria Date: Wed, 24 Sep 2025 10:23:14 +0200 Subject: [PATCH 2/3] Bugfix on openat handler --- capio-posix/handlers/open.hpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capio-posix/handlers/open.hpp b/capio-posix/handlers/open.hpp index 4038b1fe5..c79d17acb 100644 --- a/capio-posix/handlers/open.hpp +++ b/capio-posix/handlers/open.hpp @@ -122,8 +122,8 @@ int openat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long a mode); std::string path = compute_abs_path(pathname.data(), dirfd); - if (!is_capio_path(pathname)) { - LOG("Path %s is not a capio path: skip", pathname.data()); + if (!is_capio_path(path)) { + LOG("Path %s is not a capio path: skip", path.data()); return CAPIO_POSIX_SYSCALL_REQUEST_SKIP; } From 2f03e92bd4b0a48ae57ab448579e970ffb193f64 Mon Sep 17 00:00:00 2001 From: Marco Edoardo Santimaria Date: Wed, 24 Sep 2025 10:31:22 +0200 Subject: [PATCH 3/3] Fixes --- capio-common/capio/filesystem.hpp | 2 +- capio-posix/handlers/open.hpp | 18 ++++++++---------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/capio-common/capio/filesystem.hpp b/capio-common/capio/filesystem.hpp index 26388b98c..d9c30e6eb 100644 --- a/capio-common/capio/filesystem.hpp +++ b/capio-common/capio/filesystem.hpp @@ -73,7 +73,7 @@ inline bool is_capio_path(const std::filesystem::path &path_to_check) { START_LOG(capio_syscall(SYS_gettid), "call(path_to_check=%s)", path_to_check.c_str()); // check if path_to_check begins with CAPIO_DIR - const auto is_prefix_res = is_prefix(get_capio_dir(), path_to_check); + const auto is_prefix_res = is_prefix(get_capio_dir(), path_to_check); LOG("IS PREFIX=%s", is_prefix_res ? "TRUE" : "FALSE"); diff --git a/capio-posix/handlers/open.hpp b/capio-posix/handlers/open.hpp index c79d17acb..411462dc9 100644 --- a/capio-posix/handlers/open.hpp +++ b/capio-posix/handlers/open.hpp @@ -40,18 +40,16 @@ int creat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long ar mode_t mode = static_cast(arg2); START_LOG(tid, "call(path=%s, flags=%d, mode=%d)", pathname.data(), flags, mode); - if (!is_capio_path(pathname)) { - LOG("Path %s is forbidden: skip", pathname.data()); - return CAPIO_POSIX_SYSCALL_REQUEST_SKIP; - } - std::string path = compute_abs_path(pathname.data(), -1); - if (is_capio_path(path)) { - create_request(-1, path.data(), tid); - LOG("Create request sent"); + if (!is_capio_path(path)) { + LOG("Path %s is forbidden: skip", path.data()); + return CAPIO_POSIX_SYSCALL_REQUEST_SKIP; } + create_request(-1, path.data(), tid); + LOG("Create request sent"); + const int fd = static_cast(syscall_no_intercept(SYS_creat, arg0, arg1, arg2, arg3, arg4, arg5)); @@ -80,8 +78,8 @@ int open_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg std::string path = compute_abs_path(pathname.data(), -1); - if (!is_capio_path(pathname)) { - LOG("Path %s is not a capio path: skip", pathname.data()); + if (!is_capio_path(path)) { + LOG("Path %s is not a capio path: skip", path.data()); return CAPIO_POSIX_SYSCALL_REQUEST_SKIP; }