GitLab

In the future we will probably remove this entirely in favor of
implementing something like fakeroot's -s/-i, but leave it here for now.

Makes it easier to think about how many -v are given

Files that haven't been previously touched by comped children will
appear to have their real owner/group instead of rewriting them to root.
Same as the fakeroot option.

This is more similar to fakeroot's dump format

also cleanup Makefile a bit

i.e. SCMP_SYS returns a negative number (a so-called "pseudo-syscall" by
libseccomp) which thus cannot be an array index.

The p(err|warn)x? macros will be updated likewise later when they are
changed to branch on a global "verbose" flag instead of using NDEBUG

Rename the former handle_chown_inner to record_chown

The previous naive approach relied on setting up and loading the seccomp
filter in the first process, then immediately executing the desired
process. This had the unfortunate effect of causing deadlocks in the
parent when part of its syscall emulation involved a syscall that was
also part of the child's seccomp filter (after all, the filter was also
active in the parent).

Now we have a multi-stage approach:

* The first process (stage 1) sets up a socketpair and produces a child
* The child (stage 2) sets up the filter and sends the notification FD
  and PID of the end-user's process back to the stage 1 process, then
  exits.
* Stage 2 is now over. Stage 1 can receive all seccomp notifications
  from the third process and its descendants without deadlocking if it
  itself calls those same syscalls.

Part of the magic is taking advantage of SCM_RIGHTS to pass the
notification FD around as well as PR_SET_CHILD_SUBREAPER to make sure
none of the descendants escape. The latter will also be useful in the
future when it is necessary to track the uid, euid, et al of the
children.

file_upsert_path is useful if you need to add a new file override entry
or update the existing one. In other cases we need to just check if
there is already an entry (e.g. during stat(2) calls), which you can now
use file_get for.

Now we can also write back to the tracee using tx_data(push=1). In the
future if we need to rewrite only a pathname in a syscall we could also
mutate pull_pathname into tx_pathname(push=).

Use check_pathname to ensure PATH_MAX paths from tx_data() don't
overflow. pull_pathname automatically calls this for you.

handle_chown_inner may be used at a later point by other syscalls so we
will leave it with extern linkage for now