From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Z0aK5Qpe;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id 459D55A0619
	for <passt-dev@passt.top>; Mon, 03 Nov 2025 13:08:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1762171719;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=G1tabMIMRFvGPNHBPKjkLtoxPzTsGN7TDFjheV1tTSU=;
	b=Z0aK5QpeegUj/GKQ1zJ+EdDziii8OxhJ2WFeHulovLoN+nuQJLUzcCGHjfs7Oop+kbFgHs
	zzsDGOdpzch5ZDHJsKpC98Pv0V5AxT9P3TQ9UHfX0cfUItHbYShc2YisUmJZ7ek+cDbc+s
	CaRq1ht+FsCielWECVPQTuBKVIesCBI=
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-259-xEUzJcmNPmWkoJ2tpANVgw-1; Mon,
 03 Nov 2025 07:08:37 -0500
X-MC-Unique: xEUzJcmNPmWkoJ2tpANVgw-1
X-Mimecast-MFC-AGG-ID: xEUzJcmNPmWkoJ2tpANVgw_1762171717
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E22FA19560AD
	for <passt-dev@passt.top>; Mon,  3 Nov 2025 12:08:36 +0000 (UTC)
Received: from lenovo-t14s.redhat.com (unknown [10.45.224.223])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CECBC30001A1;
	Mon,  3 Nov 2025 12:08:35 +0000 (UTC)
From: Laurent Vivier <lvivier@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH] seccomp.sh: Quote tr character ranges to prevent glob expansion
Date: Mon,  3 Nov 2025 13:08:34 +0100
Message-ID: <20251103120834.192683-1-lvivier@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: SJVR6qTM02jvdS2TLA1wx1Cgw5R2-PPGMCtZzFdEEPk_1762171717
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
content-type: text/plain; charset="US-ASCII"; x-default=true
Message-ID-Hash: IPPDAQIT5IK6GXSCCU6XK5SDNADKXKZ7
X-Message-ID-Hash: IPPDAQIT5IK6GXSCCU6XK5SDNADKXKZ7
X-MailFrom: lvivier@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20251103120834.192683-1-lvivier@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/IPPDAQIT5IK6GXSCCU6XK5SDNADKXKZ7/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

we use [a-z] and [A-Z] patterns with 'tr', but
if there are files with names matching these patterns they will be
replaced by the name of the file and seccomp.h will not be generated
correctly:
$ rm seccomp.h
$ touch a b
$ make
tr: extra operand '[A-Z]'
Try 'tr --help' for more information.
seccomp profile passt allows:  accept accept4 bind clock_gettime close connect epoll_ctl epoll_pwait epoll_wait exit_group
   fallocate fcntl fsync ftruncate getsockname getsockopt listen lseek read recvfrom recvmmsg recvmsg sendmmsg sendmsg sendto
...
cc -Wall -Wextra -Wno-format-zero-length -Wformat-security -pedantic -std=c11 -D_XOPEN_SOURCE=700 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE -DPAGE_SIZE=4096 -DVERSION="2025_09_19.623dbf6-54-gf6b6118fcabd" -DDUAL_STACK_SOCKETS=1 -DHAS_GETRANDOM -fstack-protector-strong   arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c epoll_ctl.c flow.c fwd.c icmp.c igmp.c inany.c iov.c ip.c isolation.c lineread.c log.c mld.c ndp.c netlink.c migrate.c packet.c passt.c pasta.c pcap.c pif.c repair.c tap.c tcp.c tcp_buf.c tcp_splice.c tcp_vu.c udp.c udp_flow.c udp_vu.c util.c vhost_user.c virtio.c vu_common.c -o passt
In file included from isolation.c:83:
seccomp.h:11:45: error: 'AUDIT_ARCH_' undeclared here (not in a function); did you mean 'AUDIT_ARCH'?
   11 |         BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_, 0, 80),
      |                                             ^~~~~~~~~~~

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
 seccomp.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/seccomp.sh b/seccomp.sh
index a7bc417b9f6b..ba92b29d9a29 100755
--- a/seccomp.sh
+++ b/seccomp.sh
@@ -22,7 +22,7 @@ IN="$@"
 [ -z "${ARCH}" ] && ARCH="$(uname -m)"
 [ -z "${CC}" ] && CC="cc"
 
-AUDIT_ARCH="AUDIT_ARCH_$(echo ${ARCH} | tr [a-z] [A-Z]             \
+AUDIT_ARCH="AUDIT_ARCH_$(echo ${ARCH} | tr '[a-z]' '[A-Z]'         \
                                       | sed 's/^ARM.*/ARM/'        \
                                       | sed 's/I[456]86/I386/'     \
                                       | sed 's/PPC64/PPC/'         \
-- 
2.51.0