delta/libseccomp.git/include, branch main github.com: seccomp/libseccomp.git arch: Add 32-bit Motorola 68000 support 2023-04-25T19:16:09+00:00 John Paul Adrian Glaubitz glaubitz@physik.fu-berlin.de 2023-01-18T11:15:44+00:00 dd5c9c24e8ba11c9c3ee6b60c93cef64a9ad5c86 Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> 
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
arch: Add 64-bit LoongArch support 2023-02-19T03:07:30+00:00 Xiaotian Wu wuxiaotian@loongson.cn 2021-02-09T07:39:13+00:00 6966ec77b195ac289ae168c7c5646d59a307f33f Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn> Signed-off-by: WANG Xuerui <git@xen0n.name> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn>
Signed-off-by: WANG Xuerui <git@xen0n.name>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
syscalls: update to Linux v6.0 2023-02-19T03:06:56+00:00 Xiaotian Wu wuxiaotian@loongson.cn 2021-11-06T06:13:49+00:00 b9633de506eec837a9f91d4e98dedf5101fd5227 Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn> Signed-off-by: WANG Xuerui <git@xen0n.name> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn>
Signed-off-by: WANG Xuerui <git@xen0n.name>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
api: add the SCMP_FLTATR_CTL_WAITKILL filter attribute 2022-10-31T19:21:47+00:00 Paul Moore paul@paul-moore.com 2022-10-31T19:21:33+00:00 96989965042a515a3cbcb50e9b98243b9b7d4c37 The SCMP_FLTATR_CTL_WAITKILL attribute requests that the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag be passed to the seccomp(2) system call when possible, which is currently only when the SECCOMP_FILTER_FLAG_NEW_LISTENER flag is also set. Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> 
The SCMP_FLTATR_CTL_WAITKILL attribute requests that the
SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag be passed to the
seccomp(2) system call when possible, which is currently only when
the SECCOMP_FILTER_FLAG_NEW_LISTENER flag is also set.

Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
all: add seccomp_precompute() functionality 2022-09-22T01:55:32+00:00 Paul Moore paul@paul-moore.com 2022-07-26T22:27:26+00:00 e797591bdd6834272e2db292400f608ed9bd7fab This patch adds a seccomp_precompute() API to precompute the seccomp filter prior to calling seccomp_load() or similar functions. Not only does this improve the performance of seccomp_load(), it ensures that seccomp_load() is async-signal-safe if no additional changes have been made since the filter was precomputed. Python bindings, test, and manpage updates are included in this patch. One minor side effect of this change is that seccomp_export_bpf_mem() now always return the length of the filter in the "len" function parameter, even in cases where the passed buffer is too small. Arguably seccomp_export_bpf_mem() should have always behaved this way. Signed-off-by: Paul Moore <paul@paul-moore.com> 
This patch adds a seccomp_precompute() API to precompute the seccomp
filter prior to calling seccomp_load() or similar functions.  Not
only does this improve the performance of seccomp_load(), it ensures
that seccomp_load() is async-signal-safe if no additional changes
have been made since the filter was precomputed.

Python bindings, test, and manpage updates are included in this
patch.

One minor side effect of this change is that seccomp_export_bpf_mem()
now always return the length of the filter in the "len" function
parameter, even in cases where the passed buffer is too small.
Arguably seccomp_export_bpf_mem() should have always behaved this
way.

Signed-off-by: Paul Moore <paul@paul-moore.com>
api: fix typo in seccomp.h 2022-09-20T02:26:21+00:00 Kir Kolyshkin kolyshkin@gmail.com 2022-09-02T20:56:47+00:00 3e18c414401ae185390c29aa7cf94f54b5af724c Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
syscalls: update the syscall list for Linux v5.17 2022-04-05T15:07:11+00:00 Paul Moore paul@paul-moore.com 2022-04-05T13:01:22+00:00 2657109b5802f22ec0de693f03db880b83ea5624 Signed-off-by: Paul Moore <paul@paul-moore.com> 
Signed-off-by: Paul Moore <paul@paul-moore.com>
syscalls: update the syscall table to Linux v5.15 2021-11-04T14:44:56+00:00 Paul Moore paul@paul-moore.com 2021-11-04T14:44:49+00:00 abad8a8f41fc13efbb95fc1ccaa3e181342bade7 Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> 
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
api: update seccomp-syscalls.h 2021-10-28T14:05:17+00:00 Paul Moore paul@paul-moore.com 2021-10-27T19:39:17+00:00 3f47bba7c5c8cc18be80e625eedb2c1823233708 It appears that the seccomp-syscalls.h header file had gotten out of sync with the syscalls.csv syscall table, this patch fixes this disconnect. The only edit that is somewhat interesting is that the oldwait4(2) syscall probably never should have been included in the header file as it appears to no longer exist (?). Reported-by: Mike Frysinger <vapier@gentoo.org> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
It appears that the seccomp-syscalls.h header file had gotten out of
sync with the syscalls.csv syscall table, this patch fixes this
disconnect.

The only edit that is somewhat interesting is that the oldwait4(2)
syscall probably never should have been included in the header file
as it appears to no longer exist (?).

Reported-by: Mike Frysinger <vapier@gentoo.org>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
api: extend BPF export API to write to a memory buffer 2021-10-08T18:36:40+00:00 Mike Frysinger vapier@gentoo.org 2017-03-09T05:13:31+00:00 3f0e47fe2717b73ccef68ca18f9f7297ee73ebb2 The API to export to a fd is helpful, but for tools that want to generate & read the BPF program, outputting to a buffer would be much more helpful. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: rename seccomp_export_bpf_buf() to seccomp_export_bpf_mem()] [PM: 'make check-syntax' fixes] Signed-off-by: Paul Moore <paul@paul-moore.com> 
The API to export to a fd is helpful, but for tools that want to
generate & read the BPF program, outputting to a buffer would be
much more helpful.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: rename seccomp_export_bpf_buf() to seccomp_export_bpf_mem()]
[PM: 'make check-syntax' fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>