arch: add basic ARM support

Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2012-07-20 16:22:36 -0400
committer: Paul Moore <pmoore@redhat.com> 2013-03-26 18:15:10 -0400
commit: db440d1e4fb6b620d8e4f4463036fbc89986fb9d (patch)
tree: 1ed203335e727cd0d2518a31179a5d9dca00efb7
parent: e9b5a6eb238856bf73f53890119aab559afcb0f0 (diff)
download: libseccomp-db440d1e4fb6b620d8e4f4463036fbc89986fb9d.tar.gz
14 files changed, 650 insertions, 12 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index eb50b40..7897cbf 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -22,6 +22,7 @@
 #ifndef _SECCOMP_H
 #define _SECCOMP_H
 
+#include <elf.h>
 #include <inttypes.h>
 #include <asm/unistd.h>
 #include <linux/audit.h>
@@ -116,6 +117,11 @@ struct scmp_arg_cmp {
 #define SCMP_ARCH_X32		(EM_X86_64|__AUDIT_ARCH_LE)
 
 /**
+ * The ARM architecture token
+ */
+#define SCMP_ARCH_ARM		AUDIT_ARCH_ARM
+
+/**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name
  */
@@ -1061,6 +1067,96 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
 #define __NR_vserver		__PNR_vserver
 #endif /* __NR_vserver */
 
+#define __PNR_arm_fadvise64_64	-10083
+#ifndef __NR_arm_fadvise64_64
+#define __NR_arm_fadvise64_64	__PNR_arm_fadvise64_64
+#endif /* __NR_arm_fadvise64_64 */
+
+#define __PNR_arm_sync_file_range	-10084
+#ifndef __NR_arm_sync_file_range
+#define __NR_arm_sync_file_range	__PNR_arm_sync_file_range
+#endif /* __NR_arm_sync_file_range */
+
+#define __PNR_finit_module	-10085
+#ifndef __NR_finit_module
+#define __NR_finit_module	__PNR_finit_module
+#endif /* __NR_finit_module */
+
+#define __PNR_pciconfig_iobase	-10086
+#ifndef __NR_pciconfig_iobase
+#define __NR_pciconfig_iobase	__PNR_pciconfig_iobase
+#endif /* __NR_pciconfig_iobase */
+
+#define __PNR_pciconfig_read	-10087
+#ifndef __NR_pciconfig_read
+#define __NR_pciconfig_read	__PNR_pciconfig_read
+#endif /* __NR_pciconfig_read */
+
+#define __PNR_pciconfig_write	-10088
+#ifndef __NR_pciconfig_write
+#define __NR_pciconfig_write	__PNR_pciconfig_write
+#endif /* __NR_pciconfig_write */
+
+#define __PNR_sync_file_range2	-10089
+#ifndef __NR_sync_file_range2
+#define __NR_sync_file_range2	__PNR_sync_file_range2
+#endif /* __NR_sync_file_range2 */
+
+#define __PNR_syscall		-10090
+#ifndef __NR_syscall
+#define __NR_syscall		__PNR_syscall
+#endif /* __NR_syscall */
+
+#define __PNR_afs_syscall	-10091
+#ifndef __NR_afs_syscall
+#define __NR_afs_syscall	__PNR_afs_syscall
+#endif /* __NR_afs_syscall */
+
+#define __PNR_fadvise64		-10092
+#ifndef __NR_fadvise64
+#define __NR_fadvise64		__PNR_fadvise64
+#endif /* __NR_fadvise64 */
+
+#define __PNR_getpmsg		-10093
+#ifndef __NR_getpmsg
+#define __NR_getpmsg		__PNR_getpmsg
+#endif /* __NR_getpmsg */
+
+#define __PNR_ioperm		-10094
+#ifndef __NR_ioperm
+#define __NR_ioperm		__PNR_ioperm
+#endif /* __NR_ioperm */
+
+#define __PNR_iopl		-10095
+#ifndef __NR_iopl
+#define __NR_iopl		__PNR_iopl
+#endif /* __NR_iopl */
+
+#define __PNR_kcmp		-10096
+#ifndef __NR_kcmp
+#define __NR_kcmp		__PNR_kcmp
+#endif /* __NR_kcmp */
+
+#define __PNR_migrate_pages	-10097
+#ifndef __NR_migrate_pages
+#define __NR_migrate_pages	__PNR_migrate_pages
+#endif /* __NR_migrate_pages */
+
+#define __PNR_modify_ldt	-10098
+#ifndef __NR_modify_ldt
+#define __NR_modify_ldt		__PNR_modify_ldt
+#endif /* __NR_modify_ldt */
+
+#define __PNR_putpmsg		-10099
+#ifndef __NR_putpmsg
+#define __NR_putpmsg		__PNR_putpmsg
+#endif /* __NR_putpmsg */
+
+#define __PNR_sync_file_range	-10100
+#ifndef __NR_sync_file_range
+#define __NR_sync_file_range	__PNR_sync_file_range
+#endif /* __NR_sync_file_range */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/Makefile b/src/Makefile
index bc186b7..e7c2304 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -41,6 +41,7 @@ OBJS = \
 	arch-i386.o arch-i386-syscalls.o \
 	arch-x86_64.o arch-x86_64-syscalls.o \
 	arch-x32.o arch-x32-syscalls.o \
+	arch-arm.o arch-arm-syscalls.o \
 	hash.o \
 	gen_pfc.o gen_bpf.o
 
diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
new file mode 100644
index 0000000..8814537
--- /dev/null
+++ b/src/arch-arm-syscalls.c
@@ -0,0 +1,432 @@
+/**
+ * Enhanced Seccomp ARM Syscall Table
+ *
+ * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <pmoore@redhat.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-arm.h"
+
+#define __NR_OABI_SYSCALL_BASE	0x900000
+
+/* NOTE: we currently only support the ARM EABI, more info at the URL below:
+ *       -> http://wiki.embeddedarm.com/wiki/EABI_vs_OABI */
+#if 1
+#define __NR_SYSCALL_BASE	0
+#else
+#define __NR_SYSCALL_BASE	__NR_OABI_SYSCALL_BASE
+#endif
+
+/* NOTE: based on Linux 3.8.0-rc5 */
+const struct arch_syscall_def arm_syscall_table[] = \
+{
+	/* NOTE: arm_sync_file_range() and sync_file_range2() share values */
+	{ "accept", (__NR_SYSCALL_BASE + 285) },
+	{ "accept4", (__NR_SYSCALL_BASE + 366) },
+	{ "access", (__NR_SYSCALL_BASE + 33) },
+	{ "acct", (__NR_SYSCALL_BASE + 51) },
+	{ "add_key", (__NR_SYSCALL_BASE + 309) },
+	{ "adjtimex", (__NR_SYSCALL_BASE + 124) },
+	{ "afs_syscall", __PNR_afs_syscall },
+	{ "alarm", (__NR_SYSCALL_BASE + 27) },
+	{ "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) },
+	{ "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", (__NR_SYSCALL_BASE + 134) },
+	{ "bind", (__NR_SYSCALL_BASE + 282) },
+	{ "break", __PNR_break },
+	{ "brk", (__NR_SYSCALL_BASE + 45) },
+	{ "capget", (__NR_SYSCALL_BASE + 184) },
+	{ "capset", (__NR_SYSCALL_BASE + 185) },
+	{ "chdir", (__NR_SYSCALL_BASE + 12) },
+	{ "chmod", (__NR_SYSCALL_BASE + 15) },
+	{ "chown", (__NR_SYSCALL_BASE + 182) },
+	{ "chown32", (__NR_SYSCALL_BASE + 212) },
+	{ "chroot", (__NR_SYSCALL_BASE + 61) },
+	{ "clock_adjtime", (__NR_SYSCALL_BASE + 372) },
+	{ "clock_getres", (__NR_SYSCALL_BASE + 264) },
+	{ "clock_gettime", (__NR_SYSCALL_BASE + 263) },
+	{ "clock_nanosleep", (__NR_SYSCALL_BASE + 265) },
+	{ "clock_settime", (__NR_SYSCALL_BASE + 262) },
+	{ "clone", (__NR_SYSCALL_BASE + 120) },
+	{ "close", (__NR_SYSCALL_BASE +  6) },
+	{ "connect", (__NR_SYSCALL_BASE + 283) },
+	{ "creat", (__NR_SYSCALL_BASE +  8) },
+	{ "create_module", __PNR_create_module },
+	{ "delete_module", (__NR_SYSCALL_BASE + 129) },
+	{ "dup", (__NR_SYSCALL_BASE + 41) },
+	{ "dup2", (__NR_SYSCALL_BASE + 63) },
+	{ "dup3", (__NR_SYSCALL_BASE + 358) },
+	{ "epoll_create", (__NR_SYSCALL_BASE + 250) },
+	{ "epoll_create1", (__NR_SYSCALL_BASE + 357) },
+	{ "epoll_ctl", (__NR_SYSCALL_BASE + 251) },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", (__NR_SYSCALL_BASE + 346) },
+	{ "epoll_wait", (__NR_SYSCALL_BASE + 252) },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", (__NR_SYSCALL_BASE + 351) },
+	{ "eventfd2", (__NR_SYSCALL_BASE + 356) },
+	{ "execve", (__NR_SYSCALL_BASE + 11) },
+	{ "exit", (__NR_SYSCALL_BASE +  1) },
+	{ "exit_group", (__NR_SYSCALL_BASE + 248) },
+	{ "faccessat", (__NR_SYSCALL_BASE + 334) },
+	{ "fadvise64", __PNR_fadvise64 },
+	{ "fadvise64_64", __PNR_fadvise64_64 },
+	{ "fallocate", (__NR_SYSCALL_BASE + 352) },
+	{ "fanotify_init", (__NR_SYSCALL_BASE + 367) },
+	{ "fanotify_mark", (__NR_SYSCALL_BASE + 368) },
+	{ "fchdir", (__NR_SYSCALL_BASE + 133) },
+	{ "fchmod", (__NR_SYSCALL_BASE + 94) },
+	{ "fchmodat", (__NR_SYSCALL_BASE + 333) },
+	{ "fchown", (__NR_SYSCALL_BASE + 95) },
+	{ "fchown32", (__NR_SYSCALL_BASE + 207) },
+	{ "fchownat", (__NR_SYSCALL_BASE + 325) },
+	{ "fcntl", (__NR_SYSCALL_BASE + 55) },
+	{ "fcntl64", (__NR_SYSCALL_BASE + 221) },
+	{ "fdatasync", (__NR_SYSCALL_BASE + 148) },
+	{ "fgetxattr", (__NR_SYSCALL_BASE + 231) },
+	{ "finit_module", (__NR_SYSCALL_BASE + 379) },
+	{ "flistxattr", (__NR_SYSCALL_BASE + 234) },
+	{ "flock", (__NR_SYSCALL_BASE + 143) },
+	{ "fork", (__NR_SYSCALL_BASE +  2) },
+	{ "fremovexattr", (__NR_SYSCALL_BASE + 237) },
+	{ "fsetxattr", (__NR_SYSCALL_BASE + 228) },
+	{ "fstat", (__NR_SYSCALL_BASE + 108) },
+	{ "fstat64", (__NR_SYSCALL_BASE + 197) },
+	{ "fstatat64", (__NR_SYSCALL_BASE + 327) },
+	{ "fstatfs", (__NR_SYSCALL_BASE + 100) },
+	{ "fstatfs64", (__NR_SYSCALL_BASE + 267) },
+	{ "fsync", (__NR_SYSCALL_BASE + 118) },
+	{ "ftime", __PNR_ftime },
+	{ "ftruncate", (__NR_SYSCALL_BASE + 93) },
+	{ "ftruncate64", (__NR_SYSCALL_BASE + 194) },
+	{ "futex", (__NR_SYSCALL_BASE + 240) },
+	{ "futimesat", (__NR_SYSCALL_BASE + 326) },
+	{ "get_kernel_syms", __PNR_get_kernel_syms },
+	{ "get_mempolicy", (__NR_SYSCALL_BASE + 320) },
+	{ "get_robust_list", (__NR_SYSCALL_BASE + 339) },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "getcpu", (__NR_SYSCALL_BASE + 345) },
+	{ "getcwd", (__NR_SYSCALL_BASE + 183) },
+	{ "getdents", (__NR_SYSCALL_BASE + 141) },
+	{ "getdents64", (__NR_SYSCALL_BASE + 217) },
+	{ "getegid", (__NR_SYSCALL_BASE + 50) },
+	{ "getegid32", (__NR_SYSCALL_BASE + 202) },
+	{ "geteuid", (__NR_SYSCALL_BASE + 49) },
+	{ "geteuid32", (__NR_SYSCALL_BASE + 201) },
+	{ "getgid", (__NR_SYSCALL_BASE + 47) },
+	{ "getgid32", (__NR_SYSCALL_BASE + 200) },
+	{ "getgroups", (__NR_SYSCALL_BASE + 80) },
+	{ "getgroups32", (__NR_SYSCALL_BASE + 205) },
+	{ "getitimer", (__NR_SYSCALL_BASE + 105) },
+	{ "getpeername", (__NR_SYSCALL_BASE + 287) },
+	{ "getpgid", (__NR_SYSCALL_BASE + 132) },
+	{ "getpgrp", (__NR_SYSCALL_BASE + 65) },
+	{ "getpid", (__NR_SYSCALL_BASE + 20) },
+	{ "getpmsg", __PNR_getpmsg },
+	{ "getppid", (__NR_SYSCALL_BASE + 64) },
+	{ "getpriority", (__NR_SYSCALL_BASE + 96) },
+	{ "getresgid", (__NR_SYSCALL_BASE + 171) },
+	{ "getresgid32", (__NR_SYSCALL_BASE + 211) },
+	{ "getresuid", (__NR_SYSCALL_BASE + 165) },
+	{ "getresuid32", (__NR_SYSCALL_BASE + 209) },
+	{ "getrlimit", (__NR_SYSCALL_BASE + 76) },
+	{ "getrusage", (__NR_SYSCALL_BASE + 77) },
+	{ "getsid", (__NR_SYSCALL_BASE + 147) },
+	{ "getsockname", (__NR_SYSCALL_BASE + 286) },
+	{ "getsockopt", (__NR_SYSCALL_BASE + 295) },
+	{ "gettid", (__NR_SYSCALL_BASE + 224) },
+	{ "gettimeofday", (__NR_SYSCALL_BASE + 78) },
+	{ "getuid", (__NR_SYSCALL_BASE + 24) },
+	{ "getuid32", (__NR_SYSCALL_BASE + 199) },
+	{ "getxattr", (__NR_SYSCALL_BASE + 229) },
+	{ "gtty", __PNR_gtty },
+	{ "idle", __PNR_idle },
+	{ "init_module", (__NR_SYSCALL_BASE + 128) },
+	{ "inotify_add_watch", (__NR_SYSCALL_BASE + 317) },
+	{ "inotify_init", (__NR_SYSCALL_BASE + 316) },
+	{ "inotify_init1", (__NR_SYSCALL_BASE + 360) },
+	{ "inotify_rm_watch", (__NR_SYSCALL_BASE + 318) },
+	{ "io_cancel", (__NR_SYSCALL_BASE + 247) },
+	{ "io_destroy", (__NR_SYSCALL_BASE + 244) },
+	{ "io_getevents", (__NR_SYSCALL_BASE + 245) },
+	{ "io_setup", (__NR_SYSCALL_BASE + 243) },
+	{ "io_submit", (__NR_SYSCALL_BASE + 246) },
+	{ "ioctl", (__NR_SYSCALL_BASE + 54) },
+	{ "ioperm", __PNR_ioperm },
+	{ "iopl", __PNR_iopl },
+	{ "ioprio_get", (__NR_SYSCALL_BASE + 315) },
+	{ "ioprio_set", (__NR_SYSCALL_BASE + 314) },
+	{ "ipc", (__NR_SYSCALL_BASE + 117) },
+	{ "kcmp", __PNR_kcmp },
+	{ "kexec_load", (__NR_SYSCALL_BASE + 347) },
+	{ "keyctl", (__NR_SYSCALL_BASE + 311) },
+	{ "kill", (__NR_SYSCALL_BASE + 37) },
+	{ "lchown", (__NR_SYSCALL_BASE + 16) },
+	{ "lchown32", (__NR_SYSCALL_BASE + 198) },
+	{ "lgetxattr", (__NR_SYSCALL_BASE + 230) },
+	{ "link", (__NR_SYSCALL_BASE +  9) },
+	{ "linkat", (__NR_SYSCALL_BASE + 330) },
+	{ "listen", (__NR_SYSCALL_BASE + 284) },
+	{ "listxattr", (__NR_SYSCALL_BASE + 232) },
+	{ "llistxattr", (__NR_SYSCALL_BASE + 233) },
+	{ "_llseek", (__NR_SYSCALL_BASE + 140) },
+	{ "lock", __PNR_lock },
+	{ "lookup_dcookie", (__NR_SYSCALL_BASE + 249) },
+	{ "lremovexattr", (__NR_SYSCALL_BASE + 236) },
+	{ "lseek", (__NR_SYSCALL_BASE + 19) },
+	{ "lsetxattr", (__NR_SYSCALL_BASE + 227) },
+	{ "lstat", (__NR_SYSCALL_BASE + 107) },
+	{ "lstat64", (__NR_SYSCALL_BASE + 196) },
+	{ "madvise", (__NR_SYSCALL_BASE + 220) },
+	{ "mbind", (__NR_SYSCALL_BASE + 319) },
+	{ "migrate_pages", __PNR_migrate_pages },
+	{ "mincore", (__NR_SYSCALL_BASE + 219) },
+	{ "mkdir", (__NR_SYSCALL_BASE + 39) },
+	{ "mkdirat", (__NR_SYSCALL_BASE + 323) },
+	{ "mknod", (__NR_SYSCALL_BASE + 14) },
+	{ "mknodat", (__NR_SYSCALL_BASE + 324) },
+	{ "mlock", (__NR_SYSCALL_BASE + 150) },
+	{ "mlockall", (__NR_SYSCALL_BASE + 152) },
+	{ "mmap", (__NR_SYSCALL_BASE + 90) },
+	{ "mmap2", (__NR_SYSCALL_BASE + 192) },
+	{ "modify_ldt", __PNR_modify_ldt },
+	{ "mount", (__NR_SYSCALL_BASE + 21) },
+	{ "move_pages", (__NR_SYSCALL_BASE + 344) },
+	{ "mprotect", (__NR_SYSCALL_BASE + 125) },
+	{ "mpx", __PNR_mpx },
+	{ "mq_getsetattr", (__NR_SYSCALL_BASE + 279) },
+	{ "mq_notify", (__NR_SYSCALL_BASE + 278) },
+	{ "mq_open", (__NR_SYSCALL_BASE + 274) },
+	{ "mq_timedreceive", (__NR_SYSCALL_BASE + 277) },
+	{ "mq_timedsend", (__NR_SYSCALL_BASE + 276) },
+	{ "mq_unlink", (__NR_SYSCALL_BASE + 275) },
+	{ "mremap", (__NR_SYSCALL_BASE + 163) },
+	{ "msgctl", (__NR_SYSCALL_BASE + 304) },
+	{ "msgget", (__NR_SYSCALL_BASE + 303) },
+	{ "msgrcv", (__NR_SYSCALL_BASE + 302) },
+	{ "msgsnd", (__NR_SYSCALL_BASE + 301) },
+	{ "msync", (__NR_SYSCALL_BASE + 144) },
+	{ "munlock", (__NR_SYSCALL_BASE + 151) },
+	{ "munlockall", (__NR_SYSCALL_BASE + 153) },
+	{ "munmap", (__NR_SYSCALL_BASE + 91) },
+	{ "name_to_handle_at", (__NR_SYSCALL_BASE + 370) },
+	{ "nanosleep", (__NR_SYSCALL_BASE + 162) },
+	{ "_newselect", (__NR_SYSCALL_BASE + 142) },
+	{ "newfstatat", __PNR_newfstatat },
+	{ "nfsservctl", (__NR_SYSCALL_BASE + 169) },
+	{ "nice", (__NR_SYSCALL_BASE + 34) },
+	{ "oldfstat", __PNR_oldfstat },
+	{ "oldlstat", __PNR_oldlstat },
+	{ "oldolduname", __PNR_oldolduname },
+	{ "oldstat", __PNR_oldstat },
+	{ "olduname", __PNR_olduname },
+	{ "open", (__NR_SYSCALL_BASE +  5) },
+	{ "open_by_handle_at", (__NR_SYSCALL_BASE + 371) },
+	{ "openat", (__NR_SYSCALL_BASE + 322) },
+	{ "pause", (__NR_SYSCALL_BASE + 29) },
+	{ "pciconfig_iobase", (__NR_SYSCALL_BASE + 271) },
+	{ "pciconfig_read", (__NR_SYSCALL_BASE + 272) },
+	{ "pciconfig_write", (__NR_SYSCALL_BASE + 273) },
+	{ "perf_event_open", (__NR_SYSCALL_BASE + 364) },
+	{ "personality", (__NR_SYSCALL_BASE + 136) },
+	{ "pipe", (__NR_SYSCALL_BASE + 42) },
+	{ "pipe2", (__NR_SYSCALL_BASE + 359) },
+	{ "pivot_root", (__NR_SYSCALL_BASE + 218) },
+	{ "poll", (__NR_SYSCALL_BASE + 168) },
+	{ "ppoll", (__NR_SYSCALL_BASE + 336) },
+	{ "prctl", (__NR_SYSCALL_BASE + 172) },
+	{ "pread64", (__NR_SYSCALL_BASE + 180) },
+	{ "preadv", (__NR_SYSCALL_BASE + 361) },
+	{ "prlimit64", (__NR_SYSCALL_BASE + 369) },
+	{ "process_vm_readv", (__NR_SYSCALL_BASE + 376) },
+	{ "process_vm_writev", (__NR_SYSCALL_BASE + 377) },
+	{ "prof", __PNR_prof },
+	{ "profil", __PNR_profil },
+	{ "pselect6", (__NR_SYSCALL_BASE + 335) },
+	{ "ptrace", (__NR_SYSCALL_BASE + 26) },
+	{ "putpmsg", __PNR_putpmsg },
+	{ "pwrite64", (__NR_SYSCALL_BASE + 181) },
+	{ "pwritev", (__NR_SYSCALL_BASE + 362) },
+	{ "query_module", __PNR_query_module },
+	{ "quotactl", (__NR_SYSCALL_BASE + 131) },
+	{ "read", (__NR_SYSCALL_BASE +  3) },
+	{ "readahead", (__NR_SYSCALL_BASE + 225) },
+	{ "readdir", (__NR_SYSCALL_BASE + 89) },
+	{ "readlink", (__NR_SYSCALL_BASE + 85) },
+	{ "readlinkat", (__NR_SYSCALL_BASE + 332) },
+	{ "readv", (__NR_SYSCALL_BASE + 145) },
+	{ "reboot", (__NR_SYSCALL_BASE + 88) },
+	{ "recv", (__NR_SYSCALL_BASE + 291) },
+	{ "recvfrom", (__NR_SYSCALL_BASE + 292) },
+	{ "recvmmsg", (__NR_SYSCALL_BASE + 365) },
+	{ "recvmsg", (__NR_SYSCALL_BASE + 297) },
+	{ "remap_file_pages", (__NR_SYSCALL_BASE + 253) },
+	{ "removexattr", (__NR_SYSCALL_BASE + 235) },
+	{ "rename", (__NR_SYSCALL_BASE + 38) },
+	{ "renameat", (__NR_SYSCALL_BASE + 329) },
+	{ "request_key", (__NR_SYSCALL_BASE + 310) },
+	{ "restart_syscall", (__NR_SYSCALL_BASE +  0) },
+	{ "rmdir", (__NR_SYSCALL_BASE + 40) },
+	{ "rt_sigaction", (__NR_SYSCALL_BASE + 174) },
+	{ "rt_sigpending", (__NR_SYSCALL_BASE + 176) },
+	{ "rt_sigprocmask", (__NR_SYSCALL_BASE + 175) },
+	{ "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 178) },
+	{ "rt_sigreturn", (__NR_SYSCALL_BASE + 173) },
+	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) },
+	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
+	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
+	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
+	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
+	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
+	{ "sched_getparam", (__NR_SYSCALL_BASE + 155) },
+	{ "sched_getscheduler", (__NR_SYSCALL_BASE + 157) },
+	{ "sched_rr_get_interval", (__NR_SYSCALL_BASE + 161) },
+	{ "sched_setaffinity", (__NR_SYSCALL_BASE + 241) },
+	{ "sched_setparam", (__NR_SYSCALL_BASE + 154) },
+	{ "sched_setscheduler", (__NR_SYSCALL_BASE + 156) },
+	{ "sched_yield", (__NR_SYSCALL_BASE + 158) },
+	{ "security", __PNR_security },
+	{ "select", (__NR_SYSCALL_BASE + 82) },
+	{ "semctl", (__NR_SYSCALL_BASE + 300) },
+	{ "semget", (__NR_SYSCALL_BASE + 299) },
+	{ "semop", (__NR_SYSCALL_BASE + 298) },
+	{ "semtimedop", (__NR_SYSCALL_BASE + 312) },
+	{ "send", (__NR_SYSCALL_BASE + 289) },
+	{ "sendfile", (__NR_SYSCALL_BASE + 187) },
+	{ "sendfile64", (__NR_SYSCALL_BASE + 239) },
+	{ "sendmmsg", (__NR_SYSCALL_BASE + 374) },
+	{ "sendmsg", (__NR_SYSCALL_BASE + 296) },
+	{ "sendto", (__NR_SYSCALL_BASE + 290) },
+	{ "set_mempolicy", (__NR_SYSCALL_BASE + 321) },
+	{ "set_robust_list", (__NR_SYSCALL_BASE + 338) },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", (__NR_SYSCALL_BASE + 256) },
+	{ "setdomainname", (__NR_SYSCALL_BASE + 121) },
+	{ "setfsgid", (__NR_SYSCALL_BASE + 139) },
+	{ "setfsgid32", (__NR_SYSCALL_BASE + 216) },
+	{ "setfsuid", (__NR_SYSCALL_BASE + 138) },
+	{ "setfsuid32", (__NR_SYSCALL_BASE + 215) },
+	{ "setgid", (__NR_SYSCALL_BASE + 46) },
+	{ "setgid32", (__NR_SYSCALL_BASE + 214) },
+	{ "setgroups", (__NR_SYSCALL_BASE + 81) },
+	{ "setgroups32", (__NR_SYSCALL_BASE + 206) },
+	{ "sethostname", (__NR_SYSCALL_BASE + 74) },
+	{ "setitimer", (__NR_SYSCALL_BASE + 104) },
+	{ "setns", (__NR_SYSCALL_BASE + 375) },
+	{ "setpgid", (__NR_SYSCALL_BASE + 57) },
+	{ "setpriority", (__NR_SYSCALL_BASE + 97) },
+	{ "setregid", (__NR_SYSCALL_BASE + 71) },
+	{ "setregid32", (__NR_SYSCALL_BASE + 204) },
+	{ "setresgid", (__NR_SYSCALL_BASE + 170) },
+	{ "setresgid32", (__NR_SYSCALL_BASE + 210) },
+	{ "setresuid", (__NR_SYSCALL_BASE + 164) },
+	{ "setresuid32", (__NR_SYSCALL_BASE + 208) },
+	{ "setreuid", (__NR_SYSCALL_BASE + 70) },
+	{ "setreuid32", (__NR_SYSCALL_BASE + 203) },
+	{ "setrlimit", (__NR_SYSCALL_BASE + 75) },
+	{ "setsid", (__NR_SYSCALL_BASE + 66) },
+	{ "setsockopt", (__NR_SYSCALL_BASE + 294) },
+	{ "settimeofday", (__NR_SYSCALL_BASE + 79) },
+	{ "setuid", (__NR_SYSCALL_BASE + 23) },
+	{ "setuid32", (__NR_SYSCALL_BASE + 213) },
+	{ "setxattr", (__NR_SYSCALL_BASE + 226) },
+	{ "sgetmask", __PNR_sgetmask },
+	{ "shmat", (__NR_SYSCALL_BASE + 305) },
+	{ "shmctl", (__NR_SYSCALL_BASE + 308) },
+	{ "shmdt", (__NR_SYSCALL_BASE + 306) },
+	{ "shmget", (__NR_SYSCALL_BASE + 307) },
+	{ "shutdown", (__NR_SYSCALL_BASE + 293) },
+	{ "sigaction", (__NR_SYSCALL_BASE + 67) },
+	{ "sigaltstack", (__NR_SYSCALL_BASE + 186) },
+	{ "signal", __PNR_signal },
+	{ "signalfd", (__NR_SYSCALL_BASE + 349) },
+	{ "signalfd4", (__NR_SYSCALL_BASE + 355) },
+	{ "sigpending", (__NR_SYSCALL_BASE + 73) },
+	{ "sigprocmask", (__NR_SYSCALL_BASE + 126) },
+	{ "sigreturn", (__NR_SYSCALL_BASE + 119) },
+	{ "sigsuspend", (__NR_SYSCALL_BASE + 72) },
+	{ "socket", (__NR_SYSCALL_BASE + 281) },
+	{ "socketcall", (__NR_SYSCALL_BASE + 102) },
+	{ "socketpair", (__NR_SYSCALL_BASE + 288) },
+	{ "splice", (__NR_SYSCALL_BASE + 340) },
+	{ "ssetmask", __PNR_ssetmask },
+	{ "stat", (__NR_SYSCALL_BASE + 106) },
+	{ "stat64", (__NR_SYSCALL_BASE + 195) },
+	{ "statfs", (__NR_SYSCALL_BASE + 99) },
+	{ "statfs64", (__NR_SYSCALL_BASE + 266) },
+	{ "stime", (__NR_SYSCALL_BASE + 25) },
+	{ "stty", __PNR_stty },
+	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
+	{ "swapon", (__NR_SYSCALL_BASE + 87) },
+	{ "symlink", (__NR_SYSCALL_BASE + 83) },
+	{ "symlinkat", (__NR_SYSCALL_BASE + 331) },
+	{ "sync", (__NR_SYSCALL_BASE + 36) },
+	{ "sync_file_range", __PNR_sync_file_range },
+	{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
+	{ "syncfs", (__NR_SYSCALL_BASE + 373) },
+	{ "syscall", (__NR_SYSCALL_BASE + 113) },
+	{ "_sysctl", (__NR_SYSCALL_BASE + 149) },
+	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
+	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
+	{ "syslog", (__NR_SYSCALL_BASE + 103) },
+	{ "tee", (__NR_SYSCALL_BASE + 342) },
+	{ "tgkill", (__NR_SYSCALL_BASE + 268) },
+	{ "time", (__NR_SYSCALL_BASE + 13) },
+	{ "timer_create", (__NR_SYSCALL_BASE + 257) },
+	{ "timer_delete", (__NR_SYSCALL_BASE + 261) },
+	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
+	{ "timer_gettime", (__NR_SYSCALL_BASE + 259) },
+	{ "timer_settime", (__NR_SYSCALL_BASE + 258) },
+	{ "timerfd_create", (__NR_SYSCALL_BASE + 350) },
+	{ "timerfd_gettime", (__NR_SYSCALL_BASE + 354) },
+	{ "timerfd_settime", (__NR_SYSCALL_BASE + 353) },
+	{ "times", (__NR_SYSCALL_BASE + 43) },
+	{ "tkill", (__NR_SYSCALL_BASE + 238) },
+	{ "truncate", (__NR_SYSCALL_BASE + 92) },
+	{ "truncate64", (__NR_SYSCALL_BASE + 193) },
+	{ "tuxcall", __PNR_tuxcall },
+	{ "ugetrlimit", (__NR_SYSCALL_BASE + 191) },
+	{ "ulimit", __PNR_ulimit },
+	{ "umask", (__NR_SYSCALL_BASE + 60) },
+	{ "umount", (__NR_SYSCALL_BASE + 22) },
+	{ "umount2", (__NR_SYSCALL_BASE + 52) },
+	{ "uname", (__NR_SYSCALL_BASE + 122) },
+	{ "unlink", (__NR_SYSCALL_BASE + 10) },
+	{ "unlinkat", (__NR_SYSCALL_BASE + 328) },
+	{ "unshare", (__NR_SYSCALL_BASE + 337) },
+	{ "uselib", (__NR_SYSCALL_BASE + 86) },
+	{ "ustat", (__NR_SYSCALL_BASE + 62) },
+	{ "utime", (__NR_SYSCALL_BASE + 30) },
+	{ "utimensat", (__NR_SYSCALL_BASE + 348) },
+	{ "utimes", (__NR_SYSCALL_BASE + 269) },
+	{ "vfork", (__NR_SYSCALL_BASE + 190) },
+	{ "vhangup", (__NR_SYSCALL_BASE + 111) },
+	{ "vm86", __PNR_vm86 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", (__NR_SYSCALL_BASE + 343) },
+	{ "vserver", (__NR_SYSCALL_BASE + 313) },
+	{ "wait4", (__NR_SYSCALL_BASE + 114) },
+	{ "waitid", (__NR_SYSCALL_BASE + 280) },
+	{ "waitpid", __PNR_waitpid },
+	{ "write", (__NR_SYSCALL_BASE +  4) },
+	{ "writev", (__NR_SYSCALL_BASE + 146) },
+	{ NULL, __NR_SCMP_ERROR },
+};
diff --git a/src/arch-arm.c b/src/arch-arm.c
new file mode 100644
index 0000000..d2f0834
--- /dev/null
+++ b/src/arch-arm.c
@@ -0,0 +1,34 @@
+/**
+ * Enhanced Seccomp ARM Specific Code
+ *
+ * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <pmoore@redhat.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-arm.h"
+
+const struct arch_def arch_def_arm = {
+	.token = SCMP_ARCH_ARM,
+	.token_bpf = AUDIT_ARCH_ARM,
+	.size = ARCH_SIZE_32,
+	.endian = ARCH_ENDIAN_LITTLE,
+};
diff --git a/src/arch-arm.h b/src/arch-arm.h
new file mode 100644
index 0000000..415eccb
--- /dev/null
+++ b/src/arch-arm.h
@@ -0,0 +1,35 @@
+/**
+ * Enhanced Seccomp ARM Specific Code
+ *
+ * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <pmoore@redhat.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_ARM_H
+#define _ARCH_ARM_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+#define arm_arg_count_max		6
+
+extern const struct arch_def arch_def_arm;
+extern const struct arch_syscall_def arm_syscall_table[];
+
+#endif
diff --git a/src/arch-i386-syscalls.c b/src/arch-i386-syscalls.c
index d08d129..803b0e7 100644
--- a/src/arch-i386-syscalls.c
+++ b/src/arch-i386-syscalls.c
@@ -35,6 +35,8 @@ const struct arch_syscall_def i386_syscall_table[] = \
 	{ "adjtimex", 124 },
 	{ "afs_syscall", 137 },
 	{ "alarm", 27 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", __PNR_arch_prctl },
 	{ "bdflush", 134 },
 	{ "bind", __PNR_bind },
@@ -89,6 +91,7 @@ const struct arch_syscall_def i386_syscall_table[] = \
 	{ "fcntl64", 221 },
 	{ "fdatasync", 148 },
 	{ "fgetxattr", 231 },
+	{ "finit_module", __PNR_finit_module },
 	{ "flistxattr", 234 },
 	{ "flock", 143 },
 	{ "fork", 2 },
@@ -228,6 +231,9 @@ const struct arch_syscall_def i386_syscall_table[] = \
 	{ "open_by_handle_at", 342 },
 	{ "openat", 295 },
 	{ "pause", 29 },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
 	{ "perf_event_open", 336 },
 	{ "personality", 136 },
 	{ "pipe", 42 },
@@ -363,7 +369,9 @@ const struct arch_syscall_def i386_syscall_table[] = \
 	{ "symlinkat", 304 },
 	{ "sync", 36 },
 	{ "sync_file_range", 314 },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", 344 },
+	{ "syscall", __PNR_syscall },
 	{ "_sysctl", 149 },
 	{ "sysfs", 135 },
 	{ "sysinfo", 116 },
diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
index 0985f2a..31d915d 100644
--- a/src/arch-x32-syscalls.c
+++ b/src/arch-x32-syscalls.c
@@ -37,6 +37,8 @@ const struct arch_syscall_def x32_syscall_table[] = \
 	{ "adjtimex", (__X32_SYSCALL_BIT + 159) },
 	{ "afs_syscall", (__X32_SYSCALL_BIT + 183) },
 	{ "alarm", (__X32_SYSCALL_BIT + 37) },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", (__X32_SYSCALL_BIT + 158) },
 	{ "bdflush", __PNR_bdflush },
 	{ "bind", (__X32_SYSCALL_BIT + 49) },
@@ -91,6 +93,7 @@ const struct arch_syscall_def x32_syscall_table[] = \
 	{ "fcntl64", __PNR_fcntl64 },
 	{ "fdatasync", (__X32_SYSCALL_BIT + 75) },
 	{ "fgetxattr", (__X32_SYSCALL_BIT + 193) },
+	{ "finit_module", __PNR_finit_module },
 	{ "flistxattr", (__X32_SYSCALL_BIT + 196) },
 	{ "flock", (__X32_SYSCALL_BIT + 73) },
 	{ "fork", (__X32_SYSCALL_BIT + 57) },
@@ -99,8 +102,8 @@ const struct arch_syscall_def x32_syscall_table[] = \
 	{ "fstat", (__X32_SYSCALL_BIT + 5) },
 	{ "fstat64", __PNR_fstat64 },
 	{ "fstatat64", __PNR_fstatat64 },
-	{ "fstatfs64", __PNR_fstatfs64 },
 	{ "fstatfs", (__X32_SYSCALL_BIT + 138) },
+	{ "fstatfs64", __PNR_fstatfs64 },
 	{ "fsync", (__X32_SYSCALL_BIT + 74) },
 	{ "ftime", __PNR_ftime },
 	{ "ftruncate", (__X32_SYSCALL_BIT + 77) },
@@ -219,8 +222,8 @@ const struct arch_syscall_def x32_syscall_table[] = \
 	{ "nanosleep", (__X32_SYSCALL_BIT + 35) },
 	{ "_newselect", __PNR__newselect },
 	{ "newfstatat", (__X32_SYSCALL_BIT + 262) },
-	{ "nice", __PNR_nice },
 	{ "nfsservctl", __PNR_nfsservctl },
+	{ "nice", __PNR_nice },
 	{ "oldfstat", __PNR_oldfstat },
 	{ "oldlstat", __PNR_oldlstat },
 	{ "oldolduname", __PNR_oldolduname },
@@ -230,6 +233,9 @@ const struct arch_syscall_def x32_syscall_table[] = \
 	{ "open_by_handle_at", (__X32_SYSCALL_BIT + 304) },
 	{ "openat", (__X32_SYSCALL_BIT + 257) },
 	{ "pause", (__X32_SYSCALL_BIT + 34) },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
 	{ "perf_event_open", (__X32_SYSCALL_BIT + 298) },
 	{ "personality", (__X32_SYSCALL_BIT + 135) },
 	{ "pipe", (__X32_SYSCALL_BIT + 22) },
@@ -365,7 +371,9 @@ const struct arch_syscall_def x32_syscall_table[] = \
 	{ "symlinkat", (__X32_SYSCALL_BIT + 266) },
 	{ "sync", (__X32_SYSCALL_BIT + 162) },
 	{ "sync_file_range", (__X32_SYSCALL_BIT + 277) },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", (__X32_SYSCALL_BIT + 306) },
+	{ "syscall", __PNR_syscall },
 	{ "_sysctl", __PNR__sysctl },
 	{ "sysfs", (__X32_SYSCALL_BIT + 139) },
 	{ "sysinfo", (__X32_SYSCALL_BIT + 99) },
diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
index 9684be3..10f6273 100644
--- a/src/arch-x86_64-syscalls.c
+++ b/src/arch-x86_64-syscalls.c
@@ -35,6 +35,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = \
 	{ "adjtimex", 159 },
 	{ "afs_syscall", 183 },
 	{ "alarm", 37 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", 158 },
 	{ "bdflush", __PNR_bdflush },
 	{ "bind", 49 },
@@ -89,6 +91,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = \
 	{ "fcntl64", __PNR_fcntl64 },
 	{ "fdatasync", 75 },
 	{ "fgetxattr", 193 },
+	{ "finit_module", __PNR_finit_module },
 	{ "flistxattr", 196 },
 	{ "flock", 73 },
 	{ "fork", 57 },
@@ -97,8 +100,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = \
 	{ "fstat", 5 },
 	{ "fstat64", __PNR_fstat64 },
 	{ "fstatat64", __PNR_fstatat64 },
-	{ "fstatfs64", __PNR_fstatfs64 },
 	{ "fstatfs", 138 },
+	{ "fstatfs64", __PNR_fstatfs64 },
 	{ "fsync", 74 },
 	{ "ftime", __PNR_ftime },
 	{ "ftruncate", 77 },
@@ -217,8 +220,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = \
 	{ "nanosleep", 35 },
 	{ "_newselect", __PNR__newselect },
 	{ "newfstatat", 262 },
-	{ "nice", __PNR_nice },
 	{ "nfsservctl", 180 },
+	{ "nice", __PNR_nice },
 	{ "oldfstat", __PNR_oldfstat },
 	{ "oldlstat", __PNR_oldlstat },
 	{ "oldolduname", __PNR_oldolduname },
@@ -228,6 +231,9 @@ const struct arch_syscall_def x86_64_syscall_table[] = \
 	{ "open_by_handle_at", 304 },
 	{ "openat", 257 },
 	{ "pause", 34 },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
 	{ "perf_event_open", 298 },
 	{ "personality", 135 },
 	{ "pipe", 22 },
@@ -363,7 +369,9 @@ const struct arch_syscall_def x86_64_syscall_table[] = \
 	{ "symlinkat", 266 },
 	{ "sync", 162 },
 	{ "sync_file_range", 277 },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", 306 },
+	{ "syscall", __PNR_syscall },
 	{ "_sysctl", 156 },
 	{ "sysfs", 139 },
 	{ "sysinfo", 99 },
diff --git a/src/arch.c b/src/arch.c
index 00c190f..701b017 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -19,6 +19,7 @@
  * along with this library; if not, see <http://www.gnu.org/licenses>.
  */
 
+#include <elf.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
@@ -31,6 +32,7 @@
 #include "arch-i386.h"
 #include "arch-x86_64.h"
 #include "arch-x32.h"
+#include "arch-arm.h"
 #include "system.h"
 
 #if __i386__
@@ -41,6 +43,8 @@ const struct arch_def *arch_def_native = &arch_def_x32;
 #else
 const struct arch_def *arch_def_native = &arch_def_x86_64;
 #endif /* __ILP32__ */
+#elif __arm__
+const struct arch_def *arch_def_native = &arch_def_arm;
 #else
 #error the arch code needs to know about your machine type
 #endif /* machine type guess */
@@ -58,6 +62,7 @@ int arch_valid(uint32_t arch)
 	case SCMP_ARCH_X86:
 	case SCMP_ARCH_X86_64:
 	case SCMP_ARCH_X32:
+	case SCMP_ARCH_ARM:
 		return 0;
 	}
 
@@ -76,13 +81,12 @@ static const struct arch_syscall_def *_arch_syscall_lookup(uint32_t token)
 	switch (token) {
 	case SCMP_ARCH_X86:
 		return i386_syscall_table;
-		break;
 	case SCMP_ARCH_X86_64:
 		return x86_64_syscall_table;
-		break;
 	case SCMP_ARCH_X32:
 		return x32_syscall_table;
-		break;
+	case SCMP_ARCH_ARM:
+		return arm_syscall_table;
 	}
 
 	return NULL;
@@ -100,13 +104,12 @@ const struct arch_def *arch_def_lookup(uint32_t token)
 	switch (token) {
 	case SCMP_ARCH_X86:
 		return &arch_def_i386;
-		break;
 	case SCMP_ARCH_X86_64:
 		return &arch_def_x86_64;
-		break;
 	case SCMP_ARCH_X32:
 		return &arch_def_x32;
-		break;
+	case SCMP_ARCH_ARM:
+		return &arch_def_arm;
 	}
 
 	return NULL;
@@ -129,9 +132,11 @@ int arch_arg_count_max(const struct arch_def *arch)
 		return x86_64_arg_count_max;
 	case SCMP_ARCH_X32:
 		return x32_arg_count_max;
-	default:
-		return -EDOM;
+	case SCMP_ARCH_ARM:
+		return arm_arg_count_max;
 	}
+
+	return -EDOM;
 }
 
 /**
diff --git a/src/gen_pfc.c b/src/gen_pfc.c
index 37460a9..4f962e4 100644
--- a/src/gen_pfc.c
+++ b/src/gen_pfc.c
@@ -55,6 +55,8 @@ static const char *_pfc_arch(const struct arch_def *arch)
 		return "x86_64";
 	case SCMP_ARCH_X32:
 		return "x32";
+	case SCMP_ARCH_ARM:
+		return "arm";
 	default:
 		return "UNKNOWN";
 	}
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index 85be924..411b08e 100644
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -30,6 +30,7 @@ cdef extern from "seccomp.h":
         SCMP_ARCH_X86
         SCMP_ARCH_X86_64
         SCMP_ARCH_X32
+        SCMP_ARCH_ARM
 
     cdef enum scmp_filter_attr:
         SCMP_FLTATR_ACT_DEFAULT
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index 22d6e4e..a87e1a4 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -125,12 +125,14 @@ cdef class Arch:
     X86 - 32-bit x86
     X86_64 - 64-bit x86
     X32 - 64-bit x86 using the x32 ABI
+    ARM - ARM
     """
 
     NATIVE = libseccomp.SCMP_ARCH_NATIVE
     X86 = libseccomp.SCMP_ARCH_X86
     X86_64 = libseccomp.SCMP_ARCH_X86_64
     X32 = libseccomp.SCMP_ARCH_X32
+    ARM = libseccomp.SCMP_ARCH_ARM
 
 cdef class Attr:
     """ Python object representing the SyscallFilter attributes.
diff --git a/tools/bpf_sim.c b/tools/bpf_sim.c
index 476a00e..0e11d6e 100644
--- a/tools/bpf_sim.c
+++ b/tools/bpf_sim.c
@@ -19,6 +19,7 @@
  * along with this library; if not, see <http://www.gnu.org/licenses>.
  */
 
+#include <elf.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
@@ -235,6 +236,8 @@ int main(int argc, char *argv[])
 				sys_data.arch = AUDIT_ARCH_X86_64;
 			else if (strcmp(optarg, "x32") == 0)
 				sys_data.arch = AUDIT_ARCH_X86_64;
+			else if (strcmp(optarg, "arm") == 0)
+				sys_data.arch = AUDIT_ARCH_ARM;
 			else if (strcmp(optarg, "ia64") == 0)
 				sys_data.arch = AUDIT_ARCH_IA64;
 			else if (strcmp(optarg, "ppc") == 0)
diff --git a/tools/sys_resolver.c b/tools/sys_resolver.c
index 595cea0..dd1d0c0 100644
--- a/tools/sys_resolver.c
+++ b/tools/sys_resolver.c
@@ -29,6 +29,7 @@
 #include "../src/arch-i386.h"
 #include "../src/arch-x86_64.h"
 #include "../src/arch-x32.h"
+#include "../src/arch-arm.h"
 
 /**
  * Print the usage information to stderr and exit
@@ -65,6 +66,8 @@ int main(int argc, char *argv[])
 				arch = &arch_def_x86_64;
 			else if (strcmp(optarg, "x32") == 0)
 				arch = &arch_def_x32;
+			else if (strcmp(optarg, "arm") == 0)
+				arch = &arch_def_arm;
 			else
 				exit_usage(argv[0]);
 			break;
author	Paul Moore <pmoore@redhat.com>	2012-07-20 16:22:36 -0400
committer	Paul Moore <pmoore@redhat.com>	2013-03-26 18:15:10 -0400
commit	db440d1e4fb6b620d8e4f4463036fbc89986fb9d (patch)
tree	1ed203335e727cd0d2518a31179a5d9dca00efb7
parent	e9b5a6eb238856bf73f53890119aab559afcb0f0 (diff)
download	libseccomp-db440d1e4fb6b620d8e4f4463036fbc89986fb9d.tar.gz