| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test 53-sim-binary_tree removes the native architecture and
builds the binary tree on aarch64, ppc64le, and x86_64. But the
tests file was testing for "all" architectures which led to test
failures on other systems like s390x. This commit replaces the
"all" arch with only the architectures in the test.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit a6de31f0d90f00bfd6900480857f6c71f1d3c8ef)
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Make the "distcheck" happy by properly including the 57th python
test.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Identified via Coverity, make sure we are checking the correct
pointer depth when dealing with double pointers.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
| |
This commit documents the usage of SCMP_FLTATR_CTL_OPTIMIZE in the
seccomp_attr_set.3 man page.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libseccomp performs a translation step when adding a raw syscall value
to a multi-architecture filter. For instance, when adding __NR_open
(syscall value 2 on x86-64) to a filter containing x86 and x86-64 where
the native ABI is x86-64, the x86 BPF branch will use the value 5
(__NR_open on x86).
This commit adds explicit documentation for the translation step.
Refs https://github.com/seccomp/libseccomp/issues/259.
Signed-off-by: Tudor Brindus <me@tbrindus.ca>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
The recent patch to remove PNR syscalls from the BPF
filter causes test 06-sim-actions%%005-00001 to fail
because aarch64 doesn't support the stat syscall. This
commit skips that check on aarch64 only.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that pseudo-syscalls are being removed from the resultant
BPF filter, we need to test for this in the simulated binary
tree test. This commit modifies the test to explicitly define
its supported architectures and updates the tests file to
handle PNR syscalls. Note that the aarch64 architecture does
not define many of the syscalls used in this test, and thus
these syscalls fall through to the default ALLOW action.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
Unless explicitly instructed via the SCMP_FLTATR_API_TSKIP attribute,
pseudo-syscalls should not be added to the BPF filter. Note that
as of this commit, pseudo-syscalls are displayed in the PFC filter.
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The arm and x32 architecture files were using arithmetic
to set/clear bits in their syscall numbers. This could
erroneously double add or double subtract these bits.
This commit uses bitwise logic to ensure the bits are
properly set/cleared.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a syscall is used in a multi-architecture filter, the syscall must
exist in all the architectures, or -EOPNOTSUPP is returned. For example,
epoll_wait_old has value 215 in x86-64, but does not exist in x86.
Trying to add a filter rule including it in a x86-64/x86 filter will
fail.
This commit clarifies that libseccomp will reject a rule containing such
a case.
Signed-off-by: Tudor Brindus <me@tbrindus.ca>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
| |
API level 6 allows callers to use both the TSYNC and notify APIs at
the same time. This is due to the TSYNC_ESRCH flag which was added
in Linux v5.7.
This patch also fixes some omissions in seccomp_api_set().
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this commit, _gen_bpf_build_bpf would mask some errors that
occurred in helper functions as EFAULT, even if they were not EFAULT to
begin with.
See https://github.com/seccomp/libseccomp/issues/240 for additional
information.
Signed-off-by: Tudor Brindus <me@tbrindus.ca>
[PM: fixed GitHub reference]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
| |
Signed-off-by: Rolf Eike Beer <eb@emlix.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See the manpage additions as part of this patch, but the basic idea
is that when this attribute is non-zero we make every effort to
convey the system's errno value back to the caller when something
goes wrong in libc or the kernel. It is important to note from a
support perspective that our ability to support callers who make use
of this attribute will be diminished as the libc and kernel errno
values are beyond libseccomp's control.
If the attribute is zero, the library hides all of the system
failures under -ECANCELED.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This really should have been done when the notification code was
merged. Looking at the code, the seccomp.h.in comments can apply
here so we're just going to do a cut-n-paste job.
We also fixup some formatting/consistency issues in the seccomp.h.in
comments.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
| |
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
The basic idea is that the C functions should return negative values
on error and the terminal programs should return positive, non-zero
values on error.
Reported-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
| |
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
This is one part of including error codes in our API promise, it
helps ensure we don't accidentally send an undocumented error code
to the caller.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
We need to limit our use of EINVAL to only indicate bad input to the
API functions. Bad input to internal functions is not a valid use
of EINVAL.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
It is likely a fools errand to try and provide kernel and libc errno
guarantees across different architectures, kernels, and libc
implementations so let's just punt on the problem and dump all of
these errors into the ECANCELED bucket.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
This is part of our error code cleanup and API promise.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
| |
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
This should provide a nice clean display in the GitHub CSV viewer.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
I've never wanted my code to be either a reminder or a source of
hurt for others, but it is possible that some older terminology used
in this repository may do just that. That's a bug we need to fix,
and hopefully this patch does just that.
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
| |
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Because TSYNC and NEW_LISTENER send information back via the
seccomp(...) return value, they can not be used at the same time. It
seems like the right thing to do is to always set the NEW_LISTENER
flag (as long as the API level supports it) unless the caller
explicitly sets TSYNC.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
We can't always rely on callers calling seccomp_api_get() before
using any API level gated functionality so let's force an API level
update in a few key places.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
| |
Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
| |
Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
This ensures clone3, getrlimit and setrlimit are defined for aarch64 - also
update syscalls.csv from 5.6.0 to pick up these new syscalls
Signed-off-by: Alex Murray <alex.murray@canonical.com>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|\
| |
| | |
BUG: add ipc and socket multiplexing support to ppc64
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit enables TravisCI to run the automated
tests on powerpc64le.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit adds the ppc64le architecture to test
30-sim-socket_syscalls.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit adds the ppc64le architecture to test
36-sim-ipc_syscalls.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit adds support to ppc64 for ipc and socket
calls that are multiplexed.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
|/
|
|
|
|
|
|
| |
For some reason the Travis CI build is failing to pip install the
cpp-coveralls package so let's skip it (we don't run the coveralls
portions on arm64 anyway).
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
Add some text to clarify that you can only have one comparison per
syscall argument in a given rule as well as better explain what
happens when you have multiple filters loaded.
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
It is pointless to check the syntax of automatically generated files
so let's stop doing it.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
This commit adds semtimedop() support to the s390
mux/demux functions - _s390_syscall_demux() and
_s390_syscall_mux().
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The following syscalls were missing from the s390 munge
functions - s390_syscall_resolve_name_munge() and
s390_syscall_resolve_num_munge():
msgctl, msgget, msgrcv, msgsnd, semctl, semget, and
semtimedop
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The following syscalls were missing from the s390x munge
functions - s390x_syscall_resolve_name_munge() and
s390x_syscall_resolve_num_munge():
msgctl, msgget, msgrcv, msgsnd, semctl, semget, and
semtimedop
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The syscalls shmat, shmctl, and shmget are ipc syscalls on s390
and s390x. This causes test #53 to fail due to the syscall number
not matching up with the values in the *.tests file.
This commit removes the aforementioned ipc syscalls since they are
being tested in tests #36 and #37.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
The MIPS ABIs now use the parser friendly syscall.tbl format so make
use of that to simplify our code.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|