summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* all: release v2.5.0coverity-scanPaul Moore2020-07-182-1/+23
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Explicitly specify the archs in the sim binary tree testTom Hromatka2020-07-181-51/+51
| | | | | | | | | | | | Test 53-sim-binary_tree removes the native architecture and builds the binary tree on aarch64, ppc64le, and x86_64. But the tests file was testing for "all" architectures which led to test failures on other systems like s390x. This commit replaces the "all" arch with only the architectures in the test. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a6de31f0d90f00bfd6900480857f6c71f1d3c8ef)
* syscalls: update the syscall table for Linux v5.8.0-rc5Paul Moore2020-07-151-1/+2
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* docs: update the CREDITS filePaul Moore2020-07-151-0/+11
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: add the 57'th python test to the MakefilePaul Moore2020-07-151-0/+1
| | | | | | | Make the "distcheck" happy by properly including the 57th python test. Signed-off-by: Paul Moore <paul@paul-moore.com>
* bpf: correctly check for zmalloc() failures in _gen_bpf_init_bintree()Paul Moore2020-07-151-2/+2
| | | | | | | Identified via Coverity, make sure we are checking the correct pointer depth when dealing with double pointers. Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: Document SCMP_FLTATR_CTL_OPTIMIZE in seccomp_attr_set.3Tom Hromatka2020-07-141-0/+26
| | | | | | | | This commit documents the usage of SCMP_FLTATR_CTL_OPTIMIZE in the seccomp_attr_set.3 man page. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: clarify seccomp_rule_add syscall translation behaviorTudor Brindus2020-07-131-1/+4
| | | | | | | | | | | | | | | | libseccomp performs a translation step when adding a raw syscall value to a multi-architecture filter. For instance, when adding __NR_open (syscall value 2 on x86-64) to a filter containing x86 and x86-64 where the native ABI is x86-64, the x86 BPF branch will use the value 5 (__NR_open on x86). This commit adds explicit documentation for the translation step. Refs https://github.com/seccomp/libseccomp/issues/259. Signed-off-by: Tudor Brindus <me@tbrindus.ca> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Skip the stat syscall on aarch64 in test 06Tom Hromatka2020-07-131-1/+1
| | | | | | | | | | The recent patch to remove PNR syscalls from the BPF filter causes test 06-sim-actions%%005-00001 to fail because aarch64 doesn't support the stat syscall. This commit skips that check on aarch64 only. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Handle pseudo-syscalls in the sim binary tree testTom Hromatka2020-07-133-41/+70
| | | | | | | | | | | | | Now that pseudo-syscalls are being removed from the resultant BPF filter, we need to test for this in the simulated binary tree test. This commit modifies the test to explicitly define its supported architectures and updates the tests file to handle PNR syscalls. Note that the aarch64 architecture does not define many of the syscalls used in this test, and thus these syscalls fall through to the default ALLOW action. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* bpf: do not add pseudo-syscalls to the BPF filterTom Hromatka2020-07-131-3/+49
| | | | | | | | | | Unless explicitly instructed via the SCMP_FLTATR_API_TSKIP attribute, pseudo-syscalls should not be added to the BPF filter. Note that as of this commit, pseudo-syscalls are displayed in the PFC filter. Reported-by: Vitaly Chikunov <vt@altlinux.org> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: Use bitwise math rather than arithmeticTom Hromatka2020-07-132-4/+4
| | | | | | | | | | | The arm and x32 architecture files were using arithmetic to set/clear bits in their syscall numbers. This could erroneously double add or double subtract these bits. This commit uses bitwise logic to ensure the bits are properly set/cleared. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: clarify that syscall must exist in all filter architecturesTudor Brindus2020-07-131-0/+3
| | | | | | | | | | | | | | | If a syscall is used in a multi-architecture filter, the syscall must exist in all the architectures, or -EOPNOTSUPP is returned. For example, epoll_wait_old has value 215 in x86-64, but does not exist in x86. Trying to add a filter rule including it in a x86-64/x86 filter will fail. This commit clarifies that libseccomp will reject a rule containing such a case. Signed-off-by: Tudor Brindus <me@tbrindus.ca> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: add API level 6Paul Moore2020-06-2913-25/+289
| | | | | | | | | | | API level 6 allows callers to use both the TSYNC and notify APIs at the same time. This is due to the TSYNC_ESRCH flag which was added in Linux v5.7. This patch also fixes some omissions in seccomp_api_set(). Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* bpf: propagate errors from _gen_bpf_build_bpf helpersTudor Brindus2020-06-271-5/+14
| | | | | | | | | | | | | Prior to this commit, _gen_bpf_build_bpf would mask some errors that occurred in helper functions as EFAULT, even if they were not EFAULT to begin with. See https://github.com/seccomp/libseccomp/issues/240 for additional information. Signed-off-by: Tudor Brindus <me@tbrindus.ca> [PM: fixed GitHub reference] Signed-off-by: Paul Moore <paul@paul-moore.com>
* README: update the arch/ABI listPaul Moore2020-06-271-0/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: fix typo in commentRolf Eike Beer2020-06-251-1/+1
| | | | | Signed-off-by: Rolf Eike Beer <eb@emlix.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: add the SCMP_FLTATR_API_SYSRAWRC filter attributePaul Moore2020-06-1620-19/+254
| | | | | | | | | | | | | | | | See the manpage additions as part of this patch, but the basic idea is that when this attribute is non-zero we make every effort to convey the system's errno value back to the caller when something goes wrong in libc or the kernel. It is important to note from a support perspective that our ability to support callers who make use of this attribute will be diminished as the libc and kernel errno values are beyond libseccomp's control. If the attribute is zero, the library hides all of the system failures under -ECANCELED. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: add function comment headers for the notify functionsPaul Moore2020-06-162-5/+44
| | | | | | | | | | | | This really should have been done when the notification code was merged. Looking at the code, the seccomp.h.in comments can apply here so we're just going to do a cut-n-paste job. We also fixup some formatting/consistency issues in the seccomp.h.in comments. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* bpf: return integer error codes from gen_bpf_release()Paul Moore2020-06-166-16/+26
| | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* tools,tests: fixup errno handling to be more consistentPaul Moore2020-06-162-5/+5
| | | | | | | | | | The basic idea is that the C functions should return negative values on error and the terminal programs should return positive, non-zero values on error. Reported-by: Tom Hromatka <tom.hromatka@oracle.com> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the manpages with return code informationPaul Moore2020-06-169-29/+162
| | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: filter the return codes we send to userspacePaul Moore2020-06-161-52/+101
| | | | | | | | | | This is one part of including error codes in our API promise, it helps ensure we don't accidentally send an undocumented error code to the caller. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: use EINVAL to signify bad input to the libseccomp APIPaul Moore2020-06-164-9/+9
| | | | | | | | | We need to limit our use of EINVAL to only indicate bad input to the API functions. Bad input to internal functions is not a valid use of EINVAL. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: treat kernel/libc errors as ECANCELEDPaul Moore2020-06-164-13/+14
| | | | | | | | | | It is likely a fools errand to try and provide kernel and libc errno guarantees across different architectures, kernels, and libc implementations so let's just punt on the problem and dump all of these errors into the ECANCELED bucket. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: use EACCESS over EPERMPaul Moore2020-06-162-3/+3
| | | | | | | This is part of our error code cleanup and API promise. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the ABIs in seccomp_arch_add(3) manpagePaul Moore2020-06-161-1/+18
| | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the logo URLPaul Moore2020-06-161-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: cleanup the syscalls.csv formatPaul Moore2020-06-152-11/+3
| | | | | | | This should provide a nice clean display in the GitHub CSV viewer. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* all: pick better names for some legacy terminologyPaul Moore2020-06-1114-85/+85
| | | | | | | | | | I've never wanted my code to be either a reminder or a source of hurt for others, but it is possible that some older terminology used in this repository may do just that. That's a bug we need to fix, and hopefully this patch does just that. Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: some formatting fixes in seccomp.h.inPaul Moore2020-06-061-3/+5
| | | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: don't allow the TSYNC and NEW_LISTENER flags at the same timePaul Moore2020-06-011-2/+2
| | | | | | | | | | | Because TSYNC and NEW_LISTENER send information back via the seccomp(...) return value, they can not be used at the same time. It seems like the right thing to do is to always set the NEW_LISTENER flag (as long as the API level supports it) unless the caller explicitly sets TSYNC. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: force an API level update when necessaryPaul Moore2020-06-011-0/+12
| | | | | | | | | We can't always rely on callers calling seccomp_api_get() before using any API level gated functionality so let's force an API level update in a few key places. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* BUG: fix api update to check if SCMP_ACT_KILL_PROCESS is supportedKenta Tada2020-05-301-1/+2
| | | | | | Signed-off-by: Kenta Tada <Kenta.Tada@sony.com> Acked-by: Tom Hromatka <tom.hromatka@oracle.com Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: fix api update to check if SCMP_ACT_NOTIFY is supportedKenta Tada2020-05-302-1/+5
| | | | | | Signed-off-by: Kenta Tada <Kenta.Tada@sony.com> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* aarch64: Use architecture specific header to general syscallsAlex Murray2020-05-182-5/+5
| | | | | | | | | This ensures clone3, getrlimit and setrlimit are defined for aarch64 - also update syscalls.csv from 5.6.0 to pick up these new syscalls Signed-off-by: Alex Murray <alex.murray@canonical.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* Merge pull request #229 from drakenclimber/pull/215ppcTom Hromatka2020-04-158-50/+673
|\ | | | | BUG: add ipc and socket multiplexing support to ppc64
| * travis: enable ppc64leTom Hromatka2020-04-151-0/+1
| | | | | | | | | | | | | | | | This commit enables TravisCI to run the automated tests on powerpc64le. Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
| * tests: Also test ppc64le in test 30Tom Hromatka2020-04-153-17/+37
| | | | | | | | | | | | | | | | This commit adds the ppc64le architecture to test 30-sim-socket_syscalls. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Acked-by: Paul Moore <paul@paul-moore.com>
| * tests: Also test ppc64le in test 36Tom Hromatka2020-04-153-25/+29
| | | | | | | | | | | | | | | | This commit adds the ppc64le architecture to test 36-sim-ipc_syscalls. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Acked-by: Paul Moore <paul@paul-moore.com>
| * ppc64: Add multiplexing support for ipc and socket syscallsTom Hromatka2020-04-151-8/+606
| | | | | | | | | | | | | | | | This commit adds support to ppc64 for ipc and socket calls that are multiplexed. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Acked-by: Paul Moore <paul@paul-moore.com>
* | travis: the arm64 build doesn't like cpp-coverallsPaul Moore2020-04-031-1/+4
|/ | | | | | | | For some reason the Travis CI build is failing to pip install the cpp-coveralls package so let's skip it (we don't run the coveralls portions on arm64 anyway). Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: fix some unnecessary line wrapsPaul Moore2020-04-011-4/+2
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: improve the manpages for seccomp_rule_add() and seccomp_load()Paul Moore2020-04-012-0/+30
| | | | | | | | | Add some text to clarify that you can only have one comparison per syscall argument in a given rule as well as better explain what happens when you have multiple filters loaded. Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* check-syntax: ignore the gperf auto generated filesPaul Moore2020-03-271-1/+1
| | | | | | | It is pointless to check the syntax of automatically generated files so let's stop doing it. Signed-off-by: Paul Moore <paul@paul-moore.com>
* s390: Add semtimedop() to mux/demux functionsTom Hromatka2020-03-271-2/+5
| | | | | | | | | This commit adds semtimedop() support to the s390 mux/demux functions - _s390_syscall_demux() and _s390_syscall_mux(). Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* s390: Add several syscalls to the munge functionsTom Hromatka2020-03-271-0/+28
| | | | | | | | | | | The following syscalls were missing from the s390 munge functions - s390_syscall_resolve_name_munge() and s390_syscall_resolve_num_munge(): msgctl, msgget, msgrcv, msgsnd, semctl, semget, and semtimedop Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* s390x: Add several syscalls to the munge functionsTom Hromatka2020-03-271-0/+28
| | | | | | | | | | | The following syscalls were missing from the s390x munge functions - s390x_syscall_resolve_name_munge() and s390x_syscall_resolve_num_munge(): msgctl, msgget, msgrcv, msgsnd, semctl, semget, and semtimedop Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Remove ipc syscalls from test 53-sim-binary_treeTom Hromatka2020-03-253-9/+0
| | | | | | | | | | | | The syscalls shmat, shmctl, and shmget are ipc syscalls on s390 and s390x. This causes test #53 to fail due to the syscall number not matching up with the values in the *.tests file. This commit removes the aforementioned ipc syscalls since they are being tested in tests #36 and #37. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: simplify the MIPS ABI syscall generation codePaul Moore2020-03-231-57/+15
| | | | | | | The MIPS ABIs now use the parser friendly syscall.tbl format so make use of that to simplify our code. Signed-off-by: Paul Moore <paul@paul-moore.com>
View Lorry Controller Status