summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* build: update the version number for 2.1.1v2.1.1release-2.1Paul Moore2013-10-302-2/+2
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* doc: update the CREDITS and CHANGELOG filesPaul Moore2013-10-302-0/+13
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* Merge branch 'master' into release-2.1Paul Moore2013-10-3050-1244/+1877
|\
| * api: fix some vertical whitespace mistakesPaul Moore2013-10-221-3/+0
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * build: Hide non-public symbolsAndy Lutomirski2013-10-222-32/+41
| | | | | | | | | | | | | | | | | | | | Set -fvisibility=hidden and explicitly unhide public APIs. This overrides it with -fvisibility=default for Python because otherwise initseccomp gets hidden and the module won't load. Signed-off-by: Andy Lutomirski <luto@amacapital.net> (minor style fixes and macro renames) Signed-off-by: Paul Moore <pmoore@redhat.com>
| * python: Remove file object support from ArgAndy Lutomirski2013-10-224-16/+10
| | | | | | | | | | | | | | | | | | | | It's still possible to pass file descriptors into the Arg data, but safe uses are already complicated enough that making the user call fileno() themselves seems reasonable. Signed-off-by: Andy Lutomirski <luto@amacapital.net> (corrected the python test cases to take into account the change) Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tests: fix a problem with the python bindings and the bpf-valgrind testsPaul Moore2013-10-211-0/+6
| | | | | | | | | | Reported-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Paul Moore <pmoore@redhat.com>
| * hash: cleanup the Jenkins hash source to better match our codePaul Moore2013-10-211-565/+240
| | | | | | | | | | | | | | Style improvements as well as a wrapper function to select the "best" hash for a given situation. Some unused functions were also removed. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * all: apply basic formatting fixes to src/hash.cPaul Moore2013-10-212-509/+752
| | | | | | | | | | | | | | | | There is still a lot of style/formatting work that should probably be done to this file, but this cleans it up enough so it passes our basic style checks. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * all: assorted formatting fixesPaul Moore2013-10-2116-304/+313
| | | | | | | | | | | | | | Since we have a tool to verify the source code style/formatting, let's put it to good use. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tools: add a basic C style/format checking toolPaul Moore2013-10-212-1/+121
| | | | | | | | | | | | | | This is far from perfect, but it is something, and it provides an objective answer to "how do I style my code for this project?". Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tests: small typo fix in testdiffPaul Moore2013-10-181-1/+1
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * bpf: fix a number of valgrind issuesPaul Moore2013-10-181-7/+12
| | | | | | | | | | | | | | | | | | | | | | This patch fixes a number of uninitialized memory problems caught by valgrind. These aren't the typical uninitialized memory issues, but rather an issue with our block hashing and the structure padding areas not being init/reset. This isn't something that I expect would have caused a lot of problems, but they would have been a major head-scratcher and difficult to reproduce. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * db: fix a realloc() problem in db_col_merge()Paul Moore2013-10-181-0/+1
| | | | | | | | | | | | | | Another stupid mistake of mine; we weren't correctly reassigning a pointer after a successful realloc() in db_col_merge(). Signed-off-by: Paul Moore <pmoore@redhat.com>
| * db: perform sub-tree "pruning" correctlyPaul Moore2013-10-182-97/+182
| | | | | | | | | | | | | | | | | | The existing sub-tree pruning was bad, so very bad. It was obviously broken on 32-bit platforms (our own tests were failing), and somewhat less obviously broken on 64-bit platforms. Reported-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
| * build: enable "make check" to run the regression testsPaul Moore2013-10-182-2/+9
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tests: add some scripts to compare test output from different test runsPaul Moore2013-10-183-0/+333
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tests: make the regression test valgrind mode more usefulPaul Moore2013-10-1820-41/+184
| | | | | | | | | | | | | | We don't really need to run valgrind multiple times for each test case, just once should be enough. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tests: correct some architecture problems with 25-sim-multilevel_chains_advPaul Moore2013-10-171-10/+10
| | | | | | | | | | | | The current tests are not safe for non-native architectures. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * build: fixup the "clean" portions of the build processPaul Moore2013-10-173-4/+4
| | | | | | | | | | Reported-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
| * tests: return a useful error code from the test harnessPaul Moore2013-10-141-1/+5
| | | | | | | | | | | | | | With this patch the test harness returns 0 if there were no errors or failures detected, positive values if a error or failure was detected. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * build: correct some build dependenciesPaul Moore2013-10-141-3/+3
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * python: Add a docstring for the SyscallFilter constructorAndy Lutomirski2013-10-081-4/+6
| | | | | | | | | | | | | | | | | | Cython doesn't support docstrings for __cinit__. This change will (very slightly) slow down construction, but it makes ipython happer. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Paul Moore <pmoore@redhat.com>
| * build: remove quotes in the INSTALL_BIN_MACRO macroJoe MacDonald2013-10-041-1/+1
| | | | | | | | | | | | | | | | The double-quotes around $^ in INSTALL_BIN_MACRO prevented it from being used to install more than a single binary to INSTALL_BIN_DIR at a time. Signed-off-by: Joe MacDonald <joe@deserted.net> Signed-off-by: Paul Moore <pmoore@redhat.com>
| * python: improve the argument comparison documentationPaul Moore2013-10-041-8/+8
| | | | | | | | | | | | Expand on the comments made by Andy Lutomirski. Signed-off-by: Paul Moore <pmoore@redhat.com>
| * python: Improve MASKED_EQ docsAndy Lutomirski2013-10-041-1/+1
| | | | | | | | | | | | | | It wasn't clear before which datum was the mask and which was the value. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Paul Moore <pmoore@redhat.com>
* | build: disable the python bindings for the v2.1.x releasev2.1.0Paul Moore2013-06-101-8/+1
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* | doc: trim the development stuff from the top of the changelogPaul Moore2013-06-101-4/+0
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* | build: set the version to v2.1.0Paul Moore2013-06-101-2/+2
|/ | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* doc: update the changelog for the v2.1 releasePaul Moore2013-06-101-0/+7
|
* doc: add a manpage for scmp_sys_resolverPaul Moore2013-05-293-2/+78
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* tools: allow the syscall resolver to resolve both names and numbersPaul Moore2013-05-291-6/+15
| | | | | | | | | | | Often we need to resolve syscall numbers into syscall names, add this functionality to our existing resolver. Thanks to Eduardo Otubo who originally came up with the idea and inspired this patch. Reported-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
* build: install the scmp_sys_resolver toolPaul Moore2013-05-293-2/+17
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* tools: rename some of the tools in preparation for installationPaul Moore2013-05-238-12/+15
| | | | | | | | Some of the tools are quite handy and would likely be useful for developers incorporating libseccomp into their applications so let's go ahead and namespace the tools in preparation for installing them. Signed-off-by: Paul Moore <pmoore@redhat.com>
* api: wrong variable name was failing seccomp_syscall_priorityEduardo Otubo2013-05-081-1/+1
| | | | | | | | | The wrong variable name was erroneous failing the function seccomp_syscall_priority() when trying to set a priority on a negative (pseudo-syscall) is added. Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
* bpf: fix the bpf_program structPaul Moore2013-04-221-1/+2
| | | | | | | | In a previous commit I reordered the bpf_program struct, and in the process I broke the prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, ...) API. This patch restores the proper bpf_program structure ordering. Signed-off-by: Paul Moore <pmoore@redhat.com>
* tests: add a placeholder for 00-testPaul Moore2013-04-222-1/+8
| | | | | | | | | | | | | | | | During the course of development there are often times when we want to temporarily add a test; to help with this problem, this patch adds a placeholder for test "00-test" which can be used as a temporary test case. In order to use this, simply copy your temporary test case into the file tests/00-test.c and do the following from the top-level build directory: # make clean all # make -C tests 00-test Signed-off-by: Paul Moore <pmoore@redhat.com>
* all: improved structure ordering/alignmentPaul Moore2013-04-193-22/+22
| | | | | | Shuffle some structure fields to improve packing and cacheline ordering. Signed-off-by: Paul Moore <pmoore@redhat.com>
* all: convert some booleans from ints to boolsPaul Moore2013-04-199-67/+69
| | | | | | Make it more obvious that these variables are booleans. Signed-off-by: Paul Moore <pmoore@redhat.com>
* db: remove unused macrosPaul Moore2013-04-191-8/+0
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* db: correctly compare syscall arguments on 64-bit systemsPaul Moore2013-04-188-95/+194
| | | | | | | | | This patch corrects a number of problems on 64-bit systems that were preventing us from correctly comparing the high 32-bit word of a syscall argument in some cases. Reported-by: Thiago Marcos P. Santos <tmpsantos@gmail.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
* pfc: display syscall names instead of numbers in the commentsPaul Moore2013-04-171-2/+3
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* build: ensure that cython 0.16 or higher is installed when building python ↵Paul Moore2013-04-031-1/+12
| | | | | | | | | | bindings Our Cython code only builds properly on Cython 0.16 or higher so verify that a proper version of Cython is installed if we are building the Python bindings. Signed-off-by: Paul Moore <pmoore@redhat.com>
* bpf: correctly manage the BPF accumulator statePaul Moore2013-04-031-9/+9
| | | | | | | | We weren't correctly tracking the accumulator state as we built the BPF code, in an effort to fix this we now store the initial state of the accumulator along with the BPF instruction block. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: ensure that we handle x32 correctly when checking the architecturePaul Moore2013-03-283-42/+100
| | | | | | | | Since x86_64 and x32 share the same seccomp filter architecture token in the kernel we need to do an extra step and verify the syscall number when checking the architecture. Signed-off-by: Paul Moore <pmoore@redhat.com>
* tests: add a live test to exercise the syscall argument matchingPaul Moore2013-03-285-1/+167
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* tests: add a test to exercise the x32 and arm architecturesPaul Moore2013-03-285-1/+172
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* tests: minor fixups due to the new arch supportPaul Moore2013-03-282-4/+18
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* tests: add support for the x32 and arm architecturesPaul Moore2013-03-281-5/+2
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* tools: add a new architecture detection toolPaul Moore2013-03-283-1/+91
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
View Lorry Controller Status