summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* build: bump the version to v2.3.3v2.3.3release-2.3Paul Moore2018-01-102-1/+3
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the CHANGELOG and CREDITS for v2.3.3Paul Moore2018-01-101-0/+3
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: fix the live Python testsPaul Moore2018-01-103-0/+3
| | | | | | | | Add the sigaltstack(2) syscall to the list of allowed syscalls; tested against Python v3.6.4. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 8aced6fe4087e7e16e76d06bdf1e73f0a2ae9c97)
* arch: update the syscalls for Linux v4.15-rc7Paul Moore2018-01-1013-13/+68
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit c842c2f6c203ad9da37ca60219172aa0be68d26a)
* arch: add the statx syscallTobias Klauser2018-01-1012-12/+24
| | | | | | | | | Fixes #88 Signed-off-by: Tobias Klauser <tklauser@distanz.ch> [PM: fixed the incorrect x32 definition] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 4793ea990ea80ee26ed63e2a20723fdb417abf5b)
* build: bump the version to v2.3.2v2.3.2Paul Moore2017-02-271-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the CHANGELOG for v2.3.2Paul Moore2017-02-271-0/+11
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* python: add support for Python 3.xPaul Moore2017-02-276-10/+31
| | | | | | | | | | | | This patch adds the necessary tweaks to support building against Python v2.x and v3.x. In the process we also fix some problems with the Python live tests; it is unclear when they broke, but they are working now. Tested on Python v2.7.13 and v3.6.0. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ce5aea6a4ae7523b57ec13e2e6150aa5d83c1b4e)
* tests: we can't run fuzz tests on non-native filtersPaul Moore2017-02-271-5/+0
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 1b0324ec4a8890ea59fd0d3bc30dbcf99470031a)
* build: fix arch-syscall-check for all supported architecturesPaul Moore2017-02-271-2/+2
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* build: fix a problem where arch-syscall-check could fail and return 0Paul Moore2017-02-271-0/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>(imported from commit 6fdeebac85d7605f9a9b5f0bc7bbb19cafea7969)
* docs: update the CREDITS filePaul Moore2017-02-271-1/+9
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit d7abf329964b481a5f8dd8a291d5bad46d0ed73c)
* bpf: don't catch the -1 syscall in the x32/x86_64 checkPaul Moore2017-02-231-1/+20
| | | | | | | | | | | | | | | | The -1 syscall can be used by a tracing process to skip a syscall, which up until Linux v4.8 was of no concern for libseccomp since the seccomp filter was only executed at the start of the syscall and not after the tracing process was notified, however recent kernels also execute the seccomp filter after the tracing process finishes its syscall handling; this caused problems on x86_64 systems that didn't explicitly add an x32 architecture to their filters. This patch fixes the x32 check to treat the -1 syscall like any other syscall. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ba73ee4f56e8ada7309345cbe08ebf358d60f7e7)
* all: add tests to ensure that syscall -1 is handled correctlyPaul Moore2017-02-237-7/+159
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 11e21098e0c3b5481fb0f6e6bdbb266bdd0fc24c)
* all: treat syscall -1 as a valid syscallPaul Moore2017-02-239-18/+53
| | | | | | | | | | | | | | Process tracers use a -1 syscall value to indicate that a syscall should be skipped. This turns out to be quite an undertaking as we need to workaround __NR_SCMP_ERROR (which also has a value of -1). Pay special attention to the new attribute, SCMP_FLTATR_API_TSKIP, and the documentation additions. More information in the GitHub issue: * https://github.com/seccomp/libseccomp/issues/80 Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit dc879990774b5fe0b5d3362ae592e8a5bb615fbb)
* man: clarify syscall number rewritingLuca Bruno2017-02-212-3/+18
| | | | | | | | | | | | | In case of multiplexed syscalls, syscall name resolver and rule builder both offer additional functions to ignore or perform syscall number rewriting. This commit introduces additional explicit details to the corresponding manpages. Signed-off-by: Luca Bruno <lucab@debian.org> [PM: minor man-page style fixes] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a66f000de92c7ced17ae6615837dabafd803ae42)
* doc: fix some of the man-page languagePaul Moore2017-02-211-7/+6
| | | | | | | See https://github.com/seccomp/libseccomp/issues/37 Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 2821a4a4bba940abc5d2a21c42b5bd83e156bd0f)
* build: integrate Coverity scanning into the Travis CI buildPaul Moore2017-02-211-2/+18
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 15fd61ab2ce4b0a7889d86be44a2a36724700d5f)
* build: treat clang errors as fatal in the Travis CI buildPaul Moore2017-02-171-1/+1
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 06b825925dfe19030b877eb8f48ac96279d8fc50)
* db: include the arguments in the db_api_rule_list structPaul Moore2017-02-177-101/+44
| | | | | | | | | | | Instead of dynamically allocating a variable number of arguments, include an array of ARG_COUNT_MAX elements directly in the struct. Also perform a number of simplifications to the code with the understanding that ARG_COUNT_MAX is an ABI independent value that isn't variable. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit e3addce3794ddb6dc174d429da055296282df0e6)
* tests: limit fuzz testing on Travis CI to avoid timeoutsPaul Moore2017-02-161-1/+1
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 390b4b2f37b8790c3ba762578d5b610304fdb64d)
* tests: add support for $LIBSECCOMP_TSTCFG_STRESSCNTPaul Moore2017-02-161-0/+4
| | | | | | | | Allow the fuzz tests to be configured via the LIBSECCOMP_TSTCFG_STRESSCNT environment variable. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 5364bacf18b73a8a1c4d2d89b8bf50f752d53210)
* build: restore the '-static' linker flag for the test suitePaul Moore2017-02-161-0/+8
| | | | | | | | | | | | Commit a69776395367 ("build: add basic code coverage support") added support for code coverage but removed the '-static' linker flag from the test directory which makes debugging tests much more difficult. Unfortunately, we can't simply restore the '-static' linker flag as it causes problems with the code coverage tools, so make it dependent on the '--enable-code-coverage' configure flag. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a90977cd9f17646280848fd2da748539f61570e1)
* docs: add a Coveralls badge to README.mdPaul Moore2017-02-071-0/+1
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 5ba14fba2029b69845f0c44462531724043e1215)
* build: add Coveralls supportPaul Moore2017-02-071-3/+13
| | | | | | | See https://coveralls.io for more information. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 279929ab67fe3ba4f0c8c59108203eb97df934d9)
* tests: add test configuration via environment variablesPaul Moore2017-02-071-0/+4
| | | | | | | | Allow the test type to be specified by the LIBSECCOMP_TSTCFG_TYPE environment variable. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit c33e14937344af12ea42a8ca33497a443f486ac4)
* build: add basic code coverage supportPaul Moore2017-02-075-5/+281
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a697763953670b7d9ce3375fe2d3c6fe87fb076c)
* build: fix 'make distcheck'Paul Moore2017-02-061-1/+1
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit eb78d651177aea5812a2757e72326388954fe1ec)
* build: update the Travis CI configurationPaul Moore2017-02-061-11/+13
| | | | | | | | | Two major changes: don't require sudo (allows the use of the Travis container infrastructure) and run the clang static analyzer as one of the tests. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit d3afeac428d5b1556a5abf17821a00d6984212eb)
* doc: add reporting information to README.mdPaul Moore2017-02-051-1/+7
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ce3e4de5263ee722aac9293b493b1c8104fed5de)
* build: add a Travis CI status badge to the README.mdPaul Moore2017-02-051-0/+1
| | | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> [PM: updated badge to reflect the 'release-2.3' branch] (imported from commit bda9c267115bb63221a6486f1d1077449f686d52)
* doc: add the CII Best Practices badge to the READMEPaul Moore2017-02-051-0/+2
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit aa3a022be41d8312a4ffe923e3b1d0cff467da8e)
* doc: convert the README to Markdown for better use on GitHubPaul Moore2017-02-051-9/+9
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 7de6957444be9f2fbe09fd15c7ba81ffa4eb0ad8)
* build: add initial support for Travis CIPaul Moore2017-02-051-0/+43
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 47bdf57274ef7e2c48a97de991855efa10c4bf55)
* doc: fix typo in reference: "seccom_merge"Vladimir Rutsky2017-02-021-1/+1
| | | | | | Signed-off-by: Vladimir Rutsky <vladimir@rutsky.org> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 516e41e881bb26c23aa31ca18fd706bc66fc91d8)
* arch: update the syscall tables to 4.10-rc6+Paul Moore2017-02-023-10/+10
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 116b3c1a2e1db53cc35b74f30c080f5265faa674)
* all: update the syscall validation code/scripts for January 2017Paul Moore2017-02-0228-174/+147
| | | | | | | | | A variety of updates to reflect changes in the Linux Kernel and the library itself with the goal of making sure the syscall checking scripts continue to work. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 486c16401ea59657750987b19641d4b8fcc972e2)
* build: ensure we sort the library and kernel syscall lists the same during ↵Paul Moore2017-02-021-1/+1
| | | | | | | validation Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit e58bfa9032a5e15e2081ddfdda040e7a29de58b9)
* arch: update syscalls for Linux 4.9Justin Cormack2017-02-0213-11/+86
| | | | | | | | | | | | Add support for the following syscalls added in Linux v4.9: - preadv2 and pwritev2 - pkey_mprotect, pkey_alloc, pkey_free Signed-off-by: Justin Cormack <justin.cormack@docker.com> [PM: update subject line, description, and some whitespace] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit d9102f12fd39bd77151a1f630fcfc8c80f86c55c)
* build: bump the version to v2.3.1v2.3.1Paul Moore2016-04-201-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the CHANGELOG for the v2.3.1 releasePaul Moore2016-04-201-1/+6
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: fix the multiplexed ipc() syscallsPaul Moore2016-04-203-6/+6
| | | | | | | | | Unfortunately we were only properly handling some of the multiplexed ipc() syscalls, this patch correctly handles all of the ipc() syscalls. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a58deebd1ee7bedc47bb966ebeec699421e40c65)
* s390: handle multiplexed syscalls correctlyPaul Moore2016-04-2012-13/+979
| | | | | | | | | | | It turns out the socket and ipc related syscalls are also multiplexed on s390/s390x much like they are on 32-bit x86. Further making things difficult is that starting with Linux 4.3 the socket syscalls are also available as directly wired versions, much like 32-bit x86. This patch attempts to fix all those problems. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 66282c31034e2bb442bd9dc862d6d814f0df2f98)
* tests: replace socket syscall references in 15-basic-resolverPaul Moore2016-04-192-7/+7
| | | | | | | | | On 32-bit x86 the resolved socket syscall() doesn't always resolve to the __NR_socket value due to the direct wired socket syscall so replace it with the read() syscall to ensure the test doesn't fail. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 13e0bae9571c195ee979a66b329aa538b87ee65d)
* arch: fix a number of 32-bit x86 failures related to socket syscallsPaul Moore2016-04-103-5/+105
| | | | | | | | | | | | | | | It turns out there was still a few bugs with the 32-bit x86 socket syscalls, especially on systems with older kernel headers installed. This patch corrects these problems and perhaps more importantly, returns the resolver API functions to returning the negative pseudo syscall numbers in the case of 32-bit x86, this helps ensure things continue to work as they did before as the API does not change. It it important to note that libseccomp still generates filter code for both multiplexed and direct socket syscalls regardless. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 73d83e45efbe8c31067c97155162f17ca51b7435)
* build: bump the version to v2.3.0v2.3.0Paul Moore2016-02-291-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: update the CHANGELOG for the v2.3.0 releasePaul Moore2016-02-261-0/+10
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* python: update the bindings metadataPaul Moore2016-02-261-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* build: swap '()' for '{}' in Makefiles for consistencyPaul Moore2016-02-262-2/+2
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: update the ABI whitelist for the seccomp() syscallPaul Moore2016-02-261-0/+6
| | | | | | | | | | Special thanks to those on the "Reported-by" line who helped test this. Reported-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com> Reported-by: than <than@redhat.com> Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
View Lorry Controller Status