| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
(imported from commit 94d42926fd67d2d4fa07031bdc6c6bf8e420a103)
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
| |
(imported from commit ac070b83a8141810c664f5b55d4270b0e180eb2c)
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
|
| |
|
|
| |
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
|
| |\
| |
| | |
Backports to release-2.4 branch
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is long overdue so quite a few changes, including tweaks to
support some newly direct wired syscalls which were previously
multiplexed.
We really need to make sure we update the syscall table more often.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit bf747eb21e428c2b3ead6ebcca27951b681963a0)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We shouldn't be redefining AM_CPPFLAGS here, so get rid of it.
Reported-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit ae19647048b38ad6d2ab0f2ac0db4dc1e9be1f7d)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Without this, anything which includes "seccomp.h" will fail when using a build version of libseccomp.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: tweaked the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit c95cdadef8746f9b4c714443e74e364f8fc7f10c)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Historically libseccomp has created a __NR_x definition for every
syscall it supports, even those that aren't valid for a given ABI.
While this seemed like a good idea at the time, it turned out to have
some unwanted and nasty side effects. This patch finally corrects
this problem.
The basic approach is quite simple: move the SCMP_SYS() macro to use
__SNR_x values instead of __NR_x values. The unfortunate side effect
of this change is that instead of just worrying about #defines for the
__PNR_x values we now have to have a __SNR_x define for *every*
syscall. The good news is that after this patch that should only be
a few new syscalls every year - a very manageable task.
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit bf162816a6e42d7a40e54aadc18d1a98c34ca971)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| |\ \
| |/
| | |
Backport various fixes to the release-2.4 branch for a v2.4.2 release
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 2b406e3b274407ceef53fa3de9469cfbd0fd0ddb)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 8ad3638ea9023c3948976dfadebd1554380a31c9 effectively added libseccomp/
to the install path of the python extension.
This changed the import module name from "seccomp" to "libseccomp.seccomp",
breaking existing users.
Revert the install path like it was before 2.4.0
Signed-off-by: Felix Geyer <debfx@fobos.de>
[PM: tweaked the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit ff7fc73bdf4602323ce320a2094c006c9c3e4d42)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A number of updates mainly focused on paving the way for multiple
maintainers and making better use of the GitHub vulnerability
reporting tools.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 4bec773fb401433bbfbbef111a49e1d2acbc4fcf)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Stephen Coleman <omegacoleman@gmail.com>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: added the "arch:" subj prefix]
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 5fc22428507ecea00ee9e2215d972777da9a99b6)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Set the Cython language level to "3str" which is described in the
Cython 0.29 changelog:
"A new language level name 3str was added that mostly corresponds to
language level 3, but keeps unprefixed string literals as type ‘str’
in both Py2 and Py3, and the builtin ‘str’ type unchanged. This will
become the default in the next Cython release and is meant to help
user code a) transition more easily to this new default and
b) migrate to Python 3 source code semantics without making support
for Python 2.x difficult."
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit d390edad9a8540c2e2dd0b12732cc8dd3fe1cc69)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 3570b5cf9acbd1711d417e08ec608eea7b83d416)
[TJH: removed the SPEC_ALLOW logic since it isn't in the 2.4.x release]
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The idea is that any administrative/process docs should go in doc/admin.
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 3f214cbbbbd663dd4e7fe90638af4971b436ec00)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Fix some examples and add a note about deprecating older, unsupported
releases.
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 0d73daf07490656130e0f5311ad12ca8818752c5)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
| |
Because of the way libseccomp handles non-native arch translations we
can't use arbitrary syscalls, e.g. 1000; we need to use syscalls that
are defined in the libseccomp syscall tables. Unfortunately, changing
the syscalls from 1000/1001 to a defined syscall appears to break the
test so let's just limit it to x86_64 for now.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libseccomp utilizes a hash table to manage BPF blocks. It
currently employs MurmurHash3 where the key is the hashed values
of the BPF instruction blocks, the accumulator start, and the
accumulator end. This test was added because of a mishandled
hash collision reported by Tor in GitHub issue #148.
* https://github.com/seccomp/libseccomp/issues/148
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses a problem where dissimilar instruction blocks were
improperly hashed to the same value because we were not taking into
account the accumulator state.
See the GitHub issue below for more information:
* https://github.com/seccomp/libseccomp/issues/148
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
We want to be able to test proper ordering for both LT and GT
comparisons.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
| |
Based on some initial tests from Jann Horn.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
| |
Based on the recent 64-bit argument comparison fixes, we need to
update test 38-basic-pfc_coverage.
A special thanks to Jann Horn for bringing this problem to our
attention.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
We were mistakenly passing the wrong accumulator state (the state at
the start of the instruction block, not at the end) which was causing
us to generate unnecessary load instructions.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our approach to doing 64-bit comparisons using 32-bit operators was
just plain wrong, leading to a number of potential problems with
filters that used the LT, GT, LE, or GE operators. This patch fixes
this problem and a few other related issues that came to light in
the course of fixing the core problem.
A special thanks to Jann Horn for bringing this problem to our
attention.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
None of these are major, and they are all part of the tests, but we
should fix them regardless.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
This return code was added in 4.14, so let's reflect that here.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
[PM: cleanup up some duplication with the existing SECCOMP_RET_LOG code]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
The kernel switched their defines to be more expressive like this, so let's
do the same. That will make it easy in future patches to copy and paste
definitions from the kernel :)
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
If both trees have prefixes that don't match, bail on the prune
operation.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
Add "[+]all_32" and "[+]all_64" which work the same as the
little and big endian test filters.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
Unfortunately a number of our automated tests fail because of the
x32 syscall bit, making low numbered syscalls invalid.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
| |
We forgot to do this earlier, fix it.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
| |
Verified on a 32-bit x86 Ubuntu 16.04.6 system.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
I had made this fix earlier when applying a patch, but forgot to
update the patch.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a longstanding issue with 32-bit to 64-bit sign extension
inadvertently resulting in bogus syscall argument extensions. This
patch introduces a new set of argument comparison macros which
limit the argument values to 32-bit values so that we don't run into
problems with sign extension.
We use the macro overloading proposed by Roman at
https://kecher.net/overloading-macros/ to retain the feature of these
macros being usable as static initializers.
Thanks to @jdstrand on GitHub for reporting the problem.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Key changes include:
* Added __NR_statx, __NR_io_pgetevents, and __NR_rseq syscalls
to seccomp.h.in
* mips architecture now generates some of its syscall header
files. Added logic to arch-syscall-validate to create these
headers
* ppc architecture now uses a syscall.tbl
* s390 now uses a syscall.tbl
This addresses GitHub issue #136
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit clarifies the error code when seccomp_arch_add() or
seccomp_merge() fails due to an endian mismatch. Previously,
libseccomp would return -EEXIST if the new architecture's
endianness did not match.
This addresses GitHub Issue #86 - BUG: seccomp_arch_add() returns
-EEXISTS on endian mismatch
Reported-by: Michael Vogt <michael.vogt@gmail.com>
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
| |
I forgot to add scmp_api_level to the .gitignore file.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix a leak found by clang where we were not cleaning up properly in
the error path.
CC libseccomp_la-db.lo
db.c:2020:2: warning: Potential leak of memory pointed to by 'rule_s'
_db_snap_release(snap);
^~~~~~~~~~~~~~~~
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
We are currently testing under Ubuntu 14.XX with Travis CI, it's time
to update to a more recent version of Ubuntu.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
Unfortunately the pseduo syscall number for subpage_prot() was
already in use by spu_run() so renumber it to a free pseduo syscall
number.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
