summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: Allow munmap() syscall in Python test #24v2.5.2Tom Hromatka2021-09-011-0/+1
| | | | | | | | | | | The python live test, 24-live-arg_allow.py, started failing on Python version 3.9.6+ on Fedora 34 and Ubuntu 20.10. The Python quit() call is now invoking the munmap() syscall. To fix this, allow the munmap() syscall in the test's seccomp filter. Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> (cherry picked from commit 4f34c6eb17c2ffcb0fce5911ddbc161d97517476)
* all: release v2.5.2Tom Hromatka2021-08-311-1/+1
| | | | Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
* all: CHANGELOG update for release v2.5.2Tom Hromatka2021-08-311-0/+12
| | | | | | Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> (cherry picked from commit 1d26fa1332ac8b7eeaa706f7febf343310a52160)
* docs: update the CREDITS fileTom Hromatka2021-08-251-0/+3
| | | | | Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> (cherry picked from commit 8489cff8092d3c53f1a261a9b637ebfaeec45650)
* bpf: Fix typo in commentTom Hromatka2021-08-251-1/+1
| | | | Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
* syscalls: update to Linux v5.14-rc7Paul Moore2021-08-232-1/+13
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: Add BUGS section to seccomp_rule_add.3Tom Hromatka2021-08-231-0/+18
| | | | | | | | | | | | | | | Add BUGS section to seccomp_rule_add.3 and add a warning about adding a seccomp filter to syscalls that are always expected to succeed. PowerPC's glibc behaves differently from other architectures and will not return a negative number for the getpid() syscall. Fixes: https://github.com/seccomp/libseccomp/issues/313 Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> (imported from commit b9a8f3dbdfe84bfe7802bb9532253cc0a46b5b8a)
* python: add the get_notify_fd() method to the SyscallFilter classPaul Moore2021-08-231-0/+13
| | | | | | | | | | The new get_notify_fd() method mimics the seccomp_notify_fd() C API with similar behavior. Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 8b34512de92decfd51fe900d23a82663711ca008)
* tests: various additions to improve code coveragePaul Moore2021-08-1215-64/+804
| | | | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit fcc601279004a7f4c2f6ebf766acb4556b0f5e65)
* arch: consolidate all of the multiplexed syscall handlingPaul Moore2021-08-1219-3422/+669
| | | | | | | | | | | Not only does this reduce the amount of duplicated code significantly, it removes a lot of the "magic" numbers in the code, and it happened to catch some bugs too. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 17cbd2c253ce63e5e9e3cec867ff58efbe8b5fdc)
* github: tweak the GH Actions configurationPaul Moore2021-08-122-8/+16
| | | | | | | | | | | This should help leverage the recent code coverage changes as well as some changes to the test framework. We also add the generated HTML coverage report to the "codecoverage" artifacts. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit c261232174c8432e12c39e2fc938a64d562de1d6)
* tests: add a util_gcov_rules() utility functionPaul Moore2021-08-122-0/+42
| | | | | | | | | | | | | | As documented in the function header: "This function is to make it easier for developers to temporarily add support for gcov/lcov to a test program; it likely should not be used in the normal regression tests. Further, this should only be necessary for the "live" tests." Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit cc8d19b69aaadff2172b04fa37d4995ae63e895a)
* build: reorganize the code coverage targetsPaul Moore2021-08-123-20/+10
| | | | | | | | | | | | | | | | | | This is arguably the way it should have been done in the beginning but TravisCI and Coveralls masked the need for proper standalone code coverage tests. With this change simply enabling code coverage during ./configure and following with a code coverage build should generate proper gcov/lcov data and a local HTML report, example: % ./configure --enable-code-coverage % make check-code-coverage Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a415ef0938c2fc8139d45f89a722d132367077cc)
* tests: add support for the LIBSECCOMP_TSTCFG_BATCHES env variablePaul Moore2021-08-121-0/+9
| | | | | | | | | | This allows us to specify the test batches via environment variables like we do other parts of the test configuration. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 72609f73cd95749e27f50f2c5a52bacdbb1a3c5a)
* tests: allow multiple test types using comma separated valuesPaul Moore2021-08-121-1/+18
| | | | | | | | | | | | | You can now run multiple test types using the '-T' argument and the LIBSECCOMP_TSTCFG_TYPE environment variable, for example: % cd tests % ./regression -T bpf-valgrind,live Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit b465f2329183adf9735c81e98500cee93eb720c9)
* ppc: add multiplexed syscall support to PPCPaul Moore2021-08-121-4/+526
| | | | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 255801bccf89343c684b2b94e85d9e0df484c133)
* mips: add multiplexed syscall support to MIPSPaul Moore2021-08-121-13/+495
| | | | | | | Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 8e2d449b012647d5f6d6ac86860689ce40e504ae)
* README: Display the Github Actions build status badgeTom Hromatka2021-08-121-1/+1
| | | | | | | | | | | Travis CI has now been disabled. Delete the Travis CI build status badge and display the Github Actions continuous integration workflow badge. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 04245d933fad94625b45a4d100112a3483ed9292)
* github: Add continuous integration workflowTom Hromatka2021-08-122-0/+138
| | | | | | | | | | Add Github Actions workflow and actions to run the automated libseccomp tests and gather code coverage metrics. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit fe068413adf3956a96d63aade3dbf7d556afd877)
* tools: fix scan-build warnings in scmp_bpf_disasmTom Hromatka2021-08-121-4/+2
| | | | | | | | | | | | | | | | | | | | | Delete the unused variable 'len' from scmp_bpf_disasm. scan-build identified the following two warnings: scmp_bpf_disasm.c:304:10: warning: Although the value stored to 'len' is used in the enclosing expression, the value is never actually read from 'len' while ((len = fread(&bpf, sizeof(bpf), 1, file))) { scmp_bpf_disasm.c:441:10: warning: Although the value stored to 'len' is used in the enclosing expression, the value is never actually read from 'len' while ((len = fread(&bpf, sizeof(bpf), 1, file))) { Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 947ecc884d5c503c08fd10d580cb6b353fa0f31a)
* travis: Disable Travis CITom Hromatka2021-08-121-83/+0
| | | | | | | | | | Disable Travis CI by deleting the .travis.yml file. Subsequent commits will enable the Github Actions continuous integration. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit dc775c014880cebb0087fb130d0163ff6f56e912)
* syscalls: add close_range() syscallSascha Grunert2021-07-191-0/+2
| | | | | | | | | | | The syscall has been added a while ago so we should support resolving it, too. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 01e5750e7c84bb14e5a5410c924bed519209db06)
* docs: update RELEASE_PROCESS.md to push the release tag as late as possiblePaul Moore2021-04-281-4/+7
| | | | | | | | | In order to help reduce confusion by those who closely follow the libseccomp repository on GitHub, push new release tags as late in the release process as possible. Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* syscalls: update the syscall table to v5.12-rc7Paul Moore2021-04-172-1/+7
| | | | | | | | | | | Due to additional ABIs in main we can't do a simple backport or copy of the syscall table so we are generating it directly in the release-2.5 branch. This patch also fixes the missing faccessat2() #defines in the seccomp-syscalls.h header file. Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: use old SECCOMP_IOCTL_NOTIF_ID_VALID number if necessaryMax Rees2021-03-052-2/+15
| | | | | | | | | | | | | | | | | | | | | | | Kernel commit 47e33c05f9f0 ("seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID") changed the public definition of SECCOMP_IOCTL_NOTIF_ID_VALID for correctness sake because it had the wrong direction (no current functional change). If libseccomp is built against kernel headers after this commit but is run on a kernel that was built prior to this commit, then the ioctl will always return -1 EINVAL and thus seccomp_notify_id_valid will incorrectly return -ENOENT. Copy the (now non-public) definition of the old ioctl number and try it if the ioctl with the number from the kernel headers fails with -1 EINVAL. Also, update the fallback definition of SECCOMP_IOCTL_NOTIF_ID_VALID to the new value. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Max Rees <maxcrees@me.com> [PM: tweak some vertical whitespace, subject line] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 83d7b022fa7ef8c24516cc668efc879e5398403f)
* doc: don't return -1 from main in manpage examplesKir Kolyshkin2021-03-053-3/+3
| | | | | | | | | | | | | | | It is custom for C functions to return a negative integer to denote an error. This should not be done with main() though, as the return value is used as an exit code, which is a byte (unsigned char), so return -1 becomes 255, which is unconventional. Fix examples where main returns -1 to return 1. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 6d5a0bb22c8162c167900a47d57ebdeeb22ff8c0)
* all: rename the "master" branch to "main"Paul Moore2021-01-221-2/+2
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit d5ad8369233322072eb0df0f9f507d94f6c88cf0)
* all: release v2.5.1v2.5.1Tom Hromatka2020-11-162-1/+8
| | | | Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
* docs: update the CREDITS fileTom Hromatka2020-11-161-0/+3
| | | | Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
* doc: Fix typo in seccomp_api_get.3Rodrigo Campos2020-11-161-2/+2
| | | | | | | | | | | Commit 6b286c2e8e43de76746346b8eab855311915f5aa ("api: add API level 6") introduced the API level 6 but had a typo and used 5 in the manpage. This commit just fixes the typo using API level 6 in the manpage. Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
* doc: add some more info about GPG keys to the README.md filePaul Moore2020-10-251-2/+4
| | | | | | | | | | | Some people may not be familiar with GPG keys, subkeys, and fingerprints; while a full explanation is beyond the scope of our README file, at least provides some hints and a link to the GPG website for more information. Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit e76d47bc45f30a3dcda125e080bd73d97b8c3bb0)
* doc: Add SCMP_ACT_NOTIFY documentation to seccomp_rule_add.3Tom Hromatka2020-10-251-0/+16
| | | | | | | | Document the usage of SCMP_ACT_NOTIFY in seccomp_rule_add.3 Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 8826022c0b7dd01a09973596750f038334780aad)
* build: undefine "mips" to prevent build problems for MIPS targetsPaul Moore2020-10-252-2/+4
| | | | | | | | | | | | | | | | | It turns out that the MIPS GCC compiler defines a "mips" cpp macro which was resulting in build failures on MIPS so we need to undefine the "mips" macro during build. As this should be safe to do in all architectures, just add it to the compiler flags by default. This was reported in the following GH issue: * https://github.com/seccomp/libseccomp/issues/274 Reported-by: Rongwei Zhang <pudh4418@gmail.com> Suggested-by: Rongwei Zhang <pudh4418@gmail.com> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 5cd9059618a0810ee47c21e6b44c5a876b75e23d)
* all: fix typo in BerkeleySamanta Navarro2020-10-212-2/+2
| | | | | | | Signed-off-by: Samanta Navarro <ferivoz@riseup.net> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ff6923163174ed156c4c0645961e602396298df9)
* tests: use smaller "magic" numbers in 58-live-tsync_notifyMichael Karcher2020-09-011-6/+7
| | | | | | | | | | | | This fix is performing the same changes bee43d3e884788569860a384e6a38357785a3995 was doing on test 51-live-user_notification on test 58-live-tsync_notify. Signed-off-by: Michael Karcher <github@mkarcher.dialup.fu-berlin.de> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit f0686d9de911e7ffcdc7364566c1d146e44657c2)
* tests: use openat and fstat instead of open and stat syscalls in tests 04 and 06Andreas Schwab2020-08-196-16/+20
| | | | | | | | | | | Architectures like aarch64 and riscv64, and all future architectures that use the generic syscall table, do not support the open and stat syscalls. Use the openat and fstat syscalls instead. Signed-off-by: Andreas Schwab <schwab@suse.de> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a317fabc1fd915f19f7e7326bf7dcb77493f1210)
* arch: ensure we don't "munge" pseudo syscall numbersPaul Moore2020-08-195-10/+30
| | | | | | | | | | | | | | | | | | | | A number of arches/ABIs have either syscall offsets (the MIPS family) or specific bits (x32) which are applied to their normal syscall numbers. We generally handle that via "munging" in libseccomp, and it works reasonably well. Unfortunately we were applying this munging process to the negative pseudo syscall numbers as well and this was causing problems. This patch fixes the various offset/bit arches/ABIs by not applying the munging to the negative pseudo syscall numbers. This resolves GH issue #284: * https://github.com/seccomp/libseccomp/issues/284 Reported-by: Harald van Dijk <harald@gigawatt.nl> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 34cde704979defcbddb8eea64295acf0e477c250)
* system: change our notification fd handlingPaul Moore2020-08-182-5/+19
| | | | | | | | | | | | | | | This commit changes how we handle the notification fd by only requesting it via _NEW_LISTENER if the filter has a _NOTIFY action in it. We also augment the seccomp_reset(NULL, ...) behavior so that it closes the notification fd before resetting the global state; applications that need to keep their notification fd open across a call to seccomp_reset(NULL, ...) can simply dup() it. Although one would have to wonder why the application would be calling seccomp_reset(NULL, ...) in that case. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 02812f99e8d1df2e671dac675b4af663d0266303)
* all: only request the userspace notification fd oncePaul Moore2020-08-1810-90/+187
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out that requesting the seccomp userspace notifcation fd more than once is a bad thing which causes the kernel to complain (rightfully so for a variety of reasons). Unfortunately as we were always requesting the notification fd whenever possible this results in problems at filter load time. Our solution is to move the notification fd out of the filter context and into the global task context, using a newly created task_state structure. This allows us to store, and retrieve the notification outside the scope of an individual filter context. It also provides some implementation improvements by giving us a convenient place to stash all of the API level related support variables. We also extend the seccomp_reset() API call to reset this internal global state when passed a NULL filter context. There is one potential case which we don't currently handle well: threads. At the moment libseccomp is thread ignorant, and that works well as the only global state up to this point was the currently supported API level information which was common to all threads in a process. Unfortunately, it appears that the notification fd need not be common to all threads in a process, yet this patch treats it as if it is common. I suspect this is a very unusual use case so I decided to keep this patch simple and ignore this case, but in the future if we need to support this properly we should be able to do so without API changes by keeping an internal list of notification fds indexed by gettid(2). This fixes the GitHub issue below: * https://github.com/seccomp/libseccomp/issues/273 Reported-by: Tobias Stoeckmann <tobias@stoeckmann.org> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ce314fe4111887c593e3c6b17c60d93bc6ab66b9)
* tests: use smaller "magic" numbers in 51-live-user_notificationPaul Moore2020-08-181-6/+7
| | | | | | | | | | | | | | | | | | | | | | On an x32 based system, and perhaps other 32-bit systems, the magic value in test 51-live-user_notification was too large and resulted in a failed comparison even when the userspace notification mechanism was working properly. This patch addresses this problem by using the parent process's PID for the magic number. For all arches/ABIs we know it is a valid return value for getpid() while also being one of the few PIDs that the child process should never legitimately get from a call to getpid(). This patch also restricts the use of SCMP_SYS() to only the libseccomp API calls. This should help us catch arches/ABIs that don't implement getpid(). I'm also not sure we want to be responsible for using SCMP_SYS() outside of the libseccomp API. Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit bee43d3e884788569860a384e6a38357785a3995)
* all: release v2.5.0v2.5.0Paul Moore2020-07-202-1/+23
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Explicitly specify the archs in the sim binary tree testTom Hromatka2020-07-181-51/+51
| | | | | | | | | | | | Test 53-sim-binary_tree removes the native architecture and builds the binary tree on aarch64, ppc64le, and x86_64. But the tests file was testing for "all" architectures which led to test failures on other systems like s390x. This commit replaces the "all" arch with only the architectures in the test. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a6de31f0d90f00bfd6900480857f6c71f1d3c8ef)
* syscalls: update the syscall table for Linux v5.8.0-rc5Paul Moore2020-07-151-1/+2
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* docs: update the CREDITS filePaul Moore2020-07-151-0/+11
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: add the 57'th python test to the MakefilePaul Moore2020-07-151-0/+1
| | | | | | | Make the "distcheck" happy by properly including the 57th python test. Signed-off-by: Paul Moore <paul@paul-moore.com>
* bpf: correctly check for zmalloc() failures in _gen_bpf_init_bintree()Paul Moore2020-07-151-2/+2
| | | | | | | Identified via Coverity, make sure we are checking the correct pointer depth when dealing with double pointers. Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: Document SCMP_FLTATR_CTL_OPTIMIZE in seccomp_attr_set.3Tom Hromatka2020-07-141-0/+26
| | | | | | | | This commit documents the usage of SCMP_FLTATR_CTL_OPTIMIZE in the seccomp_attr_set.3 man page. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* doc: clarify seccomp_rule_add syscall translation behaviorTudor Brindus2020-07-131-1/+4
| | | | | | | | | | | | | | | | libseccomp performs a translation step when adding a raw syscall value to a multi-architecture filter. For instance, when adding __NR_open (syscall value 2 on x86-64) to a filter containing x86 and x86-64 where the native ABI is x86-64, the x86 BPF branch will use the value 5 (__NR_open on x86). This commit adds explicit documentation for the translation step. Refs https://github.com/seccomp/libseccomp/issues/259. Signed-off-by: Tudor Brindus <me@tbrindus.ca> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Skip the stat syscall on aarch64 in test 06Tom Hromatka2020-07-131-1/+1
| | | | | | | | | | The recent patch to remove PNR syscalls from the BPF filter causes test 06-sim-actions%%005-00001 to fail because aarch64 doesn't support the stat syscall. This commit skips that check on aarch64 only. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* tests: Handle pseudo-syscalls in the sim binary tree testTom Hromatka2020-07-133-41/+70
| | | | | | | | | | | | | Now that pseudo-syscalls are being removed from the resultant BPF filter, we need to test for this in the simulated binary tree test. This commit modifies the test to explicitly define its supported architectures and updates the tests file to handle PNR syscalls. Note that the aarch64 architecture does not define many of the syscalls used in this test, and thus these syscalls fall through to the default ALLOW action. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
View Lorry Controller Status