| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
Two major changes: don't require sudo (allows the use of the Travis
container infrastructure) and run the clang static analyzer as one
of the tests.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds the necessary tweaks to support building against
Python v2.x and v3.x. In the process we also fix some problems with
the Python live tests; it is unclear when they broke, but they are
working now.
Tested on Python v2.7.13 and v3.6.0.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
| |
Signed-off-by: valoq <valoq@mailbox.org>
[PM: subject line tweak and whitespace fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
| |
Refined `seccomp_arch_add` to be more verbose about return code `-EEXIST`
in case of existing arch in filter. Adding this information helps developers
write code to safely ignore the ret code in this case.
Signed-off-by: Jiannan Guo <guojiannan1101@gmail.com>
[PM: tweaked subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
| |
Signed-off-by: Vladimir Rutsky <vladimir@rutsky.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
Some logic in the implementation of `seccomp_add_arch` can never
be reached and `arch_def_lookup` was called redundantly.
Signed-off-by: Jiannan Guo <guojiannan1101@gmail.com>
[PM: update subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
A variety of updates to reflect changes in the Linux Kernel and
the library itself with the goal of making sure the syscall
checking scripts continue to work.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
| |
validation
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add support for the following syscalls added in Linux v4.9:
- preadv2 and pwritev2
- pkey_mprotect, pkey_alloc, pkey_free
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
[PM: update subject line, description, and some whitespace]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
Clarify that the zero value results in a no-op on libseccomp
side, and applications will need to have to have proper caps
or set NO_NEW_PRIVS by themself.
Signed-off-by: Luca Bruno <lucab@debian.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
This commit sorts out a mismatch between simulation tests,
properly laying down a blacklist and a whitelist simulation.
Signed-off-by: Luca Bruno <lucab@debian.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch (v4) adds support for the parisc and parisc64 architectures
to libseccomp.
I didn't split up the patch, because it's pretty trivial.
Those parisc-specific files gets added:
src/arch-parisc-syscalls.c
src/arch-parisc.c
src/arch-parisc.h
src/arch-parisc64.c
All other changes are trivial because they simply add parisc-specific
case statements in variouse switch statements.
I did ran a "make check" on x86-64 and parisc and all testcases succeeded.
All live testcases succeed as well when running "./regression -T live".
The patch applies cleanly to current libseccomp git head.
Changes between v4 and v3 of this patch:
- Added parisc arch to arch-syscall-check.c and fixup syscall table as
needed
- Fixed copyright notices in parisc files as suggested by Mike Frysinger
Changes between v3 and v2 of this patch:
- Stripped out patch which reports if a check was skipped because
valgrind isn't installed.
- Added tuxcall pseudo syscall for 19-sim-missing_syscalls testcase
- Added sysmips pseudo syscall for 29-sim-pseudo_syscall testcase
Changes between v2 and v1 of this patch:
- Enabled seccomp mode 2 regression tests on parisc. Kernel support for
hppa was added in kernel 4.6-rc1 and backported into the kernel v4.5.2
stable series.
Signed-off-by: Helge Deller <deller@gmx.de>
[PM: corrected a number or errors from 'make check-syntax']
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
| |
Signed-off-by: Luca Bruno <lucab@debian.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
The disassembler and local constants are missing the xor
and mod operations. Unlikely to occur, but it's nice to
be complete.
Signed-off-by: David Drysdale <drysdale@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit 578dc996b9738c30493bf49884d442413f09642a)
|
| |
|
|
|
|
|
|
| |
Unfortunately we were only properly handling some of the multiplexed
ipc() syscalls, this patch correctly handles all of the ipc()
syscalls.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
| |
It turns out the socket and ipc related syscalls are also multiplexed
on s390/s390x much like they are on 32-bit x86. Further making things
difficult is that starting with Linux 4.3 the socket syscalls are also
available as directly wired versions, much like 32-bit x86. This
patch attempts to fix all those problems.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
On 32-bit x86 the resolved socket syscall() doesn't always resolve to
the __NR_socket value due to the direct wired socket syscall so
replace it with the read() syscall to ensure the test doesn't fail.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Print a message if a regression test was skipped just because valgrind isn't
installed.
This additional info is useful for architectures (e.g. parisc) which aren't
as fast as x86_64. On parisc it seemed that the whole testcase was hanging,
now people know what's actually happening.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out there was still a few bugs with the 32-bit x86 socket
syscalls, especially on systems with older kernel headers installed.
This patch corrects these problems and perhaps more importantly,
returns the resolver API functions to returning the negative pseudo
syscall numbers in the case of 32-bit x86, this helps ensure things
continue to work as they did before as the API does not change.
It it important to note that libseccomp still generates filter code
for both multiplexed and direct socket syscalls regardless.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
| |
Special thanks to those on the "Reported-by" line who helped test
this.
Reported-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
Reported-by: than <than@redhat.com>
Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
| |
Reported-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The seccomp() syscall was first added in Linux 3.17 so most systems
should now support this syscall. Most importantly, the use of the
seccomp() syscall enabled the thread sync functionality which isn't
possible with prctl(); although callers still need to enable the flag
per-filter as the thread sync default is disabled.
This patch also unified the return values of the sys_chk_*()
functions.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
This patch also adds some extra checking to ensure this doesn't happen
again.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
This will allow callers to dynamically query the libseccomp library
to determine the version information. We do not currently plan on
exposing this API via any of the supported language bindings.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
Employer agnostic emails make things a lot easier in the long run so
make sure the paul-moore.com address is used whenever it makes sense.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
| |
Reported-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
This should help on systems that use alternate libc implementations.
Reported-by: anarchpenguin
Reported-by: Kylie McClain somasis@exherbo.org
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from system.c:26:0:
../include/seccomp.h:1250:0: warning: "__NR_cacheflush" redefined
#define __NR_cacheflush __PNR_cacheflush
^
In file included from ../include/seccomp.h:27:0,
from system.c:26:
/usr/mips64-unknown-linux-gnu/usr/include/asm/unistd.h:934:0:
note: this is the location of the previous definition
#define __NR_cacheflush (__NR_Linux + 197)
Reported-by: Mike Frysinger <vapier@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
We need to test that we are generating filters that can handle both
the legacy multiplexed socket syscalls as well as the new direct
wired socket syscalls.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
Linux 4.3 added direct-wired socket syscalls in addition to the
multiplexed socket syscalls available via socketcall(). This patch
causes libseccomp to generate filters for socket syscall methods on
x86 systems.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
Create the infrastructure for arch/ABI specific rule creation that
allows us much more involved arch/ABI customization.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The arch specific filter rewrite code is going to need to become more
complex so move the low level rule addition code directly into the
arch layer instead of the db layer, but still keep the tree manipulation
code in the db layer.
This patch also creates a new arch specific rule_add() function table
entry and allows for this function to create multiple rules from a
single rule.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds basic transaction support to the db layer. The db
transactions allow callers to checkpoint a filter collection at the
current point in time and later rollback the filter collection if
necessary. There will be some overhead at the start of the
transaction to generate the checkpoint, but transaction commit and
abort rollbacks are guaranteed to succeed. Transactions may be
nested.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
