| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using autoconf macros, one has to be careful because some
arguments as they may need additional escaping. In this
particular case, the second argument passed to
AC_DEFINE_UNQUOTED() is problematic as autoconf runs it in a
subshell resulting in 'yes' being interpreted as a name of a
variable instead of literal "yes" string. Putting quotes around
it lets shell know we want string comparison.
This problem was noticed with autoconf-2.71.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detecting cython version runs cython needlessly many times (one
for AS_ECHO(), one for major and one for minor version
extraction). Speaking of AS_ECHO(), the argument needs escaping
as it's not a single shell word.
Instead of fixing the escaping, let's rework the check a bit so
that cython is executed just once and AS_ECHO() is then replaced
with AC_MSG_CHECKING() AC_MSG_RESULT() combo.
The need for escaping can be seen with newer autotools-2.71.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that the MIPS GCC compiler defines a "mips" cpp macro
which was resulting in build failures on MIPS so we need to
undefine the "mips" macro during build. As this should be safe
to do in all architectures, just add it to the compiler flags by
default.
This was reported in the following GH issue:
* https://github.com/seccomp/libseccomp/issues/274
Reported-by: Rongwei Zhang <pudh4418@gmail.com>
Suggested-by: Rongwei Zhang <pudh4418@gmail.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch significantly improves the performance of
seccomp_syscall_resolve_name since it replaces the expensive strcmp
for each syscall in the database, with a lookup table.
The complexity for syscall_resolve_num is not changed and it
uses the linear search, that is anyway less expensive than
seccomp_syscall_resolve_name as it uses an index for comparison
instead of doing a string comparison.
On my machine, calling 1000 seccomp_syscall_resolve_name_arch and
seccomp_syscall_resolve_num_arch over the entire syscalls DB passed
from ~0.45 sec to ~0.06s.
PM: After talking with Giuseppe I made a number of additional
changes, some substantial, the highlights include:
* various style tweaks
* .gitignore fixes
* fixed subject line, tweaked the description
* dropped the arch-syscall-validate changes as they were masking
other problems
* extracted the syscalls.csv and file deletions to other patches
to keep this one more focused
* fixed the x86, x32, arm, all the MIPS ABIs, s390, and s390x ABIs as
the syscall offsets were not properly incorporated into this change
* cleaned up the ABI specific headers
* cleaned up generate_syscalls_perf.sh and renamed to
arch-gperf-generate
* fixed problems with automake's file packaging
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: see notes in the "PM" section above]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
Move -I${top_builddir}/include to toplevel so that it is available in all
subdirs. This is needed to find <seccomp.h> in the build directory, since
it is now a generated file.
Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
Python 2.x is going EOL very soon, so let's require Python 3.x now
and attempt to use the explicitly marked Python 3.x tools first.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the Cython language level to "3str" which is described in the
Cython 0.29 changelog:
"A new language level name 3str was added that mostly corresponds to
language level 3, but keeps unprefixed string literals as type ‘str’
in both Py2 and Py3, and the builtin ‘str’ type unchanged. This will
become the default in the next Cython release and is meant to help
user code a) transition more easily to this new default and
b) migrate to Python 3 source code semantics without making support
for Python 2.x difficult."
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
I'm not particularly proud of the seccomp.pyx hack, but it works, and
enabling the python bindings during the distcheck is definitely the
"Greater Good".
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The seccomp() syscall was first added in Linux 3.17 so most systems
should now support this syscall. Most importantly, the use of the
seccomp() syscall enabled the thread sync functionality which isn't
possible with prctl(); although callers still need to enable the flag
per-filter as the thread sync default is disabled.
This patch also unified the return values of the sys_chk_*()
functions.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
| |
The test tool only has = for comparison, not ==. The latter is accepted
by bash and other shells, but is not in POSIX.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
As noted in the previous commit, I made some style changes, but forgot
to include them in the commit. This patch includes those tweaks.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is based on the following patch written by Richard W.M. Jones
from RedHat:
https://www.redhat.com/archives/libguestfs/2013-February/msg00102.html
Earlier versions of automake complain if they get a configuration
parameter which they don't understand. The error is:
configure.ac:27: error: option 'serial-tests' not recognized
Use some m4 hackery to work around this.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
(minor style tweaks to the comments)
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
Thanks to the folks at Coverity for supporting Open Source projects
such as this one.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
| |
The new seccomp() syscall makes an appearance in Linux 3.17.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
| |
There are also some minor cosmetic tweaks to the files.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
With my apologies to Jan for delaying this patch for so long, there
are a number of differences between Jan's original patch and what is
being merged in this patch; almost all of the changes are due to
changes in the underlying code base, but there are a few minor fixes
as well.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
