| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
A variety of updates to reflect changes in the Linux Kernel and
the library itself with the goal of making sure the syscall
checking scripts continue to work.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
Employer agnostic emails make things a lot easier in the long run so
make sure the paul-moore.com address is used whenever it makes sense.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
|
|
| |
Linux 4.3 added direct-wired socket syscalls in addition to the
multiplexed socket syscalls available via socketcall(). This patch
causes libseccomp to generate filters for socket syscall methods on
x86 systems.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| |
|
|
|
|
|
| |
Create the infrastructure for arch/ABI specific rule creation that
allows us much more involved arch/ABI customization.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
This will be useful in future patches for rebuilding and manipulating
the filter.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We use negative syscalls numbers to indicate syscalls that aren't
supported by a certain arch/ABI and unfortunately there were cases
where these bogus syscall values were finding their way into the
filter. This patch corrects this and adds a new test to check for
this in the future.
Reported-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
I've been putting off simplifing the arch specific code until we had
enough ABIs to know what simplifications made sense. Well, our
supported ABI list is not quite reasonable so go ahead and clean
things up a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a dead simple, and a bit hack-ish, little program that
checks the internal syscall tables for consistency across the different
supported architectures. We also tie this test into the autotools test
infrastructure. This should be of particular importance when adding
or updating architectures.
This patch also fixed some automake/libtool problems which were causing
us to double-build some objects under src/.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two major issues resolved in this patch: proper support for
generating BPF on big endian systems, and ensuring we build the BPF
correctly when the host system does not share the same endianess as
the target platform.
Relevant discussion in LKML regarding BPF on big endian systems:
https://lkml.org/lkml/2012/4/8/87
Inspired by an earlier patch from Markos Chandras.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
| |
Make it more obvious that these variables are booleans.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
| |
We may not always want to have statically defined syscall tables,
e.g. x32, so create a series of functions to access the syscall
tables which should provide us some flexibility.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
No code chanages here, just an effort to improve naming consistency
a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
