summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* arch: update the syscalls for Linux v4.15-rc7Paul Moore2018-01-1012-13/+49
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit c842c2f6c203ad9da37ca60219172aa0be68d26a)
* arch: add the statx syscallTobias Klauser2018-01-1012-12/+24
| | | | | | | | | Fixes #88 Signed-off-by: Tobias Klauser <tklauser@distanz.ch> [PM: fixed the incorrect x32 definition] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 4793ea990ea80ee26ed63e2a20723fdb417abf5b)
* python: add support for Python 3.xPaul Moore2017-02-271-4/+23
| | | | | | | | | | | | This patch adds the necessary tweaks to support building against Python v2.x and v3.x. In the process we also fix some problems with the Python live tests; it is unclear when they broke, but they are working now. Tested on Python v2.7.13 and v3.6.0. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ce5aea6a4ae7523b57ec13e2e6150aa5d83c1b4e)
* build: fix arch-syscall-check for all supported architecturesPaul Moore2017-02-271-2/+2
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* build: fix a problem where arch-syscall-check could fail and return 0Paul Moore2017-02-271-0/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>(imported from commit 6fdeebac85d7605f9a9b5f0bc7bbb19cafea7969)
* bpf: don't catch the -1 syscall in the x32/x86_64 checkPaul Moore2017-02-231-1/+20
| | | | | | | | | | | | | | | | The -1 syscall can be used by a tracing process to skip a syscall, which up until Linux v4.8 was of no concern for libseccomp since the seccomp filter was only executed at the start of the syscall and not after the tracing process was notified, however recent kernels also execute the seccomp filter after the tracing process finishes its syscall handling; this caused problems on x86_64 systems that didn't explicitly add an x32 architecture to their filters. This patch fixes the x32 check to treat the -1 syscall like any other syscall. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit ba73ee4f56e8ada7309345cbe08ebf358d60f7e7)
* all: treat syscall -1 as a valid syscallPaul Moore2017-02-236-16/+31
| | | | | | | | | | | | | | Process tracers use a -1 syscall value to indicate that a syscall should be skipped. This turns out to be quite an undertaking as we need to workaround __NR_SCMP_ERROR (which also has a value of -1). Pay special attention to the new attribute, SCMP_FLTATR_API_TSKIP, and the documentation additions. More information in the GitHub issue: * https://github.com/seccomp/libseccomp/issues/80 Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit dc879990774b5fe0b5d3362ae592e8a5bb615fbb)
* db: include the arguments in the db_api_rule_list structPaul Moore2017-02-177-101/+44
| | | | | | | | | | | Instead of dynamically allocating a variable number of arguments, include an array of ARG_COUNT_MAX elements directly in the struct. Also perform a number of simplifications to the code with the understanding that ARG_COUNT_MAX is an ABI independent value that isn't variable. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit e3addce3794ddb6dc174d429da055296282df0e6)
* build: add basic code coverage supportPaul Moore2017-02-071-3/+5
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a697763953670b7d9ce3375fe2d3c6fe87fb076c)
* arch: update the syscall tables to 4.10-rc6+Paul Moore2017-02-023-10/+10
| | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 116b3c1a2e1db53cc35b74f30c080f5265faa674)
* all: update the syscall validation code/scripts for January 2017Paul Moore2017-02-0228-174/+147
| | | | | | | | | A variety of updates to reflect changes in the Linux Kernel and the library itself with the goal of making sure the syscall checking scripts continue to work. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 486c16401ea59657750987b19641d4b8fcc972e2)
* build: ensure we sort the library and kernel syscall lists the same during ↵Paul Moore2017-02-021-1/+1
| | | | | | | validation Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit e58bfa9032a5e15e2081ddfdda040e7a29de58b9)
* arch: update syscalls for Linux 4.9Justin Cormack2017-02-0212-11/+71
| | | | | | | | | | | | Add support for the following syscalls added in Linux v4.9: - preadv2 and pwritev2 - pkey_mprotect, pkey_alloc, pkey_free Signed-off-by: Justin Cormack <justin.cormack@docker.com> [PM: update subject line, description, and some whitespace] Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit d9102f12fd39bd77151a1f630fcfc8c80f86c55c)
* arch: fix the multiplexed ipc() syscallsPaul Moore2016-04-203-6/+6
| | | | | | | | | Unfortunately we were only properly handling some of the multiplexed ipc() syscalls, this patch correctly handles all of the ipc() syscalls. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit a58deebd1ee7bedc47bb966ebeec699421e40c65)
* s390: handle multiplexed syscalls correctlyPaul Moore2016-04-207-10/+804
| | | | | | | | | | | It turns out the socket and ipc related syscalls are also multiplexed on s390/s390x much like they are on 32-bit x86. Further making things difficult is that starting with Linux 4.3 the socket syscalls are also available as directly wired versions, much like 32-bit x86. This patch attempts to fix all those problems. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 66282c31034e2bb442bd9dc862d6d814f0df2f98)
* arch: fix a number of 32-bit x86 failures related to socket syscallsPaul Moore2016-04-102-4/+103
| | | | | | | | | | | | | | | It turns out there was still a few bugs with the 32-bit x86 socket syscalls, especially on systems with older kernel headers installed. This patch corrects these problems and perhaps more importantly, returns the resolver API functions to returning the negative pseudo syscall numbers in the case of 32-bit x86, this helps ensure things continue to work as they did before as the API does not change. It it important to note that libseccomp still generates filter code for both multiplexed and direct socket syscalls regardless. Signed-off-by: Paul Moore <paul@paul-moore.com> (imported from commit 73d83e45efbe8c31067c97155162f17ca51b7435)
* python: update the bindings metadataPaul Moore2016-02-261-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* build: swap '()' for '{}' in Makefiles for consistencyPaul Moore2016-02-261-1/+1
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: update the ABI whitelist for the seccomp() syscallPaul Moore2016-02-261-0/+6
| | | | | | | | | | Special thanks to those on the "Reported-by" line who helped test this. Reported-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com> Reported-by: than <than@redhat.com> Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: fix the SECCOMP_SET_MODE_STRICT definePaul Moore2016-02-241-8/+1
| | | | | Reported-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Paul Moore <paul@paul-moore.com>
* all: use the seccomp() syscall whenever possible for tested ABIsPaul Moore2016-02-223-28/+96
| | | | | | | | | | | | | The seccomp() syscall was first added in Linux 3.17 so most systems should now support this syscall. Most importantly, the use of the seccomp() syscall enabled the thread sync functionality which isn't possible with prctl(); although callers still need to enable the flag per-filter as the thread sync default is disabled. This patch also unified the return values of the sys_chk_*() functions. Signed-off-by: Paul Moore <paul@paul-moore.com>
* python: update the python bindings to match the C versionPaul Moore2016-02-222-1/+18
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: update the syscall tables to 4.5-rc4+Paul Moore2016-02-1912-13/+37
| | | | Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: fix syscall validate script so ppc64 is checked againPaul Moore2016-02-191-1/+15
| | | | | | | This patch also adds some extra checking to ensure this doesn't happen again. Signed-off-by: Paul Moore <paul@paul-moore.com>
* api: add a seccomp_version() API callPaul Moore2016-02-181-0/+12
| | | | | | | | This will allow callers to dynamically query the libseccomp library to determine the version information. We do not currently plan on exposing this API via any of the supported language bindings. Signed-off-by: Paul Moore <paul@paul-moore.com>
* all: update my email addressPaul Moore2016-02-1138-38/+38
| | | | | | | Employer agnostic emails make things a lot easier in the long run so make sure the paul-moore.com address is used whenever it makes sense. Signed-off-by: Paul Moore <paul@paul-moore.com>
* system: use sys/prctl.h instead of linux/prctl.hPaul Moore2016-02-101-1/+1
| | | | | | | | This should help on systems that use alternate libc implementations. Reported-by: anarchpenguin Reported-by: Kylie McClain somasis@exherbo.org Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: generate both multiplexed and direct socket syscall rulesPaul Moore2016-02-096-99/+230
| | | | | | | | | Linux 4.3 added direct-wired socket syscalls in addition to the multiplexed socket syscalls available via socketcall(). This patch causes libseccomp to generate filters for socket syscall methods on x86 systems. Signed-off-by: Paul Moore <paul@paul-moore.com>
* arch: enable more involved arch/ABI specific rule creationPaul Moore2016-02-0915-99/+41
| | | | | | | Create the infrastructure for arch/ABI specific rule creation that allows us much more involved arch/ABI customization. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: move the low level filter rule addition code into the arch layerPaul Moore2016-02-0917-80/+140
| | | | | | | | | | | | | The arch specific filter rewrite code is going to need to become more complex so move the low level rule addition code directly into the arch layer instead of the db layer, but still keep the tree manipulation code in the db layer. This patch also creates a new arch specific rule_add() function table entry and allows for this function to create multiple rules from a single rule. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: make use of function tables instead of switch statementsPaul Moore2016-02-0915-75/+84
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* db: introduce transaction supportPaul Moore2016-02-092-2/+187
| | | | | | | | | | | | This patch adds basic transaction support to the db layer. The db transactions allow callers to checkpoint a filter collection at the current point in time and later rollback the filter collection if necessary. There will be some overhead at the start of the transaction to generate the checkpoint, but transaction commit and abort rollbacks are guaranteed to succeed. Transactions may be nested. Signed-off-by: Paul Moore <pmoore@redhat.com>
* db: store the rules used to build the filterPaul Moore2016-02-096-61/+110
| | | | | | | This will be useful in future patches for rebuilding and manipulating the filter. Signed-off-by: Paul Moore <pmoore@redhat.com>
* db: make the individual db filter ops privatePaul Moore2016-02-093-379/+422
| | | | | | | | | | We really should operate only on filter collections so move all the individual DB filter operations out of api.c and into db.c. There are likely other changes that can now be done to further clean the code, but I'll leave that as future work. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: basic support for multiplexed and direct socket syscalls on x86Paul Moore2015-11-111-0/+73
| | | | | | | We need better support than this, but this commit should provide the most basic support. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: update the syscalls for Linux 4.3Paul Moore2015-11-1112-38/+38
| | | | | | | Some additional testing/work is needed to ensure everything works correctly with the direct wired socket syscalls on x86. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: update s390/s390x system call tablesHeiko Carstens2015-11-1112-63/+111
| | | | | | | | | | | | | | | | | | | | s390 and s390x gained quite a few new system calls: - numa related system calls - the separated socket system calls - two more s390 specific pci mmio system calls All architectures got the new membarrier and userfaultfd system calls. This patch updates the s390 specific system call tables and updates other architectures where needed. Also remove some extra whitespace from the s390 specific system call tables. Both 'make check' and './regression -T live' still work for s390 and s390x after this update. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: fixes and improvements to the arch-syscall-validate scriptPaul Moore2015-11-111-22/+57
| | | | | | | Fix a few problems with the arch-syscall-validate script, do some minor cleanups, and ensure it works correctly against Linux v4.3. Signed-off-by: Paul Moore <pmoore@redhat.com>
* db: fix a minor style problemPaul Moore2015-09-011-1/+1
| | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
* api: limit errno values to MAX_ERRNOPaul Moore2015-08-292-1/+6
| | | | | | | | | | It turns out that userspace behaves oddly when given an errno value greater than MAX_ERRNO, so much so that the kernel seccomp mechanism has started blocking filters with bad errno values. Let's try to catch the problem at rule addition time to make things easier to spot and fix. Signed-off-by: Paul Moore <pmoore@redhat.com>
* arch: use private syscall #define offsets to prevent collisionsPaul Moore2015-08-294-1336/+1336
| | | | | Reported-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
* pfc: add missing ppc namesMike Frysinger2015-08-281-0/+6
| | | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
* Merge branch 'working-s390' into masterPaul Moore2015-08-2824-41/+1248
|\ | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * s390x: fix plattform detectionJan Willeke2015-07-131-2/+2
| | | | | | | | | | | | | | | | | | Because on S390x both __s390x__ and __s390__ are defined, the check of __s390x__ must be before __s390__. Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com> [PM: subject tweaks] Signed-off-by: Paul Moore <pmoore@redhat.com>
| * python: add s390 and s390x supportPaul Moore2015-07-132-0/+8
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
| * arch: add support for s390Jan Willeke2015-07-139-4/+586
| | | | | | | | | | | | | | | | This patch adds support for S390 (32-bit) architecture. Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com> [PM: rewrote the subject line, style fixes, s390x/s390 typo bugfixes] Signed-off-by: Paul Moore <pmoore@redhat.com>
| * arch: add support for s390xJan Willeke2015-07-1317-3/+598
| | | | | | | | | | | | | | | | This patch adds support for S390x (64-bit) architecture. Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com> [PM: rewrote the subject line, style fixes] Signed-off-by: Paul Moore <pmoore@redhat.com>
* | all: block negative syscall numbers from the filterPaul Moore2015-08-277-42/+41
| | | | | | | | | | | | | | | | | | | | | | We use negative syscalls numbers to indicate syscalls that aren't supported by a certain arch/ABI and unfortunately there were cases where these bogus syscall values were finding their way into the filter. This patch corrects this and adds a new test to check for this in the future. Reported-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
* | arch: fix a problem with the rule rewrites in _seccomp_rule_add()Paul Moore2015-08-271-1/+1
| | | | | | | | | | | | | | A typo was causing the return value from arch_fitler_rewrite() to be ignored in cases where -EDOM was returned. Signed-off-by: Paul Moore <pmoore@redhat.com>
* | all: minor tweak to make astyle v2.05.1 happyPaul Moore2015-08-261-1/+0
| | | | | | | | Signed-off-by: Paul Moore <pmoore@redhat.com>
View Lorry Controller Status