| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
It appears that '--indent-preprocessor' and
'--max-instatement-indent' are no longer supported command line
options, remove them.
Minor tweak to db_col_init() to appease astyle, no functional
changes.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
| |
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the LoongArch Toolchain Conventions [1], `__loongarch64`
is already deprecated for a while. What we care about here is the ABI
data model, so change the `__loongarch64` to `__loongarch_lp64` instead.
[1]: https://loongson.github.io/LoongArch-Documentation/LoongArch-toolchain-conventions-EN.html
Signed-off-by: WANG Xuerui <git@xen0n.name>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn>
Signed-off-by: WANG Xuerui <git@xen0n.name>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Delete the unused variable 'len' from scmp_bpf_disasm.
scan-build identified the following two warnings:
scmp_bpf_disasm.c:304:10: warning: Although the value stored to 'len'
is used in the enclosing expression, the value is never actually read
from 'len'
while ((len = fread(&bpf, sizeof(bpf), 1, file))) {
scmp_bpf_disasm.c:441:10: warning: Although the value stored to 'len' is
used in the enclosing expression, the value is never actually read from
'len'
while ((len = fread(&bpf, sizeof(bpf), 1, file))) {
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
Initial support for seccomp for SuperH in Linux was added in 2.6.27-rc2,
support for SECCOMP_FILTER was added for Linux 5.9. This adds support
for SuperH in libseccomp, both for little-endian and big-endian mode.
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
This patch updates the code for the newly added spell checking.
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
| |
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
The basic idea is that the C functions should return negative values
on error and the terminal programs should return positive, non-zero
values on error.
Reported-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
It is pointless to check the syntax of automatically generated files
so let's stop doing it.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
There are no functional changes in this patch, just some minor
changes found by the lgtm.com service:
* four functions in tools/util.c were "hiding" a global variable
with a local variable ("arch")
* src/arch.c had an unnecessary check in an if-condition
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
| |
Signed-off-by: Andreas Schwab <schwab@suse.de>
[PM: minor macro shuffling in seccomp.h.in]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not force static link of tools, it breaks build with:
BR2_SHARED_LIBS=y
Patch retrieved from
https://git.buildroot.net/buildroot/tree/package/libseccomp/0001-remove-static.patch and slighly updated to work with 2.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: also removed the '-static' from the scmp_api_level build]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
| |
The clang compiler complains of a potential memory leak, this patch
fixes it.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
| |
We shouldn't be redefining AM_CPPFLAGS here, so get rid of it.
Reported-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Historically libseccomp has created a __NR_x definition for every
syscall it supports, even those that aren't valid for a given ABI.
While this seemed like a good idea at the time, it turned out to have
some unwanted and nasty side effects. This patch finally corrects
this problem.
The basic approach is quite simple: move the SCMP_SYS() macro to use
__SNR_x values instead of __NR_x values. The unfortunate side effect
of this change is that instead of just worrying about #defines for the
__PNR_x values we now have to have a __SNR_x define for *every*
syscall. The good news is that after this patch that should only be
a few new syscalls every year - a very manageable task.
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
| |
I forgot to add scmp_api_level to the .gitignore file.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for killing the entire process via
the SCMP_ACT_KILL_PROCESS action. To maintain backward
compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD.
Support for KILL_PROCESS was added into the Linux kernel in
v4.14.
This addresses GitHub Issue #96 - RFE: add support for
SECCOMP_RET_KILL_PROCESS
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: minor comment tweak in seccomp.h.in]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
| |
Extend libseccomp to support SECCOMP_RET_LOG, which is intended to
log the syscall before allowing it.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch (v4) adds support for the parisc and parisc64 architectures
to libseccomp.
I didn't split up the patch, because it's pretty trivial.
Those parisc-specific files gets added:
src/arch-parisc-syscalls.c
src/arch-parisc.c
src/arch-parisc.h
src/arch-parisc64.c
All other changes are trivial because they simply add parisc-specific
case statements in variouse switch statements.
I did ran a "make check" on x86-64 and parisc and all testcases succeeded.
All live testcases succeed as well when running "./regression -T live".
The patch applies cleanly to current libseccomp git head.
Changes between v4 and v3 of this patch:
- Added parisc arch to arch-syscall-check.c and fixup syscall table as
needed
- Fixed copyright notices in parisc files as suggested by Mike Frysinger
Changes between v3 and v2 of this patch:
- Stripped out patch which reports if a check was skipped because
valgrind isn't installed.
- Added tuxcall pseudo syscall for 19-sim-missing_syscalls testcase
- Added sysmips pseudo syscall for 29-sim-pseudo_syscall testcase
Changes between v2 and v1 of this patch:
- Enabled seccomp mode 2 regression tests on parisc. Kernel support for
hppa was added in kernel 4.6-rc1 and backported into the kernel v4.5.2
stable series.
Signed-off-by: Helge Deller <deller@gmx.de>
[PM: corrected a number or errors from 'make check-syntax']
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
The disassembler and local constants are missing the xor
and mod operations. Unlikely to occur, but it's nice to
be complete.
Signed-off-by: David Drysdale <drysdale@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Employer agnostic emails make things a lot easier in the long run so
make sure the paul-moore.com address is used whenever it makes sense.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|\
| |
| |
| | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because on S390x both __s390x__ and __s390__ are defined, the check
of __s390x__ must be before __s390__.
Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: subject tweaks]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds support for S390 (32-bit) architecture.
Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: rewrote the subject line, style fixes, s390x/s390 typo bugfixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds support for S390x (64-bit) architecture.
Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: rewrote the subject line, style fixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| | |
I'm still not quite sure why this was shared in the first place.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for other modes for LD/LDX operations
(even though they are rare in seccomp BPF programs),
specifically BPF_IMM, BPF_IND, BPF_LEN and BPF_MSH.
Signed-off-by: David Drysdale <drysdale@google.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Generate a rough program flowchart when '-d' option specified.
This output can be converted into a graph with the Dot tool:
% tests/02-sim-basic -b | tools/scmp_bpf_disasm -d | dot -Tpdf > out.pdf
Details:
- Add '-d' option to generate Dot output rather than listing.
- Convert bpf_decode_op() to return string rather than printing,
to allow re-use.
- Encapsulate action string generation in bpf_decode_action() to
allow re-use.
Signed-off-by: David Drysdale <drysdale@google.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| | |
Mike Strosaker <strosake@linux.vnet.ibm.com> reports that the
working-ppc64 branch is working for both 'make check' and './regression
-T live'.
|
| |
| |
| |
| |
| | |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
See https://github.com/cgwalters/build-api/blob/master/build-api.md
Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
On some really old systems the ELF and or Audit ABI/arch defines are
missing, this patch provides our own #defines in these cases.
Reported-by: Vincent.Riera@imgtec.com
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|/
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
This patch adds support for AArch64 (64-bit ARM) architecture.
Signed-off-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
(Additional fixes/corrections/etc.)
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
| |
Reported-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
Include the header file dependencies. This will improve "make dist" generated
tarballs.
Signed-off-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|