forked from jengelh/libseccomp
Jan Engelhardt
8d2780d7a1
- updated ppc64le patch s390 32bit: passed: 3823 / failed: 91 / errored: 43 OBS-URL: https://build.opensuse.org/request/show/240751 OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=22
2318 lines
60 KiB
Diff
2318 lines
60 KiB
Diff
Index: libseccomp-2.1.1/include/seccomp.h.in
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/include/seccomp.h.in
|
|
+++ libseccomp-2.1.1/include/seccomp.h.in
|
|
@@ -122,6 +122,26 @@ struct scmp_arg_cmp {
|
|
#define SCMP_ARCH_ARM AUDIT_ARCH_ARM
|
|
|
|
/**
|
|
+ * The S390X architecture token
|
|
+ */
|
|
+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
|
|
+
|
|
+/**
|
|
+ * The S390 architecture token
|
|
+ */
|
|
+#define SCMP_ARCH_S390 AUDIT_ARCH_S390
|
|
+
|
|
+/**
|
|
+ * The PowerPC architecture token
|
|
+ */
|
|
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
|
|
+
|
|
+/**
|
|
+ * The PowerPC64 architecture token
|
|
+ */
|
|
+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
|
|
+
|
|
+/**
|
|
* Convert a syscall name into the associated syscall number
|
|
* @param x the syscall name
|
|
*/
|
|
Index: libseccomp-2.1.1/src/arch.c
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/src/arch.c
|
|
+++ libseccomp-2.1.1/src/arch.c
|
|
@@ -34,6 +34,10 @@
|
|
#include "arch-x86_64.h"
|
|
#include "arch-x32.h"
|
|
#include "arch-arm.h"
|
|
+#include "arch-s390x.h"
|
|
+#include "arch-s390.h"
|
|
+#include "arch-ppc.h"
|
|
+#include "arch-ppc64.h"
|
|
#include "system.h"
|
|
|
|
#if __i386__
|
|
@@ -46,6 +50,14 @@ const struct arch_def *arch_def_native =
|
|
#endif /* __ILP32__ */
|
|
#elif __arm__
|
|
const struct arch_def *arch_def_native = &arch_def_arm;
|
|
+#elif __s390__
|
|
+const struct arch_def *arch_def_native = &arch_def_s390;
|
|
+#elif __s390x__
|
|
+const struct arch_def *arch_def_native = &arch_def_s390x;
|
|
+#elif __powerpc64__
|
|
+const struct arch_def *arch_def_native = &arch_def_ppc64;
|
|
+#elif __powerpc__
|
|
+const struct arch_def *arch_def_native = &arch_def_ppc;
|
|
#else
|
|
#error the arch code needs to know about your machine type
|
|
#endif /* machine type guess */
|
|
@@ -64,6 +76,10 @@ int arch_valid(uint32_t arch)
|
|
case SCMP_ARCH_X86_64:
|
|
case SCMP_ARCH_X32:
|
|
case SCMP_ARCH_ARM:
|
|
+ case SCMP_ARCH_S390:
|
|
+ case SCMP_ARCH_S390X:
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ case SCMP_ARCH_PPC:
|
|
return 0;
|
|
}
|
|
|
|
@@ -88,6 +104,14 @@ const struct arch_def *arch_def_lookup(u
|
|
return &arch_def_x32;
|
|
case SCMP_ARCH_ARM:
|
|
return &arch_def_arm;
|
|
+ case SCMP_ARCH_S390:
|
|
+ return &arch_def_s390;
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return &arch_def_s390x;
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return &arch_def_ppc64;
|
|
+ case SCMP_ARCH_PPC:
|
|
+ return &arch_def_ppc;
|
|
}
|
|
|
|
return NULL;
|
|
@@ -112,6 +136,14 @@ int arch_arg_count_max(const struct arch
|
|
return x32_arg_count_max;
|
|
case SCMP_ARCH_ARM:
|
|
return arm_arg_count_max;
|
|
+ case SCMP_ARCH_S390:
|
|
+ return s390_arg_count_max;
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return s390x_arg_count_max;
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return ppc64_arg_count_max;
|
|
+ case SCMP_ARCH_PPC:
|
|
+ return ppc_arg_count_max;
|
|
}
|
|
|
|
return -EDOM;
|
|
@@ -130,6 +162,10 @@ int arch_arg_count_max(const struct arch
|
|
int arch_arg_offset_lo(const struct arch_def *arch, unsigned int arg)
|
|
{
|
|
switch (arch->token) {
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return ppc64_arg_offset_lo(arg);
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return s390x_arg_offset_lo(arg);
|
|
case SCMP_ARCH_X86_64:
|
|
return x86_64_arg_offset_lo(arg);
|
|
default:
|
|
@@ -150,6 +186,10 @@ int arch_arg_offset_lo(const struct arch
|
|
int arch_arg_offset_hi(const struct arch_def *arch, unsigned int arg)
|
|
{
|
|
switch (arch->token) {
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return ppc64_arg_offset_hi(arg);
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return s390x_arg_offset_hi(arg);
|
|
case SCMP_ARCH_X86_64:
|
|
return x86_64_arg_offset_hi(arg);
|
|
default:
|
|
@@ -178,6 +218,14 @@ int arch_syscall_resolve_name(const stru
|
|
return x32_syscall_resolve_name(name);
|
|
case SCMP_ARCH_ARM:
|
|
return arm_syscall_resolve_name(name);
|
|
+ case SCMP_ARCH_S390:
|
|
+ return s390_syscall_resolve_name(name);
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return s390x_syscall_resolve_name(name);
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return ppc64_syscall_resolve_name(name);
|
|
+ case SCMP_ARCH_PPC:
|
|
+ return ppc_syscall_resolve_name(name);
|
|
}
|
|
|
|
return __NR_SCMP_ERROR;
|
|
@@ -204,6 +252,14 @@ const char *arch_syscall_resolve_num(con
|
|
return x32_syscall_resolve_num(num);
|
|
case SCMP_ARCH_ARM:
|
|
return arm_syscall_resolve_num(num);
|
|
+ case SCMP_ARCH_S390:
|
|
+ return s390_syscall_resolve_num(num);
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return s390x_syscall_resolve_num(num);
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return ppc64_syscall_resolve_num(num);
|
|
+ case SCMP_ARCH_PPC:
|
|
+ return ppc_syscall_resolve_num(num);
|
|
}
|
|
|
|
return NULL;
|
|
Index: libseccomp-2.1.1/src/arch-s390x.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-s390x.c
|
|
@@ -0,0 +1,34 @@
|
|
+/**
|
|
+ * Enhanced Seccomp S390X Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <errno.h>
|
|
+#include <linux/audit.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-s390x.h"
|
|
+
|
|
+const struct arch_def arch_def_s390x = {
|
|
+ .token = SCMP_ARCH_S390X,
|
|
+ .token_bpf = AUDIT_ARCH_S390X,
|
|
+ .size = ARCH_SIZE_64,
|
|
+ .endian = ARCH_ENDIAN_BIG,
|
|
+};
|
|
Index: libseccomp-2.1.1/src/arch-s390x.h
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-s390x.h
|
|
@@ -0,0 +1,40 @@
|
|
+/**
|
|
+ * Enhanced Seccomp S390X Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#ifndef _ARCH_S390X_H
|
|
+#define _ARCH_S390X_H
|
|
+
|
|
+#include <inttypes.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "system.h"
|
|
+
|
|
+#define s390x_arg_count_max 6
|
|
+
|
|
+extern const struct arch_def arch_def_s390x;
|
|
+
|
|
+#define s390x_arg_offset_lo(x) (arch_arg_offset(x) + 4)
|
|
+#define s390x_arg_offset_hi(x) (arch_arg_offset(x))
|
|
+
|
|
+int s390x_syscall_resolve_name(const char *name);
|
|
+const char *s390x_syscall_resolve_num(int num);
|
|
+
|
|
+#endif
|
|
Index: libseccomp-2.1.1/src/arch-s390x-syscalls.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-s390x-syscalls.c
|
|
@@ -0,0 +1,367 @@
|
|
+/**
|
|
+ * Enhanced Seccomp s390x Syscall Table
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <string.h>
|
|
+
|
|
+#include <seccomp.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-s390x.h"
|
|
+
|
|
+/* NOTE: based on Linux 3.13 */
|
|
+
|
|
+static const struct arch_syscall_def s390x_syscall_table[] = { \
|
|
+ { "exit", 1 },
|
|
+ { "fork", 2 },
|
|
+ { "read", 3 },
|
|
+ { "write", 4 },
|
|
+ { "open", 5 },
|
|
+ { "close", 6 },
|
|
+ { "restart_syscall", 7 },
|
|
+ { "creat", 8 },
|
|
+ { "link", 9 },
|
|
+ { "unlink", 10 },
|
|
+ { "execve", 11 },
|
|
+ { "chdir", 12 },
|
|
+ { "mknod", 14 },
|
|
+ { "chmod", 15 },
|
|
+ { "lseek", 19 },
|
|
+ { "getpid", 20 },
|
|
+ { "mount", 21 },
|
|
+ { "umount", 22 },
|
|
+ { "ptrace", 26 },
|
|
+ { "alarm", 27 },
|
|
+ { "pause", 29 },
|
|
+ { "utime", 30 },
|
|
+ { "access", 33 },
|
|
+ { "nice", 34 },
|
|
+ { "sync", 36 },
|
|
+ { "kill", 37 },
|
|
+ { "rename", 38 },
|
|
+ { "mkdir", 39 },
|
|
+ { "rmdir", 40 },
|
|
+ { "dup", 41 },
|
|
+ { "pipe", 42 },
|
|
+ { "times", 43 },
|
|
+ { "brk", 45 },
|
|
+ { "signal", 48 },
|
|
+ { "acct", 51 },
|
|
+ { "umount2", 52 },
|
|
+ { "ioctl", 54 },
|
|
+ { "fcntl", 55 },
|
|
+ { "setpgid", 57 },
|
|
+ { "umask", 60 },
|
|
+ { "chroot", 61 },
|
|
+ { "ustat", 62 },
|
|
+ { "dup2", 63 },
|
|
+ { "getppid", 64 },
|
|
+ { "getpgrp", 65 },
|
|
+ { "setsid", 66 },
|
|
+ { "sigaction", 67 },
|
|
+ { "sigsuspend", 72 },
|
|
+ { "sigpending", 73 },
|
|
+ { "sethostname", 74 },
|
|
+ { "setrlimit", 75 },
|
|
+ { "getrusage", 77 },
|
|
+ { "gettimeofday", 78 },
|
|
+ { "settimeofday", 79 },
|
|
+ { "symlink", 83 },
|
|
+ { "readlink", 85 },
|
|
+ { "uselib", 86 },
|
|
+ { "swapon", 87 },
|
|
+ { "reboot", 88 },
|
|
+ { "readdir", 89 },
|
|
+ { "mmap", 90 },
|
|
+ { "munmap", 91 },
|
|
+ { "truncate", 92 },
|
|
+ { "ftruncate", 93 },
|
|
+ { "fchmod", 94 },
|
|
+ { "getpriority", 96 },
|
|
+ { "setpriority", 97 },
|
|
+ { "statfs", 99 },
|
|
+ { "fstatfs", 100 },
|
|
+ { "socketcall", 102 },
|
|
+ { "syslog", 103 },
|
|
+ { "setitimer", 104 },
|
|
+ { "getitimer", 105 },
|
|
+ { "stat", 106 },
|
|
+ { "lstat", 107 },
|
|
+ { "fstat", 108 },
|
|
+ { "lookup_dcookie", 110 },
|
|
+ { "vhangup", 111 },
|
|
+ { "idle", 112 },
|
|
+ { "wait4", 114 },
|
|
+ { "swapoff", 115 },
|
|
+ { "sysinfo", 116 },
|
|
+ { "ipc", 117 },
|
|
+ { "fsync", 118 },
|
|
+ { "sigreturn", 119 },
|
|
+ { "clone", 120 },
|
|
+ { "setdomainname", 121 },
|
|
+ { "uname", 122 },
|
|
+ { "adjtimex", 124 },
|
|
+ { "mprotect", 125 },
|
|
+ { "sigprocmask", 126 },
|
|
+ { "create_module", 127 },
|
|
+ { "init_module", 128 },
|
|
+ { "delete_module", 129 },
|
|
+ { "get_kernel_syms", 130 },
|
|
+ { "quotactl", 131 },
|
|
+ { "getpgid", 132 },
|
|
+ { "fchdir", 133 },
|
|
+ { "bdflush", 134 },
|
|
+ { "sysfs", 135 },
|
|
+ { "personality", 136 },
|
|
+ { "afs_syscall", 137 },
|
|
+ { "getdents", 141 },
|
|
+ { "flock", 143 },
|
|
+ { "msync", 144 },
|
|
+ { "readv", 145 },
|
|
+ { "writev", 146 },
|
|
+ { "getsid", 147 },
|
|
+ { "fdatasync", 148 },
|
|
+ { "_sysctl", 149 },
|
|
+ { "mlock", 150 },
|
|
+ { "munlock", 151 },
|
|
+ { "mlockall", 152 },
|
|
+ { "munlockall", 153 },
|
|
+ { "sched_setparam", 154 },
|
|
+ { "sched_getparam", 155 },
|
|
+ { "sched_setscheduler", 156 },
|
|
+ { "sched_getscheduler", 157 },
|
|
+ { "sched_yield", 158 },
|
|
+ { "sched_get_priority_max", 159 },
|
|
+ { "sched_get_priority_min", 160 },
|
|
+ { "sched_rr_get_interval", 161 },
|
|
+ { "nanosleep", 162 },
|
|
+ { "mremap", 163 },
|
|
+ { "query_module", 167 },
|
|
+ { "poll", 168 },
|
|
+ { "nfsservctl", 169 },
|
|
+ { "prctl", 172 },
|
|
+ { "rt_sigreturn", 173 },
|
|
+ { "rt_sigaction", 174 },
|
|
+ { "rt_sigprocmask", 175 },
|
|
+ { "rt_sigpending", 176 },
|
|
+ { "rt_sigtimedwait", 177 },
|
|
+ { "rt_sigqueueinfo", 178 },
|
|
+ { "rt_sigsuspend", 179 },
|
|
+ { "pread64", 180 },
|
|
+ { "pwrite64", 181 },
|
|
+ { "getcwd", 183 },
|
|
+ { "capget", 184 },
|
|
+ { "capset", 185 },
|
|
+ { "sigaltstack", 186 },
|
|
+ { "sendfile", 187 },
|
|
+ { "getpmsg", 188 },
|
|
+ { "putpmsg", 189 },
|
|
+ { "vfork", 190 },
|
|
+ { "pivot_root", 217 },
|
|
+ { "mincore", 218 },
|
|
+ { "madvise", 219 },
|
|
+ { "getdents64", 220 },
|
|
+ { "readahead", 222 },
|
|
+ { "setxattr", 224 },
|
|
+ { "lsetxattr", 225 },
|
|
+ { "fsetxattr", 226 },
|
|
+ { "getxattr", 227 },
|
|
+ { "lgetxattr", 228 },
|
|
+ { "fgetxattr", 229 },
|
|
+ { "listxattr", 230 },
|
|
+ { "llistxattr", 231 },
|
|
+ { "flistxattr", 232 },
|
|
+ { "removexattr", 233 },
|
|
+ { "lremovexattr", 234 },
|
|
+ { "fremovexattr", 235 },
|
|
+ { "gettid", 236 },
|
|
+ { "tkill", 237 },
|
|
+ { "futex", 238 },
|
|
+ { "sched_setaffinity", 239 },
|
|
+ { "sched_getaffinity", 240 },
|
|
+ { "tgkill", 241 },
|
|
+ { "io_setup", 243 },
|
|
+ { "io_destroy", 244 },
|
|
+ { "io_getevents", 245 },
|
|
+ { "io_submit", 246 },
|
|
+ { "io_cancel", 247 },
|
|
+ { "exit_group", 248 },
|
|
+ { "epoll_create", 249 },
|
|
+ { "epoll_ctl", 250 },
|
|
+ { "epoll_wait", 251 },
|
|
+ { "set_tid_address", 252 },
|
|
+ { "fadvise64", 253 },
|
|
+ { "timer_create", 254 },
|
|
+ { "timer_settime", 255 },
|
|
+ { "timer_gettime", 256 },
|
|
+ { "timer_getoverrun", 257 },
|
|
+ { "timer_delete", 258 },
|
|
+ { "clock_settime", 259 },
|
|
+ { "clock_gettime", 260 },
|
|
+ { "clock_getres", 261 },
|
|
+ { "clock_nanosleep", 262 },
|
|
+ { "statfs64", 265 },
|
|
+ { "fstatfs64", 266 },
|
|
+ { "remap_file_pages", 267 },
|
|
+ { "mq_open", 271 },
|
|
+ { "mq_unlink", 272 },
|
|
+ { "mq_timedsend", 273 },
|
|
+ { "mq_timedreceive", 274 },
|
|
+ { "mq_notify", 275 },
|
|
+ { "mq_getsetattr", 276 },
|
|
+ { "kexec_load", 277 },
|
|
+ { "add_key", 278 },
|
|
+ { "request_key", 279 },
|
|
+ { "keyctl", 280 },
|
|
+ { "waitid", 281 },
|
|
+ { "ioprio_set", 282 },
|
|
+ { "ioprio_get", 283 },
|
|
+ { "inotify_init", 284 },
|
|
+ { "inotify_add_watch", 285 },
|
|
+ { "inotify_rm_watch", 286 },
|
|
+ { "openat", 288 },
|
|
+ { "mkdirat", 289 },
|
|
+ { "mknodat", 290 },
|
|
+ { "fchownat", 291 },
|
|
+ { "futimesat", 292 },
|
|
+ { "unlinkat", 294 },
|
|
+ { "renameat", 295 },
|
|
+ { "linkat", 296 },
|
|
+ { "symlinkat", 297 },
|
|
+ { "readlinkat", 298 },
|
|
+ { "fchmodat", 299 },
|
|
+ { "faccessat", 300 },
|
|
+ { "pselect6", 301 },
|
|
+ { "ppoll", 302 },
|
|
+ { "unshare", 303 },
|
|
+ { "set_robust_list", 304 },
|
|
+ { "get_robust_list", 305 },
|
|
+ { "splice", 306 },
|
|
+ { "sync_file_range", 307 },
|
|
+ { "tee", 308 },
|
|
+ { "vmsplice", 309 },
|
|
+ { "getcpu", 311 },
|
|
+ { "epoll_pwait", 312 },
|
|
+ { "utimes", 313 },
|
|
+ { "fallocate", 314 },
|
|
+ { "utimensat", 315 },
|
|
+ { "signalfd", 316 },
|
|
+ { "timerfd", 317 },
|
|
+ { "eventfd", 318 },
|
|
+ { "timerfd_create", 319 },
|
|
+ { "timerfd_settime", 320 },
|
|
+ { "timerfd_gettime", 321 },
|
|
+ { "signalfd4", 322 },
|
|
+ { "eventfd2", 323 },
|
|
+ { "inotify_init1", 324 },
|
|
+ { "pipe2", 325 },
|
|
+ { "dup3", 326 },
|
|
+ { "epoll_create1", 327 },
|
|
+ { "preadv", 328 },
|
|
+ { "pwritev", 329 },
|
|
+ { "rt_tgsigqueueinfo", 330 },
|
|
+ { "perf_event_open", 331 },
|
|
+ { "fanotify_init", 332 },
|
|
+ { "fanotify_mark", 333 },
|
|
+ { "prlimit64", 334 },
|
|
+ { "name_to_handle_at", 335 },
|
|
+ { "open_by_handle_at", 336 },
|
|
+ { "clock_adjtime", 337 },
|
|
+ { "syncfs", 338 },
|
|
+ { "setns", 339 },
|
|
+ { "process_vm_readv", 340 },
|
|
+ { "process_vm_writev", 341 },
|
|
+ { "s390_runtime_instr", 342 },
|
|
+ { "kcmp", 343 },
|
|
+ { "finit_module", 344 },
|
|
+ { "sched_setattr", 345 },
|
|
+ { "sched_getattr", 346 },
|
|
+ { "select", 142 },
|
|
+ { "getrlimit", 191 },
|
|
+ { "lchown", 198 },
|
|
+ { "getuid", 199 },
|
|
+ { "getgid", 200 },
|
|
+ { "geteuid", 201 },
|
|
+ { "getegid", 202 },
|
|
+ { "setreuid", 203 },
|
|
+ { "setregid", 204 },
|
|
+ { "getgroups", 205 },
|
|
+ { "setgroups", 206 },
|
|
+ { "fchown", 207 },
|
|
+ { "setresuid", 208 },
|
|
+ { "getresuid", 209 },
|
|
+ { "setresgid", 210 },
|
|
+ { "getresgid", 211 },
|
|
+ { "chown", 212 },
|
|
+ { "setuid", 213 },
|
|
+ { "setgid", 214 },
|
|
+ { "setfsuid", 215 },
|
|
+ { "setfsgid", 216 },
|
|
+ { "newfstatat", 293 },
|
|
+
|
|
+ {NULL, __NR_SCMP_ERROR},
|
|
+};
|
|
+
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall name to a number
|
|
+ * @param name the syscall name
|
|
+ *
|
|
+ * Resolve the given syscall name to the syscall number using the syscall table.
|
|
+ * Returns the syscall number on success, including negative pseudo syscall
|
|
+ * numbers; returns __NR_SCMP_ERROR on failure.
|
|
+ *
|
|
+ */
|
|
+int s390x_syscall_resolve_name(const char *name)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = s390x_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].name != NULL; iter++) {
|
|
+ if (strcmp(name, table[iter].name) == 0)
|
|
+ return table[iter].num;
|
|
+ }
|
|
+
|
|
+ return __NR_SCMP_ERROR;
|
|
+}
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall number to a name
|
|
+ * @param num the syscall number
|
|
+ *
|
|
+ * Resolve the given syscall number to the syscall name using the syscall table.
|
|
+ * Returns a pointer to the syscall name string on success, including pseudo
|
|
+ * syscall names; returns NULL on failure.
|
|
+ *
|
|
+ */
|
|
+const char *s390x_syscall_resolve_num(int num)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = s390x_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
|
|
+ if (num == table[iter].num)
|
|
+ return table[iter].name;
|
|
+ }
|
|
+
|
|
+ return NULL;
|
|
+}
|
|
Index: libseccomp-2.1.1/src/gen_pfc.c
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/src/gen_pfc.c
|
|
+++ libseccomp-2.1.1/src/gen_pfc.c
|
|
@@ -57,6 +57,14 @@ static const char *_pfc_arch(const struc
|
|
return "x32";
|
|
case SCMP_ARCH_ARM:
|
|
return "arm";
|
|
+ case SCMP_ARCH_S390X:
|
|
+ return "s390x";
|
|
+ case SCMP_ARCH_S390:
|
|
+ return "s390";
|
|
+ case SCMP_ARCH_PPC:
|
|
+ return "ppc";
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ return "ppc64";
|
|
default:
|
|
return "UNKNOWN";
|
|
}
|
|
Index: libseccomp-2.1.1/src/Makefile
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/src/Makefile
|
|
+++ libseccomp-2.1.1/src/Makefile
|
|
@@ -42,6 +42,7 @@ OBJS = \
|
|
arch-x86_64.o arch-x86_64-syscalls.o \
|
|
arch-x32.o arch-x32-syscalls.o \
|
|
arch-arm.o arch-arm-syscalls.o \
|
|
+ arch-s390x.o arch-s390x-syscalls.o \
|
|
hash.o \
|
|
gen_pfc.o gen_bpf.o
|
|
|
|
Index: libseccomp-2.1.1/tools/scmp_arch_detect.c
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/tools/scmp_arch_detect.c
|
|
+++ libseccomp-2.1.1/tools/scmp_arch_detect.c
|
|
@@ -78,6 +78,18 @@ int main(int argc, char *argv[])
|
|
case SCMP_ARCH_ARM:
|
|
printf("arm\n");
|
|
break;
|
|
+ case SCMP_ARCH_S390:
|
|
+ printf("s390\n");
|
|
+ break;
|
|
+ case SCMP_ARCH_S390X:
|
|
+ printf("s390x\n");
|
|
+ break;
|
|
+ case SCMP_ARCH_PPC:
|
|
+ printf("ppc\n");
|
|
+ break;
|
|
+ case SCMP_ARCH_PPC64:
|
|
+ printf("ppc64\n");
|
|
+ break;
|
|
default:
|
|
printf("unknown\n");
|
|
}
|
|
Index: libseccomp-2.1.1/tools/scmp_bpf_sim.c
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/tools/scmp_bpf_sim.c
|
|
+++ libseccomp-2.1.1/tools/scmp_bpf_sim.c
|
|
@@ -239,6 +239,14 @@ int main(int argc, char *argv[])
|
|
sys_data.arch = AUDIT_ARCH_X86_64;
|
|
else if (strcmp(optarg, "arm") == 0)
|
|
sys_data.arch = AUDIT_ARCH_ARM;
|
|
+ else if (strcmp(optarg, "s390") == 0)
|
|
+ sys_data.arch = AUDIT_ARCH_S390;
|
|
+ else if (strcmp(optarg, "s390x") == 0)
|
|
+ sys_data.arch = AUDIT_ARCH_S390X;
|
|
+ else if (strcmp(optarg, "ppc") == 0)
|
|
+ sys_data.arch = AUDIT_ARCH_PPC;
|
|
+ else if (strcmp(optarg, "ppc64") == 0)
|
|
+ sys_data.arch = AUDIT_ARCH_PPC64;
|
|
else
|
|
exit_fault(EINVAL);
|
|
break;
|
|
Index: libseccomp-2.1.1/src/Makefile.am
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/src/Makefile.am
|
|
+++ libseccomp-2.1.1/src/Makefile.am
|
|
@@ -9,8 +9,13 @@ lib_LTLIBRARIES = libseccomp.la
|
|
|
|
libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \
|
|
arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \
|
|
- arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \
|
|
+ arch-arm.c arch-arm-syscalls.c \
|
|
+ arch-s390.c arch-s390-syscalls.c \
|
|
+ arch-s390x.c arch-s390x-syscalls.c \
|
|
+ arch-ppc.c arch-ppc-syscalls.c \
|
|
+ arch-ppc64.c arch-ppc64-syscalls.c \
|
|
+ db.c hash.c gen_pfc.c gen_bpf.c \
|
|
\
|
|
- arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \
|
|
+ arch-arm.h arch-ppc.h arch-ppc64.h arch-s390x.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \
|
|
db.h gen_bpf.h gen_pfc.h hash.h system.h
|
|
libseccomp_la_LDFLAGS = -version-number 2:1:0
|
|
Index: libseccomp-2.1.1/src/arch-s390.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-s390.c
|
|
@@ -0,0 +1,34 @@
|
|
+/**
|
|
+ * Enhanced Seccomp S390 Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <errno.h>
|
|
+#include <linux/audit.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-s390.h"
|
|
+
|
|
+const struct arch_def arch_def_s390 = {
|
|
+ .token = SCMP_ARCH_S390,
|
|
+ .token_bpf = AUDIT_ARCH_S390,
|
|
+ .size = ARCH_SIZE_32,
|
|
+ .endian = ARCH_ENDIAN_BIG,
|
|
+};
|
|
Index: libseccomp-2.1.1/src/arch-s390.h
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-s390.h
|
|
@@ -0,0 +1,37 @@
|
|
+/**
|
|
+ * Enhanced Seccomp S390 Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#ifndef _ARCH_S390_H
|
|
+#define _ARCH_S390_H
|
|
+
|
|
+#include <inttypes.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "system.h"
|
|
+
|
|
+#define s390_arg_count_max 6
|
|
+
|
|
+extern const struct arch_def arch_def_s390;
|
|
+
|
|
+int s390_syscall_resolve_name(const char *name);
|
|
+const char *s390_syscall_resolve_num(int num);
|
|
+
|
|
+#endif
|
|
Index: libseccomp-2.1.1/src/arch-s390-syscalls.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-s390-syscalls.c
|
|
@@ -0,0 +1,400 @@
|
|
+/**
|
|
+ * Enhanced Seccomp s390 Syscall Table
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <string.h>
|
|
+
|
|
+#include <seccomp.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-s390.h"
|
|
+
|
|
+/* NOTE: based on Linux 3.13 */
|
|
+
|
|
+static const struct arch_syscall_def s390_syscall_table[] = { \
|
|
+ { "exit", 1 },
|
|
+ { "fork", 2 },
|
|
+ { "read", 3 },
|
|
+ { "write", 4 },
|
|
+ { "open", 5 },
|
|
+ { "close", 6 },
|
|
+ { "restart_syscall", 7 },
|
|
+ { "creat", 8 },
|
|
+ { "link", 9 },
|
|
+ { "unlink", 10 },
|
|
+ { "execve", 11 },
|
|
+ { "chdir", 12 },
|
|
+ { "mknod", 14 },
|
|
+ { "chmod", 15 },
|
|
+ { "lseek", 19 },
|
|
+ { "getpid", 20 },
|
|
+ { "mount", 21 },
|
|
+ { "umount", 22 },
|
|
+ { "ptrace", 26 },
|
|
+ { "alarm", 27 },
|
|
+ { "pause", 29 },
|
|
+ { "utime", 30 },
|
|
+ { "access", 33 },
|
|
+ { "nice", 34 },
|
|
+ { "sync", 36 },
|
|
+ { "kill", 37 },
|
|
+ { "rename", 38 },
|
|
+ { "mkdir", 39 },
|
|
+ { "rmdir", 40 },
|
|
+ { "dup", 41 },
|
|
+ { "pipe", 42 },
|
|
+ { "times", 43 },
|
|
+ { "brk", 45 },
|
|
+ { "signal", 48 },
|
|
+ { "acct", 51 },
|
|
+ { "umount2", 52 },
|
|
+ { "ioctl", 54 },
|
|
+ { "fcntl", 55 },
|
|
+ { "setpgid", 57 },
|
|
+ { "umask", 60 },
|
|
+ { "chroot", 61 },
|
|
+ { "ustat", 62 },
|
|
+ { "dup2", 63 },
|
|
+ { "getppid", 64 },
|
|
+ { "getpgrp", 65 },
|
|
+ { "setsid", 66 },
|
|
+ { "sigaction", 67 },
|
|
+ { "sigsuspend", 72 },
|
|
+ { "sigpending", 73 },
|
|
+ { "sethostname", 74 },
|
|
+ { "setrlimit", 75 },
|
|
+ { "getrusage", 77 },
|
|
+ { "gettimeofday", 78 },
|
|
+ { "settimeofday", 79 },
|
|
+ { "symlink", 83 },
|
|
+ { "readlink", 85 },
|
|
+ { "uselib", 86 },
|
|
+ { "swapon", 87 },
|
|
+ { "reboot", 88 },
|
|
+ { "readdir", 89 },
|
|
+ { "mmap", 90 },
|
|
+ { "munmap", 91 },
|
|
+ { "truncate", 92 },
|
|
+ { "ftruncate", 93 },
|
|
+ { "fchmod", 94 },
|
|
+ { "getpriority", 96 },
|
|
+ { "setpriority", 97 },
|
|
+ { "statfs", 99 },
|
|
+ { "fstatfs", 100 },
|
|
+ { "socketcall", 102 },
|
|
+ { "syslog", 103 },
|
|
+ { "setitimer", 104 },
|
|
+ { "getitimer", 105 },
|
|
+ { "stat", 106 },
|
|
+ { "lstat", 107 },
|
|
+ { "fstat", 108 },
|
|
+ { "lookup_dcookie", 110 },
|
|
+ { "vhangup", 111 },
|
|
+ { "idle", 112 },
|
|
+ { "wait4", 114 },
|
|
+ { "swapoff", 115 },
|
|
+ { "sysinfo", 116 },
|
|
+ { "ipc", 117 },
|
|
+ { "fsync", 118 },
|
|
+ { "sigreturn", 119 },
|
|
+ { "clone", 120 },
|
|
+ { "setdomainname", 121 },
|
|
+ { "uname", 122 },
|
|
+ { "adjtimex", 124 },
|
|
+ { "mprotect", 125 },
|
|
+ { "sigprocmask", 126 },
|
|
+ { "create_module", 127 },
|
|
+ { "init_module", 128 },
|
|
+ { "delete_module", 129 },
|
|
+ { "get_kernel_syms", 130 },
|
|
+ { "quotactl", 131 },
|
|
+ { "getpgid", 132 },
|
|
+ { "fchdir", 133 },
|
|
+ { "bdflush", 134 },
|
|
+ { "sysfs", 135 },
|
|
+ { "personality", 136 },
|
|
+ { "afs_syscall", 137 },
|
|
+ { "getdents", 141 },
|
|
+ { "flock", 143 },
|
|
+ { "msync", 144 },
|
|
+ { "readv", 145 },
|
|
+ { "writev", 146 },
|
|
+ { "getsid", 147 },
|
|
+ { "fdatasync", 148 },
|
|
+ { "_sysctl", 149 },
|
|
+ { "mlock", 150 },
|
|
+ { "munlock", 151 },
|
|
+ { "mlockall", 152 },
|
|
+ { "munlockall", 153 },
|
|
+ { "sched_setparam", 154 },
|
|
+ { "sched_getparam", 155 },
|
|
+ { "sched_setscheduler", 156 },
|
|
+ { "sched_getscheduler", 157 },
|
|
+ { "sched_yield", 158 },
|
|
+ { "sched_get_priority_max", 159 },
|
|
+ { "sched_get_priority_min", 160 },
|
|
+ { "sched_rr_get_interval", 161 },
|
|
+ { "nanosleep", 162 },
|
|
+ { "mremap", 163 },
|
|
+ { "query_module", 167 },
|
|
+ { "poll", 168 },
|
|
+ { "nfsservctl", 169 },
|
|
+ { "prctl", 172 },
|
|
+ { "rt_sigreturn", 173 },
|
|
+ { "rt_sigaction", 174 },
|
|
+ { "rt_sigprocmask", 175 },
|
|
+ { "rt_sigpending", 176 },
|
|
+ { "rt_sigtimedwait", 177 },
|
|
+ { "rt_sigqueueinfo", 178 },
|
|
+ { "rt_sigsuspend", 179 },
|
|
+ { "pread64", 180 },
|
|
+ { "pwrite64", 181 },
|
|
+ { "getcwd", 183 },
|
|
+ { "capget", 184 },
|
|
+ { "capset", 185 },
|
|
+ { "sigaltstack", 186 },
|
|
+ { "sendfile", 187 },
|
|
+ { "getpmsg", 188 },
|
|
+ { "putpmsg", 189 },
|
|
+ { "vfork", 190 },
|
|
+ { "pivot_root", 217 },
|
|
+ { "mincore", 218 },
|
|
+ { "madvise", 219 },
|
|
+ { "getdents64", 220 },
|
|
+ { "readahead", 222 },
|
|
+ { "setxattr", 224 },
|
|
+ { "lsetxattr", 225 },
|
|
+ { "fsetxattr", 226 },
|
|
+ { "getxattr", 227 },
|
|
+ { "lgetxattr", 228 },
|
|
+ { "fgetxattr", 229 },
|
|
+ { "listxattr", 230 },
|
|
+ { "llistxattr", 231 },
|
|
+ { "flistxattr", 232 },
|
|
+ { "removexattr", 233 },
|
|
+ { "lremovexattr", 234 },
|
|
+ { "fremovexattr", 235 },
|
|
+ { "gettid", 236 },
|
|
+ { "tkill", 237 },
|
|
+ { "futex", 238 },
|
|
+ { "sched_setaffinity", 239 },
|
|
+ { "sched_getaffinity", 240 },
|
|
+ { "tgkill", 241 },
|
|
+ { "io_setup", 243 },
|
|
+ { "io_destroy", 244 },
|
|
+ { "io_getevents", 245 },
|
|
+ { "io_submit", 246 },
|
|
+ { "io_cancel", 247 },
|
|
+ { "exit_group", 248 },
|
|
+ { "epoll_create", 249 },
|
|
+ { "epoll_ctl", 250 },
|
|
+ { "epoll_wait", 251 },
|
|
+ { "set_tid_address", 252 },
|
|
+ { "fadvise64", 253 },
|
|
+ { "timer_create", 254 },
|
|
+ { "timer_settime", 255 },
|
|
+ { "timer_gettime", 256 },
|
|
+ { "timer_getoverrun", 257 },
|
|
+ { "timer_delete", 258 },
|
|
+ { "clock_settime", 259 },
|
|
+ { "clock_gettime", 260 },
|
|
+ { "clock_getres", 261 },
|
|
+ { "clock_nanosleep", 262 },
|
|
+ { "statfs64", 265 },
|
|
+ { "fstatfs64", 266 },
|
|
+ { "remap_file_pages", 267 },
|
|
+ { "mq_open", 271 },
|
|
+ { "mq_unlink", 272 },
|
|
+ { "mq_timedsend", 273 },
|
|
+ { "mq_timedreceive", 274 },
|
|
+ { "mq_notify", 275 },
|
|
+ { "mq_getsetattr", 276 },
|
|
+ { "kexec_load", 277 },
|
|
+ { "add_key", 278 },
|
|
+ { "request_key", 279 },
|
|
+ { "keyctl", 280 },
|
|
+ { "waitid", 281 },
|
|
+ { "ioprio_set", 282 },
|
|
+ { "ioprio_get", 283 },
|
|
+ { "inotify_init", 284 },
|
|
+ { "inotify_add_watch", 285 },
|
|
+ { "inotify_rm_watch", 286 },
|
|
+ { "openat", 288 },
|
|
+ { "mkdirat", 289 },
|
|
+ { "mknodat", 290 },
|
|
+ { "fchownat", 291 },
|
|
+ { "futimesat", 292 },
|
|
+ { "unlinkat", 294 },
|
|
+ { "renameat", 295 },
|
|
+ { "linkat", 296 },
|
|
+ { "symlinkat", 297 },
|
|
+ { "readlinkat", 298 },
|
|
+ { "fchmodat", 299 },
|
|
+ { "faccessat", 300 },
|
|
+ { "pselect6", 301 },
|
|
+ { "ppoll", 302 },
|
|
+ { "unshare", 303 },
|
|
+ { "set_robust_list", 304 },
|
|
+ { "get_robust_list", 305 },
|
|
+ { "splice", 306 },
|
|
+ { "sync_file_range", 307 },
|
|
+ { "tee", 308 },
|
|
+ { "vmsplice", 309 },
|
|
+ { "getcpu", 311 },
|
|
+ { "epoll_pwait", 312 },
|
|
+ { "utimes", 313 },
|
|
+ { "fallocate", 314 },
|
|
+ { "utimensat", 315 },
|
|
+ { "signalfd", 316 },
|
|
+ { "timerfd", 317 },
|
|
+ { "eventfd", 318 },
|
|
+ { "timerfd_create", 319 },
|
|
+ { "timerfd_settime", 320 },
|
|
+ { "timerfd_gettime", 321 },
|
|
+ { "signalfd4", 322 },
|
|
+ { "eventfd2", 323 },
|
|
+ { "inotify_init1", 324 },
|
|
+ { "pipe2", 325 },
|
|
+ { "dup3", 326 },
|
|
+ { "epoll_create1", 327 },
|
|
+ { "preadv", 328 },
|
|
+ { "pwritev", 328 },
|
|
+ { "rt_tgsigqueueinfo", 330 },
|
|
+ { "perf_event_open", 331 },
|
|
+ { "fanotify_init", 332 },
|
|
+ { "fanotify_mark", 333 },
|
|
+ { "prlimit64", 334 },
|
|
+ { "name_to_handle_at", 335 },
|
|
+ { "open_by_handle_at", 336 },
|
|
+ { "clock_adjtime", 337 },
|
|
+ { "syncfs", 338 },
|
|
+ { "setns", 339 },
|
|
+ { "process_vm_readv", 340 },
|
|
+ { "process_vm_writev", 341 },
|
|
+ { "s390_runtime_instr", 342 },
|
|
+ { "kcmp", 343 },
|
|
+ { "finit_module", 344 },
|
|
+ { "sched_setattr", 345 },
|
|
+ { "sched_getattr", 346 },
|
|
+ { "time", 13 },
|
|
+ { "lchown", 16 },
|
|
+ { "setuid", 23 },
|
|
+ { "getuid", 24 },
|
|
+ { "stime", 25 },
|
|
+ { "setgid", 46 },
|
|
+ { "getgid", 47 },
|
|
+ { "geteuid", 49 },
|
|
+ { "getegid", 50 },
|
|
+ { "setreuid", 70 },
|
|
+ { "setregid", 71 },
|
|
+ { "getrlimit", 76 },
|
|
+ { "getgroups", 80 },
|
|
+ { "setgroups", 81 },
|
|
+ { "fchown", 95 },
|
|
+ { "ioperm", 101 },
|
|
+ { "setfsuid", 138 },
|
|
+ { "setfsgid", 139 },
|
|
+ { "_llseek", 140 },
|
|
+ { "_newselect", 142 },
|
|
+ { "setresuid", 164 },
|
|
+ { "getresuid", 165 },
|
|
+ { "setresgid", 170 },
|
|
+ { "getresgid", 171 },
|
|
+ { "chown", 182 },
|
|
+ { "ugetrlimit", 191 },
|
|
+ { "mmap2", 192 },
|
|
+ { "truncate64", 193 },
|
|
+ { "ftruncate64", 194 },
|
|
+ { "stat64", 195 },
|
|
+ { "lstat64", 196 },
|
|
+ { "fstat64", 197 },
|
|
+ { "lchown32", 198 },
|
|
+ { "getuid32", 199 },
|
|
+ { "getgid32", 200 },
|
|
+ { "geteuid32", 201 },
|
|
+ { "getegid32", 202 },
|
|
+ { "setreuid32", 203 },
|
|
+ { "setregid32", 204 },
|
|
+ { "getgroups32", 205 },
|
|
+ { "setgroups32", 206 },
|
|
+ { "fchown32", 207 },
|
|
+ { "setresuid32", 208 },
|
|
+ { "getresuid32", 209 },
|
|
+ { "setresgid32", 210 },
|
|
+ { "getresgid32", 211 },
|
|
+ { "chown32", 212 },
|
|
+ { "setuid32", 213 },
|
|
+ { "setgid32", 214 },
|
|
+ { "setfsuid32", 215 },
|
|
+ { "setfsgid32", 216 },
|
|
+ { "fcntl64", 221 },
|
|
+ { "sendfile64", 223 },
|
|
+ { "fadvise64_64", 264 },
|
|
+ { "fstatat64", 293 },
|
|
+
|
|
+ {NULL, __NR_SCMP_ERROR},
|
|
+};
|
|
+
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall name to a number
|
|
+ * @param name the syscall name
|
|
+ *
|
|
+ * Resolve the given syscall name to the syscall number using the syscall table.
|
|
+ * Returns the syscall number on success, including negative pseudo syscall
|
|
+ * numbers; returns __NR_SCMP_ERROR on failure.
|
|
+ *
|
|
+ */
|
|
+int s390_syscall_resolve_name(const char *name)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = s390_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].name != NULL; iter++) {
|
|
+ if (strcmp(name, table[iter].name) == 0)
|
|
+ return table[iter].num;
|
|
+ }
|
|
+
|
|
+ return __NR_SCMP_ERROR;
|
|
+}
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall number to a name
|
|
+ * @param num the syscall number
|
|
+ *
|
|
+ * Resolve the given syscall number to the syscall name using the syscall table.
|
|
+ * Returns a pointer to the syscall name string on success, including pseudo
|
|
+ * syscall names; returns NULL on failure.
|
|
+ *
|
|
+ */
|
|
+const char *s390_syscall_resolve_num(int num)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = s390_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
|
|
+ if (num == table[iter].num)
|
|
+ return table[iter].name;
|
|
+ }
|
|
+
|
|
+ return NULL;
|
|
+}
|
|
Index: libseccomp-2.1.1/src/arch-ppc64.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-ppc64.c
|
|
@@ -0,0 +1,38 @@
|
|
+/**
|
|
+ * Enhanced Seccomp PowerPC64 Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <errno.h>
|
|
+#include <linux/audit.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-ppc64.h"
|
|
+
|
|
+const struct arch_def arch_def_ppc64 = {
|
|
+ .token = SCMP_ARCH_PPC64,
|
|
+ .token_bpf = AUDIT_ARCH_PPC64,
|
|
+ .size = ARCH_SIZE_64,
|
|
+#ifdef __LITTLE_ENDIAN__
|
|
+ .endian = ARCH_ENDIAN_LITTLE,
|
|
+#else
|
|
+ .endian = ARCH_ENDIAN_BIG,
|
|
+#endif
|
|
+};
|
|
Index: libseccomp-2.1.1/src/arch-ppc64.h
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-ppc64.h
|
|
@@ -0,0 +1,45 @@
|
|
+/**
|
|
+ * Enhanced Seccomp PowerPC64 Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#ifndef _ARCH_PPC64_H
|
|
+#define _ARCH_PPC64_H
|
|
+
|
|
+#include <inttypes.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "system.h"
|
|
+
|
|
+#define ppc64_arg_count_max 6
|
|
+
|
|
+extern const struct arch_def arch_def_ppc64;
|
|
+
|
|
+#ifdef __LITTLE_ENDIAN__
|
|
+#define ppc64_arg_offset_lo(x) (arch_arg_offset(x))
|
|
+#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4)
|
|
+#else
|
|
+#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4)
|
|
+#define ppc64_arg_offset_hi(x) (arch_arg_offset(x))
|
|
+#endif
|
|
+
|
|
+int ppc64_syscall_resolve_name(const char *name);
|
|
+const char *ppc64_syscall_resolve_num(int num);
|
|
+
|
|
+#endif
|
|
Index: libseccomp-2.1.1/src/arch-ppc64-syscalls.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-ppc64-syscalls.c
|
|
@@ -0,0 +1,427 @@
|
|
+/**
|
|
+ * Enhanced Seccomp PowerPC64 Syscall Table
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <string.h>
|
|
+
|
|
+#include <seccomp.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-ppc64.h"
|
|
+
|
|
+/* NOTE: based on Linux 3.13 */
|
|
+
|
|
+static const struct arch_syscall_def ppc64_syscall_table[] = { \
|
|
+ { "restart_syscall", 0 },
|
|
+ { "exit", 1 },
|
|
+ { "fork", 2 },
|
|
+ { "read", 3 },
|
|
+ { "write", 4 },
|
|
+ { "open", 5 },
|
|
+ { "close", 6 },
|
|
+ { "waitpid", 7 },
|
|
+ { "creat", 8 },
|
|
+ { "link", 9 },
|
|
+ { "unlink", 10 },
|
|
+ { "execve", 11 },
|
|
+ { "chdir", 12 },
|
|
+ { "time", 13 },
|
|
+ { "mknod", 14 },
|
|
+ { "chmod", 15 },
|
|
+ { "lchown", 16 },
|
|
+ { "break", 17 },
|
|
+ { "oldstat", 18 },
|
|
+ { "lseek", 19 },
|
|
+ { "getpid", 20 },
|
|
+ { "mount", 21 },
|
|
+ { "umount", 22 },
|
|
+ { "setuid", 23 },
|
|
+ { "getuid", 24 },
|
|
+ { "stime", 25 },
|
|
+ { "ptrace", 26 },
|
|
+ { "alarm", 27 },
|
|
+ { "oldfstat", 28 },
|
|
+ { "pause", 29 },
|
|
+ { "utime", 30 },
|
|
+ { "stty", 31 },
|
|
+ { "gtty", 32 },
|
|
+ { "access", 33 },
|
|
+ { "nice", 34 },
|
|
+ { "ftime", 35 },
|
|
+ { "sync", 36 },
|
|
+ { "kill", 37 },
|
|
+ { "rename", 38 },
|
|
+ { "mkdir", 39 },
|
|
+ { "rmdir", 40 },
|
|
+ { "dup", 41 },
|
|
+ { "pipe", 42 },
|
|
+ { "times", 43 },
|
|
+ { "prof", 44 },
|
|
+ { "brk", 45 },
|
|
+ { "setgid", 46 },
|
|
+ { "getgid", 47 },
|
|
+ { "signal", 48 },
|
|
+ { "geteuid", 49 },
|
|
+ { "getegid", 50 },
|
|
+ { "acct", 51 },
|
|
+ { "umount2", 52 },
|
|
+ { "lock", 53 },
|
|
+ { "ioctl", 54 },
|
|
+ { "fcntl", 55 },
|
|
+ { "mpx", 56 },
|
|
+ { "setpgid", 57 },
|
|
+ { "ulimit", 58 },
|
|
+ { "oldolduname", 59 },
|
|
+ { "umask", 60 },
|
|
+ { "chroot", 61 },
|
|
+ { "ustat", 62 },
|
|
+ { "dup2", 63 },
|
|
+ { "getppid", 64 },
|
|
+ { "getpgrp", 65 },
|
|
+ { "setsid", 66 },
|
|
+ { "sigaction", 67 },
|
|
+ { "sgetmask", 68 },
|
|
+ { "ssetmask", 69 },
|
|
+ { "setreuid", 70 },
|
|
+ { "setregid", 71 },
|
|
+ { "sigsuspend", 72 },
|
|
+ { "sigpending", 73 },
|
|
+ { "sethostname", 74 },
|
|
+ { "setrlimit", 75 },
|
|
+ { "getrlimit", 76 },
|
|
+ { "getrusage", 77 },
|
|
+ { "gettimeofday", 78 },
|
|
+ { "settimeofday", 79 },
|
|
+ { "getgroups", 80 },
|
|
+ { "setgroups", 81 },
|
|
+ { "select", 82 },
|
|
+ { "symlink", 83 },
|
|
+ { "oldlstat", 84 },
|
|
+ { "readlink", 85 },
|
|
+ { "uselib", 86 },
|
|
+ { "swapon", 87 },
|
|
+ { "reboot", 88 },
|
|
+ { "readdir", 89 },
|
|
+ { "mmap", 90 },
|
|
+ { "munmap", 91 },
|
|
+ { "truncate", 92 },
|
|
+ { "ftruncate", 93 },
|
|
+ { "fchmod", 94 },
|
|
+ { "fchown", 95 },
|
|
+ { "getpriority", 96 },
|
|
+ { "setpriority", 97 },
|
|
+ { "profil", 98 },
|
|
+ { "statfs", 99 },
|
|
+ { "fstatfs", 100 },
|
|
+ { "ioperm", 101 },
|
|
+ { "socketcall", 102 },
|
|
+ { "syslog", 103 },
|
|
+ { "setitimer", 104 },
|
|
+ { "getitimer", 105 },
|
|
+ { "stat", 106 },
|
|
+ { "lstat", 107 },
|
|
+ { "fstat", 108 },
|
|
+ { "olduname", 109 },
|
|
+ { "iopl", 110 },
|
|
+ { "vhangup", 111 },
|
|
+ { "idle", 112 },
|
|
+ { "vm86", 113 },
|
|
+ { "wait4", 114 },
|
|
+ { "swapoff", 115 },
|
|
+ { "sysinfo", 116 },
|
|
+ { "ipc", 117 },
|
|
+ { "fsync", 118 },
|
|
+ { "sigreturn", 119 },
|
|
+ { "clone", 120 },
|
|
+ { "setdomainname", 121 },
|
|
+ { "uname", 122 },
|
|
+ { "modify_ldt", 123 },
|
|
+ { "adjtimex", 124 },
|
|
+ { "mprotect", 125 },
|
|
+ { "sigprocmask", 126 },
|
|
+ { "create_module", 127 },
|
|
+ { "init_module", 128 },
|
|
+ { "delete_module", 129 },
|
|
+ { "get_kernel_syms", 130 },
|
|
+ { "quotactl", 131 },
|
|
+ { "getpgid", 132 },
|
|
+ { "fchdir", 133 },
|
|
+ { "bdflush", 134 },
|
|
+ { "sysfs", 135 },
|
|
+ { "personality", 136 },
|
|
+ { "afs_syscall", 137 },
|
|
+ { "setfsuid", 138 },
|
|
+ { "setfsgid", 139 },
|
|
+ { "_llseek", 140 },
|
|
+ { "getdents", 141 },
|
|
+ { "_newselect", 142 },
|
|
+ { "flock", 143 },
|
|
+ { "msync", 144 },
|
|
+ { "readv", 145 },
|
|
+ { "writev", 146 },
|
|
+ { "getsid", 147 },
|
|
+ { "fdatasync", 148 },
|
|
+ { "_sysctl", 149 },
|
|
+ { "mlock", 150 },
|
|
+ { "munlock", 151 },
|
|
+ { "mlockall", 152 },
|
|
+ { "munlockall", 153 },
|
|
+ { "sched_setparam", 154 },
|
|
+ { "sched_getparam", 155 },
|
|
+ { "sched_setscheduler", 156 },
|
|
+ { "sched_getscheduler", 157 },
|
|
+ { "sched_yield", 158 },
|
|
+ { "sched_get_priority_max", 159 },
|
|
+ { "sched_get_priority_min", 160 },
|
|
+ { "sched_rr_get_interval", 161 },
|
|
+ { "nanosleep", 162 },
|
|
+ { "mremap", 163 },
|
|
+ { "setresuid", 164 },
|
|
+ { "getresuid", 165 },
|
|
+ { "query_module", 166 },
|
|
+ { "poll", 167 },
|
|
+ { "nfsservctl", 168 },
|
|
+ { "setresgid", 169 },
|
|
+ { "getresgid", 170 },
|
|
+ { "prctl", 171 },
|
|
+ { "rt_sigreturn", 172 },
|
|
+ { "rt_sigaction", 173 },
|
|
+ { "rt_sigprocmask", 174 },
|
|
+ { "rt_sigpending", 175 },
|
|
+ { "rt_sigtimedwait", 176 },
|
|
+ { "rt_sigqueueinfo", 177 },
|
|
+ { "rt_sigsuspend", 178 },
|
|
+ { "pread64", 179 },
|
|
+ { "pwrite64", 180 },
|
|
+ { "chown", 181 },
|
|
+ { "getcwd", 182 },
|
|
+ { "capget", 183 },
|
|
+ { "capset", 184 },
|
|
+ { "sigaltstack", 185 },
|
|
+ { "sendfile", 186 },
|
|
+ { "getpmsg", 187 },
|
|
+ { "putpmsg", 188 },
|
|
+ { "vfork", 189 },
|
|
+ { "ugetrlimit", 190 },
|
|
+ { "readahead", 191 },
|
|
+
|
|
+ { "pciconfig_read", 198 },
|
|
+ { "pciconfig_write", 199 },
|
|
+ { "pciconfig_iobase", 200 },
|
|
+ { "multiplexer", 201 },
|
|
+ { "getdents64", 202 },
|
|
+ { "pivot_root", 203 },
|
|
+ { "madvise", 205 },
|
|
+ { "mincore", 206 },
|
|
+ { "gettid", 207 },
|
|
+ { "tkill", 208 },
|
|
+ { "setxattr", 209 },
|
|
+ { "lsetxattr", 210 },
|
|
+ { "fsetxattr", 211 },
|
|
+ { "getxattr", 212 },
|
|
+ { "lgetxattr", 213 },
|
|
+ { "fgetxattr", 214 },
|
|
+ { "listxattr", 215 },
|
|
+ { "llistxattr", 216 },
|
|
+ { "flistxattr", 217 },
|
|
+ { "removexattr", 218 },
|
|
+ { "lremovexattr", 219 },
|
|
+ { "fremovexattr", 220 },
|
|
+ { "futex", 221 },
|
|
+ { "sched_setaffinity", 222 },
|
|
+ { "sched_getaffinity", 223 },
|
|
+ { "tuxcall", 225 },
|
|
+ { "io_setup", 227 },
|
|
+ { "io_destroy", 228 },
|
|
+ { "io_getevents", 229 },
|
|
+ { "io_submit", 230 },
|
|
+ { "io_cancel", 231 },
|
|
+ { "set_tid_address", 232 },
|
|
+ { "fadvise64", 233 },
|
|
+ { "exit_group", 234 },
|
|
+ { "lookup_dcookie", 235 },
|
|
+ { "epoll_create", 236 },
|
|
+ { "epoll_ctl", 237 },
|
|
+ { "epoll_wait", 238 },
|
|
+ { "remap_file_pages", 239 },
|
|
+ { "timer_create", 240 },
|
|
+ { "timer_settime", 241 },
|
|
+ { "timer_gettime", 242 },
|
|
+ { "timer_getoverrun", 243 },
|
|
+ { "timer_delete", 244 },
|
|
+ { "clock_settime", 245 },
|
|
+ { "clock_gettime", 246 },
|
|
+ { "clock_getres", 247 },
|
|
+ { "clock_nanosleep", 248 },
|
|
+ { "swapcontext", 249 },
|
|
+ { "tgkill", 250 },
|
|
+ { "utimes", 251 },
|
|
+ { "statfs64", 252 },
|
|
+ { "fstatfs64", 253 },
|
|
+ { "rtas", 255 },
|
|
+ { "sys_debug_setcontext", 256 },
|
|
+ { "migrate_pages", 258 },
|
|
+ { "mbind", 259 },
|
|
+ { "get_mempolicy", 260 },
|
|
+ { "set_mempolicy", 261 },
|
|
+ { "mq_open", 262 },
|
|
+ { "mq_unlink", 263 },
|
|
+ { "mq_timedsend", 264 },
|
|
+ { "mq_timedreceive", 265 },
|
|
+ { "mq_notify", 266 },
|
|
+ { "mq_getsetattr", 267 },
|
|
+ { "kexec_load", 268 },
|
|
+ { "add_key", 269 },
|
|
+ { "request_key", 270 },
|
|
+ { "keyctl", 271 },
|
|
+ { "waitid", 272 },
|
|
+ { "ioprio_set", 273 },
|
|
+ { "ioprio_get", 274 },
|
|
+ { "inotify_init", 275 },
|
|
+ { "inotify_add_watch", 276 },
|
|
+ { "inotify_rm_watch", 277 },
|
|
+ { "spu_run", 278 },
|
|
+ { "spu_create", 279 },
|
|
+ { "pselect6", 280 },
|
|
+ { "ppoll", 281 },
|
|
+ { "unshare", 282 },
|
|
+ { "splice", 283 },
|
|
+ { "tee", 284 },
|
|
+ { "vmsplice", 285 },
|
|
+ { "openat", 286 },
|
|
+ { "mkdirat", 287 },
|
|
+ { "mknodat", 288 },
|
|
+ { "fchownat", 289 },
|
|
+ { "futimesat", 290 },
|
|
+ { "newfstatat", 291 },
|
|
+ { "unlinkat", 292 },
|
|
+ { "renameat", 293 },
|
|
+ { "linkat", 294 },
|
|
+ { "symlinkat", 295 },
|
|
+ { "readlinkat", 296 },
|
|
+ { "fchmodat", 297 },
|
|
+ { "faccessat", 298 },
|
|
+ { "get_robust_list", 299 },
|
|
+ { "set_robust_list", 300 },
|
|
+ { "move_pages", 301 },
|
|
+ { "getcpu", 302 },
|
|
+ { "epoll_pwait", 303 },
|
|
+ { "utimensat", 304 },
|
|
+ { "signalfd", 305 },
|
|
+ { "timerfd_create", 306 },
|
|
+ { "eventfd", 307 },
|
|
+ { "sync_file_range2", 308 },
|
|
+ { "fallocate", 309 },
|
|
+ { "subpage_prot", 310 },
|
|
+ { "timerfd_settime", 311 },
|
|
+ { "timerfd_gettime", 312 },
|
|
+ { "signalfd4", 313 },
|
|
+ { "eventfd2", 314 },
|
|
+ { "epoll_create1", 315 },
|
|
+ { "dup3", 316 },
|
|
+ { "pipe2", 317 },
|
|
+ { "inotify_init1", 318 },
|
|
+ { "perf_event_open", 319 },
|
|
+ { "preadv", 320 },
|
|
+ { "pwritev", 321 },
|
|
+ { "rt_tgsigqueueinfo", 322 },
|
|
+ { "fanotify_init", 323 },
|
|
+ { "fanotify_mark", 324 },
|
|
+ { "prlimit64", 325 },
|
|
+ { "socket", 326 },
|
|
+ { "bind", 327 },
|
|
+ { "connect", 328 },
|
|
+ { "listen", 329 },
|
|
+ { "accept", 330 },
|
|
+ { "getsockname", 331 },
|
|
+ { "getpeername", 332 },
|
|
+ { "socketpair", 333 },
|
|
+ { "send", 334 },
|
|
+ { "sendto", 335 },
|
|
+ { "recv", 336 },
|
|
+ { "recvfrom", 337 },
|
|
+ { "shutdown", 338 },
|
|
+ { "setsockopt", 339 },
|
|
+ { "getsockopt", 340 },
|
|
+ { "sendmsg", 341 },
|
|
+ { "recvmsg", 342 },
|
|
+ { "recvmmsg", 343 },
|
|
+ { "accept4", 344 },
|
|
+ { "name_to_handle_at", 345 },
|
|
+ { "open_by_handle_at", 346 },
|
|
+ { "clock_adjtime", 347 },
|
|
+ { "syncfs", 348 },
|
|
+ { "sendmmsg", 349 },
|
|
+ { "setns", 350 },
|
|
+ { "process_vm_readv", 351 },
|
|
+ { "process_vm_writev", 352 },
|
|
+ { "finit_module", 353 },
|
|
+ { "kcmp", 354 },
|
|
+ { "sched_setattr", 355 },
|
|
+ { "sched_getattr", 356 },
|
|
+ {NULL, __NR_SCMP_ERROR},
|
|
+};
|
|
+
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall name to a number
|
|
+ * @param name the syscall name
|
|
+ *
|
|
+ * Resolve the given syscall name to the syscall number using the syscall table.
|
|
+ * Returns the syscall number on success, including negative pseudo syscall
|
|
+ * numbers; returns __NR_SCMP_ERROR on failure.
|
|
+ *
|
|
+ */
|
|
+int ppc64_syscall_resolve_name(const char *name)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = ppc64_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].name != NULL; iter++) {
|
|
+ if (strcmp(name, table[iter].name) == 0)
|
|
+ return table[iter].num;
|
|
+ }
|
|
+
|
|
+ return __NR_SCMP_ERROR;
|
|
+}
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall number to a name
|
|
+ * @param num the syscall number
|
|
+ *
|
|
+ * Resolve the given syscall number to the syscall name using the syscall table.
|
|
+ * Returns a pointer to the syscall name string on success, including pseudo
|
|
+ * syscall names; returns NULL on failure.
|
|
+ *
|
|
+ */
|
|
+const char *ppc64_syscall_resolve_num(int num)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = ppc64_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
|
|
+ if (num == table[iter].num)
|
|
+ return table[iter].name;
|
|
+ }
|
|
+
|
|
+ return NULL;
|
|
+}
|
|
Index: libseccomp-2.1.1/src/arch-ppc.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-ppc.c
|
|
@@ -0,0 +1,34 @@
|
|
+/**
|
|
+ * Enhanced Seccomp PowerPC64 Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <errno.h>
|
|
+#include <linux/audit.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-ppc.h"
|
|
+
|
|
+const struct arch_def arch_def_ppc = {
|
|
+ .token = SCMP_ARCH_PPC,
|
|
+ .token_bpf = AUDIT_ARCH_PPC,
|
|
+ .size = ARCH_SIZE_32,
|
|
+ .endian = ARCH_ENDIAN_BIG,
|
|
+};
|
|
Index: libseccomp-2.1.1/src/arch-ppc.h
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-ppc.h
|
|
@@ -0,0 +1,37 @@
|
|
+/**
|
|
+ * Enhanced Seccomp PowerPC64 Specific Code
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#ifndef _ARCH_PPC_H
|
|
+#define _ARCH_PPC_H
|
|
+
|
|
+#include <inttypes.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "system.h"
|
|
+
|
|
+#define ppc_arg_count_max 6
|
|
+
|
|
+extern const struct arch_def arch_def_ppc;
|
|
+
|
|
+int ppc_syscall_resolve_name(const char *name);
|
|
+const char *ppc_syscall_resolve_num(int num);
|
|
+
|
|
+#endif
|
|
Index: libseccomp-2.1.1/src/arch-ppc-syscalls.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libseccomp-2.1.1/src/arch-ppc-syscalls.c
|
|
@@ -0,0 +1,433 @@
|
|
+/**
|
|
+ * Enhanced Seccomp PowerPC64 Syscall Table
|
|
+ *
|
|
+ * Copyright (c) 2014 SUSE <meissner@suse.de>
|
|
+ * Author: Marcus Meissner <meissner@suse.de>
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This library is free software; you can redistribute it and/or modify it
|
|
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
+ * published by the Free Software Foundation.
|
|
+ *
|
|
+ * This library is distributed in the hope that it will be useful, but WITHOUT
|
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
+ * for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU Lesser General Public License
|
|
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
+ */
|
|
+
|
|
+#include <string.h>
|
|
+
|
|
+#include <seccomp.h>
|
|
+
|
|
+#include "arch.h"
|
|
+#include "arch-ppc.h"
|
|
+
|
|
+/* NOTE: based on Linux 3.13 */
|
|
+
|
|
+static const struct arch_syscall_def ppc_syscall_table[] = { \
|
|
+ { "restart_syscall", 0 },
|
|
+ { "exit", 1 },
|
|
+ { "fork", 2 },
|
|
+ { "read", 3 },
|
|
+ { "write", 4 },
|
|
+ { "open", 5 },
|
|
+ { "close", 6 },
|
|
+ { "waitpid", 7 },
|
|
+ { "creat", 8 },
|
|
+ { "link", 9 },
|
|
+ { "unlink", 10 },
|
|
+ { "execve", 11 },
|
|
+ { "chdir", 12 },
|
|
+ { "time", 13 },
|
|
+ { "mknod", 14 },
|
|
+ { "chmod", 15 },
|
|
+ { "lchown", 16 },
|
|
+ { "break", 17 },
|
|
+ { "oldstat", 18 },
|
|
+ { "lseek", 19 },
|
|
+ { "getpid", 20 },
|
|
+ { "mount", 21 },
|
|
+ { "umount", 22 },
|
|
+ { "setuid", 23 },
|
|
+ { "getuid", 24 },
|
|
+ { "stime", 25 },
|
|
+ { "ptrace", 26 },
|
|
+ { "alarm", 27 },
|
|
+ { "oldfstat", 28 },
|
|
+ { "pause", 29 },
|
|
+ { "utime", 30 },
|
|
+ { "stty", 31 },
|
|
+ { "gtty", 32 },
|
|
+ { "access", 33 },
|
|
+ { "nice", 34 },
|
|
+ { "ftime", 35 },
|
|
+ { "sync", 36 },
|
|
+ { "kill", 37 },
|
|
+ { "rename", 38 },
|
|
+ { "mkdir", 39 },
|
|
+ { "rmdir", 40 },
|
|
+ { "dup", 41 },
|
|
+ { "pipe", 42 },
|
|
+ { "times", 43 },
|
|
+ { "prof", 44 },
|
|
+ { "brk", 45 },
|
|
+ { "setgid", 46 },
|
|
+ { "getgid", 47 },
|
|
+ { "signal", 48 },
|
|
+ { "geteuid", 49 },
|
|
+ { "getegid", 50 },
|
|
+ { "acct", 51 },
|
|
+ { "umount2", 52 },
|
|
+ { "lock", 53 },
|
|
+ { "ioctl", 54 },
|
|
+ { "fcntl", 55 },
|
|
+ { "mpx", 56 },
|
|
+ { "setpgid", 57 },
|
|
+ { "ulimit", 58 },
|
|
+ { "oldolduname", 59 },
|
|
+ { "umask", 60 },
|
|
+ { "chroot", 61 },
|
|
+ { "ustat", 62 },
|
|
+ { "dup2", 63 },
|
|
+ { "getppid", 64 },
|
|
+ { "getpgrp", 65 },
|
|
+ { "setsid", 66 },
|
|
+ { "sigaction", 67 },
|
|
+ { "sgetmask", 68 },
|
|
+ { "ssetmask", 69 },
|
|
+ { "setreuid", 70 },
|
|
+ { "setregid", 71 },
|
|
+ { "sigsuspend", 72 },
|
|
+ { "sigpending", 73 },
|
|
+ { "sethostname", 74 },
|
|
+ { "setrlimit", 75 },
|
|
+ { "getrlimit", 76 },
|
|
+ { "getrusage", 77 },
|
|
+ { "gettimeofday", 78 },
|
|
+ { "settimeofday", 79 },
|
|
+ { "getgroups", 80 },
|
|
+ { "setgroups", 81 },
|
|
+ { "select", 82 },
|
|
+ { "symlink", 83 },
|
|
+ { "oldlstat", 84 },
|
|
+ { "readlink", 85 },
|
|
+ { "uselib", 86 },
|
|
+ { "swapon", 87 },
|
|
+ { "reboot", 88 },
|
|
+ { "readdir", 89 },
|
|
+ { "mmap", 90 },
|
|
+ { "munmap", 91 },
|
|
+ { "truncate", 92 },
|
|
+ { "ftruncate", 93 },
|
|
+ { "fchmod", 94 },
|
|
+ { "fchown", 95 },
|
|
+ { "getpriority", 96 },
|
|
+ { "setpriority", 97 },
|
|
+ { "profil", 98 },
|
|
+ { "statfs", 99 },
|
|
+ { "fstatfs", 100 },
|
|
+ { "ioperm", 101 },
|
|
+ { "socketcall", 102 },
|
|
+ { "syslog", 103 },
|
|
+ { "setitimer", 104 },
|
|
+ { "getitimer", 105 },
|
|
+ { "stat", 106 },
|
|
+ { "lstat", 107 },
|
|
+ { "fstat", 108 },
|
|
+ { "olduname", 109 },
|
|
+ { "iopl", 110 },
|
|
+ { "vhangup", 111 },
|
|
+ { "idle", 112 },
|
|
+ { "vm86", 113 },
|
|
+ { "wait4", 114 },
|
|
+ { "swapoff", 115 },
|
|
+ { "sysinfo", 116 },
|
|
+ { "ipc", 117 },
|
|
+ { "fsync", 118 },
|
|
+ { "sigreturn", 119 },
|
|
+ { "clone", 120 },
|
|
+ { "setdomainname", 121 },
|
|
+ { "uname", 122 },
|
|
+ { "modify_ldt", 123 },
|
|
+ { "adjtimex", 124 },
|
|
+ { "mprotect", 125 },
|
|
+ { "sigprocmask", 126 },
|
|
+ { "create_module", 127 },
|
|
+ { "init_module", 128 },
|
|
+ { "delete_module", 129 },
|
|
+ { "get_kernel_syms", 130 },
|
|
+ { "quotactl", 131 },
|
|
+ { "getpgid", 132 },
|
|
+ { "fchdir", 133 },
|
|
+ { "bdflush", 134 },
|
|
+ { "sysfs", 135 },
|
|
+ { "personality", 136 },
|
|
+ { "afs_syscall", 137 },
|
|
+ { "setfsuid", 138 },
|
|
+ { "setfsgid", 139 },
|
|
+ { "_llseek", 140 },
|
|
+ { "getdents", 141 },
|
|
+ { "_newselect", 142 },
|
|
+ { "flock", 143 },
|
|
+ { "msync", 144 },
|
|
+ { "readv", 145 },
|
|
+ { "writev", 146 },
|
|
+ { "getsid", 147 },
|
|
+ { "fdatasync", 148 },
|
|
+ { "_sysctl", 149 },
|
|
+ { "mlock", 150 },
|
|
+ { "munlock", 151 },
|
|
+ { "mlockall", 152 },
|
|
+ { "munlockall", 153 },
|
|
+ { "sched_setparam", 154 },
|
|
+ { "sched_getparam", 155 },
|
|
+ { "sched_setscheduler", 156 },
|
|
+ { "sched_getscheduler", 157 },
|
|
+ { "sched_yield", 158 },
|
|
+ { "sched_get_priority_max", 159 },
|
|
+ { "sched_get_priority_min", 160 },
|
|
+ { "sched_rr_get_interval", 161 },
|
|
+ { "nanosleep", 162 },
|
|
+ { "mremap", 163 },
|
|
+ { "setresuid", 164 },
|
|
+ { "getresuid", 165 },
|
|
+ { "query_module", 166 },
|
|
+ { "poll", 167 },
|
|
+ { "nfsservctl", 168 },
|
|
+ { "setresgid", 169 },
|
|
+ { "getresgid", 170 },
|
|
+ { "prctl", 171 },
|
|
+ { "rt_sigreturn", 172 },
|
|
+ { "rt_sigaction", 173 },
|
|
+ { "rt_sigprocmask", 174 },
|
|
+ { "rt_sigpending", 175 },
|
|
+ { "rt_sigtimedwait", 176 },
|
|
+ { "rt_sigqueueinfo", 177 },
|
|
+ { "rt_sigsuspend", 178 },
|
|
+ { "pread64", 179 },
|
|
+ { "pwrite64", 180 },
|
|
+ { "chown", 181 },
|
|
+ { "getcwd", 182 },
|
|
+ { "capget", 183 },
|
|
+ { "capset", 184 },
|
|
+ { "sigaltstack", 185 },
|
|
+ { "sendfile", 186 },
|
|
+ { "getpmsg", 187 },
|
|
+ { "putpmsg", 188 },
|
|
+ { "vfork", 189 },
|
|
+ { "ugetrlimit", 190 },
|
|
+ { "readahead", 191 },
|
|
+ { "mmap2", 192 },
|
|
+ { "truncate64", 193 },
|
|
+ { "ftruncate64", 194 },
|
|
+ { "stat64", 195 },
|
|
+ { "lstat64", 196 },
|
|
+ { "fstat64", 197 },
|
|
+ { "pciconfig_read", 198 },
|
|
+ { "pciconfig_write", 199 },
|
|
+ { "pciconfig_iobase", 200 },
|
|
+ { "multiplexer", 201 },
|
|
+ { "getdents64", 202 },
|
|
+ { "pivot_root", 203 },
|
|
+ { "fcntl64", 204 },
|
|
+ { "madvise", 205 },
|
|
+ { "mincore", 206 },
|
|
+ { "gettid", 207 },
|
|
+ { "tkill", 208 },
|
|
+ { "setxattr", 209 },
|
|
+ { "lsetxattr", 210 },
|
|
+ { "fsetxattr", 211 },
|
|
+ { "getxattr", 212 },
|
|
+ { "lgetxattr", 213 },
|
|
+ { "fgetxattr", 214 },
|
|
+ { "listxattr", 215 },
|
|
+ { "llistxattr", 216 },
|
|
+ { "flistxattr", 217 },
|
|
+ { "removexattr", 218 },
|
|
+ { "lremovexattr", 219 },
|
|
+ { "fremovexattr", 220 },
|
|
+ { "futex", 221 },
|
|
+ { "sched_setaffinity", 222 },
|
|
+ { "sched_getaffinity", 223 },
|
|
+ { "tuxcall", 225 },
|
|
+ { "sendfile64", 226 },
|
|
+ { "io_setup", 227 },
|
|
+ { "io_destroy", 228 },
|
|
+ { "io_getevents", 229 },
|
|
+ { "io_submit", 230 },
|
|
+ { "io_cancel", 231 },
|
|
+ { "set_tid_address", 232 },
|
|
+ { "fadvise64", 233 },
|
|
+ { "exit_group", 234 },
|
|
+ { "lookup_dcookie", 235 },
|
|
+ { "epoll_create", 236 },
|
|
+ { "epoll_ctl", 237 },
|
|
+ { "epoll_wait", 238 },
|
|
+ { "remap_file_pages", 239 },
|
|
+ { "timer_create", 240 },
|
|
+ { "timer_settime", 241 },
|
|
+ { "timer_gettime", 242 },
|
|
+ { "timer_getoverrun", 243 },
|
|
+ { "timer_delete", 244 },
|
|
+ { "clock_settime", 245 },
|
|
+ { "clock_gettime", 246 },
|
|
+ { "clock_getres", 247 },
|
|
+ { "clock_nanosleep", 248 },
|
|
+ { "swapcontext", 249 },
|
|
+ { "tgkill", 250 },
|
|
+ { "utimes", 251 },
|
|
+ { "statfs64", 252 },
|
|
+ { "fstatfs64", 253 },
|
|
+ { "fadvise64_64", 254 },
|
|
+ { "rtas", 255 },
|
|
+ { "sys_debug_setcontext", 256 },
|
|
+ { "migrate_pages", 258 },
|
|
+ { "mbind", 259 },
|
|
+ { "get_mempolicy", 260 },
|
|
+ { "set_mempolicy", 261 },
|
|
+ { "mq_open", 262 },
|
|
+ { "mq_unlink", 263 },
|
|
+ { "mq_timedsend", 264 },
|
|
+ { "mq_timedreceive", 265 },
|
|
+ { "mq_notify", 266 },
|
|
+ { "mq_getsetattr", 267 },
|
|
+ { "kexec_load", 268 },
|
|
+ { "add_key", 269 },
|
|
+ { "request_key", 270 },
|
|
+ { "keyctl", 271 },
|
|
+ { "waitid", 272 },
|
|
+ { "ioprio_set", 273 },
|
|
+ { "ioprio_get", 274 },
|
|
+ { "inotify_init", 275 },
|
|
+ { "inotify_add_watch", 276 },
|
|
+ { "inotify_rm_watch", 277 },
|
|
+ { "spu_run", 278 },
|
|
+ { "spu_create", 279 },
|
|
+ { "pselect6", 280 },
|
|
+ { "ppoll", 281 },
|
|
+ { "unshare", 282 },
|
|
+ { "splice", 283 },
|
|
+ { "tee", 284 },
|
|
+ { "vmsplice", 285 },
|
|
+ { "openat", 286 },
|
|
+ { "mkdirat", 287 },
|
|
+ { "mknodat", 288 },
|
|
+ { "fchownat", 289 },
|
|
+ { "futimesat", 290 },
|
|
+ { "fstatat64", 291 },
|
|
+ { "unlinkat", 292 },
|
|
+ { "renameat", 293 },
|
|
+ { "linkat", 294 },
|
|
+ { "symlinkat", 295 },
|
|
+ { "readlinkat", 296 },
|
|
+ { "fchmodat", 297 },
|
|
+ { "faccessat", 298 },
|
|
+ { "get_robust_list", 299 },
|
|
+ { "set_robust_list", 300 },
|
|
+ { "move_pages", 301 },
|
|
+ { "getcpu", 302 },
|
|
+ { "epoll_pwait", 303 },
|
|
+ { "utimensat", 304 },
|
|
+ { "signalfd", 305 },
|
|
+ { "timerfd_create", 306 },
|
|
+ { "eventfd", 307 },
|
|
+ { "sync_file_range2", 308 },
|
|
+ { "fallocate", 309 },
|
|
+ { "subpage_prot", 310 },
|
|
+ { "timerfd_settime", 311 },
|
|
+ { "timerfd_gettime", 312 },
|
|
+ { "signalfd4", 313 },
|
|
+ { "eventfd2", 314 },
|
|
+ { "epoll_create1", 315 },
|
|
+ { "dup3", 316 },
|
|
+ { "pipe2", 317 },
|
|
+ { "inotify_init1", 318 },
|
|
+ { "perf_event_open", 319 },
|
|
+ { "preadv", 320 },
|
|
+ { "pwritev", 321 },
|
|
+ { "rt_tgsigqueueinfo", 322 },
|
|
+ { "fanotify_init", 323 },
|
|
+ { "fanotify_mark", 324 },
|
|
+ { "prlimit64", 325 },
|
|
+ { "socket", 326 },
|
|
+ { "bind", 327 },
|
|
+ { "connect", 328 },
|
|
+ { "listen", 329 },
|
|
+ { "accept", 330 },
|
|
+ { "getsockname", 331 },
|
|
+ { "getpeername", 332 },
|
|
+ { "socketpair", 333 },
|
|
+ { "send", 334 },
|
|
+ { "sendto", 335 },
|
|
+ { "recv", 336 },
|
|
+ { "recvfrom", 337 },
|
|
+ { "shutdown", 338 },
|
|
+ { "setsockopt", 339 },
|
|
+ { "getsockopt", 340 },
|
|
+ { "sendmsg", 341 },
|
|
+ { "recvmsg", 342 },
|
|
+ { "recvmmsg", 343 },
|
|
+ { "accept4", 344 },
|
|
+ { "name_to_handle_at", 345 },
|
|
+ { "open_by_handle_at", 346 },
|
|
+ { "clock_adjtime", 347 },
|
|
+ { "syncfs", 348 },
|
|
+ { "sendmmsg", 349 },
|
|
+ { "setns", 350 },
|
|
+ { "process_vm_readv", 351 },
|
|
+ { "process_vm_writev", 352 },
|
|
+ { "finit_module", 353 },
|
|
+ { "kcmp", 354 },
|
|
+ {NULL, __NR_SCMP_ERROR},
|
|
+};
|
|
+
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall name to a number
|
|
+ * @param name the syscall name
|
|
+ *
|
|
+ * Resolve the given syscall name to the syscall number using the syscall table.
|
|
+ * Returns the syscall number on success, including negative pseudo syscall
|
|
+ * numbers; returns __NR_SCMP_ERROR on failure.
|
|
+ *
|
|
+ */
|
|
+int ppc_syscall_resolve_name(const char *name)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = ppc_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].name != NULL; iter++) {
|
|
+ if (strcmp(name, table[iter].name) == 0)
|
|
+ return table[iter].num;
|
|
+ }
|
|
+
|
|
+ return __NR_SCMP_ERROR;
|
|
+}
|
|
+
|
|
+/**
|
|
+ * Resolve a syscall number to a name
|
|
+ * @param num the syscall number
|
|
+ *
|
|
+ * Resolve the given syscall number to the syscall name using the syscall table.
|
|
+ * Returns a pointer to the syscall name string on success, including pseudo
|
|
+ * syscall names; returns NULL on failure.
|
|
+ *
|
|
+ */
|
|
+const char *ppc_syscall_resolve_num(int num)
|
|
+{
|
|
+ unsigned int iter;
|
|
+ const struct arch_syscall_def *table = ppc_syscall_table;
|
|
+
|
|
+ /* XXX - plenty of room for future improvement here */
|
|
+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
|
|
+ if (num == table[iter].num)
|
|
+ return table[iter].name;
|
|
+ }
|
|
+
|
|
+ return NULL;
|
|
+}
|
|
Index: libseccomp-2.1.1/tools/scmp_sys_resolver.c
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/tools/scmp_sys_resolver.c
|
|
+++ libseccomp-2.1.1/tools/scmp_sys_resolver.c
|
|
@@ -31,6 +31,10 @@
|
|
#include "../src/arch-x86_64.h"
|
|
#include "../src/arch-x32.h"
|
|
#include "../src/arch-arm.h"
|
|
+#include "../src/arch-ppc.h"
|
|
+#include "../src/arch-ppc64.h"
|
|
+#include "../src/arch-s390.h"
|
|
+#include "../src/arch-s390x.h"
|
|
|
|
/**
|
|
* Print the usage information to stderr and exit
|
|
@@ -70,6 +74,14 @@ int main(int argc, char *argv[])
|
|
arch = &arch_def_x32;
|
|
else if (strcmp(optarg, "arm") == 0)
|
|
arch = &arch_def_arm;
|
|
+ else if (strcmp(optarg, "ppc") == 0)
|
|
+ arch = &arch_def_ppc;
|
|
+ else if (strcmp(optarg, "ppc64") == 0)
|
|
+ arch = &arch_def_ppc64;
|
|
+ else if (strcmp(optarg, "s390") == 0)
|
|
+ arch = &arch_def_s390;
|
|
+ else if (strcmp(optarg, "s390x") == 0)
|
|
+ arch = &arch_def_s390x;
|
|
else
|
|
exit_usage(argv[0]);
|
|
break;
|
|
Index: libseccomp-2.1.1/tests/23-sim-arch_all_basic.c
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.c
|
|
+++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.c
|
|
@@ -60,6 +60,30 @@ int main(int argc, char *argv[])
|
|
goto out;
|
|
}
|
|
|
|
+ if (seccomp_arch_exist(ctx, SCMP_ARCH_PPC)) {
|
|
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC);
|
|
+ if (rc != 0)
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ if (seccomp_arch_exist(ctx, SCMP_ARCH_PPC64)) {
|
|
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64);
|
|
+ if (rc != 0)
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ if (seccomp_arch_exist(ctx, SCMP_ARCH_S390)) {
|
|
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_S390);
|
|
+ if (rc != 0)
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ if (seccomp_arch_exist(ctx, SCMP_ARCH_S390X)) {
|
|
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_S390X);
|
|
+ if (rc != 0)
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
|
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
|
if (rc != 0)
|
|
Index: libseccomp-2.1.1/tests/23-sim-arch_all_basic.py
|
|
===================================================================
|
|
--- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.py
|
|
+++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.py
|
|
@@ -38,6 +38,14 @@ def test(args):
|
|
f.add_arch(Arch.X32)
|
|
if not f.exist_arch(Arch.ARM):
|
|
f.add_arch(Arch.ARM)
|
|
+ if not f.exist_arch(Arch.PPC):
|
|
+ f.add_arch(Arch.PPC)
|
|
+ if not f.exist_arch(Arch.PPC64):
|
|
+ f.add_arch(Arch.PPC64)
|
|
+ if not f.exist_arch(Arch.S390):
|
|
+ f.add_arch(Arch.S390)
|
|
+ if not f.exist_arch(Arch.S390X):
|
|
+ f.add_arch(Arch.S390X)
|
|
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|