Accepting request 311092 from security
1 OBS-URL: https://build.opensuse.org/request/show/311092 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libseccomp?expand=0&rev=12
This commit is contained in:
commit
a61c32a16b
@ -1,25 +0,0 @@
|
|||||||
From 7a7a83a24491f636d422e951f9e0547caaa68967 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paul Moore <pmoore@redhat.com>
|
|
||||||
Date: Fri, 13 Feb 2015 11:57:43 -0500
|
|
||||||
Subject: [PATCH] tools: add the missing elf.h header file
|
|
||||||
|
|
||||||
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
||||||
---
|
|
||||||
tools/util.h | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/tools/util.h b/tools/util.h
|
|
||||||
index 13ef59f..261320f 100644
|
|
||||||
--- a/tools/util.h
|
|
||||||
+++ b/tools/util.h
|
|
||||||
@@ -22,6 +22,7 @@
|
|
||||||
#ifndef _UTIL_H
|
|
||||||
#define _UTIL_H
|
|
||||||
|
|
||||||
+#include <elf.h>
|
|
||||||
#include <inttypes.h>
|
|
||||||
#include <linux/audit.h>
|
|
||||||
|
|
||||||
--
|
|
||||||
2.1.4
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10
|
|
||||||
size 516697
|
|
@ -1,21 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNED MESSAGE-----
|
|
||||||
Hash: SHA1
|
|
||||||
|
|
||||||
5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10 libseccomp-2.2.0.tar.gz
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v2
|
|
||||||
|
|
||||||
iQIcBAEBAgAGBQJU3Q+YAAoJEFXkWlroynyKWsMP/3H+nI7/PEdsxrwb3kNK+wS0
|
|
||||||
LEKguUufhizAhp2J+6POejqyapxj/ge+QWRR4EZlbXUBzK8Mlu0OCexW7ic20QR3
|
|
||||||
reua7B/Dg363fGyBpx9vWnI8/l7DUuxlz97sYvYFbBZ0XeOeLFc6bxic8SvYJLzT
|
|
||||||
5A5oyd7oESAFH99C83oIcoJOxJanZXALOEN3J5fd5HXVtnHa0gQ1JlaIAldiXBlX
|
|
||||||
VrhS9FmAzJ/hpqGG9kP7piaUvrqNZRkuj0KsB6Ty2hE43pV/FgEzoMcScAdMS1E2
|
|
||||||
9L+K6RXT0Dcv5pB6avMz37chXMcfginh/pl6PL3QG0130ivbv0VJKKjkI1JVTadp
|
|
||||||
mUIYx7kOjZO/ZrdsRrh6hzDg9+kNlmtaCnzne7O1dttnlPNbz09KDmxN+e5/i5kA
|
|
||||||
6Vss+09ruO9fLTnlepfDcPujrZ6sxbqn4qvNJQd1nqdencbZl5DYJsUJCa6sxL2t
|
|
||||||
i/7+xo1zKXtVaeeEgAYn9MrpxtKbganorP05RlY2ecDf7rX0/pUHVcXjKUUrWgGl
|
|
||||||
By+PnD0Rg6OELmbNpPhcgNgUEYzGKdOhKkYfL/IH29zSSUmuVqskpGoQH7HRd2vo
|
|
||||||
oNz4oRcGi4vGeQAkp6hHaRPNpP4kylRxv0HzLigkuwhIRUtrDZBQ/A+KB0vBWh8O
|
|
||||||
36DpNMxzhPTBM3qdCbNa
|
|
||||||
=mufN
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
libseccomp-2.2.1.tar.gz
Normal file
3
libseccomp-2.2.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:0ba1789f54786c644af54cdffc9fd0dd0a8bb2b2ee153933f658855d2851a740
|
||||||
|
size 520471
|
21
libseccomp-2.2.1.tar.gz.SHA256SUM.asc
Normal file
21
libseccomp-2.2.1.tar.gz.SHA256SUM.asc
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
-----BEGIN PGP SIGNED MESSAGE-----
|
||||||
|
Hash: SHA256
|
||||||
|
|
||||||
|
0ba1789f54786c644af54cdffc9fd0dd0a8bb2b2ee153933f658855d2851a740 libseccomp-2.2.1.tar.gz
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
iQIcBAEBCAAGBQJVU1U1AAoJEFXkWlroynyKbAQP/jULx5gNQx7UePtk+jSem8lG
|
||||||
|
tjwEZyrxUgk96xFkGp5Vonn10Hynj7h2+W4OicjbUtiu5k+jhzHADt9OtqqWugZq
|
||||||
|
bX6D4QdGXTsCYFvP2ocKzFztvi1lGdKcEegiRUVSbE1fWei+KViCPy2sStN94cOs
|
||||||
|
cLRj77bHBlYp0//RMUc6jSNjnKQeaZjeBtraGlZacJdoSma+v80jWuUz7T41WAR6
|
||||||
|
LotmsIMAKJFmKRHAt+2+W4Nq759IR2PpmY7UOwVjaWUydWJvir7lzjrunqbTwFWV
|
||||||
|
1nzQReN2C37o4lJGcuVg267VVuwNpIMsk2Qd0gbqsPCRQ1lKRsatUxu5rTdHApJ+
|
||||||
|
4H3dhY1Qw6RIdyj6AyJ0xtkZpWFbgYuaT0uY0jDGFOQAVd8rR08XApK57ON/h3O1
|
||||||
|
wGlr553z/7DdvSLJhkDIRc+kG+1PQ7oI/iiqMOy5q/dCRpRV4Hh/ZJXs9jisAynu
|
||||||
|
tDUnS6S/8ZwMAf2sjlrpjG92RKkW9DLegpiBeshF8I6k3h7tULYCDzyBsZjdo6kO
|
||||||
|
VbSdr6PQr5wuOuf+fVhAG5t6uHbiX3a7i08jsFOQKzBmdVYg+4KuRwKybpihmFvs
|
||||||
|
vrc6WvVqzRGUyTQBcZUK00aMGPfu+70/idTcBHn+xKuUczRBk7BX0gQYyRcp4ZJ0
|
||||||
|
hl03hK5IAoR6fqbTg5IJ
|
||||||
|
=ZQpd
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,179 +0,0 @@
|
|||||||
From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paul Moore <pmoore@redhat.com>
|
|
||||||
Date: Fri, 10 Apr 2015 10:31:04 -0400
|
|
||||||
Subject: [PATCH] arm: fix some problems with the syscall table
|
|
||||||
|
|
||||||
The 32-bit ARM syscall table mistakenly included syscall definitions
|
|
||||||
for the syscalls below. This patch redefines those syscalls to
|
|
||||||
libseccomp's pseudo-syscall numbers and corrects the
|
|
||||||
arch-syscall-validate to correctly list the 32-bit ARM syscalls.
|
|
||||||
|
|
||||||
* time
|
|
||||||
* umount
|
|
||||||
* stime
|
|
||||||
* alarm
|
|
||||||
* utime
|
|
||||||
* getrlimit
|
|
||||||
* select
|
|
||||||
* readdir
|
|
||||||
* mmap
|
|
||||||
* socketcall
|
|
||||||
* syscall
|
|
||||||
* ipc
|
|
||||||
|
|
||||||
Reported-by: Andreas Farber <afaerber@suse.de>
|
|
||||||
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
||||||
---
|
|
||||||
include/seccomp.h.in | 10 ++++++++++
|
|
||||||
src/arch-arm-syscalls.c | 24 ++++++++++++------------
|
|
||||||
src/arch-syscall-validate | 2 +-
|
|
||||||
3 files changed, 23 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
|
|
||||||
index 6a115d1..9a28e4a 100644
|
|
||||||
--- a/include/seccomp.h.in
|
|
||||||
+++ b/include/seccomp.h.in
|
|
||||||
@@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
|
|
||||||
#define __NR_utimes __PNR_utimes
|
|
||||||
#endif /* __NR_utimes */
|
|
||||||
|
|
||||||
+#define __PNR_getrlimit -10180
|
|
||||||
+#ifndef __NR_getrlimit
|
|
||||||
+#define __NR_getrlimit __PNR_getrlimit
|
|
||||||
+#endif /* __NR_utimes */
|
|
||||||
+
|
|
||||||
+#define __PNR_mmap -10181
|
|
||||||
+#ifndef __NR_mmap
|
|
||||||
+#define __NR_mmap __PNR_mmap
|
|
||||||
+#endif /* __NR_utimes */
|
|
||||||
+
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
|
|
||||||
index 8876135..b574ccc 100644
|
|
||||||
--- a/src/arch-arm-syscalls.c
|
|
||||||
+++ b/src/arch-arm-syscalls.c
|
|
||||||
@@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "add_key", (__NR_SYSCALL_BASE + 309) },
|
|
||||||
{ "adjtimex", (__NR_SYSCALL_BASE + 124) },
|
|
||||||
{ "afs_syscall", __PNR_afs_syscall },
|
|
||||||
- { "alarm", (__NR_SYSCALL_BASE + 27) },
|
|
||||||
+ { "alarm", __PNR_alarm },
|
|
||||||
{ "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) },
|
|
||||||
{ "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) },
|
|
||||||
{ "arch_prctl", __PNR_arch_prctl },
|
|
||||||
@@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "getresgid32", (__NR_SYSCALL_BASE + 211) },
|
|
||||||
{ "getresuid", (__NR_SYSCALL_BASE + 165) },
|
|
||||||
{ "getresuid32", (__NR_SYSCALL_BASE + 209) },
|
|
||||||
- { "getrlimit", (__NR_SYSCALL_BASE + 76) },
|
|
||||||
+ { "getrlimit", __PNR_getrlimit },
|
|
||||||
{ "getrusage", (__NR_SYSCALL_BASE + 77) },
|
|
||||||
{ "getsid", (__NR_SYSCALL_BASE + 147) },
|
|
||||||
{ "getsockname", (__NR_SYSCALL_BASE + 286) },
|
|
||||||
@@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "iopl", __PNR_iopl },
|
|
||||||
{ "ioprio_get", (__NR_SYSCALL_BASE + 315) },
|
|
||||||
{ "ioprio_set", (__NR_SYSCALL_BASE + 314) },
|
|
||||||
- { "ipc", (__NR_SYSCALL_BASE + 117) },
|
|
||||||
+ { "ipc", __PNR_ipc },
|
|
||||||
{ "kcmp", (__NR_SYSCALL_BASE + 378) },
|
|
||||||
{ "kexec_file_load", __PNR_kexec_file_load },
|
|
||||||
{ "kexec_load", (__NR_SYSCALL_BASE + 347) },
|
|
||||||
@@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "mknodat", (__NR_SYSCALL_BASE + 324) },
|
|
||||||
{ "mlock", (__NR_SYSCALL_BASE + 150) },
|
|
||||||
{ "mlockall", (__NR_SYSCALL_BASE + 152) },
|
|
||||||
- { "mmap", (__NR_SYSCALL_BASE + 90) },
|
|
||||||
+ { "mmap", __PNR_mmap },
|
|
||||||
{ "mmap2", (__NR_SYSCALL_BASE + 192) },
|
|
||||||
{ "modify_ldt", __PNR_modify_ldt },
|
|
||||||
{ "mount", (__NR_SYSCALL_BASE + 21) },
|
|
||||||
@@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "quotactl", (__NR_SYSCALL_BASE + 131) },
|
|
||||||
{ "read", (__NR_SYSCALL_BASE + 3) },
|
|
||||||
{ "readahead", (__NR_SYSCALL_BASE + 225) },
|
|
||||||
- { "readdir", (__NR_SYSCALL_BASE + 89) },
|
|
||||||
+ { "readdir", __PNR_readdir },
|
|
||||||
{ "readlink", (__NR_SYSCALL_BASE + 85) },
|
|
||||||
{ "readlinkat", (__NR_SYSCALL_BASE + 332) },
|
|
||||||
{ "readv", (__NR_SYSCALL_BASE + 145) },
|
|
||||||
@@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "sched_yield", (__NR_SYSCALL_BASE + 158) },
|
|
||||||
{ "seccomp", (__NR_SYSCALL_BASE + 383) },
|
|
||||||
{ "security", __PNR_security },
|
|
||||||
- { "select", (__NR_SYSCALL_BASE + 82) },
|
|
||||||
+ { "select", __PNR_select },
|
|
||||||
{ "semctl", (__NR_SYSCALL_BASE + 300) },
|
|
||||||
{ "semget", (__NR_SYSCALL_BASE + 299) },
|
|
||||||
{ "semop", (__NR_SYSCALL_BASE + 298) },
|
|
||||||
@@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "sigreturn", (__NR_SYSCALL_BASE + 119) },
|
|
||||||
{ "sigsuspend", (__NR_SYSCALL_BASE + 72) },
|
|
||||||
{ "socket", (__NR_SYSCALL_BASE + 281) },
|
|
||||||
- { "socketcall", (__NR_SYSCALL_BASE + 102) },
|
|
||||||
+ { "socketcall", __PNR_socketcall },
|
|
||||||
{ "socketpair", (__NR_SYSCALL_BASE + 288) },
|
|
||||||
{ "splice", (__NR_SYSCALL_BASE + 340) },
|
|
||||||
{ "ssetmask", __PNR_ssetmask },
|
|
||||||
@@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "stat64", (__NR_SYSCALL_BASE + 195) },
|
|
||||||
{ "statfs", (__NR_SYSCALL_BASE + 99) },
|
|
||||||
{ "statfs64", (__NR_SYSCALL_BASE + 266) },
|
|
||||||
- { "stime", (__NR_SYSCALL_BASE + 25) },
|
|
||||||
+ { "stime", __PNR_stime },
|
|
||||||
{ "stty", __PNR_stty },
|
|
||||||
{ "swapoff", (__NR_SYSCALL_BASE + 115) },
|
|
||||||
{ "swapon", (__NR_SYSCALL_BASE + 87) },
|
|
||||||
@@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "sync_file_range", __PNR_sync_file_range },
|
|
||||||
{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
|
|
||||||
{ "syncfs", (__NR_SYSCALL_BASE + 373) },
|
|
||||||
- { "syscall", (__NR_SYSCALL_BASE + 113) },
|
|
||||||
+ { "syscall", __PNR_syscall },
|
|
||||||
{ "sysfs", (__NR_SYSCALL_BASE + 135) },
|
|
||||||
{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
|
|
||||||
{ "syslog", (__NR_SYSCALL_BASE + 103) },
|
|
||||||
{ "sysmips", __PNR_sysmips },
|
|
||||||
{ "tee", (__NR_SYSCALL_BASE + 342) },
|
|
||||||
{ "tgkill", (__NR_SYSCALL_BASE + 268) },
|
|
||||||
- { "time", (__NR_SYSCALL_BASE + 13) },
|
|
||||||
+ { "time", __PNR_time },
|
|
||||||
{ "timer_create", (__NR_SYSCALL_BASE + 257) },
|
|
||||||
{ "timer_delete", (__NR_SYSCALL_BASE + 261) },
|
|
||||||
{ "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
|
|
||||||
@@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "ugetrlimit", (__NR_SYSCALL_BASE + 191) },
|
|
||||||
{ "ulimit", __PNR_ulimit },
|
|
||||||
{ "umask", (__NR_SYSCALL_BASE + 60) },
|
|
||||||
- { "umount", (__NR_SYSCALL_BASE + 22) },
|
|
||||||
+ { "umount", __PNR_umount },
|
|
||||||
{ "umount2", (__NR_SYSCALL_BASE + 52) },
|
|
||||||
{ "uname", (__NR_SYSCALL_BASE + 122) },
|
|
||||||
{ "unlink", (__NR_SYSCALL_BASE + 10) },
|
|
||||||
@@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
|
|
||||||
{ "unshare", (__NR_SYSCALL_BASE + 337) },
|
|
||||||
{ "uselib", (__NR_SYSCALL_BASE + 86) },
|
|
||||||
{ "ustat", (__NR_SYSCALL_BASE + 62) },
|
|
||||||
- { "utime", (__NR_SYSCALL_BASE + 30) },
|
|
||||||
+ { "utime", __PNR_utime },
|
|
||||||
{ "utimensat", (__NR_SYSCALL_BASE + 348) },
|
|
||||||
{ "utimes", (__NR_SYSCALL_BASE + 269) },
|
|
||||||
{ "vfork", (__NR_SYSCALL_BASE + 190) },
|
|
||||||
diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
|
|
||||||
index 2cbf696..1616c9f 100755
|
|
||||||
--- a/src/arch-syscall-validate
|
|
||||||
+++ b/src/arch-syscall-validate
|
|
||||||
@@ -146,7 +146,7 @@ function dump_lib_x32() {
|
|
||||||
#
|
|
||||||
function dump_sys_arm() {
|
|
||||||
# NOTE: arm_sync_file_range() and sync_file_range2() share values
|
|
||||||
- cat $1/arch/arm/include/uapi/asm/unistd.h | \
|
|
||||||
+ gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \
|
|
||||||
grep "^#define __NR_" | sort | \
|
|
||||||
grep -v "^#define __NR_OABI_SYSCALL_BASE" | \
|
|
||||||
grep -v "^#define __NR_SYSCALL_BASE" | \
|
|
||||||
--
|
|
||||||
2.1.4
|
|
||||||
|
|
@ -1,8 +1,67 @@
|
|||||||
Index: libseccomp-2.2.0/include/seccomp.h.in
|
---
|
||||||
|
include/seccomp.h | 24 ++++++++++++++++++++++++
|
||||||
|
include/seccomp.h.in | 4 ++++
|
||||||
|
src/arch-ppc64-syscalls.c | 13 +++++++++++++
|
||||||
|
src/arch-ppc64.c | 11 +++++++----
|
||||||
|
src/arch-ppc64.h | 12 ++----------
|
||||||
|
src/arch-syscall-dump.c | 5 +++++
|
||||||
|
src/arch-syscall-validate | 37 ++++++++++++++++++++++++++++++++++++-
|
||||||
|
src/arch.c | 12 +++++++++++-
|
||||||
|
src/gen_pfc.c | 2 ++
|
||||||
|
tests/16-sim-arch_basic.c | 3 +++
|
||||||
|
tests/16-sim-arch_basic.py | 2 ++
|
||||||
|
tests/23-sim-arch_all_le_basic.c | 3 +++
|
||||||
|
tests/23-sim-arch_all_le_basic.py | 1 +
|
||||||
|
tests/26-sim-arch_all_be_basic.c | 3 +++
|
||||||
|
tests/26-sim-arch_all_be_basic.py | 1 +
|
||||||
|
tests/regression | 4 ++--
|
||||||
|
tools/scmp_arch_detect.c | 3 +++
|
||||||
|
tools/scmp_bpf_disasm.c | 4 ++++
|
||||||
|
tools/scmp_bpf_sim.c | 10 ++++++----
|
||||||
|
tools/util.c | 4 +++-
|
||||||
|
tools/util.h | 4 ++++
|
||||||
|
21 files changed, 139 insertions(+), 23 deletions(-)
|
||||||
|
|
||||||
|
Index: libseccomp-2.2.1/include/seccomp.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/include/seccomp.h.in
|
--- libseccomp-2.2.1.orig/include/seccomp.h
|
||||||
+++ libseccomp-2.2.0/include/seccomp.h.in
|
+++ libseccomp-2.2.1/include/seccomp.h
|
||||||
@@ -169,6 +169,10 @@ struct scmp_arg_cmp {
|
@@ -163,6 +163,30 @@ struct scmp_arg_cmp {
|
||||||
|
#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
|
||||||
|
|
||||||
|
/**
|
||||||
|
+ * The S390X architecture token
|
||||||
|
+ */
|
||||||
|
+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * The S390 architecture token
|
||||||
|
+ */
|
||||||
|
+#define SCMP_ARCH_S390 AUDIT_ARCH_S390
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * The PowerPC architecture token
|
||||||
|
+ */
|
||||||
|
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * The PowerPC64 architecture token
|
||||||
|
+ */
|
||||||
|
+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
|
||||||
|
+#ifndef AUDIT_ARCH_PPC64LE
|
||||||
|
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
||||||
|
+#endif
|
||||||
|
+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
* Convert a syscall name into the associated syscall number
|
||||||
|
* @param x the syscall name
|
||||||
|
*/
|
||||||
|
Index: libseccomp-2.2.1/include/seccomp.h.in
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/include/seccomp.h.in
|
||||||
|
+++ libseccomp-2.2.1/include/seccomp.h.in
|
||||||
|
@@ -181,6 +181,10 @@ struct scmp_arg_cmp {
|
||||||
* The PowerPC64 architecture token
|
* The PowerPC64 architecture token
|
||||||
*/
|
*/
|
||||||
#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
|
#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
|
||||||
@ -13,10 +72,31 @@ Index: libseccomp-2.2.0/include/seccomp.h.in
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert a syscall name into the associated syscall number
|
* Convert a syscall name into the associated syscall number
|
||||||
Index: libseccomp-2.2.0/src/arch-ppc64.c
|
Index: libseccomp-2.2.1/src/arch-ppc64-syscalls.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/src/arch-ppc64.c
|
--- libseccomp-2.2.1.orig/src/arch-ppc64-syscalls.c
|
||||||
+++ libseccomp-2.2.0/src/arch-ppc64.c
|
+++ libseccomp-2.2.1/src/arch-ppc64-syscalls.c
|
||||||
|
@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
+/**
|
||||||
|
+ * Iterate through the syscall table and return the syscall name
|
||||||
|
+ * @param spot the offset into the syscall table
|
||||||
|
+ *
|
||||||
|
+ * Return the syscall name at position @spot or NULL on failure. This function
|
||||||
|
+ * should only ever be used internally by libseccomp.
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+const char *ppc64_syscall_iterate_name(unsigned int spot)
|
||||||
|
+{
|
||||||
|
+ /* XXX - no safety checks here */
|
||||||
|
+ return ppc64_syscall_table[spot].name;
|
||||||
|
+}
|
||||||
|
Index: libseccomp-2.2.1/src/arch-ppc64.c
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/src/arch-ppc64.c
|
||||||
|
+++ libseccomp-2.2.1/src/arch-ppc64.c
|
||||||
@@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = {
|
@@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = {
|
||||||
.token = SCMP_ARCH_PPC64,
|
.token = SCMP_ARCH_PPC64,
|
||||||
.token_bpf = AUDIT_ARCH_PPC64,
|
.token_bpf = AUDIT_ARCH_PPC64,
|
||||||
@ -34,10 +114,10 @@ Index: libseccomp-2.2.0/src/arch-ppc64.c
|
|||||||
+ .size = ARCH_SIZE_64,
|
+ .size = ARCH_SIZE_64,
|
||||||
+ .endian = ARCH_ENDIAN_LITTLE,
|
+ .endian = ARCH_ENDIAN_LITTLE,
|
||||||
};
|
};
|
||||||
Index: libseccomp-2.2.0/src/arch-ppc64.h
|
Index: libseccomp-2.2.1/src/arch-ppc64.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/src/arch-ppc64.h
|
--- libseccomp-2.2.1.orig/src/arch-ppc64.h
|
||||||
+++ libseccomp-2.2.0/src/arch-ppc64.h
|
+++ libseccomp-2.2.1/src/arch-ppc64.h
|
||||||
@@ -27,19 +27,11 @@
|
@@ -27,19 +27,11 @@
|
||||||
#include "arch.h"
|
#include "arch.h"
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
@ -60,10 +140,102 @@ Index: libseccomp-2.2.0/src/arch-ppc64.h
|
|||||||
|
|
||||||
+const char *ppc64_syscall_iterate_name(unsigned int spot);
|
+const char *ppc64_syscall_iterate_name(unsigned int spot);
|
||||||
#endif
|
#endif
|
||||||
Index: libseccomp-2.2.0/src/arch.c
|
Index: libseccomp-2.2.1/src/arch-syscall-dump.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/src/arch.c
|
--- libseccomp-2.2.1.orig/src/arch-syscall-dump.c
|
||||||
+++ libseccomp-2.2.0/src/arch.c
|
+++ libseccomp-2.2.1/src/arch-syscall-dump.c
|
||||||
|
@@ -38,6 +38,7 @@
|
||||||
|
#include "arch-mips64.h"
|
||||||
|
#include "arch-mips64n32.h"
|
||||||
|
#include "arch-aarch64.h"
|
||||||
|
+#include "arch-ppc64.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Print the usage information to stderr and exit
|
||||||
|
@@ -112,6 +113,10 @@ int main(int argc, char *argv[])
|
||||||
|
case SCMP_ARCH_AARCH64:
|
||||||
|
sys_name = aarch64_syscall_iterate_name(iter);
|
||||||
|
break;
|
||||||
|
+ case SCMP_ARCH_PPC64:
|
||||||
|
+ case SCMP_ARCH_PPC64LE:
|
||||||
|
+ sys_name = ppc64_syscall_iterate_name(iter);
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
/* invalid arch */
|
||||||
|
exit_usage(argv[0]);
|
||||||
|
Index: libseccomp-2.2.1/src/arch-syscall-validate
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/src/arch-syscall-validate
|
||||||
|
+++ libseccomp-2.2.1/src/arch-syscall-validate
|
||||||
|
@@ -317,6 +317,35 @@ function dump_lib_mips64n32() {
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
+# Dump the ppc64 system syscall table
|
||||||
|
+#
|
||||||
|
+# Arguments:
|
||||||
|
+# 1 path to the kernel source
|
||||||
|
+#
|
||||||
|
+# Dump the architecture's syscall table to stdout.
|
||||||
|
+#
|
||||||
|
+function dump_sys_ppc64() {
|
||||||
|
+ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \
|
||||||
|
+ grep "^#define __NR_" | sort | \
|
||||||
|
+ grep -v "^#define __NR_O32_" | \
|
||||||
|
+ grep -v "^#define __NR_N32_" | \
|
||||||
|
+ grep -v "^#define __NR_64_" | \
|
||||||
|
+ grep -v "^#define __NR_Linux" | \
|
||||||
|
+ grep -v "^#define __NR_unused" | \
|
||||||
|
+ grep -v "^#define __NR_reserved" | \
|
||||||
|
+ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/'
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Dump the ppc64 library syscall table
|
||||||
|
+#
|
||||||
|
+# Dump the library's syscall table to stdout.
|
||||||
|
+#
|
||||||
|
+function dump_lib_ppc64() {
|
||||||
|
+ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
# Dump the system syscall table
|
||||||
|
#
|
||||||
|
# Arguments:
|
||||||
|
@@ -351,6 +380,9 @@ function dump_sys() {
|
||||||
|
mips64n32)
|
||||||
|
dump_sys_mips64n32 "$2"
|
||||||
|
;;
|
||||||
|
+ ppc64)
|
||||||
|
+ dump_sys_ppc64 "$2"
|
||||||
|
+ ;;
|
||||||
|
*)
|
||||||
|
echo ""
|
||||||
|
;;
|
||||||
|
@@ -391,6 +423,9 @@ function dump_lib() {
|
||||||
|
mips64n32)
|
||||||
|
dump_lib_mips64n32 "$2"
|
||||||
|
;;
|
||||||
|
+ ppc64)
|
||||||
|
+ dump_lib_ppc64 "$2"
|
||||||
|
+ ;;
|
||||||
|
*)
|
||||||
|
echo ""
|
||||||
|
;;
|
||||||
|
@@ -427,7 +462,7 @@ shift $(($OPTIND - 1))
|
||||||
|
|
||||||
|
# defaults
|
||||||
|
if [[ $arches == "" ]]; then
|
||||||
|
- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
|
||||||
|
+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# sanity checks
|
||||||
|
Index: libseccomp-2.2.1/src/arch.c
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/src/arch.c
|
||||||
|
+++ libseccomp-2.2.1/src/arch.c
|
||||||
@@ -82,8 +82,10 @@ const struct arch_def *arch_def_native =
|
@@ -82,8 +82,10 @@ const struct arch_def *arch_def_native =
|
||||||
const struct arch_def *arch_def_native = &arch_def_s390;
|
const struct arch_def *arch_def_native = &arch_def_s390;
|
||||||
#elif __s390x__
|
#elif __s390x__
|
||||||
@ -112,10 +284,10 @@ Index: libseccomp-2.2.0/src/arch.c
|
|||||||
return ppc64_syscall_resolve_num(num);
|
return ppc64_syscall_resolve_num(num);
|
||||||
case SCMP_ARCH_PPC:
|
case SCMP_ARCH_PPC:
|
||||||
return ppc_syscall_resolve_num(num);
|
return ppc_syscall_resolve_num(num);
|
||||||
Index: libseccomp-2.2.0/src/gen_pfc.c
|
Index: libseccomp-2.2.1/src/gen_pfc.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/src/gen_pfc.c
|
--- libseccomp-2.2.1.orig/src/gen_pfc.c
|
||||||
+++ libseccomp-2.2.0/src/gen_pfc.c
|
+++ libseccomp-2.2.1/src/gen_pfc.c
|
||||||
@@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc
|
@@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc
|
||||||
return "ppc";
|
return "ppc";
|
||||||
case SCMP_ARCH_PPC64:
|
case SCMP_ARCH_PPC64:
|
||||||
@ -125,10 +297,104 @@ Index: libseccomp-2.2.0/src/gen_pfc.c
|
|||||||
default:
|
default:
|
||||||
return "UNKNOWN";
|
return "UNKNOWN";
|
||||||
}
|
}
|
||||||
Index: libseccomp-2.2.0/tools/scmp_arch_detect.c
|
Index: libseccomp-2.2.1/tests/16-sim-arch_basic.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c
|
--- libseccomp-2.2.1.orig/tests/16-sim-arch_basic.c
|
||||||
+++ libseccomp-2.2.0/tools/scmp_arch_detect.c
|
+++ libseccomp-2.2.1/tests/16-sim-arch_basic.c
|
||||||
|
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
|
||||||
|
rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
|
||||||
|
if (rc != 0)
|
||||||
|
goto out;
|
||||||
|
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
|
||||||
|
+ if (rc != 0)
|
||||||
|
+ goto out;
|
||||||
|
|
||||||
|
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
||||||
|
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
||||||
|
Index: libseccomp-2.2.1/tests/16-sim-arch_basic.py
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tests/16-sim-arch_basic.py
|
||||||
|
+++ libseccomp-2.2.1/tests/16-sim-arch_basic.py
|
||||||
|
@@ -39,6 +39,8 @@ def test(args):
|
||||||
|
f.add_arch(Arch("mipsel"))
|
||||||
|
f.add_arch(Arch("mipsel64"))
|
||||||
|
f.add_arch(Arch("mipsel64n32"))
|
||||||
|
+ f.add_arch(Arch("ppc64"))
|
||||||
|
+ f.add_arch(Arch("ppc64le"))
|
||||||
|
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
||||||
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
||||||
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|
||||||
|
Index: libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.c
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tests/23-sim-arch_all_le_basic.c
|
||||||
|
+++ libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.c
|
||||||
|
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
|
||||||
|
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
|
||||||
|
if (rc != 0)
|
||||||
|
goto out;
|
||||||
|
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
|
||||||
|
+ if (rc != 0)
|
||||||
|
+ goto out;
|
||||||
|
|
||||||
|
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
||||||
|
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
||||||
|
Index: libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.py
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tests/23-sim-arch_all_le_basic.py
|
||||||
|
+++ libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.py
|
||||||
|
@@ -39,6 +39,7 @@ def test(args):
|
||||||
|
f.add_arch(Arch("mipsel"))
|
||||||
|
f.add_arch(Arch("mipsel64"))
|
||||||
|
f.add_arch(Arch("mipsel64n32"))
|
||||||
|
+ f.add_arch(Arch("ppc64le"))
|
||||||
|
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
||||||
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
||||||
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|
||||||
|
Index: libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.c
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tests/26-sim-arch_all_be_basic.c
|
||||||
|
+++ libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.c
|
||||||
|
@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
|
||||||
|
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
|
||||||
|
if (rc != 0)
|
||||||
|
goto out;
|
||||||
|
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
|
||||||
|
+ if (rc != 0)
|
||||||
|
+ goto out;
|
||||||
|
|
||||||
|
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
||||||
|
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
||||||
|
Index: libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.py
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tests/26-sim-arch_all_be_basic.py
|
||||||
|
+++ libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.py
|
||||||
|
@@ -33,6 +33,7 @@ def test(args):
|
||||||
|
f.add_arch(Arch("mips"))
|
||||||
|
f.add_arch(Arch("mips64"))
|
||||||
|
f.add_arch(Arch("mips64n32"))
|
||||||
|
+ f.add_arch(Arch("ppc64"))
|
||||||
|
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
||||||
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
||||||
|
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|
||||||
|
Index: libseccomp-2.2.1/tests/regression
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tests/regression
|
||||||
|
+++ libseccomp-2.2.1/tests/regression
|
||||||
|
@@ -21,8 +21,8 @@
|
||||||
|
# along with this library; if not, see <http://www.gnu.org/licenses>.
|
||||||
|
#
|
||||||
|
|
||||||
|
-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
|
||||||
|
-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
|
||||||
|
+GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le"
|
||||||
|
+GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64"
|
||||||
|
|
||||||
|
GLBL_SYS_ARCH="../tools/scmp_arch_detect"
|
||||||
|
GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
|
||||||
|
Index: libseccomp-2.2.1/tools/scmp_arch_detect.c
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tools/scmp_arch_detect.c
|
||||||
|
+++ libseccomp-2.2.1/tools/scmp_arch_detect.c
|
||||||
@@ -111,6 +111,9 @@ int main(int argc, char *argv[])
|
@@ -111,6 +111,9 @@ int main(int argc, char *argv[])
|
||||||
case SCMP_ARCH_PPC64:
|
case SCMP_ARCH_PPC64:
|
||||||
printf("ppc64\n");
|
printf("ppc64\n");
|
||||||
@ -139,10 +405,25 @@ Index: libseccomp-2.2.0/tools/scmp_arch_detect.c
|
|||||||
default:
|
default:
|
||||||
printf("unknown\n");
|
printf("unknown\n");
|
||||||
}
|
}
|
||||||
Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c
|
Index: libseccomp-2.2.1/tools/scmp_bpf_disasm.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c
|
--- libseccomp-2.2.1.orig/tools/scmp_bpf_disasm.c
|
||||||
+++ libseccomp-2.2.0/tools/scmp_bpf_sim.c
|
+++ libseccomp-2.2.1/tools/scmp_bpf_disasm.c
|
||||||
|
@@ -334,6 +334,10 @@ int main(int argc, char *argv[])
|
||||||
|
arch = AUDIT_ARCH_MIPS64N32;
|
||||||
|
else if (strcmp(optarg, "mipsel64n32") == 0)
|
||||||
|
arch = AUDIT_ARCH_MIPSEL64N32;
|
||||||
|
+ else if (strcmp(optarg, "ppc64") == 0)
|
||||||
|
+ arch = AUDIT_ARCH_PPC64;
|
||||||
|
+ else if (strcmp(optarg, "ppc64le") == 0)
|
||||||
|
+ arch = AUDIT_ARCH_PPC64LE;
|
||||||
|
else
|
||||||
|
exit_usage(argv[0]);
|
||||||
|
break;
|
||||||
|
Index: libseccomp-2.2.1/tools/scmp_bpf_sim.c
|
||||||
|
===================================================================
|
||||||
|
--- libseccomp-2.2.1.orig/tools/scmp_bpf_sim.c
|
||||||
|
+++ libseccomp-2.2.1/tools/scmp_bpf_sim.c
|
||||||
@@ -250,13 +250,15 @@ int main(int argc, char *argv[])
|
@@ -250,13 +250,15 @@ int main(int argc, char *argv[])
|
||||||
else if (strcmp(optarg, "mipsel64n32") == 0)
|
else if (strcmp(optarg, "mipsel64n32") == 0)
|
||||||
arch = AUDIT_ARCH_MIPSEL64N32;
|
arch = AUDIT_ARCH_MIPSEL64N32;
|
||||||
@ -163,10 +444,10 @@ Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c
|
|||||||
else
|
else
|
||||||
exit_fault(EINVAL);
|
exit_fault(EINVAL);
|
||||||
break;
|
break;
|
||||||
Index: libseccomp-2.2.0/tools/util.c
|
Index: libseccomp-2.2.1/tools/util.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/tools/util.c
|
--- libseccomp-2.2.1.orig/tools/util.c
|
||||||
+++ libseccomp-2.2.0/tools/util.c
|
+++ libseccomp-2.2.1/tools/util.c
|
||||||
@@ -66,8 +66,10 @@
|
@@ -66,8 +66,10 @@
|
||||||
#define ARCH_NATIVE AUDIT_ARCH_S390
|
#define ARCH_NATIVE AUDIT_ARCH_S390
|
||||||
#elif __s390x__
|
#elif __s390x__
|
||||||
@ -179,47 +460,12 @@ Index: libseccomp-2.2.0/tools/util.c
|
|||||||
#elif __powerpc__
|
#elif __powerpc__
|
||||||
#define ARCH_NATIVE AUDIT_ARCH_PPC
|
#define ARCH_NATIVE AUDIT_ARCH_PPC
|
||||||
#else
|
#else
|
||||||
Index: libseccomp-2.2.0/include/seccomp.h
|
Index: libseccomp-2.2.1/tools/util.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libseccomp-2.2.0.orig/include/seccomp.h
|
--- libseccomp-2.2.1.orig/tools/util.h
|
||||||
+++ libseccomp-2.2.0/include/seccomp.h
|
+++ libseccomp-2.2.1/tools/util.h
|
||||||
@@ -151,6 +151,30 @@ struct scmp_arg_cmp {
|
@@ -63,6 +63,10 @@
|
||||||
#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
|
__AUDIT_ARCH_CONVENTION_MIPS64_N32)
|
||||||
|
|
||||||
/**
|
|
||||||
+ * The S390X architecture token
|
|
||||||
+ */
|
|
||||||
+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
|
|
||||||
+
|
|
||||||
+/**
|
|
||||||
+ * The S390 architecture token
|
|
||||||
+ */
|
|
||||||
+#define SCMP_ARCH_S390 AUDIT_ARCH_S390
|
|
||||||
+
|
|
||||||
+/**
|
|
||||||
+ * The PowerPC architecture token
|
|
||||||
+ */
|
|
||||||
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
|
|
||||||
+
|
|
||||||
+/**
|
|
||||||
+ * The PowerPC64 architecture token
|
|
||||||
+ */
|
|
||||||
+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
|
|
||||||
+#ifndef AUDIT_ARCH_PPC64LE
|
|
||||||
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
|
||||||
+#endif
|
|
||||||
+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
|
|
||||||
+
|
|
||||||
+/**
|
|
||||||
* Convert a syscall name into the associated syscall number
|
|
||||||
* @param x the syscall name
|
|
||||||
*/
|
|
||||||
Index: libseccomp-2.2.0/tools/util.h
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tools/util.h
|
|
||||||
+++ libseccomp-2.2.0/tools/util.h
|
|
||||||
@@ -47,6 +47,10 @@
|
|
||||||
#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
+#ifndef AUDIT_ARCH_PPC64LE
|
+#ifndef AUDIT_ARCH_PPC64LE
|
||||||
@ -229,225 +475,3 @@ Index: libseccomp-2.2.0/tools/util.h
|
|||||||
extern uint32_t arch;
|
extern uint32_t arch;
|
||||||
|
|
||||||
void exit_usage(const char *program);
|
void exit_usage(const char *program);
|
||||||
Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.c
|
|
||||||
+++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c
|
|
||||||
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
|
|
||||||
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
|
|
||||||
if (rc != 0)
|
|
||||||
goto out;
|
|
||||||
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
|
|
||||||
+ if (rc != 0)
|
|
||||||
+ goto out;
|
|
||||||
|
|
||||||
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
|
||||||
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
|
||||||
Index: libseccomp-2.2.0/tests/16-sim-arch_basic.c
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.c
|
|
||||||
+++ libseccomp-2.2.0/tests/16-sim-arch_basic.c
|
|
||||||
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
|
|
||||||
rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
|
|
||||||
if (rc != 0)
|
|
||||||
goto out;
|
|
||||||
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
|
|
||||||
+ if (rc != 0)
|
|
||||||
+ goto out;
|
|
||||||
|
|
||||||
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
|
||||||
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
|
||||||
Index: libseccomp-2.2.0/src/arch-syscall-dump.c
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/src/arch-syscall-dump.c
|
|
||||||
+++ libseccomp-2.2.0/src/arch-syscall-dump.c
|
|
||||||
@@ -38,6 +38,7 @@
|
|
||||||
#include "arch-mips64.h"
|
|
||||||
#include "arch-mips64n32.h"
|
|
||||||
#include "arch-aarch64.h"
|
|
||||||
+#include "arch-ppc64.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Print the usage information to stderr and exit
|
|
||||||
@@ -112,6 +113,10 @@ int main(int argc, char *argv[])
|
|
||||||
case SCMP_ARCH_AARCH64:
|
|
||||||
sys_name = aarch64_syscall_iterate_name(iter);
|
|
||||||
break;
|
|
||||||
+ case SCMP_ARCH_PPC64:
|
|
||||||
+ case SCMP_ARCH_PPC64LE:
|
|
||||||
+ sys_name = ppc64_syscall_iterate_name(iter);
|
|
||||||
+ break;
|
|
||||||
default:
|
|
||||||
/* invalid arch */
|
|
||||||
exit_usage(argv[0]);
|
|
||||||
Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/src/arch-ppc64-syscalls.c
|
|
||||||
+++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c
|
|
||||||
@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in
|
|
||||||
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
+/**
|
|
||||||
+ * Iterate through the syscall table and return the syscall name
|
|
||||||
+ * @param spot the offset into the syscall table
|
|
||||||
+ *
|
|
||||||
+ * Return the syscall name at position @spot or NULL on failure. This function
|
|
||||||
+ * should only ever be used internally by libseccomp.
|
|
||||||
+ *
|
|
||||||
+ */
|
|
||||||
+const char *ppc64_syscall_iterate_name(unsigned int spot)
|
|
||||||
+{
|
|
||||||
+ /* XXX - no safety checks here */
|
|
||||||
+ return ppc64_syscall_table[spot].name;
|
|
||||||
+}
|
|
||||||
Index: libseccomp-2.2.0/tests/16-sim-arch_basic.py
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.py
|
|
||||||
+++ libseccomp-2.2.0/tests/16-sim-arch_basic.py
|
|
||||||
@@ -39,6 +39,8 @@ def test(args):
|
|
||||||
f.add_arch(Arch("mipsel"))
|
|
||||||
f.add_arch(Arch("mipsel64"))
|
|
||||||
f.add_arch(Arch("mipsel64n32"))
|
|
||||||
+ f.add_arch(Arch("ppc64"))
|
|
||||||
+ f.add_arch(Arch("ppc64le"))
|
|
||||||
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
|
||||||
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
|
||||||
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|
|
||||||
Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.py
|
|
||||||
+++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py
|
|
||||||
@@ -39,6 +39,7 @@ def test(args):
|
|
||||||
f.add_arch(Arch("mipsel"))
|
|
||||||
f.add_arch(Arch("mipsel64"))
|
|
||||||
f.add_arch(Arch("mipsel64n32"))
|
|
||||||
+ f.add_arch(Arch("ppc64le"))
|
|
||||||
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
|
||||||
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
|
||||||
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|
|
||||||
Index: libseccomp-2.2.0/tools/scmp_bpf_disasm.c
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tools/scmp_bpf_disasm.c
|
|
||||||
+++ libseccomp-2.2.0/tools/scmp_bpf_disasm.c
|
|
||||||
@@ -334,6 +334,10 @@ int main(int argc, char *argv[])
|
|
||||||
arch = AUDIT_ARCH_MIPS64N32;
|
|
||||||
else if (strcmp(optarg, "mipsel64n32") == 0)
|
|
||||||
arch = AUDIT_ARCH_MIPSEL64N32;
|
|
||||||
+ else if (strcmp(optarg, "ppc64") == 0)
|
|
||||||
+ arch = AUDIT_ARCH_PPC64;
|
|
||||||
+ else if (strcmp(optarg, "ppc64le") == 0)
|
|
||||||
+ arch = AUDIT_ARCH_PPC64LE;
|
|
||||||
else
|
|
||||||
exit_usage(argv[0]);
|
|
||||||
break;
|
|
||||||
Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.c
|
|
||||||
+++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c
|
|
||||||
@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
|
|
||||||
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
|
|
||||||
if (rc != 0)
|
|
||||||
goto out;
|
|
||||||
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
|
|
||||||
+ if (rc != 0)
|
|
||||||
+ goto out;
|
|
||||||
|
|
||||||
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
|
|
||||||
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
|
|
||||||
Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.py
|
|
||||||
+++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py
|
|
||||||
@@ -33,6 +33,7 @@ def test(args):
|
|
||||||
f.add_arch(Arch("mips"))
|
|
||||||
f.add_arch(Arch("mips64"))
|
|
||||||
f.add_arch(Arch("mips64n32"))
|
|
||||||
+ f.add_arch(Arch("ppc64"))
|
|
||||||
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
|
|
||||||
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
|
|
||||||
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
|
|
||||||
Index: libseccomp-2.2.0/src/arch-syscall-validate
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/src/arch-syscall-validate
|
|
||||||
+++ libseccomp-2.2.0/src/arch-syscall-validate
|
|
||||||
@@ -303,6 +303,35 @@ function dump_lib_mips64n32() {
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
+# Dump the ppc64 system syscall table
|
|
||||||
+#
|
|
||||||
+# Arguments:
|
|
||||||
+# 1 path to the kernel source
|
|
||||||
+#
|
|
||||||
+# Dump the architecture's syscall table to stdout.
|
|
||||||
+#
|
|
||||||
+function dump_sys_ppc64() {
|
|
||||||
+ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \
|
|
||||||
+ grep "^#define __NR_" | sort | \
|
|
||||||
+ grep -v "^#define __NR_O32_" | \
|
|
||||||
+ grep -v "^#define __NR_N32_" | \
|
|
||||||
+ grep -v "^#define __NR_64_" | \
|
|
||||||
+ grep -v "^#define __NR_Linux" | \
|
|
||||||
+ grep -v "^#define __NR_unused" | \
|
|
||||||
+ grep -v "^#define __NR_reserved" | \
|
|
||||||
+ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/'
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Dump the ppc64 library syscall table
|
|
||||||
+#
|
|
||||||
+# Dump the library's syscall table to stdout.
|
|
||||||
+#
|
|
||||||
+function dump_lib_ppc64() {
|
|
||||||
+ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
# Dump the system syscall table
|
|
||||||
#
|
|
||||||
# Arguments:
|
|
||||||
@@ -337,6 +366,9 @@ function dump_sys() {
|
|
||||||
mips64n32)
|
|
||||||
dump_sys_mips64n32 "$2"
|
|
||||||
;;
|
|
||||||
+ ppc64)
|
|
||||||
+ dump_sys_ppc64 "$2"
|
|
||||||
+ ;;
|
|
||||||
*)
|
|
||||||
echo ""
|
|
||||||
;;
|
|
||||||
@@ -377,6 +409,9 @@ function dump_lib() {
|
|
||||||
mips64n32)
|
|
||||||
dump_lib_mips64n32 "$2"
|
|
||||||
;;
|
|
||||||
+ ppc64)
|
|
||||||
+ dump_lib_ppc64 "$2"
|
|
||||||
+ ;;
|
|
||||||
*)
|
|
||||||
echo ""
|
|
||||||
;;
|
|
||||||
@@ -413,7 +448,7 @@ shift $(($OPTIND - 1))
|
|
||||||
|
|
||||||
# defaults
|
|
||||||
if [[ $arches == "" ]]; then
|
|
||||||
- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
|
|
||||||
+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# sanity checks
|
|
||||||
Index: libseccomp-2.2.0/tests/regression
|
|
||||||
===================================================================
|
|
||||||
--- libseccomp-2.2.0.orig/tests/regression
|
|
||||||
+++ libseccomp-2.2.0/tests/regression
|
|
||||||
@@ -21,8 +21,8 @@
|
|
||||||
# along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
#
|
|
||||||
|
|
||||||
-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
|
|
||||||
-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
|
|
||||||
+GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le"
|
|
||||||
+GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64"
|
|
||||||
|
|
||||||
GLBL_SYS_ARCH="../tools/scmp_arch_detect"
|
|
||||||
GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
|
|
||||||
|
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat May 30 10:20:06 UTC 2015 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 2.2.1
|
||||||
|
* Fix a problem with syscall argument filtering on 64-bit systems
|
||||||
|
* Fix some problems with the 32-bit ARM syscall table
|
||||||
|
- Drop 0001-tools-add-the-missing-elf.h-header-file.patch,
|
||||||
|
libseccomp-arm-syscall-fixes.patch
|
||||||
|
(applied upstream)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com
|
Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
|
|
||||||
Name: libseccomp
|
Name: libseccomp
|
||||||
%define lname libseccomp2
|
%define lname libseccomp2
|
||||||
Version: 2.2.0
|
Version: 2.2.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: An enhanced Seccomp (mode 2) helper library
|
Summary: An enhanced Seccomp (mode 2) helper library
|
||||||
License: LGPL-2.1
|
License: LGPL-2.1
|
||||||
@ -29,9 +29,7 @@ Url: http://github.com/seccomp
|
|||||||
Source: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz
|
Source: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz
|
||||||
Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz.SHA256SUM.asc
|
Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz.SHA256SUM.asc
|
||||||
Patch1: no-static.diff
|
Patch1: no-static.diff
|
||||||
Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch
|
|
||||||
Patch3: libseccomp-s390x-support.patch
|
Patch3: libseccomp-s390x-support.patch
|
||||||
Patch4: libseccomp-arm-syscall-fixes.patch
|
|
||||||
Patch5: libseccomp-ppc64le.patch
|
Patch5: libseccomp-ppc64le.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
@ -100,7 +98,7 @@ This subpackage contains debug utilities for the seccomp interface.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1
|
%patch -P 1 -P 3 -P 5 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -fi
|
autoreconf -fi
|
||||||
|
Loading…
Reference in New Issue
Block a user