diff --git a/0001-build-use-autotools-as-build-system.patch b/0001-build-use-autotools-as-build-system.patch deleted file mode 100644 index d16429d..0000000 --- a/0001-build-use-autotools-as-build-system.patch +++ /dev/null @@ -1,330 +0,0 @@ -From c22e0366049884637b6f92e0f39c0d6579c7ca1f Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Wed, 14 Nov 2012 21:30:16 +0100 -Subject: [PATCH] build: use autotools as build system - -Signed-off-by: Jan Engelhardt ---- - .gitignore | 25 +++++++++++++++++-------- - Makefile.am | 31 +++++++++++++++++++++++++++++++ - autogen.sh | 5 +++++ - configure.ac | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ - include/seccomp.h.in | 6 +++--- - libseccomp.pc.in | 9 +++++---- - m4/.gitignore | 2 ++ - src/Makefile.am | 16 ++++++++++++++++ - src/python/.gitignore | 5 +++-- - src/python/Makefile.am | 24 ++++++++++++++++++++++++ - src/python/setup.py | 2 +- - src/system.h | 4 ++-- - tests/Makefile.am | 44 ++++++++++++++++++++++++++++++++++++++++++++ - tools/Makefile.am | 9 +++++++++ - 14 files changed, 211 insertions(+), 20 deletions(-) - create mode 100644 Makefile.am - create mode 100755 autogen.sh - create mode 100644 configure.ac - create mode 100644 m4/.gitignore - create mode 100644 src/Makefile.am - create mode 100644 src/python/Makefile.am - create mode 100644 tests/Makefile.am - create mode 100644 tools/Makefile.am - -diff --git a/Makefile.am b/Makefile.am -new file mode 100644 -index 0000000..bf0a4ea ---- /dev/null -+++ b/Makefile.am -@@ -0,0 +1,31 @@ -+# -*- Makefile -*- -+ -+ACLOCAL_AMFLAGS = -I m4 -+SUBDIRS = src tools tests -+ -+pkgconfdir = ${libdir}/pkgconfig -+pkgconf_DATA = libseccomp.pc -+ -+nodist_include_HEADERS = include/seccomp.h -+ -+dist_man_MANS = \ -+ doc/man/man1/scmp_sys_resolver.1 \ -+ doc/man/man3/seccomp_arch_add.3 \ -+ doc/man/man3/seccomp_arch_exist.3 \ -+ doc/man/man3/seccomp_arch_native.3 \ -+ doc/man/man3/seccomp_arch_remove.3 \ -+ doc/man/man3/seccomp_attr_get.3 \ -+ doc/man/man3/seccomp_attr_set.3 \ -+ doc/man/man3/seccomp_export_bpf.3 \ -+ doc/man/man3/seccomp_export_pfc.3 \ -+ doc/man/man3/seccomp_init.3 \ -+ doc/man/man3/seccomp_load.3 \ -+ doc/man/man3/seccomp_merge.3 \ -+ doc/man/man3/seccomp_release.3 \ -+ doc/man/man3/seccomp_reset.3 \ -+ doc/man/man3/seccomp_rule_add.3 \ -+ doc/man/man3/seccomp_rule_add_exact.3 \ -+ doc/man/man3/seccomp_syscall_priority.3 \ -+ doc/man/man3/seccomp_syscall_resolve_name.3 \ -+ doc/man/man3/seccomp_syscall_resolve_name_arch.3 \ -+ doc/man/man3/seccomp_syscall_resolve_num_arch.3 -diff --git a/autogen.sh b/autogen.sh -new file mode 100755 -index 0000000..37e4b23 ---- /dev/null -+++ b/autogen.sh -@@ -0,0 +1,5 @@ -+#!/bin/sh -e -+ -+autoreconf -fi; -+rm -Rf autom4te.cache; -+# do not call configure - this is unexpected -diff --git a/configure.ac b/configure.ac -new file mode 100644 -index 0000000..fa7bd5b ---- /dev/null -+++ b/configure.ac -@@ -0,0 +1,49 @@ -+AC_INIT([libseccomp], [2.1.0]) -+AC_CONFIG_AUX_DIR([build-aux]) -+AC_CONFIG_HEADERS([configure.h]) -+AC_CONFIG_MACRO_DIR([m4]) -+AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax no-dist-gzip dist-xz]) -+AC_PROG_CC -+AM_PROG_CC_C_O -+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) -+m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) -+AC_DISABLE_STATIC -+LT_INIT -+ -+AC_CHECK_HEADER([linux/seccomp.h]) -+ -+AM_CPPFLAGS="-I\${top_srcdir}/include" -+AM_CFLAGS="-Wall" -+AM_LDFLAGS="-Wl,-z -Wl,relro" -+AC_SUBST([AM_CPPFLAGS]) -+AC_SUBST([AM_CFLAGS]) -+AC_SUBST([AM_LDFLAGS]) -+ -+VERSION_MAJOR="${VERSION%%.*}" -+VERSION_MINOR="${VERSION#*.}" -+VERSION_MICRO="${VERSION_MINOR#*.}" -+VERSION_MINOR="${VERSION_MINOR%%.*}" -+VERSION_MICRO="${VERSION_MICRO%%.*}" -+AC_SUBST([VERSION_MAJOR]) -+AC_SUBST([VERSION_MINOR]) -+AC_SUBST([VERSION_MICRO]) -+ -+dnl AC_ARG_ENABLE([python], -+dnl [AS_HELP_STRING([--enable-python], [build the python bindings, requires cython])]) -+enable_python=no -+AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) -+cython_ver=$(which cython >/dev/null 2>/dev/null && cython -V 2>&1 | cut -d' ' -f3) -+cython_maj=$(echo "$cython_ver" | cut -d'.' -f1) -+cython_min=$(echo "$cython_ver" | cut -d'.' -f2) -+AS_IF([test "$enable_python" = yes], [ -+ recent="" -+ AS_IF([test -n "$cython_maj" -a -n "$cython_min" && -+ ! test "$cython_maj" -eq 0 -a "$cython_min" -lt 16], [recent=yes]) -+ AS_IF([test -z "$recent"], [ -+ AC_MSG_ERROR([python bindings require cython 0.16 or higher]) -+ ]) -+]) -+ -+AC_CONFIG_FILES([Makefile src/Makefile src/python/Makefile tools/Makefile -+ tests/Makefile include/seccomp.h libseccomp.pc]) -+AC_OUTPUT -diff --git a/include/seccomp.h.in b/include/seccomp.h.in -index 7897cbf..e14c1f5 100644 ---- a/include/seccomp.h.in -+++ b/include/seccomp.h.in -@@ -35,9 +35,9 @@ extern "C" { - * version information - */ - --#define SCMP_VER_MAJOR %%VERSION_MAJOR%% --#define SCMP_VER_MINOR %%VERSION_MINOR%% --#define SCMP_VER_MICRO %%VERSION_MICRO%% -+#define SCMP_VER_MAJOR @VERSION_MAJOR@ -+#define SCMP_VER_MINOR @VERSION_MINOR@ -+#define SCMP_VER_MICRO @VERSION_MICRO@ - - /* - * types -diff --git a/libseccomp.pc.in b/libseccomp.pc.in -index c195831..a863351 100644 ---- a/libseccomp.pc.in -+++ b/libseccomp.pc.in -@@ -19,13 +19,14 @@ - # along with this library; if not, see . - # - --prefix=%%INSTALL_PREFIX%% --libdir=%%INSTALL_LIBDIR%% --includedir=${prefix}/include -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ - - Name: libseccomp - Description: The enhanced seccomp library - URL: http://libseccomp.sf.net --Version: %%VERSION_RELEASE%% -+Version: @PACKAGE_VERSION@ - Cflags: -I${includedir} - Libs: -L${libdir} -lseccomp -diff --git a/m4/.gitignore b/m4/.gitignore -new file mode 100644 -index 0000000..64d9bbc ---- /dev/null -+++ b/m4/.gitignore -@@ -0,0 +1,2 @@ -+/libtool.m4 -+/lt*.m4 -diff --git a/src/Makefile.am b/src/Makefile.am -new file mode 100644 -index 0000000..91b1519 ---- /dev/null -+++ b/src/Makefile.am -@@ -0,0 +1,16 @@ -+# -*- Makefile -*- -+ -+SUBDIRS = . -+if ENABLE_PYTHON -+SUBDIRS += python -+endif -+ -+lib_LTLIBRARIES = libseccomp.la -+ -+libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \ -+ arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \ -+ arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \ -+ \ -+ arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \ -+ db.h gen_bpf.h gen_pfc.h hash.h system.h -+libseccomp_la_LDFLAGS = -version-number 2:1:0 -diff --git a/src/python/Makefile.am b/src/python/Makefile.am -new file mode 100644 -index 0000000..400b354 ---- /dev/null -+++ b/src/python/Makefile.am -@@ -0,0 +1,24 @@ -+# -*- Makefile -*- -+ -+PYTHON = /usr/bin/env python -+pyverbose_0 = -q -+pyverbose_ = ${pyverbose_0} -+ -+PY_DISTUTILS = \ -+ VERSION_RELEASE="${VERSION_RELEASE}" \ -+ CFLAGS="-I\${top_srcdir}/include ${CFLAGS} ${CPPFLAGS}" \ -+ LDFLAGS="${LDFLAGS}" \ -+ ${PYTHON} ./setup.py -+PY_BUILD = ${PY_DISTUTILS} build ${pyverbose_${V}} -+PY_INSTALL = ${PY_DISTUTILS} install ${pyverbose_${V}} -+ -+all-local: python-build -+ -+python-build: ../libseccomp.la libseccomp.pxd seccomp.pyx -+ ${AM_V_GEN}${PY_DISTUTILS} build && touch $@ -+ -+install-exec-local: -+ ${PY_DISTUTILS} install --prefix=${DESTDIR}/${prefix} -+ -+clean-local: -+ rm -Rf python-build seccomp.c -diff --git a/src/python/setup.py b/src/python/setup.py -index 872642e..62ba24a 100644 ---- a/src/python/setup.py -+++ b/src/python/setup.py -@@ -40,6 +40,6 @@ setup( - cmdclass = {'build_ext': build_ext}, - ext_modules = [ - Extension("seccomp", ["seccomp.pyx"], -- extra_objects=["../libseccomp.a"]) -+ extra_objects=["../.libs/libseccomp.so"]) - ] - ) -diff --git a/src/system.h b/src/system.h -index cb14f65..11303cf 100644 ---- a/src/system.h -+++ b/src/system.h -@@ -25,9 +25,9 @@ - #include - #include - --#include -+#include "configure.h" - --#ifdef CONF_SYSINC_SECCOMP -+#ifdef HAVE_LINUX_SECCOMP_H - - /* system header file */ - #include -diff --git a/tests/Makefile.am b/tests/Makefile.am -new file mode 100644 -index 0000000..236abee ---- /dev/null -+++ b/tests/Makefile.am -@@ -0,0 +1,44 @@ -+# -*- Makefile -*- -+ -+AM_LDFLAGS = -static -+LDADD = util.la ../src/libseccomp.la -+ -+check_LTLIBRARIES = util.la -+util_la_SOURCES = util.c util.h -+util_la_LDFLAGS = -module -+ -+TESTS = regression -+ -+EXTRA_DIST = regression *.tests -+BUILT_SOURCES = 00-test.c -+ -+check_PROGRAMS = \ -+ 00-test \ -+ 01-sim-allow \ -+ 02-sim-basic \ -+ 03-sim-basic_chains \ -+ 04-sim-multilevel_chains \ -+ 05-sim-long_jumps \ -+ 06-sim-actions \ -+ 07-sim-db_bug_looping \ -+ 08-sim-subtree_checks \ -+ 09-sim-syscall_priority_pre \ -+ 10-sim-syscall_priority_post \ -+ 11-basic-basic_errors \ -+ 12-sim-basic_masked_ops \ -+ 13-basic-attrs \ -+ 14-sim-reset \ -+ 15-basic-resolver \ -+ 16-sim-arch_basic \ -+ 17-sim-arch_merge \ -+ 18-sim-basic_whitelist \ -+ 19-sim-missing_syscalls \ -+ 20-live-basic_die \ -+ 21-live-basic_allow \ -+ 22-sim-basic_chains_array \ -+ 23-sim-arch_all_basic \ -+ 24-live-arg_allow \ -+ 25-sim-multilevel_chains_adv -+ -+00-test.c: -+ if ! test -e $@; then echo "int main(void) { return 0; }" >$@; fi -diff --git a/tools/Makefile.am b/tools/Makefile.am -new file mode 100644 -index 0000000..ed74f39 ---- /dev/null -+++ b/tools/Makefile.am -@@ -0,0 +1,9 @@ -+# -*- Makefile -*- -+ -+bin_PROGRAMS = scmp_sys_resolver -+noinst_PROGRAMS = scmp_arch_detect scmp_bpf_disasm scmp_bpf_sim -+ -+scmp_sys_resolver_LDADD = ../src/libseccomp.la -+scmp_arch_detect_LDADD = ../src/libseccomp.la -+ -+EXTRA_DIST = bpf.h --- -1.8.2 - diff --git a/0001-tools-add-the-missing-elf.h-header-file.patch b/0001-tools-add-the-missing-elf.h-header-file.patch new file mode 100644 index 0000000..f12a6ea --- /dev/null +++ b/0001-tools-add-the-missing-elf.h-header-file.patch @@ -0,0 +1,25 @@ +From 7a7a83a24491f636d422e951f9e0547caaa68967 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Fri, 13 Feb 2015 11:57:43 -0500 +Subject: [PATCH] tools: add the missing elf.h header file + +Signed-off-by: Paul Moore +--- + tools/util.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/util.h b/tools/util.h +index 13ef59f..261320f 100644 +--- a/tools/util.h ++++ b/tools/util.h +@@ -22,6 +22,7 @@ + #ifndef _UTIL_H + #define _UTIL_H + ++#include + #include + #include + +-- +2.1.4 + diff --git a/libseccomp-2.1.1.tar.gz b/libseccomp-2.1.1.tar.gz deleted file mode 100644 index 57fada2..0000000 --- a/libseccomp-2.1.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8812c11e407c383f5ad6afb84a88e5a0224477bcfe8ff03f0c548e5abaac841c -size 113133 diff --git a/libseccomp-2.2.0.tar.gz b/libseccomp-2.2.0.tar.gz new file mode 100644 index 0000000..c3ce148 --- /dev/null +++ b/libseccomp-2.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10 +size 516697 diff --git a/libseccomp-2.2.0.tar.gz.SHA256SUM.asc b/libseccomp-2.2.0.tar.gz.SHA256SUM.asc new file mode 100644 index 0000000..a977813 --- /dev/null +++ b/libseccomp-2.2.0.tar.gz.SHA256SUM.asc @@ -0,0 +1,21 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10 libseccomp-2.2.0.tar.gz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAEBAgAGBQJU3Q+YAAoJEFXkWlroynyKWsMP/3H+nI7/PEdsxrwb3kNK+wS0 +LEKguUufhizAhp2J+6POejqyapxj/ge+QWRR4EZlbXUBzK8Mlu0OCexW7ic20QR3 +reua7B/Dg363fGyBpx9vWnI8/l7DUuxlz97sYvYFbBZ0XeOeLFc6bxic8SvYJLzT +5A5oyd7oESAFH99C83oIcoJOxJanZXALOEN3J5fd5HXVtnHa0gQ1JlaIAldiXBlX +VrhS9FmAzJ/hpqGG9kP7piaUvrqNZRkuj0KsB6Ty2hE43pV/FgEzoMcScAdMS1E2 +9L+K6RXT0Dcv5pB6avMz37chXMcfginh/pl6PL3QG0130ivbv0VJKKjkI1JVTadp +mUIYx7kOjZO/ZrdsRrh6hzDg9+kNlmtaCnzne7O1dttnlPNbz09KDmxN+e5/i5kA +6Vss+09ruO9fLTnlepfDcPujrZ6sxbqn4qvNJQd1nqdencbZl5DYJsUJCa6sxL2t +i/7+xo1zKXtVaeeEgAYn9MrpxtKbganorP05RlY2ecDf7rX0/pUHVcXjKUUrWgGl +By+PnD0Rg6OELmbNpPhcgNgUEYzGKdOhKkYfL/IH29zSSUmuVqskpGoQH7HRd2vo +oNz4oRcGi4vGeQAkp6hHaRPNpP4kylRxv0HzLigkuwhIRUtrDZBQ/A+KB0vBWh8O +36DpNMxzhPTBM3qdCbNa +=mufN +-----END PGP SIGNATURE----- diff --git a/libseccomp-s390x-support.patch b/libseccomp-s390x-support.patch index b2e6cf2..8cc347c 100644 --- a/libseccomp-s390x-support.patch +++ b/libseccomp-s390x-support.patch @@ -1,9 +1,34 @@ -Index: libseccomp-2.1.1/include/seccomp.h.in +From: meissner@suse.com +Date: 2014-07-04 14:06:57 CET + +--- + include/seccomp.h.in | 20 ++ + src/Makefile.am | 6 + src/arch-ppc-syscalls.c | 433 ++++++++++++++++++++++++++++++++++++++++++++++ + src/arch-ppc.c | 34 +++ + src/arch-ppc.h | 37 +++ + src/arch-ppc64-syscalls.c | 427 +++++++++++++++++++++++++++++++++++++++++++++ + src/arch-ppc64.c | 38 ++++ + src/arch-ppc64.h | 45 ++++ + src/arch-s390-syscalls.c | 400 ++++++++++++++++++++++++++++++++++++++++++ + src/arch-s390.c | 34 +++ + src/arch-s390.h | 37 +++ + src/arch-s390x-syscalls.c | 367 ++++++++++++++++++++++++++++++++++++++ + src/arch-s390x.c | 34 +++ + src/arch-s390x.h | 40 ++++ + src/arch.c | 36 +++ + src/gen_pfc.c | 8 + tools/scmp_arch_detect.c | 12 + + tools/scmp_bpf_sim.c | 8 + tools/util.c | 8 + 19 files changed, 2023 insertions(+), 1 deletion(-) + +Index: libseccomp-2.2.0/include/seccomp.h.in =================================================================== ---- libseccomp-2.1.1.orig/include/seccomp.h.in -+++ libseccomp-2.1.1/include/seccomp.h.in -@@ -122,6 +122,26 @@ struct scmp_arg_cmp { - #define SCMP_ARCH_ARM AUDIT_ARCH_ARM +--- libseccomp-2.2.0.orig/include/seccomp.h.in ++++ libseccomp-2.2.0/include/seccomp.h.in +@@ -151,6 +151,26 @@ struct scmp_arg_cmp { + #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32 /** + * The S390X architecture token @@ -29,1774 +54,27 @@ Index: libseccomp-2.1.1/include/seccomp.h.in * Convert a syscall name into the associated syscall number * @param x the syscall name */ -Index: libseccomp-2.1.1/src/arch.c +Index: libseccomp-2.2.0/src/Makefile.am =================================================================== ---- libseccomp-2.1.1.orig/src/arch.c -+++ libseccomp-2.1.1/src/arch.c -@@ -34,6 +34,10 @@ - #include "arch-x86_64.h" - #include "arch-x32.h" - #include "arch-arm.h" -+#include "arch-s390x.h" -+#include "arch-s390.h" -+#include "arch-ppc.h" -+#include "arch-ppc64.h" - #include "system.h" +--- libseccomp-2.2.0.orig/src/Makefile.am ++++ libseccomp-2.2.0/src/Makefile.am +@@ -30,7 +30,11 @@ SOURCES_ARCH = \ + arch-aarch64.h arch-aarch64.c arch-aarch64-syscalls.c \ + arch-mips.h arch-mips.c arch-mips-syscalls.c \ + arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \ +- arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c ++ arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \ ++ arch-s390.c arch-s390.h arch-s390-syscalls.c \ ++ arch-s390x.c arch-s390x.h arch-s390x-syscalls.c \ ++ arch-ppc.c arch-ppc.h arch-ppc-syscalls.c \ ++ arch-ppc64.c arch-ppc64.h arch-ppc64-syscalls.c - #if __i386__ -@@ -46,6 +50,14 @@ const struct arch_def *arch_def_native = - #endif /* __ILP32__ */ - #elif __arm__ - const struct arch_def *arch_def_native = &arch_def_arm; -+#elif __s390__ -+const struct arch_def *arch_def_native = &arch_def_s390; -+#elif __s390x__ -+const struct arch_def *arch_def_native = &arch_def_s390x; -+#elif __powerpc64__ -+const struct arch_def *arch_def_native = &arch_def_ppc64; -+#elif __powerpc__ -+const struct arch_def *arch_def_native = &arch_def_ppc; - #else - #error the arch code needs to know about your machine type - #endif /* machine type guess */ -@@ -64,6 +76,10 @@ int arch_valid(uint32_t arch) - case SCMP_ARCH_X86_64: - case SCMP_ARCH_X32: - case SCMP_ARCH_ARM: -+ case SCMP_ARCH_S390: -+ case SCMP_ARCH_S390X: -+ case SCMP_ARCH_PPC64: -+ case SCMP_ARCH_PPC: - return 0; - } - -@@ -88,6 +104,14 @@ const struct arch_def *arch_def_lookup(u - return &arch_def_x32; - case SCMP_ARCH_ARM: - return &arch_def_arm; -+ case SCMP_ARCH_S390: -+ return &arch_def_s390; -+ case SCMP_ARCH_S390X: -+ return &arch_def_s390x; -+ case SCMP_ARCH_PPC64: -+ return &arch_def_ppc64; -+ case SCMP_ARCH_PPC: -+ return &arch_def_ppc; - } - - return NULL; -@@ -112,6 +136,14 @@ int arch_arg_count_max(const struct arch - return x32_arg_count_max; - case SCMP_ARCH_ARM: - return arm_arg_count_max; -+ case SCMP_ARCH_S390: -+ return s390_arg_count_max; -+ case SCMP_ARCH_S390X: -+ return s390x_arg_count_max; -+ case SCMP_ARCH_PPC64: -+ return ppc64_arg_count_max; -+ case SCMP_ARCH_PPC: -+ return ppc_arg_count_max; - } - - return -EDOM; -@@ -130,6 +162,10 @@ int arch_arg_count_max(const struct arch - int arch_arg_offset_lo(const struct arch_def *arch, unsigned int arg) - { - switch (arch->token) { -+ case SCMP_ARCH_PPC64: -+ return ppc64_arg_offset_lo(arg); -+ case SCMP_ARCH_S390X: -+ return s390x_arg_offset_lo(arg); - case SCMP_ARCH_X86_64: - return x86_64_arg_offset_lo(arg); - default: -@@ -150,6 +186,10 @@ int arch_arg_offset_lo(const struct arch - int arch_arg_offset_hi(const struct arch_def *arch, unsigned int arg) - { - switch (arch->token) { -+ case SCMP_ARCH_PPC64: -+ return ppc64_arg_offset_hi(arg); -+ case SCMP_ARCH_S390X: -+ return s390x_arg_offset_hi(arg); - case SCMP_ARCH_X86_64: - return x86_64_arg_offset_hi(arg); - default: -@@ -178,6 +218,14 @@ int arch_syscall_resolve_name(const stru - return x32_syscall_resolve_name(name); - case SCMP_ARCH_ARM: - return arm_syscall_resolve_name(name); -+ case SCMP_ARCH_S390: -+ return s390_syscall_resolve_name(name); -+ case SCMP_ARCH_S390X: -+ return s390x_syscall_resolve_name(name); -+ case SCMP_ARCH_PPC64: -+ return ppc64_syscall_resolve_name(name); -+ case SCMP_ARCH_PPC: -+ return ppc_syscall_resolve_name(name); - } - - return __NR_SCMP_ERROR; -@@ -204,6 +252,14 @@ const char *arch_syscall_resolve_num(con - return x32_syscall_resolve_num(num); - case SCMP_ARCH_ARM: - return arm_syscall_resolve_num(num); -+ case SCMP_ARCH_S390: -+ return s390_syscall_resolve_num(num); -+ case SCMP_ARCH_S390X: -+ return s390x_syscall_resolve_num(num); -+ case SCMP_ARCH_PPC64: -+ return ppc64_syscall_resolve_num(num); -+ case SCMP_ARCH_PPC: -+ return ppc_syscall_resolve_num(num); - } - - return NULL; -Index: libseccomp-2.1.1/src/arch-s390x.c + SOURCES_GEN = \ + api.c system.h system.c \ +Index: libseccomp-2.2.0/src/arch-ppc-syscalls.c =================================================================== --- /dev/null -+++ libseccomp-2.1.1/src/arch-s390x.c -@@ -0,0 +1,34 @@ -+/** -+ * Enhanced Seccomp S390X Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+#include -+#include -+ -+#include "arch.h" -+#include "arch-s390x.h" -+ -+const struct arch_def arch_def_s390x = { -+ .token = SCMP_ARCH_S390X, -+ .token_bpf = AUDIT_ARCH_S390X, -+ .size = ARCH_SIZE_64, -+ .endian = ARCH_ENDIAN_BIG, -+}; -Index: libseccomp-2.1.1/src/arch-s390x.h -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-s390x.h -@@ -0,0 +1,40 @@ -+/** -+ * Enhanced Seccomp S390X Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#ifndef _ARCH_S390X_H -+#define _ARCH_S390X_H -+ -+#include -+ -+#include "arch.h" -+#include "system.h" -+ -+#define s390x_arg_count_max 6 -+ -+extern const struct arch_def arch_def_s390x; -+ -+#define s390x_arg_offset_lo(x) (arch_arg_offset(x) + 4) -+#define s390x_arg_offset_hi(x) (arch_arg_offset(x)) -+ -+int s390x_syscall_resolve_name(const char *name); -+const char *s390x_syscall_resolve_num(int num); -+ -+#endif -Index: libseccomp-2.1.1/src/arch-s390x-syscalls.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-s390x-syscalls.c -@@ -0,0 +1,367 @@ -+/** -+ * Enhanced Seccomp s390x Syscall Table -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+ -+#include -+ -+#include "arch.h" -+#include "arch-s390x.h" -+ -+/* NOTE: based on Linux 3.13 */ -+ -+static const struct arch_syscall_def s390x_syscall_table[] = { \ -+ { "exit", 1 }, -+ { "fork", 2 }, -+ { "read", 3 }, -+ { "write", 4 }, -+ { "open", 5 }, -+ { "close", 6 }, -+ { "restart_syscall", 7 }, -+ { "creat", 8 }, -+ { "link", 9 }, -+ { "unlink", 10 }, -+ { "execve", 11 }, -+ { "chdir", 12 }, -+ { "mknod", 14 }, -+ { "chmod", 15 }, -+ { "lseek", 19 }, -+ { "getpid", 20 }, -+ { "mount", 21 }, -+ { "umount", 22 }, -+ { "ptrace", 26 }, -+ { "alarm", 27 }, -+ { "pause", 29 }, -+ { "utime", 30 }, -+ { "access", 33 }, -+ { "nice", 34 }, -+ { "sync", 36 }, -+ { "kill", 37 }, -+ { "rename", 38 }, -+ { "mkdir", 39 }, -+ { "rmdir", 40 }, -+ { "dup", 41 }, -+ { "pipe", 42 }, -+ { "times", 43 }, -+ { "brk", 45 }, -+ { "signal", 48 }, -+ { "acct", 51 }, -+ { "umount2", 52 }, -+ { "ioctl", 54 }, -+ { "fcntl", 55 }, -+ { "setpgid", 57 }, -+ { "umask", 60 }, -+ { "chroot", 61 }, -+ { "ustat", 62 }, -+ { "dup2", 63 }, -+ { "getppid", 64 }, -+ { "getpgrp", 65 }, -+ { "setsid", 66 }, -+ { "sigaction", 67 }, -+ { "sigsuspend", 72 }, -+ { "sigpending", 73 }, -+ { "sethostname", 74 }, -+ { "setrlimit", 75 }, -+ { "getrusage", 77 }, -+ { "gettimeofday", 78 }, -+ { "settimeofday", 79 }, -+ { "symlink", 83 }, -+ { "readlink", 85 }, -+ { "uselib", 86 }, -+ { "swapon", 87 }, -+ { "reboot", 88 }, -+ { "readdir", 89 }, -+ { "mmap", 90 }, -+ { "munmap", 91 }, -+ { "truncate", 92 }, -+ { "ftruncate", 93 }, -+ { "fchmod", 94 }, -+ { "getpriority", 96 }, -+ { "setpriority", 97 }, -+ { "statfs", 99 }, -+ { "fstatfs", 100 }, -+ { "socketcall", 102 }, -+ { "syslog", 103 }, -+ { "setitimer", 104 }, -+ { "getitimer", 105 }, -+ { "stat", 106 }, -+ { "lstat", 107 }, -+ { "fstat", 108 }, -+ { "lookup_dcookie", 110 }, -+ { "vhangup", 111 }, -+ { "idle", 112 }, -+ { "wait4", 114 }, -+ { "swapoff", 115 }, -+ { "sysinfo", 116 }, -+ { "ipc", 117 }, -+ { "fsync", 118 }, -+ { "sigreturn", 119 }, -+ { "clone", 120 }, -+ { "setdomainname", 121 }, -+ { "uname", 122 }, -+ { "adjtimex", 124 }, -+ { "mprotect", 125 }, -+ { "sigprocmask", 126 }, -+ { "create_module", 127 }, -+ { "init_module", 128 }, -+ { "delete_module", 129 }, -+ { "get_kernel_syms", 130 }, -+ { "quotactl", 131 }, -+ { "getpgid", 132 }, -+ { "fchdir", 133 }, -+ { "bdflush", 134 }, -+ { "sysfs", 135 }, -+ { "personality", 136 }, -+ { "afs_syscall", 137 }, -+ { "getdents", 141 }, -+ { "flock", 143 }, -+ { "msync", 144 }, -+ { "readv", 145 }, -+ { "writev", 146 }, -+ { "getsid", 147 }, -+ { "fdatasync", 148 }, -+ { "_sysctl", 149 }, -+ { "mlock", 150 }, -+ { "munlock", 151 }, -+ { "mlockall", 152 }, -+ { "munlockall", 153 }, -+ { "sched_setparam", 154 }, -+ { "sched_getparam", 155 }, -+ { "sched_setscheduler", 156 }, -+ { "sched_getscheduler", 157 }, -+ { "sched_yield", 158 }, -+ { "sched_get_priority_max", 159 }, -+ { "sched_get_priority_min", 160 }, -+ { "sched_rr_get_interval", 161 }, -+ { "nanosleep", 162 }, -+ { "mremap", 163 }, -+ { "query_module", 167 }, -+ { "poll", 168 }, -+ { "nfsservctl", 169 }, -+ { "prctl", 172 }, -+ { "rt_sigreturn", 173 }, -+ { "rt_sigaction", 174 }, -+ { "rt_sigprocmask", 175 }, -+ { "rt_sigpending", 176 }, -+ { "rt_sigtimedwait", 177 }, -+ { "rt_sigqueueinfo", 178 }, -+ { "rt_sigsuspend", 179 }, -+ { "pread64", 180 }, -+ { "pwrite64", 181 }, -+ { "getcwd", 183 }, -+ { "capget", 184 }, -+ { "capset", 185 }, -+ { "sigaltstack", 186 }, -+ { "sendfile", 187 }, -+ { "getpmsg", 188 }, -+ { "putpmsg", 189 }, -+ { "vfork", 190 }, -+ { "pivot_root", 217 }, -+ { "mincore", 218 }, -+ { "madvise", 219 }, -+ { "getdents64", 220 }, -+ { "readahead", 222 }, -+ { "setxattr", 224 }, -+ { "lsetxattr", 225 }, -+ { "fsetxattr", 226 }, -+ { "getxattr", 227 }, -+ { "lgetxattr", 228 }, -+ { "fgetxattr", 229 }, -+ { "listxattr", 230 }, -+ { "llistxattr", 231 }, -+ { "flistxattr", 232 }, -+ { "removexattr", 233 }, -+ { "lremovexattr", 234 }, -+ { "fremovexattr", 235 }, -+ { "gettid", 236 }, -+ { "tkill", 237 }, -+ { "futex", 238 }, -+ { "sched_setaffinity", 239 }, -+ { "sched_getaffinity", 240 }, -+ { "tgkill", 241 }, -+ { "io_setup", 243 }, -+ { "io_destroy", 244 }, -+ { "io_getevents", 245 }, -+ { "io_submit", 246 }, -+ { "io_cancel", 247 }, -+ { "exit_group", 248 }, -+ { "epoll_create", 249 }, -+ { "epoll_ctl", 250 }, -+ { "epoll_wait", 251 }, -+ { "set_tid_address", 252 }, -+ { "fadvise64", 253 }, -+ { "timer_create", 254 }, -+ { "timer_settime", 255 }, -+ { "timer_gettime", 256 }, -+ { "timer_getoverrun", 257 }, -+ { "timer_delete", 258 }, -+ { "clock_settime", 259 }, -+ { "clock_gettime", 260 }, -+ { "clock_getres", 261 }, -+ { "clock_nanosleep", 262 }, -+ { "statfs64", 265 }, -+ { "fstatfs64", 266 }, -+ { "remap_file_pages", 267 }, -+ { "mq_open", 271 }, -+ { "mq_unlink", 272 }, -+ { "mq_timedsend", 273 }, -+ { "mq_timedreceive", 274 }, -+ { "mq_notify", 275 }, -+ { "mq_getsetattr", 276 }, -+ { "kexec_load", 277 }, -+ { "add_key", 278 }, -+ { "request_key", 279 }, -+ { "keyctl", 280 }, -+ { "waitid", 281 }, -+ { "ioprio_set", 282 }, -+ { "ioprio_get", 283 }, -+ { "inotify_init", 284 }, -+ { "inotify_add_watch", 285 }, -+ { "inotify_rm_watch", 286 }, -+ { "openat", 288 }, -+ { "mkdirat", 289 }, -+ { "mknodat", 290 }, -+ { "fchownat", 291 }, -+ { "futimesat", 292 }, -+ { "unlinkat", 294 }, -+ { "renameat", 295 }, -+ { "linkat", 296 }, -+ { "symlinkat", 297 }, -+ { "readlinkat", 298 }, -+ { "fchmodat", 299 }, -+ { "faccessat", 300 }, -+ { "pselect6", 301 }, -+ { "ppoll", 302 }, -+ { "unshare", 303 }, -+ { "set_robust_list", 304 }, -+ { "get_robust_list", 305 }, -+ { "splice", 306 }, -+ { "sync_file_range", 307 }, -+ { "tee", 308 }, -+ { "vmsplice", 309 }, -+ { "getcpu", 311 }, -+ { "epoll_pwait", 312 }, -+ { "utimes", 313 }, -+ { "fallocate", 314 }, -+ { "utimensat", 315 }, -+ { "signalfd", 316 }, -+ { "timerfd", 317 }, -+ { "eventfd", 318 }, -+ { "timerfd_create", 319 }, -+ { "timerfd_settime", 320 }, -+ { "timerfd_gettime", 321 }, -+ { "signalfd4", 322 }, -+ { "eventfd2", 323 }, -+ { "inotify_init1", 324 }, -+ { "pipe2", 325 }, -+ { "dup3", 326 }, -+ { "epoll_create1", 327 }, -+ { "preadv", 328 }, -+ { "pwritev", 329 }, -+ { "rt_tgsigqueueinfo", 330 }, -+ { "perf_event_open", 331 }, -+ { "fanotify_init", 332 }, -+ { "fanotify_mark", 333 }, -+ { "prlimit64", 334 }, -+ { "name_to_handle_at", 335 }, -+ { "open_by_handle_at", 336 }, -+ { "clock_adjtime", 337 }, -+ { "syncfs", 338 }, -+ { "setns", 339 }, -+ { "process_vm_readv", 340 }, -+ { "process_vm_writev", 341 }, -+ { "s390_runtime_instr", 342 }, -+ { "kcmp", 343 }, -+ { "finit_module", 344 }, -+ { "sched_setattr", 345 }, -+ { "sched_getattr", 346 }, -+ { "select", 142 }, -+ { "getrlimit", 191 }, -+ { "lchown", 198 }, -+ { "getuid", 199 }, -+ { "getgid", 200 }, -+ { "geteuid", 201 }, -+ { "getegid", 202 }, -+ { "setreuid", 203 }, -+ { "setregid", 204 }, -+ { "getgroups", 205 }, -+ { "setgroups", 206 }, -+ { "fchown", 207 }, -+ { "setresuid", 208 }, -+ { "getresuid", 209 }, -+ { "setresgid", 210 }, -+ { "getresgid", 211 }, -+ { "chown", 212 }, -+ { "setuid", 213 }, -+ { "setgid", 214 }, -+ { "setfsuid", 215 }, -+ { "setfsgid", 216 }, -+ { "newfstatat", 293 }, -+ -+ {NULL, __NR_SCMP_ERROR}, -+}; -+ -+ -+/** -+ * Resolve a syscall name to a number -+ * @param name the syscall name -+ * -+ * Resolve the given syscall name to the syscall number using the syscall table. -+ * Returns the syscall number on success, including negative pseudo syscall -+ * numbers; returns __NR_SCMP_ERROR on failure. -+ * -+ */ -+int s390x_syscall_resolve_name(const char *name) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = s390x_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].name != NULL; iter++) { -+ if (strcmp(name, table[iter].name) == 0) -+ return table[iter].num; -+ } -+ -+ return __NR_SCMP_ERROR; -+} -+ -+/** -+ * Resolve a syscall number to a name -+ * @param num the syscall number -+ * -+ * Resolve the given syscall number to the syscall name using the syscall table. -+ * Returns a pointer to the syscall name string on success, including pseudo -+ * syscall names; returns NULL on failure. -+ * -+ */ -+const char *s390x_syscall_resolve_num(int num) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = s390x_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { -+ if (num == table[iter].num) -+ return table[iter].name; -+ } -+ -+ return NULL; -+} -Index: libseccomp-2.1.1/src/gen_pfc.c -=================================================================== ---- libseccomp-2.1.1.orig/src/gen_pfc.c -+++ libseccomp-2.1.1/src/gen_pfc.c -@@ -57,6 +57,14 @@ static const char *_pfc_arch(const struc - return "x32"; - case SCMP_ARCH_ARM: - return "arm"; -+ case SCMP_ARCH_S390X: -+ return "s390x"; -+ case SCMP_ARCH_S390: -+ return "s390"; -+ case SCMP_ARCH_PPC: -+ return "ppc"; -+ case SCMP_ARCH_PPC64: -+ return "ppc64"; - default: - return "UNKNOWN"; - } -Index: libseccomp-2.1.1/src/Makefile -=================================================================== ---- libseccomp-2.1.1.orig/src/Makefile -+++ libseccomp-2.1.1/src/Makefile -@@ -42,6 +42,7 @@ OBJS = \ - arch-x86_64.o arch-x86_64-syscalls.o \ - arch-x32.o arch-x32-syscalls.o \ - arch-arm.o arch-arm-syscalls.o \ -+ arch-s390x.o arch-s390x-syscalls.o \ - hash.o \ - gen_pfc.o gen_bpf.o - -Index: libseccomp-2.1.1/tools/scmp_arch_detect.c -=================================================================== ---- libseccomp-2.1.1.orig/tools/scmp_arch_detect.c -+++ libseccomp-2.1.1/tools/scmp_arch_detect.c -@@ -78,6 +78,18 @@ int main(int argc, char *argv[]) - case SCMP_ARCH_ARM: - printf("arm\n"); - break; -+ case SCMP_ARCH_S390: -+ printf("s390\n"); -+ break; -+ case SCMP_ARCH_S390X: -+ printf("s390x\n"); -+ break; -+ case SCMP_ARCH_PPC: -+ printf("ppc\n"); -+ break; -+ case SCMP_ARCH_PPC64: -+ printf("ppc64\n"); -+ break; - default: - printf("unknown\n"); - } -Index: libseccomp-2.1.1/tools/scmp_bpf_sim.c -=================================================================== ---- libseccomp-2.1.1.orig/tools/scmp_bpf_sim.c -+++ libseccomp-2.1.1/tools/scmp_bpf_sim.c -@@ -239,6 +239,14 @@ int main(int argc, char *argv[]) - sys_data.arch = AUDIT_ARCH_X86_64; - else if (strcmp(optarg, "arm") == 0) - sys_data.arch = AUDIT_ARCH_ARM; -+ else if (strcmp(optarg, "s390") == 0) -+ sys_data.arch = AUDIT_ARCH_S390; -+ else if (strcmp(optarg, "s390x") == 0) -+ sys_data.arch = AUDIT_ARCH_S390X; -+ else if (strcmp(optarg, "ppc") == 0) -+ sys_data.arch = AUDIT_ARCH_PPC; -+ else if (strcmp(optarg, "ppc64") == 0) -+ sys_data.arch = AUDIT_ARCH_PPC64; - else - exit_fault(EINVAL); - break; -Index: libseccomp-2.1.1/src/Makefile.am -=================================================================== ---- libseccomp-2.1.1.orig/src/Makefile.am -+++ libseccomp-2.1.1/src/Makefile.am -@@ -9,8 +9,13 @@ lib_LTLIBRARIES = libseccomp.la - - libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \ - arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \ -- arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \ -+ arch-arm.c arch-arm-syscalls.c \ -+ arch-s390.c arch-s390-syscalls.c \ -+ arch-s390x.c arch-s390x-syscalls.c \ -+ arch-ppc.c arch-ppc-syscalls.c \ -+ arch-ppc64.c arch-ppc64-syscalls.c \ -+ db.c hash.c gen_pfc.c gen_bpf.c \ - \ -- arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \ -+ arch-arm.h arch-ppc.h arch-ppc64.h arch-s390x.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \ - db.h gen_bpf.h gen_pfc.h hash.h system.h - libseccomp_la_LDFLAGS = -version-number 2:1:0 -Index: libseccomp-2.1.1/src/arch-s390.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-s390.c -@@ -0,0 +1,34 @@ -+/** -+ * Enhanced Seccomp S390 Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+#include -+#include -+ -+#include "arch.h" -+#include "arch-s390.h" -+ -+const struct arch_def arch_def_s390 = { -+ .token = SCMP_ARCH_S390, -+ .token_bpf = AUDIT_ARCH_S390, -+ .size = ARCH_SIZE_32, -+ .endian = ARCH_ENDIAN_BIG, -+}; -Index: libseccomp-2.1.1/src/arch-s390.h -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-s390.h -@@ -0,0 +1,37 @@ -+/** -+ * Enhanced Seccomp S390 Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#ifndef _ARCH_S390_H -+#define _ARCH_S390_H -+ -+#include -+ -+#include "arch.h" -+#include "system.h" -+ -+#define s390_arg_count_max 6 -+ -+extern const struct arch_def arch_def_s390; -+ -+int s390_syscall_resolve_name(const char *name); -+const char *s390_syscall_resolve_num(int num); -+ -+#endif -Index: libseccomp-2.1.1/src/arch-s390-syscalls.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-s390-syscalls.c -@@ -0,0 +1,400 @@ -+/** -+ * Enhanced Seccomp s390 Syscall Table -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+ -+#include -+ -+#include "arch.h" -+#include "arch-s390.h" -+ -+/* NOTE: based on Linux 3.13 */ -+ -+static const struct arch_syscall_def s390_syscall_table[] = { \ -+ { "exit", 1 }, -+ { "fork", 2 }, -+ { "read", 3 }, -+ { "write", 4 }, -+ { "open", 5 }, -+ { "close", 6 }, -+ { "restart_syscall", 7 }, -+ { "creat", 8 }, -+ { "link", 9 }, -+ { "unlink", 10 }, -+ { "execve", 11 }, -+ { "chdir", 12 }, -+ { "mknod", 14 }, -+ { "chmod", 15 }, -+ { "lseek", 19 }, -+ { "getpid", 20 }, -+ { "mount", 21 }, -+ { "umount", 22 }, -+ { "ptrace", 26 }, -+ { "alarm", 27 }, -+ { "pause", 29 }, -+ { "utime", 30 }, -+ { "access", 33 }, -+ { "nice", 34 }, -+ { "sync", 36 }, -+ { "kill", 37 }, -+ { "rename", 38 }, -+ { "mkdir", 39 }, -+ { "rmdir", 40 }, -+ { "dup", 41 }, -+ { "pipe", 42 }, -+ { "times", 43 }, -+ { "brk", 45 }, -+ { "signal", 48 }, -+ { "acct", 51 }, -+ { "umount2", 52 }, -+ { "ioctl", 54 }, -+ { "fcntl", 55 }, -+ { "setpgid", 57 }, -+ { "umask", 60 }, -+ { "chroot", 61 }, -+ { "ustat", 62 }, -+ { "dup2", 63 }, -+ { "getppid", 64 }, -+ { "getpgrp", 65 }, -+ { "setsid", 66 }, -+ { "sigaction", 67 }, -+ { "sigsuspend", 72 }, -+ { "sigpending", 73 }, -+ { "sethostname", 74 }, -+ { "setrlimit", 75 }, -+ { "getrusage", 77 }, -+ { "gettimeofday", 78 }, -+ { "settimeofday", 79 }, -+ { "symlink", 83 }, -+ { "readlink", 85 }, -+ { "uselib", 86 }, -+ { "swapon", 87 }, -+ { "reboot", 88 }, -+ { "readdir", 89 }, -+ { "mmap", 90 }, -+ { "munmap", 91 }, -+ { "truncate", 92 }, -+ { "ftruncate", 93 }, -+ { "fchmod", 94 }, -+ { "getpriority", 96 }, -+ { "setpriority", 97 }, -+ { "statfs", 99 }, -+ { "fstatfs", 100 }, -+ { "socketcall", 102 }, -+ { "syslog", 103 }, -+ { "setitimer", 104 }, -+ { "getitimer", 105 }, -+ { "stat", 106 }, -+ { "lstat", 107 }, -+ { "fstat", 108 }, -+ { "lookup_dcookie", 110 }, -+ { "vhangup", 111 }, -+ { "idle", 112 }, -+ { "wait4", 114 }, -+ { "swapoff", 115 }, -+ { "sysinfo", 116 }, -+ { "ipc", 117 }, -+ { "fsync", 118 }, -+ { "sigreturn", 119 }, -+ { "clone", 120 }, -+ { "setdomainname", 121 }, -+ { "uname", 122 }, -+ { "adjtimex", 124 }, -+ { "mprotect", 125 }, -+ { "sigprocmask", 126 }, -+ { "create_module", 127 }, -+ { "init_module", 128 }, -+ { "delete_module", 129 }, -+ { "get_kernel_syms", 130 }, -+ { "quotactl", 131 }, -+ { "getpgid", 132 }, -+ { "fchdir", 133 }, -+ { "bdflush", 134 }, -+ { "sysfs", 135 }, -+ { "personality", 136 }, -+ { "afs_syscall", 137 }, -+ { "getdents", 141 }, -+ { "flock", 143 }, -+ { "msync", 144 }, -+ { "readv", 145 }, -+ { "writev", 146 }, -+ { "getsid", 147 }, -+ { "fdatasync", 148 }, -+ { "_sysctl", 149 }, -+ { "mlock", 150 }, -+ { "munlock", 151 }, -+ { "mlockall", 152 }, -+ { "munlockall", 153 }, -+ { "sched_setparam", 154 }, -+ { "sched_getparam", 155 }, -+ { "sched_setscheduler", 156 }, -+ { "sched_getscheduler", 157 }, -+ { "sched_yield", 158 }, -+ { "sched_get_priority_max", 159 }, -+ { "sched_get_priority_min", 160 }, -+ { "sched_rr_get_interval", 161 }, -+ { "nanosleep", 162 }, -+ { "mremap", 163 }, -+ { "query_module", 167 }, -+ { "poll", 168 }, -+ { "nfsservctl", 169 }, -+ { "prctl", 172 }, -+ { "rt_sigreturn", 173 }, -+ { "rt_sigaction", 174 }, -+ { "rt_sigprocmask", 175 }, -+ { "rt_sigpending", 176 }, -+ { "rt_sigtimedwait", 177 }, -+ { "rt_sigqueueinfo", 178 }, -+ { "rt_sigsuspend", 179 }, -+ { "pread64", 180 }, -+ { "pwrite64", 181 }, -+ { "getcwd", 183 }, -+ { "capget", 184 }, -+ { "capset", 185 }, -+ { "sigaltstack", 186 }, -+ { "sendfile", 187 }, -+ { "getpmsg", 188 }, -+ { "putpmsg", 189 }, -+ { "vfork", 190 }, -+ { "pivot_root", 217 }, -+ { "mincore", 218 }, -+ { "madvise", 219 }, -+ { "getdents64", 220 }, -+ { "readahead", 222 }, -+ { "setxattr", 224 }, -+ { "lsetxattr", 225 }, -+ { "fsetxattr", 226 }, -+ { "getxattr", 227 }, -+ { "lgetxattr", 228 }, -+ { "fgetxattr", 229 }, -+ { "listxattr", 230 }, -+ { "llistxattr", 231 }, -+ { "flistxattr", 232 }, -+ { "removexattr", 233 }, -+ { "lremovexattr", 234 }, -+ { "fremovexattr", 235 }, -+ { "gettid", 236 }, -+ { "tkill", 237 }, -+ { "futex", 238 }, -+ { "sched_setaffinity", 239 }, -+ { "sched_getaffinity", 240 }, -+ { "tgkill", 241 }, -+ { "io_setup", 243 }, -+ { "io_destroy", 244 }, -+ { "io_getevents", 245 }, -+ { "io_submit", 246 }, -+ { "io_cancel", 247 }, -+ { "exit_group", 248 }, -+ { "epoll_create", 249 }, -+ { "epoll_ctl", 250 }, -+ { "epoll_wait", 251 }, -+ { "set_tid_address", 252 }, -+ { "fadvise64", 253 }, -+ { "timer_create", 254 }, -+ { "timer_settime", 255 }, -+ { "timer_gettime", 256 }, -+ { "timer_getoverrun", 257 }, -+ { "timer_delete", 258 }, -+ { "clock_settime", 259 }, -+ { "clock_gettime", 260 }, -+ { "clock_getres", 261 }, -+ { "clock_nanosleep", 262 }, -+ { "statfs64", 265 }, -+ { "fstatfs64", 266 }, -+ { "remap_file_pages", 267 }, -+ { "mq_open", 271 }, -+ { "mq_unlink", 272 }, -+ { "mq_timedsend", 273 }, -+ { "mq_timedreceive", 274 }, -+ { "mq_notify", 275 }, -+ { "mq_getsetattr", 276 }, -+ { "kexec_load", 277 }, -+ { "add_key", 278 }, -+ { "request_key", 279 }, -+ { "keyctl", 280 }, -+ { "waitid", 281 }, -+ { "ioprio_set", 282 }, -+ { "ioprio_get", 283 }, -+ { "inotify_init", 284 }, -+ { "inotify_add_watch", 285 }, -+ { "inotify_rm_watch", 286 }, -+ { "openat", 288 }, -+ { "mkdirat", 289 }, -+ { "mknodat", 290 }, -+ { "fchownat", 291 }, -+ { "futimesat", 292 }, -+ { "unlinkat", 294 }, -+ { "renameat", 295 }, -+ { "linkat", 296 }, -+ { "symlinkat", 297 }, -+ { "readlinkat", 298 }, -+ { "fchmodat", 299 }, -+ { "faccessat", 300 }, -+ { "pselect6", 301 }, -+ { "ppoll", 302 }, -+ { "unshare", 303 }, -+ { "set_robust_list", 304 }, -+ { "get_robust_list", 305 }, -+ { "splice", 306 }, -+ { "sync_file_range", 307 }, -+ { "tee", 308 }, -+ { "vmsplice", 309 }, -+ { "getcpu", 311 }, -+ { "epoll_pwait", 312 }, -+ { "utimes", 313 }, -+ { "fallocate", 314 }, -+ { "utimensat", 315 }, -+ { "signalfd", 316 }, -+ { "timerfd", 317 }, -+ { "eventfd", 318 }, -+ { "timerfd_create", 319 }, -+ { "timerfd_settime", 320 }, -+ { "timerfd_gettime", 321 }, -+ { "signalfd4", 322 }, -+ { "eventfd2", 323 }, -+ { "inotify_init1", 324 }, -+ { "pipe2", 325 }, -+ { "dup3", 326 }, -+ { "epoll_create1", 327 }, -+ { "preadv", 328 }, -+ { "pwritev", 328 }, -+ { "rt_tgsigqueueinfo", 330 }, -+ { "perf_event_open", 331 }, -+ { "fanotify_init", 332 }, -+ { "fanotify_mark", 333 }, -+ { "prlimit64", 334 }, -+ { "name_to_handle_at", 335 }, -+ { "open_by_handle_at", 336 }, -+ { "clock_adjtime", 337 }, -+ { "syncfs", 338 }, -+ { "setns", 339 }, -+ { "process_vm_readv", 340 }, -+ { "process_vm_writev", 341 }, -+ { "s390_runtime_instr", 342 }, -+ { "kcmp", 343 }, -+ { "finit_module", 344 }, -+ { "sched_setattr", 345 }, -+ { "sched_getattr", 346 }, -+ { "time", 13 }, -+ { "lchown", 16 }, -+ { "setuid", 23 }, -+ { "getuid", 24 }, -+ { "stime", 25 }, -+ { "setgid", 46 }, -+ { "getgid", 47 }, -+ { "geteuid", 49 }, -+ { "getegid", 50 }, -+ { "setreuid", 70 }, -+ { "setregid", 71 }, -+ { "getrlimit", 76 }, -+ { "getgroups", 80 }, -+ { "setgroups", 81 }, -+ { "fchown", 95 }, -+ { "ioperm", 101 }, -+ { "setfsuid", 138 }, -+ { "setfsgid", 139 }, -+ { "_llseek", 140 }, -+ { "_newselect", 142 }, -+ { "setresuid", 164 }, -+ { "getresuid", 165 }, -+ { "setresgid", 170 }, -+ { "getresgid", 171 }, -+ { "chown", 182 }, -+ { "ugetrlimit", 191 }, -+ { "mmap2", 192 }, -+ { "truncate64", 193 }, -+ { "ftruncate64", 194 }, -+ { "stat64", 195 }, -+ { "lstat64", 196 }, -+ { "fstat64", 197 }, -+ { "lchown32", 198 }, -+ { "getuid32", 199 }, -+ { "getgid32", 200 }, -+ { "geteuid32", 201 }, -+ { "getegid32", 202 }, -+ { "setreuid32", 203 }, -+ { "setregid32", 204 }, -+ { "getgroups32", 205 }, -+ { "setgroups32", 206 }, -+ { "fchown32", 207 }, -+ { "setresuid32", 208 }, -+ { "getresuid32", 209 }, -+ { "setresgid32", 210 }, -+ { "getresgid32", 211 }, -+ { "chown32", 212 }, -+ { "setuid32", 213 }, -+ { "setgid32", 214 }, -+ { "setfsuid32", 215 }, -+ { "setfsgid32", 216 }, -+ { "fcntl64", 221 }, -+ { "sendfile64", 223 }, -+ { "fadvise64_64", 264 }, -+ { "fstatat64", 293 }, -+ -+ {NULL, __NR_SCMP_ERROR}, -+}; -+ -+ -+/** -+ * Resolve a syscall name to a number -+ * @param name the syscall name -+ * -+ * Resolve the given syscall name to the syscall number using the syscall table. -+ * Returns the syscall number on success, including negative pseudo syscall -+ * numbers; returns __NR_SCMP_ERROR on failure. -+ * -+ */ -+int s390_syscall_resolve_name(const char *name) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = s390_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].name != NULL; iter++) { -+ if (strcmp(name, table[iter].name) == 0) -+ return table[iter].num; -+ } -+ -+ return __NR_SCMP_ERROR; -+} -+ -+/** -+ * Resolve a syscall number to a name -+ * @param num the syscall number -+ * -+ * Resolve the given syscall number to the syscall name using the syscall table. -+ * Returns a pointer to the syscall name string on success, including pseudo -+ * syscall names; returns NULL on failure. -+ * -+ */ -+const char *s390_syscall_resolve_num(int num) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = s390_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { -+ if (num == table[iter].num) -+ return table[iter].name; -+ } -+ -+ return NULL; -+} -Index: libseccomp-2.1.1/src/arch-ppc64.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-ppc64.c -@@ -0,0 +1,38 @@ -+/** -+ * Enhanced Seccomp PowerPC64 Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+#include -+#include -+ -+#include "arch.h" -+#include "arch-ppc64.h" -+ -+const struct arch_def arch_def_ppc64 = { -+ .token = SCMP_ARCH_PPC64, -+ .token_bpf = AUDIT_ARCH_PPC64, -+ .size = ARCH_SIZE_64, -+#ifdef __LITTLE_ENDIAN__ -+ .endian = ARCH_ENDIAN_LITTLE, -+#else -+ .endian = ARCH_ENDIAN_BIG, -+#endif -+}; -Index: libseccomp-2.1.1/src/arch-ppc64.h -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-ppc64.h -@@ -0,0 +1,45 @@ -+/** -+ * Enhanced Seccomp PowerPC64 Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#ifndef _ARCH_PPC64_H -+#define _ARCH_PPC64_H -+ -+#include -+ -+#include "arch.h" -+#include "system.h" -+ -+#define ppc64_arg_count_max 6 -+ -+extern const struct arch_def arch_def_ppc64; -+ -+#ifdef __LITTLE_ENDIAN__ -+#define ppc64_arg_offset_lo(x) (arch_arg_offset(x)) -+#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4) -+#else -+#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4) -+#define ppc64_arg_offset_hi(x) (arch_arg_offset(x)) -+#endif -+ -+int ppc64_syscall_resolve_name(const char *name); -+const char *ppc64_syscall_resolve_num(int num); -+ -+#endif -Index: libseccomp-2.1.1/src/arch-ppc64-syscalls.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-ppc64-syscalls.c -@@ -0,0 +1,427 @@ -+/** -+ * Enhanced Seccomp PowerPC64 Syscall Table -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+ -+#include -+ -+#include "arch.h" -+#include "arch-ppc64.h" -+ -+/* NOTE: based on Linux 3.13 */ -+ -+static const struct arch_syscall_def ppc64_syscall_table[] = { \ -+ { "restart_syscall", 0 }, -+ { "exit", 1 }, -+ { "fork", 2 }, -+ { "read", 3 }, -+ { "write", 4 }, -+ { "open", 5 }, -+ { "close", 6 }, -+ { "waitpid", 7 }, -+ { "creat", 8 }, -+ { "link", 9 }, -+ { "unlink", 10 }, -+ { "execve", 11 }, -+ { "chdir", 12 }, -+ { "time", 13 }, -+ { "mknod", 14 }, -+ { "chmod", 15 }, -+ { "lchown", 16 }, -+ { "break", 17 }, -+ { "oldstat", 18 }, -+ { "lseek", 19 }, -+ { "getpid", 20 }, -+ { "mount", 21 }, -+ { "umount", 22 }, -+ { "setuid", 23 }, -+ { "getuid", 24 }, -+ { "stime", 25 }, -+ { "ptrace", 26 }, -+ { "alarm", 27 }, -+ { "oldfstat", 28 }, -+ { "pause", 29 }, -+ { "utime", 30 }, -+ { "stty", 31 }, -+ { "gtty", 32 }, -+ { "access", 33 }, -+ { "nice", 34 }, -+ { "ftime", 35 }, -+ { "sync", 36 }, -+ { "kill", 37 }, -+ { "rename", 38 }, -+ { "mkdir", 39 }, -+ { "rmdir", 40 }, -+ { "dup", 41 }, -+ { "pipe", 42 }, -+ { "times", 43 }, -+ { "prof", 44 }, -+ { "brk", 45 }, -+ { "setgid", 46 }, -+ { "getgid", 47 }, -+ { "signal", 48 }, -+ { "geteuid", 49 }, -+ { "getegid", 50 }, -+ { "acct", 51 }, -+ { "umount2", 52 }, -+ { "lock", 53 }, -+ { "ioctl", 54 }, -+ { "fcntl", 55 }, -+ { "mpx", 56 }, -+ { "setpgid", 57 }, -+ { "ulimit", 58 }, -+ { "oldolduname", 59 }, -+ { "umask", 60 }, -+ { "chroot", 61 }, -+ { "ustat", 62 }, -+ { "dup2", 63 }, -+ { "getppid", 64 }, -+ { "getpgrp", 65 }, -+ { "setsid", 66 }, -+ { "sigaction", 67 }, -+ { "sgetmask", 68 }, -+ { "ssetmask", 69 }, -+ { "setreuid", 70 }, -+ { "setregid", 71 }, -+ { "sigsuspend", 72 }, -+ { "sigpending", 73 }, -+ { "sethostname", 74 }, -+ { "setrlimit", 75 }, -+ { "getrlimit", 76 }, -+ { "getrusage", 77 }, -+ { "gettimeofday", 78 }, -+ { "settimeofday", 79 }, -+ { "getgroups", 80 }, -+ { "setgroups", 81 }, -+ { "select", 82 }, -+ { "symlink", 83 }, -+ { "oldlstat", 84 }, -+ { "readlink", 85 }, -+ { "uselib", 86 }, -+ { "swapon", 87 }, -+ { "reboot", 88 }, -+ { "readdir", 89 }, -+ { "mmap", 90 }, -+ { "munmap", 91 }, -+ { "truncate", 92 }, -+ { "ftruncate", 93 }, -+ { "fchmod", 94 }, -+ { "fchown", 95 }, -+ { "getpriority", 96 }, -+ { "setpriority", 97 }, -+ { "profil", 98 }, -+ { "statfs", 99 }, -+ { "fstatfs", 100 }, -+ { "ioperm", 101 }, -+ { "socketcall", 102 }, -+ { "syslog", 103 }, -+ { "setitimer", 104 }, -+ { "getitimer", 105 }, -+ { "stat", 106 }, -+ { "lstat", 107 }, -+ { "fstat", 108 }, -+ { "olduname", 109 }, -+ { "iopl", 110 }, -+ { "vhangup", 111 }, -+ { "idle", 112 }, -+ { "vm86", 113 }, -+ { "wait4", 114 }, -+ { "swapoff", 115 }, -+ { "sysinfo", 116 }, -+ { "ipc", 117 }, -+ { "fsync", 118 }, -+ { "sigreturn", 119 }, -+ { "clone", 120 }, -+ { "setdomainname", 121 }, -+ { "uname", 122 }, -+ { "modify_ldt", 123 }, -+ { "adjtimex", 124 }, -+ { "mprotect", 125 }, -+ { "sigprocmask", 126 }, -+ { "create_module", 127 }, -+ { "init_module", 128 }, -+ { "delete_module", 129 }, -+ { "get_kernel_syms", 130 }, -+ { "quotactl", 131 }, -+ { "getpgid", 132 }, -+ { "fchdir", 133 }, -+ { "bdflush", 134 }, -+ { "sysfs", 135 }, -+ { "personality", 136 }, -+ { "afs_syscall", 137 }, -+ { "setfsuid", 138 }, -+ { "setfsgid", 139 }, -+ { "_llseek", 140 }, -+ { "getdents", 141 }, -+ { "_newselect", 142 }, -+ { "flock", 143 }, -+ { "msync", 144 }, -+ { "readv", 145 }, -+ { "writev", 146 }, -+ { "getsid", 147 }, -+ { "fdatasync", 148 }, -+ { "_sysctl", 149 }, -+ { "mlock", 150 }, -+ { "munlock", 151 }, -+ { "mlockall", 152 }, -+ { "munlockall", 153 }, -+ { "sched_setparam", 154 }, -+ { "sched_getparam", 155 }, -+ { "sched_setscheduler", 156 }, -+ { "sched_getscheduler", 157 }, -+ { "sched_yield", 158 }, -+ { "sched_get_priority_max", 159 }, -+ { "sched_get_priority_min", 160 }, -+ { "sched_rr_get_interval", 161 }, -+ { "nanosleep", 162 }, -+ { "mremap", 163 }, -+ { "setresuid", 164 }, -+ { "getresuid", 165 }, -+ { "query_module", 166 }, -+ { "poll", 167 }, -+ { "nfsservctl", 168 }, -+ { "setresgid", 169 }, -+ { "getresgid", 170 }, -+ { "prctl", 171 }, -+ { "rt_sigreturn", 172 }, -+ { "rt_sigaction", 173 }, -+ { "rt_sigprocmask", 174 }, -+ { "rt_sigpending", 175 }, -+ { "rt_sigtimedwait", 176 }, -+ { "rt_sigqueueinfo", 177 }, -+ { "rt_sigsuspend", 178 }, -+ { "pread64", 179 }, -+ { "pwrite64", 180 }, -+ { "chown", 181 }, -+ { "getcwd", 182 }, -+ { "capget", 183 }, -+ { "capset", 184 }, -+ { "sigaltstack", 185 }, -+ { "sendfile", 186 }, -+ { "getpmsg", 187 }, -+ { "putpmsg", 188 }, -+ { "vfork", 189 }, -+ { "ugetrlimit", 190 }, -+ { "readahead", 191 }, -+ -+ { "pciconfig_read", 198 }, -+ { "pciconfig_write", 199 }, -+ { "pciconfig_iobase", 200 }, -+ { "multiplexer", 201 }, -+ { "getdents64", 202 }, -+ { "pivot_root", 203 }, -+ { "madvise", 205 }, -+ { "mincore", 206 }, -+ { "gettid", 207 }, -+ { "tkill", 208 }, -+ { "setxattr", 209 }, -+ { "lsetxattr", 210 }, -+ { "fsetxattr", 211 }, -+ { "getxattr", 212 }, -+ { "lgetxattr", 213 }, -+ { "fgetxattr", 214 }, -+ { "listxattr", 215 }, -+ { "llistxattr", 216 }, -+ { "flistxattr", 217 }, -+ { "removexattr", 218 }, -+ { "lremovexattr", 219 }, -+ { "fremovexattr", 220 }, -+ { "futex", 221 }, -+ { "sched_setaffinity", 222 }, -+ { "sched_getaffinity", 223 }, -+ { "tuxcall", 225 }, -+ { "io_setup", 227 }, -+ { "io_destroy", 228 }, -+ { "io_getevents", 229 }, -+ { "io_submit", 230 }, -+ { "io_cancel", 231 }, -+ { "set_tid_address", 232 }, -+ { "fadvise64", 233 }, -+ { "exit_group", 234 }, -+ { "lookup_dcookie", 235 }, -+ { "epoll_create", 236 }, -+ { "epoll_ctl", 237 }, -+ { "epoll_wait", 238 }, -+ { "remap_file_pages", 239 }, -+ { "timer_create", 240 }, -+ { "timer_settime", 241 }, -+ { "timer_gettime", 242 }, -+ { "timer_getoverrun", 243 }, -+ { "timer_delete", 244 }, -+ { "clock_settime", 245 }, -+ { "clock_gettime", 246 }, -+ { "clock_getres", 247 }, -+ { "clock_nanosleep", 248 }, -+ { "swapcontext", 249 }, -+ { "tgkill", 250 }, -+ { "utimes", 251 }, -+ { "statfs64", 252 }, -+ { "fstatfs64", 253 }, -+ { "rtas", 255 }, -+ { "sys_debug_setcontext", 256 }, -+ { "migrate_pages", 258 }, -+ { "mbind", 259 }, -+ { "get_mempolicy", 260 }, -+ { "set_mempolicy", 261 }, -+ { "mq_open", 262 }, -+ { "mq_unlink", 263 }, -+ { "mq_timedsend", 264 }, -+ { "mq_timedreceive", 265 }, -+ { "mq_notify", 266 }, -+ { "mq_getsetattr", 267 }, -+ { "kexec_load", 268 }, -+ { "add_key", 269 }, -+ { "request_key", 270 }, -+ { "keyctl", 271 }, -+ { "waitid", 272 }, -+ { "ioprio_set", 273 }, -+ { "ioprio_get", 274 }, -+ { "inotify_init", 275 }, -+ { "inotify_add_watch", 276 }, -+ { "inotify_rm_watch", 277 }, -+ { "spu_run", 278 }, -+ { "spu_create", 279 }, -+ { "pselect6", 280 }, -+ { "ppoll", 281 }, -+ { "unshare", 282 }, -+ { "splice", 283 }, -+ { "tee", 284 }, -+ { "vmsplice", 285 }, -+ { "openat", 286 }, -+ { "mkdirat", 287 }, -+ { "mknodat", 288 }, -+ { "fchownat", 289 }, -+ { "futimesat", 290 }, -+ { "newfstatat", 291 }, -+ { "unlinkat", 292 }, -+ { "renameat", 293 }, -+ { "linkat", 294 }, -+ { "symlinkat", 295 }, -+ { "readlinkat", 296 }, -+ { "fchmodat", 297 }, -+ { "faccessat", 298 }, -+ { "get_robust_list", 299 }, -+ { "set_robust_list", 300 }, -+ { "move_pages", 301 }, -+ { "getcpu", 302 }, -+ { "epoll_pwait", 303 }, -+ { "utimensat", 304 }, -+ { "signalfd", 305 }, -+ { "timerfd_create", 306 }, -+ { "eventfd", 307 }, -+ { "sync_file_range2", 308 }, -+ { "fallocate", 309 }, -+ { "subpage_prot", 310 }, -+ { "timerfd_settime", 311 }, -+ { "timerfd_gettime", 312 }, -+ { "signalfd4", 313 }, -+ { "eventfd2", 314 }, -+ { "epoll_create1", 315 }, -+ { "dup3", 316 }, -+ { "pipe2", 317 }, -+ { "inotify_init1", 318 }, -+ { "perf_event_open", 319 }, -+ { "preadv", 320 }, -+ { "pwritev", 321 }, -+ { "rt_tgsigqueueinfo", 322 }, -+ { "fanotify_init", 323 }, -+ { "fanotify_mark", 324 }, -+ { "prlimit64", 325 }, -+ { "socket", 326 }, -+ { "bind", 327 }, -+ { "connect", 328 }, -+ { "listen", 329 }, -+ { "accept", 330 }, -+ { "getsockname", 331 }, -+ { "getpeername", 332 }, -+ { "socketpair", 333 }, -+ { "send", 334 }, -+ { "sendto", 335 }, -+ { "recv", 336 }, -+ { "recvfrom", 337 }, -+ { "shutdown", 338 }, -+ { "setsockopt", 339 }, -+ { "getsockopt", 340 }, -+ { "sendmsg", 341 }, -+ { "recvmsg", 342 }, -+ { "recvmmsg", 343 }, -+ { "accept4", 344 }, -+ { "name_to_handle_at", 345 }, -+ { "open_by_handle_at", 346 }, -+ { "clock_adjtime", 347 }, -+ { "syncfs", 348 }, -+ { "sendmmsg", 349 }, -+ { "setns", 350 }, -+ { "process_vm_readv", 351 }, -+ { "process_vm_writev", 352 }, -+ { "finit_module", 353 }, -+ { "kcmp", 354 }, -+ { "sched_setattr", 355 }, -+ { "sched_getattr", 356 }, -+ {NULL, __NR_SCMP_ERROR}, -+}; -+ -+ -+/** -+ * Resolve a syscall name to a number -+ * @param name the syscall name -+ * -+ * Resolve the given syscall name to the syscall number using the syscall table. -+ * Returns the syscall number on success, including negative pseudo syscall -+ * numbers; returns __NR_SCMP_ERROR on failure. -+ * -+ */ -+int ppc64_syscall_resolve_name(const char *name) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = ppc64_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].name != NULL; iter++) { -+ if (strcmp(name, table[iter].name) == 0) -+ return table[iter].num; -+ } -+ -+ return __NR_SCMP_ERROR; -+} -+ -+/** -+ * Resolve a syscall number to a name -+ * @param num the syscall number -+ * -+ * Resolve the given syscall number to the syscall name using the syscall table. -+ * Returns a pointer to the syscall name string on success, including pseudo -+ * syscall names; returns NULL on failure. -+ * -+ */ -+const char *ppc64_syscall_resolve_num(int num) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = ppc64_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { -+ if (num == table[iter].num) -+ return table[iter].name; -+ } -+ -+ return NULL; -+} -Index: libseccomp-2.1.1/src/arch-ppc.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-ppc.c -@@ -0,0 +1,34 @@ -+/** -+ * Enhanced Seccomp PowerPC64 Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+#include -+#include -+ -+#include "arch.h" -+#include "arch-ppc.h" -+ -+const struct arch_def arch_def_ppc = { -+ .token = SCMP_ARCH_PPC, -+ .token_bpf = AUDIT_ARCH_PPC, -+ .size = ARCH_SIZE_32, -+ .endian = ARCH_ENDIAN_BIG, -+}; -Index: libseccomp-2.1.1/src/arch-ppc.h -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-ppc.h -@@ -0,0 +1,37 @@ -+/** -+ * Enhanced Seccomp PowerPC64 Specific Code -+ * -+ * Copyright (c) 2014 SUSE -+ * Author: Marcus Meissner -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#ifndef _ARCH_PPC_H -+#define _ARCH_PPC_H -+ -+#include -+ -+#include "arch.h" -+#include "system.h" -+ -+#define ppc_arg_count_max 6 -+ -+extern const struct arch_def arch_def_ppc; -+ -+int ppc_syscall_resolve_name(const char *name); -+const char *ppc_syscall_resolve_num(int num); -+ -+#endif -Index: libseccomp-2.1.1/src/arch-ppc-syscalls.c -=================================================================== ---- /dev/null -+++ libseccomp-2.1.1/src/arch-ppc-syscalls.c ++++ libseccomp-2.2.0/src/arch-ppc-syscalls.c @@ -0,0 +1,433 @@ +/** + * Enhanced Seccomp PowerPC64 Syscall Table @@ -2231,87 +509,1706 @@ Index: libseccomp-2.1.1/src/arch-ppc-syscalls.c + + return NULL; +} -Index: libseccomp-2.1.1/tools/scmp_sys_resolver.c +Index: libseccomp-2.2.0/src/arch-ppc.c =================================================================== ---- libseccomp-2.1.1.orig/tools/scmp_sys_resolver.c -+++ libseccomp-2.1.1/tools/scmp_sys_resolver.c -@@ -31,6 +31,10 @@ - #include "../src/arch-x86_64.h" - #include "../src/arch-x32.h" - #include "../src/arch-arm.h" -+#include "../src/arch-ppc.h" -+#include "../src/arch-ppc64.h" -+#include "../src/arch-s390.h" -+#include "../src/arch-s390x.h" +--- /dev/null ++++ libseccomp-2.2.0/src/arch-ppc.c +@@ -0,0 +1,34 @@ ++/** ++ * Enhanced Seccomp PowerPC64 Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++#include ++#include ++ ++#include "arch.h" ++#include "arch-ppc.h" ++ ++const struct arch_def arch_def_ppc = { ++ .token = SCMP_ARCH_PPC, ++ .token_bpf = AUDIT_ARCH_PPC, ++ .size = ARCH_SIZE_32, ++ .endian = ARCH_ENDIAN_BIG, ++}; +Index: libseccomp-2.2.0/src/arch-ppc.h +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-ppc.h +@@ -0,0 +1,37 @@ ++/** ++ * Enhanced Seccomp PowerPC64 Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#ifndef _ARCH_PPC_H ++#define _ARCH_PPC_H ++ ++#include ++ ++#include "arch.h" ++#include "system.h" ++ ++#define ppc_arg_count_max 6 ++ ++extern const struct arch_def arch_def_ppc; ++ ++int ppc_syscall_resolve_name(const char *name); ++const char *ppc_syscall_resolve_num(int num); ++ ++#endif +Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c +@@ -0,0 +1,427 @@ ++/** ++ * Enhanced Seccomp PowerPC64 Syscall Table ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++ ++#include ++ ++#include "arch.h" ++#include "arch-ppc64.h" ++ ++/* NOTE: based on Linux 3.13 */ ++ ++static const struct arch_syscall_def ppc64_syscall_table[] = { \ ++ { "restart_syscall", 0 }, ++ { "exit", 1 }, ++ { "fork", 2 }, ++ { "read", 3 }, ++ { "write", 4 }, ++ { "open", 5 }, ++ { "close", 6 }, ++ { "waitpid", 7 }, ++ { "creat", 8 }, ++ { "link", 9 }, ++ { "unlink", 10 }, ++ { "execve", 11 }, ++ { "chdir", 12 }, ++ { "time", 13 }, ++ { "mknod", 14 }, ++ { "chmod", 15 }, ++ { "lchown", 16 }, ++ { "break", 17 }, ++ { "oldstat", 18 }, ++ { "lseek", 19 }, ++ { "getpid", 20 }, ++ { "mount", 21 }, ++ { "umount", 22 }, ++ { "setuid", 23 }, ++ { "getuid", 24 }, ++ { "stime", 25 }, ++ { "ptrace", 26 }, ++ { "alarm", 27 }, ++ { "oldfstat", 28 }, ++ { "pause", 29 }, ++ { "utime", 30 }, ++ { "stty", 31 }, ++ { "gtty", 32 }, ++ { "access", 33 }, ++ { "nice", 34 }, ++ { "ftime", 35 }, ++ { "sync", 36 }, ++ { "kill", 37 }, ++ { "rename", 38 }, ++ { "mkdir", 39 }, ++ { "rmdir", 40 }, ++ { "dup", 41 }, ++ { "pipe", 42 }, ++ { "times", 43 }, ++ { "prof", 44 }, ++ { "brk", 45 }, ++ { "setgid", 46 }, ++ { "getgid", 47 }, ++ { "signal", 48 }, ++ { "geteuid", 49 }, ++ { "getegid", 50 }, ++ { "acct", 51 }, ++ { "umount2", 52 }, ++ { "lock", 53 }, ++ { "ioctl", 54 }, ++ { "fcntl", 55 }, ++ { "mpx", 56 }, ++ { "setpgid", 57 }, ++ { "ulimit", 58 }, ++ { "oldolduname", 59 }, ++ { "umask", 60 }, ++ { "chroot", 61 }, ++ { "ustat", 62 }, ++ { "dup2", 63 }, ++ { "getppid", 64 }, ++ { "getpgrp", 65 }, ++ { "setsid", 66 }, ++ { "sigaction", 67 }, ++ { "sgetmask", 68 }, ++ { "ssetmask", 69 }, ++ { "setreuid", 70 }, ++ { "setregid", 71 }, ++ { "sigsuspend", 72 }, ++ { "sigpending", 73 }, ++ { "sethostname", 74 }, ++ { "setrlimit", 75 }, ++ { "getrlimit", 76 }, ++ { "getrusage", 77 }, ++ { "gettimeofday", 78 }, ++ { "settimeofday", 79 }, ++ { "getgroups", 80 }, ++ { "setgroups", 81 }, ++ { "select", 82 }, ++ { "symlink", 83 }, ++ { "oldlstat", 84 }, ++ { "readlink", 85 }, ++ { "uselib", 86 }, ++ { "swapon", 87 }, ++ { "reboot", 88 }, ++ { "readdir", 89 }, ++ { "mmap", 90 }, ++ { "munmap", 91 }, ++ { "truncate", 92 }, ++ { "ftruncate", 93 }, ++ { "fchmod", 94 }, ++ { "fchown", 95 }, ++ { "getpriority", 96 }, ++ { "setpriority", 97 }, ++ { "profil", 98 }, ++ { "statfs", 99 }, ++ { "fstatfs", 100 }, ++ { "ioperm", 101 }, ++ { "socketcall", 102 }, ++ { "syslog", 103 }, ++ { "setitimer", 104 }, ++ { "getitimer", 105 }, ++ { "stat", 106 }, ++ { "lstat", 107 }, ++ { "fstat", 108 }, ++ { "olduname", 109 }, ++ { "iopl", 110 }, ++ { "vhangup", 111 }, ++ { "idle", 112 }, ++ { "vm86", 113 }, ++ { "wait4", 114 }, ++ { "swapoff", 115 }, ++ { "sysinfo", 116 }, ++ { "ipc", 117 }, ++ { "fsync", 118 }, ++ { "sigreturn", 119 }, ++ { "clone", 120 }, ++ { "setdomainname", 121 }, ++ { "uname", 122 }, ++ { "modify_ldt", 123 }, ++ { "adjtimex", 124 }, ++ { "mprotect", 125 }, ++ { "sigprocmask", 126 }, ++ { "create_module", 127 }, ++ { "init_module", 128 }, ++ { "delete_module", 129 }, ++ { "get_kernel_syms", 130 }, ++ { "quotactl", 131 }, ++ { "getpgid", 132 }, ++ { "fchdir", 133 }, ++ { "bdflush", 134 }, ++ { "sysfs", 135 }, ++ { "personality", 136 }, ++ { "afs_syscall", 137 }, ++ { "setfsuid", 138 }, ++ { "setfsgid", 139 }, ++ { "_llseek", 140 }, ++ { "getdents", 141 }, ++ { "_newselect", 142 }, ++ { "flock", 143 }, ++ { "msync", 144 }, ++ { "readv", 145 }, ++ { "writev", 146 }, ++ { "getsid", 147 }, ++ { "fdatasync", 148 }, ++ { "_sysctl", 149 }, ++ { "mlock", 150 }, ++ { "munlock", 151 }, ++ { "mlockall", 152 }, ++ { "munlockall", 153 }, ++ { "sched_setparam", 154 }, ++ { "sched_getparam", 155 }, ++ { "sched_setscheduler", 156 }, ++ { "sched_getscheduler", 157 }, ++ { "sched_yield", 158 }, ++ { "sched_get_priority_max", 159 }, ++ { "sched_get_priority_min", 160 }, ++ { "sched_rr_get_interval", 161 }, ++ { "nanosleep", 162 }, ++ { "mremap", 163 }, ++ { "setresuid", 164 }, ++ { "getresuid", 165 }, ++ { "query_module", 166 }, ++ { "poll", 167 }, ++ { "nfsservctl", 168 }, ++ { "setresgid", 169 }, ++ { "getresgid", 170 }, ++ { "prctl", 171 }, ++ { "rt_sigreturn", 172 }, ++ { "rt_sigaction", 173 }, ++ { "rt_sigprocmask", 174 }, ++ { "rt_sigpending", 175 }, ++ { "rt_sigtimedwait", 176 }, ++ { "rt_sigqueueinfo", 177 }, ++ { "rt_sigsuspend", 178 }, ++ { "pread64", 179 }, ++ { "pwrite64", 180 }, ++ { "chown", 181 }, ++ { "getcwd", 182 }, ++ { "capget", 183 }, ++ { "capset", 184 }, ++ { "sigaltstack", 185 }, ++ { "sendfile", 186 }, ++ { "getpmsg", 187 }, ++ { "putpmsg", 188 }, ++ { "vfork", 189 }, ++ { "ugetrlimit", 190 }, ++ { "readahead", 191 }, ++ ++ { "pciconfig_read", 198 }, ++ { "pciconfig_write", 199 }, ++ { "pciconfig_iobase", 200 }, ++ { "multiplexer", 201 }, ++ { "getdents64", 202 }, ++ { "pivot_root", 203 }, ++ { "madvise", 205 }, ++ { "mincore", 206 }, ++ { "gettid", 207 }, ++ { "tkill", 208 }, ++ { "setxattr", 209 }, ++ { "lsetxattr", 210 }, ++ { "fsetxattr", 211 }, ++ { "getxattr", 212 }, ++ { "lgetxattr", 213 }, ++ { "fgetxattr", 214 }, ++ { "listxattr", 215 }, ++ { "llistxattr", 216 }, ++ { "flistxattr", 217 }, ++ { "removexattr", 218 }, ++ { "lremovexattr", 219 }, ++ { "fremovexattr", 220 }, ++ { "futex", 221 }, ++ { "sched_setaffinity", 222 }, ++ { "sched_getaffinity", 223 }, ++ { "tuxcall", 225 }, ++ { "io_setup", 227 }, ++ { "io_destroy", 228 }, ++ { "io_getevents", 229 }, ++ { "io_submit", 230 }, ++ { "io_cancel", 231 }, ++ { "set_tid_address", 232 }, ++ { "fadvise64", 233 }, ++ { "exit_group", 234 }, ++ { "lookup_dcookie", 235 }, ++ { "epoll_create", 236 }, ++ { "epoll_ctl", 237 }, ++ { "epoll_wait", 238 }, ++ { "remap_file_pages", 239 }, ++ { "timer_create", 240 }, ++ { "timer_settime", 241 }, ++ { "timer_gettime", 242 }, ++ { "timer_getoverrun", 243 }, ++ { "timer_delete", 244 }, ++ { "clock_settime", 245 }, ++ { "clock_gettime", 246 }, ++ { "clock_getres", 247 }, ++ { "clock_nanosleep", 248 }, ++ { "swapcontext", 249 }, ++ { "tgkill", 250 }, ++ { "utimes", 251 }, ++ { "statfs64", 252 }, ++ { "fstatfs64", 253 }, ++ { "rtas", 255 }, ++ { "sys_debug_setcontext", 256 }, ++ { "migrate_pages", 258 }, ++ { "mbind", 259 }, ++ { "get_mempolicy", 260 }, ++ { "set_mempolicy", 261 }, ++ { "mq_open", 262 }, ++ { "mq_unlink", 263 }, ++ { "mq_timedsend", 264 }, ++ { "mq_timedreceive", 265 }, ++ { "mq_notify", 266 }, ++ { "mq_getsetattr", 267 }, ++ { "kexec_load", 268 }, ++ { "add_key", 269 }, ++ { "request_key", 270 }, ++ { "keyctl", 271 }, ++ { "waitid", 272 }, ++ { "ioprio_set", 273 }, ++ { "ioprio_get", 274 }, ++ { "inotify_init", 275 }, ++ { "inotify_add_watch", 276 }, ++ { "inotify_rm_watch", 277 }, ++ { "spu_run", 278 }, ++ { "spu_create", 279 }, ++ { "pselect6", 280 }, ++ { "ppoll", 281 }, ++ { "unshare", 282 }, ++ { "splice", 283 }, ++ { "tee", 284 }, ++ { "vmsplice", 285 }, ++ { "openat", 286 }, ++ { "mkdirat", 287 }, ++ { "mknodat", 288 }, ++ { "fchownat", 289 }, ++ { "futimesat", 290 }, ++ { "newfstatat", 291 }, ++ { "unlinkat", 292 }, ++ { "renameat", 293 }, ++ { "linkat", 294 }, ++ { "symlinkat", 295 }, ++ { "readlinkat", 296 }, ++ { "fchmodat", 297 }, ++ { "faccessat", 298 }, ++ { "get_robust_list", 299 }, ++ { "set_robust_list", 300 }, ++ { "move_pages", 301 }, ++ { "getcpu", 302 }, ++ { "epoll_pwait", 303 }, ++ { "utimensat", 304 }, ++ { "signalfd", 305 }, ++ { "timerfd_create", 306 }, ++ { "eventfd", 307 }, ++ { "sync_file_range2", 308 }, ++ { "fallocate", 309 }, ++ { "subpage_prot", 310 }, ++ { "timerfd_settime", 311 }, ++ { "timerfd_gettime", 312 }, ++ { "signalfd4", 313 }, ++ { "eventfd2", 314 }, ++ { "epoll_create1", 315 }, ++ { "dup3", 316 }, ++ { "pipe2", 317 }, ++ { "inotify_init1", 318 }, ++ { "perf_event_open", 319 }, ++ { "preadv", 320 }, ++ { "pwritev", 321 }, ++ { "rt_tgsigqueueinfo", 322 }, ++ { "fanotify_init", 323 }, ++ { "fanotify_mark", 324 }, ++ { "prlimit64", 325 }, ++ { "socket", 326 }, ++ { "bind", 327 }, ++ { "connect", 328 }, ++ { "listen", 329 }, ++ { "accept", 330 }, ++ { "getsockname", 331 }, ++ { "getpeername", 332 }, ++ { "socketpair", 333 }, ++ { "send", 334 }, ++ { "sendto", 335 }, ++ { "recv", 336 }, ++ { "recvfrom", 337 }, ++ { "shutdown", 338 }, ++ { "setsockopt", 339 }, ++ { "getsockopt", 340 }, ++ { "sendmsg", 341 }, ++ { "recvmsg", 342 }, ++ { "recvmmsg", 343 }, ++ { "accept4", 344 }, ++ { "name_to_handle_at", 345 }, ++ { "open_by_handle_at", 346 }, ++ { "clock_adjtime", 347 }, ++ { "syncfs", 348 }, ++ { "sendmmsg", 349 }, ++ { "setns", 350 }, ++ { "process_vm_readv", 351 }, ++ { "process_vm_writev", 352 }, ++ { "finit_module", 353 }, ++ { "kcmp", 354 }, ++ { "sched_setattr", 355 }, ++ { "sched_getattr", 356 }, ++ {NULL, __NR_SCMP_ERROR}, ++}; ++ ++ ++/** ++ * Resolve a syscall name to a number ++ * @param name the syscall name ++ * ++ * Resolve the given syscall name to the syscall number using the syscall table. ++ * Returns the syscall number on success, including negative pseudo syscall ++ * numbers; returns __NR_SCMP_ERROR on failure. ++ * ++ */ ++int ppc64_syscall_resolve_name(const char *name) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = ppc64_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].name != NULL; iter++) { ++ if (strcmp(name, table[iter].name) == 0) ++ return table[iter].num; ++ } ++ ++ return __NR_SCMP_ERROR; ++} ++ ++/** ++ * Resolve a syscall number to a name ++ * @param num the syscall number ++ * ++ * Resolve the given syscall number to the syscall name using the syscall table. ++ * Returns a pointer to the syscall name string on success, including pseudo ++ * syscall names; returns NULL on failure. ++ * ++ */ ++const char *ppc64_syscall_resolve_num(int num) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = ppc64_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { ++ if (num == table[iter].num) ++ return table[iter].name; ++ } ++ ++ return NULL; ++} +Index: libseccomp-2.2.0/src/arch-ppc64.c +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-ppc64.c +@@ -0,0 +1,38 @@ ++/** ++ * Enhanced Seccomp PowerPC64 Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++#include ++#include ++ ++#include "arch.h" ++#include "arch-ppc64.h" ++ ++const struct arch_def arch_def_ppc64 = { ++ .token = SCMP_ARCH_PPC64, ++ .token_bpf = AUDIT_ARCH_PPC64, ++ .size = ARCH_SIZE_64, ++#ifdef __LITTLE_ENDIAN__ ++ .endian = ARCH_ENDIAN_LITTLE, ++#else ++ .endian = ARCH_ENDIAN_BIG, ++#endif ++}; +Index: libseccomp-2.2.0/src/arch-ppc64.h +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-ppc64.h +@@ -0,0 +1,45 @@ ++/** ++ * Enhanced Seccomp PowerPC64 Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#ifndef _ARCH_PPC64_H ++#define _ARCH_PPC64_H ++ ++#include ++ ++#include "arch.h" ++#include "system.h" ++ ++#define ppc64_arg_count_max 6 ++ ++extern const struct arch_def arch_def_ppc64; ++ ++#ifdef __LITTLE_ENDIAN__ ++#define ppc64_arg_offset_lo(x) (arch_arg_offset(x)) ++#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4) ++#else ++#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4) ++#define ppc64_arg_offset_hi(x) (arch_arg_offset(x)) ++#endif ++ ++int ppc64_syscall_resolve_name(const char *name); ++const char *ppc64_syscall_resolve_num(int num); ++ ++#endif +Index: libseccomp-2.2.0/src/arch-s390-syscalls.c +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-s390-syscalls.c +@@ -0,0 +1,400 @@ ++/** ++ * Enhanced Seccomp s390 Syscall Table ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++ ++#include ++ ++#include "arch.h" ++#include "arch-s390.h" ++ ++/* NOTE: based on Linux 3.13 */ ++ ++static const struct arch_syscall_def s390_syscall_table[] = { \ ++ { "exit", 1 }, ++ { "fork", 2 }, ++ { "read", 3 }, ++ { "write", 4 }, ++ { "open", 5 }, ++ { "close", 6 }, ++ { "restart_syscall", 7 }, ++ { "creat", 8 }, ++ { "link", 9 }, ++ { "unlink", 10 }, ++ { "execve", 11 }, ++ { "chdir", 12 }, ++ { "mknod", 14 }, ++ { "chmod", 15 }, ++ { "lseek", 19 }, ++ { "getpid", 20 }, ++ { "mount", 21 }, ++ { "umount", 22 }, ++ { "ptrace", 26 }, ++ { "alarm", 27 }, ++ { "pause", 29 }, ++ { "utime", 30 }, ++ { "access", 33 }, ++ { "nice", 34 }, ++ { "sync", 36 }, ++ { "kill", 37 }, ++ { "rename", 38 }, ++ { "mkdir", 39 }, ++ { "rmdir", 40 }, ++ { "dup", 41 }, ++ { "pipe", 42 }, ++ { "times", 43 }, ++ { "brk", 45 }, ++ { "signal", 48 }, ++ { "acct", 51 }, ++ { "umount2", 52 }, ++ { "ioctl", 54 }, ++ { "fcntl", 55 }, ++ { "setpgid", 57 }, ++ { "umask", 60 }, ++ { "chroot", 61 }, ++ { "ustat", 62 }, ++ { "dup2", 63 }, ++ { "getppid", 64 }, ++ { "getpgrp", 65 }, ++ { "setsid", 66 }, ++ { "sigaction", 67 }, ++ { "sigsuspend", 72 }, ++ { "sigpending", 73 }, ++ { "sethostname", 74 }, ++ { "setrlimit", 75 }, ++ { "getrusage", 77 }, ++ { "gettimeofday", 78 }, ++ { "settimeofday", 79 }, ++ { "symlink", 83 }, ++ { "readlink", 85 }, ++ { "uselib", 86 }, ++ { "swapon", 87 }, ++ { "reboot", 88 }, ++ { "readdir", 89 }, ++ { "mmap", 90 }, ++ { "munmap", 91 }, ++ { "truncate", 92 }, ++ { "ftruncate", 93 }, ++ { "fchmod", 94 }, ++ { "getpriority", 96 }, ++ { "setpriority", 97 }, ++ { "statfs", 99 }, ++ { "fstatfs", 100 }, ++ { "socketcall", 102 }, ++ { "syslog", 103 }, ++ { "setitimer", 104 }, ++ { "getitimer", 105 }, ++ { "stat", 106 }, ++ { "lstat", 107 }, ++ { "fstat", 108 }, ++ { "lookup_dcookie", 110 }, ++ { "vhangup", 111 }, ++ { "idle", 112 }, ++ { "wait4", 114 }, ++ { "swapoff", 115 }, ++ { "sysinfo", 116 }, ++ { "ipc", 117 }, ++ { "fsync", 118 }, ++ { "sigreturn", 119 }, ++ { "clone", 120 }, ++ { "setdomainname", 121 }, ++ { "uname", 122 }, ++ { "adjtimex", 124 }, ++ { "mprotect", 125 }, ++ { "sigprocmask", 126 }, ++ { "create_module", 127 }, ++ { "init_module", 128 }, ++ { "delete_module", 129 }, ++ { "get_kernel_syms", 130 }, ++ { "quotactl", 131 }, ++ { "getpgid", 132 }, ++ { "fchdir", 133 }, ++ { "bdflush", 134 }, ++ { "sysfs", 135 }, ++ { "personality", 136 }, ++ { "afs_syscall", 137 }, ++ { "getdents", 141 }, ++ { "flock", 143 }, ++ { "msync", 144 }, ++ { "readv", 145 }, ++ { "writev", 146 }, ++ { "getsid", 147 }, ++ { "fdatasync", 148 }, ++ { "_sysctl", 149 }, ++ { "mlock", 150 }, ++ { "munlock", 151 }, ++ { "mlockall", 152 }, ++ { "munlockall", 153 }, ++ { "sched_setparam", 154 }, ++ { "sched_getparam", 155 }, ++ { "sched_setscheduler", 156 }, ++ { "sched_getscheduler", 157 }, ++ { "sched_yield", 158 }, ++ { "sched_get_priority_max", 159 }, ++ { "sched_get_priority_min", 160 }, ++ { "sched_rr_get_interval", 161 }, ++ { "nanosleep", 162 }, ++ { "mremap", 163 }, ++ { "query_module", 167 }, ++ { "poll", 168 }, ++ { "nfsservctl", 169 }, ++ { "prctl", 172 }, ++ { "rt_sigreturn", 173 }, ++ { "rt_sigaction", 174 }, ++ { "rt_sigprocmask", 175 }, ++ { "rt_sigpending", 176 }, ++ { "rt_sigtimedwait", 177 }, ++ { "rt_sigqueueinfo", 178 }, ++ { "rt_sigsuspend", 179 }, ++ { "pread64", 180 }, ++ { "pwrite64", 181 }, ++ { "getcwd", 183 }, ++ { "capget", 184 }, ++ { "capset", 185 }, ++ { "sigaltstack", 186 }, ++ { "sendfile", 187 }, ++ { "getpmsg", 188 }, ++ { "putpmsg", 189 }, ++ { "vfork", 190 }, ++ { "pivot_root", 217 }, ++ { "mincore", 218 }, ++ { "madvise", 219 }, ++ { "getdents64", 220 }, ++ { "readahead", 222 }, ++ { "setxattr", 224 }, ++ { "lsetxattr", 225 }, ++ { "fsetxattr", 226 }, ++ { "getxattr", 227 }, ++ { "lgetxattr", 228 }, ++ { "fgetxattr", 229 }, ++ { "listxattr", 230 }, ++ { "llistxattr", 231 }, ++ { "flistxattr", 232 }, ++ { "removexattr", 233 }, ++ { "lremovexattr", 234 }, ++ { "fremovexattr", 235 }, ++ { "gettid", 236 }, ++ { "tkill", 237 }, ++ { "futex", 238 }, ++ { "sched_setaffinity", 239 }, ++ { "sched_getaffinity", 240 }, ++ { "tgkill", 241 }, ++ { "io_setup", 243 }, ++ { "io_destroy", 244 }, ++ { "io_getevents", 245 }, ++ { "io_submit", 246 }, ++ { "io_cancel", 247 }, ++ { "exit_group", 248 }, ++ { "epoll_create", 249 }, ++ { "epoll_ctl", 250 }, ++ { "epoll_wait", 251 }, ++ { "set_tid_address", 252 }, ++ { "fadvise64", 253 }, ++ { "timer_create", 254 }, ++ { "timer_settime", 255 }, ++ { "timer_gettime", 256 }, ++ { "timer_getoverrun", 257 }, ++ { "timer_delete", 258 }, ++ { "clock_settime", 259 }, ++ { "clock_gettime", 260 }, ++ { "clock_getres", 261 }, ++ { "clock_nanosleep", 262 }, ++ { "statfs64", 265 }, ++ { "fstatfs64", 266 }, ++ { "remap_file_pages", 267 }, ++ { "mq_open", 271 }, ++ { "mq_unlink", 272 }, ++ { "mq_timedsend", 273 }, ++ { "mq_timedreceive", 274 }, ++ { "mq_notify", 275 }, ++ { "mq_getsetattr", 276 }, ++ { "kexec_load", 277 }, ++ { "add_key", 278 }, ++ { "request_key", 279 }, ++ { "keyctl", 280 }, ++ { "waitid", 281 }, ++ { "ioprio_set", 282 }, ++ { "ioprio_get", 283 }, ++ { "inotify_init", 284 }, ++ { "inotify_add_watch", 285 }, ++ { "inotify_rm_watch", 286 }, ++ { "openat", 288 }, ++ { "mkdirat", 289 }, ++ { "mknodat", 290 }, ++ { "fchownat", 291 }, ++ { "futimesat", 292 }, ++ { "unlinkat", 294 }, ++ { "renameat", 295 }, ++ { "linkat", 296 }, ++ { "symlinkat", 297 }, ++ { "readlinkat", 298 }, ++ { "fchmodat", 299 }, ++ { "faccessat", 300 }, ++ { "pselect6", 301 }, ++ { "ppoll", 302 }, ++ { "unshare", 303 }, ++ { "set_robust_list", 304 }, ++ { "get_robust_list", 305 }, ++ { "splice", 306 }, ++ { "sync_file_range", 307 }, ++ { "tee", 308 }, ++ { "vmsplice", 309 }, ++ { "getcpu", 311 }, ++ { "epoll_pwait", 312 }, ++ { "utimes", 313 }, ++ { "fallocate", 314 }, ++ { "utimensat", 315 }, ++ { "signalfd", 316 }, ++ { "timerfd", 317 }, ++ { "eventfd", 318 }, ++ { "timerfd_create", 319 }, ++ { "timerfd_settime", 320 }, ++ { "timerfd_gettime", 321 }, ++ { "signalfd4", 322 }, ++ { "eventfd2", 323 }, ++ { "inotify_init1", 324 }, ++ { "pipe2", 325 }, ++ { "dup3", 326 }, ++ { "epoll_create1", 327 }, ++ { "preadv", 328 }, ++ { "pwritev", 328 }, ++ { "rt_tgsigqueueinfo", 330 }, ++ { "perf_event_open", 331 }, ++ { "fanotify_init", 332 }, ++ { "fanotify_mark", 333 }, ++ { "prlimit64", 334 }, ++ { "name_to_handle_at", 335 }, ++ { "open_by_handle_at", 336 }, ++ { "clock_adjtime", 337 }, ++ { "syncfs", 338 }, ++ { "setns", 339 }, ++ { "process_vm_readv", 340 }, ++ { "process_vm_writev", 341 }, ++ { "s390_runtime_instr", 342 }, ++ { "kcmp", 343 }, ++ { "finit_module", 344 }, ++ { "sched_setattr", 345 }, ++ { "sched_getattr", 346 }, ++ { "time", 13 }, ++ { "lchown", 16 }, ++ { "setuid", 23 }, ++ { "getuid", 24 }, ++ { "stime", 25 }, ++ { "setgid", 46 }, ++ { "getgid", 47 }, ++ { "geteuid", 49 }, ++ { "getegid", 50 }, ++ { "setreuid", 70 }, ++ { "setregid", 71 }, ++ { "getrlimit", 76 }, ++ { "getgroups", 80 }, ++ { "setgroups", 81 }, ++ { "fchown", 95 }, ++ { "ioperm", 101 }, ++ { "setfsuid", 138 }, ++ { "setfsgid", 139 }, ++ { "_llseek", 140 }, ++ { "_newselect", 142 }, ++ { "setresuid", 164 }, ++ { "getresuid", 165 }, ++ { "setresgid", 170 }, ++ { "getresgid", 171 }, ++ { "chown", 182 }, ++ { "ugetrlimit", 191 }, ++ { "mmap2", 192 }, ++ { "truncate64", 193 }, ++ { "ftruncate64", 194 }, ++ { "stat64", 195 }, ++ { "lstat64", 196 }, ++ { "fstat64", 197 }, ++ { "lchown32", 198 }, ++ { "getuid32", 199 }, ++ { "getgid32", 200 }, ++ { "geteuid32", 201 }, ++ { "getegid32", 202 }, ++ { "setreuid32", 203 }, ++ { "setregid32", 204 }, ++ { "getgroups32", 205 }, ++ { "setgroups32", 206 }, ++ { "fchown32", 207 }, ++ { "setresuid32", 208 }, ++ { "getresuid32", 209 }, ++ { "setresgid32", 210 }, ++ { "getresgid32", 211 }, ++ { "chown32", 212 }, ++ { "setuid32", 213 }, ++ { "setgid32", 214 }, ++ { "setfsuid32", 215 }, ++ { "setfsgid32", 216 }, ++ { "fcntl64", 221 }, ++ { "sendfile64", 223 }, ++ { "fadvise64_64", 264 }, ++ { "fstatat64", 293 }, ++ ++ {NULL, __NR_SCMP_ERROR}, ++}; ++ ++ ++/** ++ * Resolve a syscall name to a number ++ * @param name the syscall name ++ * ++ * Resolve the given syscall name to the syscall number using the syscall table. ++ * Returns the syscall number on success, including negative pseudo syscall ++ * numbers; returns __NR_SCMP_ERROR on failure. ++ * ++ */ ++int s390_syscall_resolve_name(const char *name) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = s390_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].name != NULL; iter++) { ++ if (strcmp(name, table[iter].name) == 0) ++ return table[iter].num; ++ } ++ ++ return __NR_SCMP_ERROR; ++} ++ ++/** ++ * Resolve a syscall number to a name ++ * @param num the syscall number ++ * ++ * Resolve the given syscall number to the syscall name using the syscall table. ++ * Returns a pointer to the syscall name string on success, including pseudo ++ * syscall names; returns NULL on failure. ++ * ++ */ ++const char *s390_syscall_resolve_num(int num) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = s390_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { ++ if (num == table[iter].num) ++ return table[iter].name; ++ } ++ ++ return NULL; ++} +Index: libseccomp-2.2.0/src/arch-s390.c +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-s390.c +@@ -0,0 +1,34 @@ ++/** ++ * Enhanced Seccomp S390 Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++#include ++#include ++ ++#include "arch.h" ++#include "arch-s390.h" ++ ++const struct arch_def arch_def_s390 = { ++ .token = SCMP_ARCH_S390, ++ .token_bpf = AUDIT_ARCH_S390, ++ .size = ARCH_SIZE_32, ++ .endian = ARCH_ENDIAN_BIG, ++}; +Index: libseccomp-2.2.0/src/arch-s390.h +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-s390.h +@@ -0,0 +1,37 @@ ++/** ++ * Enhanced Seccomp S390 Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#ifndef _ARCH_S390_H ++#define _ARCH_S390_H ++ ++#include ++ ++#include "arch.h" ++#include "system.h" ++ ++#define s390_arg_count_max 6 ++ ++extern const struct arch_def arch_def_s390; ++ ++int s390_syscall_resolve_name(const char *name); ++const char *s390_syscall_resolve_num(int num); ++ ++#endif +Index: libseccomp-2.2.0/src/arch-s390x-syscalls.c +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-s390x-syscalls.c +@@ -0,0 +1,367 @@ ++/** ++ * Enhanced Seccomp s390x Syscall Table ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++ ++#include ++ ++#include "arch.h" ++#include "arch-s390x.h" ++ ++/* NOTE: based on Linux 3.13 */ ++ ++static const struct arch_syscall_def s390x_syscall_table[] = { \ ++ { "exit", 1 }, ++ { "fork", 2 }, ++ { "read", 3 }, ++ { "write", 4 }, ++ { "open", 5 }, ++ { "close", 6 }, ++ { "restart_syscall", 7 }, ++ { "creat", 8 }, ++ { "link", 9 }, ++ { "unlink", 10 }, ++ { "execve", 11 }, ++ { "chdir", 12 }, ++ { "mknod", 14 }, ++ { "chmod", 15 }, ++ { "lseek", 19 }, ++ { "getpid", 20 }, ++ { "mount", 21 }, ++ { "umount", 22 }, ++ { "ptrace", 26 }, ++ { "alarm", 27 }, ++ { "pause", 29 }, ++ { "utime", 30 }, ++ { "access", 33 }, ++ { "nice", 34 }, ++ { "sync", 36 }, ++ { "kill", 37 }, ++ { "rename", 38 }, ++ { "mkdir", 39 }, ++ { "rmdir", 40 }, ++ { "dup", 41 }, ++ { "pipe", 42 }, ++ { "times", 43 }, ++ { "brk", 45 }, ++ { "signal", 48 }, ++ { "acct", 51 }, ++ { "umount2", 52 }, ++ { "ioctl", 54 }, ++ { "fcntl", 55 }, ++ { "setpgid", 57 }, ++ { "umask", 60 }, ++ { "chroot", 61 }, ++ { "ustat", 62 }, ++ { "dup2", 63 }, ++ { "getppid", 64 }, ++ { "getpgrp", 65 }, ++ { "setsid", 66 }, ++ { "sigaction", 67 }, ++ { "sigsuspend", 72 }, ++ { "sigpending", 73 }, ++ { "sethostname", 74 }, ++ { "setrlimit", 75 }, ++ { "getrusage", 77 }, ++ { "gettimeofday", 78 }, ++ { "settimeofday", 79 }, ++ { "symlink", 83 }, ++ { "readlink", 85 }, ++ { "uselib", 86 }, ++ { "swapon", 87 }, ++ { "reboot", 88 }, ++ { "readdir", 89 }, ++ { "mmap", 90 }, ++ { "munmap", 91 }, ++ { "truncate", 92 }, ++ { "ftruncate", 93 }, ++ { "fchmod", 94 }, ++ { "getpriority", 96 }, ++ { "setpriority", 97 }, ++ { "statfs", 99 }, ++ { "fstatfs", 100 }, ++ { "socketcall", 102 }, ++ { "syslog", 103 }, ++ { "setitimer", 104 }, ++ { "getitimer", 105 }, ++ { "stat", 106 }, ++ { "lstat", 107 }, ++ { "fstat", 108 }, ++ { "lookup_dcookie", 110 }, ++ { "vhangup", 111 }, ++ { "idle", 112 }, ++ { "wait4", 114 }, ++ { "swapoff", 115 }, ++ { "sysinfo", 116 }, ++ { "ipc", 117 }, ++ { "fsync", 118 }, ++ { "sigreturn", 119 }, ++ { "clone", 120 }, ++ { "setdomainname", 121 }, ++ { "uname", 122 }, ++ { "adjtimex", 124 }, ++ { "mprotect", 125 }, ++ { "sigprocmask", 126 }, ++ { "create_module", 127 }, ++ { "init_module", 128 }, ++ { "delete_module", 129 }, ++ { "get_kernel_syms", 130 }, ++ { "quotactl", 131 }, ++ { "getpgid", 132 }, ++ { "fchdir", 133 }, ++ { "bdflush", 134 }, ++ { "sysfs", 135 }, ++ { "personality", 136 }, ++ { "afs_syscall", 137 }, ++ { "getdents", 141 }, ++ { "flock", 143 }, ++ { "msync", 144 }, ++ { "readv", 145 }, ++ { "writev", 146 }, ++ { "getsid", 147 }, ++ { "fdatasync", 148 }, ++ { "_sysctl", 149 }, ++ { "mlock", 150 }, ++ { "munlock", 151 }, ++ { "mlockall", 152 }, ++ { "munlockall", 153 }, ++ { "sched_setparam", 154 }, ++ { "sched_getparam", 155 }, ++ { "sched_setscheduler", 156 }, ++ { "sched_getscheduler", 157 }, ++ { "sched_yield", 158 }, ++ { "sched_get_priority_max", 159 }, ++ { "sched_get_priority_min", 160 }, ++ { "sched_rr_get_interval", 161 }, ++ { "nanosleep", 162 }, ++ { "mremap", 163 }, ++ { "query_module", 167 }, ++ { "poll", 168 }, ++ { "nfsservctl", 169 }, ++ { "prctl", 172 }, ++ { "rt_sigreturn", 173 }, ++ { "rt_sigaction", 174 }, ++ { "rt_sigprocmask", 175 }, ++ { "rt_sigpending", 176 }, ++ { "rt_sigtimedwait", 177 }, ++ { "rt_sigqueueinfo", 178 }, ++ { "rt_sigsuspend", 179 }, ++ { "pread64", 180 }, ++ { "pwrite64", 181 }, ++ { "getcwd", 183 }, ++ { "capget", 184 }, ++ { "capset", 185 }, ++ { "sigaltstack", 186 }, ++ { "sendfile", 187 }, ++ { "getpmsg", 188 }, ++ { "putpmsg", 189 }, ++ { "vfork", 190 }, ++ { "pivot_root", 217 }, ++ { "mincore", 218 }, ++ { "madvise", 219 }, ++ { "getdents64", 220 }, ++ { "readahead", 222 }, ++ { "setxattr", 224 }, ++ { "lsetxattr", 225 }, ++ { "fsetxattr", 226 }, ++ { "getxattr", 227 }, ++ { "lgetxattr", 228 }, ++ { "fgetxattr", 229 }, ++ { "listxattr", 230 }, ++ { "llistxattr", 231 }, ++ { "flistxattr", 232 }, ++ { "removexattr", 233 }, ++ { "lremovexattr", 234 }, ++ { "fremovexattr", 235 }, ++ { "gettid", 236 }, ++ { "tkill", 237 }, ++ { "futex", 238 }, ++ { "sched_setaffinity", 239 }, ++ { "sched_getaffinity", 240 }, ++ { "tgkill", 241 }, ++ { "io_setup", 243 }, ++ { "io_destroy", 244 }, ++ { "io_getevents", 245 }, ++ { "io_submit", 246 }, ++ { "io_cancel", 247 }, ++ { "exit_group", 248 }, ++ { "epoll_create", 249 }, ++ { "epoll_ctl", 250 }, ++ { "epoll_wait", 251 }, ++ { "set_tid_address", 252 }, ++ { "fadvise64", 253 }, ++ { "timer_create", 254 }, ++ { "timer_settime", 255 }, ++ { "timer_gettime", 256 }, ++ { "timer_getoverrun", 257 }, ++ { "timer_delete", 258 }, ++ { "clock_settime", 259 }, ++ { "clock_gettime", 260 }, ++ { "clock_getres", 261 }, ++ { "clock_nanosleep", 262 }, ++ { "statfs64", 265 }, ++ { "fstatfs64", 266 }, ++ { "remap_file_pages", 267 }, ++ { "mq_open", 271 }, ++ { "mq_unlink", 272 }, ++ { "mq_timedsend", 273 }, ++ { "mq_timedreceive", 274 }, ++ { "mq_notify", 275 }, ++ { "mq_getsetattr", 276 }, ++ { "kexec_load", 277 }, ++ { "add_key", 278 }, ++ { "request_key", 279 }, ++ { "keyctl", 280 }, ++ { "waitid", 281 }, ++ { "ioprio_set", 282 }, ++ { "ioprio_get", 283 }, ++ { "inotify_init", 284 }, ++ { "inotify_add_watch", 285 }, ++ { "inotify_rm_watch", 286 }, ++ { "openat", 288 }, ++ { "mkdirat", 289 }, ++ { "mknodat", 290 }, ++ { "fchownat", 291 }, ++ { "futimesat", 292 }, ++ { "unlinkat", 294 }, ++ { "renameat", 295 }, ++ { "linkat", 296 }, ++ { "symlinkat", 297 }, ++ { "readlinkat", 298 }, ++ { "fchmodat", 299 }, ++ { "faccessat", 300 }, ++ { "pselect6", 301 }, ++ { "ppoll", 302 }, ++ { "unshare", 303 }, ++ { "set_robust_list", 304 }, ++ { "get_robust_list", 305 }, ++ { "splice", 306 }, ++ { "sync_file_range", 307 }, ++ { "tee", 308 }, ++ { "vmsplice", 309 }, ++ { "getcpu", 311 }, ++ { "epoll_pwait", 312 }, ++ { "utimes", 313 }, ++ { "fallocate", 314 }, ++ { "utimensat", 315 }, ++ { "signalfd", 316 }, ++ { "timerfd", 317 }, ++ { "eventfd", 318 }, ++ { "timerfd_create", 319 }, ++ { "timerfd_settime", 320 }, ++ { "timerfd_gettime", 321 }, ++ { "signalfd4", 322 }, ++ { "eventfd2", 323 }, ++ { "inotify_init1", 324 }, ++ { "pipe2", 325 }, ++ { "dup3", 326 }, ++ { "epoll_create1", 327 }, ++ { "preadv", 328 }, ++ { "pwritev", 329 }, ++ { "rt_tgsigqueueinfo", 330 }, ++ { "perf_event_open", 331 }, ++ { "fanotify_init", 332 }, ++ { "fanotify_mark", 333 }, ++ { "prlimit64", 334 }, ++ { "name_to_handle_at", 335 }, ++ { "open_by_handle_at", 336 }, ++ { "clock_adjtime", 337 }, ++ { "syncfs", 338 }, ++ { "setns", 339 }, ++ { "process_vm_readv", 340 }, ++ { "process_vm_writev", 341 }, ++ { "s390_runtime_instr", 342 }, ++ { "kcmp", 343 }, ++ { "finit_module", 344 }, ++ { "sched_setattr", 345 }, ++ { "sched_getattr", 346 }, ++ { "select", 142 }, ++ { "getrlimit", 191 }, ++ { "lchown", 198 }, ++ { "getuid", 199 }, ++ { "getgid", 200 }, ++ { "geteuid", 201 }, ++ { "getegid", 202 }, ++ { "setreuid", 203 }, ++ { "setregid", 204 }, ++ { "getgroups", 205 }, ++ { "setgroups", 206 }, ++ { "fchown", 207 }, ++ { "setresuid", 208 }, ++ { "getresuid", 209 }, ++ { "setresgid", 210 }, ++ { "getresgid", 211 }, ++ { "chown", 212 }, ++ { "setuid", 213 }, ++ { "setgid", 214 }, ++ { "setfsuid", 215 }, ++ { "setfsgid", 216 }, ++ { "newfstatat", 293 }, ++ ++ {NULL, __NR_SCMP_ERROR}, ++}; ++ ++ ++/** ++ * Resolve a syscall name to a number ++ * @param name the syscall name ++ * ++ * Resolve the given syscall name to the syscall number using the syscall table. ++ * Returns the syscall number on success, including negative pseudo syscall ++ * numbers; returns __NR_SCMP_ERROR on failure. ++ * ++ */ ++int s390x_syscall_resolve_name(const char *name) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = s390x_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].name != NULL; iter++) { ++ if (strcmp(name, table[iter].name) == 0) ++ return table[iter].num; ++ } ++ ++ return __NR_SCMP_ERROR; ++} ++ ++/** ++ * Resolve a syscall number to a name ++ * @param num the syscall number ++ * ++ * Resolve the given syscall number to the syscall name using the syscall table. ++ * Returns a pointer to the syscall name string on success, including pseudo ++ * syscall names; returns NULL on failure. ++ * ++ */ ++const char *s390x_syscall_resolve_num(int num) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = s390x_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { ++ if (num == table[iter].num) ++ return table[iter].name; ++ } ++ ++ return NULL; ++} +Index: libseccomp-2.2.0/src/arch-s390x.c +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-s390x.c +@@ -0,0 +1,34 @@ ++/** ++ * Enhanced Seccomp S390X Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++#include ++#include ++ ++#include "arch.h" ++#include "arch-s390x.h" ++ ++const struct arch_def arch_def_s390x = { ++ .token = SCMP_ARCH_S390X, ++ .token_bpf = AUDIT_ARCH_S390X, ++ .size = ARCH_SIZE_64, ++ .endian = ARCH_ENDIAN_BIG, ++}; +Index: libseccomp-2.2.0/src/arch-s390x.h +=================================================================== +--- /dev/null ++++ libseccomp-2.2.0/src/arch-s390x.h +@@ -0,0 +1,40 @@ ++/** ++ * Enhanced Seccomp S390X Specific Code ++ * ++ * Copyright (c) 2014 SUSE ++ * Author: Marcus Meissner ++ */ ++ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#ifndef _ARCH_S390X_H ++#define _ARCH_S390X_H ++ ++#include ++ ++#include "arch.h" ++#include "system.h" ++ ++#define s390x_arg_count_max 6 ++ ++extern const struct arch_def arch_def_s390x; ++ ++#define s390x_arg_offset_lo(x) (arch_arg_offset(x) + 4) ++#define s390x_arg_offset_hi(x) (arch_arg_offset(x)) ++ ++int s390x_syscall_resolve_name(const char *name); ++const char *s390x_syscall_resolve_num(int num); ++ ++#endif +Index: libseccomp-2.2.0/src/arch.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch.c ++++ libseccomp-2.2.0/src/arch.c +@@ -38,6 +38,10 @@ + #include "arch-mips.h" + #include "arch-mips64.h" + #include "arch-mips64n32.h" ++#include "arch-s390x.h" ++#include "arch-s390.h" ++#include "arch-ppc.h" ++#include "arch-ppc64.h" + #include "system.h" - /** - * Print the usage information to stderr and exit -@@ -70,6 +74,14 @@ int main(int argc, char *argv[]) - arch = &arch_def_x32; - else if (strcmp(optarg, "arm") == 0) - arch = &arch_def_arm; -+ else if (strcmp(optarg, "ppc") == 0) -+ arch = &arch_def_ppc; -+ else if (strcmp(optarg, "ppc64") == 0) -+ arch = &arch_def_ppc64; -+ else if (strcmp(optarg, "s390") == 0) -+ arch = &arch_def_s390; -+ else if (strcmp(optarg, "s390x") == 0) -+ arch = &arch_def_s390x; - else - exit_usage(argv[0]); - break; -Index: libseccomp-2.1.1/tests/23-sim-arch_all_basic.c -=================================================================== ---- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.c -+++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.c -@@ -60,6 +60,30 @@ int main(int argc, char *argv[]) - goto out; + #define default_arg_count_max 6 +@@ -74,6 +78,14 @@ const struct arch_def *arch_def_native = + #elif __MIPSEL__ + const struct arch_def *arch_def_native = &arch_def_mipsel64n32; + #endif /* _MIPS_SIM_NABI32 */ ++#elif __s390__ ++const struct arch_def *arch_def_native = &arch_def_s390; ++#elif __s390x__ ++const struct arch_def *arch_def_native = &arch_def_s390x; ++#elif __powerpc64__ ++const struct arch_def *arch_def_native = &arch_def_ppc64; ++#elif __powerpc__ ++const struct arch_def *arch_def_native = &arch_def_ppc; + #else + #error the arch code needs to know about your machine type + #endif /* machine type guess */ +@@ -122,6 +134,14 @@ const struct arch_def *arch_def_lookup(u + return &arch_def_mips64n32; + case SCMP_ARCH_MIPSEL64N32: + return &arch_def_mipsel64n32; ++ case SCMP_ARCH_S390: ++ return &arch_def_s390; ++ case SCMP_ARCH_S390X: ++ return &arch_def_s390x; ++ case SCMP_ARCH_PPC64: ++ return &arch_def_ppc64; ++ case SCMP_ARCH_PPC: ++ return &arch_def_ppc; } -+ if (seccomp_arch_exist(ctx, SCMP_ARCH_PPC)) { -+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC); -+ if (rc != 0) -+ goto out; -+ } -+ -+ if (seccomp_arch_exist(ctx, SCMP_ARCH_PPC64)) { -+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64); -+ if (rc != 0) -+ goto out; -+ } -+ -+ if (seccomp_arch_exist(ctx, SCMP_ARCH_S390)) { -+ rc = seccomp_arch_add(ctx, SCMP_ARCH_S390); -+ if (rc != 0) -+ goto out; -+ } -+ -+ if (seccomp_arch_exist(ctx, SCMP_ARCH_S390X)) { -+ rc = seccomp_arch_add(ctx, SCMP_ARCH_S390X); -+ if (rc != 0) -+ goto out; -+ } -+ - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, - SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); - if (rc != 0) -Index: libseccomp-2.1.1/tests/23-sim-arch_all_basic.py + return NULL; +@@ -276,6 +296,14 @@ int arch_syscall_resolve_name(const stru + case SCMP_ARCH_MIPS64N32: + case SCMP_ARCH_MIPSEL64N32: + return mips64n32_syscall_resolve_name(name); ++ case SCMP_ARCH_S390: ++ return s390_syscall_resolve_name(name); ++ case SCMP_ARCH_S390X: ++ return s390x_syscall_resolve_name(name); ++ case SCMP_ARCH_PPC64: ++ return ppc64_syscall_resolve_name(name); ++ case SCMP_ARCH_PPC: ++ return ppc_syscall_resolve_name(name); + } + + return __NR_SCMP_ERROR; +@@ -313,6 +341,14 @@ const char *arch_syscall_resolve_num(con + case SCMP_ARCH_MIPS64N32: + case SCMP_ARCH_MIPSEL64N32: + return mips64n32_syscall_resolve_num(num); ++ case SCMP_ARCH_S390: ++ return s390_syscall_resolve_num(num); ++ case SCMP_ARCH_S390X: ++ return s390x_syscall_resolve_num(num); ++ case SCMP_ARCH_PPC64: ++ return ppc64_syscall_resolve_num(num); ++ case SCMP_ARCH_PPC: ++ return ppc_syscall_resolve_num(num); + } + + return NULL; +Index: libseccomp-2.2.0/src/gen_pfc.c =================================================================== ---- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.py -+++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.py -@@ -38,6 +38,14 @@ def test(args): - f.add_arch(Arch.X32) - if not f.exist_arch(Arch.ARM): - f.add_arch(Arch.ARM) -+ if not f.exist_arch(Arch.PPC): -+ f.add_arch(Arch.PPC) -+ if not f.exist_arch(Arch.PPC64): -+ f.add_arch(Arch.PPC64) -+ if not f.exist_arch(Arch.S390): -+ f.add_arch(Arch.S390) -+ if not f.exist_arch(Arch.S390X): -+ f.add_arch(Arch.S390X) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +--- libseccomp-2.2.0.orig/src/gen_pfc.c ++++ libseccomp-2.2.0/src/gen_pfc.c +@@ -71,6 +71,14 @@ static const char *_pfc_arch(const struc + return "mips64n32"; + case SCMP_ARCH_MIPSEL64N32: + return "mipsel64n32"; ++ case SCMP_ARCH_S390X: ++ return "s390x"; ++ case SCMP_ARCH_S390: ++ return "s390"; ++ case SCMP_ARCH_PPC: ++ return "ppc"; ++ case SCMP_ARCH_PPC64: ++ return "ppc64"; + default: + return "UNKNOWN"; + } +Index: libseccomp-2.2.0/tools/scmp_arch_detect.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c ++++ libseccomp-2.2.0/tools/scmp_arch_detect.c +@@ -99,6 +99,18 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_MIPSEL64N32: + printf("mipsel64n32\n"); + break; ++ case SCMP_ARCH_S390: ++ printf("s390\n"); ++ break; ++ case SCMP_ARCH_S390X: ++ printf("s390x\n"); ++ break; ++ case SCMP_ARCH_PPC: ++ printf("ppc\n"); ++ break; ++ case SCMP_ARCH_PPC64: ++ printf("ppc64\n"); ++ break; + default: + printf("unknown\n"); + } +Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c ++++ libseccomp-2.2.0/tools/scmp_bpf_sim.c +@@ -249,6 +249,14 @@ int main(int argc, char *argv[]) + arch = AUDIT_ARCH_MIPS64N32; + else if (strcmp(optarg, "mipsel64n32") == 0) + arch = AUDIT_ARCH_MIPSEL64N32; ++ else if (strcmp(optarg, "s390") == 0) ++ sys_data.arch = AUDIT_ARCH_S390; ++ else if (strcmp(optarg, "s390x") == 0) ++ sys_data.arch = AUDIT_ARCH_S390X; ++ else if (strcmp(optarg, "ppc") == 0) ++ sys_data.arch = AUDIT_ARCH_PPC; ++ else if (strcmp(optarg, "ppc64") == 0) ++ sys_data.arch = AUDIT_ARCH_PPC64; + else + exit_fault(EINVAL); + break; +Index: libseccomp-2.2.0/tools/util.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/util.c ++++ libseccomp-2.2.0/tools/util.c +@@ -62,6 +62,14 @@ + #elif __MIPSEL__ + #define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32 + #endif /* _MIPS_SIM_NABI32 */ ++#elif __s390__ ++#define ARCH_NATIVE AUDIT_ARCH_S390 ++#elif __s390x__ ++#define ARCH_NATIVE AUDIT_ARCH_S390X ++#elif __powerpc64__ ++#define ARCH_NATIVE AUDIT_ARCH_PPC64 ++#elif __powerpc__ ++#define ARCH_NATIVE AUDIT_ARCH_PPC + #else + #error the simulator code needs to know about your machine type + #endif diff --git a/libseccomp.changes b/libseccomp.changes index b9e21cb..c6bc4a1 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Sun Mar 29 00:28:59 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 2.2.0 +* Added support for aarch64, mips, mips64, mips64n32 (BE/LE). +* Added support for using the new seccomp() syscall and the thread + sync functionality. +* Added Python bindings +- Remove 0001-build-use-autotools-as-build-system.patch + (merged). Add no-static.diff. + Add 0001-tools-add-the-missing-elf.h-header-file.patch + ------------------------------------------------------------------- Sat Jul 12 11:26:10 UTC 2014 - meissner@suse.com diff --git a/libseccomp.spec b/libseccomp.spec index 389e84c..b097ec9 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -1,7 +1,7 @@ # # spec file for package libseccomp # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,21 +18,22 @@ Name: libseccomp %define lname libseccomp2 -Version: 2.1.1 +Version: 2.2.0 Release: 0 Summary: An enhanced Seccomp (mode 2) helper library License: LGPL-2.1 Group: Development/Libraries/C and C++ -Url: http://sf.net/projects/libseccomp/ +Url: http://github.com/seccomp -#Git-Clone: git://git.code.sf.net/p/libseccomp/libseccomp -#Git-Clone: git://git.inai.de/libseccomp -Source: http://downloads.sf.net/libseccomp/libseccomp-%{version}.tar.gz -Patch1: 0001-build-use-autotools-as-build-system.patch -Patch2: libseccomp-s390x-support.patch +#Git-Clone: git://github.com/seccomp/libseccomp +Source: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz +Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz.SHA256SUM.asc +Patch1: no-static.diff +Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch +Patch3: libseccomp-s390x-support.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf -BuildRequires: automake >= 1.10 +BuildRequires: automake >= 1.11 BuildRequires: fdupes BuildRequires: libtool >= 2 BuildRequires: pkgconfig @@ -97,19 +98,16 @@ This subpackage contains debug utilities for the seccomp interface. %prep %setup -q -%patch1 -p1 -%patch2 -p1 +%patch -P 1 -P 2 -P 3 -p1 %build -chmod a+x autogen.sh; -./autogen.sh; -%configure --includedir="%_includedir/pkg/%name" +autoreconf -fi +%configure --includedir="%_includedir/%name" --disable-static make %{?_smp_mflags}; %install -b="%buildroot"; -make install DESTDIR="$b"; -find "$b/%_libdir" -type f -name "*.la" -delete; +%make_install +find "%buildroot/%_libdir" -type f -name "*.la" -delete %fdupes %buildroot/%_prefix %check @@ -133,7 +131,7 @@ make check %files devel %defattr(-,root,root) %_mandir/man3/seccomp_*.3* -%_includedir/pkg/ +%_includedir/%name/ %_libdir/%name.so %_libdir/pkgconfig/%name.pc diff --git a/no-static.diff b/no-static.diff new file mode 100644 index 0000000..4ad8a70 --- /dev/null +++ b/no-static.diff @@ -0,0 +1,23 @@ + +RPM's brp checks say: + +ERROR: RPATH "/home/abuild/rpmbuild/BUILD/libseccomp-2.2.0/src/.libs" +on /usr/bin/scmp_sys_resolver is not allowed + +--- + tools/Makefile.am | 2 -- + 1 file changed, 2 deletions(-) + +Index: libseccomp-2.2.0/tools/Makefile.am +=================================================================== +--- libseccomp-2.2.0.orig/tools/Makefile.am ++++ libseccomp-2.2.0/tools/Makefile.am +@@ -33,8 +33,6 @@ scmp_bpf_disasm_SOURCES = scmp_bpf_disas + scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h + + scmp_sys_resolver_LDADD = ../src/libseccomp.la +-scmp_sys_resolver_LDFLAGS = -static + scmp_arch_detect_LDADD = ../src/libseccomp.la +-scmp_arch_detect_LDFLAGS = -static + scmp_bpf_disasm_LDADD = util.la + scmp_bpf_sim_LDADD = util.la