SHA256
1
0
forked from pool/docker
docker/docker_rename_jump_amd64_as_jump_linux.patch
2015-08-21 09:18:31 +00:00

158 lines
7.4 KiB
Diff

From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: docker rename jump amd64 as jump linux
Date: Fri, 21 Aug 2015 10:42:37 +0200
docker rename jump amd64 as jump linux
based on https://github.com/docker/docker/issues/14056#issuecomment-113680944
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go | 68 ----------
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go | 66 +++++++++
2 files changed, 66 insertions(+), 68 deletions(-)
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
===================================================================
--- docker-1.8.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// +build linux,amd64
-
-package seccomp
-
-// Using BPF filters
-//
-// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
-import "syscall"
-
-func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-func jumpEqualTo(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-func jumpLessThan(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-// this checks for a value inside a mask. The evalusation is equal to doing
-// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
-func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
===================================================================
--- /dev/null
+++ docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
@@ -0,0 +1,66 @@
+package seccomp
+
+// Using BPF filters
+//
+// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
+import "syscall"
+
+func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+func jumpEqualTo(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+func jumpLessThan(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+// this checks for a value inside a mask. The evalusation is equal to doing
+// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
+func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}