Codebase list libseccomp / da0326c
Merge tag 'upstream/2.3.1' into debian/sid Upstream version 2.3.1 Luca Bruno 7 years ago
21 changed file(s) with 1131 addition(s) and 48 deletion(s). Raw diff Collapse all Expand all
+6
-1
CHANGELOG less more
11 ===============================================================================
22 https://github.com/seccomp/libseccomp
33
4 * Version 2.3.0 - February 29, 2015
4 * Version 2.3.1 - April 20, 2016
5 - Fixed a problem with 32-bit x86 socket syscalls on some systems
6 - Fixed problems with ipc syscalls on 32-bit x86
7 - Fixed problems with socket and ipc syscalls on s390 and s390x
8
9 * Version 2.3.0 - February 29, 2016
510 - Added support for the s390 and s390x architectures
611 - Added support for the ppc, ppc64, and ppc64le architectures
712 - Update the internal syscall tables to match the Linux 4.5-rcX releases
+3
-3
Makefile.in less more
100100 $(top_srcdir)/configure $(am__configure_deps) \
101101 $(srcdir)/configure.h.in $(srcdir)/libseccomp.pc.in README \
102102 build-aux/ar-lib build-aux/compile build-aux/config.guess \
103 build-aux/config.sub build-aux/install-sh build-aux/missing \
104 build-aux/ltmain.sh $(top_srcdir)/build-aux/ar-lib \
105 $(top_srcdir)/build-aux/compile \
103 build-aux/config.sub build-aux/depcomp build-aux/install-sh \
104 build-aux/missing build-aux/ltmain.sh \
105 $(top_srcdir)/build-aux/ar-lib $(top_srcdir)/build-aux/compile \
106106 $(top_srcdir)/build-aux/config.guess \
107107 $(top_srcdir)/build-aux/config.sub \
108108 $(top_srcdir)/build-aux/install-sh \
+10
-10
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.69 for libseccomp 2.3.0.
2 # Generated by GNU Autoconf 2.69 for libseccomp 2.3.1.
33 #
44 #
55 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
586586 # Identity of this package.
587587 PACKAGE_NAME='libseccomp'
588588 PACKAGE_TARNAME='libseccomp'
589 PACKAGE_VERSION='2.3.0'
590 PACKAGE_STRING='libseccomp 2.3.0'
589 PACKAGE_VERSION='2.3.1'
590 PACKAGE_STRING='libseccomp 2.3.1'
591591 PACKAGE_BUGREPORT=''
592592 PACKAGE_URL=''
593593
13221322 # Omit some internal or obsolete options to make the list less imposing.
13231323 # This message is too long to be a string in the A/UX 3.1 sh.
13241324 cat <<_ACEOF
1325 \`configure' configures libseccomp 2.3.0 to adapt to many kinds of systems.
1325 \`configure' configures libseccomp 2.3.1 to adapt to many kinds of systems.
13261326
13271327 Usage: $0 [OPTION]... [VAR=VALUE]...
13281328
13921392
13931393 if test -n "$ac_init_help"; then
13941394 case $ac_init_help in
1395 short | recursive ) echo "Configuration of libseccomp 2.3.0:";;
1395 short | recursive ) echo "Configuration of libseccomp 2.3.1:";;
13961396 esac
13971397 cat <<\_ACEOF
13981398
15031503 test -n "$ac_init_help" && exit $ac_status
15041504 if $ac_init_version; then
15051505 cat <<\_ACEOF
1506 libseccomp configure 2.3.0
1506 libseccomp configure 2.3.1
15071507 generated by GNU Autoconf 2.69
15081508
15091509 Copyright (C) 2012 Free Software Foundation, Inc.
17811781 This file contains any messages produced by compilers while
17821782 running configure, to aid debugging if configure makes a mistake.
17831783
1784 It was created by libseccomp $as_me 2.3.0, which was
1784 It was created by libseccomp $as_me 2.3.1, which was
17851785 generated by GNU Autoconf 2.69. Invocation command line was
17861786
17871787 $ $0 $@
26512651
26522652 # Define the identity of the package.
26532653 PACKAGE='libseccomp'
2654 VERSION='2.3.0'
2654 VERSION='2.3.1'
26552655
26562656
26572657 cat >>confdefs.h <<_ACEOF
1286812868 # report actual input values of CONFIG_FILES etc. instead of their
1286912869 # values after options handling.
1287012870 ac_log="
12871 This file was extended by libseccomp $as_me 2.3.0, which was
12871 This file was extended by libseccomp $as_me 2.3.1, which was
1287212872 generated by GNU Autoconf 2.69. Invocation command line was
1287312873
1287412874 CONFIG_FILES = $CONFIG_FILES
1293412934 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
1293512935 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
1293612936 ac_cs_version="\\
12937 libseccomp config.status 2.3.0
12937 libseccomp config.status 2.3.1
1293812938 configured by $0, generated by GNU Autoconf 2.69,
1293912939 with options \\"\$ac_cs_config\\"
1294012940
+1
-1
configure.ac less more
1818 dnl ####
1919 dnl libseccomp defines
2020 dnl ####
21 AC_INIT([libseccomp], [2.3.0])
21 AC_INIT([libseccomp], [2.3.1])
2222
2323 dnl ####
2424 dnl autoconf configuration
+1
-1
include/seccomp.h less more
3636
3737 #define SCMP_VER_MAJOR 2
3838 #define SCMP_VER_MINOR 3
39 #define SCMP_VER_MICRO 0
39 #define SCMP_VER_MICRO 1
4040
4141 struct scmp_version {
4242 unsigned int major;
+84
-0
src/arch-s390-syscalls.c less more
452452 const struct arch_syscall_def *table = s390_syscall_table;
453453
454454 /* XXX - plenty of room for future improvement here */
455
456 if (strcmp(name, "accept") == 0)
457 return __PNR_accept;
458 if (strcmp(name, "accept4") == 0)
459 return __PNR_accept4;
460 else if (strcmp(name, "bind") == 0)
461 return __PNR_bind;
462 else if (strcmp(name, "connect") == 0)
463 return __PNR_connect;
464 else if (strcmp(name, "getpeername") == 0)
465 return __PNR_getpeername;
466 else if (strcmp(name, "getsockname") == 0)
467 return __PNR_getsockname;
468 else if (strcmp(name, "getsockopt") == 0)
469 return __PNR_getsockopt;
470 else if (strcmp(name, "listen") == 0)
471 return __PNR_listen;
472 else if (strcmp(name, "recv") == 0)
473 return __PNR_recv;
474 else if (strcmp(name, "recvfrom") == 0)
475 return __PNR_recvfrom;
476 else if (strcmp(name, "recvmsg") == 0)
477 return __PNR_recvmsg;
478 else if (strcmp(name, "recvmmsg") == 0)
479 return __PNR_recvmmsg;
480 else if (strcmp(name, "send") == 0)
481 return __PNR_send;
482 else if (strcmp(name, "sendmsg") == 0)
483 return __PNR_sendmsg;
484 else if (strcmp(name, "sendmmsg") == 0)
485 return __PNR_sendmmsg;
486 else if (strcmp(name, "sendto") == 0)
487 return __PNR_sendto;
488 else if (strcmp(name, "setsockopt") == 0)
489 return __PNR_setsockopt;
490 else if (strcmp(name, "shutdown") == 0)
491 return __PNR_shutdown;
492 else if (strcmp(name, "socket") == 0)
493 return __PNR_socket;
494 else if (strcmp(name, "socketpair") == 0)
495 return __PNR_socketpair;
496
455497 for (iter = 0; table[iter].name != NULL; iter++) {
456498 if (strcmp(name, table[iter].name) == 0)
457499 return table[iter].num;
475517 const struct arch_syscall_def *table = s390_syscall_table;
476518
477519 /* XXX - plenty of room for future improvement here */
520
521 if (num == __PNR_accept)
522 return "accept";
523 else if (num == __PNR_accept4)
524 return "accept4";
525 else if (num == __PNR_bind)
526 return "bind";
527 else if (num == __PNR_connect)
528 return "connect";
529 else if (num == __PNR_getpeername)
530 return "getpeername";
531 else if (num == __PNR_getsockname)
532 return "getsockname";
533 else if (num == __PNR_getsockopt)
534 return "getsockopt";
535 else if (num == __PNR_listen)
536 return "listen";
537 else if (num == __PNR_recv)
538 return "recv";
539 else if (num == __PNR_recvfrom)
540 return "recvfrom";
541 else if (num == __PNR_recvmsg)
542 return "recvmsg";
543 else if (num == __PNR_recvmmsg)
544 return "recvmmsg";
545 else if (num == __PNR_send)
546 return "send";
547 else if (num == __PNR_sendmsg)
548 return "sendmsg";
549 else if (num == __PNR_sendmmsg)
550 return "sendmmsg";
551 else if (num == __PNR_sendto)
552 return "sendto";
553 else if (num == __PNR_setsockopt)
554 return "setsockopt";
555 else if (num == __PNR_shutdown)
556 return "shutdown";
557 else if (num == __PNR_socket)
558 return "socket";
559 else if (num == __PNR_socketpair)
560 return "socketpair";
561
478562 for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
479563 if (num == table[iter].num)
480564 return table[iter].name;
+308
-2
src/arch-s390.c less more
44
55 #include <stdlib.h>
66 #include <errno.h>
7 #include <string.h>
78 #include <linux/audit.h>
89
910 #include "arch.h"
1011 #include "arch-s390.h"
12
13 /* s390 syscall numbers */
14 #define __s390_NR_socketcall 102
15 #define __s390_NR_ipc 117
1116
1217 const struct arch_def arch_def_s390 = {
1318 .token = SCMP_ARCH_S390,
1621 .endian = ARCH_ENDIAN_BIG,
1722 .syscall_resolve_name = s390_syscall_resolve_name,
1823 .syscall_resolve_num = s390_syscall_resolve_num,
19 .syscall_rewrite = NULL,
20 .rule_add = NULL,
24 .syscall_rewrite = s390_syscall_rewrite,
25 .rule_add = s390_rule_add,
2126 };
27
28 /**
29 * Convert a multiplexed pseudo socket syscall into a direct syscall
30 * @param socketcall the multiplexed pseudo syscall number
31 *
32 * Return the related direct syscall number, __NR_SCMP_UNDEF is there is
33 * no related syscall, or __NR_SCMP_ERROR otherwise.
34 *
35 */
36 int _s390_sock_demux(int socketcall)
37 {
38 switch (socketcall) {
39 case -101:
40 /* socket */
41 return 359;
42 case -102:
43 /* bind */
44 return 361;
45 case -103:
46 /* connect */
47 return 362;
48 case -104:
49 /* listen */
50 return 363;
51 case -105:
52 /* accept - not defined */
53 return __NR_SCMP_UNDEF;
54 case -106:
55 /* getsockname */
56 return 367;
57 case -107:
58 /* getpeername */
59 return 368;
60 case -108:
61 /* socketpair */
62 return 360;
63 case -109:
64 /* send - not defined */
65 return __NR_SCMP_UNDEF;
66 case -110:
67 /* recv - not defined */
68 return __NR_SCMP_UNDEF;
69 case -111:
70 /* sendto */
71 return 369;
72 case -112:
73 /* recvfrom */
74 return 371;
75 case -113:
76 /* shutdown */
77 return 373;
78 case -114:
79 /* setsockopt */
80 return 366;
81 case -115:
82 /* getsockopt */
83 return 365;
84 case -116:
85 /* sendmsg */
86 return 370;
87 case -117:
88 /* recvmsg */
89 return 372;
90 case -118:
91 /* accept4 */
92 return 364;
93 case -119:
94 /* recvmmsg */
95 return 337;
96 case -120:
97 /* sendmmsg */
98 return 345;
99 }
100
101 return __NR_SCMP_ERROR;
102 }
103
104 /**
105 * Convert a direct socket syscall into multiplexed pseudo socket syscall
106 * @param syscall the direct syscall
107 *
108 * Return the related multiplexed pseduo syscall number, __NR_SCMP_UNDEF is
109 * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise.
110 *
111 */
112 int _s390_sock_mux(int syscall)
113 {
114 switch (syscall) {
115 case 337:
116 /* recvmmsg */
117 return -119;
118 case 345:
119 /* sendmmsg */
120 return -120;
121 case 359:
122 /* socket */
123 return -101;
124 case 360:
125 /* socketpair */
126 return -108;
127 case 361:
128 /* bind */
129 return -102;
130 case 362:
131 /* connect */
132 return -103;
133 case 363:
134 /* listen */
135 return -104;
136 case 364:
137 /* accept4 */
138 return -118;
139 case 365:
140 /* getsockopt */
141 return -115;
142 case 366:
143 /* setsockopt */
144 return -114;
145 case 367:
146 /* getsockname */
147 return -106;
148 case 368:
149 /* getpeername */
150 return -107;
151 case 369:
152 /* sendto */
153 return -111;
154 case 370:
155 /* sendmsg */
156 return -116;
157 case 371:
158 /* recvfrom */
159 return -112;
160 case 372:
161 /* recvmsg */
162 return -117;
163 case 373:
164 /* shutdown */
165 return -113;
166 }
167
168 return __NR_SCMP_ERROR;
169 }
170
171 /**
172 * Rewrite a syscall value to match the architecture
173 * @param syscall the syscall number
174 *
175 * Syscalls can vary across different architectures so this function rewrites
176 * the syscall into the correct value for the specified architecture. Returns
177 * zero on success, negative values on failure.
178 *
179 */
180 int s390_syscall_rewrite(int *syscall)
181 {
182 int sys = *syscall;
183
184 if (sys <= -100 && sys >= -120)
185 *syscall = __s390_NR_socketcall;
186 else if (sys <= -200 && sys >= -224)
187 *syscall = __s390_NR_ipc;
188 else if (sys < 0)
189 return -EDOM;
190
191 return 0;
192 }
193
194 /**
195 * add a new rule to the s390 seccomp filter
196 * @param col the filter collection
197 * @param db the seccomp filter db
198 * @param strict the strict flag
199 * @param rule the filter rule
200 *
201 * This function adds a new syscall filter to the seccomp filter db, making any
202 * necessary adjustments for the s390 ABI. Returns zero on success, negative
203 * values on failure.
204 *
205 */
206 int s390_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
207 struct db_api_rule_list *rule)
208 {
209 int rc;
210 unsigned int iter;
211 size_t args_size;
212 int sys = rule->syscall;
213 int sys_a, sys_b;
214 struct db_api_rule_list *rule_a, *rule_b;
215
216 if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) {
217 /* (-100 to -120) : multiplexed socket syscalls
218 (359 to 373) : direct socket syscalls, Linux 4.3+ */
219
220 /* strict check for the multiplexed socket syscalls */
221 for (iter = 0; iter < rule->args_cnt; iter++) {
222 if ((rule->args[iter].valid != 0) && (strict))
223 return -EINVAL;
224 }
225
226 /* determine both the muxed and direct syscall numbers */
227 if (sys > 0) {
228 sys_a = _s390_sock_mux(sys);
229 if (sys_a == __NR_SCMP_ERROR)
230 return __NR_SCMP_ERROR;
231 sys_b = sys;
232 } else {
233 sys_a = sys;
234 sys_b = _s390_sock_demux(sys);
235 if (sys_b == __NR_SCMP_ERROR)
236 return __NR_SCMP_ERROR;
237 }
238
239 /* use rule_a for the multiplexed syscall and use rule_b for
240 * the direct wired syscall */
241
242 if (sys_a == __NR_SCMP_UNDEF) {
243 rule_a = NULL;
244 rule_b = rule;
245 } else if (sys_b == __NR_SCMP_UNDEF) {
246 rule_a = rule;
247 rule_b = NULL;
248 } else {
249 /* need two rules, dup the first and link together */
250 rule_a = rule;
251 rule_b = malloc(sizeof(*rule_b));
252 if (rule_b == NULL)
253 return -ENOMEM;
254 args_size = sizeof(*rule_b->args) * rule_a->args_cnt;
255 rule_b->args = malloc(args_size);
256 if (rule_b->args == NULL) {
257 free(rule_b);
258 return -ENOMEM;
259 }
260 rule_b->action = rule_a->action;
261 rule_b->syscall = rule_a->syscall;
262 rule_b->args_cnt = rule_a->args_cnt;
263 memcpy(rule_b->args, rule_a->args, args_size);
264 rule_b->prev = rule_a;
265 rule_b->next = NULL;
266 rule_a->next = rule_b;
267 }
268
269 /* multiplexed socket syscalls */
270 if (rule_a != NULL) {
271 rule_a->syscall = __s390_NR_socketcall;
272 rule_a->args[0].arg = 0;
273 rule_a->args[0].op = SCMP_CMP_EQ;
274 rule_a->args[0].mask = DATUM_MAX;
275 rule_a->args[0].datum = (-sys_a) % 100;
276 rule_a->args[0].valid = 1;
277 }
278
279 /* direct wired socket syscalls */
280 if (rule_b != NULL)
281 rule_b->syscall = sys_b;
282
283 /* add the rules as a single transaction */
284 rc = db_col_transaction_start(col);
285 if (rc < 0)
286 return rc;
287 if (rule_a != NULL) {
288 rc = db_rule_add(db, rule_a);
289 if (rc < 0)
290 goto fail_transaction;
291 }
292 if (rule_b != NULL) {
293 rc = db_rule_add(db, rule_b);
294 if (rc < 0)
295 goto fail_transaction;
296 }
297 db_col_transaction_commit(col);
298 } else if (sys <= -200 && sys >= -224) {
299 /* multiplexed ipc syscalls */
300 for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
301 if ((rule->args[iter].valid != 0) && (strict))
302 return -EINVAL;
303 }
304 rule->args[0].arg = 0;
305 rule->args[0].op = SCMP_CMP_EQ;
306 rule->args[0].mask = DATUM_MAX;
307 rule->args[0].datum = abs(sys) % 200;
308 rule->args[0].valid = 1;
309 rule->syscall = __s390_NR_ipc;
310
311 rc = db_rule_add(db, rule);
312 if (rc < 0)
313 return rc;
314 } else if (sys >= 0) {
315 /* normal syscall processing */
316 rc = db_rule_add(db, rule);
317 if (rc < 0)
318 return rc;
319 } else if (strict)
320 return -EDOM;
321
322 return 0;
323
324 fail_transaction:
325 db_col_transaction_abort(col);
326 return rc;
327 }
+9
-2
src/arch-s390.h less more
22 * Author: Jan Willeke <willeke@linux.vnet.com.com>
33 */
44
5 #ifndef _ARCH_s390_H
6 #define _ARCH_s390_H
5 #ifndef _ARCH_S390_H
6 #define _ARCH_S390_H
77
88 #include <inttypes.h>
99
1010 #include "arch.h"
11 #include "db.h"
1112 #include "system.h"
1213
1314 #define s390_arg_count_max 6
1718
1819 int s390_syscall_resolve_name(const char *name);
1920 const char *s390_syscall_resolve_num(int num);
21
2022 const char *s390_syscall_iterate_name(unsigned int spot);
2123
24 int s390_syscall_rewrite(int *syscall);
25
26 int s390_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
27 struct db_api_rule_list *rule);
28
2229 #endif
+84
-0
src/arch-s390x-syscalls.c less more
452452 const struct arch_syscall_def *table = s390x_syscall_table;
453453
454454 /* XXX - plenty of room for future improvement here */
455
456 if (strcmp(name, "accept") == 0)
457 return __PNR_accept;
458 if (strcmp(name, "accept4") == 0)
459 return __PNR_accept4;
460 else if (strcmp(name, "bind") == 0)
461 return __PNR_bind;
462 else if (strcmp(name, "connect") == 0)
463 return __PNR_connect;
464 else if (strcmp(name, "getpeername") == 0)
465 return __PNR_getpeername;
466 else if (strcmp(name, "getsockname") == 0)
467 return __PNR_getsockname;
468 else if (strcmp(name, "getsockopt") == 0)
469 return __PNR_getsockopt;
470 else if (strcmp(name, "listen") == 0)
471 return __PNR_listen;
472 else if (strcmp(name, "recv") == 0)
473 return __PNR_recv;
474 else if (strcmp(name, "recvfrom") == 0)
475 return __PNR_recvfrom;
476 else if (strcmp(name, "recvmsg") == 0)
477 return __PNR_recvmsg;
478 else if (strcmp(name, "recvmmsg") == 0)
479 return __PNR_recvmmsg;
480 else if (strcmp(name, "send") == 0)
481 return __PNR_send;
482 else if (strcmp(name, "sendmsg") == 0)
483 return __PNR_sendmsg;
484 else if (strcmp(name, "sendmmsg") == 0)
485 return __PNR_sendmmsg;
486 else if (strcmp(name, "sendto") == 0)
487 return __PNR_sendto;
488 else if (strcmp(name, "setsockopt") == 0)
489 return __PNR_setsockopt;
490 else if (strcmp(name, "shutdown") == 0)
491 return __PNR_shutdown;
492 else if (strcmp(name, "socket") == 0)
493 return __PNR_socket;
494 else if (strcmp(name, "socketpair") == 0)
495 return __PNR_socketpair;
496
455497 for (iter = 0; table[iter].name != NULL; iter++) {
456498 if (strcmp(name, table[iter].name) == 0)
457499 return table[iter].num;
475517 const struct arch_syscall_def *table = s390x_syscall_table;
476518
477519 /* XXX - plenty of room for future improvement here */
520
521 if (num == __PNR_accept)
522 return "accept";
523 else if (num == __PNR_accept4)
524 return "accept4";
525 else if (num == __PNR_bind)
526 return "bind";
527 else if (num == __PNR_connect)
528 return "connect";
529 else if (num == __PNR_getpeername)
530 return "getpeername";
531 else if (num == __PNR_getsockname)
532 return "getsockname";
533 else if (num == __PNR_getsockopt)
534 return "getsockopt";
535 else if (num == __PNR_listen)
536 return "listen";
537 else if (num == __PNR_recv)
538 return "recv";
539 else if (num == __PNR_recvfrom)
540 return "recvfrom";
541 else if (num == __PNR_recvmsg)
542 return "recvmsg";
543 else if (num == __PNR_recvmmsg)
544 return "recvmmsg";
545 else if (num == __PNR_send)
546 return "send";
547 else if (num == __PNR_sendmsg)
548 return "sendmsg";
549 else if (num == __PNR_sendmmsg)
550 return "sendmmsg";
551 else if (num == __PNR_sendto)
552 return "sendto";
553 else if (num == __PNR_setsockopt)
554 return "setsockopt";
555 else if (num == __PNR_shutdown)
556 return "shutdown";
557 else if (num == __PNR_socket)
558 return "socket";
559 else if (num == __PNR_socketpair)
560 return "socketpair";
561
478562 for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
479563 if (num == table[iter].num)
480564 return table[iter].name;
+308
-2
src/arch-s390x.c less more
44
55 #include <stdlib.h>
66 #include <errno.h>
7 #include <string.h>
78 #include <linux/audit.h>
89
910 #include "arch.h"
1011 #include "arch-s390x.h"
12
13 /* s390x syscall numbers */
14 #define __s390x_NR_socketcall 102
15 #define __s390x_NR_ipc 117
1116
1217 const struct arch_def arch_def_s390x = {
1318 .token = SCMP_ARCH_S390X,
1621 .endian = ARCH_ENDIAN_BIG,
1722 .syscall_resolve_name = s390x_syscall_resolve_name,
1823 .syscall_resolve_num = s390x_syscall_resolve_num,
19 .syscall_rewrite = NULL,
20 .rule_add = NULL,
24 .syscall_rewrite = s390x_syscall_rewrite,
25 .rule_add = s390x_rule_add,
2126 };
27
28 /**
29 * Convert a multiplexed pseudo socket syscall into a direct syscall
30 * @param socketcall the multiplexed pseudo syscall number
31 *
32 * Return the related direct syscall number, __NR_SCMP_UNDEF is there is
33 * no related syscall, or __NR_SCMP_ERROR otherwise.
34 *
35 */
36 int _s390x_sock_demux(int socketcall)
37 {
38 switch (socketcall) {
39 case -101:
40 /* socket */
41 return 359;
42 case -102:
43 /* bind */
44 return 361;
45 case -103:
46 /* connect */
47 return 362;
48 case -104:
49 /* listen */
50 return 363;
51 case -105:
52 /* accept - not defined */
53 return __NR_SCMP_UNDEF;
54 case -106:
55 /* getsockname */
56 return 367;
57 case -107:
58 /* getpeername */
59 return 368;
60 case -108:
61 /* socketpair */
62 return 360;
63 case -109:
64 /* send - not defined */
65 return __NR_SCMP_UNDEF;
66 case -110:
67 /* recv - not defined */
68 return __NR_SCMP_UNDEF;
69 case -111:
70 /* sendto */
71 return 369;
72 case -112:
73 /* recvfrom */
74 return 371;
75 case -113:
76 /* shutdown */
77 return 373;
78 case -114:
79 /* setsockopt */
80 return 366;
81 case -115:
82 /* getsockopt */
83 return 365;
84 case -116:
85 /* sendmsg */
86 return 370;
87 case -117:
88 /* recvmsg */
89 return 372;
90 case -118:
91 /* accept4 */
92 return 364;
93 case -119:
94 /* recvmmsg */
95 return 337;
96 case -120:
97 /* sendmmsg */
98 return 345;
99 }
100
101 return __NR_SCMP_ERROR;
102 }
103
104 /**
105 * Convert a direct socket syscall into multiplexed pseudo socket syscall
106 * @param syscall the direct syscall
107 *
108 * Return the related multiplexed pseduo syscall number, __NR_SCMP_UNDEF is
109 * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise.
110 *
111 */
112 int _s390x_sock_mux(int syscall)
113 {
114 switch (syscall) {
115 case 337:
116 /* recvmmsg */
117 return -119;
118 case 345:
119 /* sendmmsg */
120 return -120;
121 case 359:
122 /* socket */
123 return -101;
124 case 360:
125 /* socketpair */
126 return -108;
127 case 361:
128 /* bind */
129 return -102;
130 case 362:
131 /* connect */
132 return -103;
133 case 363:
134 /* listen */
135 return -104;
136 case 364:
137 /* accept4 */
138 return -118;
139 case 365:
140 /* getsockopt */
141 return -115;
142 case 366:
143 /* setsockopt */
144 return -114;
145 case 367:
146 /* getsockname */
147 return -106;
148 case 368:
149 /* getpeername */
150 return -107;
151 case 369:
152 /* sendto */
153 return -111;
154 case 370:
155 /* sendmsg */
156 return -116;
157 case 371:
158 /* recvfrom */
159 return -112;
160 case 372:
161 /* recvmsg */
162 return -117;
163 case 373:
164 /* shutdown */
165 return -113;
166 }
167
168 return __NR_SCMP_ERROR;
169 }
170
171 /**
172 * Rewrite a syscall value to match the architecture
173 * @param syscall the syscall number
174 *
175 * Syscalls can vary across different architectures so this function rewrites
176 * the syscall into the correct value for the specified architecture. Returns
177 * zero on success, negative values on failure.
178 *
179 */
180 int s390x_syscall_rewrite(int *syscall)
181 {
182 int sys = *syscall;
183
184 if (sys <= -100 && sys >= -120)
185 *syscall = __s390x_NR_socketcall;
186 else if (sys <= -200 && sys >= -224)
187 *syscall = __s390x_NR_ipc;
188 else if (sys < 0)
189 return -EDOM;
190
191 return 0;
192 }
193
194 /**
195 * add a new rule to the s390x seccomp filter
196 * @param col the filter collection
197 * @param db the seccomp filter db
198 * @param strict the strict flag
199 * @param rule the filter rule
200 *
201 * This function adds a new syscall filter to the seccomp filter db, making any
202 * necessary adjustments for the s390x ABI. Returns zero on success, negative
203 * values on failure.
204 *
205 */
206 int s390x_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
207 struct db_api_rule_list *rule)
208 {
209 int rc;
210 unsigned int iter;
211 size_t args_size;
212 int sys = rule->syscall;
213 int sys_a, sys_b;
214 struct db_api_rule_list *rule_a, *rule_b;
215
216 if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) {
217 /* (-100 to -120) : multiplexed socket syscalls
218 (359 to 373) : direct socket syscalls, Linux 4.3+ */
219
220 /* strict check for the multiplexed socket syscalls */
221 for (iter = 0; iter < rule->args_cnt; iter++) {
222 if ((rule->args[iter].valid != 0) && (strict))
223 return -EINVAL;
224 }
225
226 /* determine both the muxed and direct syscall numbers */
227 if (sys > 0) {
228 sys_a = _s390x_sock_mux(sys);
229 if (sys_a == __NR_SCMP_ERROR)
230 return __NR_SCMP_ERROR;
231 sys_b = sys;
232 } else {
233 sys_a = sys;
234 sys_b = _s390x_sock_demux(sys);
235 if (sys_b == __NR_SCMP_ERROR)
236 return __NR_SCMP_ERROR;
237 }
238
239 /* use rule_a for the multiplexed syscall and use rule_b for
240 * the direct wired syscall */
241
242 if (sys_a == __NR_SCMP_UNDEF) {
243 rule_a = NULL;
244 rule_b = rule;
245 } else if (sys_b == __NR_SCMP_UNDEF) {
246 rule_a = rule;
247 rule_b = NULL;
248 } else {
249 /* need two rules, dup the first and link together */
250 rule_a = rule;
251 rule_b = malloc(sizeof(*rule_b));
252 if (rule_b == NULL)
253 return -ENOMEM;
254 args_size = sizeof(*rule_b->args) * rule_a->args_cnt;
255 rule_b->args = malloc(args_size);
256 if (rule_b->args == NULL) {
257 free(rule_b);
258 return -ENOMEM;
259 }
260 rule_b->action = rule_a->action;
261 rule_b->syscall = rule_a->syscall;
262 rule_b->args_cnt = rule_a->args_cnt;
263 memcpy(rule_b->args, rule_a->args, args_size);
264 rule_b->prev = rule_a;
265 rule_b->next = NULL;
266 rule_a->next = rule_b;
267 }
268
269 /* multiplexed socket syscalls */
270 if (rule_a != NULL) {
271 rule_a->syscall = __s390x_NR_socketcall;
272 rule_a->args[0].arg = 0;
273 rule_a->args[0].op = SCMP_CMP_EQ;
274 rule_a->args[0].mask = DATUM_MAX;
275 rule_a->args[0].datum = (-sys_a) % 100;
276 rule_a->args[0].valid = 1;
277 }
278
279 /* direct wired socket syscalls */
280 if (rule_b != NULL)
281 rule_b->syscall = sys_b;
282
283 /* add the rules as a single transaction */
284 rc = db_col_transaction_start(col);
285 if (rc < 0)
286 return rc;
287 if (rule_a != NULL) {
288 rc = db_rule_add(db, rule_a);
289 if (rc < 0)
290 goto fail_transaction;
291 }
292 if (rule_b != NULL) {
293 rc = db_rule_add(db, rule_b);
294 if (rc < 0)
295 goto fail_transaction;
296 }
297 db_col_transaction_commit(col);
298 } else if (sys <= -200 && sys >= -224) {
299 /* multiplexed ipc syscalls */
300 for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
301 if ((rule->args[iter].valid != 0) && (strict))
302 return -EINVAL;
303 }
304 rule->args[0].arg = 0;
305 rule->args[0].op = SCMP_CMP_EQ;
306 rule->args[0].mask = DATUM_MAX;
307 rule->args[0].datum = abs(sys) % 200;
308 rule->args[0].valid = 1;
309 rule->syscall = __s390x_NR_ipc;
310
311 rc = db_rule_add(db, rule);
312 if (rc < 0)
313 return rc;
314 } else if (sys >= 0) {
315 /* normal syscall processing */
316 rc = db_rule_add(db, rule);
317 if (rc < 0)
318 return rc;
319 } else if (strict)
320 return -EDOM;
321
322 return 0;
323
324 fail_transaction:
325 db_col_transaction_abort(col);
326 return rc;
327 }
+10
-3
src/arch-s390x.h less more
22 * Author: Jan Willeke <willeke@linux.vnet.com.com>
33 */
44
5 #ifndef _ARCH_s390x_H
6 #define _ARCH_s390x_H
5 #ifndef _ARCH_S390X_H
6 #define _ARCH_S390X_H
77
88 #include <inttypes.h>
99
1010 #include "arch.h"
11 #include "db.h"
1112 #include "system.h"
1213
1314 #define s390x_arg_count_max 6
2021
2122 int s390x_syscall_resolve_name(const char *name);
2223 const char *s390x_syscall_resolve_num(int num);
24
2325 const char *s390x_syscall_iterate_name(unsigned int spot);
24 const char *s390x_syscall_iterate_name(unsigned int spot);
26
27 int s390x_syscall_rewrite(int *syscall);
28
29 int s390x_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
30 struct db_api_rule_list *rule);
31
2532 #endif
+84
-0
src/arch-x86-syscalls.c less more
468468 const struct arch_syscall_def *table = x86_syscall_table;
469469
470470 /* XXX - plenty of room for future improvement here */
471
472 if (strcmp(name, "accept") == 0)
473 return __PNR_accept;
474 if (strcmp(name, "accept4") == 0)
475 return __PNR_accept4;
476 else if (strcmp(name, "bind") == 0)
477 return __PNR_bind;
478 else if (strcmp(name, "connect") == 0)
479 return __PNR_connect;
480 else if (strcmp(name, "getpeername") == 0)
481 return __PNR_getpeername;
482 else if (strcmp(name, "getsockname") == 0)
483 return __PNR_getsockname;
484 else if (strcmp(name, "getsockopt") == 0)
485 return __PNR_getsockopt;
486 else if (strcmp(name, "listen") == 0)
487 return __PNR_listen;
488 else if (strcmp(name, "recv") == 0)
489 return __PNR_recv;
490 else if (strcmp(name, "recvfrom") == 0)
491 return __PNR_recvfrom;
492 else if (strcmp(name, "recvmsg") == 0)
493 return __PNR_recvmsg;
494 else if (strcmp(name, "recvmmsg") == 0)
495 return __PNR_recvmmsg;
496 else if (strcmp(name, "send") == 0)
497 return __PNR_send;
498 else if (strcmp(name, "sendmsg") == 0)
499 return __PNR_sendmsg;
500 else if (strcmp(name, "sendmmsg") == 0)
501 return __PNR_sendmmsg;
502 else if (strcmp(name, "sendto") == 0)
503 return __PNR_sendto;
504 else if (strcmp(name, "setsockopt") == 0)
505 return __PNR_setsockopt;
506 else if (strcmp(name, "shutdown") == 0)
507 return __PNR_shutdown;
508 else if (strcmp(name, "socket") == 0)
509 return __PNR_socket;
510 else if (strcmp(name, "socketpair") == 0)
511 return __PNR_socketpair;
512
471513 for (iter = 0; table[iter].name != NULL; iter++) {
472514 if (strcmp(name, table[iter].name) == 0)
473515 return table[iter].num;
491533 const struct arch_syscall_def *table = x86_syscall_table;
492534
493535 /* XXX - plenty of room for future improvement here */
536
537 if (num == __PNR_accept)
538 return "accept";
539 else if (num == __PNR_accept4)
540 return "accept4";
541 else if (num == __PNR_bind)
542 return "bind";
543 else if (num == __PNR_connect)
544 return "connect";
545 else if (num == __PNR_getpeername)
546 return "getpeername";
547 else if (num == __PNR_getsockname)
548 return "getsockname";
549 else if (num == __PNR_getsockopt)
550 return "getsockopt";
551 else if (num == __PNR_listen)
552 return "listen";
553 else if (num == __PNR_recv)
554 return "recv";
555 else if (num == __PNR_recvfrom)
556 return "recvfrom";
557 else if (num == __PNR_recvmsg)
558 return "recvmsg";
559 else if (num == __PNR_recvmmsg)
560 return "recvmmsg";
561 else if (num == __PNR_send)
562 return "send";
563 else if (num == __PNR_sendmsg)
564 return "sendmsg";
565 else if (num == __PNR_sendmmsg)
566 return "sendmmsg";
567 else if (num == __PNR_sendto)
568 return "sendto";
569 else if (num == __PNR_setsockopt)
570 return "setsockopt";
571 else if (num == __PNR_shutdown)
572 return "shutdown";
573 else if (num == __PNR_socket)
574 return "socket";
575 else if (num == __PNR_socketpair)
576 return "socketpair";
577
494578 for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
495579 if (num == table[iter].num)
496580 return table[iter].name;
+22
-7
src/arch-x86.c less more
103103 case -117:
104104 /* recvmsg */
105105 return 372;
106 case -118:
107 /* accept4 */
108 return 364;
109 case -119:
110 /* recvmmsg */
111 return 337;
112 case -120:
113 /* sendmmsg */
114 return 345;
106115 }
107116
108117 return __NR_SCMP_ERROR;
119128 int _x86_sock_mux(int syscall)
120129 {
121130 switch (syscall) {
131 case 337:
132 /* recvmmsg */
133 return -119;
134 case 345:
135 /* sendmmsg */
136 return -120;
122137 case 359:
123138 /* socket */
124139 return -101;
136151 return -104;
137152 case 364:
138153 /* accept4 */
139 return __NR_SCMP_UNDEF;
154 return -118;
140155 case 365:
141156 /* getsockopt */
142157 return -115;
182197 {
183198 int sys = *syscall;
184199
185 if (sys <= -100 && sys >= -117)
200 if (sys <= -100 && sys >= -120)
186201 *syscall = __x86_NR_socketcall;
187 else if (sys <= -200 && sys >= -211)
202 else if (sys <= -200 && sys >= -224)
188203 *syscall = __x86_NR_ipc;
189204 else if (sys < 0)
190205 return -EDOM;
214229 int sys_a, sys_b;
215230 struct db_api_rule_list *rule_a, *rule_b;
216231
217 if ((sys <= -100 && sys >= -117) || (sys >= 359 && sys <= 373)) {
218 /* (-100 to -117) : multiplexed socket syscalls
219 (359 to 373) : direct socket syscalls, Linux 4.4+ */
232 if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) {
233 /* (-100 to -120) : multiplexed socket syscalls
234 (359 to 373) : direct socket syscalls, Linux 4.3+ */
220235
221236 /* strict check for the multiplexed socket syscalls */
222237 for (iter = 0; iter < rule->args_cnt; iter++) {
296311 goto fail_transaction;
297312 }
298313 db_col_transaction_commit(col);
299 } else if (sys <= -200 && sys >= -211) {
314 } else if (sys <= -200 && sys >= -224) {
300315 /* multiplexed ipc syscalls */
301316 for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
302317 if ((rule->args[iter].valid != 0) && (strict))
+4
-4
tests/15-basic-resolver.c less more
3030
3131 if (seccomp_syscall_resolve_name("open") != __NR_open)
3232 goto fail;
33 if (seccomp_syscall_resolve_name("socket") != __NR_socket)
33 if (seccomp_syscall_resolve_name("read") != __NR_read)
3434 goto fail;
3535 if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR)
3636 goto fail;
3939 "open") != __NR_open)
4040 goto fail;
4141 if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE,
42 "socket") != __NR_socket)
42 "read") != __NR_read)
4343 goto fail;
4444 if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE,
4545 "INVALID") != __NR_SCMP_ERROR)
5050 goto fail;
5151 free(name);
5252
53 name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, __NR_socket);
54 if (name == NULL || strcmp(name, "socket") != 0)
53 name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, __NR_read);
54 if (name == NULL || strcmp(name, "read") != 0)
5555 goto fail;
5656 free(name);
5757
+3
-3
tests/15-basic-resolver.py less more
3232 # this differs from the native test as we don't support the syscall
3333 # resolution functions by themselves
3434 f.add_rule(ALLOW, "open")
35 f.add_rule(ALLOW, "socket")
35 f.add_rule(ALLOW, "read")
3636 try:
3737 f.add_rule(ALLOW, "INVALID")
3838 except RuntimeError:
4242 sys_name = resolve_syscall(Arch(), sys_num)
4343 if (sys_name != "open"):
4444 raise RuntimeError("Test failure")
45 sys_num = resolve_syscall(Arch(), "socket")
45 sys_num = resolve_syscall(Arch(), "read")
4646 sys_name = resolve_syscall(Arch(), sys_num)
47 if (sys_name != "socket"):
47 if (sys_name != "read"):
4848 raise RuntimeError("Test failure")
4949
5050 test()
+2
-1
tests/30-sim-socket_syscalls.tests less more
1717 30-sim-socket_syscalls +x86 373 0 1 2 N N N ALLOW
1818 30-sim-socket_syscalls +x86 accept 5 N N N N N ALLOW
1919 30-sim-socket_syscalls +x86 accept 0 1 2 N N N KILL
20 30-sim-socket_syscalls +x86 accept4 0 1 2 N N N ALLOW
20 30-sim-socket_syscalls +x86 accept4 18 1 2 N N N ALLOW
21 30-sim-socket_syscalls +x86 accept4 0 1 2 N N N KILL
2122 30-sim-socket_syscalls +x86_64 socket 0 1 2 N N N ALLOW
2223 30-sim-socket_syscalls +x86_64 connect 0 1 2 N N N ALLOW
2324 30-sim-socket_syscalls +x86_64 accept4 0 1 2 N N N ALLOW
+81
-0
tests/33-sim-socket_syscalls_be.c less more
0 /**
1 * Seccomp Library test program
2 *
3 * Copyright (c) 2016 Red Hat <pmoore@redhat.com>
4 * Author: Paul Moore <paul@paul-moore.com>
5 */
6
7 /*
8 * This library is free software; you can redistribute it and/or modify it
9 * under the terms of version 2.1 of the GNU Lesser General Public License as
10 * published by the Free Software Foundation.
11 *
12 * This library is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
15 * for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, see <http://www.gnu.org/licenses>.
19 */
20
21 #include <errno.h>
22 #include <unistd.h>
23
24 #include <seccomp.h>
25
26 #include "util.h"
27
28 int main(int argc, char *argv[])
29 {
30 int rc;
31 struct util_options opts;
32 scmp_filter_ctx ctx = NULL;
33
34 rc = util_getopt(argc, argv, &opts);
35 if (rc < 0)
36 goto out;
37
38 ctx = seccomp_init(SCMP_ACT_KILL);
39 if (ctx == NULL)
40 return ENOMEM;
41
42 rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
43 if (rc != 0)
44 goto out;
45
46 rc = seccomp_arch_add(ctx, SCMP_ARCH_S390);
47 if (rc != 0)
48 goto out;
49 rc = seccomp_arch_add(ctx, SCMP_ARCH_S390X);
50 if (rc != 0)
51 goto out;
52
53 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
54 if (rc != 0)
55 goto out;
56
57 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(connect), 0);
58 if (rc != 0)
59 goto out;
60
61 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept), 0);
62 if (rc != 0)
63 goto out;
64
65 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 0);
66 if (rc != 0)
67 goto out;
68
69 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shutdown), 0);
70 if (rc != 0)
71 goto out;
72
73 rc = util_filter_output(&opts, ctx);
74 if (rc)
75 goto out;
76
77 out:
78 seccomp_release(ctx);
79 return (rc < 0 ? -rc : rc);
80 }
+48
-0
tests/33-sim-socket_syscalls_be.py less more
0 #!/usr/bin/env python
1
2 #
3 # Seccomp Library test program
4 #
5 # Copyright (c) 2016 Red Hat <pmoore@redhat.com>
6 # Author: Paul Moore <paul@paul-moore.com>
7 #
8
9 #
10 # This library is free software; you can redistribute it and/or modify it
11 # under the terms of version 2.1 of the GNU Lesser General Public License as
12 # published by the Free Software Foundation.
13 #
14 # This library is distributed in the hope that it will be useful, but WITHOUT
15 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
17 # for more details.
18 #
19 # You should have received a copy of the GNU Lesser General Public License
20 # along with this library; if not, see <http://www.gnu.org/licenses>.
21 #
22
23 import argparse
24 import sys
25
26 import util
27
28 from seccomp import *
29
30 def test(args):
31 f = SyscallFilter(KILL)
32 f.remove_arch(Arch())
33 f.add_arch(Arch("s390"))
34 f.add_arch(Arch("s390x"))
35 f.add_rule(ALLOW, "socket")
36 f.add_rule(ALLOW, "connect")
37 f.add_rule(ALLOW, "accept")
38 f.add_rule(ALLOW, "accept4")
39 f.add_rule(ALLOW, "shutdown")
40 return f
41
42 args = util.get_opt()
43 ctx = test(args)
44 util.filter_output(args, ctx)
45
46 # kate: syntax python;
47 # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
+39
-0
tests/33-sim-socket_syscalls_be.tests less more
0 #
1 # libseccomp regression test automation data
2 #
3 # Copyright (c) 2016 Red Hat <pmoore@redhat.com>
4 # Author: Paul Moore <paul@paul-moore.com>
5 #
6
7 test type: bpf-sim
8
9 # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
10 33-sim-socket_syscalls_be +s390 socketcall 1 N N N N N ALLOW
11 33-sim-socket_syscalls_be +s390 socketcall 3 N N N N N ALLOW
12 33-sim-socket_syscalls_be +s390 socketcall 5 N N N N N ALLOW
13 33-sim-socket_syscalls_be +s390 socketcall 13 N N N N N ALLOW
14 33-sim-socket_syscalls_be +s390 359 0 1 2 N N N ALLOW
15 33-sim-socket_syscalls_be +s390 362 0 1 2 N N N ALLOW
16 33-sim-socket_syscalls_be +s390 364 0 1 2 N N N ALLOW
17 33-sim-socket_syscalls_be +s390 373 0 1 2 N N N ALLOW
18 33-sim-socket_syscalls_be +s390 accept 5 N N N N N ALLOW
19 33-sim-socket_syscalls_be +s390 accept 0 1 2 N N N KILL
20 33-sim-socket_syscalls_be +s390 accept4 18 1 2 N N N ALLOW
21 33-sim-socket_syscalls_be +s390 accept4 0 1 2 N N N KILL
22 33-sim-socket_syscalls_be +s390x socketcall 1 N N N N N ALLOW
23 33-sim-socket_syscalls_be +s390x socketcall 3 N N N N N ALLOW
24 33-sim-socket_syscalls_be +s390x socketcall 5 N N N N N ALLOW
25 33-sim-socket_syscalls_be +s390x socketcall 13 N N N N N ALLOW
26 33-sim-socket_syscalls_be +s390x 359 0 1 2 N N N ALLOW
27 33-sim-socket_syscalls_be +s390x 362 0 1 2 N N N ALLOW
28 33-sim-socket_syscalls_be +s390x 364 0 1 2 N N N ALLOW
29 33-sim-socket_syscalls_be +s390x 373 0 1 2 N N N ALLOW
30 33-sim-socket_syscalls_be +s390x accept 5 N N N N N ALLOW
31 33-sim-socket_syscalls_be +s390x accept 0 1 2 N N N KILL
32 33-sim-socket_syscalls_be +s390x accept4 18 1 2 N N N ALLOW
33 33-sim-socket_syscalls_be +s390x accept4 0 1 2 N N N KILL
34
35 test type: bpf-valgrind
36
37 # Testname
38 33-sim-socket_syscalls_be
+6
-3
tests/Makefile.am less more
5959 29-sim-pseudo_syscall \
6060 30-sim-socket_syscalls \
6161 31-basic-version_check \
62 32-live-tsync_allow
62 32-live-tsync_allow \
63 33-sim-socket_syscalls_be
6364
6465 EXTRA_DIST_TESTPYTHON = \
6566 util.py \
9495 29-sim-pseudo_syscall.py \
9596 30-sim-socket_syscalls.py \
9697 31-basic-version_check.py \
97 32-live-tsync_allow.py
98 32-live-tsync_allow.py \
99 33-sim-socket_syscalls_be.py
98100
99101 EXTRA_DIST_TESTCFGS = \
100102 01-sim-allow.tests \
128130 29-sim-pseudo_syscall.tests \
129131 30-sim-socket_syscalls.tests \
130132 31-basic-version_check.tests \
131 32-live-tsync_allow.tests
133 32-live-tsync_allow.tests \
134 33-sim-socket_syscalls_be.tests
132135
133136 EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen
134137
+18
-5
tests/Makefile.in less more
114114 26-sim-arch_all_be_basic$(EXEEXT) \
115115 27-sim-bpf_blk_state$(EXEEXT) 28-sim-arch_x86$(EXEEXT) \
116116 29-sim-pseudo_syscall$(EXEEXT) 30-sim-socket_syscalls$(EXEEXT) \
117 31-basic-version_check$(EXEEXT) 32-live-tsync_allow$(EXEEXT)
117 31-basic-version_check$(EXEEXT) 32-live-tsync_allow$(EXEEXT) \
118 33-sim-socket_syscalls_be$(EXEEXT)
118119 EXTRA_PROGRAMS = 00-test$(EXEEXT)
119120 subdir = tests
120121 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
279280 32_live_tsync_allow_OBJECTS = 32-live-tsync_allow.$(OBJEXT)
280281 32_live_tsync_allow_LDADD = $(LDADD)
281282 32_live_tsync_allow_DEPENDENCIES = util.la ../src/libseccomp.la
283 33_sim_socket_syscalls_be_SOURCES = 33-sim-socket_syscalls_be.c
284 33_sim_socket_syscalls_be_OBJECTS = \
285 33-sim-socket_syscalls_be.$(OBJEXT)
286 33_sim_socket_syscalls_be_LDADD = $(LDADD)
287 33_sim_socket_syscalls_be_DEPENDENCIES = util.la ../src/libseccomp.la
282288 miniseq_SOURCES = miniseq.c
283289 miniseq_OBJECTS = miniseq.$(OBJEXT)
284290 miniseq_DEPENDENCIES =
331337 26-sim-arch_all_be_basic.c 27-sim-bpf_blk_state.c \
332338 28-sim-arch_x86.c 29-sim-pseudo_syscall.c \
333339 30-sim-socket_syscalls.c 31-basic-version_check.c \
334 32-live-tsync_allow.c miniseq.c
340 32-live-tsync_allow.c 33-sim-socket_syscalls_be.c miniseq.c
335341 DIST_SOURCES = $(util_la_SOURCES) 01-sim-allow.c 02-sim-basic.c \
336342 03-sim-basic_chains.c 04-sim-multilevel_chains.c \
337343 05-sim-long_jumps.c 06-sim-actions.c 07-sim-db_bug_looping.c \
346352 26-sim-arch_all_be_basic.c 27-sim-bpf_blk_state.c \
347353 28-sim-arch_x86.c 29-sim-pseudo_syscall.c \
348354 30-sim-socket_syscalls.c 31-basic-version_check.c \
349 32-live-tsync_allow.c miniseq.c
355 32-live-tsync_allow.c 33-sim-socket_syscalls_be.c miniseq.c
350356 am__can_run_installinfo = \
351357 case $$AM_UPDATE_INFO_DIR in \
352358 n|no|NO) false;; \
556562 29-sim-pseudo_syscall.py \
557563 30-sim-socket_syscalls.py \
558564 31-basic-version_check.py \
559 32-live-tsync_allow.py
565 32-live-tsync_allow.py \
566 33-sim-socket_syscalls_be.py
560567
561568 EXTRA_DIST_TESTCFGS = \
562569 01-sim-allow.tests \
590597 29-sim-pseudo_syscall.tests \
591598 30-sim-socket_syscalls.tests \
592599 31-basic-version_check.tests \
593 32-live-tsync_allow.tests
600 32-live-tsync_allow.tests \
601 33-sim-socket_syscalls_be.tests
594602
595603 EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen
596604 EXTRA_DIST_TESTVALGRIND = valgrind_test.supp
790798 32-live-tsync_allow$(EXEEXT): $(32_live_tsync_allow_OBJECTS) $(32_live_tsync_allow_DEPENDENCIES) $(EXTRA_32_live_tsync_allow_DEPENDENCIES)
791799 @rm -f 32-live-tsync_allow$(EXEEXT)
792800 $(AM_V_CCLD)$(LINK) $(32_live_tsync_allow_OBJECTS) $(32_live_tsync_allow_LDADD) $(LIBS)
801
802 33-sim-socket_syscalls_be$(EXEEXT): $(33_sim_socket_syscalls_be_OBJECTS) $(33_sim_socket_syscalls_be_DEPENDENCIES) $(EXTRA_33_sim_socket_syscalls_be_DEPENDENCIES)
803 @rm -f 33-sim-socket_syscalls_be$(EXEEXT)
804 $(AM_V_CCLD)$(LINK) $(33_sim_socket_syscalls_be_OBJECTS) $(33_sim_socket_syscalls_be_LDADD) $(LIBS)
793805
794806 miniseq$(EXEEXT): $(miniseq_OBJECTS) $(miniseq_DEPENDENCIES) $(EXTRA_miniseq_DEPENDENCIES)
795807 @rm -f miniseq$(EXEEXT)
834846 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/30-sim-socket_syscalls.Po@am__quote@
835847 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/31-basic-version_check.Po@am__quote@
836848 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/32-live-tsync_allow.Po@am__quote@
849 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/33-sim-socket_syscalls_be.Po@am__quote@
837850 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/miniseq.Po@am__quote@
838851 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Plo@am__quote@
839852