RubyGems - script_core - Versions diffs - 0.2.2 → 0.2.7 - Mend

script_core 0.2.2 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (376) hide show

data/ext/enterprise_script_service/libseccomp/src/system.h CHANGED

@@ -22,9 +22,12 @@
 #ifndef _SYSTEM_H
 #define _SYSTEM_H
+#include <inttypes.h>
+#include <stdbool.h>
 #include <linux/filter.h>
+#include <linux/types.h>
 #include <sys/prctl.h>
+#include <sys/ioctl.h>
 #include "configure.h"
 /* NOTE: this was taken from the Linux Kernel sources */
@@ -40,7 +43,6 @@ struct db_filter_col;
 #else
 /* NOTE: the definitions below were taken from the Linux Kernel sources */
-#include <linux/types.h>
 /* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */
 #define SECCOMP_MODE_DISABLED	0 /* seccomp is not in use. */
@@ -60,12 +62,11 @@ struct db_filter_col;
 #define SECCOMP_RET_KILL	SECCOMP_RET_KILL_THREAD /* default to killing the thread */
 #define SECCOMP_RET_TRAP	0x00030000U /* disallow and force a SIGSYS */
 #define SECCOMP_RET_ERRNO	0x00050000U /* returns an errno */
+#define SECCOMP_RET_USER_NOTIF	0x7fc00000U /* notifies userspace */
 #define SECCOMP_RET_TRACE	0x7ff00000U /* pass to a tracer or disallow */
-#define SECCOMP_RET_LOG		0x7ffc0000U /* allow after logging */
 #define SECCOMP_RET_ALLOW	0x7fff0000U /* allow */
 /* Masks for the return value sections. */
-#define SECCOMP_RET_ACTION_FULL 0xffff0000U
 #define SECCOMP_RET_ACTION	0x7fff0000U
 #define SECCOMP_RET_DATA	0x0000ffffU
@@ -109,29 +110,78 @@ typedef struct sock_filter bpf_instr_raw;
 #ifndef SECCOMP_GET_ACTION_AVAIL
 #define SECCOMP_GET_ACTION_AVAIL	2
 #endif
+#ifndef SECCOMP_GET_NOTIF_SIZES
+#define SECCOMP_GET_NOTIF_SIZES		3
+#endif
 /* flags for the seccomp() syscall */
 #ifndef SECCOMP_FILTER_FLAG_TSYNC
-#define SECCOMP_FILTER_FLAG_TSYNC	(1UL << 0)
+#define SECCOMP_FILTER_FLAG_TSYNC		(1UL << 0)
 #endif
 #ifndef SECCOMP_FILTER_FLAG_LOG
-#define SECCOMP_FILTER_FLAG_LOG		(1UL << 1)
+#define SECCOMP_FILTER_FLAG_LOG			(1UL << 1)
+#endif
+#ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW
+#define SECCOMP_FILTER_FLAG_SPEC_ALLOW		(1UL << 2)
+#endif
+#ifndef SECCOMP_FILTER_FLAG_NEW_LISTENER
+#define SECCOMP_FILTER_FLAG_NEW_LISTENER	(1UL << 3)
+#endif
+#ifndef SECCOMP_FILTER_FLAG_TSYNC_ESRCH
+#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH		(1UL << 4)
 #endif
-/* SECCOMP_RET_ACTION_FULL was added in kernel v4.14.  It may not be
- * defined on older kernels
- */
+#ifndef SECCOMP_RET_LOG
+#define SECCOMP_RET_LOG			0x7ffc0000U /* allow after logging */
+#endif
+/* SECCOMP_RET_ACTION_FULL was added in kernel v4.14. */
 #ifndef SECCOMP_RET_ACTION_FULL
 #define SECCOMP_RET_ACTION_FULL		0xffff0000U
 #endif
-/* SECCOMP_RET_LOG was added in kernel v4.14.  It may not be defined on
- * older kernels.
- */
+/* SECCOMP_RET_LOG was added in kernel v4.14. */
 #ifndef SECCOMP_RET_LOG
 #define SECCOMP_RET_LOG			0x7fc00000U
 #endif
+/* SECCOMP_RET_USER_NOTIF was added in kernel v5.0. */
+#ifndef SECCOMP_RET_USER_NOTIF
+#define SECCOMP_RET_USER_NOTIF	 	0x7fc00000U
+struct seccomp_notif_sizes {
+	__u16 seccomp_notif;
+	__u16 seccomp_notif_resp;
+	__u16 seccomp_data;
+};
+struct seccomp_notif {
+	__u64 id;
+	__u32 pid;
+	__u32 flags;
+	struct seccomp_data data;
+};
+struct seccomp_notif_resp {
+	__u64 id;
+	__s64 val;
+	__s32 error;
+	__u32 flags;
+};
+#define SECCOMP_IOC_MAGIC               '!'
+#define SECCOMP_IO(nr)                  _IO(SECCOMP_IOC_MAGIC, nr)
+#define SECCOMP_IOR(nr, type)           _IOR(SECCOMP_IOC_MAGIC, nr, type)
+#define SECCOMP_IOW(nr, type)           _IOW(SECCOMP_IOC_MAGIC, nr, type)
+#define SECCOMP_IOWR(nr, type)          _IOWR(SECCOMP_IOC_MAGIC, nr, type)
+/* flags for seccomp notification fd ioctl */
+#define SECCOMP_IOCTL_NOTIF_RECV        SECCOMP_IOWR(0, struct seccomp_notif)
+#define SECCOMP_IOCTL_NOTIF_SEND        SECCOMP_IOWR(1, \
+						     struct seccomp_notif_resp)
+#define SECCOMP_IOCTL_NOTIF_ID_VALID    SECCOMP_IOR(2, __u64)
+#endif /* SECCOMP_RET_USER_NOTIF */
 int sys_chk_seccomp_syscall(void);
 void sys_set_seccomp_syscall(bool enable);
@@ -141,6 +191,11 @@ void sys_set_seccomp_action(uint32_t action, bool enable);
 int sys_chk_seccomp_flag(int flag);
 void sys_set_seccomp_flag(int flag, bool enable);
-int sys_filter_load(const struct db_filter_col *col);
+int sys_filter_load(struct db_filter_col *col, bool rawrc);
+int sys_notify_alloc(struct seccomp_notif **req,
+		     struct seccomp_notif_resp **resp);
+int sys_notify_receive(int fd, struct seccomp_notif *req);
+int sys_notify_respond(int fd, struct seccomp_notif_resp *resp);
+int sys_notify_id_valid(int fd, uint64_t id);
 #endif

data/ext/enterprise_script_service/libseccomp/tests/.gitignore CHANGED

@@ -23,7 +23,7 @@ util.pyc
 15-basic-resolver
 16-sim-arch_basic
 17-sim-arch_merge
-18-sim-basic_whitelist
+18-sim-basic_allowlist
 19-sim-missing_syscalls
 20-live-basic_die
 21-live-basic_allow
@@ -39,7 +39,7 @@ util.pyc
 31-basic-version_check
 32-live-tsync_allow
 33-sim-socket_syscalls_be
-34-sim-basic_blacklist
+34-sim-basic_denylist
 35-sim-negative_one
 36-sim-ipc_syscalls
 37-sim-ipc_syscalls_be
@@ -56,3 +56,11 @@ util.pyc
 48-sim-32b_args
 49-sim-64b_comparisons
 50-sim-hash_collision
+51-live-user_notification
+52-basic-load
+53-sim-binary_tree
+54-live-binary_tree
+55-basic-pfc_binary_tree
+56-basic-iterate_syscalls
+57-basic-rawsysrc
+58-live-tsync_notify

data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests CHANGED

@@ -12,7 +12,7 @@ test type: bpf-sim
 06-sim-actions	all		write		1		0x856B008	N	N	N	N	ERRNO(1)
 06-sim-actions	all		close		4		N		N	N	N	N	TRAP
 06-sim-actions	all,-aarch64	open		0x856B008	4		N	N	N	N	TRACE(1234)
-06-sim-actions	all		stat		N		N		N	N	N	N	KILL_PROCESS
+06-sim-actions	all,-aarch64	stat		N		N		N	N	N	N	KILL_PROCESS
 06-sim-actions	all		rt_sigreturn	N		N		N	N	N	N	LOG
 06-sim-actions	x86		0-2		N		N		N	N	N	N	KILL
 06-sim-actions	x86		7-105		N		N		N	N	N	N	KILL

data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c CHANGED

@@ -81,7 +81,7 @@ int main(int argc, char *argv[])
 		return -1;
 	else {
 		rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
-		if (rc != -EPERM)
+		if (rc != -EACCES)
 			return -1;
 		rc = seccomp_rule_add(ctx, SCMP_ACT_KILL - 1, SCMP_SYS(read), 0);
 		if (rc != -EINVAL)
@@ -151,7 +151,7 @@ int main(int argc, char *argv[])
 		return -1;
 	else {
 		rc = seccomp_export_pfc(ctx, sysconf(_SC_OPEN_MAX) - 1);
-		if (rc != EBADF)
+		if (rc != -ECANCELED)
 			return -1;
 	}
 	seccomp_release(ctx);
@@ -167,7 +167,7 @@ int main(int argc, char *argv[])
 		return -1;
 	else {
 		rc = seccomp_export_bpf(ctx, sysconf(_SC_OPEN_MAX) - 1);
-		if (rc != -EBADF)
+		if (rc != -ECANCELED)
 			return -1;
 	}
 	seccomp_release(ctx);
@@ -178,10 +178,10 @@ int main(int argc, char *argv[])
 	if (ctx == NULL)
 		return -1;
 	rc = seccomp_attr_get(ctx, 1000, &attr);
-	if (rc != -EEXIST)
+	if (rc != -EINVAL)
 		return -1;
 	rc = seccomp_attr_set(ctx, 1000, 1);
-	if (rc != -EEXIST)
+	if (rc != -EINVAL)
 		return -1;
 	return 0;

data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c CHANGED

@@ -32,7 +32,7 @@ int main(int argc, char *argv[])
 	uint32_t val = (uint32_t)(-1);
 	scmp_filter_ctx ctx = NULL;
-	rc = seccomp_api_set(3);
+	rc = seccomp_api_set(5);
 	if (rc != 0)
 		return EOPNOTSUPP;
@@ -108,6 +108,40 @@ int main(int argc, char *argv[])
 		goto out;
 	}
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_SSB, 1);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_SSB, &val);
+	if (rc != 0)
+		goto out;
+	if (val != 1) {
+		rc = -1;
+		goto out;
+	}
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_OPTIMIZE, &val);
+	if (rc != 0)
+		goto out;
+	if (val != 2) {
+		rc = -1;
+		goto out;
+	}
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_SYSRAWRC, 1);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_attr_get(ctx, SCMP_FLTATR_API_SYSRAWRC, &val);
+	if (rc != 0)
+		goto out;
+	if (val != 1) {
+		rc = -1;
+		goto out;
+	}
 	rc = 0;
 out:
 	seccomp_release(ctx);

data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py CHANGED

@@ -29,7 +29,7 @@ import util
 from seccomp import *
 def test():
-    set_api(3)
+    set_api(5)
     f = SyscallFilter(ALLOW)
     if f.get_attr(Attr.ACT_DEFAULT) != ALLOW:
@@ -52,6 +52,15 @@ def test():
     f.set_attr(Attr.CTL_LOG, 1)
     if f.get_attr(Attr.CTL_LOG) != 1:
         raise RuntimeError("Failed getting Attr.CTL_LOG")
+    f.set_attr(Attr.CTL_SSB, 1)
+    if f.get_attr(Attr.CTL_SSB) != 1:
+        raise RuntimeError("Failed getting Attr.CTL_SSB")
+    f.set_attr(Attr.CTL_OPTIMIZE, 2)
+    if f.get_attr(Attr.CTL_OPTIMIZE) != 2:
+        raise RuntimeError("Failed getting Attr.CTL_OPTIMIZE")
+    f.set_attr(Attr.API_SYSRAWRC, 1)
+    if f.get_attr(Attr.API_SYSRAWRC) != 1:
+        raise RuntimeError("Failed getting Attr.API_SYSRAWRC")
 test()

data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c CHANGED

@@ -45,6 +45,7 @@ unsigned int arch_list[] = {
 	SCMP_ARCH_S390X,
 	SCMP_ARCH_PARISC,
 	SCMP_ARCH_PARISC64,
+	SCMP_ARCH_RISCV64,
 	-1
 };
@@ -55,15 +56,15 @@ int main(int argc, char *argv[])
 	unsigned int arch;
 	char *name = NULL;
-	if (seccomp_syscall_resolve_name("open") != __NR_open)
+	if (seccomp_syscall_resolve_name("open") != __SNR_open)
 		goto fail;
-	if (seccomp_syscall_resolve_name("read") != __NR_read)
+	if (seccomp_syscall_resolve_name("read") != __SNR_read)
 		goto fail;
 	if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR)
 		goto fail;
 	rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat");
-	if (rc != __NR_openat)
+	if (rc != __SNR_openat)
 		goto fail;
 	while ((arch = arch_list[iter++]) != -1) {

data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c CHANGED

@@ -51,6 +51,12 @@ int main(int argc, char *argv[])
 	if (rc != 0)
 		goto out;
+	/* NOTE: we are using a different approach to test for the native arch
+	 *       to exercise slightly different code paths */
+	rc = seccomp_arch_exist(ctx, 0);
+	if (rc != -EEXIST)
+		goto out;
 	/* NOTE: more sanity/coverage tests (see above) */
 	rc = seccomp_arch_add(ctx, SCMP_ARCH_NATIVE);
 	if (rc != 0)
@@ -84,6 +90,9 @@ int main(int argc, char *argv[])
 	if (rc != 0)
 		goto out;
 	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64);
 	if (rc != 0)
 		goto out;
@@ -150,6 +159,9 @@ int main(int argc, char *argv[])
 	rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE);
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_RISCV64);
+	if (rc != 0)
+		goto out;
 out:
 	seccomp_release(ctx);

data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py CHANGED

@@ -44,6 +44,7 @@ def test(args):
     f.add_arch(Arch("mipsel64"))
     f.add_arch(Arch("mipsel64n32"))
     f.add_arch(Arch("ppc64le"))
+    f.add_arch(Arch("riscv64"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))

data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} RENAMED

File without changes

data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} RENAMED

File without changes

data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests ADDED

@@ -0,0 +1,32 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+test type: bpf-sim
+# Testname		Arch	Syscall		Arg0		Arg1		Arg2	Arg3	Arg4	Arg5	Result
+18-sim-basic_allowlist	all	read		0		0x856B008	10	N	N	N	ALLOW
+18-sim-basic_allowlist	all	read		1-10		0x856B008	10	N	N	N	KILL
+18-sim-basic_allowlist	all	write		1-2		0x856B008	10	N	N	N	ALLOW
+18-sim-basic_allowlist	all	write		3-10		0x856B008	10	N	N	N	KILL
+18-sim-basic_allowlist	all	close		N		N		N	N	N	N	ALLOW
+18-sim-basic_allowlist	all	rt_sigreturn	N		N		N	N	N	N	ALLOW
+18-sim-basic_allowlist	all	open		0x856B008	4		N	N	N	N	KILL
+18-sim-basic_allowlist	x86	0-2		N		N		N	N	N	N	KILL
+18-sim-basic_allowlist	x86	7-172		N		N		N	N	N	N	KILL
+18-sim-basic_allowlist	x86	174-350		N		N		N	N	N	N	KILL
+18-sim-basic_allowlist	x86_64	4-14		N		N		N	N	N	N	KILL
+18-sim-basic_allowlist	x86_64	16-350		N		N		N	N	N	N	KILL
+test type: bpf-sim-fuzz
+# Testname		StressCount
+18-sim-basic_allowlist	50
+test type: bpf-valgrind
+# Testname
+18-sim-basic_allowlist

data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c CHANGED

@@ -69,6 +69,9 @@ int main(int argc, char *argv[])
 	if (rc != 0)
 		goto out;
 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64"));
 	if (rc != 0)
 		goto out;

data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py CHANGED

@@ -40,6 +40,7 @@ def test(args):
     f.add_arch(Arch("mipsel64"))
     f.add_arch(Arch("mipsel64n32"))
     f.add_arch(Arch("ppc64le"))
+    f.add_arch(Arch("riscv64"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))

data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c CHANGED

@@ -51,6 +51,9 @@ int main(int argc, char *argv[])
 	if (rc != 0)
 		goto out;
 	rc = seccomp_arch_add(ctx, SCMP_ARCH_X32);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
 	if (rc != 0)
 		goto out;

data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py CHANGED

@@ -34,6 +34,7 @@ def test(args):
     f.add_arch(Arch("x86"))
     f.add_arch(Arch("x86_64"))
     f.add_arch(Arch("x32"))
+    f.add_arch(Arch("ppc64le"))
     f.add_rule(ALLOW, "socket")
     f.add_rule(ALLOW, "connect")
     f.add_rule(ALLOW, "accept")

data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests CHANGED

@@ -7,23 +7,39 @@
 test type: bpf-sim
-# Testname		Arch	Syscall		Arg0		Arg1		Arg2	Arg3	Arg4	Arg5	Result
-30-sim-socket_syscalls	+x86	socketcall	1		N		N	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	socketcall	3		N		N	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	socketcall	5		N		N	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	socketcall	13		N		N	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	359		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	362		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	364		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	373		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	accept		5		N		N	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	accept		0		1		2	N	N	N	KILL
-30-sim-socket_syscalls	+x86	accept4		18		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86	accept4		0		1		2	N	N	N	KILL
-30-sim-socket_syscalls	+x86_64	socket		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86_64	connect		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86_64	accept4		0		1		2	N	N	N	ALLOW
-30-sim-socket_syscalls	+x86_64	shutdown	0		1		2	N	N	N	ALLOW
+# Testname		Arch		Syscall		Arg0		Arg1		Arg2	Arg3	Arg4	Arg5	Result
+# socket
+30-sim-socket_syscalls	+x86,+ppc64le	socketcall	1		N		N	N	N	N	ALLOW
+# connect
+30-sim-socket_syscalls	+x86,+ppc64le	socketcall	3		N		N	N	N	N	ALLOW
+# accept
+30-sim-socket_syscalls	+x86,+ppc64le	socketcall	5		N		N	N	N	N	ALLOW
+# accept4
+30-sim-socket_syscalls	+ppc64le	socketcall	18		N		N	N	N	N	ALLOW
+# shutdown
+30-sim-socket_syscalls	+x86,+ppc64le	socketcall	13		N		N	N	N	N	ALLOW
+# socket
+30-sim-socket_syscalls	+x86		359		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+ppc64le	326		0		1		2	N	N	N	ALLOW
+# connect
+30-sim-socket_syscalls	+x86		362		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+ppc64le	328		0		1		2	N	N	N	ALLOW
+# accept
+30-sim-socket_syscalls	+ppc64le	330		0		1		2	N	N	N	ALLOW
+# accept4
+30-sim-socket_syscalls	+x86		364		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+ppc64le	344		0		1		2	N	N	N	ALLOW
+# shutdown
+30-sim-socket_syscalls	+x86		373		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+ppc64le	338		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86,+ppc64le	accept		5		N		N	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86,+ppc64le	accept		0		1		2	N	N	N	KILL
+30-sim-socket_syscalls	+x86,+ppc64le	accept4		18		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86,+ppc64le	accept4		0		1		2	N	N	N	KILL
+30-sim-socket_syscalls	+x86_64		socket		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86_64		connect		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86_64		accept4		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86_64		shutdown	0		1		2	N	N	N	ALLOW
 test type: bpf-valgrind