script_core 0.2.2 → 0.2.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (376) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +41 -45
  3. data/.travis.yml +2 -1
  4. data/Gemfile +3 -3
  5. data/README.md +7 -1
  6. data/bootstrap.sh +2 -2
  7. data/ext/enterprise_script_service/libseccomp/.travis.yml +24 -12
  8. data/ext/enterprise_script_service/libseccomp/CHANGELOG +32 -0
  9. data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
  10. data/ext/enterprise_script_service/libseccomp/CREDITS +11 -0
  11. data/ext/enterprise_script_service/libseccomp/README.md +21 -1
  12. data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
  13. data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
  14. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
  15. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
  16. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
  17. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
  18. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
  19. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
  20. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
  21. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
  22. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
  23. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
  24. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
  25. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
  26. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
  27. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
  28. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
  29. data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +19 -0
  30. data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
  31. data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
  32. data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
  33. data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
  34. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
  35. data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
  36. data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
  37. data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
  38. data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
  39. data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
  40. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
  41. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
  42. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
  43. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
  44. data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
  45. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
  46. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
  47. data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
  48. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
  49. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
  50. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
  51. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
  52. data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
  53. data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
  54. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
  55. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
  56. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
  57. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
  58. data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
  59. data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
  60. data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
  61. data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
  62. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
  63. data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
  64. data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
  65. data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
  66. data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
  67. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
  68. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
  69. data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
  70. data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
  71. data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
  72. data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
  73. data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
  74. data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
  75. data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
  76. data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
  77. data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
  78. data/ext/enterprise_script_service/libseccomp/tests/.gitignore +10 -2
  79. data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
  80. data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
  81. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
  82. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
  83. data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +4 -3
  84. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
  85. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
  86. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
  87. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
  88. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
  89. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
  90. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
  91. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
  92. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
  93. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
  94. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
  95. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
  96. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
  97. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
  98. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
  99. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
  100. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
  101. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
  102. data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
  103. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
  104. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
  105. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
  106. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.c +48 -0
  107. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.py +38 -0
  108. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.tests +11 -0
  109. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
  110. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
  111. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
  112. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
  113. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
  114. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
  115. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
  116. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
  117. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
  118. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
  119. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
  120. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
  121. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
  122. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
  123. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
  124. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
  125. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
  126. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
  127. data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +34 -10
  128. data/ext/enterprise_script_service/libseccomp/tests/regression +10 -3
  129. data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
  130. data/ext/enterprise_script_service/libseccomp/tools/Makefile.am +0 -3
  131. data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
  132. data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
  133. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
  134. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +4 -0
  135. data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
  136. data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
  137. data/ext/enterprise_script_service/mruby/.github/workflows/build.yml +106 -0
  138. data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
  139. data/ext/enterprise_script_service/mruby/.github/workflows/main.yml +24 -0
  140. data/ext/enterprise_script_service/mruby/.gitignore +3 -0
  141. data/ext/enterprise_script_service/mruby/.travis.yml +6 -9
  142. data/ext/enterprise_script_service/mruby/AUTHORS +1 -0
  143. data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
  144. data/ext/enterprise_script_service/mruby/LICENSE +1 -1
  145. data/ext/enterprise_script_service/mruby/README.md +6 -2
  146. data/ext/enterprise_script_service/mruby/appveyor.yml +9 -12
  147. data/ext/enterprise_script_service/mruby/appveyor_config.rb +9 -0
  148. data/ext/enterprise_script_service/mruby/build_config.rb +6 -6
  149. data/ext/enterprise_script_service/mruby/doc/guides/compile.md +6 -2
  150. data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
  151. data/ext/enterprise_script_service/mruby/doc/guides/mrbconf.md +4 -8
  152. data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
  153. data/ext/enterprise_script_service/mruby/doc/opcode.md +108 -95
  154. data/ext/enterprise_script_service/mruby/examples/targets/build_config_ArduinoDue.rb +2 -2
  155. data/ext/enterprise_script_service/mruby/examples/targets/build_config_IntelEdison.rb +2 -2
  156. data/ext/enterprise_script_service/mruby/examples/targets/build_config_IntelGalileo.rb +2 -2
  157. data/ext/enterprise_script_service/mruby/examples/targets/build_config_RX630.rb +2 -2
  158. data/ext/enterprise_script_service/mruby/examples/targets/build_config_chipKITMax32.rb +2 -2
  159. data/ext/enterprise_script_service/mruby/examples/targets/build_config_dreamcast_shelf.rb +108 -0
  160. data/ext/enterprise_script_service/mruby/include/mrbconf.h +10 -7
  161. data/ext/enterprise_script_service/mruby/include/mruby.h +24 -9
  162. data/ext/enterprise_script_service/mruby/include/mruby/array.h +4 -0
  163. data/ext/enterprise_script_service/mruby/include/mruby/boxing_nan.h +11 -2
  164. data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -10
  165. data/ext/enterprise_script_service/mruby/include/mruby/common.h +10 -0
  166. data/ext/enterprise_script_service/mruby/include/mruby/compile.h +11 -3
  167. data/ext/enterprise_script_service/mruby/include/mruby/dump.h +1 -17
  168. data/ext/enterprise_script_service/mruby/include/mruby/irep.h +10 -0
  169. data/ext/enterprise_script_service/mruby/include/mruby/istruct.h +4 -1
  170. data/ext/enterprise_script_service/mruby/include/mruby/khash.h +23 -5
  171. data/ext/enterprise_script_service/mruby/include/mruby/numeric.h +1 -0
  172. data/ext/enterprise_script_service/mruby/include/mruby/ops.h +3 -2
  173. data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
  174. data/ext/enterprise_script_service/mruby/include/mruby/string.h +2 -1
  175. data/ext/enterprise_script_service/mruby/include/mruby/value.h +32 -41
  176. data/ext/enterprise_script_service/mruby/include/mruby/version.h +4 -4
  177. data/ext/enterprise_script_service/mruby/lib/mruby/build.rb +2 -30
  178. data/ext/enterprise_script_service/mruby/lib/mruby/build/command.rb +21 -46
  179. data/ext/enterprise_script_service/mruby/lib/mruby/gem.rb +9 -0
  180. data/ext/enterprise_script_service/mruby/lib/mruby/source.rb +3 -1
  181. data/ext/enterprise_script_service/mruby/mrbgems/default.gembox +7 -0
  182. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/mrblib/array.rb +0 -31
  183. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
  184. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/test/array.rb +0 -13
  185. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mrbgem.rake +5 -2
  186. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c +0 -1
  187. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdbconf.h +5 -1
  188. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +7 -3
  189. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +24 -21
  190. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/mrbgem.rake +0 -1
  191. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c +6 -2
  192. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c +6 -2
  193. data/ext/enterprise_script_service/mruby/mrbgems/mruby-class-ext/src/class.c +6 -1
  194. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/codegen.c +76 -48
  195. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/parse.y +107 -32
  196. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/y.tab.c +13153 -0
  197. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/mrbgem.rake +13 -15
  198. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
  199. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
  200. data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/src/exception.c +3 -3
  201. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +3 -214
  202. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/test/eval.rb +21 -0
  203. data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
  204. data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c +1 -3
  205. data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
  206. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/include/mruby/ext/io.h +39 -7
  207. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrbgem.rake +2 -8
  208. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file_constants.rb +0 -16
  209. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/io.rb +7 -12
  210. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +77 -32
  211. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +18 -36
  212. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +324 -122
  213. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/file.rb +18 -12
  214. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/io.rb +32 -0
  215. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/mruby_io_test.c +57 -49
  216. data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
  217. data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/src/metaprog.c +15 -17
  218. data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/test/metaprog.rb +9 -0
  219. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +4 -5
  220. data/ext/enterprise_script_service/mruby/mrbgems/mruby-object-ext/src/object.c +3 -12
  221. data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
  222. data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/src/pack.c +113 -10
  223. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +6 -3
  224. data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/src/proc.c +2 -2
  225. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
  226. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
  227. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/src/rational.c +9 -9
  228. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/src/mrb_sleep.c +1 -1
  229. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/mrbgem.rake +1 -1
  230. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/test/sockettest.c +3 -2
  231. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +62 -25
  232. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/test/sprintf.rb +5 -23
  233. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +4 -5
  234. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
  235. data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/src/symbol.c +1 -1
  236. data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/mrbgem.rake +1 -0
  237. data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +11 -15
  238. data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
  239. data/ext/enterprise_script_service/mruby/mrblib/hash.rb +3 -3
  240. data/ext/enterprise_script_service/mruby/src/array.c +25 -11
  241. data/ext/enterprise_script_service/mruby/src/backtrace.c +2 -2
  242. data/ext/enterprise_script_service/mruby/src/class.c +48 -32
  243. data/ext/enterprise_script_service/mruby/src/codedump.c +4 -0
  244. data/ext/enterprise_script_service/mruby/src/debug.c +8 -5
  245. data/ext/enterprise_script_service/mruby/src/dump.c +3 -65
  246. data/ext/enterprise_script_service/mruby/src/error.c +58 -7
  247. data/ext/enterprise_script_service/mruby/src/etc.c +13 -5
  248. data/ext/enterprise_script_service/mruby/src/fmt_fp.c +98 -21
  249. data/ext/enterprise_script_service/mruby/src/gc.c +15 -280
  250. data/ext/enterprise_script_service/mruby/src/hash.c +13 -21
  251. data/ext/enterprise_script_service/mruby/src/kernel.c +6 -9
  252. data/ext/enterprise_script_service/mruby/src/load.c +56 -30
  253. data/ext/enterprise_script_service/mruby/src/numeric.c +50 -70
  254. data/ext/enterprise_script_service/mruby/src/object.c +23 -5
  255. data/ext/enterprise_script_service/mruby/src/print.c +27 -3
  256. data/ext/enterprise_script_service/mruby/src/proc.c +26 -7
  257. data/ext/enterprise_script_service/mruby/src/range.c +4 -12
  258. data/ext/enterprise_script_service/mruby/src/state.c +34 -11
  259. data/ext/enterprise_script_service/mruby/src/string.c +93 -56
  260. data/ext/enterprise_script_service/mruby/src/symbol.c +13 -12
  261. data/ext/enterprise_script_service/mruby/src/vm.c +48 -53
  262. data/ext/enterprise_script_service/mruby/tasks/gitlab.rake +19 -22
  263. data/ext/enterprise_script_service/mruby/tasks/mrbgems.rake +1 -1
  264. data/ext/enterprise_script_service/mruby/tasks/toolchains/android.rake +46 -1
  265. data/ext/enterprise_script_service/mruby/tasks/toolchains/gcc.rake +3 -3
  266. data/ext/enterprise_script_service/mruby/tasks/toolchains/openwrt.rake +6 -6
  267. data/ext/enterprise_script_service/mruby/tasks/toolchains/visualcpp.rake +8 -8
  268. data/ext/enterprise_script_service/mruby/test/assert.rb +5 -4
  269. data/ext/enterprise_script_service/mruby/test/t/ensure.rb +8 -26
  270. data/ext/enterprise_script_service/mruby/test/t/exception.rb +2 -2
  271. data/ext/enterprise_script_service/mruby/test/t/kernel.rb +15 -24
  272. data/ext/enterprise_script_service/mruby/travis_config.rb +0 -14
  273. data/ext/enterprise_script_service/msgpack/.github/depends/boost.sh +56 -0
  274. data/ext/enterprise_script_service/msgpack/.github/workflows/coverage.yml +62 -0
  275. data/ext/enterprise_script_service/msgpack/.github/workflows/gha.yml +304 -0
  276. data/ext/enterprise_script_service/msgpack/CHANGELOG.md +11 -0
  277. data/ext/enterprise_script_service/msgpack/CMakeLists.txt +82 -39
  278. data/ext/enterprise_script_service/msgpack/Files.cmake +22 -12
  279. data/ext/enterprise_script_service/msgpack/QUICKSTART-C.md +26 -29
  280. data/ext/enterprise_script_service/msgpack/README.md +3 -2
  281. data/ext/enterprise_script_service/msgpack/appveyor.yml +6 -2
  282. data/ext/enterprise_script_service/msgpack/ci/build_cmake.sh +3 -1
  283. data/ext/enterprise_script_service/msgpack/cmake/CodeCoverage.cmake +55 -0
  284. data/ext/enterprise_script_service/msgpack/codecov.yml +36 -0
  285. data/ext/enterprise_script_service/msgpack/example/CMakeLists.txt +9 -5
  286. data/ext/enterprise_script_service/msgpack/example/boost/CMakeLists.txt +1 -1
  287. data/ext/enterprise_script_service/msgpack/example/c/CMakeLists.txt +17 -6
  288. data/ext/enterprise_script_service/msgpack/example/c/boundary.c +296 -0
  289. data/ext/enterprise_script_service/msgpack/example/c/jsonconv.c +419 -0
  290. data/ext/enterprise_script_service/msgpack/example/c/simple_c.c +1 -1
  291. data/ext/enterprise_script_service/msgpack/example/cpp03/CMakeLists.txt +3 -3
  292. data/ext/enterprise_script_service/msgpack/example/cpp11/CMakeLists.txt +2 -2
  293. data/ext/enterprise_script_service/msgpack/example/x3/CMakeLists.txt +2 -2
  294. data/ext/enterprise_script_service/msgpack/include/msgpack/pack.h +24 -1
  295. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/array_ref.hpp +5 -4
  296. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/boost/optional.hpp +4 -4
  297. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/cpp17/vector_byte.hpp +8 -8
  298. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/map.hpp +4 -4
  299. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector.hpp +4 -4
  300. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_char.hpp +8 -8
  301. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_unsigned_char.hpp +8 -8
  302. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/wstring.hpp +4 -4
  303. data/ext/enterprise_script_service/msgpack/include/msgpack/v3/unpack.hpp +6 -6
  304. data/ext/enterprise_script_service/msgpack/include/msgpack/version_master.h +2 -2
  305. data/ext/enterprise_script_service/msgpack/include/msgpack/zbuffer.h +4 -4
  306. data/ext/enterprise_script_service/msgpack/make_file_list.sh +38 -11
  307. data/ext/enterprise_script_service/msgpack/src/vrefbuffer.c +6 -0
  308. data/ext/enterprise_script_service/msgpack/test/CMakeLists.txt +86 -64
  309. data/ext/enterprise_script_service/msgpack/test/array_ref.cpp +4 -0
  310. data/ext/enterprise_script_service/msgpack/test/boost_fusion.cpp +4 -0
  311. data/ext/enterprise_script_service/msgpack/test/boost_optional.cpp +4 -0
  312. data/ext/enterprise_script_service/msgpack/test/boost_string_ref.cpp +4 -1
  313. data/ext/enterprise_script_service/msgpack/test/boost_string_view.cpp +4 -0
  314. data/ext/enterprise_script_service/msgpack/test/boost_variant.cpp +4 -0
  315. data/ext/enterprise_script_service/msgpack/test/buffer.cpp +4 -47
  316. data/ext/enterprise_script_service/msgpack/test/buffer_c.cpp +148 -0
  317. data/ext/enterprise_script_service/msgpack/test/carray.cpp +4 -0
  318. data/ext/enterprise_script_service/msgpack/test/cases.cpp +8 -4
  319. data/ext/enterprise_script_service/msgpack/test/convert.cpp +8 -4
  320. data/ext/enterprise_script_service/msgpack/test/fixint.cpp +4 -0
  321. data/ext/enterprise_script_service/msgpack/test/fixint_c.cpp +4 -0
  322. data/ext/enterprise_script_service/msgpack/test/fuzz_unpack_pack_fuzzer_cpp11.cpp +4 -0
  323. data/ext/enterprise_script_service/msgpack/test/iterator_cpp11.cpp +4 -0
  324. data/ext/enterprise_script_service/msgpack/test/json.cpp +4 -0
  325. data/ext/enterprise_script_service/msgpack/test/limit.cpp +8 -4
  326. data/ext/enterprise_script_service/msgpack/test/msgpack_basic.cpp +4 -0
  327. data/ext/enterprise_script_service/msgpack/test/msgpack_c.cpp +159 -0
  328. data/ext/enterprise_script_service/msgpack/test/msgpack_container.cpp +4 -0
  329. data/ext/enterprise_script_service/msgpack/test/msgpack_cpp11.cpp +32 -27
  330. data/ext/enterprise_script_service/msgpack/test/msgpack_cpp17.cpp +4 -0
  331. data/ext/enterprise_script_service/msgpack/test/msgpack_stream.cpp +4 -0
  332. data/ext/enterprise_script_service/msgpack/test/msgpack_tuple.cpp +4 -1
  333. data/ext/enterprise_script_service/msgpack/test/msgpack_vref.cpp +4 -0
  334. data/ext/enterprise_script_service/msgpack/test/msgpack_x3_parse.cpp +4 -0
  335. data/ext/enterprise_script_service/msgpack/test/object.cpp +4 -1
  336. data/ext/enterprise_script_service/msgpack/test/object_with_zone.cpp +12 -8
  337. data/ext/enterprise_script_service/msgpack/test/pack_unpack.cpp +30 -26
  338. data/ext/enterprise_script_service/msgpack/test/pack_unpack_c.cpp +4 -0
  339. data/ext/enterprise_script_service/msgpack/test/raw.cpp +4 -0
  340. data/ext/enterprise_script_service/msgpack/test/reference.cpp +4 -0
  341. data/ext/enterprise_script_service/msgpack/test/reference_cpp11.cpp +4 -0
  342. data/ext/enterprise_script_service/msgpack/test/reference_wrapper_cpp11.cpp +4 -0
  343. data/ext/enterprise_script_service/msgpack/test/shared_ptr_cpp11.cpp +4 -0
  344. data/ext/enterprise_script_service/msgpack/test/size_equal_only.cpp +4 -0
  345. data/ext/enterprise_script_service/msgpack/test/streaming.cpp +8 -4
  346. data/ext/enterprise_script_service/msgpack/test/streaming_c.cpp +4 -0
  347. data/ext/enterprise_script_service/msgpack/test/unique_ptr_cpp11.cpp +4 -0
  348. data/ext/enterprise_script_service/msgpack/test/user_class.cpp +16 -12
  349. data/ext/enterprise_script_service/msgpack/test/version.cpp +4 -0
  350. data/ext/enterprise_script_service/msgpack/test/visitor.cpp +4 -0
  351. data/ext/enterprise_script_service/msgpack/test/zone.cpp +4 -0
  352. data/lib/script_core/engine.rb +24 -5
  353. data/lib/script_core/executable.rb +4 -3
  354. data/lib/script_core/result.rb +1 -5
  355. data/lib/script_core/service_channel.rb +1 -0
  356. data/lib/script_core/version.rb +1 -1
  357. data/lib/tasks/script_core.rake +3 -1
  358. data/script_core.gemspec +2 -2
  359. data/spec/dummy/app/lib/script_engine.rb +64 -5
  360. metadata +68 -30
  361. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
  362. data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
  363. data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
  364. data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
  365. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
  366. data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
  367. data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
  368. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
  369. data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -626
  370. data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -626
  371. data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
  372. data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
  373. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
  374. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
  375. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
  376. data/ext/enterprise_script_service/msgpack/.travis.yml +0 -258
@@ -2,18 +2,24 @@ libseccomp: Contributors
2
2
  ========================================================================
3
3
  https://github.com/seccomp/libseccomp
4
4
 
5
+ Alex Murray <alex.murray@canonical.com>
6
+ Andreas Schwab <schwab@suse.de>
5
7
  Andrew Jones <drjones@redhat.com>
6
8
  Andy Lutomirski <luto@amacapital.net>
7
9
  Ashley Lai <adlai@us.ibm.com>
8
10
  Bogdan Purcareata <bogdan.purcareata@freescale.com>
9
11
  Brian Cain <brian.cain@gmail.com>
12
+ Christopher Waldon <christopher.waldon.dev@gmail.com>
13
+ Chris Waldon <chris.waldon@ibm.com>
10
14
  Colin Walters <walters@verbum.org>
11
15
  Corey Bryant <coreyb@linux.vnet.ibm.com>
12
16
  David Drysdale <drysdale@google.com>
13
17
  Eduardo Otubo <otubo@linux.vnet.ibm.com>
14
18
  Eric Paris <eparis@redhat.com>
19
+ Fabrice Fontaine <fontaine.fabrice@gmail.com>
15
20
  Felix Abecassis <fabecassis@nvidia.com>
16
21
  Felix Geyer <debfx@fobos.de>
22
+ Giuseppe Scrivano <gscrivan@redhat.com>
17
23
  Heiko Carstens <heiko.carstens@de.ibm.com>
18
24
  Helge Deller <deller@gmx.de>
19
25
  Jake Edge <jake@lwn.net>
@@ -23,9 +29,11 @@ Jan Willeke <willeke@linux.vnet.ibm.com>
23
29
  Jay Guo <guojiannan@cn.ibm.com>
24
30
  Jiannan Guo <guojiannan1101@gmail.com>
25
31
  Joe MacDonald <joe@deserted.net>
32
+ Jonah Petri <jonah@petri.us>
26
33
  Justin Cormack <justin.cormack@docker.com>
27
34
  Kees Cook <keescook@chromium.org>
28
35
  Kyle R. Conway <kyle.r.conway@gmail.com>
36
+ Kenta Tada <Kenta.Tada@sony.com>
29
37
  Luca Bruno <lucab@debian.org>
30
38
  Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
31
39
  Marcus Meissner <meissner@suse.de>
@@ -34,13 +42,16 @@ Mathias Krause <minipli@googlemail.com>
34
42
  Michael Forney <mforney@mforney.org>
35
43
  Mike Frysinger <vapier@gentoo.org>
36
44
  Mike Strosaker <strosake@linux.vnet.ibm.com>
45
+ Miroslav Lichvar <mlichvar@redhat.com>
37
46
  Paul Moore <paul@paul-moore.com>
47
+ Rolf Eike Beer <eb@emlix.com>
38
48
  Serge Hallyn <serge.hallyn@ubuntu.com>
39
49
  Stéphane Graber <stgraber@ubuntu.com>
40
50
  Stephen Coleman <omegacoleman@gmail.com>
41
51
  Thiago Marcos P. Santos <thiago.santos@intel.com>
42
52
  Tobias Klauser <tklauser@distanz.ch>
43
53
  Tom Hromatka <tom.hromatka@oracle.com>
54
+ Tudor Brindus <me@tbrindus.ca>
44
55
  Tycho Andersen <tycho@tycho.ws>
45
56
  Tyler Hicks <tyhicks@canonical.com>
46
57
  valoq <valoq@mailbox.org>
@@ -1,10 +1,11 @@
1
- ![Enhanced Seccomp Helper Library](https://github.com/seccomp/libseccomp-artwork/blob/master/logo/libseccomp-color_text.png)
1
+ ![Enhanced Seccomp Helper Library](https://github.com/seccomp/libseccomp-artwork/blob/main/logo/libseccomp-color_text.png)
2
2
  ===============================================================================
3
3
  https://github.com/seccomp/libseccomp
4
4
 
5
5
  [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/608/badge)](https://bestpractices.coreinfrastructure.org/projects/608)
6
6
  [![Build Status](https://img.shields.io/travis/seccomp/libseccomp/master.svg)](https://travis-ci.org/seccomp/libseccomp)
7
7
  [![Coverage Status](https://img.shields.io/coveralls/github/seccomp/libseccomp/master.svg)](https://coveralls.io/github/seccomp/libseccomp?branch=master)
8
+ [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/seccomp/libseccomp.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/seccomp/libseccomp/context:cpp)
8
9
 
9
10
  The libseccomp library provides an easy to use, platform independent, interface
10
11
  to the Linux Kernel's syscall filtering mechanism. The libseccomp API is
@@ -52,6 +53,7 @@ The libseccomp library currently supports the architectures listed below:
52
53
  * 64-bit PowerPC little endian (ppc64le)
53
54
  * 32-bit s390 (s390)
54
55
  * 64-bit s390x (s390x)
56
+ * 64-bit RISC-V (riscv64)
55
57
 
56
58
  ## Documentation
57
59
 
@@ -63,6 +65,24 @@ CHANGELOG files.
63
65
  Those who are interested in contributing to the the project are encouraged to
64
66
  read the CONTRIBUTING in the top level directory.
65
67
 
68
+ ## Verifying Release Tarballs
69
+
70
+ Before use you should verify the downloaded release tarballs and checksums
71
+ using the detached signatures supplied as part of the release; the detached
72
+ signature files are the "*.asc" files. If you have GnuPG installed you can
73
+ verify detached signatures using the following command:
74
+
75
+ # gpg --verify file.asc file
76
+
77
+ At present, only the following keys are authorized to sign official libseccomp
78
+ releases:
79
+
80
+ Paul Moore <paul@paul-moore.com>
81
+ 7100 AADF AE6E 6E94 0D2E 0AD6 55E4 5A5A E8CA 7C8A
82
+
83
+ Tom Hromatka <tom.hromatka@oracle.com>
84
+ 47A6 8FCE 37C7 D702 4FD6 5E11 356C E62C 2B52 4099
85
+
66
86
  ## Building and Installing the Library
67
87
 
68
88
  If you are building the libseccomp library from an official release tarball,
@@ -19,7 +19,7 @@ dnl #
19
19
  dnl ####
20
20
  dnl libseccomp defines
21
21
  dnl ####
22
- AC_INIT([libseccomp], [2.4.2])
22
+ AC_INIT([libseccomp], [2.5.0])
23
23
 
24
24
  dnl ####
25
25
  dnl autoconf configuration
@@ -66,7 +66,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
66
66
  dnl ####
67
67
  dnl build flags
68
68
  dnl ####
69
- AM_CPPFLAGS="-I\${top_srcdir}/include"
69
+ AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include"
70
70
  AM_CFLAGS="-Wall"
71
71
  AM_LDFLAGS="-Wl,-z -Wl,relro"
72
72
  AC_SUBST([AM_CPPFLAGS])
@@ -91,11 +91,11 @@ AC_SUBST([VERSION_MICRO])
91
91
  dnl ####
92
92
  dnl cython checks
93
93
  dnl ####
94
- AC_CHECK_PROG(have_cython, cython, "yes", "no")
95
- AS_IF([test "$have_cython" = yes], [
96
- AS_ECHO("checking cython version... $(cython -V 2>&1 | cut -d' ' -f 3)")
97
- CYTHON_VER_MAJ=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1);
98
- CYTHON_VER_MIN=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2);
94
+ AC_CHECK_PROGS(cython, cython3 cython, "no")
95
+ AS_IF([test "$cython" != no], [
96
+ AS_ECHO("checking cython version... $($cython -V 2>&1 | cut -d' ' -f 3)")
97
+ CYTHON_VER_MAJ=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1);
98
+ CYTHON_VER_MIN=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2);
99
99
  ],[
100
100
  CYTHON_VER_MAJ=0
101
101
  CYTHON_VER_MIN=0
@@ -112,13 +112,18 @@ AS_IF([test "$enable_python" = yes], [
112
112
  AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 29], [
113
113
  AC_MSG_ERROR([python bindings require cython 0.29 or higher])
114
114
  ])
115
- AM_PATH_PYTHON
115
+ AM_PATH_PYTHON([3])
116
116
  ])
117
117
  AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes])
118
118
  AC_DEFINE_UNQUOTED([ENABLE_PYTHON],
119
119
  [$(test "$enable_python" = yes && echo 1 || echo 0)],
120
120
  [Python bindings build flag.])
121
121
 
122
+ AC_CHECK_TOOL(GPERF, gperf)
123
+ if test -z "$GPERF"; then
124
+ AC_MSG_ERROR([please install gperf])
125
+ fi
126
+
122
127
  dnl ####
123
128
  dnl coverity checks
124
129
  dnl ####
@@ -38,6 +38,12 @@ dist_man3_MANS = \
38
38
  man/man3/seccomp_rule_add_array.3 \
39
39
  man/man3/seccomp_rule_add_exact.3 \
40
40
  man/man3/seccomp_rule_add_exact_array.3 \
41
+ man/man3/seccomp_notify_alloc.3 \
42
+ man/man3/seccomp_notify_fd.3 \
43
+ man/man3/seccomp_notify_free.3 \
44
+ man/man3/seccomp_notify_id_valid.3 \
45
+ man/man3/seccomp_notify_receive.3 \
46
+ man/man3/seccomp_notify_respond.3 \
41
47
  man/man3/seccomp_syscall_priority.3 \
42
48
  man/man3/seccomp_syscall_resolve_name.3 \
43
49
  man/man3/seccomp_syscall_resolve_name_arch.3 \
@@ -1,4 +1,4 @@
1
- .TH "seccomp_api_get" 3 "8 October 2017" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_api_get" 3 "13 June 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -49,7 +49,17 @@ the
49
49
  syscall to load the seccomp filter into the kernel.
50
50
  .TP
51
51
  .B 3
52
- The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are supported.
52
+ The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are
53
+ supported.
54
+ .TP
55
+ .B 4
56
+ The SCMP_FLTATR_CTL_SSB filter attribute is supported.
57
+ .TP
58
+ .B 5
59
+ The SCMP_ACT_NOTIFY action and the notify APIs are supported.
60
+ .TP
61
+ .B 5
62
+ The simultaneous use of SCMP_FLTATR_CTL_TSYNC and the notify APIs are supported.
53
63
  .\" //////////////////////////////////////////////////////////////////////////
54
64
  .SH RETURN VALUE
55
65
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_arch_add" 3 "7 May 2014" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_arch_add" 3 "15 June 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -14,6 +14,23 @@ seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist, seccomp_arch_native \
14
14
  .B #define SCMP_ARCH_NATIVE
15
15
  .B #define SCMP_ARCH_X86
16
16
  .B #define SCMP_ARCH_X86_64
17
+ .B #define SCMP_ARCH_X32
18
+ .B #define SCMP_ARCH_ARM
19
+ .B #define SCMP_ARCH_AARCH64
20
+ .B #define SCMP_ARCH_MIPS
21
+ .B #define SCMP_ARCH_MIPS64
22
+ .B #define SCMP_ARCH_MIPS64N32
23
+ .B #define SCMP_ARCH_MIPSEL
24
+ .B #define SCMP_ARCH_MIPSEL64
25
+ .B #define SCMP_ARCH_MIPSEL64N32
26
+ .B #define SCMP_ARCH_PPC
27
+ .B #define SCMP_ARCH_PPC64
28
+ .B #define SCMP_ARCH_PPC64LE
29
+ .B #define SCMP_ARCH_S390
30
+ .B #define SCMP_ARCH_S390X
31
+ .B #define SCMP_ARCH_PARISC
32
+ .B #define SCMP_ARCH_PARISC64
33
+ .B #define SCMP_ARCH_RISCV64
17
34
  .sp
18
35
  .BI "uint32_t seccomp_arch_resolve_name(const char *" arch_name ");"
19
36
  .BI "uint32_t seccomp_arch_native();"
@@ -69,13 +86,28 @@ new architecture will be added to all of the architectures in the filter.
69
86
  .SH RETURN VALUE
70
87
  .\" //////////////////////////////////////////////////////////////////////////
71
88
  The
72
- .BR seccomp_arch_add ()
89
+ .BR seccomp_arch_add (),
90
+ .BR seccomp_arch_remove (),
73
91
  and
74
- .BR seccomp_arch_remove ()
75
- functions return zero on success, negative errno values on failure. The
76
92
  .BR seccomp_arch_exist ()
77
- function returns zero if the architecture exists, \-EEXIST if it does not, and
78
- other negative errno values on failure.
93
+ functions return zero on success or one of the following error codes on
94
+ failure:
95
+ .TP
96
+ .B -EDOM
97
+ Architecture specific failure.
98
+ .TP
99
+ .B -EEXIST
100
+ In the case of
101
+ .BR seccomp_arch_add ()
102
+ the architecture already exists and in the case of
103
+ .BR seccomp_arch_remove ()
104
+ the architecture does not exist.
105
+ .TP
106
+ .B -EINVAL
107
+ Invalid input, either the context or architecture token is invalid.
108
+ .TP
109
+ .B -ENOMEM
110
+ The library was unable to allocate enough memory.
79
111
  .\" //////////////////////////////////////////////////////////////////////////
80
112
  .SH EXAMPLES
81
113
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_attr_set" 3 "21 August 2014" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_attr_set" 3 "06 June 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -94,10 +94,61 @@ the
94
94
  action. Defaults to off (
95
95
  .I value
96
96
  == 0).
97
+ .TP
98
+ .B SCMP_FLTATR_CTL_SSB
99
+ A flag to disable Speculative Store Bypass mitigations for this filter.
100
+ Defaults to off (
101
+ .I value
102
+ == 0).
103
+ .TP
104
+ .B SCMP_FLTATR_CTL_OPTIMIZE
105
+ A flag to specify the optimization level of the seccomp filter. By default
106
+ libseccomp generates a set of sequential \'if\' statements for each rule in
107
+ the filter.
108
+ .BR seccomp_syscall_priority(3)
109
+ can be used to prioritize the order for the default cause. The binary tree
110
+ optimization sorts by syscall numbers and generates consistent
111
+ .BR O(log\ n)
112
+ filter traversal for every rule in the filter. The binary tree may be
113
+ advantageous for large filters. Note that
114
+ .BR seccomp_syscall_priority(3)
115
+ is ignored when SCMP_FLTATR_CTL_OPTIMIZE == 2.
116
+ .RS
117
+ .P
118
+ The different optimization levels are described below:
119
+ .TP
120
+ .B 0
121
+ Reserved value, not currently used.
122
+ .TP
123
+ .B 1
124
+ Rules sorted by priority and complexity (DEFAULT).
125
+ .TP
126
+ .B 2
127
+ Binary tree sorted by syscall number.
128
+ .RE
129
+ .TP
130
+ .B SCMP_FLTATR_API_SYSRAWRC
131
+ A flag to specify if libseccomp should pass system error codes back to the
132
+ caller instead of the default -ECANCELED. Defaults to off (
133
+ .I value
134
+ == 0).
97
135
  .\" //////////////////////////////////////////////////////////////////////////
98
136
  .SH RETURN VALUE
99
137
  .\" //////////////////////////////////////////////////////////////////////////
100
- Returns zero on success, negative errno values on failure.
138
+ Returns zero on success or one of the following error codes on
139
+ failure:
140
+ .TP
141
+ .B -EACCES
142
+ Setting the attribute with the given value is not allowed.
143
+ .TP
144
+ .B -EEXIST
145
+ The attribute does not exist.
146
+ .TP
147
+ .B -EINVAL
148
+ Invalid input, either the context or architecture token is invalid.
149
+ .TP
150
+ .B -EOPNOTSUPP
151
+ The library doesn't support the particular operation.
101
152
  .\" //////////////////////////////////////////////////////////////////////////
102
153
  .SH EXAMPLES
103
154
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_export_bpf" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_export_bpf" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -45,7 +45,25 @@ ordering, are not guaranteed to be the same in both the BPF and PFC formats.
45
45
  .\" //////////////////////////////////////////////////////////////////////////
46
46
  .SH RETURN VALUE
47
47
  .\" //////////////////////////////////////////////////////////////////////////
48
- Returns zero on success, negative errno values on failure.
48
+ Return zero on success or one of the following error codes on
49
+ failure:
50
+ .TP
51
+ .B -ECANCELED
52
+ There was a system failure beyond the control of the library.
53
+ .TP
54
+ .B -EFAULT
55
+ Internal libseccomp failure.
56
+ .TP
57
+ .B -EINVAL
58
+ Invalid input, either the context or architecture token is invalid.
59
+ .TP
60
+ .B -ENOMEM
61
+ The library was unable to allocate enough memory.
62
+ .P
63
+ If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
64
+ additional error codes may be returned to the caller; these additional error
65
+ codes are the negative \fIerrno\fP values returned by the system. Unfortunately
66
+ libseccomp can make no guarantees about these return values.
49
67
  .\" //////////////////////////////////////////////////////////////////////////
50
68
  .SH EXAMPLES
51
69
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_init" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_init" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -98,7 +98,14 @@ The
98
98
  .BR seccomp_init ()
99
99
  function returns a filter context on success, NULL on failure. The
100
100
  .BR seccomp_reset ()
101
- function returns zero on success, negative errno values on failure.
101
+ function returns zero on success or one of the following error codes on
102
+ failure:
103
+ .TP
104
+ .B -EINVAL
105
+ Invalid input, either the context or action is invalid.
106
+ .TP
107
+ .B -ENOMEM
108
+ The library was unable to allocate enough memory.
102
109
  .\" //////////////////////////////////////////////////////////////////////////
103
110
  .SH EXAMPLES
104
111
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_load" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_load" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -23,10 +23,40 @@ Loads the seccomp filter provided by
23
23
  .I ctx
24
24
  into the kernel; if the function
25
25
  succeeds the new seccomp filter will be active when the function returns.
26
+ .P
27
+ As it is possible to have multiple stacked seccomp filters for a given task
28
+ (defined as either a process or a thread), it is important to remember that
29
+ each of the filters loaded for a given task are executed when a syscall is
30
+ made and the "strictest" rule is the rule that is applied. In the case of
31
+ seccomp, "strictest" is defined as the action with the lowest value (e.g.
32
+ .I SCMP_ACT_KILL
33
+ is "stricter" than
34
+ .I SCMP_ACT_ALLOW
35
+ ).
26
36
  .\" //////////////////////////////////////////////////////////////////////////
27
37
  .SH RETURN VALUE
28
38
  .\" //////////////////////////////////////////////////////////////////////////
29
- Returns zero on success, negative errno values on failure.
39
+ Returns zero on success or one of the following error codes on failure:
40
+ .TP
41
+ .B -ECANCELED
42
+ There was a system failure beyond the control of the library.
43
+ .TP
44
+ .B -EFAULT
45
+ Internal libseccomp failure.
46
+ .TP
47
+ .B -EINVAL
48
+ Invalid input, either the context or architecture token is invalid.
49
+ .TP
50
+ .B -ENOMEM
51
+ The library was unable to allocate enough memory.
52
+ .TP
53
+ .B -ESRCH
54
+ Unable to load the filter due to thread issues.
55
+ .P
56
+ If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
57
+ additional error codes may be returned to the caller; these additional error
58
+ codes are the negative \fIerrno\fP values returned by the system. Unfortunately
59
+ libseccomp can make no guarantees about these return values.
30
60
  .\" //////////////////////////////////////////////////////////////////////////
31
61
  .SH EXAMPLES
32
62
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_merge" 3 "28 September 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_merge" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -41,7 +41,21 @@ attribute values and no overlapping architectures.
41
41
  .\" //////////////////////////////////////////////////////////////////////////
42
42
  .SH RETURN VALUE
43
43
  .\" //////////////////////////////////////////////////////////////////////////
44
- Returns zero on success and negative values on failure.
44
+ Returns zero on success or one of the following error codes on
45
+ failure:
46
+ .TP
47
+ .B -EDOM
48
+ Unable to merge the filters due to architecture issues, e.g. byte endian
49
+ mismatches.
50
+ .TP
51
+ .B -EEXIST
52
+ The architecture already exists in the filter.
53
+ .TP
54
+ .B -EINVAL
55
+ One of the filters is invalid.
56
+ .TP
57
+ .B -ENOMEM
58
+ The library was unable to allocate enough memory.
45
59
  .\" //////////////////////////////////////////////////////////////////////////
46
60
  .SH EXAMPLES
47
61
  .\" //////////////////////////////////////////////////////////////////////////