script_core 0.2.2 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (376) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +41 -45
  3. data/.travis.yml +2 -1
  4. data/Gemfile +3 -3
  5. data/README.md +7 -1
  6. data/bootstrap.sh +2 -2
  7. data/ext/enterprise_script_service/libseccomp/.travis.yml +24 -12
  8. data/ext/enterprise_script_service/libseccomp/CHANGELOG +32 -0
  9. data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
  10. data/ext/enterprise_script_service/libseccomp/CREDITS +11 -0
  11. data/ext/enterprise_script_service/libseccomp/README.md +21 -1
  12. data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
  13. data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
  14. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
  15. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
  16. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
  17. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
  18. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
  19. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
  20. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
  21. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
  22. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
  23. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
  24. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
  25. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
  26. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
  27. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
  28. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
  29. data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +19 -0
  30. data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
  31. data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
  32. data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
  33. data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
  34. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
  35. data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
  36. data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
  37. data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
  38. data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
  39. data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
  40. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
  41. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
  42. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
  43. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
  44. data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
  45. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
  46. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
  47. data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
  48. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
  49. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
  50. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
  51. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
  52. data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
  53. data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
  54. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
  55. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
  56. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
  57. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
  58. data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
  59. data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
  60. data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
  61. data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
  62. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
  63. data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
  64. data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
  65. data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
  66. data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
  67. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
  68. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
  69. data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
  70. data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
  71. data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
  72. data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
  73. data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
  74. data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
  75. data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
  76. data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
  77. data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
  78. data/ext/enterprise_script_service/libseccomp/tests/.gitignore +10 -2
  79. data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
  80. data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
  81. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
  82. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
  83. data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +4 -3
  84. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
  85. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
  86. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
  87. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
  88. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
  89. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
  90. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
  91. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
  92. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
  93. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
  94. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
  95. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
  96. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
  97. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
  98. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
  99. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
  100. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
  101. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
  102. data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
  103. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
  104. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
  105. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
  106. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.c +48 -0
  107. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.py +38 -0
  108. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.tests +11 -0
  109. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
  110. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
  111. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
  112. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
  113. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
  114. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
  115. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
  116. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
  117. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
  118. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
  119. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
  120. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
  121. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
  122. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
  123. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
  124. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
  125. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
  126. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
  127. data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +34 -10
  128. data/ext/enterprise_script_service/libseccomp/tests/regression +10 -3
  129. data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
  130. data/ext/enterprise_script_service/libseccomp/tools/Makefile.am +0 -3
  131. data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
  132. data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
  133. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
  134. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +4 -0
  135. data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
  136. data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
  137. data/ext/enterprise_script_service/mruby/.github/workflows/build.yml +106 -0
  138. data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
  139. data/ext/enterprise_script_service/mruby/.github/workflows/main.yml +24 -0
  140. data/ext/enterprise_script_service/mruby/.gitignore +3 -0
  141. data/ext/enterprise_script_service/mruby/.travis.yml +6 -9
  142. data/ext/enterprise_script_service/mruby/AUTHORS +1 -0
  143. data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
  144. data/ext/enterprise_script_service/mruby/LICENSE +1 -1
  145. data/ext/enterprise_script_service/mruby/README.md +6 -2
  146. data/ext/enterprise_script_service/mruby/appveyor.yml +9 -12
  147. data/ext/enterprise_script_service/mruby/appveyor_config.rb +9 -0
  148. data/ext/enterprise_script_service/mruby/build_config.rb +6 -6
  149. data/ext/enterprise_script_service/mruby/doc/guides/compile.md +6 -2
  150. data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
  151. data/ext/enterprise_script_service/mruby/doc/guides/mrbconf.md +4 -8
  152. data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
  153. data/ext/enterprise_script_service/mruby/doc/opcode.md +108 -95
  154. data/ext/enterprise_script_service/mruby/examples/targets/build_config_ArduinoDue.rb +2 -2
  155. data/ext/enterprise_script_service/mruby/examples/targets/build_config_IntelEdison.rb +2 -2
  156. data/ext/enterprise_script_service/mruby/examples/targets/build_config_IntelGalileo.rb +2 -2
  157. data/ext/enterprise_script_service/mruby/examples/targets/build_config_RX630.rb +2 -2
  158. data/ext/enterprise_script_service/mruby/examples/targets/build_config_chipKITMax32.rb +2 -2
  159. data/ext/enterprise_script_service/mruby/examples/targets/build_config_dreamcast_shelf.rb +108 -0
  160. data/ext/enterprise_script_service/mruby/include/mrbconf.h +10 -7
  161. data/ext/enterprise_script_service/mruby/include/mruby.h +24 -9
  162. data/ext/enterprise_script_service/mruby/include/mruby/array.h +4 -0
  163. data/ext/enterprise_script_service/mruby/include/mruby/boxing_nan.h +11 -2
  164. data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -10
  165. data/ext/enterprise_script_service/mruby/include/mruby/common.h +10 -0
  166. data/ext/enterprise_script_service/mruby/include/mruby/compile.h +11 -3
  167. data/ext/enterprise_script_service/mruby/include/mruby/dump.h +1 -17
  168. data/ext/enterprise_script_service/mruby/include/mruby/irep.h +10 -0
  169. data/ext/enterprise_script_service/mruby/include/mruby/istruct.h +4 -1
  170. data/ext/enterprise_script_service/mruby/include/mruby/khash.h +23 -5
  171. data/ext/enterprise_script_service/mruby/include/mruby/numeric.h +1 -0
  172. data/ext/enterprise_script_service/mruby/include/mruby/ops.h +3 -2
  173. data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
  174. data/ext/enterprise_script_service/mruby/include/mruby/string.h +2 -1
  175. data/ext/enterprise_script_service/mruby/include/mruby/value.h +32 -41
  176. data/ext/enterprise_script_service/mruby/include/mruby/version.h +4 -4
  177. data/ext/enterprise_script_service/mruby/lib/mruby/build.rb +2 -30
  178. data/ext/enterprise_script_service/mruby/lib/mruby/build/command.rb +21 -46
  179. data/ext/enterprise_script_service/mruby/lib/mruby/gem.rb +9 -0
  180. data/ext/enterprise_script_service/mruby/lib/mruby/source.rb +3 -1
  181. data/ext/enterprise_script_service/mruby/mrbgems/default.gembox +7 -0
  182. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/mrblib/array.rb +0 -31
  183. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
  184. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/test/array.rb +0 -13
  185. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mrbgem.rake +5 -2
  186. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c +0 -1
  187. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdbconf.h +5 -1
  188. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +7 -3
  189. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +24 -21
  190. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/mrbgem.rake +0 -1
  191. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c +6 -2
  192. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c +6 -2
  193. data/ext/enterprise_script_service/mruby/mrbgems/mruby-class-ext/src/class.c +6 -1
  194. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/codegen.c +76 -48
  195. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/parse.y +107 -32
  196. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/y.tab.c +13153 -0
  197. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/mrbgem.rake +13 -15
  198. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
  199. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
  200. data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/src/exception.c +3 -3
  201. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +3 -214
  202. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/test/eval.rb +21 -0
  203. data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
  204. data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c +1 -3
  205. data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
  206. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/include/mruby/ext/io.h +39 -7
  207. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrbgem.rake +2 -8
  208. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file_constants.rb +0 -16
  209. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/io.rb +7 -12
  210. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +77 -32
  211. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +18 -36
  212. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +324 -122
  213. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/file.rb +18 -12
  214. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/io.rb +32 -0
  215. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/mruby_io_test.c +57 -49
  216. data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
  217. data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/src/metaprog.c +15 -17
  218. data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/test/metaprog.rb +9 -0
  219. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +4 -5
  220. data/ext/enterprise_script_service/mruby/mrbgems/mruby-object-ext/src/object.c +3 -12
  221. data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
  222. data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/src/pack.c +113 -10
  223. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +6 -3
  224. data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/src/proc.c +2 -2
  225. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
  226. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
  227. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/src/rational.c +9 -9
  228. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/src/mrb_sleep.c +1 -1
  229. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/mrbgem.rake +1 -1
  230. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/test/sockettest.c +3 -2
  231. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +62 -25
  232. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/test/sprintf.rb +5 -23
  233. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +4 -5
  234. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
  235. data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/src/symbol.c +1 -1
  236. data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/mrbgem.rake +1 -0
  237. data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +11 -15
  238. data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
  239. data/ext/enterprise_script_service/mruby/mrblib/hash.rb +3 -3
  240. data/ext/enterprise_script_service/mruby/src/array.c +25 -11
  241. data/ext/enterprise_script_service/mruby/src/backtrace.c +2 -2
  242. data/ext/enterprise_script_service/mruby/src/class.c +48 -32
  243. data/ext/enterprise_script_service/mruby/src/codedump.c +4 -0
  244. data/ext/enterprise_script_service/mruby/src/debug.c +8 -5
  245. data/ext/enterprise_script_service/mruby/src/dump.c +3 -65
  246. data/ext/enterprise_script_service/mruby/src/error.c +58 -7
  247. data/ext/enterprise_script_service/mruby/src/etc.c +13 -5
  248. data/ext/enterprise_script_service/mruby/src/fmt_fp.c +98 -21
  249. data/ext/enterprise_script_service/mruby/src/gc.c +15 -280
  250. data/ext/enterprise_script_service/mruby/src/hash.c +13 -21
  251. data/ext/enterprise_script_service/mruby/src/kernel.c +6 -9
  252. data/ext/enterprise_script_service/mruby/src/load.c +56 -30
  253. data/ext/enterprise_script_service/mruby/src/numeric.c +50 -70
  254. data/ext/enterprise_script_service/mruby/src/object.c +23 -5
  255. data/ext/enterprise_script_service/mruby/src/print.c +27 -3
  256. data/ext/enterprise_script_service/mruby/src/proc.c +26 -7
  257. data/ext/enterprise_script_service/mruby/src/range.c +4 -12
  258. data/ext/enterprise_script_service/mruby/src/state.c +34 -11
  259. data/ext/enterprise_script_service/mruby/src/string.c +93 -56
  260. data/ext/enterprise_script_service/mruby/src/symbol.c +13 -12
  261. data/ext/enterprise_script_service/mruby/src/vm.c +48 -53
  262. data/ext/enterprise_script_service/mruby/tasks/gitlab.rake +19 -22
  263. data/ext/enterprise_script_service/mruby/tasks/mrbgems.rake +1 -1
  264. data/ext/enterprise_script_service/mruby/tasks/toolchains/android.rake +46 -1
  265. data/ext/enterprise_script_service/mruby/tasks/toolchains/gcc.rake +3 -3
  266. data/ext/enterprise_script_service/mruby/tasks/toolchains/openwrt.rake +6 -6
  267. data/ext/enterprise_script_service/mruby/tasks/toolchains/visualcpp.rake +8 -8
  268. data/ext/enterprise_script_service/mruby/test/assert.rb +5 -4
  269. data/ext/enterprise_script_service/mruby/test/t/ensure.rb +8 -26
  270. data/ext/enterprise_script_service/mruby/test/t/exception.rb +2 -2
  271. data/ext/enterprise_script_service/mruby/test/t/kernel.rb +15 -24
  272. data/ext/enterprise_script_service/mruby/travis_config.rb +0 -14
  273. data/ext/enterprise_script_service/msgpack/.github/depends/boost.sh +56 -0
  274. data/ext/enterprise_script_service/msgpack/.github/workflows/coverage.yml +62 -0
  275. data/ext/enterprise_script_service/msgpack/.github/workflows/gha.yml +304 -0
  276. data/ext/enterprise_script_service/msgpack/CHANGELOG.md +11 -0
  277. data/ext/enterprise_script_service/msgpack/CMakeLists.txt +82 -39
  278. data/ext/enterprise_script_service/msgpack/Files.cmake +22 -12
  279. data/ext/enterprise_script_service/msgpack/QUICKSTART-C.md +26 -29
  280. data/ext/enterprise_script_service/msgpack/README.md +3 -2
  281. data/ext/enterprise_script_service/msgpack/appveyor.yml +6 -2
  282. data/ext/enterprise_script_service/msgpack/ci/build_cmake.sh +3 -1
  283. data/ext/enterprise_script_service/msgpack/cmake/CodeCoverage.cmake +55 -0
  284. data/ext/enterprise_script_service/msgpack/codecov.yml +36 -0
  285. data/ext/enterprise_script_service/msgpack/example/CMakeLists.txt +9 -5
  286. data/ext/enterprise_script_service/msgpack/example/boost/CMakeLists.txt +1 -1
  287. data/ext/enterprise_script_service/msgpack/example/c/CMakeLists.txt +17 -6
  288. data/ext/enterprise_script_service/msgpack/example/c/boundary.c +296 -0
  289. data/ext/enterprise_script_service/msgpack/example/c/jsonconv.c +419 -0
  290. data/ext/enterprise_script_service/msgpack/example/c/simple_c.c +1 -1
  291. data/ext/enterprise_script_service/msgpack/example/cpp03/CMakeLists.txt +3 -3
  292. data/ext/enterprise_script_service/msgpack/example/cpp11/CMakeLists.txt +2 -2
  293. data/ext/enterprise_script_service/msgpack/example/x3/CMakeLists.txt +2 -2
  294. data/ext/enterprise_script_service/msgpack/include/msgpack/pack.h +24 -1
  295. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/array_ref.hpp +5 -4
  296. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/boost/optional.hpp +4 -4
  297. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/cpp17/vector_byte.hpp +8 -8
  298. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/map.hpp +4 -4
  299. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector.hpp +4 -4
  300. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_char.hpp +8 -8
  301. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_unsigned_char.hpp +8 -8
  302. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/wstring.hpp +4 -4
  303. data/ext/enterprise_script_service/msgpack/include/msgpack/v3/unpack.hpp +6 -6
  304. data/ext/enterprise_script_service/msgpack/include/msgpack/version_master.h +2 -2
  305. data/ext/enterprise_script_service/msgpack/include/msgpack/zbuffer.h +4 -4
  306. data/ext/enterprise_script_service/msgpack/make_file_list.sh +38 -11
  307. data/ext/enterprise_script_service/msgpack/src/vrefbuffer.c +6 -0
  308. data/ext/enterprise_script_service/msgpack/test/CMakeLists.txt +86 -64
  309. data/ext/enterprise_script_service/msgpack/test/array_ref.cpp +4 -0
  310. data/ext/enterprise_script_service/msgpack/test/boost_fusion.cpp +4 -0
  311. data/ext/enterprise_script_service/msgpack/test/boost_optional.cpp +4 -0
  312. data/ext/enterprise_script_service/msgpack/test/boost_string_ref.cpp +4 -1
  313. data/ext/enterprise_script_service/msgpack/test/boost_string_view.cpp +4 -0
  314. data/ext/enterprise_script_service/msgpack/test/boost_variant.cpp +4 -0
  315. data/ext/enterprise_script_service/msgpack/test/buffer.cpp +4 -47
  316. data/ext/enterprise_script_service/msgpack/test/buffer_c.cpp +148 -0
  317. data/ext/enterprise_script_service/msgpack/test/carray.cpp +4 -0
  318. data/ext/enterprise_script_service/msgpack/test/cases.cpp +8 -4
  319. data/ext/enterprise_script_service/msgpack/test/convert.cpp +8 -4
  320. data/ext/enterprise_script_service/msgpack/test/fixint.cpp +4 -0
  321. data/ext/enterprise_script_service/msgpack/test/fixint_c.cpp +4 -0
  322. data/ext/enterprise_script_service/msgpack/test/fuzz_unpack_pack_fuzzer_cpp11.cpp +4 -0
  323. data/ext/enterprise_script_service/msgpack/test/iterator_cpp11.cpp +4 -0
  324. data/ext/enterprise_script_service/msgpack/test/json.cpp +4 -0
  325. data/ext/enterprise_script_service/msgpack/test/limit.cpp +8 -4
  326. data/ext/enterprise_script_service/msgpack/test/msgpack_basic.cpp +4 -0
  327. data/ext/enterprise_script_service/msgpack/test/msgpack_c.cpp +159 -0
  328. data/ext/enterprise_script_service/msgpack/test/msgpack_container.cpp +4 -0
  329. data/ext/enterprise_script_service/msgpack/test/msgpack_cpp11.cpp +32 -27
  330. data/ext/enterprise_script_service/msgpack/test/msgpack_cpp17.cpp +4 -0
  331. data/ext/enterprise_script_service/msgpack/test/msgpack_stream.cpp +4 -0
  332. data/ext/enterprise_script_service/msgpack/test/msgpack_tuple.cpp +4 -1
  333. data/ext/enterprise_script_service/msgpack/test/msgpack_vref.cpp +4 -0
  334. data/ext/enterprise_script_service/msgpack/test/msgpack_x3_parse.cpp +4 -0
  335. data/ext/enterprise_script_service/msgpack/test/object.cpp +4 -1
  336. data/ext/enterprise_script_service/msgpack/test/object_with_zone.cpp +12 -8
  337. data/ext/enterprise_script_service/msgpack/test/pack_unpack.cpp +30 -26
  338. data/ext/enterprise_script_service/msgpack/test/pack_unpack_c.cpp +4 -0
  339. data/ext/enterprise_script_service/msgpack/test/raw.cpp +4 -0
  340. data/ext/enterprise_script_service/msgpack/test/reference.cpp +4 -0
  341. data/ext/enterprise_script_service/msgpack/test/reference_cpp11.cpp +4 -0
  342. data/ext/enterprise_script_service/msgpack/test/reference_wrapper_cpp11.cpp +4 -0
  343. data/ext/enterprise_script_service/msgpack/test/shared_ptr_cpp11.cpp +4 -0
  344. data/ext/enterprise_script_service/msgpack/test/size_equal_only.cpp +4 -0
  345. data/ext/enterprise_script_service/msgpack/test/streaming.cpp +8 -4
  346. data/ext/enterprise_script_service/msgpack/test/streaming_c.cpp +4 -0
  347. data/ext/enterprise_script_service/msgpack/test/unique_ptr_cpp11.cpp +4 -0
  348. data/ext/enterprise_script_service/msgpack/test/user_class.cpp +16 -12
  349. data/ext/enterprise_script_service/msgpack/test/version.cpp +4 -0
  350. data/ext/enterprise_script_service/msgpack/test/visitor.cpp +4 -0
  351. data/ext/enterprise_script_service/msgpack/test/zone.cpp +4 -0
  352. data/lib/script_core/engine.rb +24 -5
  353. data/lib/script_core/executable.rb +4 -3
  354. data/lib/script_core/result.rb +1 -5
  355. data/lib/script_core/service_channel.rb +1 -0
  356. data/lib/script_core/version.rb +1 -1
  357. data/lib/tasks/script_core.rake +3 -1
  358. data/script_core.gemspec +2 -2
  359. data/spec/dummy/app/lib/script_engine.rb +64 -5
  360. metadata +68 -30
  361. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
  362. data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
  363. data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
  364. data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
  365. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
  366. data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
  367. data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
  368. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
  369. data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -626
  370. data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -626
  371. data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
  372. data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
  373. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
  374. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
  375. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
  376. data/ext/enterprise_script_service/msgpack/.travis.yml +0 -258
data/ext/enterprise_script_service/libseccomp/CREDITS CHANGED
@@ -2,18 +2,24 @@ libseccomp: Contributors
2
2
  ========================================================================
3
3
  https://github.com/seccomp/libseccomp
4
4
 
5
+ Alex Murray <alex.murray@canonical.com>
6
+ Andreas Schwab <schwab@suse.de>
5
7
  Andrew Jones <drjones@redhat.com>
6
8
  Andy Lutomirski <luto@amacapital.net>
7
9
  Ashley Lai <adlai@us.ibm.com>
8
10
  Bogdan Purcareata <bogdan.purcareata@freescale.com>
9
11
  Brian Cain <brian.cain@gmail.com>
12
+ Christopher Waldon <christopher.waldon.dev@gmail.com>
13
+ Chris Waldon <chris.waldon@ibm.com>
10
14
  Colin Walters <walters@verbum.org>
11
15
  Corey Bryant <coreyb@linux.vnet.ibm.com>
12
16
  David Drysdale <drysdale@google.com>
13
17
  Eduardo Otubo <otubo@linux.vnet.ibm.com>
14
18
  Eric Paris <eparis@redhat.com>
19
+ Fabrice Fontaine <fontaine.fabrice@gmail.com>
15
20
  Felix Abecassis <fabecassis@nvidia.com>
16
21
  Felix Geyer <debfx@fobos.de>
22
+ Giuseppe Scrivano <gscrivan@redhat.com>
17
23
  Heiko Carstens <heiko.carstens@de.ibm.com>
18
24
  Helge Deller <deller@gmx.de>
19
25
  Jake Edge <jake@lwn.net>
@@ -23,9 +29,11 @@ Jan Willeke <willeke@linux.vnet.ibm.com>
23
29
  Jay Guo <guojiannan@cn.ibm.com>
24
30
  Jiannan Guo <guojiannan1101@gmail.com>
25
31
  Joe MacDonald <joe@deserted.net>
32
+ Jonah Petri <jonah@petri.us>
26
33
  Justin Cormack <justin.cormack@docker.com>
27
34
  Kees Cook <keescook@chromium.org>
28
35
  Kyle R. Conway <kyle.r.conway@gmail.com>
36
+ Kenta Tada <Kenta.Tada@sony.com>
29
37
  Luca Bruno <lucab@debian.org>
30
38
  Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
31
39
  Marcus Meissner <meissner@suse.de>
@@ -34,13 +42,16 @@ Mathias Krause <minipli@googlemail.com>
34
42
  Michael Forney <mforney@mforney.org>
35
43
  Mike Frysinger <vapier@gentoo.org>
36
44
  Mike Strosaker <strosake@linux.vnet.ibm.com>
45
+ Miroslav Lichvar <mlichvar@redhat.com>
37
46
  Paul Moore <paul@paul-moore.com>
47
+ Rolf Eike Beer <eb@emlix.com>
38
48
  Serge Hallyn <serge.hallyn@ubuntu.com>
39
49
  Stéphane Graber <stgraber@ubuntu.com>
40
50
  Stephen Coleman <omegacoleman@gmail.com>
41
51
  Thiago Marcos P. Santos <thiago.santos@intel.com>
42
52
  Tobias Klauser <tklauser@distanz.ch>
43
53
  Tom Hromatka <tom.hromatka@oracle.com>
54
+ Tudor Brindus <me@tbrindus.ca>
44
55
  Tycho Andersen <tycho@tycho.ws>
45
56
  Tyler Hicks <tyhicks@canonical.com>
46
57
  valoq <valoq@mailbox.org>
data/ext/enterprise_script_service/libseccomp/README.md CHANGED
@@ -1,10 +1,11 @@
1
- ![Enhanced Seccomp Helper Library](https://github.com/seccomp/libseccomp-artwork/blob/master/logo/libseccomp-color_text.png)
1
+ ![Enhanced Seccomp Helper Library](https://github.com/seccomp/libseccomp-artwork/blob/main/logo/libseccomp-color_text.png)
2
2
  ===============================================================================
3
3
  https://github.com/seccomp/libseccomp
4
4
 
5
5
  [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/608/badge)](https://bestpractices.coreinfrastructure.org/projects/608)
6
6
  [![Build Status](https://img.shields.io/travis/seccomp/libseccomp/master.svg)](https://travis-ci.org/seccomp/libseccomp)
7
7
  [![Coverage Status](https://img.shields.io/coveralls/github/seccomp/libseccomp/master.svg)](https://coveralls.io/github/seccomp/libseccomp?branch=master)
8
+ [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/seccomp/libseccomp.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/seccomp/libseccomp/context:cpp)
8
9
 
9
10
  The libseccomp library provides an easy to use, platform independent, interface
10
11
  to the Linux Kernel's syscall filtering mechanism. The libseccomp API is
@@ -52,6 +53,7 @@ The libseccomp library currently supports the architectures listed below:
52
53
  * 64-bit PowerPC little endian (ppc64le)
53
54
  * 32-bit s390 (s390)
54
55
  * 64-bit s390x (s390x)
56
+ * 64-bit RISC-V (riscv64)
55
57
 
56
58
  ## Documentation
57
59
 
@@ -63,6 +65,24 @@ CHANGELOG files.
63
65
  Those who are interested in contributing to the the project are encouraged to
64
66
  read the CONTRIBUTING in the top level directory.
65
67
 
68
+ ## Verifying Release Tarballs
69
+
70
+ Before use you should verify the downloaded release tarballs and checksums
71
+ using the detached signatures supplied as part of the release; the detached
72
+ signature files are the "*.asc" files. If you have GnuPG installed you can
73
+ verify detached signatures using the following command:
74
+
75
+ # gpg --verify file.asc file
76
+
77
+ At present, only the following keys are authorized to sign official libseccomp
78
+ releases:
79
+
80
+ Paul Moore <paul@paul-moore.com>
81
+ 7100 AADF AE6E 6E94 0D2E 0AD6 55E4 5A5A E8CA 7C8A
82
+
83
+ Tom Hromatka <tom.hromatka@oracle.com>
84
+ 47A6 8FCE 37C7 D702 4FD6 5E11 356C E62C 2B52 4099
85
+
66
86
  ## Building and Installing the Library
67
87
 
68
88
  If you are building the libseccomp library from an official release tarball,
data/ext/enterprise_script_service/libseccomp/configure.ac CHANGED
@@ -19,7 +19,7 @@ dnl #
19
19
  dnl ####
20
20
  dnl libseccomp defines
21
21
  dnl ####
22
- AC_INIT([libseccomp], [2.4.2])
22
+ AC_INIT([libseccomp], [2.5.0])
23
23
 
24
24
  dnl ####
25
25
  dnl autoconf configuration
@@ -66,7 +66,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
66
66
  dnl ####
67
67
  dnl build flags
68
68
  dnl ####
69
- AM_CPPFLAGS="-I\${top_srcdir}/include"
69
+ AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include"
70
70
  AM_CFLAGS="-Wall"
71
71
  AM_LDFLAGS="-Wl,-z -Wl,relro"
72
72
  AC_SUBST([AM_CPPFLAGS])
@@ -91,11 +91,11 @@ AC_SUBST([VERSION_MICRO])
91
91
  dnl ####
92
92
  dnl cython checks
93
93
  dnl ####
94
- AC_CHECK_PROG(have_cython, cython, "yes", "no")
95
- AS_IF([test "$have_cython" = yes], [
96
- AS_ECHO("checking cython version... $(cython -V 2>&1 | cut -d' ' -f 3)")
97
- CYTHON_VER_MAJ=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1);
98
- CYTHON_VER_MIN=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2);
94
+ AC_CHECK_PROGS(cython, cython3 cython, "no")
95
+ AS_IF([test "$cython" != no], [
96
+ AS_ECHO("checking cython version... $($cython -V 2>&1 | cut -d' ' -f 3)")
97
+ CYTHON_VER_MAJ=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1);
98
+ CYTHON_VER_MIN=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2);
99
99
  ],[
100
100
  CYTHON_VER_MAJ=0
101
101
  CYTHON_VER_MIN=0
@@ -112,13 +112,18 @@ AS_IF([test "$enable_python" = yes], [
112
112
  AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 29], [
113
113
  AC_MSG_ERROR([python bindings require cython 0.29 or higher])
114
114
  ])
115
- AM_PATH_PYTHON
115
+ AM_PATH_PYTHON([3])
116
116
  ])
117
117
  AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes])
118
118
  AC_DEFINE_UNQUOTED([ENABLE_PYTHON],
119
119
  [$(test "$enable_python" = yes && echo 1 || echo 0)],
120
120
  [Python bindings build flag.])
121
121
 
122
+ AC_CHECK_TOOL(GPERF, gperf)
123
+ if test -z "$GPERF"; then
124
+ AC_MSG_ERROR([please install gperf])
125
+ fi
126
+
122
127
  dnl ####
123
128
  dnl coverity checks
124
129
  dnl ####
data/ext/enterprise_script_service/libseccomp/doc/Makefile.am CHANGED
@@ -38,6 +38,12 @@ dist_man3_MANS = \
38
38
  man/man3/seccomp_rule_add_array.3 \
39
39
  man/man3/seccomp_rule_add_exact.3 \
40
40
  man/man3/seccomp_rule_add_exact_array.3 \
41
+ man/man3/seccomp_notify_alloc.3 \
42
+ man/man3/seccomp_notify_fd.3 \
43
+ man/man3/seccomp_notify_free.3 \
44
+ man/man3/seccomp_notify_id_valid.3 \
45
+ man/man3/seccomp_notify_receive.3 \
46
+ man/man3/seccomp_notify_respond.3 \
41
47
  man/man3/seccomp_syscall_priority.3 \
42
48
  man/man3/seccomp_syscall_resolve_name.3 \
43
49
  man/man3/seccomp_syscall_resolve_name_arch.3 \
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_api_get" 3 "8 October 2017" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_api_get" 3 "13 June 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -49,7 +49,17 @@ the
49
49
  syscall to load the seccomp filter into the kernel.
50
50
  .TP
51
51
  .B 3
52
- The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are supported.
52
+ The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are
53
+ supported.
54
+ .TP
55
+ .B 4
56
+ The SCMP_FLTATR_CTL_SSB filter attribute is supported.
57
+ .TP
58
+ .B 5
59
+ The SCMP_ACT_NOTIFY action and the notify APIs are supported.
60
+ .TP
61
+ .B 5
62
+ The simultaneous use of SCMP_FLTATR_CTL_TSYNC and the notify APIs are supported.
53
63
  .\" //////////////////////////////////////////////////////////////////////////
54
64
  .SH RETURN VALUE
55
65
  .\" //////////////////////////////////////////////////////////////////////////
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_arch_add" 3 "7 May 2014" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_arch_add" 3 "15 June 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -14,6 +14,23 @@ seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist, seccomp_arch_native \
14
14
  .B #define SCMP_ARCH_NATIVE
15
15
  .B #define SCMP_ARCH_X86
16
16
  .B #define SCMP_ARCH_X86_64
17
+ .B #define SCMP_ARCH_X32
18
+ .B #define SCMP_ARCH_ARM
19
+ .B #define SCMP_ARCH_AARCH64
20
+ .B #define SCMP_ARCH_MIPS
21
+ .B #define SCMP_ARCH_MIPS64
22
+ .B #define SCMP_ARCH_MIPS64N32
23
+ .B #define SCMP_ARCH_MIPSEL
24
+ .B #define SCMP_ARCH_MIPSEL64
25
+ .B #define SCMP_ARCH_MIPSEL64N32
26
+ .B #define SCMP_ARCH_PPC
27
+ .B #define SCMP_ARCH_PPC64
28
+ .B #define SCMP_ARCH_PPC64LE
29
+ .B #define SCMP_ARCH_S390
30
+ .B #define SCMP_ARCH_S390X
31
+ .B #define SCMP_ARCH_PARISC
32
+ .B #define SCMP_ARCH_PARISC64
33
+ .B #define SCMP_ARCH_RISCV64
17
34
  .sp
18
35
  .BI "uint32_t seccomp_arch_resolve_name(const char *" arch_name ");"
19
36
  .BI "uint32_t seccomp_arch_native();"
@@ -69,13 +86,28 @@ new architecture will be added to all of the architectures in the filter.
69
86
  .SH RETURN VALUE
70
87
  .\" //////////////////////////////////////////////////////////////////////////
71
88
  The
72
- .BR seccomp_arch_add ()
89
+ .BR seccomp_arch_add (),
90
+ .BR seccomp_arch_remove (),
73
91
  and
74
- .BR seccomp_arch_remove ()
75
- functions return zero on success, negative errno values on failure. The
76
92
  .BR seccomp_arch_exist ()
77
- function returns zero if the architecture exists, \-EEXIST if it does not, and
78
- other negative errno values on failure.
93
+ functions return zero on success or one of the following error codes on
94
+ failure:
95
+ .TP
96
+ .B -EDOM
97
+ Architecture specific failure.
98
+ .TP
99
+ .B -EEXIST
100
+ In the case of
101
+ .BR seccomp_arch_add ()
102
+ the architecture already exists and in the case of
103
+ .BR seccomp_arch_remove ()
104
+ the architecture does not exist.
105
+ .TP
106
+ .B -EINVAL
107
+ Invalid input, either the context or architecture token is invalid.
108
+ .TP
109
+ .B -ENOMEM
110
+ The library was unable to allocate enough memory.
79
111
  .\" //////////////////////////////////////////////////////////////////////////
80
112
  .SH EXAMPLES
81
113
  .\" //////////////////////////////////////////////////////////////////////////
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_attr_set" 3 "21 August 2014" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_attr_set" 3 "06 June 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -94,10 +94,61 @@ the
94
94
  action. Defaults to off (
95
95
  .I value
96
96
  == 0).
97
+ .TP
98
+ .B SCMP_FLTATR_CTL_SSB
99
+ A flag to disable Speculative Store Bypass mitigations for this filter.
100
+ Defaults to off (
101
+ .I value
102
+ == 0).
103
+ .TP
104
+ .B SCMP_FLTATR_CTL_OPTIMIZE
105
+ A flag to specify the optimization level of the seccomp filter. By default
106
+ libseccomp generates a set of sequential \'if\' statements for each rule in
107
+ the filter.
108
+ .BR seccomp_syscall_priority(3)
109
+ can be used to prioritize the order for the default cause. The binary tree
110
+ optimization sorts by syscall numbers and generates consistent
111
+ .BR O(log\ n)
112
+ filter traversal for every rule in the filter. The binary tree may be
113
+ advantageous for large filters. Note that
114
+ .BR seccomp_syscall_priority(3)
115
+ is ignored when SCMP_FLTATR_CTL_OPTIMIZE == 2.
116
+ .RS
117
+ .P
118
+ The different optimization levels are described below:
119
+ .TP
120
+ .B 0
121
+ Reserved value, not currently used.
122
+ .TP
123
+ .B 1
124
+ Rules sorted by priority and complexity (DEFAULT).
125
+ .TP
126
+ .B 2
127
+ Binary tree sorted by syscall number.
128
+ .RE
129
+ .TP
130
+ .B SCMP_FLTATR_API_SYSRAWRC
131
+ A flag to specify if libseccomp should pass system error codes back to the
132
+ caller instead of the default -ECANCELED. Defaults to off (
133
+ .I value
134
+ == 0).
97
135
  .\" //////////////////////////////////////////////////////////////////////////
98
136
  .SH RETURN VALUE
99
137
  .\" //////////////////////////////////////////////////////////////////////////
100
- Returns zero on success, negative errno values on failure.
138
+ Returns zero on success or one of the following error codes on
139
+ failure:
140
+ .TP
141
+ .B -EACCES
142
+ Setting the attribute with the given value is not allowed.
143
+ .TP
144
+ .B -EEXIST
145
+ The attribute does not exist.
146
+ .TP
147
+ .B -EINVAL
148
+ Invalid input, either the context or architecture token is invalid.
149
+ .TP
150
+ .B -EOPNOTSUPP
151
+ The library doesn't support the particular operation.
101
152
  .\" //////////////////////////////////////////////////////////////////////////
102
153
  .SH EXAMPLES
103
154
  .\" //////////////////////////////////////////////////////////////////////////
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_export_bpf" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_export_bpf" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -45,7 +45,25 @@ ordering, are not guaranteed to be the same in both the BPF and PFC formats.
45
45
  .\" //////////////////////////////////////////////////////////////////////////
46
46
  .SH RETURN VALUE
47
47
  .\" //////////////////////////////////////////////////////////////////////////
48
- Returns zero on success, negative errno values on failure.
48
+ Return zero on success or one of the following error codes on
49
+ failure:
50
+ .TP
51
+ .B -ECANCELED
52
+ There was a system failure beyond the control of the library.
53
+ .TP
54
+ .B -EFAULT
55
+ Internal libseccomp failure.
56
+ .TP
57
+ .B -EINVAL
58
+ Invalid input, either the context or architecture token is invalid.
59
+ .TP
60
+ .B -ENOMEM
61
+ The library was unable to allocate enough memory.
62
+ .P
63
+ If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
64
+ additional error codes may be returned to the caller; these additional error
65
+ codes are the negative \fIerrno\fP values returned by the system. Unfortunately
66
+ libseccomp can make no guarantees about these return values.
49
67
  .\" //////////////////////////////////////////////////////////////////////////
50
68
  .SH EXAMPLES
51
69
  .\" //////////////////////////////////////////////////////////////////////////
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_init" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_init" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -98,7 +98,14 @@ The
98
98
  .BR seccomp_init ()
99
99
  function returns a filter context on success, NULL on failure. The
100
100
  .BR seccomp_reset ()
101
- function returns zero on success, negative errno values on failure.
101
+ function returns zero on success or one of the following error codes on
102
+ failure:
103
+ .TP
104
+ .B -EINVAL
105
+ Invalid input, either the context or action is invalid.
106
+ .TP
107
+ .B -ENOMEM
108
+ The library was unable to allocate enough memory.
102
109
  .\" //////////////////////////////////////////////////////////////////////////
103
110
  .SH EXAMPLES
104
111
  .\" //////////////////////////////////////////////////////////////////////////
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_load" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_load" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -23,10 +23,40 @@ Loads the seccomp filter provided by
23
23
  .I ctx
24
24
  into the kernel; if the function
25
25
  succeeds the new seccomp filter will be active when the function returns.
26
+ .P
27
+ As it is possible to have multiple stacked seccomp filters for a given task
28
+ (defined as either a process or a thread), it is important to remember that
29
+ each of the filters loaded for a given task are executed when a syscall is
30
+ made and the "strictest" rule is the rule that is applied. In the case of
31
+ seccomp, "strictest" is defined as the action with the lowest value (e.g.
32
+ .I SCMP_ACT_KILL
33
+ is "stricter" than
34
+ .I SCMP_ACT_ALLOW
35
+ ).
26
36
  .\" //////////////////////////////////////////////////////////////////////////
27
37
  .SH RETURN VALUE
28
38
  .\" //////////////////////////////////////////////////////////////////////////
29
- Returns zero on success, negative errno values on failure.
39
+ Returns zero on success or one of the following error codes on failure:
40
+ .TP
41
+ .B -ECANCELED
42
+ There was a system failure beyond the control of the library.
43
+ .TP
44
+ .B -EFAULT
45
+ Internal libseccomp failure.
46
+ .TP
47
+ .B -EINVAL
48
+ Invalid input, either the context or architecture token is invalid.
49
+ .TP
50
+ .B -ENOMEM
51
+ The library was unable to allocate enough memory.
52
+ .TP
53
+ .B -ESRCH
54
+ Unable to load the filter due to thread issues.
55
+ .P
56
+ If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
57
+ additional error codes may be returned to the caller; these additional error
58
+ codes are the negative \fIerrno\fP values returned by the system. Unfortunately
59
+ libseccomp can make no guarantees about these return values.
30
60
  .\" //////////////////////////////////////////////////////////////////////////
31
61
  .SH EXAMPLES
32
62
  .\" //////////////////////////////////////////////////////////////////////////
data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "seccomp_merge" 3 "28 September 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_merge" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -41,7 +41,21 @@ attribute values and no overlapping architectures.
41
41
  .\" //////////////////////////////////////////////////////////////////////////
42
42
  .SH RETURN VALUE
43
43
  .\" //////////////////////////////////////////////////////////////////////////
44
- Returns zero on success and negative values on failure.
44
+ Returns zero on success or one of the following error codes on
45
+ failure:
46
+ .TP
47
+ .B -EDOM
48
+ Unable to merge the filters due to architecture issues, e.g. byte endian
49
+ mismatches.
50
+ .TP
51
+ .B -EEXIST
52
+ The architecture already exists in the filter.
53
+ .TP
54
+ .B -EINVAL
55
+ One of the filters is invalid.
56
+ .TP
57
+ .B -ENOMEM
58
+ The library was unable to allocate enough memory.
45
59
  .\" //////////////////////////////////////////////////////////////////////////
46
60
  .SH EXAMPLES
47
61
  .\" //////////////////////////////////////////////////////////////////////////