script_core 0.2.2 → 0.2.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +41 -45
- data/.travis.yml +2 -1
- data/Gemfile +3 -3
- data/README.md +7 -1
- data/bootstrap.sh +2 -2
- data/ext/enterprise_script_service/libseccomp/.travis.yml +24 -12
- data/ext/enterprise_script_service/libseccomp/CHANGELOG +32 -0
- data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
- data/ext/enterprise_script_service/libseccomp/CREDITS +11 -0
- data/ext/enterprise_script_service/libseccomp/README.md +21 -1
- data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
- data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
- data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +19 -0
- data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
- data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
- data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
- data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
- data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
- data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
- data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
- data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
- data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
- data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
- data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
- data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
- data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
- data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
- data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
- data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
- data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
- data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
- data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
- data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
- data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
- data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
- data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
- data/ext/enterprise_script_service/libseccomp/tests/.gitignore +10 -2
- data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
- data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
- data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
- data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
- data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +4 -3
- data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
- data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
- data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
- data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
- data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
- data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
- data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.c +48 -0
- data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.py +38 -0
- data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +34 -10
- data/ext/enterprise_script_service/libseccomp/tests/regression +10 -3
- data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
- data/ext/enterprise_script_service/libseccomp/tools/Makefile.am +0 -3
- data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
- data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
- data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +4 -0
- data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
- data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/build.yml +106 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/main.yml +24 -0
- data/ext/enterprise_script_service/mruby/.gitignore +3 -0
- data/ext/enterprise_script_service/mruby/.travis.yml +6 -9
- data/ext/enterprise_script_service/mruby/AUTHORS +1 -0
- data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
- data/ext/enterprise_script_service/mruby/LICENSE +1 -1
- data/ext/enterprise_script_service/mruby/README.md +6 -2
- data/ext/enterprise_script_service/mruby/appveyor.yml +9 -12
- data/ext/enterprise_script_service/mruby/appveyor_config.rb +9 -0
- data/ext/enterprise_script_service/mruby/build_config.rb +6 -6
- data/ext/enterprise_script_service/mruby/doc/guides/compile.md +6 -2
- data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
- data/ext/enterprise_script_service/mruby/doc/guides/mrbconf.md +4 -8
- data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
- data/ext/enterprise_script_service/mruby/doc/opcode.md +108 -95
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_ArduinoDue.rb +2 -2
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_IntelEdison.rb +2 -2
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_IntelGalileo.rb +2 -2
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_RX630.rb +2 -2
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_chipKITMax32.rb +2 -2
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_dreamcast_shelf.rb +108 -0
- data/ext/enterprise_script_service/mruby/include/mrbconf.h +10 -7
- data/ext/enterprise_script_service/mruby/include/mruby.h +24 -9
- data/ext/enterprise_script_service/mruby/include/mruby/array.h +4 -0
- data/ext/enterprise_script_service/mruby/include/mruby/boxing_nan.h +11 -2
- data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -10
- data/ext/enterprise_script_service/mruby/include/mruby/common.h +10 -0
- data/ext/enterprise_script_service/mruby/include/mruby/compile.h +11 -3
- data/ext/enterprise_script_service/mruby/include/mruby/dump.h +1 -17
- data/ext/enterprise_script_service/mruby/include/mruby/irep.h +10 -0
- data/ext/enterprise_script_service/mruby/include/mruby/istruct.h +4 -1
- data/ext/enterprise_script_service/mruby/include/mruby/khash.h +23 -5
- data/ext/enterprise_script_service/mruby/include/mruby/numeric.h +1 -0
- data/ext/enterprise_script_service/mruby/include/mruby/ops.h +3 -2
- data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
- data/ext/enterprise_script_service/mruby/include/mruby/string.h +2 -1
- data/ext/enterprise_script_service/mruby/include/mruby/value.h +32 -41
- data/ext/enterprise_script_service/mruby/include/mruby/version.h +4 -4
- data/ext/enterprise_script_service/mruby/lib/mruby/build.rb +2 -30
- data/ext/enterprise_script_service/mruby/lib/mruby/build/command.rb +21 -46
- data/ext/enterprise_script_service/mruby/lib/mruby/gem.rb +9 -0
- data/ext/enterprise_script_service/mruby/lib/mruby/source.rb +3 -1
- data/ext/enterprise_script_service/mruby/mrbgems/default.gembox +7 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/mrblib/array.rb +0 -31
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/test/array.rb +0 -13
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mrbgem.rake +5 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c +0 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdbconf.h +5 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +7 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +24 -21
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/mrbgem.rake +0 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c +6 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c +6 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-class-ext/src/class.c +6 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/codegen.c +76 -48
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/parse.y +107 -32
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/y.tab.c +13153 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/mrbgem.rake +13 -15
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/src/exception.c +3 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +3 -214
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/test/eval.rb +21 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c +1 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/include/mruby/ext/io.h +39 -7
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrbgem.rake +2 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file_constants.rb +0 -16
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/io.rb +7 -12
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +77 -32
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +18 -36
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +324 -122
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/file.rb +18 -12
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/io.rb +32 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/mruby_io_test.c +57 -49
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/src/metaprog.c +15 -17
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/test/metaprog.rb +9 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +4 -5
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-object-ext/src/object.c +3 -12
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/src/pack.c +113 -10
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +6 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/src/proc.c +2 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/src/rational.c +9 -9
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/src/mrb_sleep.c +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/mrbgem.rake +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/test/sockettest.c +3 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +62 -25
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/test/sprintf.rb +5 -23
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +4 -5
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/src/symbol.c +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/mrbgem.rake +1 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +11 -15
- data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
- data/ext/enterprise_script_service/mruby/mrblib/hash.rb +3 -3
- data/ext/enterprise_script_service/mruby/src/array.c +25 -11
- data/ext/enterprise_script_service/mruby/src/backtrace.c +2 -2
- data/ext/enterprise_script_service/mruby/src/class.c +48 -32
- data/ext/enterprise_script_service/mruby/src/codedump.c +4 -0
- data/ext/enterprise_script_service/mruby/src/debug.c +8 -5
- data/ext/enterprise_script_service/mruby/src/dump.c +3 -65
- data/ext/enterprise_script_service/mruby/src/error.c +58 -7
- data/ext/enterprise_script_service/mruby/src/etc.c +13 -5
- data/ext/enterprise_script_service/mruby/src/fmt_fp.c +98 -21
- data/ext/enterprise_script_service/mruby/src/gc.c +15 -280
- data/ext/enterprise_script_service/mruby/src/hash.c +13 -21
- data/ext/enterprise_script_service/mruby/src/kernel.c +6 -9
- data/ext/enterprise_script_service/mruby/src/load.c +56 -30
- data/ext/enterprise_script_service/mruby/src/numeric.c +50 -70
- data/ext/enterprise_script_service/mruby/src/object.c +23 -5
- data/ext/enterprise_script_service/mruby/src/print.c +27 -3
- data/ext/enterprise_script_service/mruby/src/proc.c +26 -7
- data/ext/enterprise_script_service/mruby/src/range.c +4 -12
- data/ext/enterprise_script_service/mruby/src/state.c +34 -11
- data/ext/enterprise_script_service/mruby/src/string.c +93 -56
- data/ext/enterprise_script_service/mruby/src/symbol.c +13 -12
- data/ext/enterprise_script_service/mruby/src/vm.c +48 -53
- data/ext/enterprise_script_service/mruby/tasks/gitlab.rake +19 -22
- data/ext/enterprise_script_service/mruby/tasks/mrbgems.rake +1 -1
- data/ext/enterprise_script_service/mruby/tasks/toolchains/android.rake +46 -1
- data/ext/enterprise_script_service/mruby/tasks/toolchains/gcc.rake +3 -3
- data/ext/enterprise_script_service/mruby/tasks/toolchains/openwrt.rake +6 -6
- data/ext/enterprise_script_service/mruby/tasks/toolchains/visualcpp.rake +8 -8
- data/ext/enterprise_script_service/mruby/test/assert.rb +5 -4
- data/ext/enterprise_script_service/mruby/test/t/ensure.rb +8 -26
- data/ext/enterprise_script_service/mruby/test/t/exception.rb +2 -2
- data/ext/enterprise_script_service/mruby/test/t/kernel.rb +15 -24
- data/ext/enterprise_script_service/mruby/travis_config.rb +0 -14
- data/ext/enterprise_script_service/msgpack/.github/depends/boost.sh +56 -0
- data/ext/enterprise_script_service/msgpack/.github/workflows/coverage.yml +62 -0
- data/ext/enterprise_script_service/msgpack/.github/workflows/gha.yml +304 -0
- data/ext/enterprise_script_service/msgpack/CHANGELOG.md +11 -0
- data/ext/enterprise_script_service/msgpack/CMakeLists.txt +82 -39
- data/ext/enterprise_script_service/msgpack/Files.cmake +22 -12
- data/ext/enterprise_script_service/msgpack/QUICKSTART-C.md +26 -29
- data/ext/enterprise_script_service/msgpack/README.md +3 -2
- data/ext/enterprise_script_service/msgpack/appveyor.yml +6 -2
- data/ext/enterprise_script_service/msgpack/ci/build_cmake.sh +3 -1
- data/ext/enterprise_script_service/msgpack/cmake/CodeCoverage.cmake +55 -0
- data/ext/enterprise_script_service/msgpack/codecov.yml +36 -0
- data/ext/enterprise_script_service/msgpack/example/CMakeLists.txt +9 -5
- data/ext/enterprise_script_service/msgpack/example/boost/CMakeLists.txt +1 -1
- data/ext/enterprise_script_service/msgpack/example/c/CMakeLists.txt +17 -6
- data/ext/enterprise_script_service/msgpack/example/c/boundary.c +296 -0
- data/ext/enterprise_script_service/msgpack/example/c/jsonconv.c +419 -0
- data/ext/enterprise_script_service/msgpack/example/c/simple_c.c +1 -1
- data/ext/enterprise_script_service/msgpack/example/cpp03/CMakeLists.txt +3 -3
- data/ext/enterprise_script_service/msgpack/example/cpp11/CMakeLists.txt +2 -2
- data/ext/enterprise_script_service/msgpack/example/x3/CMakeLists.txt +2 -2
- data/ext/enterprise_script_service/msgpack/include/msgpack/pack.h +24 -1
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/array_ref.hpp +5 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/boost/optional.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/cpp17/vector_byte.hpp +8 -8
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/map.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_char.hpp +8 -8
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_unsigned_char.hpp +8 -8
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/wstring.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v3/unpack.hpp +6 -6
- data/ext/enterprise_script_service/msgpack/include/msgpack/version_master.h +2 -2
- data/ext/enterprise_script_service/msgpack/include/msgpack/zbuffer.h +4 -4
- data/ext/enterprise_script_service/msgpack/make_file_list.sh +38 -11
- data/ext/enterprise_script_service/msgpack/src/vrefbuffer.c +6 -0
- data/ext/enterprise_script_service/msgpack/test/CMakeLists.txt +86 -64
- data/ext/enterprise_script_service/msgpack/test/array_ref.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_fusion.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_optional.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_string_ref.cpp +4 -1
- data/ext/enterprise_script_service/msgpack/test/boost_string_view.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_variant.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/buffer.cpp +4 -47
- data/ext/enterprise_script_service/msgpack/test/buffer_c.cpp +148 -0
- data/ext/enterprise_script_service/msgpack/test/carray.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/cases.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/convert.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/fixint.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/fixint_c.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/fuzz_unpack_pack_fuzzer_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/iterator_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/json.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/limit.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/msgpack_basic.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_c.cpp +159 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_container.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_cpp11.cpp +32 -27
- data/ext/enterprise_script_service/msgpack/test/msgpack_cpp17.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_stream.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_tuple.cpp +4 -1
- data/ext/enterprise_script_service/msgpack/test/msgpack_vref.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_x3_parse.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/object.cpp +4 -1
- data/ext/enterprise_script_service/msgpack/test/object_with_zone.cpp +12 -8
- data/ext/enterprise_script_service/msgpack/test/pack_unpack.cpp +30 -26
- data/ext/enterprise_script_service/msgpack/test/pack_unpack_c.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/raw.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/reference.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/reference_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/reference_wrapper_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/shared_ptr_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/size_equal_only.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/streaming.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/streaming_c.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/unique_ptr_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/user_class.cpp +16 -12
- data/ext/enterprise_script_service/msgpack/test/version.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/visitor.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/zone.cpp +4 -0
- data/lib/script_core/engine.rb +24 -5
- data/lib/script_core/executable.rb +4 -3
- data/lib/script_core/result.rb +1 -5
- data/lib/script_core/service_channel.rb +1 -0
- data/lib/script_core/version.rb +1 -1
- data/lib/tasks/script_core.rake +3 -1
- data/script_core.gemspec +2 -2
- data/spec/dummy/app/lib/script_engine.rb +64 -5
- metadata +68 -30
- data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
- data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -626
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -626
- data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
- data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
- data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
- data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
- data/ext/enterprise_script_service/msgpack/.travis.yml +0 -258
@@ -23,16 +23,8 @@
|
|
23
23
|
#ifndef _ARCH_PPC_H
|
24
24
|
#define _ARCH_PPC_H
|
25
25
|
|
26
|
-
#include <inttypes.h>
|
27
|
-
|
28
26
|
#include "arch.h"
|
29
|
-
#include "system.h"
|
30
|
-
|
31
|
-
extern const struct arch_def arch_def_ppc;
|
32
|
-
|
33
|
-
int ppc_syscall_resolve_name(const char *name);
|
34
|
-
const char *ppc_syscall_resolve_num(int num);
|
35
27
|
|
36
|
-
|
28
|
+
ARCH_DECL(ppc)
|
37
29
|
|
38
30
|
#endif
|
@@ -20,20 +20,618 @@
|
|
20
20
|
* along with this library; if not, see <http://www.gnu.org/licenses>.
|
21
21
|
*/
|
22
22
|
|
23
|
+
#include <stdlib.h>
|
24
|
+
#include <errno.h>
|
25
|
+
#include <string.h>
|
23
26
|
#include <linux/audit.h>
|
24
27
|
|
28
|
+
#include "db.h"
|
25
29
|
#include "arch.h"
|
26
30
|
#include "arch-ppc64.h"
|
27
31
|
|
32
|
+
/* ppc64 syscall numbers */
|
33
|
+
#define __ppc64_NR_socketcall 102
|
34
|
+
#define __ppc64_NR_ipc 117
|
35
|
+
|
36
|
+
/**
|
37
|
+
* Resolve a syscall name to a number
|
38
|
+
* @param name the syscall name
|
39
|
+
*
|
40
|
+
* Resolve the given syscall name to the syscall number using the syscall table.
|
41
|
+
* Returns the syscall number on success, including negative pseudo syscall
|
42
|
+
* numbers; returns __NR_SCMP_ERROR on failure.
|
43
|
+
*
|
44
|
+
*/
|
45
|
+
int ppc64_syscall_resolve_name_munge(const char *name)
|
46
|
+
{
|
47
|
+
if (strcmp(name, "accept") == 0)
|
48
|
+
return __PNR_accept;
|
49
|
+
if (strcmp(name, "accept4") == 0)
|
50
|
+
return __PNR_accept4;
|
51
|
+
else if (strcmp(name, "bind") == 0)
|
52
|
+
return __PNR_bind;
|
53
|
+
else if (strcmp(name, "connect") == 0)
|
54
|
+
return __PNR_connect;
|
55
|
+
else if (strcmp(name, "getpeername") == 0)
|
56
|
+
return __PNR_getpeername;
|
57
|
+
else if (strcmp(name, "getsockname") == 0)
|
58
|
+
return __PNR_getsockname;
|
59
|
+
else if (strcmp(name, "getsockopt") == 0)
|
60
|
+
return __PNR_getsockopt;
|
61
|
+
else if (strcmp(name, "listen") == 0)
|
62
|
+
return __PNR_listen;
|
63
|
+
else if (strcmp(name, "msgctl") == 0)
|
64
|
+
return __PNR_msgctl;
|
65
|
+
else if (strcmp(name, "msgget") == 0)
|
66
|
+
return __PNR_msgget;
|
67
|
+
else if (strcmp(name, "msgrcv") == 0)
|
68
|
+
return __PNR_msgrcv;
|
69
|
+
else if (strcmp(name, "msgsnd") == 0)
|
70
|
+
return __PNR_msgsnd;
|
71
|
+
else if (strcmp(name, "recv") == 0)
|
72
|
+
return __PNR_recv;
|
73
|
+
else if (strcmp(name, "recvfrom") == 0)
|
74
|
+
return __PNR_recvfrom;
|
75
|
+
else if (strcmp(name, "recvmsg") == 0)
|
76
|
+
return __PNR_recvmsg;
|
77
|
+
else if (strcmp(name, "recvmmsg") == 0)
|
78
|
+
return __PNR_recvmmsg;
|
79
|
+
else if (strcmp(name, "semctl") == 0)
|
80
|
+
return __PNR_semctl;
|
81
|
+
else if (strcmp(name, "semget") == 0)
|
82
|
+
return __PNR_semget;
|
83
|
+
else if (strcmp(name, "semtimedop") == 0)
|
84
|
+
return __PNR_semtimedop;
|
85
|
+
else if (strcmp(name, "send") == 0)
|
86
|
+
return __PNR_send;
|
87
|
+
else if (strcmp(name, "sendmsg") == 0)
|
88
|
+
return __PNR_sendmsg;
|
89
|
+
else if (strcmp(name, "sendmmsg") == 0)
|
90
|
+
return __PNR_sendmmsg;
|
91
|
+
else if (strcmp(name, "sendto") == 0)
|
92
|
+
return __PNR_sendto;
|
93
|
+
else if (strcmp(name, "setsockopt") == 0)
|
94
|
+
return __PNR_setsockopt;
|
95
|
+
else if (strcmp(name, "shmat") == 0)
|
96
|
+
return __PNR_shmat;
|
97
|
+
else if (strcmp(name, "shmdt") == 0)
|
98
|
+
return __PNR_shmdt;
|
99
|
+
else if (strcmp(name, "shmget") == 0)
|
100
|
+
return __PNR_shmget;
|
101
|
+
else if (strcmp(name, "shmctl") == 0)
|
102
|
+
return __PNR_shmctl;
|
103
|
+
else if (strcmp(name, "shutdown") == 0)
|
104
|
+
return __PNR_shutdown;
|
105
|
+
else if (strcmp(name, "socket") == 0)
|
106
|
+
return __PNR_socket;
|
107
|
+
else if (strcmp(name, "socketpair") == 0)
|
108
|
+
return __PNR_socketpair;
|
109
|
+
|
110
|
+
return ppc64_syscall_resolve_name(name);
|
111
|
+
}
|
112
|
+
|
113
|
+
/**
|
114
|
+
* Resolve a syscall number to a name
|
115
|
+
* @param num the syscall number
|
116
|
+
*
|
117
|
+
* Resolve the given syscall number to the syscall name using the syscall table.
|
118
|
+
* Returns a pointer to the syscall name string on success, including pseudo
|
119
|
+
* syscall names; returns NULL on failure.
|
120
|
+
*
|
121
|
+
*/
|
122
|
+
const char *ppc64_syscall_resolve_num_munge(int num)
|
123
|
+
{
|
124
|
+
if (num == __PNR_accept)
|
125
|
+
return "accept";
|
126
|
+
else if (num == __PNR_accept4)
|
127
|
+
return "accept4";
|
128
|
+
else if (num == __PNR_bind)
|
129
|
+
return "bind";
|
130
|
+
else if (num == __PNR_connect)
|
131
|
+
return "connect";
|
132
|
+
else if (num == __PNR_getpeername)
|
133
|
+
return "getpeername";
|
134
|
+
else if (num == __PNR_getsockname)
|
135
|
+
return "getsockname";
|
136
|
+
else if (num == __PNR_getsockopt)
|
137
|
+
return "getsockopt";
|
138
|
+
else if (num == __PNR_listen)
|
139
|
+
return "listen";
|
140
|
+
else if (num == __PNR_msgctl)
|
141
|
+
return "msgctl";
|
142
|
+
else if (num == __PNR_msgget)
|
143
|
+
return "msgget";
|
144
|
+
else if (num == __PNR_msgrcv)
|
145
|
+
return "msgrcv";
|
146
|
+
else if (num == __PNR_msgsnd)
|
147
|
+
return "msgsnd";
|
148
|
+
else if (num == __PNR_recv)
|
149
|
+
return "recv";
|
150
|
+
else if (num == __PNR_recvfrom)
|
151
|
+
return "recvfrom";
|
152
|
+
else if (num == __PNR_recvmsg)
|
153
|
+
return "recvmsg";
|
154
|
+
else if (num == __PNR_recvmmsg)
|
155
|
+
return "recvmmsg";
|
156
|
+
else if (num == __PNR_semctl)
|
157
|
+
return "semctl";
|
158
|
+
else if (num == __PNR_semget)
|
159
|
+
return "semget";
|
160
|
+
else if (num == __PNR_semtimedop)
|
161
|
+
return "semtimedop";
|
162
|
+
else if (num == __PNR_send)
|
163
|
+
return "send";
|
164
|
+
else if (num == __PNR_sendmsg)
|
165
|
+
return "sendmsg";
|
166
|
+
else if (num == __PNR_sendmmsg)
|
167
|
+
return "sendmmsg";
|
168
|
+
else if (num == __PNR_sendto)
|
169
|
+
return "sendto";
|
170
|
+
else if (num == __PNR_setsockopt)
|
171
|
+
return "setsockopt";
|
172
|
+
else if (num == __PNR_shmat)
|
173
|
+
return "shmat";
|
174
|
+
else if (num == __PNR_shmdt)
|
175
|
+
return "shmdt";
|
176
|
+
else if (num == __PNR_shmget)
|
177
|
+
return "shmget";
|
178
|
+
else if (num == __PNR_shmctl)
|
179
|
+
return "shmctl";
|
180
|
+
else if (num == __PNR_shutdown)
|
181
|
+
return "shutdown";
|
182
|
+
else if (num == __PNR_socket)
|
183
|
+
return "socket";
|
184
|
+
else if (num == __PNR_socketpair)
|
185
|
+
return "socketpair";
|
186
|
+
|
187
|
+
return ppc64_syscall_resolve_num(num);
|
188
|
+
}
|
189
|
+
|
190
|
+
/**
|
191
|
+
* Convert a multiplexed pseudo socket syscall into a direct syscall
|
192
|
+
* @param syscall the multiplexed pseudo syscall number
|
193
|
+
*
|
194
|
+
* Return the related direct syscall number, __NR_SCMP_UNDEF is there is
|
195
|
+
* no related syscall, or __NR_SCMP_ERROR otherwise.
|
196
|
+
*
|
197
|
+
*/
|
198
|
+
static int _ppc64_syscall_demux(int syscall)
|
199
|
+
{
|
200
|
+
switch (syscall) {
|
201
|
+
case -101:
|
202
|
+
/* socket */
|
203
|
+
return 326;
|
204
|
+
case -102:
|
205
|
+
/* bind */
|
206
|
+
return 327;
|
207
|
+
case -103:
|
208
|
+
/* connect */
|
209
|
+
return 328;
|
210
|
+
case -104:
|
211
|
+
/* listen */
|
212
|
+
return 329;
|
213
|
+
case -105:
|
214
|
+
/* accept */
|
215
|
+
return 330;
|
216
|
+
case -106:
|
217
|
+
/* getsockname */
|
218
|
+
return 331;
|
219
|
+
case -107:
|
220
|
+
/* getpeername */
|
221
|
+
return 332;
|
222
|
+
case -108:
|
223
|
+
/* socketpair */
|
224
|
+
return 333;
|
225
|
+
case -109:
|
226
|
+
/* send */
|
227
|
+
return 334;
|
228
|
+
case -110:
|
229
|
+
/* recv */
|
230
|
+
return 336;
|
231
|
+
case -111:
|
232
|
+
/* sendto */
|
233
|
+
return 335;
|
234
|
+
case -112:
|
235
|
+
/* recvfrom */
|
236
|
+
return 337;
|
237
|
+
case -113:
|
238
|
+
/* shutdown */
|
239
|
+
return 338;
|
240
|
+
case -114:
|
241
|
+
/* setsockopt */
|
242
|
+
return 339;
|
243
|
+
case -115:
|
244
|
+
/* getsockopt */
|
245
|
+
return 340;
|
246
|
+
case -116:
|
247
|
+
/* sendmsg */
|
248
|
+
return 341;
|
249
|
+
case -117:
|
250
|
+
/* recvmsg */
|
251
|
+
return 342;
|
252
|
+
case -118:
|
253
|
+
/* accept4 */
|
254
|
+
return 344;
|
255
|
+
case -119:
|
256
|
+
/* recvmmsg */
|
257
|
+
return 343;
|
258
|
+
case -120:
|
259
|
+
/* sendmmsg */
|
260
|
+
return 349;
|
261
|
+
case -201:
|
262
|
+
/* semop - not defined */
|
263
|
+
return __NR_SCMP_UNDEF;
|
264
|
+
case -202:
|
265
|
+
/* semget */
|
266
|
+
return 393;
|
267
|
+
case -203:
|
268
|
+
/* semctl */
|
269
|
+
return 394;
|
270
|
+
case -204:
|
271
|
+
/* semtimedop */
|
272
|
+
return 392;
|
273
|
+
case -211:
|
274
|
+
/* msgsnd */
|
275
|
+
return 400;
|
276
|
+
case -212:
|
277
|
+
/* msgrcv */
|
278
|
+
return 401;
|
279
|
+
case -213:
|
280
|
+
/* msgget */
|
281
|
+
return 399;
|
282
|
+
case -214:
|
283
|
+
/* msgctl */
|
284
|
+
return 402;
|
285
|
+
case -221:
|
286
|
+
/* shmat */
|
287
|
+
return 397;
|
288
|
+
case -222:
|
289
|
+
/* shmdt */
|
290
|
+
return 398;
|
291
|
+
case -223:
|
292
|
+
/* shmget */
|
293
|
+
return 395;
|
294
|
+
case -224:
|
295
|
+
/* shmctl */
|
296
|
+
return 396;
|
297
|
+
}
|
298
|
+
|
299
|
+
return __NR_SCMP_ERROR;
|
300
|
+
}
|
301
|
+
|
302
|
+
/**
|
303
|
+
* Convert a direct socket syscall into multiplexed pseudo socket syscall
|
304
|
+
* @param syscall the direct syscall
|
305
|
+
*
|
306
|
+
* Return the related multiplexed pseduo syscall number, __NR_SCMP_UNDEF is
|
307
|
+
* there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise.
|
308
|
+
*
|
309
|
+
*/
|
310
|
+
static int _ppc64_syscall_mux(int syscall)
|
311
|
+
{
|
312
|
+
switch (syscall) {
|
313
|
+
case 326:
|
314
|
+
/* socket */
|
315
|
+
return -101;
|
316
|
+
case 327:
|
317
|
+
/* bind */
|
318
|
+
return -102;
|
319
|
+
case 328:
|
320
|
+
/* connect */
|
321
|
+
return -103;
|
322
|
+
case 329:
|
323
|
+
/* listen */
|
324
|
+
return -104;
|
325
|
+
case 330:
|
326
|
+
/* accept */
|
327
|
+
return -105;
|
328
|
+
case 331:
|
329
|
+
/* getsockname */
|
330
|
+
return -106;
|
331
|
+
case 332:
|
332
|
+
/* getpeername */
|
333
|
+
return -107;
|
334
|
+
case 333:
|
335
|
+
/* socketpair */
|
336
|
+
return -108;
|
337
|
+
case 334:
|
338
|
+
/* send */
|
339
|
+
return -109;
|
340
|
+
case 335:
|
341
|
+
/* sendto */
|
342
|
+
return -111;
|
343
|
+
case 336:
|
344
|
+
/* recv */
|
345
|
+
return -110;
|
346
|
+
case 337:
|
347
|
+
/* recvfrom */
|
348
|
+
return -112;
|
349
|
+
case 338:
|
350
|
+
/* shutdown */
|
351
|
+
return -113;
|
352
|
+
case 339:
|
353
|
+
/* setsockopt */
|
354
|
+
return -114;
|
355
|
+
case 340:
|
356
|
+
/* getsockopt */
|
357
|
+
return -115;
|
358
|
+
case 341:
|
359
|
+
/* sendmsg */
|
360
|
+
return -116;
|
361
|
+
case 342:
|
362
|
+
/* recvmsg */
|
363
|
+
return -117;
|
364
|
+
case 343:
|
365
|
+
/* recvmmsg */
|
366
|
+
return -119;
|
367
|
+
case 344:
|
368
|
+
/* accept4 */
|
369
|
+
return -118;
|
370
|
+
case 349:
|
371
|
+
/* sendmmsg */
|
372
|
+
return -120;
|
373
|
+
case 392:
|
374
|
+
/* semtimedop */
|
375
|
+
return -204;
|
376
|
+
case 393:
|
377
|
+
/* semget */
|
378
|
+
return -202;
|
379
|
+
case 394:
|
380
|
+
/* semctl */
|
381
|
+
return -203;
|
382
|
+
case 395:
|
383
|
+
/* shmget */
|
384
|
+
return -223;
|
385
|
+
case 396:
|
386
|
+
/* shmctl */
|
387
|
+
return -224;
|
388
|
+
case 397:
|
389
|
+
/* shmat */
|
390
|
+
return -221;
|
391
|
+
case 398:
|
392
|
+
/* shmdt */
|
393
|
+
return -222;
|
394
|
+
case 399:
|
395
|
+
/* msgget */
|
396
|
+
return -213;
|
397
|
+
case 400:
|
398
|
+
/* msgsnd */
|
399
|
+
return -211;
|
400
|
+
case 401:
|
401
|
+
/* msgrcv */
|
402
|
+
return -212;
|
403
|
+
case 402:
|
404
|
+
/* msgctl */
|
405
|
+
return -214;
|
406
|
+
}
|
407
|
+
|
408
|
+
return __NR_SCMP_ERROR;
|
409
|
+
}
|
410
|
+
|
411
|
+
/**
|
412
|
+
* Rewrite a syscall value to match the architecture
|
413
|
+
* @param syscall the syscall number
|
414
|
+
*
|
415
|
+
* Syscalls can vary across different architectures so this function rewrites
|
416
|
+
* the syscall into the correct value for the specified architecture. Returns
|
417
|
+
* zero on success, negative values on failure.
|
418
|
+
*
|
419
|
+
*/
|
420
|
+
int ppc64_syscall_rewrite(int *syscall)
|
421
|
+
{
|
422
|
+
int sys = *syscall;
|
423
|
+
|
424
|
+
if (sys <= -100 && sys >= -120)
|
425
|
+
*syscall = __ppc64_NR_socketcall;
|
426
|
+
else if (sys <= -200 && sys >= -224)
|
427
|
+
*syscall = __ppc64_NR_ipc;
|
428
|
+
else if (sys < 0)
|
429
|
+
return -EDOM;
|
430
|
+
|
431
|
+
return 0;
|
432
|
+
}
|
433
|
+
|
434
|
+
/**
|
435
|
+
* add a new rule to the ppc64 seccomp filter
|
436
|
+
* @param db the seccomp filter db
|
437
|
+
* @param rule the filter rule
|
438
|
+
*
|
439
|
+
* This function adds a new syscall filter to the seccomp filter db, making any
|
440
|
+
* necessary adjustments for the ppc64 ABI. Returns zero on success, negative
|
441
|
+
* values on failure.
|
442
|
+
*
|
443
|
+
* It is important to note that in the case of failure the db may be corrupted,
|
444
|
+
* the caller must use the transaction mechanism if the db integrity is
|
445
|
+
* important.
|
446
|
+
*
|
447
|
+
*/
|
448
|
+
int ppc64_rule_add(struct db_filter *db, struct db_api_rule_list *rule)
|
449
|
+
{
|
450
|
+
int rc = 0;
|
451
|
+
unsigned int iter;
|
452
|
+
int sys = rule->syscall;
|
453
|
+
int sys_a, sys_b;
|
454
|
+
struct db_api_rule_list *rule_a, *rule_b, *rule_dup = NULL;
|
455
|
+
|
456
|
+
if ((sys <= -100 && sys >= -120) || (sys >= 326 && sys <= 344) ||
|
457
|
+
(sys == 349)) {
|
458
|
+
/* (-100 to -120) : multiplexed socket syscalls
|
459
|
+
(326 to 344) : direct socket syscalls, Linux 4.3+
|
460
|
+
(349) : sendmmsg */
|
461
|
+
|
462
|
+
/* strict check for the multiplexed socket syscalls */
|
463
|
+
for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
|
464
|
+
if ((rule->args[iter].valid != 0) && (rule->strict)) {
|
465
|
+
rc = -EINVAL;
|
466
|
+
goto add_return;
|
467
|
+
}
|
468
|
+
}
|
469
|
+
|
470
|
+
/* determine both the muxed and direct syscall numbers */
|
471
|
+
if (sys > 0) {
|
472
|
+
sys_a = _ppc64_syscall_mux(sys);
|
473
|
+
if (sys_a == __NR_SCMP_ERROR) {
|
474
|
+
rc = __NR_SCMP_ERROR;
|
475
|
+
goto add_return;
|
476
|
+
}
|
477
|
+
sys_b = sys;
|
478
|
+
} else {
|
479
|
+
sys_a = sys;
|
480
|
+
sys_b = _ppc64_syscall_demux(sys);
|
481
|
+
if (sys_b == __NR_SCMP_ERROR) {
|
482
|
+
rc = __NR_SCMP_ERROR;
|
483
|
+
goto add_return;
|
484
|
+
}
|
485
|
+
}
|
486
|
+
|
487
|
+
/* use rule_a for the multiplexed syscall and use rule_b for
|
488
|
+
* the direct wired syscall */
|
489
|
+
|
490
|
+
if (sys_a == __NR_SCMP_UNDEF) {
|
491
|
+
rule_a = NULL;
|
492
|
+
rule_b = rule;
|
493
|
+
} else if (sys_b == __NR_SCMP_UNDEF) {
|
494
|
+
rule_a = rule;
|
495
|
+
rule_b = NULL;
|
496
|
+
} else {
|
497
|
+
/* need two rules, dup the first and link together */
|
498
|
+
rule_a = rule;
|
499
|
+
rule_dup = db_rule_dup(rule_a);
|
500
|
+
rule_b = rule_dup;
|
501
|
+
if (rule_b == NULL) {
|
502
|
+
rc = -ENOMEM;
|
503
|
+
goto add_return;
|
504
|
+
}
|
505
|
+
rule_b->prev = rule_a;
|
506
|
+
rule_b->next = NULL;
|
507
|
+
rule_a->next = rule_b;
|
508
|
+
}
|
509
|
+
|
510
|
+
/* multiplexed socket syscalls */
|
511
|
+
if (rule_a != NULL) {
|
512
|
+
rule_a->syscall = __ppc64_NR_socketcall;
|
513
|
+
rule_a->args[0].arg = 0;
|
514
|
+
rule_a->args[0].op = SCMP_CMP_EQ;
|
515
|
+
rule_a->args[0].mask = DATUM_MAX;
|
516
|
+
rule_a->args[0].datum = (-sys_a) % 100;
|
517
|
+
rule_a->args[0].valid = 1;
|
518
|
+
}
|
519
|
+
|
520
|
+
/* direct wired socket syscalls */
|
521
|
+
if (rule_b != NULL)
|
522
|
+
rule_b->syscall = sys_b;
|
523
|
+
|
524
|
+
/* we should be protected by a transaction checkpoint */
|
525
|
+
if (rule_a != NULL) {
|
526
|
+
rc = db_rule_add(db, rule_a);
|
527
|
+
if (rc < 0)
|
528
|
+
goto add_return;
|
529
|
+
}
|
530
|
+
if (rule_b != NULL) {
|
531
|
+
rc = db_rule_add(db, rule_b);
|
532
|
+
if (rc < 0)
|
533
|
+
goto add_return;
|
534
|
+
}
|
535
|
+
} else if ((sys <= -200 && sys >= -224) || (sys >= 392 && sys <= 402)) {
|
536
|
+
/* (-200 to -224) : multiplexed ipc syscalls
|
537
|
+
(392 to 402) : direct ipc syscalls */
|
538
|
+
|
539
|
+
/* strict check for the multiplexed socket syscalls */
|
540
|
+
for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
|
541
|
+
if ((rule->args[iter].valid != 0) && (rule->strict)) {
|
542
|
+
rc = -EINVAL;
|
543
|
+
goto add_return;
|
544
|
+
}
|
545
|
+
}
|
546
|
+
|
547
|
+
/* determine both the muxed and direct syscall numbers */
|
548
|
+
if (sys > 0) {
|
549
|
+
sys_a = _ppc64_syscall_mux(sys);
|
550
|
+
if (sys_a == __NR_SCMP_ERROR) {
|
551
|
+
rc = __NR_SCMP_ERROR;
|
552
|
+
goto add_return;
|
553
|
+
}
|
554
|
+
sys_b = sys;
|
555
|
+
} else {
|
556
|
+
sys_a = sys;
|
557
|
+
sys_b = _ppc64_syscall_demux(sys);
|
558
|
+
if (sys_b == __NR_SCMP_ERROR) {
|
559
|
+
rc = __NR_SCMP_ERROR;
|
560
|
+
goto add_return;
|
561
|
+
}
|
562
|
+
}
|
563
|
+
|
564
|
+
/* use rule_a for the multiplexed syscall and use rule_b for
|
565
|
+
* the direct wired syscall */
|
566
|
+
|
567
|
+
if (sys_a == __NR_SCMP_UNDEF) {
|
568
|
+
rule_a = NULL;
|
569
|
+
rule_b = rule;
|
570
|
+
} else if (sys_b == __NR_SCMP_UNDEF) {
|
571
|
+
rule_a = rule;
|
572
|
+
rule_b = NULL;
|
573
|
+
} else {
|
574
|
+
/* need two rules, dup the first and link together */
|
575
|
+
rule_a = rule;
|
576
|
+
rule_dup = db_rule_dup(rule_a);
|
577
|
+
rule_b = rule_dup;
|
578
|
+
if (rule_b == NULL)
|
579
|
+
goto add_return;
|
580
|
+
rule_b->prev = rule_a;
|
581
|
+
rule_b->next = NULL;
|
582
|
+
rule_a->next = rule_b;
|
583
|
+
}
|
584
|
+
|
585
|
+
/* multiplexed socket syscalls */
|
586
|
+
if (rule_a != NULL) {
|
587
|
+
rule_a->syscall = __ppc64_NR_ipc;
|
588
|
+
rule_a->args[0].arg = 0;
|
589
|
+
rule_a->args[0].op = SCMP_CMP_EQ;
|
590
|
+
rule_a->args[0].mask = DATUM_MAX;
|
591
|
+
rule_a->args[0].datum = (-sys_a) % 200;
|
592
|
+
rule_a->args[0].valid = 1;
|
593
|
+
}
|
594
|
+
|
595
|
+
/* direct wired socket syscalls */
|
596
|
+
if (rule_b != NULL)
|
597
|
+
rule_b->syscall = sys_b;
|
598
|
+
|
599
|
+
/* we should be protected by a transaction checkpoint */
|
600
|
+
if (rule_a != NULL) {
|
601
|
+
rc = db_rule_add(db, rule_a);
|
602
|
+
if (rc < 0)
|
603
|
+
goto add_return;
|
604
|
+
}
|
605
|
+
if (rule_b != NULL) {
|
606
|
+
rc = db_rule_add(db, rule_b);
|
607
|
+
if (rc < 0)
|
608
|
+
goto add_return;
|
609
|
+
}
|
610
|
+
} else if (sys >= 0) {
|
611
|
+
/* normal syscall processing */
|
612
|
+
rc = db_rule_add(db, rule);
|
613
|
+
if (rc < 0)
|
614
|
+
goto add_return;
|
615
|
+
} else if (rule->strict) {
|
616
|
+
rc = -EDOM;
|
617
|
+
goto add_return;
|
618
|
+
}
|
619
|
+
|
620
|
+
add_return:
|
621
|
+
if (rule_dup != NULL)
|
622
|
+
free(rule_dup);
|
623
|
+
return rc;
|
624
|
+
}
|
625
|
+
|
28
626
|
const struct arch_def arch_def_ppc64 = {
|
29
627
|
.token = SCMP_ARCH_PPC64,
|
30
628
|
.token_bpf = AUDIT_ARCH_PPC64,
|
31
629
|
.size = ARCH_SIZE_64,
|
32
630
|
.endian = ARCH_ENDIAN_BIG,
|
33
|
-
.syscall_resolve_name =
|
34
|
-
.syscall_resolve_num =
|
35
|
-
.syscall_rewrite =
|
36
|
-
.rule_add =
|
631
|
+
.syscall_resolve_name = ppc64_syscall_resolve_name_munge,
|
632
|
+
.syscall_resolve_num = ppc64_syscall_resolve_num_munge,
|
633
|
+
.syscall_rewrite = ppc64_syscall_rewrite,
|
634
|
+
.rule_add = ppc64_rule_add,
|
37
635
|
};
|
38
636
|
|
39
637
|
const struct arch_def arch_def_ppc64le = {
|
@@ -41,8 +639,8 @@ const struct arch_def arch_def_ppc64le = {
|
|
41
639
|
.token_bpf = AUDIT_ARCH_PPC64LE,
|
42
640
|
.size = ARCH_SIZE_64,
|
43
641
|
.endian = ARCH_ENDIAN_LITTLE,
|
44
|
-
.syscall_resolve_name =
|
45
|
-
.syscall_resolve_num =
|
46
|
-
.syscall_rewrite =
|
47
|
-
.rule_add =
|
642
|
+
.syscall_resolve_name = ppc64_syscall_resolve_name_munge,
|
643
|
+
.syscall_resolve_num = ppc64_syscall_resolve_num_munge,
|
644
|
+
.syscall_rewrite = ppc64_syscall_rewrite,
|
645
|
+
.rule_add = ppc64_rule_add,
|
48
646
|
};
|