script_core 0.2.3 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +35 -57
- data/.ruby-version +1 -1
- data/Gemfile +2 -2
- data/README.md +7 -1
- data/ext/enterprise_script_service/Rakefile +1 -1
- data/ext/enterprise_script_service/libseccomp/.travis.yml +24 -12
- data/ext/enterprise_script_service/libseccomp/CHANGELOG +32 -0
- data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
- data/ext/enterprise_script_service/libseccomp/CREDITS +11 -0
- data/ext/enterprise_script_service/libseccomp/README.md +21 -1
- data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
- data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
- data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +19 -0
- data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
- data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
- data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
- data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
- data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
- data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
- data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
- data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
- data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
- data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
- data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
- data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
- data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
- data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
- data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
- data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
- data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
- data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
- data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
- data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
- data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
- data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
- data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
- data/ext/enterprise_script_service/libseccomp/tests/.gitignore +10 -2
- data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
- data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
- data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
- data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
- data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +4 -3
- data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
- data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
- data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
- data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
- data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
- data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
- data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.c +48 -0
- data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.py +38 -0
- data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +34 -10
- data/ext/enterprise_script_service/libseccomp/tests/regression +10 -3
- data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
- data/ext/enterprise_script_service/libseccomp/tools/Makefile.am +0 -3
- data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
- data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
- data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +4 -0
- data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
- data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/build.yml +149 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +55 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/lint.yml +23 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/oss-fuzz.yml +27 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/spell-checker.yml +17 -0
- data/ext/enterprise_script_service/mruby/.gitignore +3 -0
- data/ext/enterprise_script_service/mruby/.gitlab-ci.yml +3 -3
- data/ext/enterprise_script_service/mruby/.markdownlint.yml +16 -0
- data/ext/enterprise_script_service/mruby/.travis.yml +7 -10
- data/ext/enterprise_script_service/mruby/.yamllint +8 -0
- data/ext/enterprise_script_service/mruby/AUTHORS +4 -0
- data/ext/enterprise_script_service/mruby/CODEOWNERS +1 -0
- data/ext/enterprise_script_service/mruby/CONTRIBUTING.md +6 -13
- data/ext/enterprise_script_service/mruby/Doxyfile +4 -4
- data/ext/enterprise_script_service/mruby/LICENSE +1 -1
- data/ext/enterprise_script_service/mruby/Makefile +1 -1
- data/ext/enterprise_script_service/mruby/README.md +5 -11
- data/ext/enterprise_script_service/mruby/Rakefile +18 -108
- data/ext/enterprise_script_service/mruby/TODO.md +17 -0
- data/ext/enterprise_script_service/mruby/appveyor.yml +29 -26
- data/ext/enterprise_script_service/mruby/benchmark/bm_ao_render.rb +1 -1
- data/ext/enterprise_script_service/mruby/build_config.rb +9 -152
- data/ext/enterprise_script_service/mruby/{examples/targets/build_config_ArduinoDue.rb → build_config/ArduinoDue.rb} +4 -21
- data/ext/enterprise_script_service/mruby/{examples/targets/build_config_IntelEdison.rb → build_config/IntelEdison.rb} +4 -4
- data/ext/enterprise_script_service/mruby/{examples/targets/build_config_IntelGalileo.rb → build_config/IntelGalileo.rb} +3 -20
- data/ext/enterprise_script_service/mruby/{examples/targets/build_config_RX630.rb → build_config/RX630.rb} +4 -21
- data/ext/enterprise_script_service/mruby/build_config/android_arm64-v8a.rb +11 -0
- data/ext/enterprise_script_service/mruby/build_config/android_armeabi.rb +11 -0
- data/ext/enterprise_script_service/mruby/{examples/targets/build_config_android_armeabi_v7a_neon_hard.rb → build_config/android_armeabi_v7a_neon_hard.rb} +0 -15
- data/ext/enterprise_script_service/mruby/build_config/bench.rb +11 -0
- data/ext/enterprise_script_service/mruby/build_config/boxing.rb +21 -0
- data/ext/enterprise_script_service/mruby/{examples/targets/build_config_chipKITMax32.rb → build_config/chipKITMax32.rb} +4 -21
- data/ext/enterprise_script_service/mruby/{appveyor_config.rb → build_config/ci/gcc-clang.rb} +11 -8
- data/ext/enterprise_script_service/mruby/build_config/ci/msvc.rb +20 -0
- data/ext/enterprise_script_service/mruby/build_config/clang-asan.rb +11 -0
- data/ext/enterprise_script_service/mruby/build_config/cross-32bit.rb +14 -0
- data/ext/enterprise_script_service/mruby/build_config/default.rb +80 -0
- data/ext/enterprise_script_service/mruby/build_config/dreamcast_shelf.rb +94 -0
- data/ext/enterprise_script_service/mruby/build_config/gameboyadvance.rb +73 -0
- data/ext/enterprise_script_service/mruby/build_config/host-cxx.rb +12 -0
- data/ext/enterprise_script_service/mruby/build_config/host-debug.rb +20 -0
- data/ext/enterprise_script_service/mruby/build_config/host-gprof.rb +14 -0
- data/ext/enterprise_script_service/mruby/build_config/host-m32.rb +15 -0
- data/ext/enterprise_script_service/mruby/build_config/host-shared.rb +36 -0
- data/ext/enterprise_script_service/mruby/build_config/mrbc.rb +11 -0
- data/ext/enterprise_script_service/mruby/build_config/no-float.rb +17 -0
- data/ext/enterprise_script_service/mruby/doc/guides/compile.md +142 -49
- data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +5 -4
- data/ext/enterprise_script_service/mruby/doc/guides/gc-arena-howto.md +1 -1
- data/ext/enterprise_script_service/mruby/doc/guides/mrbconf.md +53 -30
- data/ext/enterprise_script_service/mruby/doc/guides/mrbgems.md +31 -14
- data/ext/enterprise_script_service/mruby/doc/guides/symbol.md +83 -0
- data/ext/enterprise_script_service/mruby/doc/limitations.md +35 -36
- data/ext/enterprise_script_service/mruby/doc/mruby3.md +163 -0
- data/ext/enterprise_script_service/mruby/doc/opcode.md +102 -103
- data/ext/enterprise_script_service/mruby/examples/mrbgems/c_and_ruby_extension_example/mrblib/example.rb +1 -1
- data/ext/enterprise_script_service/mruby/examples/mrbgems/c_and_ruby_extension_example/src/example.c +5 -1
- data/ext/enterprise_script_service/mruby/examples/mrbgems/c_extension_example/src/example.c +5 -1
- data/ext/enterprise_script_service/mruby/examples/mrbgems/ruby_extension_example/mrblib/example.rb +1 -1
- data/ext/enterprise_script_service/mruby/include/mrbconf.h +88 -66
- data/ext/enterprise_script_service/mruby/include/mruby.h +160 -104
- data/ext/enterprise_script_service/mruby/include/mruby/array.h +27 -6
- data/ext/enterprise_script_service/mruby/include/mruby/boxing_nan.h +80 -46
- data/ext/enterprise_script_service/mruby/include/mruby/boxing_no.h +8 -8
- data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +76 -55
- data/ext/enterprise_script_service/mruby/include/mruby/class.h +10 -8
- data/ext/enterprise_script_service/mruby/include/mruby/common.h +14 -1
- data/ext/enterprise_script_service/mruby/include/mruby/compile.h +20 -6
- data/ext/enterprise_script_service/mruby/include/mruby/debug.h +2 -2
- data/ext/enterprise_script_service/mruby/include/mruby/dump.h +18 -52
- data/ext/enterprise_script_service/mruby/include/mruby/endian.h +44 -0
- data/ext/enterprise_script_service/mruby/include/mruby/error.h +39 -5
- data/ext/enterprise_script_service/mruby/include/mruby/gc.h +1 -0
- data/ext/enterprise_script_service/mruby/include/mruby/hash.h +33 -13
- data/ext/enterprise_script_service/mruby/include/mruby/irep.h +74 -14
- data/ext/enterprise_script_service/mruby/include/mruby/istruct.h +4 -1
- data/ext/enterprise_script_service/mruby/include/mruby/khash.h +19 -9
- data/ext/enterprise_script_service/mruby/include/mruby/numeric.h +37 -63
- data/ext/enterprise_script_service/mruby/include/mruby/opcode.h +1 -27
- data/ext/enterprise_script_service/mruby/include/mruby/ops.h +29 -24
- data/ext/enterprise_script_service/mruby/include/mruby/presym.h +40 -0
- data/ext/enterprise_script_service/mruby/include/mruby/presym/disable.h +70 -0
- data/ext/enterprise_script_service/mruby/include/mruby/presym/enable.h +37 -0
- data/ext/enterprise_script_service/mruby/include/mruby/presym/scanning.h +73 -0
- data/ext/enterprise_script_service/mruby/include/mruby/proc.h +93 -21
- data/ext/enterprise_script_service/mruby/include/mruby/string.h +12 -16
- data/ext/enterprise_script_service/mruby/include/mruby/throw.h +14 -3
- data/ext/enterprise_script_service/mruby/include/mruby/value.h +60 -59
- data/ext/enterprise_script_service/mruby/include/mruby/variable.h +1 -0
- data/ext/enterprise_script_service/mruby/include/mruby/version.h +25 -6
- data/ext/enterprise_script_service/mruby/lib/mruby/build.rb +198 -72
- data/ext/enterprise_script_service/mruby/lib/mruby/build/command.rb +71 -78
- data/ext/enterprise_script_service/mruby/lib/mruby/build/load_gems.rb +12 -10
- data/ext/enterprise_script_service/mruby/lib/{mruby-core-ext.rb → mruby/core_ext.rb} +10 -3
- data/ext/enterprise_script_service/mruby/lib/mruby/gem.rb +84 -32
- data/ext/enterprise_script_service/mruby/lib/mruby/lockfile.rb +1 -1
- data/ext/enterprise_script_service/mruby/lib/mruby/presym.rb +132 -0
- data/ext/enterprise_script_service/mruby/lib/mruby/source.rb +3 -1
- data/ext/enterprise_script_service/mruby/mrbgems/default-no-fpu.gembox +3 -0
- data/ext/enterprise_script_service/mruby/mrbgems/default-no-stdio.gembox +4 -0
- data/ext/enterprise_script_service/mruby/mrbgems/default.gembox +9 -81
- data/ext/enterprise_script_service/mruby/mrbgems/full-core.gembox +1 -4
- data/ext/enterprise_script_service/mruby/mrbgems/math.gembox +10 -0
- data/ext/enterprise_script_service/mruby/mrbgems/metaprog.gembox +15 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/mrblib/array.rb +1 -32
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +10 -12
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/test/array.rb +0 -13
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mrbgem.rake +30 -18
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mruby-config +18 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/bintest/mrdb.rb +3 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/bintest/print.rb +10 -10
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c +14 -9
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apiprint.c +3 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c +4 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.h +2 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdbconf.h +6 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/bintest/mirb.rb +23 -5
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/mrbgem.rake +11 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +46 -35
- data/ext/enterprise_script_service/mruby/mrbgems/{mruby-compiler → mruby-bin-mrbc}/bintest/mrbc.rb +0 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/mrbgem.rake +3 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +41 -28
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/bintest/mruby.rb +25 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/mrbgem.rake +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c +26 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/bintest/mruby-strip.rb +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c +6 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-catch/mrbgem.rake +5 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-catch/mrblib/catch.rb +27 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-class-ext/src/class.c +7 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/codegen.c +495 -436
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/keywords +5 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/lex.def +49 -44
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/parse.y +637 -220
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/y.tab.c +13734 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/mrbgem.rake +20 -23
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +2 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +9 -9
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/test/complex.rb +4 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-enumerator/mrblib/enumerator.rb +1 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-enumerator/test/enumerator.rb +2 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/mrbgem.rake +2 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/src/exception.c +3 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +19 -238
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/test/eval.rb +21 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +19 -15
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c +31 -5
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/test/hash.rb +7 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +5 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/README.md +18 -16
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/include/mruby/ext/io.h +39 -7
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrbgem.rake +2 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file.rb +9 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file_constants.rb +0 -16
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/io.rb +9 -14
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +107 -59
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +22 -38
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +417 -203
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/file.rb +20 -12
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/io.rb +33 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/mruby_io_test.c +58 -50
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +13 -14
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-math/src/math.c +13 -12
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-math/test/math.rb +5 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/src/metaprog.c +56 -73
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/test/metaprog.rb +13 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/README.md +4 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +80 -78
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/test/method.rb +4 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-numeric-ext/src/numeric_ext.c +14 -13
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-object-ext/src/object.c +8 -16
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +18 -13
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-os-memsize/mrbgem.rake +10 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-os-memsize/src/memsize.c +231 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-os-memsize/test/memsize.rb +63 -0
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/README.md +15 -18
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/src/pack.c +120 -67
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/mrblib/print.rb +1 -30
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +65 -26
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/src/proc.c +34 -21
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/test/proc.c +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-random/src/random.c +98 -43
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-random/test/random.rb +2 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/mrblib/range.rb +39 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +21 -43
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/test/range.rb +27 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +12 -20
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/src/rational.c +216 -38
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/test/rational.rb +6 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/README.md +6 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/src/mrb_sleep.c +5 -5
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/README.md +3 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/mrbgem.rake +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/src/socket.c +47 -45
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/test/sockettest.c +3 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +161 -93
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/test/sprintf.rb +9 -25
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/mrblib/string.rb +23 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +17 -14
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/mrblib/struct.rb +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +23 -36
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/src/symbol.c +7 -6
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/test/symbol.rb +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/README.md +0 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/driver.c +5 -5
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/mrbgem.rake +17 -44
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/vformat.c +4 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +37 -41
- data/ext/enterprise_script_service/mruby/mrbgems/stdlib-ext.gembox +18 -0
- data/ext/enterprise_script_service/mruby/mrbgems/stdlib-io.gembox +12 -0
- data/ext/enterprise_script_service/mruby/mrbgems/stdlib.gembox +54 -0
- data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
- data/ext/enterprise_script_service/mruby/mrblib/10error.rb +4 -0
- data/ext/enterprise_script_service/mruby/mrblib/array.rb +17 -9
- data/ext/enterprise_script_service/mruby/mrblib/enum.rb +1 -1
- data/ext/enterprise_script_service/mruby/mrblib/hash.rb +3 -23
- data/ext/enterprise_script_service/mruby/mrblib/init_mrblib.c +0 -11
- data/ext/enterprise_script_service/mruby/mrblib/numeric.rb +36 -11
- data/ext/enterprise_script_service/mruby/mrblib/range.rb +25 -3
- data/ext/enterprise_script_service/mruby/oss-fuzz/mruby_proto_fuzzer.cpp +2 -2
- data/ext/enterprise_script_service/mruby/oss-fuzz/proto_to_ruby.h +1 -1
- data/ext/enterprise_script_service/mruby/src/array.c +67 -90
- data/ext/enterprise_script_service/mruby/src/backtrace.c +18 -19
- data/ext/enterprise_script_service/mruby/src/class.c +819 -211
- data/ext/enterprise_script_service/mruby/src/codedump.c +226 -197
- data/ext/enterprise_script_service/mruby/src/debug.c +14 -11
- data/ext/enterprise_script_service/mruby/src/dump.c +470 -207
- data/ext/enterprise_script_service/mruby/src/enum.c +1 -1
- data/ext/enterprise_script_service/mruby/src/error.c +94 -20
- data/ext/enterprise_script_service/mruby/src/etc.c +56 -39
- data/ext/enterprise_script_service/mruby/src/fmt_fp.c +103 -27
- data/ext/enterprise_script_service/mruby/src/gc.c +86 -349
- data/ext/enterprise_script_service/mruby/src/hash.c +1058 -723
- data/ext/enterprise_script_service/mruby/src/kernel.c +78 -226
- data/ext/enterprise_script_service/mruby/src/load.c +215 -159
- data/ext/enterprise_script_service/mruby/src/numeric.c +400 -382
- data/ext/enterprise_script_service/mruby/src/object.c +115 -90
- data/ext/enterprise_script_service/mruby/src/print.c +31 -6
- data/ext/enterprise_script_service/mruby/src/proc.c +56 -45
- data/ext/enterprise_script_service/mruby/src/range.c +49 -33
- data/ext/enterprise_script_service/mruby/src/state.c +58 -42
- data/ext/enterprise_script_service/mruby/src/string.c +151 -156
- data/ext/enterprise_script_service/mruby/src/symbol.c +132 -66
- data/ext/enterprise_script_service/mruby/src/value_array.h +1 -0
- data/ext/enterprise_script_service/mruby/src/variable.c +158 -158
- data/ext/enterprise_script_service/mruby/src/vm.c +655 -645
- data/ext/enterprise_script_service/mruby/tasks/benchmark.rake +6 -6
- data/ext/enterprise_script_service/mruby/tasks/bin.rake +23 -0
- data/ext/enterprise_script_service/mruby/tasks/core.rake +12 -0
- data/ext/enterprise_script_service/mruby/tasks/doc.rake +50 -38
- data/ext/enterprise_script_service/mruby/tasks/gitlab.rake +64 -61
- data/ext/enterprise_script_service/mruby/tasks/libmruby.rake +10 -1
- data/ext/enterprise_script_service/mruby/tasks/mrbgems.rake +13 -1
- data/ext/enterprise_script_service/mruby/tasks/mrblib.rake +40 -0
- data/ext/enterprise_script_service/mruby/tasks/presym.rake +44 -0
- data/ext/enterprise_script_service/mruby/tasks/test.rake +68 -0
- data/ext/enterprise_script_service/mruby/tasks/toolchains/android.rake +46 -1
- data/ext/enterprise_script_service/mruby/tasks/toolchains/gcc.rake +8 -7
- data/ext/enterprise_script_service/mruby/tasks/toolchains/openwrt.rake +13 -17
- data/ext/enterprise_script_service/mruby/tasks/toolchains/visualcpp.rake +21 -25
- data/ext/enterprise_script_service/mruby/test/assert.rb +5 -4
- data/ext/enterprise_script_service/mruby/test/bintest.rb +5 -5
- data/ext/enterprise_script_service/mruby/test/t/argumenterror.rb +16 -0
- data/ext/enterprise_script_service/mruby/test/t/array.rb +7 -3
- data/ext/enterprise_script_service/mruby/test/t/bs_literal.rb +1 -1
- data/ext/enterprise_script_service/mruby/test/t/ensure.rb +8 -26
- data/ext/enterprise_script_service/mruby/test/t/exception.rb +2 -2
- data/ext/enterprise_script_service/mruby/test/t/float.rb +18 -8
- data/ext/enterprise_script_service/mruby/test/t/hash.rb +903 -281
- data/ext/enterprise_script_service/mruby/test/t/integer.rb +10 -38
- data/ext/enterprise_script_service/mruby/test/t/kernel.rb +16 -25
- data/ext/enterprise_script_service/mruby/test/t/literals.rb +50 -0
- data/ext/enterprise_script_service/mruby/test/t/module.rb +2 -2
- data/ext/enterprise_script_service/mruby/test/t/numeric.rb +1 -1
- data/ext/enterprise_script_service/mruby/test/t/range.rb +83 -1
- data/ext/enterprise_script_service/mruby/test/t/string.rb +4 -0
- data/ext/enterprise_script_service/mruby/test/t/superclass.rb +10 -10
- data/ext/enterprise_script_service/mruby/test/t/syntax.rb +24 -0
- data/ext/enterprise_script_service/mruby/test/t/vformat.rb +3 -3
- data/ext/enterprise_script_service/mruby_config.rb +2 -5
- data/ext/enterprise_script_service/mruby_engine.cpp +1 -1
- data/ext/enterprise_script_service/msgpack/.github/depends/boost.sh +56 -0
- data/ext/enterprise_script_service/msgpack/.github/workflows/coverage.yml +62 -0
- data/ext/enterprise_script_service/msgpack/.github/workflows/gha.yml +304 -0
- data/ext/enterprise_script_service/msgpack/CHANGELOG.md +11 -0
- data/ext/enterprise_script_service/msgpack/CMakeLists.txt +82 -39
- data/ext/enterprise_script_service/msgpack/Files.cmake +22 -12
- data/ext/enterprise_script_service/msgpack/QUICKSTART-C.md +26 -29
- data/ext/enterprise_script_service/msgpack/README.md +3 -2
- data/ext/enterprise_script_service/msgpack/appveyor.yml +6 -2
- data/ext/enterprise_script_service/msgpack/ci/build_cmake.sh +3 -1
- data/ext/enterprise_script_service/msgpack/cmake/CodeCoverage.cmake +55 -0
- data/ext/enterprise_script_service/msgpack/codecov.yml +36 -0
- data/ext/enterprise_script_service/msgpack/example/CMakeLists.txt +9 -5
- data/ext/enterprise_script_service/msgpack/example/boost/CMakeLists.txt +1 -1
- data/ext/enterprise_script_service/msgpack/example/c/CMakeLists.txt +17 -6
- data/ext/enterprise_script_service/msgpack/example/c/boundary.c +296 -0
- data/ext/enterprise_script_service/msgpack/example/c/jsonconv.c +419 -0
- data/ext/enterprise_script_service/msgpack/example/c/simple_c.c +1 -1
- data/ext/enterprise_script_service/msgpack/example/cpp03/CMakeLists.txt +3 -3
- data/ext/enterprise_script_service/msgpack/example/cpp11/CMakeLists.txt +2 -2
- data/ext/enterprise_script_service/msgpack/example/x3/CMakeLists.txt +2 -2
- data/ext/enterprise_script_service/msgpack/include/msgpack/pack.h +24 -1
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/array_ref.hpp +5 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/boost/optional.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/cpp17/vector_byte.hpp +8 -8
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/map.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_char.hpp +8 -8
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_unsigned_char.hpp +8 -8
- data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/wstring.hpp +4 -4
- data/ext/enterprise_script_service/msgpack/include/msgpack/v3/unpack.hpp +6 -6
- data/ext/enterprise_script_service/msgpack/include/msgpack/version_master.h +2 -2
- data/ext/enterprise_script_service/msgpack/include/msgpack/zbuffer.h +4 -4
- data/ext/enterprise_script_service/msgpack/make_file_list.sh +38 -11
- data/ext/enterprise_script_service/msgpack/src/vrefbuffer.c +6 -0
- data/ext/enterprise_script_service/msgpack/test/CMakeLists.txt +86 -64
- data/ext/enterprise_script_service/msgpack/test/array_ref.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_fusion.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_optional.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_string_ref.cpp +4 -1
- data/ext/enterprise_script_service/msgpack/test/boost_string_view.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/boost_variant.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/buffer.cpp +4 -47
- data/ext/enterprise_script_service/msgpack/test/buffer_c.cpp +148 -0
- data/ext/enterprise_script_service/msgpack/test/carray.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/cases.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/convert.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/fixint.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/fixint_c.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/fuzz_unpack_pack_fuzzer_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/iterator_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/json.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/limit.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/msgpack_basic.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_c.cpp +159 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_container.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_cpp11.cpp +32 -27
- data/ext/enterprise_script_service/msgpack/test/msgpack_cpp17.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_stream.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_tuple.cpp +4 -1
- data/ext/enterprise_script_service/msgpack/test/msgpack_vref.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/msgpack_x3_parse.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/object.cpp +4 -1
- data/ext/enterprise_script_service/msgpack/test/object_with_zone.cpp +12 -8
- data/ext/enterprise_script_service/msgpack/test/pack_unpack.cpp +30 -26
- data/ext/enterprise_script_service/msgpack/test/pack_unpack_c.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/raw.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/reference.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/reference_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/reference_wrapper_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/shared_ptr_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/size_equal_only.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/streaming.cpp +8 -4
- data/ext/enterprise_script_service/msgpack/test/streaming_c.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/unique_ptr_cpp11.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/user_class.cpp +16 -12
- data/ext/enterprise_script_service/msgpack/test/version.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/visitor.cpp +4 -0
- data/ext/enterprise_script_service/msgpack/test/zone.cpp +4 -0
- data/lib/script_core/engine.rb +24 -5
- data/lib/script_core/executable.rb +4 -3
- data/lib/script_core/version.rb +1 -1
- data/lib/tasks/script_core.rake +3 -1
- data/script_core.gemspec +1 -2
- data/spec/dummy/app/lib/script_engine.rb +64 -5
- data/spec/script_core_spec.rb +13 -0
- metadata +123 -61
- data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
- data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -626
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -626
- data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
- data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
- data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
- data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
- data/ext/enterprise_script_service/mruby/TODO +0 -8
- data/ext/enterprise_script_service/mruby/benchmark/build_config_boxing.rb +0 -28
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_android_arm64-v8a.rb +0 -26
- data/ext/enterprise_script_service/mruby/examples/targets/build_config_android_armeabi.rb +0 -26
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/kernel.c +0 -30
- data/ext/enterprise_script_service/mruby/mrblib/mrblib.rake +0 -18
- data/ext/enterprise_script_service/mruby/src/crc.c +0 -39
- data/ext/enterprise_script_service/mruby/src/mruby_core.rake +0 -19
- data/ext/enterprise_script_service/mruby/travis_config.rb +0 -54
- data/ext/enterprise_script_service/msgpack/.travis.yml +0 -258
|
@@ -26,14 +26,48 @@
|
|
|
26
26
|
#include "arch.h"
|
|
27
27
|
#include "arch-x32.h"
|
|
28
28
|
|
|
29
|
+
/**
|
|
30
|
+
* Resolve a syscall name to a number
|
|
31
|
+
* @param name the syscall name
|
|
32
|
+
*
|
|
33
|
+
* Resolve the given syscall name to the syscall number using the syscall table.
|
|
34
|
+
* Returns the syscall number on success, including negative pseudo syscall
|
|
35
|
+
* numbers; returns __NR_SCMP_ERROR on failure.
|
|
36
|
+
*
|
|
37
|
+
*/
|
|
38
|
+
int x32_syscall_resolve_name_munge(const char *name)
|
|
39
|
+
{
|
|
40
|
+
int sys;
|
|
41
|
+
|
|
42
|
+
sys = x32_syscall_resolve_name(name);
|
|
43
|
+
if (sys == __NR_SCMP_ERROR)
|
|
44
|
+
return sys;
|
|
45
|
+
|
|
46
|
+
return (sys | X32_SYSCALL_BIT);
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
/**
|
|
50
|
+
* Resolve a syscall number to a name
|
|
51
|
+
* @param num the syscall number
|
|
52
|
+
*
|
|
53
|
+
* Resolve the given syscall number to the syscall name using the syscall table.
|
|
54
|
+
* Returns a pointer to the syscall name string on success, including pseudo
|
|
55
|
+
* syscall names; returns NULL on failure.
|
|
56
|
+
*
|
|
57
|
+
*/
|
|
58
|
+
const char *x32_syscall_resolve_num_munge(int num)
|
|
59
|
+
{
|
|
60
|
+
return x32_syscall_resolve_num(num & (~X32_SYSCALL_BIT));
|
|
61
|
+
}
|
|
62
|
+
|
|
29
63
|
const struct arch_def arch_def_x32 = {
|
|
30
64
|
.token = SCMP_ARCH_X32,
|
|
31
65
|
/* NOTE: this seems odd but the kernel treats x32 like x86_64 here */
|
|
32
66
|
.token_bpf = AUDIT_ARCH_X86_64,
|
|
33
67
|
.size = ARCH_SIZE_32,
|
|
34
68
|
.endian = ARCH_ENDIAN_LITTLE,
|
|
35
|
-
.syscall_resolve_name =
|
|
36
|
-
.syscall_resolve_num =
|
|
69
|
+
.syscall_resolve_name = x32_syscall_resolve_name_munge,
|
|
70
|
+
.syscall_resolve_num = x32_syscall_resolve_num_munge,
|
|
37
71
|
.syscall_rewrite = NULL,
|
|
38
72
|
.rule_add = NULL,
|
|
39
73
|
};
|
|
@@ -22,18 +22,10 @@
|
|
|
22
22
|
#ifndef _ARCH_X32_H
|
|
23
23
|
#define _ARCH_X32_H
|
|
24
24
|
|
|
25
|
-
#include <inttypes.h>
|
|
26
|
-
|
|
27
25
|
#include "arch.h"
|
|
28
|
-
#include "system.h"
|
|
29
|
-
|
|
30
|
-
#define X32_SYSCALL_BIT 0x40000000
|
|
31
|
-
|
|
32
|
-
extern const struct arch_def arch_def_x32;
|
|
33
26
|
|
|
34
|
-
|
|
35
|
-
const char *x32_syscall_resolve_num(int num);
|
|
27
|
+
#define X32_SYSCALL_BIT 0x40000000
|
|
36
28
|
|
|
37
|
-
|
|
29
|
+
ARCH_DECL(x32)
|
|
38
30
|
|
|
39
31
|
#endif
|
|
@@ -24,6 +24,8 @@
|
|
|
24
24
|
#include <string.h>
|
|
25
25
|
#include <linux/audit.h>
|
|
26
26
|
|
|
27
|
+
#include "db.h"
|
|
28
|
+
#include "syscalls.h"
|
|
27
29
|
#include "arch.h"
|
|
28
30
|
#include "arch-x86.h"
|
|
29
31
|
|
|
@@ -31,16 +33,165 @@
|
|
|
31
33
|
#define __x86_NR_socketcall 102
|
|
32
34
|
#define __x86_NR_ipc 117
|
|
33
35
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
36
|
+
/**
|
|
37
|
+
* Resolve a syscall name to a number
|
|
38
|
+
* @param name the syscall name
|
|
39
|
+
*
|
|
40
|
+
* Resolve the given syscall name to the syscall number using the syscall table.
|
|
41
|
+
* Returns the syscall number on success, including negative pseudo syscall
|
|
42
|
+
* numbers; returns __NR_SCMP_ERROR on failure.
|
|
43
|
+
*
|
|
44
|
+
*/
|
|
45
|
+
int x86_syscall_resolve_name_munge(const char *name)
|
|
46
|
+
{
|
|
47
|
+
if (strcmp(name, "accept") == 0)
|
|
48
|
+
return __PNR_accept;
|
|
49
|
+
else if (strcmp(name, "accept4") == 0)
|
|
50
|
+
return __PNR_accept4;
|
|
51
|
+
else if (strcmp(name, "bind") == 0)
|
|
52
|
+
return __PNR_bind;
|
|
53
|
+
else if (strcmp(name, "connect") == 0)
|
|
54
|
+
return __PNR_connect;
|
|
55
|
+
else if (strcmp(name, "getpeername") == 0)
|
|
56
|
+
return __PNR_getpeername;
|
|
57
|
+
else if (strcmp(name, "getsockname") == 0)
|
|
58
|
+
return __PNR_getsockname;
|
|
59
|
+
else if (strcmp(name, "getsockopt") == 0)
|
|
60
|
+
return __PNR_getsockopt;
|
|
61
|
+
else if (strcmp(name, "listen") == 0)
|
|
62
|
+
return __PNR_listen;
|
|
63
|
+
else if (strcmp(name, "recv") == 0)
|
|
64
|
+
return __PNR_recv;
|
|
65
|
+
else if (strcmp(name, "recvfrom") == 0)
|
|
66
|
+
return __PNR_recvfrom;
|
|
67
|
+
else if (strcmp(name, "recvmsg") == 0)
|
|
68
|
+
return __PNR_recvmsg;
|
|
69
|
+
else if (strcmp(name, "recvmmsg") == 0)
|
|
70
|
+
return __PNR_recvmmsg;
|
|
71
|
+
else if (strcmp(name, "send") == 0)
|
|
72
|
+
return __PNR_send;
|
|
73
|
+
else if (strcmp(name, "sendmsg") == 0)
|
|
74
|
+
return __PNR_sendmsg;
|
|
75
|
+
else if (strcmp(name, "sendmmsg") == 0)
|
|
76
|
+
return __PNR_sendmmsg;
|
|
77
|
+
else if (strcmp(name, "sendto") == 0)
|
|
78
|
+
return __PNR_sendto;
|
|
79
|
+
else if (strcmp(name, "setsockopt") == 0)
|
|
80
|
+
return __PNR_setsockopt;
|
|
81
|
+
else if (strcmp(name, "shutdown") == 0)
|
|
82
|
+
return __PNR_shutdown;
|
|
83
|
+
else if (strcmp(name, "socket") == 0)
|
|
84
|
+
return __PNR_socket;
|
|
85
|
+
else if (strcmp(name, "socketpair") == 0)
|
|
86
|
+
return __PNR_socketpair;
|
|
87
|
+
|
|
88
|
+
if (strcmp(name, "semop") == 0)
|
|
89
|
+
return __PNR_semop;
|
|
90
|
+
else if (strcmp(name, "semget") == 0)
|
|
91
|
+
return __PNR_semget;
|
|
92
|
+
else if (strcmp(name, "semctl") == 0)
|
|
93
|
+
return __PNR_semctl;
|
|
94
|
+
else if (strcmp(name, "semtimedop") == 0)
|
|
95
|
+
return __PNR_semtimedop;
|
|
96
|
+
else if (strcmp(name, "msgsnd") == 0)
|
|
97
|
+
return __PNR_msgsnd;
|
|
98
|
+
else if (strcmp(name, "msgrcv") == 0)
|
|
99
|
+
return __PNR_msgrcv;
|
|
100
|
+
else if (strcmp(name, "msgget") == 0)
|
|
101
|
+
return __PNR_msgget;
|
|
102
|
+
else if (strcmp(name, "msgctl") == 0)
|
|
103
|
+
return __PNR_msgctl;
|
|
104
|
+
else if (strcmp(name, "shmat") == 0)
|
|
105
|
+
return __PNR_shmat;
|
|
106
|
+
else if (strcmp(name, "shmdt") == 0)
|
|
107
|
+
return __PNR_shmdt;
|
|
108
|
+
else if (strcmp(name, "shmget") == 0)
|
|
109
|
+
return __PNR_shmget;
|
|
110
|
+
else if (strcmp(name, "shmctl") == 0)
|
|
111
|
+
return __PNR_shmctl;
|
|
112
|
+
|
|
113
|
+
return x86_syscall_resolve_name(name);
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
/**
|
|
117
|
+
* Resolve a syscall number to a name
|
|
118
|
+
* @param num the syscall number
|
|
119
|
+
*
|
|
120
|
+
* Resolve the given syscall number to the syscall name using the syscall table.
|
|
121
|
+
* Returns a pointer to the syscall name string on success, including pseudo
|
|
122
|
+
* syscall names; returns NULL on failure.
|
|
123
|
+
*
|
|
124
|
+
*/
|
|
125
|
+
const char *x86_syscall_resolve_num_munge(int num)
|
|
126
|
+
{
|
|
127
|
+
if (num == __PNR_accept)
|
|
128
|
+
return "accept";
|
|
129
|
+
else if (num == __PNR_accept4)
|
|
130
|
+
return "accept4";
|
|
131
|
+
else if (num == __PNR_bind)
|
|
132
|
+
return "bind";
|
|
133
|
+
else if (num == __PNR_connect)
|
|
134
|
+
return "connect";
|
|
135
|
+
else if (num == __PNR_getpeername)
|
|
136
|
+
return "getpeername";
|
|
137
|
+
else if (num == __PNR_getsockname)
|
|
138
|
+
return "getsockname";
|
|
139
|
+
else if (num == __PNR_getsockopt)
|
|
140
|
+
return "getsockopt";
|
|
141
|
+
else if (num == __PNR_listen)
|
|
142
|
+
return "listen";
|
|
143
|
+
else if (num == __PNR_recv)
|
|
144
|
+
return "recv";
|
|
145
|
+
else if (num == __PNR_recvfrom)
|
|
146
|
+
return "recvfrom";
|
|
147
|
+
else if (num == __PNR_recvmsg)
|
|
148
|
+
return "recvmsg";
|
|
149
|
+
else if (num == __PNR_recvmmsg)
|
|
150
|
+
return "recvmmsg";
|
|
151
|
+
else if (num == __PNR_send)
|
|
152
|
+
return "send";
|
|
153
|
+
else if (num == __PNR_sendmsg)
|
|
154
|
+
return "sendmsg";
|
|
155
|
+
else if (num == __PNR_sendmmsg)
|
|
156
|
+
return "sendmmsg";
|
|
157
|
+
else if (num == __PNR_sendto)
|
|
158
|
+
return "sendto";
|
|
159
|
+
else if (num == __PNR_setsockopt)
|
|
160
|
+
return "setsockopt";
|
|
161
|
+
else if (num == __PNR_shutdown)
|
|
162
|
+
return "shutdown";
|
|
163
|
+
else if (num == __PNR_socket)
|
|
164
|
+
return "socket";
|
|
165
|
+
else if (num == __PNR_socketpair)
|
|
166
|
+
return "socketpair";
|
|
167
|
+
|
|
168
|
+
if (num == __PNR_semop)
|
|
169
|
+
return "semop";
|
|
170
|
+
else if (num == __PNR_semget)
|
|
171
|
+
return "semget";
|
|
172
|
+
else if (num == __PNR_semctl)
|
|
173
|
+
return "semctl";
|
|
174
|
+
else if (num == __PNR_semtimedop)
|
|
175
|
+
return "semtimedop";
|
|
176
|
+
else if (num == __PNR_msgsnd)
|
|
177
|
+
return "msgsnd";
|
|
178
|
+
else if (num == __PNR_msgrcv)
|
|
179
|
+
return "msgrcv";
|
|
180
|
+
else if (num == __PNR_msgget)
|
|
181
|
+
return "msgget";
|
|
182
|
+
else if (num == __PNR_msgctl)
|
|
183
|
+
return "msgctl";
|
|
184
|
+
else if (num == __PNR_shmat)
|
|
185
|
+
return "shmat";
|
|
186
|
+
else if (num == __PNR_shmdt)
|
|
187
|
+
return "shmdt";
|
|
188
|
+
else if (num == __PNR_shmget)
|
|
189
|
+
return "shmget";
|
|
190
|
+
else if (num == __PNR_shmctl)
|
|
191
|
+
return "shmctl";
|
|
192
|
+
|
|
193
|
+
return x86_syscall_resolve_num(num);
|
|
194
|
+
}
|
|
44
195
|
|
|
45
196
|
/**
|
|
46
197
|
* Convert a multiplexed pseudo syscall into a direct syscall
|
|
@@ -461,3 +612,14 @@ add_return:
|
|
|
461
612
|
free(rule_dup);
|
|
462
613
|
return rc;
|
|
463
614
|
}
|
|
615
|
+
|
|
616
|
+
const struct arch_def arch_def_x86 = {
|
|
617
|
+
.token = SCMP_ARCH_X86,
|
|
618
|
+
.token_bpf = AUDIT_ARCH_I386,
|
|
619
|
+
.size = ARCH_SIZE_32,
|
|
620
|
+
.endian = ARCH_ENDIAN_LITTLE,
|
|
621
|
+
.syscall_resolve_name = x86_syscall_resolve_name_munge,
|
|
622
|
+
.syscall_resolve_num = x86_syscall_resolve_num_munge,
|
|
623
|
+
.syscall_rewrite = x86_syscall_rewrite,
|
|
624
|
+
.rule_add = x86_rule_add,
|
|
625
|
+
};
|
|
@@ -22,21 +22,8 @@
|
|
|
22
22
|
#ifndef _ARCH_X86_H
|
|
23
23
|
#define _ARCH_X86_H
|
|
24
24
|
|
|
25
|
-
#include <stdbool.h>
|
|
26
|
-
|
|
27
25
|
#include "arch.h"
|
|
28
|
-
#include "db.h"
|
|
29
|
-
#include "system.h"
|
|
30
|
-
|
|
31
|
-
extern const struct arch_def arch_def_x86;
|
|
32
|
-
|
|
33
|
-
int x86_syscall_resolve_name(const char *name);
|
|
34
|
-
const char *x86_syscall_resolve_num(int num);
|
|
35
|
-
|
|
36
|
-
const struct arch_syscall_def *x86_syscall_iterate(unsigned int spot);
|
|
37
|
-
|
|
38
|
-
int x86_syscall_rewrite(int *syscall);
|
|
39
26
|
|
|
40
|
-
|
|
27
|
+
ARCH_DECL(x86)
|
|
41
28
|
|
|
42
29
|
#endif
|
|
@@ -22,16 +22,8 @@
|
|
|
22
22
|
#ifndef _ARCH_x86_64_H
|
|
23
23
|
#define _ARCH_x86_64_H
|
|
24
24
|
|
|
25
|
-
#include <inttypes.h>
|
|
26
|
-
|
|
27
25
|
#include "arch.h"
|
|
28
|
-
#include "system.h"
|
|
29
|
-
|
|
30
|
-
extern const struct arch_def arch_def_x86_64;
|
|
31
|
-
|
|
32
|
-
int x86_64_syscall_resolve_name(const char *name);
|
|
33
|
-
const char *x86_64_syscall_resolve_num(int num);
|
|
34
26
|
|
|
35
|
-
|
|
27
|
+
ARCH_DECL(x86_64)
|
|
36
28
|
|
|
37
29
|
#endif
|
|
@@ -39,8 +39,10 @@
|
|
|
39
39
|
#include "arch-mips64.h"
|
|
40
40
|
#include "arch-mips64n32.h"
|
|
41
41
|
#include "arch-parisc.h"
|
|
42
|
+
#include "arch-parisc64.h"
|
|
42
43
|
#include "arch-ppc.h"
|
|
43
44
|
#include "arch-ppc64.h"
|
|
45
|
+
#include "arch-riscv64.h"
|
|
44
46
|
#include "arch-s390.h"
|
|
45
47
|
#include "arch-s390x.h"
|
|
46
48
|
#include "db.h"
|
|
@@ -94,6 +96,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc;
|
|
|
94
96
|
const struct arch_def *arch_def_native = &arch_def_s390x;
|
|
95
97
|
#elif __s390__
|
|
96
98
|
const struct arch_def *arch_def_native = &arch_def_s390;
|
|
99
|
+
#elif __riscv && __riscv_xlen == 64
|
|
100
|
+
const struct arch_def *arch_def_native = &arch_def_riscv64;
|
|
97
101
|
#else
|
|
98
102
|
#error the arch code needs to know about your machine type
|
|
99
103
|
#endif /* machine type guess */
|
|
@@ -156,6 +160,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
|
|
|
156
160
|
return &arch_def_s390;
|
|
157
161
|
case SCMP_ARCH_S390X:
|
|
158
162
|
return &arch_def_s390x;
|
|
163
|
+
case SCMP_ARCH_RISCV64:
|
|
164
|
+
return &arch_def_riscv64;
|
|
159
165
|
}
|
|
160
166
|
|
|
161
167
|
return NULL;
|
|
@@ -206,6 +212,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
|
|
|
206
212
|
return &arch_def_s390;
|
|
207
213
|
else if (strcmp(arch_name, "s390x") == 0)
|
|
208
214
|
return &arch_def_s390x;
|
|
215
|
+
else if (strcmp(arch_name, "riscv64") == 0)
|
|
216
|
+
return &arch_def_riscv64;
|
|
209
217
|
|
|
210
218
|
return NULL;
|
|
211
219
|
}
|
|
@@ -367,10 +375,10 @@ int arch_syscall_rewrite(const struct arch_def *arch, int *syscall)
|
|
|
367
375
|
if (sys >= -1) {
|
|
368
376
|
/* we shouldn't be here - no rewrite needed */
|
|
369
377
|
return 0;
|
|
370
|
-
} else if (sys
|
|
371
|
-
/* reserved values */
|
|
378
|
+
} else if (sys > -100) {
|
|
379
|
+
/* -2 to -99 are reserved values */
|
|
372
380
|
return -EINVAL;
|
|
373
|
-
} else if (sys
|
|
381
|
+
} else if (sys > -10000) {
|
|
374
382
|
/* rewritable syscalls */
|
|
375
383
|
if (arch->syscall_rewrite)
|
|
376
384
|
(*arch->syscall_rewrite)(syscall);
|
|
@@ -59,6 +59,13 @@ struct arch_def {
|
|
|
59
59
|
/* arch_def for the current architecture */
|
|
60
60
|
extern const struct arch_def *arch_def_native;
|
|
61
61
|
|
|
62
|
+
/* macro to declare the arch specific structures and functions */
|
|
63
|
+
#define ARCH_DECL(NAME) \
|
|
64
|
+
extern const struct arch_def arch_def_##NAME; \
|
|
65
|
+
int NAME##_syscall_resolve_name(const char *name); \
|
|
66
|
+
const char *NAME##_syscall_resolve_num(int num); \
|
|
67
|
+
const struct arch_syscall_def *NAME##_syscall_iterate(unsigned int spot);
|
|
68
|
+
|
|
62
69
|
/* syscall name/num mapping */
|
|
63
70
|
struct arch_syscall_def {
|
|
64
71
|
const char *name;
|
|
@@ -841,6 +841,7 @@ static void _db_reset(struct db_filter *db)
|
|
|
841
841
|
}
|
|
842
842
|
db->syscalls = NULL;
|
|
843
843
|
}
|
|
844
|
+
db->syscall_cnt = 0;
|
|
844
845
|
|
|
845
846
|
/* free any rules */
|
|
846
847
|
if (db->rules != NULL) {
|
|
@@ -909,6 +910,9 @@ static void _db_snap_release(struct db_filter_snap *snap)
|
|
|
909
910
|
{
|
|
910
911
|
unsigned int iter;
|
|
911
912
|
|
|
913
|
+
if (snap == NULL)
|
|
914
|
+
return;
|
|
915
|
+
|
|
912
916
|
if (snap->filter_cnt > 0) {
|
|
913
917
|
for (iter = 0; iter < snap->filter_cnt; iter++) {
|
|
914
918
|
if (snap->filters[iter])
|
|
@@ -1053,6 +1057,7 @@ int db_col_reset(struct db_filter_col *col, uint32_t def_action)
|
|
|
1053
1057
|
if (col->filters)
|
|
1054
1058
|
free(col->filters);
|
|
1055
1059
|
col->filters = NULL;
|
|
1060
|
+
col->notify_fd = -1;
|
|
1056
1061
|
|
|
1057
1062
|
/* set the endianess to undefined */
|
|
1058
1063
|
col->endian = 0;
|
|
@@ -1064,9 +1069,16 @@ int db_col_reset(struct db_filter_col *col, uint32_t def_action)
|
|
|
1064
1069
|
col->attr.tsync_enable = 0;
|
|
1065
1070
|
col->attr.api_tskip = 0;
|
|
1066
1071
|
col->attr.log_enable = 0;
|
|
1072
|
+
col->attr.spec_allow = 0;
|
|
1073
|
+
col->attr.optimize = 1;
|
|
1074
|
+
col->attr.api_sysrawrc = 0;
|
|
1067
1075
|
|
|
1068
1076
|
/* set the state */
|
|
1069
1077
|
col->state = _DB_STA_VALID;
|
|
1078
|
+
if (def_action == SCMP_ACT_NOTIFY)
|
|
1079
|
+
col->notify_used = true;
|
|
1080
|
+
else
|
|
1081
|
+
col->notify_used = false;
|
|
1070
1082
|
|
|
1071
1083
|
/* reset the initial db */
|
|
1072
1084
|
db = _db_init(arch_def_native);
|
|
@@ -1128,6 +1140,7 @@ init_failure:
|
|
|
1128
1140
|
void db_col_release(struct db_filter_col *col)
|
|
1129
1141
|
{
|
|
1130
1142
|
unsigned int iter;
|
|
1143
|
+
struct db_filter_snap *snap;
|
|
1131
1144
|
|
|
1132
1145
|
if (col == NULL)
|
|
1133
1146
|
return;
|
|
@@ -1135,6 +1148,13 @@ void db_col_release(struct db_filter_col *col)
|
|
|
1135
1148
|
/* set the state, just in case */
|
|
1136
1149
|
col->state = _DB_STA_FREED;
|
|
1137
1150
|
|
|
1151
|
+
/* free any snapshots */
|
|
1152
|
+
while (col->snapshots != NULL) {
|
|
1153
|
+
snap = col->snapshots;
|
|
1154
|
+
col->snapshots = snap->next;
|
|
1155
|
+
_db_snap_release(snap);
|
|
1156
|
+
}
|
|
1157
|
+
|
|
1138
1158
|
/* free any filters */
|
|
1139
1159
|
for (iter = 0; iter < col->filter_cnt; iter++)
|
|
1140
1160
|
_db_release(col->filters[iter]);
|
|
@@ -1148,30 +1168,42 @@ void db_col_release(struct db_filter_col *col)
|
|
|
1148
1168
|
}
|
|
1149
1169
|
|
|
1150
1170
|
/**
|
|
1151
|
-
* Validate
|
|
1152
|
-
* @param
|
|
1171
|
+
* Validate a filter collection
|
|
1172
|
+
* @param col the seccomp filter collection
|
|
1173
|
+
*
|
|
1174
|
+
* This function validates a seccomp filter collection. Returns zero if the
|
|
1175
|
+
* collection is valid, negative values on failure.
|
|
1153
1176
|
*
|
|
1154
|
-
* Verify that the given action is a valid seccomp action; return zero if
|
|
1155
|
-
* valid, -EINVAL if invalid.
|
|
1156
1177
|
*/
|
|
1157
|
-
int
|
|
1178
|
+
int db_col_valid(struct db_filter_col *col)
|
|
1158
1179
|
{
|
|
1159
|
-
if (
|
|
1180
|
+
if (col != NULL && col->state == _DB_STA_VALID && col->filter_cnt > 0)
|
|
1160
1181
|
return 0;
|
|
1161
1182
|
return -EINVAL;
|
|
1162
1183
|
}
|
|
1163
1184
|
|
|
1164
1185
|
/**
|
|
1165
|
-
* Validate
|
|
1186
|
+
* Validate the seccomp action
|
|
1166
1187
|
* @param col the seccomp filter collection
|
|
1188
|
+
* @param action the seccomp action
|
|
1167
1189
|
*
|
|
1168
|
-
*
|
|
1169
|
-
*
|
|
1170
|
-
*
|
|
1190
|
+
* Verify that the given action is a valid seccomp action; return zero if
|
|
1191
|
+
* valid, -EINVAL if invalid.
|
|
1171
1192
|
*/
|
|
1172
|
-
int
|
|
1193
|
+
int db_col_action_valid(const struct db_filter_col *col, uint32_t action)
|
|
1173
1194
|
{
|
|
1174
|
-
if (col != NULL
|
|
1195
|
+
if (col != NULL) {
|
|
1196
|
+
/* NOTE: in some cases we don't have a filter collection yet,
|
|
1197
|
+
* but when we do we need to do the following checks */
|
|
1198
|
+
|
|
1199
|
+
/* kernel disallows TSYNC and NOTIFY in one filter unless we
|
|
1200
|
+
* have the TSYNC_ESRCH flag */
|
|
1201
|
+
if (sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC_ESRCH) < 1 &&
|
|
1202
|
+
col->attr.tsync_enable && action == SCMP_ACT_NOTIFY)
|
|
1203
|
+
return -EINVAL;
|
|
1204
|
+
}
|
|
1205
|
+
|
|
1206
|
+
if (sys_chk_seccomp_action(action) == 1)
|
|
1175
1207
|
return 0;
|
|
1176
1208
|
return -EINVAL;
|
|
1177
1209
|
}
|
|
@@ -1281,14 +1313,42 @@ int db_col_attr_get(const struct db_filter_col *col,
|
|
|
1281
1313
|
case SCMP_FLTATR_CTL_LOG:
|
|
1282
1314
|
*value = col->attr.log_enable;
|
|
1283
1315
|
break;
|
|
1316
|
+
case SCMP_FLTATR_CTL_SSB:
|
|
1317
|
+
*value = col->attr.spec_allow;
|
|
1318
|
+
break;
|
|
1319
|
+
case SCMP_FLTATR_CTL_OPTIMIZE:
|
|
1320
|
+
*value = col->attr.optimize;
|
|
1321
|
+
break;
|
|
1322
|
+
case SCMP_FLTATR_API_SYSRAWRC:
|
|
1323
|
+
*value = col->attr.api_sysrawrc;
|
|
1324
|
+
break;
|
|
1284
1325
|
default:
|
|
1285
|
-
rc = -
|
|
1326
|
+
rc = -EINVAL;
|
|
1286
1327
|
break;
|
|
1287
1328
|
}
|
|
1288
1329
|
|
|
1289
1330
|
return rc;
|
|
1290
1331
|
}
|
|
1291
1332
|
|
|
1333
|
+
/**
|
|
1334
|
+
* Get a filter attribute
|
|
1335
|
+
* @param col the seccomp filter collection
|
|
1336
|
+
* @param attr the filter attribute
|
|
1337
|
+
*
|
|
1338
|
+
* Returns the requested filter attribute value with zero on any error.
|
|
1339
|
+
* Special care must be given with this function as error conditions can be
|
|
1340
|
+
* hidden from the caller.
|
|
1341
|
+
*
|
|
1342
|
+
*/
|
|
1343
|
+
uint32_t db_col_attr_read(const struct db_filter_col *col,
|
|
1344
|
+
enum scmp_filter_attr attr)
|
|
1345
|
+
{
|
|
1346
|
+
uint32_t value = 0;
|
|
1347
|
+
|
|
1348
|
+
db_col_attr_get(col, attr, &value);
|
|
1349
|
+
return value;
|
|
1350
|
+
}
|
|
1351
|
+
|
|
1292
1352
|
/**
|
|
1293
1353
|
* Set a filter attribute
|
|
1294
1354
|
* @param col the seccomp filter collection
|
|
@@ -1310,7 +1370,7 @@ int db_col_attr_set(struct db_filter_col *col,
|
|
|
1310
1370
|
return -EACCES;
|
|
1311
1371
|
break;
|
|
1312
1372
|
case SCMP_FLTATR_ACT_BADARCH:
|
|
1313
|
-
if (
|
|
1373
|
+
if (db_col_action_valid(col, value) == 0)
|
|
1314
1374
|
col->attr.act_badarch = value;
|
|
1315
1375
|
else
|
|
1316
1376
|
return -EINVAL;
|
|
@@ -1323,6 +1383,11 @@ int db_col_attr_set(struct db_filter_col *col,
|
|
|
1323
1383
|
if (rc == 1) {
|
|
1324
1384
|
/* supported */
|
|
1325
1385
|
rc = 0;
|
|
1386
|
+
/* kernel disallows TSYNC and NOTIFY in one filter
|
|
1387
|
+
* unless we have TSYNC_ESRCH */
|
|
1388
|
+
if (sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC_ESRCH) < 1 &&
|
|
1389
|
+
value && col->notify_used)
|
|
1390
|
+
return -EINVAL;
|
|
1326
1391
|
col->attr.tsync_enable = (value ? 1 : 0);
|
|
1327
1392
|
} else if (rc == 0)
|
|
1328
1393
|
/* unsupported */
|
|
@@ -1342,8 +1407,33 @@ int db_col_attr_set(struct db_filter_col *col,
|
|
|
1342
1407
|
rc = -EOPNOTSUPP;
|
|
1343
1408
|
}
|
|
1344
1409
|
break;
|
|
1410
|
+
case SCMP_FLTATR_CTL_SSB:
|
|
1411
|
+
rc = sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_SPEC_ALLOW);
|
|
1412
|
+
if (rc == 1) {
|
|
1413
|
+
/* supported */
|
|
1414
|
+
rc = 0;
|
|
1415
|
+
col->attr.spec_allow = (value ? 1 : 0);
|
|
1416
|
+
} else if (rc == 0) {
|
|
1417
|
+
/* unsupported */
|
|
1418
|
+
rc = -EOPNOTSUPP;
|
|
1419
|
+
}
|
|
1420
|
+
break;
|
|
1421
|
+
case SCMP_FLTATR_CTL_OPTIMIZE:
|
|
1422
|
+
switch (value) {
|
|
1423
|
+
case 1:
|
|
1424
|
+
case 2:
|
|
1425
|
+
col->attr.optimize = value;
|
|
1426
|
+
break;
|
|
1427
|
+
default:
|
|
1428
|
+
rc = -EOPNOTSUPP;
|
|
1429
|
+
break;
|
|
1430
|
+
}
|
|
1431
|
+
break;
|
|
1432
|
+
case SCMP_FLTATR_API_SYSRAWRC:
|
|
1433
|
+
col->attr.api_sysrawrc = (value ? 1 : 0);
|
|
1434
|
+
break;
|
|
1345
1435
|
default:
|
|
1346
|
-
rc = -
|
|
1436
|
+
rc = -EINVAL;
|
|
1347
1437
|
break;
|
|
1348
1438
|
}
|
|
1349
1439
|
|
|
@@ -2008,6 +2098,7 @@ add_reset:
|
|
|
2008
2098
|
s_new->next = db->syscalls;
|
|
2009
2099
|
db->syscalls = s_new;
|
|
2010
2100
|
}
|
|
2101
|
+
db->syscall_cnt++;
|
|
2011
2102
|
return 0;
|
|
2012
2103
|
} else if (s_iter->chains == NULL) {
|
|
2013
2104
|
if (rm_flag || !s_iter->valid) {
|
|
@@ -2146,6 +2237,44 @@ priority_failure:
|
|
|
2146
2237
|
return rc;
|
|
2147
2238
|
}
|
|
2148
2239
|
|
|
2240
|
+
/**
|
|
2241
|
+
* Add a new rule to a single filter
|
|
2242
|
+
* @param filter the filter
|
|
2243
|
+
* @param rule the filter rule
|
|
2244
|
+
*
|
|
2245
|
+
* This is a helper function for db_col_rule_add() and similar functions, it
|
|
2246
|
+
* isn't generally useful. Returns zero on success, negative values on error.
|
|
2247
|
+
*
|
|
2248
|
+
*/
|
|
2249
|
+
static int _db_col_rule_add(struct db_filter *filter,
|
|
2250
|
+
struct db_api_rule_list *rule)
|
|
2251
|
+
{
|
|
2252
|
+
int rc;
|
|
2253
|
+
struct db_api_rule_list *iter;
|
|
2254
|
+
|
|
2255
|
+
/* add the rule to the filter */
|
|
2256
|
+
rc = arch_filter_rule_add(filter, rule);
|
|
2257
|
+
if (rc != 0)
|
|
2258
|
+
return rc;
|
|
2259
|
+
|
|
2260
|
+
/* insert the chain to the end of the rule list */
|
|
2261
|
+
iter = rule;
|
|
2262
|
+
while (iter->next)
|
|
2263
|
+
iter = iter->next;
|
|
2264
|
+
if (filter->rules != NULL) {
|
|
2265
|
+
rule->prev = filter->rules->prev;
|
|
2266
|
+
iter->next = filter->rules;
|
|
2267
|
+
filter->rules->prev->next = rule;
|
|
2268
|
+
filter->rules->prev = iter;
|
|
2269
|
+
} else {
|
|
2270
|
+
rule->prev = iter;
|
|
2271
|
+
iter->next = rule;
|
|
2272
|
+
filter->rules = rule;
|
|
2273
|
+
}
|
|
2274
|
+
|
|
2275
|
+
return 0;
|
|
2276
|
+
}
|
|
2277
|
+
|
|
2149
2278
|
/**
|
|
2150
2279
|
* Add a new rule to the current filter
|
|
2151
2280
|
* @param col the filter collection
|
|
@@ -2174,7 +2303,7 @@ int db_col_rule_add(struct db_filter_col *col,
|
|
|
2174
2303
|
size_t chain_size;
|
|
2175
2304
|
struct db_api_arg *chain = NULL;
|
|
2176
2305
|
struct scmp_arg_cmp arg_data;
|
|
2177
|
-
struct db_api_rule_list *rule
|
|
2306
|
+
struct db_api_rule_list *rule;
|
|
2178
2307
|
struct db_filter *db;
|
|
2179
2308
|
|
|
2180
2309
|
/* collect the arguments for the filter rule */
|
|
@@ -2222,9 +2351,6 @@ int db_col_rule_add(struct db_filter_col *col,
|
|
|
2222
2351
|
|
|
2223
2352
|
/* add the rule to the different filters in the collection */
|
|
2224
2353
|
for (iter = 0; iter < col->filter_cnt; iter++) {
|
|
2225
|
-
|
|
2226
|
-
/* TODO: consolidate with db_col_transaction_start() */
|
|
2227
|
-
|
|
2228
2354
|
db = col->filters[iter];
|
|
2229
2355
|
|
|
2230
2356
|
/* create the rule */
|
|
@@ -2235,24 +2361,10 @@ int db_col_rule_add(struct db_filter_col *col,
|
|
|
2235
2361
|
}
|
|
2236
2362
|
|
|
2237
2363
|
/* add the rule */
|
|
2238
|
-
rc_tmp =
|
|
2239
|
-
if (rc_tmp
|
|
2240
|
-
/* insert the chain to the end of the rule list */
|
|
2241
|
-
rule_tmp = rule;
|
|
2242
|
-
while (rule_tmp->next)
|
|
2243
|
-
rule_tmp = rule_tmp->next;
|
|
2244
|
-
if (db->rules != NULL) {
|
|
2245
|
-
rule->prev = db->rules->prev;
|
|
2246
|
-
rule_tmp->next = db->rules;
|
|
2247
|
-
db->rules->prev->next = rule;
|
|
2248
|
-
db->rules->prev = rule_tmp;
|
|
2249
|
-
} else {
|
|
2250
|
-
rule->prev = rule_tmp;
|
|
2251
|
-
rule_tmp->next = rule;
|
|
2252
|
-
db->rules = rule;
|
|
2253
|
-
}
|
|
2254
|
-
} else
|
|
2364
|
+
rc_tmp = _db_col_rule_add(db, rule);
|
|
2365
|
+
if (rc_tmp != 0)
|
|
2255
2366
|
free(rule);
|
|
2367
|
+
|
|
2256
2368
|
add_arch_fail:
|
|
2257
2369
|
if (rc_tmp != 0 && rc == 0)
|
|
2258
2370
|
rc = rc_tmp;
|
|
@@ -2265,6 +2377,9 @@ add_arch_fail:
|
|
|
2265
2377
|
db_col_transaction_abort(col);
|
|
2266
2378
|
|
|
2267
2379
|
add_return:
|
|
2380
|
+
/* update the misc state */
|
|
2381
|
+
if (rc == 0 && action == SCMP_ACT_NOTIFY)
|
|
2382
|
+
col->notify_used = true;
|
|
2268
2383
|
if (chain != NULL)
|
|
2269
2384
|
free(chain);
|
|
2270
2385
|
return rc;
|
|
@@ -2284,7 +2399,21 @@ int db_col_transaction_start(struct db_filter_col *col)
|
|
|
2284
2399
|
unsigned int iter;
|
|
2285
2400
|
struct db_filter_snap *snap;
|
|
2286
2401
|
struct db_filter *filter_o, *filter_s;
|
|
2287
|
-
struct db_api_rule_list *rule_o, *rule_s = NULL
|
|
2402
|
+
struct db_api_rule_list *rule_o, *rule_s = NULL;
|
|
2403
|
+
|
|
2404
|
+
/* check to see if a shadow snapshot exists */
|
|
2405
|
+
if (col->snapshots && col->snapshots->shadow) {
|
|
2406
|
+
/* we have a shadow! this will be easy */
|
|
2407
|
+
|
|
2408
|
+
/* NOTE: we don't bother to do any verification of the shadow
|
|
2409
|
+
* because we start a new transaction every time we add
|
|
2410
|
+
* a new rule to the filter(s); if this ever changes we
|
|
2411
|
+
* will need to add a mechanism to verify that the shadow
|
|
2412
|
+
* transaction is current/correct */
|
|
2413
|
+
|
|
2414
|
+
col->snapshots->shadow = false;
|
|
2415
|
+
return 0;
|
|
2416
|
+
}
|
|
2288
2417
|
|
|
2289
2418
|
/* allocate the snapshot */
|
|
2290
2419
|
snap = zmalloc(sizeof(*snap));
|
|
@@ -2314,33 +2443,15 @@ int db_col_transaction_start(struct db_filter_col *col)
|
|
|
2314
2443
|
if (rule_o == NULL)
|
|
2315
2444
|
continue;
|
|
2316
2445
|
do {
|
|
2317
|
-
|
|
2318
|
-
/* TODO: consolidate with db_col_rule_add() */
|
|
2319
|
-
|
|
2320
2446
|
/* duplicate the rule */
|
|
2321
2447
|
rule_s = db_rule_dup(rule_o);
|
|
2322
2448
|
if (rule_s == NULL)
|
|
2323
2449
|
goto trans_start_failure;
|
|
2324
2450
|
|
|
2325
2451
|
/* add the rule */
|
|
2326
|
-
rc =
|
|
2452
|
+
rc = _db_col_rule_add(filter_s, rule_s);
|
|
2327
2453
|
if (rc != 0)
|
|
2328
2454
|
goto trans_start_failure;
|
|
2329
|
-
|
|
2330
|
-
/* insert the chain to the end of the rule list */
|
|
2331
|
-
rule_tmp = rule_s;
|
|
2332
|
-
while (rule_tmp->next)
|
|
2333
|
-
rule_tmp = rule_tmp->next;
|
|
2334
|
-
if (filter_s->rules != NULL) {
|
|
2335
|
-
rule_s->prev = filter_s->rules->prev;
|
|
2336
|
-
rule_tmp->next = filter_s->rules;
|
|
2337
|
-
filter_s->rules->prev->next = rule_s;
|
|
2338
|
-
filter_s->rules->prev = rule_tmp;
|
|
2339
|
-
} else {
|
|
2340
|
-
rule_s->prev = rule_tmp;
|
|
2341
|
-
rule_tmp->next = rule_s;
|
|
2342
|
-
filter_s->rules = rule_s;
|
|
2343
|
-
}
|
|
2344
2455
|
rule_s = NULL;
|
|
2345
2456
|
|
|
2346
2457
|
/* next rule */
|
|
@@ -2397,14 +2508,114 @@ void db_col_transaction_abort(struct db_filter_col *col)
|
|
|
2397
2508
|
* Commit the top most seccomp filter transaction
|
|
2398
2509
|
* @param col the filter collection
|
|
2399
2510
|
*
|
|
2400
|
-
* This function commits the most recent seccomp filter transaction
|
|
2511
|
+
* This function commits the most recent seccomp filter transaction and
|
|
2512
|
+
* attempts to create a shadow transaction that is a duplicate of the current
|
|
2513
|
+
* filter to speed up future transactions.
|
|
2401
2514
|
*
|
|
2402
2515
|
*/
|
|
2403
2516
|
void db_col_transaction_commit(struct db_filter_col *col)
|
|
2404
2517
|
{
|
|
2518
|
+
int rc;
|
|
2519
|
+
unsigned int iter;
|
|
2405
2520
|
struct db_filter_snap *snap;
|
|
2521
|
+
struct db_filter *filter_o, *filter_s;
|
|
2522
|
+
struct db_api_rule_list *rule_o, *rule_s;
|
|
2406
2523
|
|
|
2407
2524
|
snap = col->snapshots;
|
|
2525
|
+
if (snap == NULL)
|
|
2526
|
+
return;
|
|
2527
|
+
|
|
2528
|
+
/* check for a shadow set by a higher transaction commit */
|
|
2529
|
+
if (snap->shadow) {
|
|
2530
|
+
/* leave the shadow intact, but drop the next snapshot */
|
|
2531
|
+
if (snap->next) {
|
|
2532
|
+
snap->next = snap->next->next;
|
|
2533
|
+
_db_snap_release(snap->next);
|
|
2534
|
+
}
|
|
2535
|
+
return;
|
|
2536
|
+
}
|
|
2537
|
+
|
|
2538
|
+
/* adjust the number of filters if needed */
|
|
2539
|
+
if (col->filter_cnt > snap->filter_cnt) {
|
|
2540
|
+
unsigned int tmp_i;
|
|
2541
|
+
struct db_filter **tmp_f;
|
|
2542
|
+
|
|
2543
|
+
/* add filters */
|
|
2544
|
+
tmp_f = realloc(snap->filters,
|
|
2545
|
+
sizeof(struct db_filter *) * col->filter_cnt);
|
|
2546
|
+
if (tmp_f == NULL)
|
|
2547
|
+
goto shadow_err;
|
|
2548
|
+
snap->filters = tmp_f;
|
|
2549
|
+
do {
|
|
2550
|
+
tmp_i = snap->filter_cnt;
|
|
2551
|
+
snap->filters[tmp_i] =
|
|
2552
|
+
_db_init(col->filters[tmp_i]->arch);
|
|
2553
|
+
if (snap->filters[tmp_i] == NULL)
|
|
2554
|
+
goto shadow_err;
|
|
2555
|
+
snap->filter_cnt++;
|
|
2556
|
+
} while (snap->filter_cnt < col->filter_cnt);
|
|
2557
|
+
} else if (col->filter_cnt < snap->filter_cnt) {
|
|
2558
|
+
/* remove filters */
|
|
2559
|
+
|
|
2560
|
+
/* NOTE: while we release the filters we no longer need, we
|
|
2561
|
+
* don't bother to resize the filter array, we just
|
|
2562
|
+
* adjust the filter counter, this *should* be harmless
|
|
2563
|
+
* at the cost of a not reaping all the memory possible */
|
|
2564
|
+
|
|
2565
|
+
do {
|
|
2566
|
+
_db_release(snap->filters[snap->filter_cnt--]);
|
|
2567
|
+
} while (snap->filter_cnt > col->filter_cnt);
|
|
2568
|
+
}
|
|
2569
|
+
|
|
2570
|
+
/* loop through each filter and update the rules on the snapshot */
|
|
2571
|
+
for (iter = 0; iter < col->filter_cnt; iter++) {
|
|
2572
|
+
filter_o = col->filters[iter];
|
|
2573
|
+
filter_s = snap->filters[iter];
|
|
2574
|
+
|
|
2575
|
+
/* skip ahead to the new rule(s) */
|
|
2576
|
+
rule_o = filter_o->rules;
|
|
2577
|
+
rule_s = filter_s->rules;
|
|
2578
|
+
if (rule_o == NULL)
|
|
2579
|
+
/* nothing to shadow */
|
|
2580
|
+
continue;
|
|
2581
|
+
if (rule_s != NULL) {
|
|
2582
|
+
do {
|
|
2583
|
+
rule_o = rule_o->next;
|
|
2584
|
+
rule_s = rule_s->next;
|
|
2585
|
+
} while (rule_s != filter_s->rules);
|
|
2586
|
+
|
|
2587
|
+
/* did we actually add any rules? */
|
|
2588
|
+
if (rule_o == filter_o->rules)
|
|
2589
|
+
/* no, we are done in this case */
|
|
2590
|
+
continue;
|
|
2591
|
+
}
|
|
2592
|
+
|
|
2593
|
+
/* update the old snapshot to make it a shadow */
|
|
2594
|
+
do {
|
|
2595
|
+
/* duplicate the rule */
|
|
2596
|
+
rule_s = db_rule_dup(rule_o);
|
|
2597
|
+
if (rule_s == NULL)
|
|
2598
|
+
goto shadow_err;
|
|
2599
|
+
|
|
2600
|
+
/* add the rule */
|
|
2601
|
+
rc = _db_col_rule_add(filter_s, rule_s);
|
|
2602
|
+
if (rc != 0) {
|
|
2603
|
+
free(rule_s);
|
|
2604
|
+
goto shadow_err;
|
|
2605
|
+
}
|
|
2606
|
+
|
|
2607
|
+
/* next rule */
|
|
2608
|
+
rule_o = rule_o->next;
|
|
2609
|
+
} while (rule_o != filter_o->rules);
|
|
2610
|
+
}
|
|
2611
|
+
|
|
2612
|
+
/* success, mark the snapshot as a shadow and return */
|
|
2613
|
+
snap->shadow = true;
|
|
2614
|
+
return;
|
|
2615
|
+
|
|
2616
|
+
shadow_err:
|
|
2617
|
+
/* we failed making a shadow, cleanup and return */
|
|
2408
2618
|
col->snapshots = snap->next;
|
|
2409
2619
|
_db_snap_release(snap);
|
|
2620
|
+
return;
|
|
2410
2621
|
}
|