script_core 0.2.6 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (191) hide show
  1. checksums.yaml +4 -4
  2. data/ext/enterprise_script_service/libseccomp/.travis.yml +21 -7
  3. data/ext/enterprise_script_service/libseccomp/CHANGELOG +22 -0
  4. data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
  5. data/ext/enterprise_script_service/libseccomp/CREDITS +8 -0
  6. data/ext/enterprise_script_service/libseccomp/README.md +3 -1
  7. data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
  8. data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
  9. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
  10. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
  11. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
  12. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
  13. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
  14. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
  15. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
  16. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
  17. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
  18. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
  19. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
  20. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
  21. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
  22. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
  23. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
  24. data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +12 -0
  25. data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
  26. data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
  27. data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
  28. data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
  29. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
  30. data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
  31. data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
  32. data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
  33. data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
  34. data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
  35. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
  36. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
  37. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
  38. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
  39. data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
  40. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
  41. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
  42. data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
  43. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
  44. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
  45. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
  46. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
  47. data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
  48. data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
  49. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
  50. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
  51. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
  52. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
  53. data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
  54. data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
  55. data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
  56. data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
  57. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
  58. data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
  59. data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
  60. data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
  61. data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
  62. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
  63. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
  64. data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
  65. data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
  66. data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
  67. data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
  68. data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
  69. data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
  70. data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
  71. data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
  72. data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
  73. data/ext/enterprise_script_service/libseccomp/tests/.gitignore +9 -2
  74. data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
  75. data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
  76. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
  77. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
  78. data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +1 -0
  79. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
  80. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
  81. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
  82. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
  83. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
  84. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
  85. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
  86. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
  87. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
  88. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
  89. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
  90. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
  91. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
  92. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
  93. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
  94. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
  95. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
  96. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
  97. data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
  98. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
  99. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
  100. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
  101. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
  102. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
  103. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
  104. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
  105. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
  106. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
  107. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
  108. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
  109. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
  110. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
  111. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
  112. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
  113. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
  114. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
  115. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
  116. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
  117. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
  118. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
  119. data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +31 -10
  120. data/ext/enterprise_script_service/libseccomp/tests/regression +6 -3
  121. data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
  122. data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
  123. data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
  124. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
  125. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +2 -0
  126. data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
  127. data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
  128. data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
  129. data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
  130. data/ext/enterprise_script_service/mruby/README.md +1 -1
  131. data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
  132. data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
  133. data/ext/enterprise_script_service/mruby/include/mruby.h +13 -0
  134. data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -1
  135. data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
  136. data/ext/enterprise_script_service/mruby/include/mruby/value.h +25 -29
  137. data/ext/enterprise_script_service/mruby/include/mruby/version.h +3 -3
  138. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
  139. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +2 -2
  140. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +17 -10
  141. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
  142. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
  143. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +1 -1
  144. data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
  145. data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
  146. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +1 -2
  147. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +9 -26
  148. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +1 -2
  149. data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
  150. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +3 -4
  151. data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
  152. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +1 -2
  153. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
  154. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
  155. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +3 -3
  156. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +1 -2
  157. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
  158. data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +5 -10
  159. data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
  160. data/ext/enterprise_script_service/mruby/src/array.c +14 -11
  161. data/ext/enterprise_script_service/mruby/src/class.c +22 -21
  162. data/ext/enterprise_script_service/mruby/src/error.c +1 -2
  163. data/ext/enterprise_script_service/mruby/src/etc.c +0 -1
  164. data/ext/enterprise_script_service/mruby/src/gc.c +5 -5
  165. data/ext/enterprise_script_service/mruby/src/hash.c +8 -15
  166. data/ext/enterprise_script_service/mruby/src/kernel.c +4 -7
  167. data/ext/enterprise_script_service/mruby/src/numeric.c +28 -60
  168. data/ext/enterprise_script_service/mruby/src/object.c +11 -1
  169. data/ext/enterprise_script_service/mruby/src/proc.c +7 -8
  170. data/ext/enterprise_script_service/mruby/src/range.c +4 -12
  171. data/ext/enterprise_script_service/mruby/src/string.c +24 -21
  172. data/ext/enterprise_script_service/mruby/src/symbol.c +1 -2
  173. data/ext/enterprise_script_service/mruby/src/vm.c +28 -24
  174. data/ext/enterprise_script_service/mruby/test/t/kernel.rb +7 -0
  175. data/lib/script_core/version.rb +1 -1
  176. metadata +45 -21
  177. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
  178. data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
  179. data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
  180. data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
  181. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
  182. data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
  183. data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
  184. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
  185. data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -642
  186. data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -642
  187. data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
  188. data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
  189. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
  190. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
  191. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py ADDED
@@ -0,0 +1,61 @@
1
+ #!/usr/bin/env python
2
+
3
+ #
4
+ # Seccomp Library test program
5
+ #
6
+ # Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
7
+ # Author: Paul Moore <paul@paul-moore.com>
8
+ #
9
+
10
+ #
11
+ # This library is free software; you can redistribute it and/or modify it
12
+ # under the terms of version 2.1 of the GNU Lesser General Public License as
13
+ # published by the Free Software Foundation.
14
+ #
15
+ # This library is distributed in the hope that it will be useful, but WITHOUT
16
+ # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17
+ # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
18
+ # for more details.
19
+ #
20
+ # You should have received a copy of the GNU Lesser General Public License
21
+ # along with this library; if not, see <http://www.gnu.org/licenses>.
22
+ #
23
+
24
+ import argparse
25
+ import os
26
+ import signal
27
+ import sys
28
+
29
+ import util
30
+
31
+ from seccomp import *
32
+
33
+ def test():
34
+ magic = os.getuid() + 1
35
+ f = SyscallFilter(ALLOW)
36
+ f.set_attr(Attr.CTL_TSYNC, 1)
37
+ f.add_rule(NOTIFY, "getuid")
38
+ f.load()
39
+ pid = os.fork()
40
+ if pid == 0:
41
+ val = os.getuid()
42
+ if val != magic:
43
+ raise RuntimeError("Response return value failed")
44
+ quit(1)
45
+ quit(0)
46
+ else:
47
+ notify = f.receive_notify()
48
+ if notify.syscall != resolve_syscall(Arch(), "getuid"):
49
+ raise RuntimeError("Notification failed")
50
+ f.respond_notify(NotificationResponse(notify, magic, 0, 0))
51
+ wpid, rc = os.waitpid(pid, 0)
52
+ if os.WIFEXITED(rc) == 0:
53
+ raise RuntimeError("Child process error")
54
+ if os.WEXITSTATUS(rc) != 0:
55
+ raise RuntimeError("Child process error")
56
+ quit(160)
57
+
58
+ test()
59
+
60
+ # kate: syntax python;
61
+ # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests ADDED
@@ -0,0 +1,11 @@
1
+ #
2
+ # libseccomp regression test automation data
3
+ #
4
+ # Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
5
+ # Author: Paul Moore <paul@paul-moore.com>
6
+ #
7
+
8
+ test type: live
9
+
10
+ # Testname API Result
11
+ 58-live-tsync_notify 6 ALLOW
data/ext/enterprise_script_service/libseccomp/tests/Makefile.am CHANGED
@@ -57,7 +57,7 @@ check_PROGRAMS = \
57
57
  15-basic-resolver \
58
58
  16-sim-arch_basic \
59
59
  17-sim-arch_merge \
60
- 18-sim-basic_whitelist \
60
+ 18-sim-basic_allowlist \
61
61
  19-sim-missing_syscalls \
62
62
  20-live-basic_die \
63
63
  21-live-basic_allow \
@@ -73,7 +73,7 @@ check_PROGRAMS = \
73
73
  31-basic-version_check \
74
74
  32-live-tsync_allow \
75
75
  33-sim-socket_syscalls_be \
76
- 34-sim-basic_blacklist \
76
+ 34-sim-basic_denylist \
77
77
  35-sim-negative_one \
78
78
  36-sim-ipc_syscalls \
79
79
  37-sim-ipc_syscalls_be \
@@ -90,7 +90,14 @@ check_PROGRAMS = \
90
90
  48-sim-32b_args \
91
91
  49-sim-64b_comparisons \
92
92
  50-sim-hash_collision \
93
- 52-basic-load
93
+ 51-live-user_notification \
94
+ 52-basic-load \
95
+ 53-sim-binary_tree \
96
+ 54-live-binary_tree \
97
+ 55-basic-pfc_binary_tree \
98
+ 56-basic-iterate_syscalls \
99
+ 57-basic-rawsysrc \
100
+ 58-live-tsync_notify
94
101
 
95
102
  EXTRA_DIST_TESTPYTHON = \
96
103
  util.py \
@@ -111,7 +118,7 @@ EXTRA_DIST_TESTPYTHON = \
111
118
  15-basic-resolver.py \
112
119
  16-sim-arch_basic.py \
113
120
  17-sim-arch_merge.py \
114
- 18-sim-basic_whitelist.py \
121
+ 18-sim-basic_allowlist.py \
115
122
  19-sim-missing_syscalls.py \
116
123
  20-live-basic_die.py \
117
124
  21-live-basic_allow.py \
@@ -127,7 +134,7 @@ EXTRA_DIST_TESTPYTHON = \
127
134
  31-basic-version_check.py \
128
135
  32-live-tsync_allow.py \
129
136
  33-sim-socket_syscalls_be.py \
130
- 34-sim-basic_blacklist.py \
137
+ 34-sim-basic_denylist.py \
131
138
  35-sim-negative_one.py \
132
139
  36-sim-ipc_syscalls.py \
133
140
  37-sim-ipc_syscalls_be.py \
@@ -143,7 +150,13 @@ EXTRA_DIST_TESTPYTHON = \
143
150
  48-sim-32b_args.py \
144
151
  49-sim-64b_comparisons.py \
145
152
  50-sim-hash_collision.py \
146
- 52-basic-load.py
153
+ 51-live-user_notification.py \
154
+ 52-basic-load.py \
155
+ 53-sim-binary_tree.py \
156
+ 54-live-binary_tree.py \
157
+ 56-basic-iterate_syscalls.py \
158
+ 57-basic-rawsysrc.py \
159
+ 58-live-tsync_notify.py
147
160
 
148
161
  EXTRA_DIST_TESTCFGS = \
149
162
  01-sim-allow.tests \
@@ -163,7 +176,7 @@ EXTRA_DIST_TESTCFGS = \
163
176
  15-basic-resolver.tests \
164
177
  16-sim-arch_basic.tests \
165
178
  17-sim-arch_merge.tests \
166
- 18-sim-basic_whitelist.tests \
179
+ 18-sim-basic_allowlist.tests \
167
180
  19-sim-missing_syscalls.tests \
168
181
  20-live-basic_die.tests \
169
182
  21-live-basic_allow.tests \
@@ -179,7 +192,7 @@ EXTRA_DIST_TESTCFGS = \
179
192
  31-basic-version_check.tests \
180
193
  32-live-tsync_allow.tests \
181
194
  33-sim-socket_syscalls_be.tests \
182
- 34-sim-basic_blacklist.tests \
195
+ 34-sim-basic_denylist.tests \
183
196
  35-sim-negative_one.tests \
184
197
  36-sim-ipc_syscalls.tests \
185
198
  37-sim-ipc_syscalls_be.tests \
@@ -196,10 +209,18 @@ EXTRA_DIST_TESTCFGS = \
196
209
  48-sim-32b_args.tests \
197
210
  49-sim-64b_comparisons.tests \
198
211
  50-sim-hash_collision.tests \
199
- 52-basic-load.tests
212
+ 51-live-user_notification.tests \
213
+ 52-basic-load.tests \
214
+ 53-sim-binary_tree.tests \
215
+ 54-live-binary_tree.tests \
216
+ 55-basic-pfc_binary_tree.tests \
217
+ 56-basic-iterate_syscalls.tests \
218
+ 57-basic-rawsysrc.tests \
219
+ 58-live-tsync_notify.tests
200
220
 
201
221
  EXTRA_DIST_TESTSCRIPTS = \
202
- 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc
222
+ 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \
223
+ 55-basic-pfc_binary_tree.sh 55-basic-pfc_binary_tree.pfc
203
224
 
204
225
  EXTRA_DIST_TESTTOOLS = regression testdiff testgen
205
226
 
data/ext/enterprise_script_service/libseccomp/tests/regression CHANGED
@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
25
25
  x86 x86_64 x32 \
26
26
  arm aarch64 \
27
27
  mipsel mipsel64 mipsel64n32 \
28
- ppc64le"
28
+ ppc64le \
29
+ riscv64"
29
30
  GLBL_ARCH_BE_SUPPORT=" \
30
31
  mips mips64 mips64n32 \
31
32
  parisc parisc64 \
@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
46
47
  mips64 \
47
48
  parisc64 \
48
49
  ppc64 \
50
+ riscv64 \
49
51
  s390x"
50
52
 
51
53
  GLBL_SYS_ARCH="../tools/scmp_arch_detect"
@@ -270,7 +272,8 @@ function generate_random_data() {
270
272
  else
271
273
  rcount=$[ ($RANDOM % 8) + 1 ]
272
274
  fi
273
- rdata=$(echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c"$rcount"))
275
+ rdata=$(dd if=/dev/urandom bs=64 count=1 status=none | \
276
+ md5sum | awk '{ print $1 }' | head -c"$rcount")
274
277
  echo "$rdata"
275
278
  }
276
279
 
@@ -777,7 +780,7 @@ function run_test_live() {
777
780
 
778
781
  # setup the arch specific return values
779
782
  case "$arch" in
780
- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
783
+ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
781
784
  rc_kill_process=159
782
785
  rc_kill=159
783
786
  rc_allow=160
data/ext/enterprise_script_service/libseccomp/tests/util.c CHANGED
@@ -200,14 +200,14 @@ int util_file_write(const char *path)
200
200
 
201
201
  fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
202
202
  if (fd < 0)
203
- return errno;
203
+ return -errno;
204
204
  if (write(fd, buf, buf_len) < buf_len) {
205
- int rc = errno;
205
+ int rc = -errno;
206
206
  close(fd);
207
207
  return rc;
208
208
  }
209
209
  if (close(fd) < 0)
210
- return errno;
210
+ return -errno;
211
211
 
212
212
  return 0;
213
213
  }
data/ext/enterprise_script_service/libseccomp/tools/check-syntax CHANGED
@@ -26,7 +26,7 @@ CHK_C_LIST="include/seccomp.h.in \
26
26
  src/*.c src/*.h \
27
27
  tests/*.c tests/*.h \
28
28
  tools/*.c tools/*.h"
29
- CHK_C_EXCLUDE=""
29
+ CHK_C_EXCLUDE="src/syscalls.perf.c"
30
30
 
31
31
  ####
32
32
  # functions
data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c CHANGED
@@ -120,6 +120,9 @@ int main(int argc, char *argv[])
120
120
  case SCMP_ARCH_S390X:
121
121
  printf("s390x\n");
122
122
  break;
123
+ case SCMP_ARCH_RISCV64:
124
+ printf("riscv64\n");
125
+ break;
123
126
  default:
124
127
  printf("unknown\n");
125
128
  }
data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c CHANGED
@@ -288,7 +288,7 @@ static void bpf_decode_args(const bpf_instr_raw *bpf, unsigned int line)
288
288
  * @param file the BPF program
289
289
  *
290
290
  * Read the BPF program and display the instructions. Returns zero on success,
291
- * negative values on failure.
291
+ * non-zero values on failure.
292
292
  *
293
293
  */
294
294
  static int bpf_decode(FILE *file)
@@ -424,7 +424,7 @@ static void bpf_dot_decode_args(const bpf_instr_raw *bpf, unsigned int line)
424
424
  * @param file the BPF program
425
425
  *
426
426
  * Read the BPF program and display the instructions. Returns zero on success,
427
- * negative values on failure.
427
+ * non-zero values on failure.
428
428
  *
429
429
  */
430
430
  static int bpf_dot_decode(FILE *file)
@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
508
508
  arch = AUDIT_ARCH_S390;
509
509
  else if (strcmp(optarg, "s390x") == 0)
510
510
  arch = AUDIT_ARCH_S390X;
511
+ else if (strcmp(optarg, "riscv64") == 0)
512
+ arch = AUDIT_ARCH_RISCV64;
511
513
  else
512
514
  exit_usage(argv[0]);
513
515
  break;
data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c CHANGED
@@ -285,6 +285,8 @@ int main(int argc, char *argv[])
285
285
  arch = AUDIT_ARCH_S390;
286
286
  else if (strcmp(optarg, "s390x") == 0)
287
287
  arch = AUDIT_ARCH_S390X;
288
+ else if (strcmp(optarg, "riscv64") == 0)
289
+ arch = AUDIT_ARCH_RISCV64;
288
290
  else
289
291
  exit_fault(EINVAL);
290
292
  break;
data/ext/enterprise_script_service/libseccomp/tools/util.c CHANGED
@@ -78,6 +78,8 @@
78
78
  #define ARCH_NATIVE AUDIT_ARCH_S390X
79
79
  #elif __s390__
80
80
  #define ARCH_NATIVE AUDIT_ARCH_S390
81
+ #elif __riscv && __riscv_xlen == 64
82
+ #define ARCH_NATIVE AUDIT_ARCH_RISCV64
81
83
  #else
82
84
  #error the simulator code needs to know about your machine type
83
85
  #endif
@@ -87,15 +89,15 @@ uint32_t arch = ARCH_NATIVE;
87
89
 
88
90
  /**
89
91
  * Convert a 16-bit target integer into the host's endianess
90
- * @param arch the architecture token
92
+ * @param arch_token the architecture token
91
93
  * @param val the 16-bit integer
92
94
  *
93
95
  * Convert the endianess of the supplied value and return it to the caller.
94
96
  *
95
97
  */
96
- uint16_t ttoh16(uint32_t arch, uint16_t val)
98
+ uint16_t ttoh16(uint32_t arch_token, uint16_t val)
97
99
  {
98
- if (arch & __AUDIT_ARCH_LE)
100
+ if (arch_token & __AUDIT_ARCH_LE)
99
101
  return le16toh(val);
100
102
  else
101
103
  return be16toh(val);
@@ -103,15 +105,15 @@ uint16_t ttoh16(uint32_t arch, uint16_t val)
103
105
 
104
106
  /**
105
107
  * Convert a 32-bit target integer into the host's endianess
106
- * @param arch the architecture token
108
+ * @param arch_token the architecture token
107
109
  * @param val the 32-bit integer
108
110
  *
109
111
  * Convert the endianess of the supplied value and return it to the caller.
110
112
  *
111
113
  */
112
- uint32_t ttoh32(uint32_t arch, uint32_t val)
114
+ uint32_t ttoh32(uint32_t arch_token, uint32_t val)
113
115
  {
114
- if (arch & __AUDIT_ARCH_LE)
116
+ if (arch_token & __AUDIT_ARCH_LE)
115
117
  return le32toh(val);
116
118
  else
117
119
  return be32toh(val);
@@ -119,15 +121,15 @@ uint32_t ttoh32(uint32_t arch, uint32_t val)
119
121
 
120
122
  /**
121
123
  * Convert a 32-bit host integer into the target's endianess
122
- * @param arch the architecture token
124
+ * @param arch_token the architecture token
123
125
  * @param val the 32-bit integer
124
126
  *
125
127
  * Convert the endianess of the supplied value and return it to the caller.
126
128
  *
127
129
  */
128
- uint32_t htot32(uint32_t arch, uint32_t val)
130
+ uint32_t htot32(uint32_t arch_token, uint32_t val)
129
131
  {
130
- if (arch & __AUDIT_ARCH_LE)
132
+ if (arch_token & __AUDIT_ARCH_LE)
131
133
  return htole32(val);
132
134
  else
133
135
  return htobe32(val);
@@ -135,15 +137,15 @@ uint32_t htot32(uint32_t arch, uint32_t val)
135
137
 
136
138
  /**
137
139
  * Convert a 64-bit host integer into the target's endianess
138
- * @param arch the architecture token
140
+ * @param arch_token the architecture token
139
141
  * @param val the 64-bit integer
140
142
  *
141
143
  * Convert the endianess of the supplied value and return it to the caller.
142
144
  *
143
145
  */
144
- uint64_t htot64(uint32_t arch, uint64_t val)
146
+ uint64_t htot64(uint32_t arch_token, uint64_t val)
145
147
  {
146
- if (arch & __AUDIT_ARCH_LE)
148
+ if (arch_token & __AUDIT_ARCH_LE)
147
149
  return htole64(val);
148
150
  else
149
151
  return htobe64(val);
data/ext/enterprise_script_service/libseccomp/tools/util.h CHANGED
@@ -72,6 +72,13 @@
72
72
  #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
73
73
  #endif
74
74
 
75
+ #ifndef AUDIT_ARCH_RISCV64
76
+ #ifndef EM_RISCV
77
+ #define EM_RISCV 243
78
+ #endif /* EM_RISCV */
79
+ #define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
80
+ #endif /* AUDIT_ARCH_RISCV64 */
81
+
75
82
  extern uint32_t arch;
76
83
 
77
84
  uint16_t ttoh16(uint32_t arch, uint16_t val);
data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml ADDED
@@ -0,0 +1,51 @@
1
+ name: "Code scanning - action"
2
+
3
+ on:
4
+ push:
5
+ pull_request:
6
+ schedule:
7
+ - cron: '0 19 * * 4'
8
+
9
+ jobs:
10
+ CodeQL-Build:
11
+
12
+ runs-on: ubuntu-latest
13
+
14
+ steps:
15
+ - name: Checkout repository
16
+ uses: actions/checkout@v2
17
+ with:
18
+ # We must fetch at least the immediate parents so that if this is
19
+ # a pull request then we can checkout the head.
20
+ fetch-depth: 2
21
+
22
+ # If this run was triggered by a pull request event, then checkout
23
+ # the head of the pull request instead of the merge commit.
24
+ - run: git checkout HEAD^2
25
+ if: ${{ github.event_name == 'pull_request' }}
26
+
27
+ # Initializes the CodeQL tools for scanning.
28
+ - name: Initialize CodeQL
29
+ uses: github/codeql-action/init@v1
30
+ # Override language selection by uncommenting this and choosing your languages
31
+ # with:
32
+ # languages: go, javascript, csharp, python, cpp, java
33
+
34
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
35
+ # If this step fails, then you should remove it and run the build manually (see below)
36
+ - name: Autobuild
37
+ uses: github/codeql-action/autobuild@v1
38
+
39
+ # ℹ️ Command-line programs to run using the OS shell.
40
+ # 📚 https://git.io/JvXDl
41
+
42
+ # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
43
+ # and modify them (or add more) to build your code if your project
44
+ # uses a compiled language
45
+
46
+ #- run: |
47
+ # make bootstrap
48
+ # make release
49
+
50
+ - name: Perform CodeQL Analysis
51
+ uses: github/codeql-action/analyze@v1
data/ext/enterprise_script_service/mruby/Doxyfile CHANGED
@@ -6,7 +6,7 @@
6
6
 
7
7
  DOXYFILE_ENCODING = UTF-8
8
8
  PROJECT_NAME = "mruby"
9
- PROJECT_NUMBER = 2.1.1
9
+ PROJECT_NUMBER = 2.1.2
10
10
 
11
11
  PROJECT_BRIEF = "mruby is the lightweight implementation of the Ruby language"
12
12