script_core 0.2.6 → 0.2.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (191) hide show
  1. checksums.yaml +4 -4
  2. data/ext/enterprise_script_service/libseccomp/.travis.yml +21 -7
  3. data/ext/enterprise_script_service/libseccomp/CHANGELOG +22 -0
  4. data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
  5. data/ext/enterprise_script_service/libseccomp/CREDITS +8 -0
  6. data/ext/enterprise_script_service/libseccomp/README.md +3 -1
  7. data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
  8. data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
  9. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
  10. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
  11. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
  12. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
  13. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
  14. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
  15. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
  16. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
  17. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
  18. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
  19. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
  20. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
  21. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
  22. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
  23. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
  24. data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +12 -0
  25. data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
  26. data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
  27. data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
  28. data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
  29. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
  30. data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
  31. data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
  32. data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
  33. data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
  34. data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
  35. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
  36. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
  37. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
  38. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
  39. data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
  40. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
  41. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
  42. data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
  43. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
  44. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
  45. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
  46. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
  47. data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
  48. data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
  49. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
  50. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
  51. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
  52. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
  53. data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
  54. data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
  55. data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
  56. data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
  57. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
  58. data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
  59. data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
  60. data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
  61. data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
  62. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
  63. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
  64. data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
  65. data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
  66. data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
  67. data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
  68. data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
  69. data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
  70. data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
  71. data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
  72. data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
  73. data/ext/enterprise_script_service/libseccomp/tests/.gitignore +9 -2
  74. data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
  75. data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
  76. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
  77. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
  78. data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +1 -0
  79. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
  80. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
  81. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
  82. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
  83. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
  84. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
  85. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
  86. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
  87. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
  88. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
  89. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
  90. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
  91. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
  92. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
  93. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
  94. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
  95. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
  96. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
  97. data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
  98. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
  99. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
  100. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
  101. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
  102. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
  103. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
  104. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
  105. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
  106. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
  107. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
  108. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
  109. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
  110. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
  111. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
  112. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
  113. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
  114. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
  115. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
  116. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
  117. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
  118. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
  119. data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +31 -10
  120. data/ext/enterprise_script_service/libseccomp/tests/regression +6 -3
  121. data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
  122. data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
  123. data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
  124. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
  125. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +2 -0
  126. data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
  127. data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
  128. data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
  129. data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
  130. data/ext/enterprise_script_service/mruby/README.md +1 -1
  131. data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
  132. data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
  133. data/ext/enterprise_script_service/mruby/include/mruby.h +13 -0
  134. data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -1
  135. data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
  136. data/ext/enterprise_script_service/mruby/include/mruby/value.h +25 -29
  137. data/ext/enterprise_script_service/mruby/include/mruby/version.h +3 -3
  138. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
  139. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +2 -2
  140. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +17 -10
  141. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
  142. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
  143. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +1 -1
  144. data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
  145. data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
  146. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +1 -2
  147. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +9 -26
  148. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +1 -2
  149. data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
  150. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +3 -4
  151. data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
  152. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +1 -2
  153. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
  154. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
  155. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +3 -3
  156. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +1 -2
  157. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
  158. data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +5 -10
  159. data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
  160. data/ext/enterprise_script_service/mruby/src/array.c +14 -11
  161. data/ext/enterprise_script_service/mruby/src/class.c +22 -21
  162. data/ext/enterprise_script_service/mruby/src/error.c +1 -2
  163. data/ext/enterprise_script_service/mruby/src/etc.c +0 -1
  164. data/ext/enterprise_script_service/mruby/src/gc.c +5 -5
  165. data/ext/enterprise_script_service/mruby/src/hash.c +8 -15
  166. data/ext/enterprise_script_service/mruby/src/kernel.c +4 -7
  167. data/ext/enterprise_script_service/mruby/src/numeric.c +28 -60
  168. data/ext/enterprise_script_service/mruby/src/object.c +11 -1
  169. data/ext/enterprise_script_service/mruby/src/proc.c +7 -8
  170. data/ext/enterprise_script_service/mruby/src/range.c +4 -12
  171. data/ext/enterprise_script_service/mruby/src/string.c +24 -21
  172. data/ext/enterprise_script_service/mruby/src/symbol.c +1 -2
  173. data/ext/enterprise_script_service/mruby/src/vm.c +28 -24
  174. data/ext/enterprise_script_service/mruby/test/t/kernel.rb +7 -0
  175. data/lib/script_core/version.rb +1 -1
  176. metadata +45 -21
  177. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
  178. data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
  179. data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
  180. data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
  181. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
  182. data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
  183. data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
  184. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
  185. data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -642
  186. data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -642
  187. data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
  188. data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
  189. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
  190. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
  191. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
@@ -1,4 +1,4 @@
1
- .TH "seccomp_export_bpf" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_export_bpf" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -45,7 +45,25 @@ ordering, are not guaranteed to be the same in both the BPF and PFC formats.
45
45
  .\" //////////////////////////////////////////////////////////////////////////
46
46
  .SH RETURN VALUE
47
47
  .\" //////////////////////////////////////////////////////////////////////////
48
- Returns zero on success, negative errno values on failure.
48
+ Return zero on success or one of the following error codes on
49
+ failure:
50
+ .TP
51
+ .B -ECANCELED
52
+ There was a system failure beyond the control of the library.
53
+ .TP
54
+ .B -EFAULT
55
+ Internal libseccomp failure.
56
+ .TP
57
+ .B -EINVAL
58
+ Invalid input, either the context or architecture token is invalid.
59
+ .TP
60
+ .B -ENOMEM
61
+ The library was unable to allocate enough memory.
62
+ .P
63
+ If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
64
+ additional error codes may be returned to the caller; these additional error
65
+ codes are the negative \fIerrno\fP values returned by the system. Unfortunately
66
+ libseccomp can make no guarantees about these return values.
49
67
  .\" //////////////////////////////////////////////////////////////////////////
50
68
  .SH EXAMPLES
51
69
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_init" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_init" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -98,7 +98,14 @@ The
98
98
  .BR seccomp_init ()
99
99
  function returns a filter context on success, NULL on failure. The
100
100
  .BR seccomp_reset ()
101
- function returns zero on success, negative errno values on failure.
101
+ function returns zero on success or one of the following error codes on
102
+ failure:
103
+ .TP
104
+ .B -EINVAL
105
+ Invalid input, either the context or action is invalid.
106
+ .TP
107
+ .B -ENOMEM
108
+ The library was unable to allocate enough memory.
102
109
  .\" //////////////////////////////////////////////////////////////////////////
103
110
  .SH EXAMPLES
104
111
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_load" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_load" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -23,10 +23,40 @@ Loads the seccomp filter provided by
23
23
  .I ctx
24
24
  into the kernel; if the function
25
25
  succeeds the new seccomp filter will be active when the function returns.
26
+ .P
27
+ As it is possible to have multiple stacked seccomp filters for a given task
28
+ (defined as either a process or a thread), it is important to remember that
29
+ each of the filters loaded for a given task are executed when a syscall is
30
+ made and the "strictest" rule is the rule that is applied. In the case of
31
+ seccomp, "strictest" is defined as the action with the lowest value (e.g.
32
+ .I SCMP_ACT_KILL
33
+ is "stricter" than
34
+ .I SCMP_ACT_ALLOW
35
+ ).
26
36
  .\" //////////////////////////////////////////////////////////////////////////
27
37
  .SH RETURN VALUE
28
38
  .\" //////////////////////////////////////////////////////////////////////////
29
- Returns zero on success, negative errno values on failure.
39
+ Returns zero on success or one of the following error codes on failure:
40
+ .TP
41
+ .B -ECANCELED
42
+ There was a system failure beyond the control of the library.
43
+ .TP
44
+ .B -EFAULT
45
+ Internal libseccomp failure.
46
+ .TP
47
+ .B -EINVAL
48
+ Invalid input, either the context or architecture token is invalid.
49
+ .TP
50
+ .B -ENOMEM
51
+ The library was unable to allocate enough memory.
52
+ .TP
53
+ .B -ESRCH
54
+ Unable to load the filter due to thread issues.
55
+ .P
56
+ If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
57
+ additional error codes may be returned to the caller; these additional error
58
+ codes are the negative \fIerrno\fP values returned by the system. Unfortunately
59
+ libseccomp can make no guarantees about these return values.
30
60
  .\" //////////////////////////////////////////////////////////////////////////
31
61
  .SH EXAMPLES
32
62
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_merge" 3 "28 September 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_merge" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -41,7 +41,21 @@ attribute values and no overlapping architectures.
41
41
  .\" //////////////////////////////////////////////////////////////////////////
42
42
  .SH RETURN VALUE
43
43
  .\" //////////////////////////////////////////////////////////////////////////
44
- Returns zero on success and negative values on failure.
44
+ Returns zero on success or one of the following error codes on
45
+ failure:
46
+ .TP
47
+ .B -EDOM
48
+ Unable to merge the filters due to architecture issues, e.g. byte endian
49
+ mismatches.
50
+ .TP
51
+ .B -EEXIST
52
+ The architecture already exists in the filter.
53
+ .TP
54
+ .B -EINVAL
55
+ One of the filters is invalid.
56
+ .TP
57
+ .B -ENOMEM
58
+ The library was unable to allocate enough memory.
45
59
  .\" //////////////////////////////////////////////////////////////////////////
46
60
  .SH EXAMPLES
47
61
  .\" //////////////////////////////////////////////////////////////////////////
@@ -0,0 +1,113 @@
1
+ .TH "seccomp_notify_alloc" 3 "30 May 2020" "tycho@tycho.ws" "libseccomp Documentation"
2
+ .\" //////////////////////////////////////////////////////////////////////////
3
+ .SH NAME
4
+ .\" //////////////////////////////////////////////////////////////////////////
5
+ seccomp_notify_alloc, seccomp_notify_free, seccomp_notify_receive,
6
+ seccomp_notify_respond, seccomp_notify_id_valid, seccomp_notify_fd \- Manage seccomp notifications
7
+ .\" //////////////////////////////////////////////////////////////////////////
8
+ .SH SYNOPSIS
9
+ .\" //////////////////////////////////////////////////////////////////////////
10
+ .nf
11
+ .B #include <seccomp.h>
12
+ .sp
13
+ .BI "int seccomp_notify_alloc(struct seccomp_notif **" req ", struct seccomp_notif_resp **" resp ")"
14
+ .BI "void seccomp_notify_free(struct seccomp_notif *" req ", struct seccomp_notif_resp *" resp ")"
15
+ .BI "int seccomp_notify_receive(int " fd ", struct seccomp_notif *" req ")"
16
+ .BI "int seccomp_notify_respond(int " fd ", struct seccomp_notif_resp *" resp ")"
17
+ .BI "int seccomp_notify_id_valid(int " fd ", uint64_t " id ")"
18
+ .BI "int seccomp_notify_fd(const scmp_filter_ctx " ctx ")"
19
+ .sp
20
+ Link with \fI\-lseccomp\fP.
21
+ .fi
22
+ .\" //////////////////////////////////////////////////////////////////////////
23
+ .SH DESCRIPTION
24
+ .\" //////////////////////////////////////////////////////////////////////////
25
+ .P
26
+ The
27
+ .BR seccomp_notify_alloc ()
28
+ function dynamically allocates enough memory for a seccomp notification and
29
+ response. Note that one should always use these functions and not depend on the
30
+ structure sizes in headers, since the size can vary depending on the kernel
31
+ version. This function takes care to ask the kernel how big each structure
32
+ should be, and allocates the right amount of memory. The
33
+ .BR seccomp_notify_free ()
34
+ function frees memory allocated by
35
+ .BR seccomp_notify_alloc ().
36
+ .P
37
+ The
38
+ .BR seccomp_notify_receive ()
39
+ function receives a notification from a seccomp notify fd (obtained from
40
+ .BR seccomp_notify_fd ()).
41
+ .P
42
+ The
43
+ .BR seccomp_notify_respond ()
44
+ function sends a response to a particular notification. The id field should be
45
+ the same as the id from the request, so that the kernel knows which request
46
+ this response corresponds to.
47
+ .P
48
+ The
49
+ .BR seccomp_notify_id_valid ()
50
+ function checks to see if the syscall from a particular notification request is
51
+ still valid, i.e. if the task is still alive. See NOTES below for details on
52
+ race conditions.
53
+ .P
54
+ The
55
+ .BR seccomp_notify_fd ()
56
+ returns the notification fd of a filter after it has been loaded.
57
+ .\" //////////////////////////////////////////////////////////////////////////
58
+ .SH RETURN VALUE
59
+ .\" //////////////////////////////////////////////////////////////////////////
60
+ The
61
+ .BR seccomp_notify_fd ()
62
+ returns the notification fd of the loaded filter.
63
+ .P
64
+ The
65
+ .BR seccomp_notify_id_valid ()
66
+ returns 0 if the id is valid, and -ENOENT if it is not.
67
+ .P
68
+ The
69
+ .BR seccomp_notify_alloc (),
70
+ .BR seccomp_notify_receive (),
71
+ and
72
+ .BR seccomp_notify_respond ()
73
+ functions return zero on success, or one of the following error codes on
74
+ failure:
75
+ .TP
76
+ .B -ECANCELED
77
+ There was a system failure beyond the control of the library, check the
78
+ \fIerrno\fP value for more information.
79
+ .TP
80
+ .B -EFAULT
81
+ Internal libseccomp failure.
82
+ .TP
83
+ .B -ENOMEM
84
+ The library was unable to allocate enough memory.
85
+ .TP
86
+ .B -EOPNOTSUPP
87
+ The library doesn't support the particular operation.
88
+ .\" //////////////////////////////////////////////////////////////////////////
89
+ .SH NOTES
90
+ .\" //////////////////////////////////////////////////////////////////////////
91
+ .P
92
+ Care should be taken to avoid two different time of check/time of use errors.
93
+ First, after opening any resources relevant to the pid for a notification (e.g.
94
+ /proc/pid/mem for reading tracee memory to make policy decisions), applications
95
+ should call
96
+ .BR seccomp_notify_id_valid ()
97
+ to make sure that the resources the application has opened correspond to the
98
+ right pid, i.e. that the pid didn't die and a different task take its place.
99
+ .P
100
+ Second, the classic time of check/time of use issue with seccomp memory should
101
+ also be avoided: applications should copy any memory they wish to use to make
102
+ decisions from the tracee into its own address space before applying any policy
103
+ decisions, since a multi-threaded tracee may edit the memory at any time,
104
+ including after it's used to make a policy decision.
105
+ .P
106
+ A complete example of how to avoid these two races is available in the Linux
107
+ Kernel source tree at
108
+ .BR /samples/seccomp/user-trap.c.
109
+ .\" //////////////////////////////////////////////////////////////////////////
110
+ .SH AUTHOR
111
+ .\" //////////////////////////////////////////////////////////////////////////
112
+ Tycho Andersen <tycho@tycho.ws>
113
+ .\" //////////////////////////////////////////////////////////////////////////
@@ -0,0 +1 @@
1
+ .so man3/seccomp_notify_alloc.3
@@ -1,4 +1,4 @@
1
- .TH "seccomp_rule_add" 3 "17 February 2019" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_rule_add" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -87,6 +87,17 @@ do guarantee the same behavior regardless of the architecture.
87
87
  The newly added filter rule does not take effect until the entire filter is
88
88
  loaded into the kernel using
89
89
  .BR seccomp_load (3).
90
+ When adding rules to a filter, it is important to consider the impact of
91
+ previously loaded filters; see the
92
+ .BR seccomp_load (3)
93
+ documentation for more information.
94
+ .P
95
+ All of the filter rules supplied by the calling application are combined into
96
+ a union, with additional logic to eliminate redundant syscall filters. For
97
+ example, if a rule is added which allows a given syscall with a specific set of
98
+ argument values and later a rule is added which allows the same syscall
99
+ regardless the argument values then the first, more specific rule, is
100
+ effectively dropped from the filter by the second more generic rule.
90
101
  .P
91
102
  The
92
103
  .BR SCMP_CMP (),
@@ -120,6 +131,18 @@ macros and use the variants which are explicitly 32 or 64-bit. This should
120
131
  help eliminate problems caused by an unwanted sign extension of negative datum
121
132
  values.
122
133
  .P
134
+ If syscall argument comparisons are included in the filter rule, all of the
135
+ comparisons must be true for the rule to match.
136
+ .P
137
+ When adding syscall argument comparisons to the filter it is important to
138
+ remember that while it is possible to have multiple comparisons in a single
139
+ rule, you can only compare each argument once in a single rule. In other words,
140
+ you can not have multiple comparisons of the 3rd syscall argument in a single
141
+ rule.
142
+ .P
143
+ In a filter containing multiple architectures, it is an error to add a filter
144
+ rule for a syscall that does not exist in all of the filter's architectures.
145
+ .P
123
146
  While it is possible to specify the
124
147
  .I syscall
125
148
  value directly using the standard
@@ -127,7 +150,10 @@ value directly using the standard
127
150
  values, in order to ensure proper operation across multiple architectures it
128
151
  is highly recommended to use the
129
152
  .BR SCMP_SYS ()
130
- macro instead. See the EXAMPLES section below.
153
+ macro instead. See the EXAMPLES section below. It is also important to
154
+ remember that regardless of the architectures present in the filter, the
155
+ syscall numbers used in filter rules are interpreted in the context of the
156
+ native architecture.
131
157
  .P
132
158
  Starting with Linux v4.8, there may be a need to create a rule with a syscall
133
159
  value of -1 to allow tracing programs to skip a syscall invocation; in order
@@ -259,12 +285,47 @@ SCMP_CMP(
259
285
  .SH RETURN VALUE
260
286
  .\" //////////////////////////////////////////////////////////////////////////
261
287
  The
288
+ .BR SCMP_SYS ()
289
+ macro returns a value suitable for use as the
290
+ .I syscall
291
+ value in the
292
+ .BR seccomp_rule_add* ()
293
+ functions. In a similar manner, the
294
+ .BR SCMP_CMP ()
295
+ and
296
+ .BR SCMP_A* ()
297
+ macros return values suitable for use as argument comparisons in the
298
+ .BR seccomp_rule_add ()
299
+ and
300
+ .BR seccomp_rule_add_exact ()
301
+ functions.
302
+ .P
303
+ The
262
304
  .BR seccomp_rule_add (),
263
305
  .BR seccomp_rule_add_array (),
264
306
  .BR seccomp_rule_add_exact (),
265
307
  and
266
308
  .BR seccomp_rule_add_exact_array ()
267
- functions return zero on success, negative errno values on failure.
309
+ functions return zero on success or one of the following error codes on
310
+ failure:
311
+ .TP
312
+ .B -EDOM
313
+ Architecture specific failure.
314
+ .TP
315
+ .B -EEXIST
316
+ The rule already exists.
317
+ .TP
318
+ .B -EFAULT
319
+ Internal libseccomp failure.
320
+ .TP
321
+ .B -EINVAL
322
+ Invalid input, either the context or architecture token is invalid.
323
+ .TP
324
+ .B -ENOMEM
325
+ The library was unable to allocate enough memory.
326
+ .TP
327
+ .B -EOPNOTSUPP
328
+ The library doesn't support the particular operation.
268
329
  .\" //////////////////////////////////////////////////////////////////////////
269
330
  .SH EXAMPLES
270
331
  .\" //////////////////////////////////////////////////////////////////////////
@@ -1,4 +1,4 @@
1
- .TH "seccomp_syscall_priority" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
1
+ .TH "seccomp_syscall_priority" 3 "30 May 2020" "paul@paul-moore.com" "libseccomp Documentation"
2
2
  .\" //////////////////////////////////////////////////////////////////////////
3
3
  .SH NAME
4
4
  .\" //////////////////////////////////////////////////////////////////////////
@@ -53,13 +53,28 @@ is the value returned by the call to
53
53
  .SH RETURN VALUE
54
54
  .\" //////////////////////////////////////////////////////////////////////////
55
55
  The
56
- .BR seccomp_syscall_priority ()
57
- function returns zero on success, negative errno values on failure. The
58
56
  .BR SCMP_SYS ()
59
57
  macro returns a value suitable for use as the
60
58
  .I syscall
61
59
  value in
62
60
  .BR seccomp_syscall_priority ().
61
+ .P
62
+ The
63
+ .BR seccomp_syscall_priority ()
64
+ function returns zero on success or one of the following error codes on
65
+ failure:
66
+ .TP
67
+ .B -EDOM
68
+ Architecture specific failure.
69
+ .TP
70
+ .B -EFAULT
71
+ Internal libseccomp failure.
72
+ .TP
73
+ .B -EINVAL
74
+ Invalid input, either the context or architecture token is invalid.
75
+ .TP
76
+ .B -ENOMEM
77
+ The library was unable to allocate enough memory.
63
78
  .\" //////////////////////////////////////////////////////////////////////////
64
79
  .SH EXAMPLES
65
80
  .\" //////////////////////////////////////////////////////////////////////////
@@ -273,6 +273,8 @@
273
273
  #define __PNR_timerfd_settime64 -10239
274
274
  #define __PNR_utimensat_time64 -10240
275
275
  #define __PNR_ppoll -10241
276
+ #define __PNR_renameat -10242
277
+ #define __PNR_riscv_flush_icache -10243
276
278
 
277
279
  /*
278
280
  * libseccomp syscall definitions
@@ -1494,7 +1496,11 @@
1494
1496
  #define __SNR_rename __PNR_rename
1495
1497
  #endif
1496
1498
 
1499
+ #ifdef __NR_renameat
1497
1500
  #define __SNR_renameat __NR_renameat
1501
+ #else
1502
+ #define __SNR_renameat __PNR_renameat
1503
+ #endif
1498
1504
 
1499
1505
  #define __SNR_renameat2 __NR_renameat2
1500
1506
 
@@ -1502,6 +1508,12 @@
1502
1508
 
1503
1509
  #define __SNR_restart_syscall __NR_restart_syscall
1504
1510
 
1511
+ #ifdef __NR_riscv_flush_icache
1512
+ #define __SNR_riscv_flush_icache __NR_riscv_flush_icache
1513
+ #else
1514
+ #define __SNR_riscv_flush_icache __PNR_riscv_flush_icache
1515
+ #endif
1516
+
1505
1517
  #ifdef __NR_rmdir
1506
1518
  #define __SNR_rmdir __NR_rmdir
1507
1519
  #else
@@ -27,6 +27,8 @@
27
27
  #include <inttypes.h>
28
28
  #include <asm/unistd.h>
29
29
  #include <linux/audit.h>
30
+ #include <linux/types.h>
31
+ #include <linux/seccomp.h>
30
32
 
31
33
  #ifdef __cplusplus
32
34
  extern "C" {
@@ -66,6 +68,15 @@ enum scmp_filter_attr {
66
68
  SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */
67
69
  SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */
68
70
  SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */
71
+ SCMP_FLTATR_CTL_SSB = 7, /**< disable SSB mitigation */
72
+ SCMP_FLTATR_CTL_OPTIMIZE = 8, /**< filter optimization level:
73
+ * 0 - currently unused
74
+ * 1 - rules weighted by priority and
75
+ * complexity (DEFAULT)
76
+ * 2 - binary tree sorted by syscall
77
+ * number
78
+ */
79
+ SCMP_FLTATR_API_SYSRAWRC = 9, /**< return the system return codes */
69
80
  _SCMP_FLTATR_MAX,
70
81
  };
71
82
 
@@ -193,6 +204,18 @@ struct scmp_arg_cmp {
193
204
  #define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
194
205
  #define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
195
206
 
207
+ /**
208
+ * The RISC-V architecture tokens
209
+ */
210
+ /* RISC-V support for audit was merged in 5.0-rc1 */
211
+ #ifndef AUDIT_ARCH_RISCV64
212
+ #ifndef EM_RISCV
213
+ #define EM_RISCV 243
214
+ #endif /* EM_RISCV */
215
+ #define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
216
+ #endif /* AUDIT_ARCH_RISCV64 */
217
+ #define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
218
+
196
219
  /**
197
220
  * Convert a syscall name into the associated syscall number
198
221
  * @param x the syscall name
@@ -319,6 +342,10 @@ struct scmp_arg_cmp {
319
342
  * Throw a SIGSYS signal
320
343
  */
321
344
  #define SCMP_ACT_TRAP 0x00030000U
345
+ /**
346
+ * Notifies userspace
347
+ */
348
+ #define SCMP_ACT_NOTIFY 0x7fc00000U
322
349
  /**
323
350
  * Return the specified error code
324
351
  */
@@ -336,6 +363,25 @@ struct scmp_arg_cmp {
336
363
  */
337
364
  #define SCMP_ACT_ALLOW 0x7fff0000U
338
365
 
366
+ /* SECCOMP_RET_USER_NOTIF was added in kernel v5.0. */
367
+ #ifndef SECCOMP_RET_USER_NOTIF
368
+ #define SECCOMP_RET_USER_NOTIF 0x7fc00000U
369
+
370
+ struct seccomp_notif {
371
+ __u64 id;
372
+ __u32 pid;
373
+ __u32 flags;
374
+ struct seccomp_data data;
375
+ };
376
+
377
+ struct seccomp_notif_resp {
378
+ __u64 id;
379
+ __s64 val;
380
+ __s32 error;
381
+ __u32 flags;
382
+ };
383
+ #endif
384
+
339
385
  /*
340
386
  * functions
341
387
  */
@@ -368,6 +414,9 @@ const struct scmp_version *seccomp_version(void);
368
414
  * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
369
415
  * support for the SCMP_ACT_LOG action
370
416
  * support for the SCMP_ACT_KILL_PROCESS action
417
+ * 4 : support for the SCMP_FLTATR_CTL_SSB filter attrbute
418
+ * 5 : support for the SCMP_ACT_NOTIFY action and notify APIs
419
+ * 6 : support the simultaneous use of SCMP_FLTATR_CTL_TSYNC and notify APIs
371
420
  *
372
421
  */
373
422
  unsigned int seccomp_api_get(void);
@@ -672,6 +721,73 @@ int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
672
721
  unsigned int arg_cnt,
673
722
  const struct scmp_arg_cmp *arg_array);
674
723
 
724
+ /**
725
+ * Allocate a pair of notification request/response structures
726
+ * @param req the request location
727
+ * @param resp the response location
728
+ *
729
+ * This function allocates a pair of request/response structure by computing
730
+ * the correct sized based on the currently running kernel. It returns zero on
731
+ * success, and negative values on failure.
732
+ *
733
+ */
734
+ int seccomp_notify_alloc(struct seccomp_notif **req,
735
+ struct seccomp_notif_resp **resp);
736
+
737
+ /**
738
+ * Free a pair of notification request/response structures.
739
+ * @param req the request location
740
+ * @param resp the response location
741
+ */
742
+ void seccomp_notify_free(struct seccomp_notif *req,
743
+ struct seccomp_notif_resp *resp);
744
+
745
+ /**
746
+ * Receive a notification from a seccomp notification fd
747
+ * @param fd the notification fd
748
+ * @param req the request buffer to save into
749
+ *
750
+ * Blocks waiting for a notification on this fd. This function is thread safe
751
+ * (synchronization is performed in the kernel). Returns zero on success,
752
+ * negative values on error.
753
+ *
754
+ */
755
+ int seccomp_notify_receive(int fd, struct seccomp_notif *req);
756
+
757
+ /**
758
+ * Send a notification response to a seccomp notification fd
759
+ * @param fd the notification fd
760
+ * @param resp the response buffer to use
761
+ *
762
+ * Sends a notification response on this fd. This function is thread safe
763
+ * (synchronization is performed in the kernel). Returns zero on success,
764
+ * negative values on error.
765
+ *
766
+ */
767
+ int seccomp_notify_respond(int fd, struct seccomp_notif_resp *resp);
768
+
769
+ /**
770
+ * Check if a notification id is still valid
771
+ * @param fd the notification fd
772
+ * @param id the id to test
773
+ *
774
+ * Checks to see if a notification id is still valid. Returns 0 on success, and
775
+ * negative values on failure.
776
+ *
777
+ */
778
+ int seccomp_notify_id_valid(int fd, uint64_t id);
779
+
780
+ /**
781
+ * Return the notification fd from a filter that has already been loaded
782
+ * @param ctx the filter context
783
+ *
784
+ * This returns the listener fd that was generated when the seccomp policy was
785
+ * loaded. This is only valid after seccomp_load() with a filter that makes
786
+ * use of SCMP_ACT_NOTIFY.
787
+ *
788
+ */
789
+ int seccomp_notify_fd(const scmp_filter_ctx ctx);
790
+
675
791
  /**
676
792
  * Generate seccomp Pseudo Filter Code (PFC) and export it to a file
677
793
  * @param ctx the filter context