Branch: refs/heads/release-2.3
Home: https://github.com/seccomp/libseccomp
Commit: 10dd41eac56d08a27afe355e51675050feb13e18
https://github.com/seccomp/libseccomp/commit/10dd41eac56d08a27afe355e51675050feb13e18
Author: Paul Moore <[email protected]>
Date: 2017-02-23 (Thu, 23 Feb 2017)
Changed paths:
M doc/man/man3/seccomp_attr_set.3
M doc/man/man3/seccomp_rule_add.3
M include/seccomp.h.in
M src/api.c
M src/arch.c
M src/db.c
M src/db.h
M src/python/libseccomp.pxd
M src/python/seccomp.pyx
Log Message:
-----------
all: treat syscall -1 as a valid syscall
Process tracers use a -1 syscall value to indicate that a syscall
should be skipped. This turns out to be quite an undertaking as
we need to workaround __NR_SCMP_ERROR (which also has a value of
-1). Pay special attention to the new attribute,
SCMP_FLTATR_API_TSKIP, and the documentation additions.
More information in the GitHub issue:
* https://github.com/seccomp/libseccomp/issues/80
Signed-off-by: Paul Moore <[email protected]>
(imported from commit dc879990774b5fe0b5d3362ae592e8a5bb615fbb)
Commit: 882e772fe8a8eaab1c562b7557e8828e5f5f0b4e
https://github.com/seccomp/libseccomp/commit/882e772fe8a8eaab1c562b7557e8828e5f5f0b4e
Author: Paul Moore <[email protected]>
Date: 2017-02-23 (Thu, 23 Feb 2017)
Changed paths:
M tests/.gitignore
A tests/35-sim-negative_one.c
A tests/35-sim-negative_one.py
A tests/35-sim-negative_one.tests
M tests/Makefile.am
M tests/miniseq.c
M tests/regression
Log Message:
-----------
all: add tests to ensure that syscall -1 is handled correctly
Signed-off-by: Paul Moore <[email protected]>
(imported from commit 11e21098e0c3b5481fb0f6e6bdbb266bdd0fc24c)
Commit: 0006b53a6d4163df86739efd712d62deb1e9c0ef
https://github.com/seccomp/libseccomp/commit/0006b53a6d4163df86739efd712d62deb1e9c0ef
Author: Paul Moore <[email protected]>
Date: 2017-02-23 (Thu, 23 Feb 2017)
Changed paths:
M src/gen_bpf.c
Log Message:
-----------
bpf: don't catch the -1 syscall in the x32/x86_64 check
The -1 syscall can be used by a tracing process to skip a syscall,
which up until Linux v4.8 was of no concern for libseccomp since the
seccomp filter was only executed at the start of the syscall and not
after the tracing process was notified, however recent kernels also
execute the seccomp filter after the tracing process finishes its
syscall handling; this caused problems on x86_64 systems that didn't
explicitly add an x32 architecture to their filters.
This patch fixes the x32 check to treat the -1 syscall like any other
syscall.
Signed-off-by: Paul Moore <[email protected]>
(imported from commit ba73ee4f56e8ada7309345cbe08ebf358d60f7e7)
Compare:
https://github.com/seccomp/libseccomp/compare/50ed5c1e6eeb...0006b53a6d41
--
You received this message because you are subscribed to the Google Groups
"libseccomp" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/d/optout.
