diff -Nru libseccomp-2.2.3/build-aux/config.guess libseccomp-2.3.1/build-aux/config.guess
--- libseccomp-2.2.3/build-aux/config.guess	2015-07-08 18:58:23.383287630 +0000
+++ libseccomp-2.3.1/build-aux/config.guess	2016-04-20 19:52:27.368295322 +0000
@@ -2,7 +2,7 @@
 # Attempt to guess a canonical system name.
 #   Copyright 1992-2015 Free Software Foundation, Inc.
 
-timestamp='2015-03-04'
+timestamp='2015-12-14'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -221,7 +221,7 @@
 		release='-gnu'
 		;;
 	    *)
-		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
 		;;
 	esac
 	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
@@ -249,6 +249,9 @@
     *:MirBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
 	exit ;;
+    *:Sortix:*:*)
+	echo ${UNAME_MACHINE}-unknown-sortix
+	exit ;;
     alpha:OSF1:*:*)
 	case $UNAME_RELEASE in
 	*4.0)
@@ -962,6 +965,9 @@
     ia64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
+    k1om:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
     m32r*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
@@ -1049,7 +1055,7 @@
 		X86_64_ABI=x32
 	    fi
 	fi
-	echo x86_64-unknown-linux-gnu${X86_64_ABI}
+	echo ${UNAME_MACHINE}-pc-linux-${LIBC}${X86_64_ABI}
 	exit ;;
     xtensa*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
@@ -1128,7 +1134,7 @@
 	# uname -m prints for DJGPP always 'pc', but it prints nothing about
 	# the processor, so we play safe by assuming i586.
 	# Note: whatever this is, it MUST be the same as what config.sub
-	# prints for the "djgpp" host, or else GDB configury will decide that
+	# prints for the "djgpp" host, or else GDB configure will decide that
 	# this is a cross-build.
 	echo i586-pc-msdosdjgpp
 	exit ;;
@@ -1398,6 +1404,9 @@
     x86_64:VMkernel:*:*)
 	echo ${UNAME_MACHINE}-unknown-esx
 	exit ;;
+    amd64:Isilon\ OneFS:*:*)
+	echo x86_64-unknown-onefs
+	exit ;;
 esac
 
 cat >&2 <<EOF
diff -Nru libseccomp-2.2.3/build-aux/config.sub libseccomp-2.3.1/build-aux/config.sub
--- libseccomp-2.2.3/build-aux/config.sub	2015-07-08 18:58:23.390287629 +0000
+++ libseccomp-2.3.1/build-aux/config.sub	2016-04-20 19:52:27.371295321 +0000
@@ -2,7 +2,7 @@
 # Configuration validation subroutine script.
 #   Copyright 1992-2015 Free Software Foundation, Inc.
 
-timestamp='2015-03-08'
+timestamp='2015-12-14'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -53,8 +53,7 @@
 me=`echo "$0" | sed -e 's,.*/,,'`
 
 usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
-       $0 [OPTION] ALIAS
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
 
 Canonicalize a configuration name.
 
@@ -255,6 +254,7 @@
 	| arc | arceb \
 	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
 	| avr | avr32 \
+	| ba \
 	| be32 | be64 \
 	| bfin \
 	| c4x | c8051 | clipper \
@@ -305,7 +305,7 @@
 	| riscv32 | riscv64 \
 	| rl78 | rx \
 	| score \
-	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
 	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
 	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@@ -376,6 +376,7 @@
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
 	| avr-* | avr32-* \
+	| ba-* \
 	| be32-* | be64-* \
 	| bfin-* | bs2000-* \
 	| c[123]* | c30-* | [cjt]90-* | c4x-* \
@@ -428,12 +429,13 @@
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
 	| pyramid-* \
+	| riscv32-* | riscv64-* \
 	| rl78-* | romp-* | rs6000-* | rx-* \
 	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
 	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
 	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
 	| tahoe-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
 	| tile*-* \
@@ -518,7 +520,7 @@
 		basic_machine=i386-pc
 		os=-aros
 		;;
-        asmjs)
+	asmjs)
 		basic_machine=asmjs-unknown
 		;;
 	aux)
@@ -1394,7 +1396,7 @@
 	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
 	      | -sym* | -kopensolaris* | -plan9* \
 	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* | -aros* | -cloudabi* \
+	      | -aos* | -aros* | -cloudabi* | -sortix* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
 	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
@@ -1414,7 +1416,8 @@
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
+	      | -onefs* | -tirtos*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
diff -Nru libseccomp-2.2.3/build-aux/ltmain.sh libseccomp-2.3.1/build-aux/ltmain.sh
--- libseccomp-2.2.3/build-aux/ltmain.sh	2015-07-08 18:58:20.275287863 +0000
+++ libseccomp-2.3.1/build-aux/ltmain.sh	2016-04-20 19:52:22.077295718 +0000
@@ -64,7 +64,7 @@
 # libraries, which are installed to $pkgauxdir.
 
 # Set a version string for this script.
-scriptversion=2015-01-20.17; # UTC
+scriptversion=2015-10-04.22; # UTC
 
 # General shell script boiler plate, and helper functions.
 # Written by Gary V. Vaughan, 2004
@@ -1091,6 +1091,57 @@
 }
 
 
+# func_quote ARG
+# --------------
+# Aesthetically quote one ARG, store the result into $func_quote_result.  Note
+# that we keep attention to performance here (so far O(N) complexity as long as
+# func_append is O(1)).
+func_quote ()
+{
+    $debug_cmd
+
+    func_quote_result=$1
+
+    case $func_quote_result in
+      *[\\\`\"\$]*)
+        case $func_quote_result in
+          *[\[\*\?]*)
+            func_quote_result=`$ECHO "$func_quote_result" | $SED "$sed_quote_subst"`
+            return 0
+            ;;
+        esac
+
+        func_quote_old_IFS=$IFS
+        for _G_char in '\' '`' '"' '$'
+        do
+          # STATE($1) PREV($2) SEPARATOR($3)
+          set start "" ""
+          func_quote_result=dummy"$_G_char$func_quote_result$_G_char"dummy
+          IFS=$_G_char
+          for _G_part in $func_quote_result
+          do
+            case $1 in
+            quote)
+              func_append func_quote_result "$3$2"
+              set quote "$_G_part" "\\$_G_char"
+              ;;
+            start)
+              set first "" ""
+              func_quote_result=
+              ;;
+            first)
+              set quote "$_G_part" ""
+              ;;
+            esac
+          done
+          IFS=$func_quote_old_IFS
+        done
+        ;;
+      *) ;;
+    esac
+}
+
+
 # func_quote_for_eval ARG...
 # --------------------------
 # Aesthetically quote ARGs to be evaled later.
@@ -1107,12 +1158,8 @@
     func_quote_for_eval_unquoted_result=
     func_quote_for_eval_result=
     while test 0 -lt $#; do
-      case $1 in
-        *[\\\`\"\$]*)
-	  _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
-        *)
-          _G_unquoted_arg=$1 ;;
-      esac
+      func_quote "$1"
+      _G_unquoted_arg=$func_quote_result
       if test -n "$func_quote_for_eval_unquoted_result"; then
 	func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
       else
@@ -5258,7 +5305,8 @@
   if test \"\$libtool_execute_magic\" != \"$magic\"; then
     file=\"\$0\""
 
-    qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
+    func_quote "$ECHO"
+    qECHO=$func_quote_result
     $ECHO "\
 
 # A function that is used when there is no print builtin or printf.
@@ -7272,12 +7320,14 @@
       # -tp=*                Portland pgcc target processor selection
       # --sysroot=*          for sysroot support
       # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
-      # -fuse-ld=*           Linker select flags for GCC
+      # -specs=*             GCC specs files
       # -stdlib=*            select c++ std lib with clang
+      # -fsanitize=*         Clang/GCC memory and address sanitizer
+      # -fuse-ld=*           Linker select flags for GCC
       -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
       -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
       -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-      -fuse-ld=*)
+      -specs=*|-fsanitize=*|-fuse-ld=*)
         func_quote_for_eval "$arg"
 	arg=$func_quote_for_eval_result
         func_append compile_command " $arg"
@@ -10508,8 +10558,8 @@
 	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
 	  fi
 	done
-	relink_command="(cd `pwd`; $relink_command)"
-	relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+	func_quote "(cd `pwd`; $relink_command)"
+	relink_command=$func_quote_result
       fi
 
       # Only actually do things if not in dry run mode.
@@ -10755,7 +10805,8 @@
       done
       # Quote the link command for shipping.
       relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
-      relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+      func_quote "$relink_command"
+      relink_command=$func_quote_result
       if test yes = "$hardcode_automatic"; then
 	relink_command=
       fi
diff -Nru libseccomp-2.2.3/CHANGELOG libseccomp-2.3.1/CHANGELOG
--- libseccomp-2.2.3/CHANGELOG	2015-07-08 19:13:39.445219070 +0000
+++ libseccomp-2.3.1/CHANGELOG	2016-04-20 20:07:54.036225968 +0000
@@ -2,6 +2,21 @@
 ===============================================================================
 https://github.com/seccomp/libseccomp
 
+* Version 2.3.1 - April 20, 2016
+- Fixed a problem with 32-bit x86 socket syscalls on some systems
+- Fixed problems with ipc syscalls on 32-bit x86
+- Fixed problems with socket and ipc syscalls on s390 and s390x
+
+* Version 2.3.0 - February 29, 2016
+- Added support for the s390 and s390x architectures
+- Added support for the ppc, ppc64, and ppc64le architectures
+- Update the internal syscall tables to match the Linux 4.5-rcX releases
+- Filter generation for both multiplexed and direct socket syscalls on x86
+- Support for the musl libc implementation
+- Additions to the API to enable runtime version checking of the library
+- Enable the use of seccomp() instead of prctl() on supported systems
+- Added additional tests to the regression test suite
+
 * Version 2.2.3 - July 8, 2015
 - Fix a problem with 'make check' on 32-bit ARM systems
 
diff -Nru libseccomp-2.2.3/configure libseccomp-2.3.1/configure
--- libseccomp-2.2.3/configure	2015-07-08 19:16:29.272206359 +0000
+++ libseccomp-2.3.1/configure	2016-04-20 20:11:09.226211359 +0000
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libseccomp 2.2.3.
+# Generated by GNU Autoconf 2.69 for libseccomp 2.3.1.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
 # Identity of this package.
 PACKAGE_NAME='libseccomp'
 PACKAGE_TARNAME='libseccomp'
-PACKAGE_VERSION='2.2.3'
-PACKAGE_STRING='libseccomp 2.2.3'
+PACKAGE_VERSION='2.3.1'
+PACKAGE_STRING='libseccomp 2.3.1'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1323,7 +1323,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libseccomp 2.2.3 to adapt to many kinds of systems.
+\`configure' configures libseccomp 2.3.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1393,7 +1393,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libseccomp 2.2.3:";;
+     short | recursive ) echo "Configuration of libseccomp 2.3.1:";;
    esac
   cat <<\_ACEOF
 
@@ -1504,7 +1504,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libseccomp configure 2.2.3
+libseccomp configure 2.3.1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1782,7 +1782,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libseccomp $as_me 2.2.3, which was
+It was created by libseccomp $as_me 2.3.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2652,7 +2652,7 @@
 
 # Define the identity of the package.
  PACKAGE='libseccomp'
- VERSION='2.2.3'
+ VERSION='2.3.1'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -12198,7 +12198,6 @@
 
 
 
-
 # Extract the first word of "cython", so it can be a program name with args.
 set dummy cython; ac_word=$2
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -12275,7 +12274,7 @@
 
 
 cat >>confdefs.h <<_ACEOF
-#define ENABLE_PYTHON $(test "$enable_python" == yes && echo 1 || echo 0)
+#define ENABLE_PYTHON $(test "$enable_python" = yes && echo 1 || echo 0)
 _ACEOF
 
 
@@ -12870,7 +12869,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libseccomp $as_me 2.2.3, which was
+This file was extended by libseccomp $as_me 2.3.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -12936,7 +12935,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libseccomp config.status 2.2.3
+libseccomp config.status 2.3.1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru libseccomp-2.2.3/configure.ac libseccomp-2.3.1/configure.ac
--- libseccomp-2.2.3/configure.ac	2015-07-08 19:16:23.415206798 +0000
+++ libseccomp-2.3.1/configure.ac	2016-04-20 20:08:22.393223845 +0000
@@ -19,7 +19,7 @@
 dnl ####
 dnl libseccomp defines
 dnl ####
-AC_INIT([libseccomp], [2.2.3])
+AC_INIT([libseccomp], [2.3.1])
 
 dnl ####
 dnl autoconf configuration
@@ -89,12 +89,6 @@
 AC_SUBST([VERSION_MICRO])
 
 dnl ####
-dnl function checks
-dnl ####
-dnl # NOTE: keep this disabled until we can test on a released 3.17 kernel
-dnl AC_CHECK_FUNCS(seccomp)
-
-dnl ####
 dnl cython checks
 dnl ####
 AC_CHECK_PROG(have_cython, cython, "yes", "no")
@@ -121,7 +115,7 @@
 ])
 AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes])
 AC_DEFINE_UNQUOTED([ENABLE_PYTHON],
-	[$(test "$enable_python" == yes && echo 1 || echo 0)],
+	[$(test "$enable_python" = yes && echo 1 || echo 0)],
 	[Python bindings build flag.])
 
 dnl ####
diff -Nru libseccomp-2.2.3/CREDITS libseccomp-2.3.1/CREDITS
--- libseccomp-2.2.3/CREDITS	2015-07-01 17:53:27.687893742 +0000
+++ libseccomp-2.3.1/CREDITS	2016-02-25 19:25:40.362271219 +0000
@@ -5,12 +5,16 @@
 Andrew Jones <drjones@redhat.com>
 Andy Lutomirski <luto@amacapital.net>
 Ashley Lai <adlai@us.ibm.com>
+Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Brian Cain <brian.cain@gmail.com>
 Colin Walters <walters@verbum.org>
 Corey Bryant <coreyb@linux.vnet.ibm.com>
 Eduardo Otubo <otubo@linux.vnet.ibm.com>
 Eric Paris <eparis@redhat.com>
+Heiko Carstens <heiko.carstens@de.ibm.com>
 Jake Edge <jake@lwn.net>
 Jan Engelhardt <jengelh@inai.de>
+Jan Willeke <willeke@linux.vnet.ibm.com>
 Joe MacDonald <joe@deserted.net>
 Kees Cook <keescook@chromium.org>
 Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
@@ -18,8 +22,9 @@
 Markos Chandras <markos.chandras@imgtec.com>
 Mathias Krause <minipli@googlemail.com>
 Michael Forney <mforney@mforney.org>
+Mike Frysinger <vapier@gentoo.org>
 Mike Strosaker <strosake@linux.vnet.ibm.com>
-Paul Moore <pmoore@redhat.com>
+Paul Moore <paul@paul-moore.com>
 Serge Hallyn <serge.hallyn@ubuntu.com>
 Thiago Marcos P. Santos <thiago.santos@intel.com>
 Vicente Olivert Riera <Vincent.Riera@imgtec.com>
diff -Nru libseccomp-2.2.3/debian/changelog libseccomp-2.3.1/debian/changelog
--- libseccomp-2.2.3/debian/changelog	2016-03-16 15:28:27.000000000 +0000
+++ libseccomp-2.3.1/debian/changelog	2016-06-10 17:15:52.000000000 +0000
@@ -1,3 +1,41 @@
+libseccomp (2.3.1-2ubuntu2) yakkety; urgency=medium
+
+  * Fix autopkgtest, seccomp resolution now returns negative syscall
+    numbers for multiplexed calls, thus direct access symbols roundtrip is
+    via negative numbers. E.g. 373 -> shutdown -> -113 -> shutdown.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 10 Jun 2016 18:14:04 +0100
+
+libseccomp (2.3.1-2ubuntu1) yakkety; urgency=medium
+
+  * Merge with Debian unstable LP: #1580558. Remaining Ubuntu changes:
+    - Add autopkgtests. (Closes: #788577)
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 08 Jun 2016 10:36:11 +0100
+
+libseccomp (2.3.1-2) unstable; urgency=medium
+
+  * Add hppa (parisc) support (Closes: #820501)
+
+ -- Luca Bruno <lucab@debian.org>  Sat, 28 May 2016 20:05:01 +0200
+
+libseccomp (2.3.1-1) unstable; urgency=medium
+
+  * New upstream release
+  * control: add Vcs-* fields
+
+ -- Luca Bruno <lucab@debian.org>  Tue, 05 Apr 2016 22:16:55 +0200
+
+libseccomp (2.3.0-1) unstable; urgency=medium
+
+  * New upstream release
+    + drop all patches, applied upstream
+  * libseccomp2: update symbols file
+  * control: add myself to uploaders
+  * control: bump policy version
+
+ -- Luca Bruno <lucab@debian.org>  Sun, 03 Apr 2016 00:31:09 +0200
+
 libseccomp (2.2.3-3ubuntu3) xenial; urgency=medium
 
   * Fix FTBFS.
diff -Nru libseccomp-2.2.3/debian/control libseccomp-2.3.1/debian/control
--- libseccomp-2.2.3/debian/control	2016-02-11 15:17:18.000000000 +0000
+++ libseccomp-2.3.1/debian/control	2016-06-08 09:36:52.000000000 +0000
@@ -3,9 +3,12 @@
 Priority: optional
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 XSBC-Original-Maintainer: Kees Cook <kees@debian.org>
+Uploaders: Luca Bruno <lucab@debian.org>
 Build-Depends: debhelper (>= 9), dh-autoreconf, linux-libc-dev
-Standards-Version: 3.9.6
+Standards-Version: 3.9.7
 Homepage: https://github.com/seccomp/libseccomp
+Vcs-Git: https://anonscm.debian.org/git/collab-maint/libseccomp.git
+Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/libseccomp.git
 
 Package: libseccomp-dev
 Section: libdevel
diff -Nru libseccomp-2.2.3/debian/gbp.conf libseccomp-2.3.1/debian/gbp.conf
--- libseccomp-2.2.3/debian/gbp.conf	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/debian/gbp.conf	2016-05-16 10:15:58.000000000 +0000
@@ -0,0 +1,9 @@
+[DEFAULT]
+upstream-tag = upstream/%(version)s
+debian-tag = debian/%(version)s
+pristine-tar = True
+upstream-branch = upstream
+debian-branch = debian/sid
+
+[buildpackage]
+submodules = True
diff -Nru libseccomp-2.2.3/debian/libseccomp2.symbols libseccomp-2.3.1/debian/libseccomp2.symbols
--- libseccomp-2.2.3/debian/libseccomp2.symbols	2015-05-17 16:20:55.000000000 +0000
+++ libseccomp-2.3.1/debian/libseccomp2.symbols	2016-05-16 10:15:58.000000000 +0000
@@ -22,3 +22,4 @@
  seccomp_syscall_resolve_num_arch@Base 2.1.0
  seccomp_arch_resolve_name@Base 2.2.1
  seccomp_syscall_resolve_name_rewrite@Base 2.2.1
+ seccomp_version@Base 2.3.0
diff -Nru libseccomp-2.2.3/debian/patches/28-parisc_support.patch libseccomp-2.3.1/debian/patches/28-parisc_support.patch
--- libseccomp-2.2.3/debian/patches/28-parisc_support.patch	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/28-parisc_support.patch	2016-05-28 17:57:08.000000000 +0000
@@ -0,0 +1,982 @@
+From c86e1f565537b28b73ebd63f0239b4a446925534 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Wed, 25 May 2016 16:53:39 +0200
+Subject: [PATCH] arch: Add parisc architecture support
+
+This patch (v4) adds support for the parisc and parisc64 architectures
+to libseccomp.
+
+I didn't split up the patch, because it's pretty trivial.
+Those parisc-specific files gets added:
+ src/arch-parisc-syscalls.c
+ src/arch-parisc.c
+ src/arch-parisc.h
+ src/arch-parisc64.c
+
+All other changes are trivial because they simply add parisc-specific
+case statements in variouse switch statements.
+
+I did ran a "make check" on x86-64 and parisc and all testcases succeeded.
+All live testcases succeed as well when running "./regression -T live".
+
+The patch applies cleanly to current libseccomp git head.
+
+Changes between v4 and v3 of this patch:
+- Added parisc arch to arch-syscall-check.c and fixup syscall table as
+  needed
+- Fixed copyright notices in parisc files as suggested by Mike Frysinger
+
+Changes between v3 and v2 of this patch:
+- Stripped out patch which reports if a check was skipped because
+  valgrind isn't installed.
+- Added tuxcall pseudo syscall for 19-sim-missing_syscalls testcase
+- Added sysmips pseudo syscall for 29-sim-pseudo_syscall testcase
+
+Changes between v2 and v1 of this patch:
+- Enabled seccomp mode 2 regression tests on parisc. Kernel support for
+  hppa was added in kernel 4.6-rc1 and backported into the kernel v4.5.2
+  stable series.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+[PM: corrected a number or errors from 'make check-syntax']
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ include/seccomp.h.in              |   6 +
+ src/Makefile.am                   |   2 +
+ src/arch-parisc-syscalls.c        | 499 ++++++++++++++++++++++++++++++++++++++
+ src/arch-parisc.c                 |  22 ++
+ src/arch-parisc.h                 |  38 +++
+ src/arch-parisc64.c               |  22 ++
+ src/arch-syscall-check.c          |  11 +
+ src/arch-syscall-dump.c           |   5 +
+ src/arch.c                        |  13 +
+ src/gen_pfc.c                     |   4 +
+ src/python/libseccomp.pxd         |   2 +
+ src/python/seccomp.pyx            |   8 +
+ tests/26-sim-arch_all_be_basic.c  |   6 +
+ tests/26-sim-arch_all_be_basic.py |   2 +
+ tests/regression                  |   3 +-
+ tools/scmp_arch_detect.c          |   6 +
+ tools/scmp_bpf_sim.c              |   4 +
+ tools/util.c                      |   4 +
+ 18 files changed, 656 insertions(+), 1 deletion(-)
+ create mode 100644 src/arch-parisc-syscalls.c
+ create mode 100644 src/arch-parisc.c
+ create mode 100644 src/arch-parisc.h
+ create mode 100644 src/arch-parisc64.c
+
+Index: libseccomp/include/seccomp.h.in
+===================================================================
+--- libseccomp.orig/include/seccomp.h.in	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/include/seccomp.h.in	2016-05-28 19:57:02.038592653 +0200
+@@ -185,6 +185,12 @@
+ #define SCMP_ARCH_S390X		AUDIT_ARCH_S390X
+ 
+ /**
++ * The PA-RISC hppa architecture tokens
++ */
++#define SCMP_ARCH_PARISC	AUDIT_ARCH_PARISC
++#define SCMP_ARCH_PARISC64	AUDIT_ARCH_PARISC64
++
++/**
+  * Convert a syscall name into the associated syscall number
+  * @param x the syscall name
+  */
+Index: libseccomp/src/Makefile.am
+===================================================================
+--- libseccomp.orig/src/Makefile.am	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/Makefile.am	2016-05-28 19:57:02.038592653 +0200
+@@ -35,6 +35,8 @@
+ 	arch-mips.h arch-mips.c arch-mips-syscalls.c \
+ 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
+ 	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
++	arch-parisc.h arch-parisc.c arch-parisc-syscalls.c \
++	arch-parisc64.h arch-parisc64.c \
+ 	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
+ 	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
+ 	arch-s390.h arch-s390.c arch-s390-syscalls.c \
+Index: libseccomp/src/arch-parisc-syscalls.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ libseccomp/src/arch-parisc-syscalls.c	2016-05-28 19:57:02.042592678 +0200
+@@ -0,0 +1,499 @@
++/*
++ * Copyright (c) 2016 Helge Deller <deller@gmx.de>
++ * Author: Helge Deller <deller@gmx.de>
++ */
++
++#include <string.h>
++
++#include <seccomp.h>
++
++#include "arch.h"
++#include "arch-parisc.h"
++
++/* NOTE: based on Linux 4.5-rc4 */
++const struct arch_syscall_def parisc_syscall_table[] = { \
++	{ "_llseek",	140 },
++	{ "_newselect",	142 },
++	{ "_sysctl",	149 },
++	{ "accept",	35 },
++	{ "accept4",	320 },
++	{ "access",	33 },
++	{ "acct",	51 },
++	{ "add_key",	264 },
++	{ "adjtimex",	124 },
++	{ "afs_syscall", 137 },
++	{ "alarm",	27 },
++	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
++	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
++	{ "arch_prctl", __PNR_arch_prctl },
++	{ "bdflush",	134 },
++	{ "bind",	22 },
++	{ "bpf",	341 },
++	{ "break",	__PNR_break },
++	{ "breakpoint", __PNR_breakpoint },
++	{ "brk",	45 },
++	{ "cachectl",	__PNR_cachectl },
++	{ "cacheflush",	__PNR_cacheflush },
++	{ "capget",	106 },
++	{ "capset",	107 },
++	{ "chdir",	12 },
++	{ "chmod",	15 },
++	{ "chown",	180 },
++	{ "chown32",	__PNR_chown32 },
++	{ "chroot",	61 },
++	{ "clock_adjtime",	324 },
++	{ "clock_getres",	257 },
++	{ "clock_gettime",	256 },
++	{ "clock_nanosleep",	258 },
++	{ "clock_settime",	255 },
++	{ "clone",	120 },
++	{ "close",	6 },
++	{ "connect",	31 },
++	{ "copy_file_range", 346 },
++	{ "creat",	8 },
++	{ "create_module",	127 },
++	{ "delete_module",	129 },
++	{ "dup",	41 },
++	{ "dup2",	63 },
++	{ "dup3",	312 },
++	{ "epoll_create",	224 },
++	{ "epoll_create1",	311 },
++	{ "epoll_ctl",	225 },
++	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
++	{ "epoll_pwait",	297 },
++	{ "epoll_wait",	226 },
++	{ "epoll_wait_old", __PNR_epoll_wait_old },
++	{ "eventfd",	304 },
++	{ "eventfd2",	310 },
++	{ "execve",	11 },
++	{ "execveat",	342 },
++	{ "exit",	1 },
++	{ "exit_group",	222 },
++	{ "faccessat",	287 },
++	{ "fadvise64",	__PNR_fadvise64 },
++	{ "fadvise64_64",	236 },
++	{ "fallocate",	305 },
++	{ "fanotify_init",	322 },
++	{ "fanotify_mark",	323 },
++	{ "fchdir",	133 },
++	{ "fchmod",	94 },
++	{ "fchmodat",	286 },
++	{ "fchown",	95 },
++	{ "fchown32",	__PNR_fchown32 },
++	{ "fchownat",	278 },
++	{ "fcntl",	55 },
++	{ "fcntl64",	202 },
++	{ "fdatasync",	148 },
++	{ "fgetxattr",	243 },
++	{ "finit_module",	333 },
++	{ "flistxattr",	246 },
++	{ "flock",	143 },
++	{ "fork",	2 },
++	{ "fremovexattr",	249 },
++	{ "fsetxattr",	240 },
++	{ "fstat",	28 },
++	{ "fstat64",	112 },
++	{ "fstatat64",	280 },
++	{ "fstatfs",	100 },
++	{ "fstatfs64",	299 },
++	{ "fsync",	118 },
++	{ "ftime",	__PNR_ftime },
++	{ "ftruncate",	93 },
++	{ "ftruncate64",	200 },
++	{ "futex",	210 },
++	{ "futimesat",	279 },
++	{ "get_kernel_syms",	130 },
++	{ "get_mempolicy",	261 },
++	{ "get_robust_list",	290 },
++	{ "get_thread_area",	214 },
++	{ "getcpu",	296 },
++	{ "getcwd",	110 },
++	{ "getdents",	141 },
++	{ "getdents64",	201 },
++	{ "getegid",	50 },
++	{ "getegid32", __PNR_getegid32 },
++	{ "geteuid",	49 },
++	{ "geteuid32", __PNR_geteuid32 },
++	{ "getgid",	47 },
++	{ "getgid32",	__PNR_getgid32 },
++	{ "getgroups",	80 },
++	{ "getgroups32", __PNR_getgroups32 },
++	{ "getitimer",	105 },
++	{ "getpeername",	53 },
++	{ "getpgid",	132 },
++	{ "getpgrp",	65 },
++	{ "getpid",	20 },
++	{ "getpmsg",	196 },
++	{ "getppid",	64 },
++	{ "getpriority",	96 },
++	{ "getrandom",	339 },
++	{ "getresgid",	171 },
++	{ "getresgid32", __PNR_getresgid32 },
++	{ "getresuid",	165 },
++	{ "getresuid32", __PNR_getresuid32 },
++	{ "getrlimit",	76 },
++	{ "getrusage",	77 },
++	{ "getsid",	147 },
++	{ "getsockname",	44 },
++	{ "getsockopt",	182 },
++	{ "gettid",	206 },
++	{ "gettimeofday",	78 },
++	{ "getuid",	24 },
++	{ "getuid32",	__PNR_getuid32 },
++	{ "getxattr",	241 },
++	{ "gtty",	__PNR_gtty },
++	{ "idle",	__PNR_idle },
++	{ "init_module",	128 },
++	{ "inotify_add_watch",	270 },
++	{ "inotify_init",	269 },
++	{ "inotify_init1",	314 },
++	{ "inotify_rm_watch",	271 },
++	{ "io_cancel",	219 },
++	{ "io_destroy",	216 },
++	{ "io_getevents",	217 },
++	{ "io_setup",	215 },
++	{ "io_submit",	218 },
++	{ "ioctl",	54 },
++	{ "ioperm",	__PNR_ioperm },
++	{ "iopl",	__PNR_iopl },
++	{ "ioprio_get",	268 },
++	{ "ioprio_set",	267 },
++	{ "ipc",	__PNR_ipc },
++	{ "kcmp",	332 },
++	{ "kexec_file_load", __PNR_kexec_file_load },
++	{ "kexec_load",	300 },
++	{ "keyctl",	266 },
++	{ "kill",	37 },
++	{ "lchown",	16 },
++	{ "lchown32",	__PNR_lchown32 },
++	{ "lgetxattr",	242 },
++	{ "link",	9 },
++	{ "linkat",	283 },
++	{ "listen",	32 },
++	{ "listxattr",	244 },
++	{ "llistxattr",	245 },
++	{ "lock",	__PNR_lock },
++	{ "lookup_dcookie",	223 },
++	{ "lremovexattr",	248 },
++	{ "lseek",	19 },
++	{ "lsetxattr",	239 },
++	{ "lstat",	84 },
++	{ "lstat64",	198 },
++	{ "madvise",	119 },
++	{ "mbind",	260 },
++	{ "membarrier",	343 },
++	{ "memfd_create",	340 },
++	{ "migrate_pages",	272 },
++	{ "mincore",	72 },
++	{ "mkdir",	39 },
++	{ "mkdirat",	276 },
++	{ "mknod",	14 },
++	{ "mknodat",	277 },
++	{ "mlock",	150 },
++	{ "mlock2",	345 },
++	{ "mlockall",	152 },
++	{ "mmap",	90 },
++	{ "mmap2",	89 },
++	{ "modify_ldt",	__PNR_modify_ldt },
++	{ "mount",	21 },
++	{ "move_pages",	295 },
++	{ "mprotect",	125 },
++	{ "mpx",	__PNR_mpx },
++	{ "mq_getsetattr",	234 },
++	{ "mq_notify",	233 },
++	{ "mq_open",	229 },
++	{ "mq_timedreceive",	232 },
++	{ "mq_timedsend",	231 },
++	{ "mq_unlink",	230 },
++	{ "mremap",	163 },
++	{ "msgctl",	191 },
++	{ "msgget",	190 },
++	{ "msgrcv",	189 },
++	{ "msgsnd",	188 },
++	{ "msync",	144 },
++	{ "multiplexer", __PNR_multiplexer },
++	{ "munlock",	151 },
++	{ "munlockall",	153 },
++	{ "munmap",	91 },
++	{ "name_to_handle_at",	325 },
++	{ "nanosleep",	162 },
++	{ "newfstatat", __PNR_newfstatat },
++	{ "nfsservctl",	169 },
++	{ "nice",	34 },
++	{ "oldfstat",	__PNR_oldfstat },
++	{ "oldlstat",	__PNR_oldlstat },
++	{ "oldolduname", __PNR_oldolduname },
++	{ "oldstat",	__PNR_oldstat },
++	{ "olduname",	__PNR_olduname },
++	{ "oldwait4",	__PNR_oldwait4 },
++	{ "open",	5 },
++	{ "open_by_handle_at",	326 },
++	{ "openat",	275 },
++	{ "pause",	29 },
++	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
++	{ "pciconfig_read", __PNR_pciconfig_read },
++	{ "pciconfig_write", __PNR_pciconfig_write },
++	{ "perf_event_open",	318 },
++	{ "personality",	136 },
++	{ "pipe",	42 },
++	{ "pipe2",	313 },
++	{ "pivot_root",	67 },
++	{ "poll",	168 },
++	{ "ppoll",	274 },
++	{ "prctl",	172 },
++	{ "pread64",	108 },
++	{ "preadv",	315 },
++	{ "prlimit64",	321 },
++	{ "process_vm_readv",	330 },
++	{ "process_vm_writev",	331 },
++	{ "prof",	__PNR_prof },
++	{ "profil",	__PNR_profil },
++	{ "pselect6",	273 },
++	{ "ptrace",	26 },
++	{ "putpmsg",	197 },
++	{ "pwrite64",	109 },
++	{ "pwritev",	316 },
++	{ "query_module",	167 },
++	{ "quotactl",	131 },
++	{ "read",	3 },
++	{ "readahead",	207 },
++	{ "readdir",	__PNR_readdir },
++	{ "readlink",	85 },
++	{ "readlinkat",	285 },
++	{ "readv",	145 },
++	{ "reboot",	88 },
++	{ "recv",	98 },
++	{ "recvfrom",	123 },
++	{ "recvmmsg",	319 },
++	{ "recvmsg",	184 },
++	{ "remap_file_pages",	227 },
++	{ "removexattr",	247 },
++	{ "rename",	38 },
++	{ "renameat",	282 },
++	{ "renameat2",	337 },
++	{ "request_key",	265 },
++	{ "restart_syscall",	0 },
++	{ "rmdir",	40 },
++	{ "rt_sigaction",	174 },
++	{ "rt_sigpending",	176 },
++	{ "rt_sigprocmask",	175 },
++	{ "rt_sigqueueinfo",	178 },
++	{ "rt_sigreturn",	173 },
++	{ "rt_sigsuspend",	179 },
++	{ "rt_sigtimedwait",	177 },
++	{ "rt_tgsigqueueinfo",	317 },
++	{ "rtas", __PNR_rtas },
++	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
++	{ "sched_get_priority_max",	159 },
++	{ "sched_get_priority_min",	160 },
++	{ "sched_getaffinity",	212 },
++	{ "sched_getattr",	335 },
++	{ "sched_getparam",	155 },
++	{ "sched_getscheduler",	157 },
++	{ "sched_rr_get_interval",	161 },
++	{ "sched_setaffinity",	211 },
++	{ "sched_setattr",	334 },
++	{ "sched_setparam",	154 },
++	{ "sched_setscheduler",	156 },
++	{ "sched_yield",	158 },
++	{ "seccomp",	338 },
++	{ "security",	__PNR_security },
++	{ "select",	__PNR_select },
++	{ "semctl",	187 },
++	{ "semget",	186 },
++	{ "semop",	185 },
++	{ "semtimedop",	228 },
++	{ "send",	58 },
++	{ "sendfile",	122 },
++	{ "sendfile64",	209 },
++	{ "sendmmsg",	329 },
++	{ "sendmsg",	183 },
++	{ "sendto",	82 },
++	{ "set_mempolicy",	262 },
++	{ "set_robust_list",	289 },
++	{ "set_thread_area",	213 },
++	{ "set_tid_address",	237 },
++	{ "set_tls", __PNR_set_tls },
++	{ "setdomainname",	121 },
++	{ "setfsgid",	139 },
++	{ "setfsgid32",	__PNR_setfsgid32 },
++	{ "setfsuid",	138 },
++	{ "setfsuid32",	__PNR_setfsuid32 },
++	{ "setgid",	46 },
++	{ "setgid32",	__PNR_setgid32 },
++	{ "setgroups",	81 },
++	{ "setgroups32", __PNR_setgroups32},
++	{ "sethostname",	74 },
++	{ "setitimer",	104 },
++	{ "setns",	328 },
++	{ "setpgid",	57 },
++	{ "setpriority",	97 },
++	{ "setregid",	71 },
++	{ "setregid32", __PNR_setregid32 },
++	{ "setresgid",	170 },
++	{ "setresgid32", __PNR_setresgid32 },
++	{ "setresuid",	164 },
++	{ "setresuid32", __PNR_setresuid32 },
++	{ "setreuid",	70 },
++	{ "setreuid32",	__PNR_setreuid32 },
++	{ "setrlimit",	75 },
++	{ "setsid",	66 },
++	{ "setsockopt",	181 },
++	{ "settimeofday",	79 },
++	{ "setuid",	23 },
++	{ "setuid32",	__PNR_setuid32 },
++	{ "setxattr",	238 },
++	{ "sgetmask",	68 },
++	{ "shmat",	192 },
++	{ "shmctl",	195 },
++	{ "shmdt",	193 },
++	{ "shmget",	194 },
++	{ "shutdown",	117 },
++	{ "sigaction",	__PNR_sigaction },
++	{ "sigaltstack", 166 },
++	{ "signal",	48 },
++	{ "signalfd",	302 },
++	{ "signalfd4",	309 },
++	{ "sigpending",	73 },
++	{ "sigprocmask",	126 },
++	{ "sigreturn",	__PNR_sigreturn },
++	{ "sigsuspend",	__PNR_sigsuspend },
++	{ "socket",	17 },
++	{ "socketcall",	__PNR_socketcall },
++	{ "socketpair",	56 },
++	{ "splice",	291 },
++	{ "spu_create", __PNR_spu_create },
++	{ "spu_run", __PNR_spu_run },
++	{ "ssetmask",	69 },
++	{ "stat",	18 },
++	{ "stat64",	101 },
++	{ "statfs",	99 },
++	{ "statfs64",	298 },
++	{ "stime",	25 },
++	{ "stty",	__PNR_stty },
++	{ "subpage_prot", __PNR_subpage_prot },
++	{ "swapcontext", __PNR_swapcontext },
++	{ "swapoff",	115 },
++	{ "swapon",	87 },
++	{ "switch_endian", __PNR_switch_endian },
++	{ "symlink",	83 },
++	{ "symlinkat",	284 },
++	{ "sync",	36 },
++	{ "sync_file_range",	292 },
++	{ "sync_file_range2", __PNR_sync_file_range2 },
++	{ "syncfs",	327 },
++	{ "syscall", __PNR_syscall },
++	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
++	{ "sysfs",	135 },
++	{ "sysinfo",	116 },
++	{ "syslog",	103 },
++	{ "sysmips",	__PNR_sysmips },
++	{ "tee",	293 },
++	{ "tgkill",	259 },
++	{ "time",	13 },
++	{ "timer_create",	250 },
++	{ "timer_delete",	254 },
++	{ "timer_getoverrun",	253 },
++	{ "timer_gettime",	252 },
++	{ "timer_settime",	251 },
++	{ "timerfd",	303 },
++	{ "timerfd_create",	306 },
++	{ "timerfd_gettime",	308 },
++	{ "timerfd_settime",	307 },
++	{ "times",	43 },
++	{ "tkill",	208 },
++	{ "truncate",	92 },
++	{ "truncate64",	199 },
++	{ "tuxcall",	__PNR_tuxcall },
++	{ "ugetrlimit", __PNR_ugetrlimit },
++	{ "ulimit",	__PNR_ulimit },
++	{ "umask",	60 },
++	{ "umount",	__PNR_umount },
++	{ "umount2",	52 },
++	{ "uname",	59 },
++	{ "unlink",	10 },
++	{ "unlinkat",	281 },
++	{ "unshare",	288 },
++	{ "uselib",	86 },
++	{ "userfaultfd", 344 },
++	{ "usr26",	__PNR_usr26 },
++	{ "usr32",	__PNR_usr32 },
++	{ "ustat",	62 },
++	{ "utime",	30 },
++	{ "utimensat",	301 },
++	{ "utimes",	336 },
++	{ "vfork",	113 },
++	{ "vhangup",	111 },
++	{ "vm86",	__PNR_vm86 },
++	{ "vm86old",	__PNR_vm86old },
++	{ "vmsplice",	294 },
++	{ "vserver",	263 },
++	{ "wait4",	114 },
++	{ "waitid",	235 },
++	{ "waitpid",	7 },
++	{ "write",	4 },
++	{ "writev",	146 },
++	{ NULL, __NR_SCMP_ERROR },
++};
++
++/**
++ * Resolve a syscall name to a number
++ * @param name the syscall name
++ *
++ * Resolve the given syscall name to the syscall number using the syscall table.
++ * Returns the syscall number on success, including negative pseudo syscall
++ * numbers; returns __NR_SCMP_ERROR on failure.
++ *
++ */
++int parisc_syscall_resolve_name(const char *name)
++{
++	unsigned int iter;
++	const struct arch_syscall_def *table = parisc_syscall_table;
++
++	/* XXX - plenty of room for future improvement here */
++	for (iter = 0; table[iter].name != NULL; iter++) {
++		if (strcmp(name, table[iter].name) == 0)
++			return table[iter].num;
++	}
++
++	return __NR_SCMP_ERROR;
++}
++
++/**
++ * Resolve a syscall number to a name
++ * @param num the syscall number
++ *
++ * Resolve the given syscall number to the syscall name using the syscall table.
++ * Returns a pointer to the syscall name string on success, including pseudo
++ * syscall names; returns NULL on failure.
++ *
++ */
++const char *parisc_syscall_resolve_num(int num)
++{
++	unsigned int iter;
++	const struct arch_syscall_def *table = parisc_syscall_table;
++
++	/* XXX - plenty of room for future improvement here */
++	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
++		if (num == table[iter].num)
++			return table[iter].name;
++	}
++
++	return NULL;
++}
++
++/**
++ * Iterate through the syscall table and return the syscall name
++ * @param spot the offset into the syscall table
++ *
++ * Return the syscall name at position @spot or NULL on failure.  This function
++ * should only ever be used internally by libseccomp.
++ *
++ */
++const char *parisc_syscall_iterate_name(unsigned int spot)
++{
++	/* XXX - no safety checks here */
++	return parisc_syscall_table[spot].name;
++}
+Index: libseccomp/src/arch-parisc.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ libseccomp/src/arch-parisc.c	2016-05-28 19:57:02.042592678 +0200
+@@ -0,0 +1,22 @@
++/*
++ * Copyright (c) 2016 Helge Deller <deller@gmx.de>
++ * Author: Helge Deller <deller@gmx.de>
++ */
++
++#include <stdlib.h>
++#include <errno.h>
++#include <linux/audit.h>
++
++#include "arch.h"
++#include "arch-parisc.h"
++
++const struct arch_def arch_def_parisc = {
++	.token = SCMP_ARCH_PARISC,
++	.token_bpf = AUDIT_ARCH_PARISC,
++	.size = ARCH_SIZE_32,
++	.endian = ARCH_ENDIAN_BIG,
++	.syscall_resolve_name = parisc_syscall_resolve_name,
++	.syscall_resolve_num = parisc_syscall_resolve_num,
++	.syscall_rewrite = NULL,
++	.rule_add = NULL,
++};
+Index: libseccomp/src/arch-parisc.h
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ libseccomp/src/arch-parisc.h	2016-05-28 19:57:02.042592678 +0200
+@@ -0,0 +1,38 @@
++/**
++ * Enhanced Seccomp PARISC Specific Code
++ *
++ * Copyright (c) 2016 Helge Deller <deller@gmx.de>
++ *
++ */
++
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#ifndef _ARCH_PARISC_H
++#define _ARCH_PARISC_H
++
++#include <inttypes.h>
++
++#include "arch.h"
++#include "system.h"
++
++extern const struct arch_def arch_def_parisc;
++extern const struct arch_def arch_def_parisc64;
++
++int parisc_syscall_resolve_name(const char *name);
++const char *parisc_syscall_resolve_num(int num);
++
++const char *parisc_syscall_iterate_name(unsigned int spot);
++
++#endif
+Index: libseccomp/src/arch-parisc64.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ libseccomp/src/arch-parisc64.c	2016-05-28 19:57:02.042592678 +0200
+@@ -0,0 +1,22 @@
++/*
++ * Copyright (c) 2016 Helge Deller <deller@gmx.de>
++ * Author: Helge Deller <deller@gmx.de>
++*/
++
++#include <stdlib.h>
++#include <errno.h>
++#include <linux/audit.h>
++
++#include "arch.h"
++#include "arch-parisc.h"
++
++const struct arch_def arch_def_parisc64 = {
++	.token = SCMP_ARCH_PARISC64,
++	.token_bpf = AUDIT_ARCH_PARISC64,
++	.size = ARCH_SIZE_64,
++	.endian = ARCH_ENDIAN_BIG,
++	.syscall_resolve_name = parisc_syscall_resolve_name,
++	.syscall_resolve_num = parisc_syscall_resolve_num,
++	.syscall_rewrite = NULL,
++	.rule_add = NULL,
++};
+Index: libseccomp/src/arch-syscall-check.c
+===================================================================
+--- libseccomp.orig/src/arch-syscall-check.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/arch-syscall-check.c	2016-05-28 19:57:02.042592678 +0200
+@@ -33,6 +33,7 @@
+ #include "arch-mips.h"
+ #include "arch-mips64.h"
+ #include "arch-mips64n32.h"
++#include "arch-parisc.h"
+ #include "arch-ppc.h"
+ #include "arch-ppc64.h"
+ #include "arch-s390.h"
+@@ -71,6 +72,7 @@
+ 	int i_mips = 0;
+ 	int i_mips64 = 0;
+ 	int i_mips64n32 = 0;
++	int i_parisc = 0;
+ 	int i_ppc = 0;
+ 	int i_ppc64 = 0;
+ 	int i_s390 = 0;
+@@ -101,6 +103,8 @@
+ 			      mips64_syscall_iterate_name(i_mips64));
+ 		syscall_check(str_miss, sys_name, "mips64n32",
+ 			      mips64n32_syscall_iterate_name(i_mips64n32));
++		syscall_check(str_miss, sys_name, "parisc",
++			      parisc_syscall_iterate_name(i_parisc));
+ 		syscall_check(str_miss, sys_name, "ppc",
+ 			      ppc_syscall_iterate_name(i_ppc));
+ 		syscall_check(str_miss, sys_name, "ppc64",
+@@ -135,6 +139,8 @@
+ 			i_mips64 = -1;
+ 		if (!mips64n32_syscall_iterate_name(++i_mips64n32))
+ 			i_mips64n32 = -1;
++		if (!parisc_syscall_iterate_name(++i_parisc))
++			i_parisc = -1;
+ 		if (!ppc_syscall_iterate_name(++i_ppc))
+ 			i_ppc = -1;
+ 		if (!ppc64_syscall_iterate_name(++i_ppc64))
+@@ -146,6 +152,7 @@
+ 	} while (i_x86_64 >= 0 && i_x32 >= 0 &&
+ 		 i_arm >= 0 && i_aarch64 >= 0 &&
+ 		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
++		 i_parisc >= 0 &&
+ 		 i_ppc >= 0 && i_ppc64 >= 0 &&
+ 		 i_s390 >= 0 && i_s390x >= 0);
+ 
+@@ -190,6 +197,10 @@
+ 		       mips64n32_syscall_iterate_name(i_mips64n32));
+ 		return 1;
+ 	}
++	if (i_parisc >= 0) {
++		printf("%s: ERROR, parisc has additional syscalls\n",
++		       parisc_syscall_iterate_name(i_parisc));
++	}
+ 	if (i_ppc >= 0) {
+ 		printf("%s: ERROR, ppc has additional syscalls\n",
+ 		       ppc_syscall_iterate_name(i_ppc));
+Index: libseccomp/src/arch-syscall-dump.c
+===================================================================
+--- libseccomp.orig/src/arch-syscall-dump.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/arch-syscall-dump.c	2016-05-28 19:57:02.042592678 +0200
+@@ -38,6 +38,7 @@
+ #include "arch-mips64.h"
+ #include "arch-mips64n32.h"
+ #include "arch-aarch64.h"
++#include "arch-parisc.h"
+ #include "arch-ppc.h"
+ #include "arch-ppc64.h"
+ #include "arch-s390.h"
+@@ -116,6 +117,10 @@
+ 		case SCMP_ARCH_MIPSEL64N32:
+ 			sys_name = mips64n32_syscall_iterate_name(iter);
+ 			break;
++		case SCMP_ARCH_PARISC:
++		case SCMP_ARCH_PARISC64:
++			sys_name = parisc_syscall_iterate_name(iter);
++			break;
+ 		case SCMP_ARCH_PPC:
+ 			sys_name = ppc_syscall_iterate_name(iter);
+ 			break;
+Index: libseccomp/src/arch.c
+===================================================================
+--- libseccomp.orig/src/arch.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/arch.c	2016-05-28 19:57:02.042592678 +0200
+@@ -38,6 +38,7 @@
+ #include "arch-mips.h"
+ #include "arch-mips64.h"
+ #include "arch-mips64n32.h"
++#include "arch-parisc.h"
+ #include "arch-ppc.h"
+ #include "arch-ppc64.h"
+ #include "arch-s390.h"
+@@ -79,6 +80,10 @@
+ #elif __MIPSEL__
+ const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
+ #endif /* _MIPS_SIM_NABI32 */
++#elif __hppa64__ /* hppa64 must be checked before hppa */
++const struct arch_def *arch_def_native = &arch_def_parisc64;
++#elif __hppa__
++const struct arch_def *arch_def_native = &arch_def_parisc;
+ #elif __PPC64__
+ #ifdef __BIG_ENDIAN__
+ const struct arch_def *arch_def_native = &arch_def_ppc64;
+@@ -139,6 +144,10 @@
+ 		return &arch_def_mips64n32;
+ 	case SCMP_ARCH_MIPSEL64N32:
+ 		return &arch_def_mipsel64n32;
++	case SCMP_ARCH_PARISC:
++		return &arch_def_parisc;
++	case SCMP_ARCH_PARISC64:
++		return &arch_def_parisc64;
+ 	case SCMP_ARCH_PPC:
+ 		return &arch_def_ppc;
+ 	case SCMP_ARCH_PPC64:
+@@ -185,6 +194,10 @@
+ 		return &arch_def_mips64n32;
+ 	else if (strcmp(arch_name, "mipsel64n32") == 0)
+ 		return &arch_def_mipsel64n32;
++	else if (strcmp(arch_name, "parisc64") == 0)
++		return &arch_def_parisc64;
++	else if (strcmp(arch_name, "parisc") == 0)
++		return &arch_def_parisc;
+ 	else if (strcmp(arch_name, "ppc") == 0)
+ 		return &arch_def_ppc;
+ 	else if (strcmp(arch_name, "ppc64") == 0)
+Index: libseccomp/src/gen_pfc.c
+===================================================================
+--- libseccomp.orig/src/gen_pfc.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/gen_pfc.c	2016-05-28 19:57:02.042592678 +0200
+@@ -71,6 +71,10 @@
+ 		return "mips64n32";
+ 	case SCMP_ARCH_MIPSEL64N32:
+ 		return "mipsel64n32";
++	case SCMP_ARCH_PARISC:
++		return "parisc";
++	case SCMP_ARCH_PARISC64:
++		return "parisc64";
+ 	case SCMP_ARCH_PPC64:
+ 		return "ppc64";
+ 	case SCMP_ARCH_PPC64LE:
+Index: libseccomp/src/python/libseccomp.pxd
+===================================================================
+--- libseccomp.orig/src/python/libseccomp.pxd	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/python/libseccomp.pxd	2016-05-28 19:57:02.042592678 +0200
+@@ -43,6 +43,8 @@
+         SCMP_ARCH_MIPSEL
+         SCMP_ARCH_MIPSEL64
+         SCMP_ARCH_MIPSEL64N32
++        SCMP_ARCH_PARISC
++        SCMP_ARCH_PARISC64
+         SCMP_ARCH_PPC
+         SCMP_ARCH_PPC64
+         SCMP_ARCH_PPC64LE
+Index: libseccomp/src/python/seccomp.pyx
+===================================================================
+--- libseccomp.orig/src/python/seccomp.pyx	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/src/python/seccomp.pyx	2016-05-28 19:57:02.042592678 +0200
+@@ -147,6 +147,8 @@
+     MIPSEL - MIPS little endian O32 ABI
+     MIPSEL64 - MIPS little endian 64-bit ABI
+     MIPSEL64N32 - MIPS little endian N32 ABI
++    PARISC - 32-bit PA-RISC
++    PARISC64 - 64-bit PA-RISC
+     PPC64 - 64-bit PowerPC
+     PPC - 32-bit PowerPC
+     """
+@@ -165,6 +167,8 @@
+     MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
+     MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
+     MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
++    PARISC = libseccomp.SCMP_ARCH_PARISC
++    PARISC64 = libseccomp.SCMP_ARCH_PARISC64
+     PPC = libseccomp.SCMP_ARCH_PPC
+     PPC64 = libseccomp.SCMP_ARCH_PPC64
+     PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
+@@ -205,6 +209,10 @@
+                 self._token = libseccomp.SCMP_ARCH_MIPSEL64
+             elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
+                 self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
++            elif arch == libseccomp.SCMP_ARCH_PARISC:
++                self._token = libseccomp.SCMP_ARCH_PARISC
++            elif arch == libseccomp.SCMP_ARCH_PARISC64:
++                self._token = libseccomp.SCMP_ARCH_PARISC64
+             elif arch == libseccomp.SCMP_ARCH_PPC:
+                 self._token = libseccomp.SCMP_ARCH_PPC
+             elif arch == libseccomp.SCMP_ARCH_PPC64:
+Index: libseccomp/tests/26-sim-arch_all_be_basic.c
+===================================================================
+--- libseccomp.orig/tests/26-sim-arch_all_be_basic.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/tests/26-sim-arch_all_be_basic.c	2016-05-28 19:57:02.042592678 +0200
+@@ -52,6 +52,12 @@
+ 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
+ 	if (rc != 0)
+ 		goto out;
++	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc"));
++	if (rc != 0)
++		goto out;
++	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc64"));
++	if (rc != 0)
++		goto out;
+ 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
+ 	if (rc != 0)
+ 		goto out;
+Index: libseccomp/tests/26-sim-arch_all_be_basic.py
+===================================================================
+--- libseccomp.orig/tests/26-sim-arch_all_be_basic.py	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/tests/26-sim-arch_all_be_basic.py	2016-05-28 19:57:02.046592702 +0200
+@@ -33,6 +33,8 @@
+     f.add_arch(Arch("mips"))
+     f.add_arch(Arch("mips64"))
+     f.add_arch(Arch("mips64n32"))
++    f.add_arch(Arch("parisc"))
++    f.add_arch(Arch("parisc64"))
+     f.add_arch(Arch("ppc"))
+     f.add_arch(Arch("ppc64"))
+     f.add_arch(Arch("s390"))
+Index: libseccomp/tests/regression
+===================================================================
+--- libseccomp.orig/tests/regression	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/tests/regression	2016-05-28 19:57:02.046592702 +0200
+@@ -28,6 +28,7 @@
+ 	ppc64le"
+ GLBL_ARCH_BE_SUPPORT=" \
+ 	mips mips64 mips64n32 \
++	parisc parisc64 \
+ 	ppc ppc64 \
+ 	s390 s390x"
+ 
+@@ -701,7 +702,7 @@
+ 
+ 	# setup the arch specific return values
+ 	case "$arch" in
+-	x86|x86_64|x32|arm|aarch64|ppc|ppc64|ppc64le|ppc|s390|s390x)
++	x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
+ 		rc_kill=159
+ 		rc_allow=160
+ 		rc_trap=161
+Index: libseccomp/tools/scmp_arch_detect.c
+===================================================================
+--- libseccomp.orig/tools/scmp_arch_detect.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/tools/scmp_arch_detect.c	2016-05-28 19:57:02.046592702 +0200
+@@ -99,6 +99,12 @@
+ 		case SCMP_ARCH_MIPSEL64N32:
+ 			printf("mipsel64n32\n");
+ 			break;
++		case SCMP_ARCH_PARISC:
++			printf("parisc\n");
++			break;
++		case SCMP_ARCH_PARISC64:
++			printf("parisc64\n");
++			break;
+ 		case SCMP_ARCH_PPC:
+ 			printf("ppc\n");
+ 			break;
+Index: libseccomp/tools/scmp_bpf_sim.c
+===================================================================
+--- libseccomp.orig/tools/scmp_bpf_sim.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/tools/scmp_bpf_sim.c	2016-05-28 19:57:02.046592702 +0200
+@@ -265,6 +265,10 @@
+ 				arch = AUDIT_ARCH_MIPS64N32;
+ 			else if (strcmp(optarg, "mipsel64n32") == 0)
+ 				arch = AUDIT_ARCH_MIPSEL64N32;
++			else if (strcmp(optarg, "parisc") == 0)
++				arch = AUDIT_ARCH_PARISC;
++			else if (strcmp(optarg, "parisc64") == 0)
++				arch = AUDIT_ARCH_PARISC64;
+ 			else if (strcmp(optarg, "ppc") == 0)
+ 				arch = AUDIT_ARCH_PPC;
+ 			else if (strcmp(optarg, "ppc64") == 0)
+Index: libseccomp/tools/util.c
+===================================================================
+--- libseccomp.orig/tools/util.c	2016-05-28 19:57:02.050592727 +0200
++++ libseccomp/tools/util.c	2016-05-28 19:57:02.046592702 +0200
+@@ -62,6 +62,10 @@
+ #elif __MIPSEL__
+ #define ARCH_NATIVE		AUDIT_ARCH_MIPSEL64N32
+ #endif /* _MIPS_SIM_NABI32 */
++#elif __hppa64__
++#define ARCH_NATIVE		AUDIT_ARCH_PARISC64
++#elif __hppa__
++#define ARCH_NATIVE		AUDIT_ARCH_PARISC
+ #elif __PPC64__
+ #ifdef __BIG_ENDIAN__
+ #define ARCH_NATIVE		AUDIT_ARCH_PPC64
diff -Nru libseccomp-2.2.3/debian/patches/add-membarrier.patch libseccomp-2.3.1/debian/patches/add-membarrier.patch
--- libseccomp-2.2.3/debian/patches/add-membarrier.patch	2016-02-10 23:14:22.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/add-membarrier.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,165 +0,0 @@
-Author: Jamie Strandboge <jamie@canonical.com>
-Description: add membarrier syscall. This can be dropped once libseccomp is
- synced with 4.3 or higher
-Forwarded: no
-
-Index: libseccomp-2.2.3/src/arch-aarch64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-aarch64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-aarch64-syscalls.c
-@@ -195,6 +195,7 @@ const struct arch_syscall_def aarch64_sy
- 	{ "lstat", __PNR_lstat },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 233 },
-+	{ "mbarrier", 283 },
- 	{ "mbind", 235 },
- 	{ "memfd_create", 279 },
- 	{ "migrate_pages", 238 },
-Index: libseccomp-2.2.3/src/arch-arm-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-arm-syscalls.c
-+++ libseccomp-2.2.3/src/arch-arm-syscalls.c
-@@ -207,6 +207,7 @@ const struct arch_syscall_def arm_syscal
- 	{ "lstat", (__NR_SYSCALL_BASE + 107) },
- 	{ "lstat64", (__NR_SYSCALL_BASE + 196) },
- 	{ "madvise", (__NR_SYSCALL_BASE + 220) },
-+	{ "mbarrier", (__NR_SYSCALL_BASE + 389) },
- 	{ "mbind", (__NR_SYSCALL_BASE + 319) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 385) },
- 	{ "migrate_pages", __PNR_migrate_pages },
-Index: libseccomp-2.2.3/src/arch-mips64n32-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-mips64n32-syscalls.c
-+++ libseccomp-2.2.3/src/arch-mips64n32-syscalls.c
-@@ -199,6 +199,7 @@ const struct arch_syscall_def mips64n32_
- 	{ "lstat", (__NR_SYSCALL_BASE + 6) },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", (__NR_SYSCALL_BASE + 27) },
-+	{ "mbarrier", __PNR_mbarrier },
- 	{ "mbind", (__NR_SYSCALL_BASE + 231) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 318) },
- 	{ "migrate_pages", (__NR_SYSCALL_BASE + 250) },
-Index: libseccomp-2.2.3/src/arch-mips64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-mips64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-mips64-syscalls.c
-@@ -199,6 +199,7 @@ const struct arch_syscall_def mips64_sys
- 	{ "lstat", (__NR_SYSCALL_BASE + 6) },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", (__NR_SYSCALL_BASE + 27) },
-+	{ "mbarrier", __PNR_mbarrier },
- 	{ "mbind", (__NR_SYSCALL_BASE + 227) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 314) },
- 	{ "migrate_pages", (__NR_SYSCALL_BASE + 246) },
-Index: libseccomp-2.2.3/src/arch-mips-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-mips-syscalls.c
-+++ libseccomp-2.2.3/src/arch-mips-syscalls.c
-@@ -199,6 +199,7 @@ const struct arch_syscall_def mips_sysca
- 	{ "lstat", (__NR_SYSCALL_BASE + 107) },
- 	{ "lstat64", (__NR_SYSCALL_BASE + 214) },
- 	{ "madvise", (__NR_SYSCALL_BASE + 218) },
-+	{ "mbarrier", __PNR_mbarrier },
- 	{ "mbind", (__NR_SYSCALL_BASE + 268) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 354) },
- 	{ "migrate_pages", (__NR_SYSCALL_BASE + 287) },
-Index: libseccomp-2.2.3/src/arch-ppc64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-ppc64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-ppc64-syscalls.c
-@@ -196,6 +196,7 @@ const struct arch_syscall_def ppc64_sysc
- 	{ "lstat", 107 },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 205 },
-+	{ "mbarrier", 365 },
- 	{ "mbind", 259 },
- 	{ "memfd_create", 360 },
- 	{ "migrate_pages", 258 },
-Index: libseccomp-2.2.3/src/arch-ppc-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-ppc-syscalls.c
-+++ libseccomp-2.2.3/src/arch-ppc-syscalls.c
-@@ -196,6 +196,7 @@ const struct arch_syscall_def ppc_syscal
- 	{ "lstat", 107 },
- 	{ "lstat64", 196 },
- 	{ "madvise", 205 },
-+	{ "mbarrier", 365 },
- 	{ "mbind", 259 },
- 	{ "memfd_create", 360 },
- 	{ "migrate_pages", 258 },
-Index: libseccomp-2.2.3/src/arch-s390-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-s390-syscalls.c
-+++ libseccomp-2.2.3/src/arch-s390-syscalls.c
-@@ -179,6 +179,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "lstat", 107 },
- 	{ "lstat64", 196 },
- 	{ "madvise", 219 },
-+	{ "mbarrier", __PNR_mbarrier },
- 	{ "mbind", __PNR_mbind },
- 	{ "memfd_create", 350 },
- 	{ "migrate_pages", __PNR_migrate_pages},
-Index: libseccomp-2.2.3/src/arch-s390x-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-s390x-syscalls.c
-+++ libseccomp-2.2.3/src/arch-s390x-syscalls.c
-@@ -179,6 +179,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "lstat", 107 },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 219 },
-+	{ "mbarrier", 356 },
- 	{ "mbind", __PNR_mbind },
- 	{ "memfd_create", 350 },
- 	{ "migrate_pages", __PNR_migrate_pages },
-Index: libseccomp-2.2.3/src/arch-x32-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-x32-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x32-syscalls.c
-@@ -195,6 +195,7 @@ const struct arch_syscall_def x32_syscal
- 	{ "lstat", (X32_SYSCALL_BIT + 6) },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", (X32_SYSCALL_BIT + 28) },
-+	{ "mbarrier", (X32_SYSCALL_BIT + 324) },
- 	{ "mbind", (X32_SYSCALL_BIT + 237) },
- 	{ "memfd_create", (X32_SYSCALL_BIT + 319) },
- 	{ "migrate_pages", (X32_SYSCALL_BIT + 256) },
-Index: libseccomp-2.2.3/src/arch-x86_64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-x86_64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x86_64-syscalls.c
-@@ -195,6 +195,7 @@ const struct arch_syscall_def x86_64_sys
- 	{ "lstat", 6 },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 28 },
-+	{ "mbarrier", 324 },
- 	{ "mbind", 237 },
- 	{ "memfd_create", 319 },
- 	{ "migrate_pages", 256 },
-Index: libseccomp-2.2.3/src/arch-x86-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-x86-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x86-syscalls.c
-@@ -195,6 +195,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "lstat", 107 },
- 	{ "lstat64", 196 },
- 	{ "madvise", 219 },
-+	{ "mbarrier", 375 },
- 	{ "mbind", 274 },
- 	{ "memfd_create", 356 },
- 	{ "migrate_pages", 294 },
-Index: libseccomp-2.2.3/include/seccomp.h.in
-===================================================================
---- libseccomp-2.2.3.orig/include/seccomp.h.in
-+++ libseccomp-2.2.3/include/seccomp.h.in
-@@ -1557,6 +1557,11 @@ int seccomp_export_bpf(const scmp_filter
- #define __NR_s390_runtime_instr		__PNR_s390_runtime_instr
- #endif /* __NR_s390_runtime_instr */
- 
-+#define __PNR_mbarrier		-10197
-+#ifndef __NR_mbarrier
-+#define __NR_mbarrier		__PNR_mbarrier
-+#endif /* __NR_mbarrier */
-+
- #ifdef __cplusplus
- }
- #endif
diff -Nru libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch libseccomp-2.3.1/debian/patches/add-x86-32bit-socket-calls.patch
--- libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch	2016-02-10 23:14:22.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/add-x86-32bit-socket-calls.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,118 +0,0 @@
-Description: add newly connected x86 32bit direct socket calls
- x86 recently connected up the direct socket calls to allow simpler
- seccomp mitigation for them.  Add these to the 32bit x86 syscalls table
- to match.
-Author: Andy Whitcroft <apw@ubuntu.com>
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526358
-
---- libseccomp-2.2.3.orig/src/arch-x86-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x86-syscalls.c
-@@ -32,7 +32,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "_newselect", 142 },
- 	{ "_sysctl", 149 },
- 	{ "accept", __PNR_accept },
--	{ "accept4", __PNR_accept4 },
-+	{ "accept4", 364 },
- 	{ "access", 33 },
- 	{ "acct", 51 },
- 	{ "add_key", 286 },
-@@ -43,7 +43,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
- 	{ "arch_prctl", __PNR_arch_prctl },
- 	{ "bdflush", 134 },
--	{ "bind", __PNR_bind },
-+	{ "bind", 361 },
- 	{ "bpf", 357 },
- 	{ "break", 17 },
- 	{ "breakpoint", __PNR_breakpoint },
-@@ -64,7 +64,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "clock_settime", 264 },
- 	{ "clone", 120 },
- 	{ "close", 6 },
--	{ "connect", __PNR_connect },
-+	{ "connect", 362 },
- 	{ "creat", 8 },
- 	{ "create_module", 127 },
- 	{ "delete_module", 129 },
-@@ -134,7 +134,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "getgroups", 80 },
- 	{ "getgroups32", 205 },
- 	{ "getitimer", 105 },
--	{ "getpeername", __PNR_getpeername },
-+	{ "getpeername", 368 },
- 	{ "getpgid", 132 },
- 	{ "getpgrp", 65 },
- 	{ "getpid", 20 },
-@@ -149,8 +149,8 @@ const struct arch_syscall_def x86_syscal
- 	{ "getrlimit", 76 },
- 	{ "getrusage", 77 },
- 	{ "getsid", 147 },
--	{ "getsockname", __PNR_getsockname },
--	{ "getsockopt", __PNR_getsockopt },
-+	{ "getsockname", 367 },
-+	{ "getsockopt", 365 },
- 	{ "gettid", 224 },
- 	{ "gettimeofday", 78 },
- 	{ "getuid", 24 },
-@@ -184,7 +184,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "lgetxattr", 230 },
- 	{ "link", 9 },
- 	{ "linkat", 303 },
--	{ "listen", __PNR_listen },
-+	{ "listen", 363 },
- 	{ "listxattr", 232 },
- 	{ "llistxattr", 233 },
- 	{ "lock", 53 },
-@@ -277,9 +277,9 @@ const struct arch_syscall_def x86_syscal
- 	{ "readv", 145 },
- 	{ "reboot", 88 },
- 	{ "recv", __PNR_recv },
--	{ "recvfrom", __PNR_recvfrom },
-+	{ "recvfrom", 371 },
- 	{ "recvmmsg", 337 },
--	{ "recvmsg", __PNR_recvmsg },
-+	{ "recvmsg", 372 },
- 	{ "remap_file_pages", 257 },
- 	{ "removexattr", 235 },
- 	{ "rename", 38 },
-@@ -321,8 +321,8 @@ const struct arch_syscall_def x86_syscal
- 	{ "sendfile", 187 },
- 	{ "sendfile64", 239 },
- 	{ "sendmmsg", 345 },
--	{ "sendmsg", __PNR_sendmsg },
--	{ "sendto", __PNR_sendto },
-+	{ "sendmsg", 370 },
-+	{ "sendto", 369 },
- 	{ "set_mempolicy", 276 },
- 	{ "set_robust_list", 311 },
- 	{ "set_thread_area", 243 },
-@@ -352,7 +352,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "setreuid32", 203 },
- 	{ "setrlimit", 75 },
- 	{ "setsid", 66 },
--	{ "setsockopt", __PNR_setsockopt },
-+	{ "setsockopt", 366 },
- 	{ "settimeofday", 79 },
- 	{ "setuid", 23 },
- 	{ "setuid32", 213 },
-@@ -362,7 +362,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "shmctl", __PNR_shmctl },
- 	{ "shmdt", __PNR_shmdt },
- 	{ "shmget", __PNR_shmget },
--	{ "shutdown", __PNR_shutdown },
-+	{ "shutdown", 373 },
- 	{ "sigaction", 67 },
- 	{ "sigaltstack", 186 },
- 	{ "signal", 48 },
-@@ -372,9 +372,9 @@ const struct arch_syscall_def x86_syscal
- 	{ "sigprocmask", 126 },
- 	{ "sigreturn", 119 },
- 	{ "sigsuspend", 72 },
--	{ "socket", __PNR_socket },
-+	{ "socket", 359 },
- 	{ "socketcall", 102 },
--	{ "socketpair", __PNR_socketpair },
-+	{ "socketpair", 360 },
- 	{ "splice", 313 },
- 	{ "spu_create", __PNR_spu_create },
- 	{ "spu_run", __PNR_spu_run },
diff -Nru libseccomp-2.2.3/debian/patches/git-13386c1fd34834b6c9d46d36c43616b623736a93.diff libseccomp-2.3.1/debian/patches/git-13386c1fd34834b6c9d46d36c43616b623736a93.diff
--- libseccomp-2.2.3/debian/patches/git-13386c1fd34834b6c9d46d36c43616b623736a93.diff	2016-02-10 23:14:22.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-13386c1fd34834b6c9d46d36c43616b623736a93.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,22 +0,0 @@
-commit 13386c1fd34834b6c9d46d36c43616b623736a93
-Author: Paul Moore <pmoore@redhat.com>
-Date:   Sat Aug 29 21:13:21 2015 -0400
-
-    tools: add the missing s390/s390x support to scmp_bpf_disasm
-    
-    Signed-off-by: Paul Moore <pmoore@redhat.com>
-diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
-index d0fb16d..a081ad0 100644
---- a/tools/scmp_bpf_disasm.c
-+++ b/tools/scmp_bpf_disasm.c
-@@ -492,6 +492,10 @@ int main(int argc, char *argv[])
- 				arch = AUDIT_ARCH_PPC64LE;
- 			else if (strcmp(optarg, "ppc") == 0)
- 				arch = AUDIT_ARCH_PPC;
-+			else if (strcmp(optarg, "s390") == 0)
-+				arch = AUDIT_ARCH_S390;
-+			else if (strcmp(optarg, "s390x") == 0)
-+				arch = AUDIT_ARCH_S390X;
- 			else
- 				exit_usage(argv[0]);
- 			break;
diff -Nru libseccomp-2.2.3/debian/patches/git-18c7d1176fb236d98656eb4f4cd0343ebcfe5cc0.diff libseccomp-2.3.1/debian/patches/git-18c7d1176fb236d98656eb4f4cd0343ebcfe5cc0.diff
--- libseccomp-2.2.3/debian/patches/git-18c7d1176fb236d98656eb4f4cd0343ebcfe5cc0.diff	2016-02-10 23:14:22.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-18c7d1176fb236d98656eb4f4cd0343ebcfe5cc0.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,293 +0,0 @@
-commit 18c7d1176fb236d98656eb4f4cd0343ebcfe5cc0
-Author: Paul Moore <pmoore@redhat.com>
-Date:   Wed Aug 5 12:04:11 2015 -0400
-
-    arch: update the syscall tables for 4.2-rc5
-    
-    The only update this time around is "switch_endian" for ppc.
-    
-    Signed-off-by: Paul Moore <pmoore@redhat.com>
-diff --git a/include/seccomp.h.in b/include/seccomp.h.in
-index d100dc8..08eae61 100644
---- a/include/seccomp.h.in
-+++ b/include/seccomp.h.in
-@@ -1521,6 +1521,11 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
- #define __NR_sys_debug_setcontext	__PNR_sys_debug_setcontext
- #endif /* __NR_sys_debug_setcontext */
- 
-+#define __PNR_switch_endian	-10191
-+#ifndef __NR_switch_endian
-+#define __NR_switch_endian	__PNR_switch_endian
-+#endif /* __NR_switch_endian */
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
-index 315be10..43d77ad 100644
---- a/src/arch-aarch64-syscalls.c
-+++ b/src/arch-aarch64-syscalls.c
-@@ -26,7 +26,7 @@
- #include "arch.h"
- #include "arch-aarch64.h"
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "_llseek", __PNR__llseek },
- 	{ "_newselect", __PNR__newselect },
-@@ -387,6 +387,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", 225 },
- 	{ "swapon", 224 },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", __PNR_symlink },
- 	{ "symlinkat", 36 },
- 	{ "sync", 81 },
-diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
-index 3d75062..211bbec 100644
---- a/src/arch-arm-syscalls.c
-+++ b/src/arch-arm-syscalls.c
-@@ -37,7 +37,7 @@
- #define __NR_SYSCALL_BASE	__NR_OABI_SYSCALL_BASE
- #endif
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def arm_syscall_table[] = { \
- 	/* NOTE: arm_sync_file_range() and sync_file_range2() share values */
- 	{ "_llseek", (__NR_SYSCALL_BASE + 140) },
-@@ -399,13 +399,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 87) },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", (__NR_SYSCALL_BASE + 83) },
- 	{ "symlinkat", (__NR_SYSCALL_BASE + 331) },
- 	{ "sync", (__NR_SYSCALL_BASE + 36) },
- 	{ "sync_file_range", __PNR_sync_file_range },
- 	{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
- 	{ "syncfs", (__NR_SYSCALL_BASE + 373) },
--	{ "syscall", (__NR_SYSCALL_BASE + 113) },
-+	{ "syscall", (__PNR_syscall) },
- 	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
- 	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
-diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
-index f02988e..1fe9315 100644
---- a/src/arch-mips-syscalls.c
-+++ b/src/arch-mips-syscalls.c
-@@ -30,7 +30,7 @@
- /* O32 ABI */
- #define __NR_SYSCALL_BASE	4000
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "_llseek", (__NR_SYSCALL_BASE + 140) },
- 	{ "_newselect", (__NR_SYSCALL_BASE + 142) },
-@@ -391,6 +391,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 87) },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", (__NR_SYSCALL_BASE + 83) },
- 	{ "symlinkat", (__NR_SYSCALL_BASE + 297) },
- 	{ "sync", (__NR_SYSCALL_BASE + 36) },
-diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
-index 7faea23..493fe87 100644
---- a/src/arch-mips64-syscalls.c
-+++ b/src/arch-mips64-syscalls.c
-@@ -30,7 +30,7 @@
- /* 64 ABI */
- #define __NR_SYSCALL_BASE	5000
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "_llseek", __PNR__llseek },
- 	{ "_newselect", (__NR_SYSCALL_BASE + 22) },
-@@ -391,6 +391,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 163) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 162) },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", (__NR_SYSCALL_BASE + 86) },
- 	{ "symlinkat", (__NR_SYSCALL_BASE + 256) },
- 	{ "sync", (__NR_SYSCALL_BASE + 157) },
-diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
-index 18ee476..e1cbf5c 100644
---- a/src/arch-mips64n32-syscalls.c
-+++ b/src/arch-mips64n32-syscalls.c
-@@ -30,7 +30,7 @@
- /* N32 ABI */
- #define __NR_SYSCALL_BASE	6000
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "_llseek", __PNR__llseek },
- 	{ "_newselect", (__NR_SYSCALL_BASE + 22) },
-@@ -391,6 +391,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 163) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 162) },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", (__NR_SYSCALL_BASE + 86) },
- 	{ "symlinkat", (__NR_SYSCALL_BASE + 260) },
- 	{ "sync", (__NR_SYSCALL_BASE + 157) },
-diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
-index 32fc05a..92fa1c3 100644
---- a/src/arch-ppc-syscalls.c
-+++ b/src/arch-ppc-syscalls.c
-@@ -27,7 +27,7 @@
- #include "arch.h"
- #include "arch-ppc.h"
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def ppc_syscall_table[] = { \
- 	{ "_llseek", 140 },
- 	{ "_newselect", 142 },
-@@ -47,6 +47,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
- 	{ "bind", 327 },
- 	{ "bpf", 361 },
- 	{ "break", 17 },
-+	{ "breakpoint", __PNR_breakpoint },
- 	{ "brk", 45 },
- 	{ "cachectl", __PNR_cachectl },
- 	{ "cacheflush", __PNR_cacheflush },
-@@ -325,6 +326,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
- 	{ "set_robust_list", 300 },
- 	{ "set_thread_area", __PNR_set_thread_area },
- 	{ "set_tid_address", 232 },
-+	{ "set_tls", __PNR_set_tls },
- 	{ "setdomainname", 121 },
- 	{ "setfsgid", 139 },
- 	{ "setfsgid32", __PNR_setfsgid32 },
-@@ -386,6 +388,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
- 	{ "swapcontext", 249 },
- 	{ "swapoff", 115 },
- 	{ "swapon", 87 },
-+	{ "switch_endian", 363 },
- 	{ "symlink", 83 },
- 	{ "symlinkat", 295 },
- 	{ "sync", 36 },
-@@ -425,6 +428,8 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
- 	{ "unlinkat", 292 },
- 	{ "unshare", 282 },
- 	{ "uselib", 86 },
-+	{ "usr26", __PNR_usr26 },
-+	{ "usr32", __PNR_usr32 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 304 },
-diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
-index 1c2a1df..b23d743 100644
---- a/src/arch-ppc64-syscalls.c
-+++ b/src/arch-ppc64-syscalls.c
-@@ -27,7 +27,7 @@
- #include "arch.h"
- #include "arch-ppc64.h"
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def ppc64_syscall_table[] = { \
- 	{ "_llseek", 140 },
- 	{ "_newselect", 142 },
-@@ -47,6 +47,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
- 	{ "bind", 327 },
- 	{ "bpf", 361 },
- 	{ "break", 17 },
-+	{ "breakpoint", __PNR_breakpoint },
- 	{ "brk", 45 },
- 	{ "cachectl", __PNR_cachectl },
- 	{ "cacheflush", __PNR_cacheflush },
-@@ -325,6 +326,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
- 	{ "set_robust_list", 300 },
- 	{ "set_thread_area", __PNR_set_thread_area },
- 	{ "set_tid_address", 232 },
-+	{ "set_tls", __PNR_set_tls },
- 	{ "setdomainname", 121 },
- 	{ "setfsgid", 139 },
- 	{ "setfsgid32", __PNR_setfsgid32 },
-@@ -386,6 +388,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
- 	{ "swapcontext", 249 },
- 	{ "swapoff", 115 },
- 	{ "swapon", 87 },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", 83 },
- 	{ "symlinkat", 295 },
- 	{ "sync", 36 },
-@@ -425,6 +428,8 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
- 	{ "unlinkat", 292 },
- 	{ "unshare", 282 },
- 	{ "uselib", 86 },
-+	{ "usr26", __PNR_usr26 },
-+	{ "usr32", __PNR_usr32 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 304 },
-diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
-index a0b4247..66a58a1 100644
---- a/src/arch-x32-syscalls.c
-+++ b/src/arch-x32-syscalls.c
-@@ -26,7 +26,7 @@
- #include "arch.h"
- #include "arch-x32.h"
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "_llseek", __PNR__llseek },
- 	{ "_newselect", __PNR__newselect },
-@@ -387,6 +387,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (X32_SYSCALL_BIT + 168) },
- 	{ "swapon", (X32_SYSCALL_BIT + 167) },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", (X32_SYSCALL_BIT + 88) },
- 	{ "symlinkat", (X32_SYSCALL_BIT + 266) },
- 	{ "sync", (X32_SYSCALL_BIT + 162) },
-diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
-index d27a4d1..53f7cfa 100644
---- a/src/arch-x86-syscalls.c
-+++ b/src/arch-x86-syscalls.c
-@@ -26,7 +26,7 @@
- #include "arch.h"
- #include "arch-x86.h"
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "_llseek", 140 },
- 	{ "_newselect", 142 },
-@@ -387,6 +387,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", 115 },
- 	{ "swapon", 87 },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", 83 },
- 	{ "symlinkat", 304 },
- 	{ "sync", 36 },
-diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
-index cd9eb6d..b50ec23 100644
---- a/src/arch-x86_64-syscalls.c
-+++ b/src/arch-x86_64-syscalls.c
-@@ -26,7 +26,7 @@
- #include "arch.h"
- #include "arch-x86_64.h"
- 
--/* NOTE: based on Linux 3.19 */
-+/* NOTE: based on Linux 4.2-rc5 */
- const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "_llseek", __PNR__llseek },
- 	{ "_newselect", __PNR__newselect },
-@@ -387,6 +387,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", 168 },
- 	{ "swapon", 167 },
-+	{ "switch_endian", __PNR_switch_endian },
- 	{ "symlink", 88 },
- 	{ "symlinkat", 266 },
- 	{ "sync", 162 },
diff -Nru libseccomp-2.2.3/debian/patches/git-29753076fddfed772511c67887bed1f0621b32cf.diff libseccomp-2.3.1/debian/patches/git-29753076fddfed772511c67887bed1f0621b32cf.diff
--- libseccomp-2.2.3/debian/patches/git-29753076fddfed772511c67887bed1f0621b32cf.diff	2016-02-10 23:14:22.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-29753076fddfed772511c67887bed1f0621b32cf.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,2192 +0,0 @@
-commit 29753076fddfed772511c67887bed1f0621b32cf
-Merge: 62c59aa 0843a46
-Author: Paul Moore <pmoore@redhat.com>
-Date:   Wed Aug 5 12:00:34 2015 -0400
-
-    Merge branch 'working-ppc64'
-    
-    Mike Strosaker <strosake@linux.vnet.ibm.com> reports that the
-    working-ppc64 branch is working for both 'make check' and './regression
-    -T live'.
-diff --git a/include/seccomp.h.in b/include/seccomp.h.in
-index 4cfc17c..d100dc8 100644
---- a/include/seccomp.h.in
-+++ b/include/seccomp.h.in
-@@ -163,6 +163,16 @@ struct scmp_arg_cmp {
- #define SCMP_ARCH_MIPSEL64N32	AUDIT_ARCH_MIPSEL64N32
- 
- /**
-+ * The PowerPC architecture tokens
-+ */
-+#define SCMP_ARCH_PPC		AUDIT_ARCH_PPC
-+#define SCMP_ARCH_PPC64		AUDIT_ARCH_PPC64
-+#ifndef AUDIT_ARCH_PPC64LE
-+#define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
-+#endif
-+#define SCMP_ARCH_PPC64LE	AUDIT_ARCH_PPC64LE
-+
-+/**
-  * Convert a syscall name into the associated syscall number
-  * @param x the syscall name
-  */
-@@ -1476,6 +1486,41 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
- #define __NR_usr32		__PNR_usr32
- #endif /* __ARM_NR_usr32 */
- 
-+#define __PNR_multiplexer	-10186
-+#ifndef __NR_multiplexer
-+#define __NR_multiplexer	__PNR_multiplexer
-+#endif /* __NR_multiplexer */
-+
-+#define __PNR_rtas		-10187
-+#ifndef __NR_rtas
-+#define __NR_rtas		__PNR_rtas
-+#endif /* __NR_rtas */
-+
-+#define __PNR_spu_create	-10188
-+#ifndef __NR_spu_create
-+#define __NR_spu_create		__PNR_spu_create
-+#endif /* __NR_spu_create */
-+
-+#define __PNR_spu_run		-10189
-+#ifndef __NR_spu_run
-+#define __NR_spu_run		__PNR_spu_run
-+#endif /* __NR_spu_run */
-+
-+#define __PNR_subpage_prot	-10189
-+#ifndef __NR_subpage_prot
-+#define __NR_subpage_prot	__PNR_subpage_prot
-+#endif /* __NR_subpage_prot */
-+
-+#define __PNR_swapcontext	-10190
-+#ifndef __NR_swapcontext
-+#define __NR_swapcontext	__PNR_swapcontext
-+#endif /* __NR_swapcontext */
-+
-+#define __PNR_sys_debug_setcontext	-10191
-+#ifndef __NR_sys_debug_setcontext
-+#define __NR_sys_debug_setcontext	__PNR_sys_debug_setcontext
-+#endif /* __NR_sys_debug_setcontext */
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/src/Makefile.am b/src/Makefile.am
-index a14cefb..23d9a91 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -30,7 +30,9 @@ SOURCES_ARCH = \
- 	arch-aarch64.h arch-aarch64.c arch-aarch64-syscalls.c \
- 	arch-mips.h arch-mips.c arch-mips-syscalls.c \
- 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
--	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c
-+	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
-+	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
-+	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c
- 
- SOURCES_GEN = \
- 	api.c system.h system.c \
-diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
-index 27f226c..315be10 100644
---- a/src/arch-aarch64-syscalls.c
-+++ b/src/arch-aarch64-syscalls.c
-@@ -224,6 +224,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "msgrcv", 188 },
- 	{ "msgsnd", 189 },
- 	{ "msync", 227 },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", 229 },
- 	{ "munlockall", 231 },
- 	{ "munmap", 215 },
-@@ -294,6 +295,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "rt_sigsuspend", 133 },
- 	{ "rt_sigtimedwait", 137 },
- 	{ "rt_tgsigqueueinfo", 240 },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", 125 },
- 	{ "sched_get_priority_min", 126 },
- 	{ "sched_getaffinity", 123 },
-@@ -372,6 +374,8 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "socketcall", __PNR_socketcall },
- 	{ "socketpair", 199 },
- 	{ "splice", 76 },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", __PNR_ssetmask },
- 	{ "stat", __PNR_stat },
- 	{ "stat64", __PNR_stat64 },
-@@ -379,6 +383,8 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "statfs64", __PNR_statfs64 },
- 	{ "stime", __PNR_stime },
- 	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", 225 },
- 	{ "swapon", 224 },
- 	{ "symlink", __PNR_symlink },
-@@ -388,6 +394,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", 267 },
- 	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", __PNR_sysfs },
- 	{ "sysinfo", 179 },
- 	{ "syslog", 116 },
-diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
-index c478256..3d75062 100644
---- a/src/arch-arm-syscalls.c
-+++ b/src/arch-arm-syscalls.c
-@@ -236,6 +236,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "msgrcv", (__NR_SYSCALL_BASE + 302) },
- 	{ "msgsnd", (__NR_SYSCALL_BASE + 301) },
- 	{ "msync", (__NR_SYSCALL_BASE + 144) },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", (__NR_SYSCALL_BASE + 151) },
- 	{ "munlockall", (__NR_SYSCALL_BASE + 153) },
- 	{ "munmap", (__NR_SYSCALL_BASE + 91) },
-@@ -306,6 +307,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) },
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
-@@ -384,6 +386,8 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "socketcall", __PNR_socketcall },
- 	{ "socketpair", (__NR_SYSCALL_BASE + 288) },
- 	{ "splice", (__NR_SYSCALL_BASE + 340) },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", __PNR_ssetmask },
- 	{ "stat", (__NR_SYSCALL_BASE + 106) },
- 	{ "stat64", (__NR_SYSCALL_BASE + 195) },
-@@ -391,6 +395,8 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "statfs64", (__NR_SYSCALL_BASE + 266) },
- 	{ "stime", __PNR_stime },
- 	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 87) },
- 	{ "symlink", (__NR_SYSCALL_BASE + 83) },
-@@ -399,7 +405,8 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "sync_file_range", __PNR_sync_file_range },
- 	{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
- 	{ "syncfs", (__NR_SYSCALL_BASE + 373) },
--	{ "syscall", __PNR_syscall },
-+	{ "syscall", (__NR_SYSCALL_BASE + 113) },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
- 	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
- 	{ "syslog", (__NR_SYSCALL_BASE + 103) },
-diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
-index 7ba77e9..f02988e 100644
---- a/src/arch-mips-syscalls.c
-+++ b/src/arch-mips-syscalls.c
-@@ -228,6 +228,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "msgrcv", __PNR_msgrcv },
- 	{ "msgsnd", __PNR_msgsnd },
- 	{ "msync", (__NR_SYSCALL_BASE + 144) },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", (__NR_SYSCALL_BASE + 155) },
- 	{ "munlockall", (__NR_SYSCALL_BASE + 157) },
- 	{ "munmap", (__NR_SYSCALL_BASE + 91) },
-@@ -298,6 +299,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 199) },
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 197) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 332) },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 163) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 164) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 240) },
-@@ -376,6 +378,8 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "socketcall", (__NR_SYSCALL_BASE + 102) },
- 	{ "socketpair", (__NR_SYSCALL_BASE + 184) },
- 	{ "splice", (__NR_SYSCALL_BASE + 304) },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", (__NR_SYSCALL_BASE + 69) },
- 	{ "stat", (__NR_SYSCALL_BASE + 106) },
- 	{ "stat64", (__NR_SYSCALL_BASE + 213) },
-@@ -383,6 +387,8 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "statfs64", (__NR_SYSCALL_BASE + 255) },
- 	{ "stime", (__NR_SYSCALL_BASE + 25) },
- 	{ "stty", (__NR_SYSCALL_BASE + 31) },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 87) },
- 	{ "symlink", (__NR_SYSCALL_BASE + 83) },
-@@ -392,6 +398,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", (__NR_SYSCALL_BASE + 342) },
- 	{ "syscall", (__NR_SYSCALL_BASE + 0) },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
- 	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
- 	{ "syslog", (__NR_SYSCALL_BASE + 103) },
-diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
-index 6bed000..7faea23 100644
---- a/src/arch-mips64-syscalls.c
-+++ b/src/arch-mips64-syscalls.c
-@@ -228,6 +228,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "msgrcv", (__NR_SYSCALL_BASE + 68) },
- 	{ "msgsnd", (__NR_SYSCALL_BASE + 67) },
- 	{ "msync", (__NR_SYSCALL_BASE + 25) },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", (__NR_SYSCALL_BASE + 147) },
- 	{ "munlockall", (__NR_SYSCALL_BASE + 149) },
- 	{ "munmap", (__NR_SYSCALL_BASE + 11) },
-@@ -298,6 +299,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 291) },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
-@@ -376,6 +378,8 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "socketcall", __PNR_socketcall },
- 	{ "socketpair", (__NR_SYSCALL_BASE + 52) },
- 	{ "splice", (__NR_SYSCALL_BASE + 263) },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", __PNR_ssetmask },
- 	{ "stat", (__NR_SYSCALL_BASE + 4) },
- 	{ "stat64", __PNR_stat64 },
-@@ -383,6 +387,8 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "statfs64", __PNR_statfs64 },
- 	{ "stime", __PNR_stime },
- 	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 163) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 162) },
- 	{ "symlink", (__NR_SYSCALL_BASE + 86) },
-@@ -392,6 +398,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", (__NR_SYSCALL_BASE + 301) },
- 	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", (__NR_SYSCALL_BASE + 136) },
- 	{ "sysinfo", (__NR_SYSCALL_BASE + 97) },
- 	{ "syslog", (__NR_SYSCALL_BASE + 101) },
-diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
-index 389784b..18ee476 100644
---- a/src/arch-mips64n32-syscalls.c
-+++ b/src/arch-mips64n32-syscalls.c
-@@ -228,6 +228,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "msgrcv", (__NR_SYSCALL_BASE + 68) },
- 	{ "msgsnd", (__NR_SYSCALL_BASE + 67) },
- 	{ "msync", (__NR_SYSCALL_BASE + 25) },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", (__NR_SYSCALL_BASE + 147) },
- 	{ "munlockall", (__NR_SYSCALL_BASE + 149) },
- 	{ "munmap", (__NR_SYSCALL_BASE + 11) },
-@@ -298,6 +299,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 295) },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
-@@ -376,6 +378,8 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "socketcall", __PNR_socketcall },
- 	{ "socketpair", (__NR_SYSCALL_BASE + 52) },
- 	{ "splice", (__NR_SYSCALL_BASE + 267) },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", __PNR_ssetmask },
- 	{ "stat", (__NR_SYSCALL_BASE + 4) },
- 	{ "stat64", __PNR_stat64 },
-@@ -383,6 +387,8 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "statfs64", (__NR_SYSCALL_BASE + 217) },
- 	{ "stime", __PNR_stime },
- 	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (__NR_SYSCALL_BASE + 163) },
- 	{ "swapon", (__NR_SYSCALL_BASE + 162) },
- 	{ "symlink", (__NR_SYSCALL_BASE + 86) },
-@@ -392,6 +398,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", (__NR_SYSCALL_BASE + 306) },
- 	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", (__NR_SYSCALL_BASE + 136) },
- 	{ "sysinfo", (__NR_SYSCALL_BASE + 97) },
- 	{ "syslog", (__NR_SYSCALL_BASE + 101) },
-diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
-new file mode 100644
-index 0000000..32fc05a
---- /dev/null
-+++ b/src/arch-ppc-syscalls.c
-@@ -0,0 +1,504 @@
-+/**
-+ * Enhanced Seccomp PPC Specific Code
-+ *
-+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
-+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-+ *
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#include <string.h>
-+
-+#include <seccomp.h>
-+
-+#include "arch.h"
-+#include "arch-ppc.h"
-+
-+/* NOTE: based on Linux 3.19 */
-+const struct arch_syscall_def ppc_syscall_table[] = { \
-+	{ "_llseek", 140 },
-+	{ "_newselect", 142 },
-+	{ "_sysctl", 149 },
-+	{ "accept", 330 },
-+	{ "accept4", 344 },
-+	{ "access", 33 },
-+	{ "acct", 51 },
-+	{ "add_key", 269 },
-+	{ "adjtimex", 124 },
-+	{ "afs_syscall", 137 },
-+	{ "alarm", 27 },
-+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
-+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
-+	{ "arch_prctl", __PNR_arch_prctl },
-+	{ "bdflush", 134 },
-+	{ "bind", 327 },
-+	{ "bpf", 361 },
-+	{ "break", 17 },
-+	{ "brk", 45 },
-+	{ "cachectl", __PNR_cachectl },
-+	{ "cacheflush", __PNR_cacheflush },
-+	{ "capget", 183 },
-+	{ "capset", 184 },
-+	{ "chdir", 12 },
-+	{ "chmod", 15 },
-+	{ "chown", 181 },
-+	{ "chown32", __PNR_chown32 },
-+	{ "chroot", 61 },
-+	{ "clock_adjtime", 347 },
-+	{ "clock_getres", 247 },
-+	{ "clock_gettime", 246 },
-+	{ "clock_nanosleep", 248 },
-+	{ "clock_settime", 245 },
-+	{ "clone", 120 },
-+	{ "close", 6 },
-+	{ "connect", 328 },
-+	{ "creat", 8 },
-+	{ "create_module", 127 },
-+	{ "delete_module", 129 },
-+	{ "dup", 41 },
-+	{ "dup2", 63 },
-+	{ "dup3", 316 },
-+	{ "epoll_create", 236 },
-+	{ "epoll_create1", 315 },
-+	{ "epoll_ctl", 237 },
-+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-+	{ "epoll_pwait", 303 },
-+	{ "epoll_wait", 238 },
-+	{ "epoll_wait_old", __PNR_epoll_wait_old },
-+	{ "eventfd", 307 },
-+	{ "eventfd2", 314 },
-+	{ "execve", 11 },
-+	{ "execveat", 362 },
-+	{ "exit", 1 },
-+	{ "exit_group", 234 },
-+	{ "faccessat", 298 },
-+	{ "fadvise64", 233 },
-+	{ "fadvise64_64", 254 },
-+	{ "fallocate", 309 },
-+	{ "fanotify_init", 323 },
-+	{ "fanotify_mark", 324 },
-+	{ "fchdir", 133 },
-+	{ "fchmod", 94 },
-+	{ "fchmodat", 297 },
-+	{ "fchown", 95 },
-+	{ "fchown32", __PNR_fchown32 },
-+	{ "fchownat", 289 },
-+	{ "fcntl", 55 },
-+	{ "fcntl64", 204 },
-+	{ "fdatasync", 148 },
-+	{ "fgetxattr", 214 },
-+	{ "finit_module", 353 },
-+	{ "flistxattr", 217 },
-+	{ "flock", 143 },
-+	{ "fork", 2 },
-+	{ "fremovexattr", 220 },
-+	{ "fsetxattr", 211 },
-+	{ "fstat", 108 },
-+	{ "fstat64", 197 },
-+	{ "fstatat64", 291 },
-+	{ "fstatfs", 100 },
-+	{ "fstatfs64", 253 },
-+	{ "fsync", 118 },
-+	{ "ftime", 35 },
-+	{ "ftruncate", 93 },
-+	{ "ftruncate64", 194 },
-+	{ "futex", 221 },
-+	{ "futimesat", 290 },
-+	{ "get_kernel_syms", 130 },
-+	{ "get_mempolicy", 260 },
-+	{ "get_robust_list", 299 },
-+	{ "get_thread_area", __PNR_get_thread_area },
-+	{ "getcpu", 302 },
-+	{ "getcwd", 182 },
-+	{ "getdents", 141 },
-+	{ "getdents64", 202 },
-+	{ "getegid", 50 },
-+	{ "getegid32", __PNR_getegid32 },
-+	{ "geteuid", 49 },
-+	{ "geteuid32", __PNR_geteuid32 },
-+	{ "getgid", 47 },
-+	{ "getgid32", __PNR_getgid32 },
-+	{ "getgroups", 80 },
-+	{ "getgroups32", __PNR_getgroups32 },
-+	{ "getitimer", 105 },
-+	{ "getpeername", 332 },
-+	{ "getpgid", 132 },
-+	{ "getpgrp", 65 },
-+	{ "getpid", 20 },
-+	{ "getpmsg", 187 },
-+	{ "getppid", 64 },
-+	{ "getpriority", 96 },
-+	{ "getrandom", 359 },
-+	{ "getresgid", 170 },
-+	{ "getresgid32", __PNR_getresgid32 },
-+	{ "getresuid", 165 },
-+	{ "getresuid32", __PNR_getresuid32 },
-+	{ "getrlimit", 76 },
-+	{ "getrusage", 77 },
-+	{ "getsid", 147 },
-+	{ "getsockname", 331 },
-+	{ "getsockopt", 340 },
-+	{ "gettid", 207 },
-+	{ "gettimeofday", 78 },
-+	{ "getuid", 24 },
-+	{ "getuid32", __PNR_getuid32 },
-+	{ "getxattr", 212 },
-+	{ "gtty", 32 },
-+	{ "idle", 112 },
-+	{ "init_module", 128 },
-+	{ "inotify_add_watch", 276 },
-+	{ "inotify_init", 275 },
-+	{ "inotify_init1", 318 },
-+	{ "inotify_rm_watch", 277 },
-+	{ "io_cancel", 231 },
-+	{ "io_destroy", 228 },
-+	{ "io_getevents", 229 },
-+	{ "io_setup", 227 },
-+	{ "io_submit", 230 },
-+	{ "ioctl", 54 },
-+	{ "ioperm", 101 },
-+	{ "iopl", 110 },
-+	{ "ioprio_get", 274 },
-+	{ "ioprio_set", 273 },
-+	{ "ipc", 117 },
-+	{ "kcmp", 354 },
-+	{ "kexec_file_load", __PNR_kexec_file_load },
-+	{ "kexec_load", 268 },
-+	{ "keyctl", 271 },
-+	{ "kill", 37 },
-+	{ "lchown", 16 },
-+	{ "lchown32", __PNR_lchown32 },
-+	{ "lgetxattr", 213 },
-+	{ "link", 9 },
-+	{ "linkat", 294 },
-+	{ "listen", 329 },
-+	{ "listxattr", 215 },
-+	{ "llistxattr", 216 },
-+	{ "lock", 53 },
-+	{ "lookup_dcookie", 235 },
-+	{ "lremovexattr", 219 },
-+	{ "lseek", 19 },
-+	{ "lsetxattr", 210 },
-+	{ "lstat", 107 },
-+	{ "lstat64", 196 },
-+	{ "madvise", 205 },
-+	{ "mbind", 259 },
-+	{ "memfd_create", 360 },
-+	{ "migrate_pages", 258 },
-+	{ "mincore", 206 },
-+	{ "mkdir", 39 },
-+	{ "mkdirat", 287 },
-+	{ "mknod", 14 },
-+	{ "mknodat", 288 },
-+	{ "mlock", 150 },
-+	{ "mlockall", 152 },
-+	{ "mmap", 90 },
-+	{ "mmap2", 192 },
-+	{ "modify_ldt", 123 },
-+	{ "mount", 21 },
-+	{ "move_pages", 301 },
-+	{ "mprotect", 125 },
-+	{ "mpx", 56 },
-+	{ "mq_getsetattr", 267 },
-+	{ "mq_notify", 266 },
-+	{ "mq_open", 262 },
-+	{ "mq_timedreceive", 265 },
-+	{ "mq_timedsend", 264 },
-+	{ "mq_unlink", 263 },
-+	{ "mremap", 163 },
-+	{ "msgctl", __PNR_msgctl },
-+	{ "msgget", __PNR_msgget },
-+	{ "msgrcv", __PNR_msgrcv },
-+	{ "msgsnd", __PNR_msgsnd },
-+	{ "msync", 144 },
-+	{ "multiplexer", 201 },
-+	{ "munlock", 151 },
-+	{ "munlockall", 153 },
-+	{ "munmap", 91 },
-+	{ "name_to_handle_at", 345 },
-+	{ "nanosleep", 162 },
-+	{ "newfstatat", __PNR_newfstatat },
-+	{ "nfsservctl", 168 },
-+	{ "nice", 34 },
-+	{ "oldfstat", 28 },
-+	{ "oldlstat", 84 },
-+	{ "oldolduname", 59 },
-+	{ "oldstat", 18 },
-+	{ "olduname", 109 },
-+	{ "oldwait4", __PNR_oldwait4 },
-+	{ "open", 5 },
-+	{ "open_by_handle_at", 346 },
-+	{ "openat", 286 },
-+	{ "pause", 29 },
-+	{ "pciconfig_iobase", 200 },
-+	{ "pciconfig_read", 198 },
-+	{ "pciconfig_write", 199 },
-+	{ "perf_event_open", 319 },
-+	{ "personality", 136 },
-+	{ "pipe", 42 },
-+	{ "pipe2", 317 },
-+	{ "pivot_root", 203 },
-+	{ "poll", 167 },
-+	{ "ppoll", 281 },
-+	{ "prctl", 171 },
-+	{ "pread64", 179 },
-+	{ "preadv", 320 },
-+	{ "prlimit64", 325 },
-+	{ "process_vm_readv", 351 },
-+	{ "process_vm_writev", 352 },
-+	{ "prof", 44 },
-+	{ "profil", 98 },
-+	{ "pselect6", 280 },
-+	{ "ptrace", 26 },
-+	{ "putpmsg", 188 },
-+	{ "pwrite64", 180 },
-+	{ "pwritev", 321 },
-+	{ "query_module", 166 },
-+	{ "quotactl", 131 },
-+	{ "read", 3 },
-+	{ "readahead", 191 },
-+	{ "readdir", 89 },
-+	{ "readlink", 85 },
-+	{ "readlinkat", 296 },
-+	{ "readv", 145 },
-+	{ "reboot", 88 },
-+	{ "recv", 336 },
-+	{ "recvfrom", 337 },
-+	{ "recvmmsg", 343 },
-+	{ "recvmsg", 342 },
-+	{ "remap_file_pages", 239 },
-+	{ "removexattr", 218 },
-+	{ "rename", 38 },
-+	{ "renameat", 293 },
-+	{ "renameat2", 357 },
-+	{ "request_key", 270 },
-+	{ "restart_syscall", 0 },
-+	{ "rmdir", 40 },
-+	{ "rt_sigaction", 173 },
-+	{ "rt_sigpending", 175 },
-+	{ "rt_sigprocmask", 174 },
-+	{ "rt_sigqueueinfo", 177 },
-+	{ "rt_sigreturn", 172 },
-+	{ "rt_sigsuspend", 178 },
-+	{ "rt_sigtimedwait", 176 },
-+	{ "rt_tgsigqueueinfo", 322 },
-+	{ "rtas", 255 },
-+	{ "sched_get_priority_max", 159 },
-+	{ "sched_get_priority_min", 160 },
-+	{ "sched_getaffinity", 223 },
-+	{ "sched_getattr", 356 },
-+	{ "sched_getparam", 155 },
-+	{ "sched_getscheduler", 157 },
-+	{ "sched_rr_get_interval", 161 },
-+	{ "sched_setaffinity", 222 },
-+	{ "sched_setattr", 355 },
-+	{ "sched_setparam", 154 },
-+	{ "sched_setscheduler", 156 },
-+	{ "sched_yield", 158 },
-+	{ "seccomp", 358 },
-+	{ "security", __PNR_security },
-+	{ "select", 82 },
-+	{ "semctl", __PNR_semctl },
-+	{ "semget", __PNR_semget },
-+	{ "semop", __PNR_semop },
-+	{ "semtimedop", __PNR_semtimedop },
-+	{ "send", 334 },
-+	{ "sendfile", 186 },
-+	{ "sendfile64", 226 },
-+	{ "sendmmsg", 349 },
-+	{ "sendmsg", 341 },
-+	{ "sendto", 335 },
-+	{ "set_mempolicy", 261 },
-+	{ "set_robust_list", 300 },
-+	{ "set_thread_area", __PNR_set_thread_area },
-+	{ "set_tid_address", 232 },
-+	{ "setdomainname", 121 },
-+	{ "setfsgid", 139 },
-+	{ "setfsgid32", __PNR_setfsgid32 },
-+	{ "setfsuid", 138 },
-+	{ "setfsuid32", __PNR_setfsuid32 },
-+	{ "setgid", 46 },
-+	{ "setgid32", __PNR_setgid32 },
-+	{ "setgroups", 81 },
-+	{ "setgroups32", __PNR_setgroups32 },
-+	{ "sethostname", 74 },
-+	{ "setitimer", 104 },
-+	{ "setns", 350 },
-+	{ "setpgid", 57 },
-+	{ "setpriority", 97 },
-+	{ "setregid", 71 },
-+	{ "setregid32", __PNR_setregid32 },
-+	{ "setresgid", 169 },
-+	{ "setresgid32", __PNR_setresgid32 },
-+	{ "setresuid", 164 },
-+	{ "setresuid32", __PNR_setresuid32 },
-+	{ "setreuid", 70 },
-+	{ "setreuid32", __PNR_setreuid32 },
-+	{ "setrlimit", 75 },
-+	{ "setsid", 66 },
-+	{ "setsockopt", 339 },
-+	{ "settimeofday", 79 },
-+	{ "setuid", 23 },
-+	{ "setuid32", __PNR_setuid32 },
-+	{ "setxattr", 209 },
-+	{ "sgetmask", 68 },
-+	{ "shmat", __PNR_shmat },
-+	{ "shmctl", __PNR_shmctl },
-+	{ "shmdt", __PNR_shmdt },
-+	{ "shmget", __PNR_shmget },
-+	{ "shutdown", 338 },
-+	{ "sigaction", 67 },
-+	{ "sigaltstack", 185 },
-+	{ "signal", 48 },
-+	{ "signalfd", 305 },
-+	{ "signalfd4", 313 },
-+	{ "sigpending", 73 },
-+	{ "sigprocmask", 126 },
-+	{ "sigreturn", 119 },
-+	{ "sigsuspend", 72 },
-+	{ "socket", 326 },
-+	{ "socketcall", 102 },
-+	{ "socketpair", 333 },
-+	{ "splice", 283 },
-+	{ "spu_create", 279 },
-+	{ "spu_run", 278 },
-+	{ "ssetmask", 69 },
-+	{ "stat", 106 },
-+	{ "stat64", 195 },
-+	{ "statfs", 99 },
-+	{ "statfs64", 252 },
-+	{ "stime", 25 },
-+	{ "stty", 31 },
-+	{ "subpage_prot", 310 },
-+	{ "swapcontext", 249 },
-+	{ "swapoff", 115 },
-+	{ "swapon", 87 },
-+	{ "symlink", 83 },
-+	{ "symlinkat", 295 },
-+	{ "sync", 36 },
-+	{ "sync_file_range", __PNR_sync_file_range },
-+	{ "sync_file_range2", 308 },
-+	{ "syncfs", 348 },
-+	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", 256 },
-+	{ "sysfs", 135 },
-+	{ "sysinfo", 116 },
-+	{ "syslog", 103 },
-+	{ "sysmips", __PNR_sysmips },
-+	{ "tee", 284 },
-+	{ "tgkill", 250 },
-+	{ "time", 13 },
-+	{ "timer_create", 240 },
-+	{ "timer_delete", 244 },
-+	{ "timer_getoverrun", 243 },
-+	{ "timer_gettime", 242 },
-+	{ "timer_settime", 241 },
-+	{ "timerfd", __PNR_timerfd },
-+	{ "timerfd_create", 306 },
-+	{ "timerfd_gettime", 312 },
-+	{ "timerfd_settime", 311 },
-+	{ "times", 43 },
-+	{ "tkill", 208 },
-+	{ "truncate", 92 },
-+	{ "truncate64", 193 },
-+	{ "tuxcall", 225 },
-+	{ "ugetrlimit", 190 },
-+	{ "ulimit", 58 },
-+	{ "umask", 60 },
-+	{ "umount", 22 },
-+	{ "umount2", 52 },
-+	{ "uname", 122 },
-+	{ "unlink", 10 },
-+	{ "unlinkat", 292 },
-+	{ "unshare", 282 },
-+	{ "uselib", 86 },
-+	{ "ustat", 62 },
-+	{ "utime", 30 },
-+	{ "utimensat", 304 },
-+	{ "utimes", 251 },
-+	{ "vfork", 189 },
-+	{ "vhangup", 111 },
-+	{ "vm86", 113 },
-+	{ "vm86old", __PNR_vm86old },
-+	{ "vmsplice", 285 },
-+	{ "vserver", __PNR_vserver },
-+	{ "wait4", 114 },
-+	{ "waitid", 272 },
-+	{ "waitpid", 7 },
-+	{ "write", 4 },
-+	{ "writev", 146 },
-+	{ NULL, __NR_SCMP_ERROR },
-+};
-+
-+/**
-+ * Resolve a syscall name to a number
-+ * @param name the syscall name
-+ *
-+ * Resolve the given syscall name to the syscall number using the syscall table.
-+ * Returns the syscall number on success, including negative pseudo syscall
-+ * numbers; returns __NR_SCMP_ERROR on failure.
-+ *
-+ */
-+int ppc_syscall_resolve_name(const char *name)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = ppc_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].name != NULL; iter++) {
-+		if (strcmp(name, table[iter].name) == 0)
-+			return table[iter].num;
-+	}
-+
-+	return __NR_SCMP_ERROR;
-+}
-+
-+/**
-+ * Resolve a syscall number to a name
-+ * @param num the syscall number
-+ *
-+ * Resolve the given syscall number to the syscall name using the syscall table.
-+ * Returns a pointer to the syscall name string on success, including pseudo
-+ * syscall names; returns NULL on failure.
-+ *
-+ */
-+const char *ppc_syscall_resolve_num(int num)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = ppc_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
-+		if (num == table[iter].num)
-+			return table[iter].name;
-+	}
-+
-+	return NULL;
-+}
-+
-+/**
-+ * Iterate through the syscall table and return the syscall name
-+ * @param spot the offset into the syscall table
-+ *
-+ * Return the syscall name at position @spot or NULL on failure.  This function
-+ * should only ever be used internally by libseccomp.
-+ *
-+ */
-+const char *ppc_syscall_iterate_name(unsigned int spot)
-+{
-+	/* XXX - no safety checks here */
-+	return ppc_syscall_table[spot].name;
-+}
-diff --git a/src/arch-ppc.c b/src/arch-ppc.c
-new file mode 100644
-index 0000000..56dbdb4
---- /dev/null
-+++ b/src/arch-ppc.c
-@@ -0,0 +1,33 @@
-+/**
-+ * Enhanced Seccomp PPC Specific Code
-+ *
-+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
-+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-+ *
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#include <linux/audit.h>
-+
-+#include "arch.h"
-+#include "arch-ppc.h"
-+
-+const struct arch_def arch_def_ppc = {
-+	.token = SCMP_ARCH_PPC,
-+	.token_bpf = AUDIT_ARCH_PPC,
-+	.size = ARCH_SIZE_32,
-+	.endian = ARCH_ENDIAN_BIG,
-+};
-diff --git a/src/arch-ppc.h b/src/arch-ppc.h
-new file mode 100644
-index 0000000..627a168
---- /dev/null
-+++ b/src/arch-ppc.h
-@@ -0,0 +1,38 @@
-+/**
-+ * Enhanced Seccomp PPC Specific Code
-+ *
-+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
-+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-+ *
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#ifndef _ARCH_PPC_H
-+#define _ARCH_PPC_H
-+
-+#include <inttypes.h>
-+
-+#include "arch.h"
-+#include "system.h"
-+
-+extern const struct arch_def arch_def_ppc;
-+
-+int ppc_syscall_resolve_name(const char *name);
-+const char *ppc_syscall_resolve_num(int num);
-+
-+const char *ppc_syscall_iterate_name(unsigned int spot);
-+
-+#endif
-diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
-new file mode 100644
-index 0000000..1c2a1df
---- /dev/null
-+++ b/src/arch-ppc64-syscalls.c
-@@ -0,0 +1,504 @@
-+/**
-+ * Enhanced Seccomp PPC64 Specific Code
-+ *
-+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
-+ * Author: Paul Moore <pmoore@redhat.com>
-+ *
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#include <string.h>
-+
-+#include <seccomp.h>
-+
-+#include "arch.h"
-+#include "arch-ppc64.h"
-+
-+/* NOTE: based on Linux 3.19 */
-+const struct arch_syscall_def ppc64_syscall_table[] = { \
-+	{ "_llseek", 140 },
-+	{ "_newselect", 142 },
-+	{ "_sysctl", 149 },
-+	{ "accept", 330 },
-+	{ "accept4", 344 },
-+	{ "access", 33 },
-+	{ "acct", 51 },
-+	{ "add_key", 269 },
-+	{ "adjtimex", 124 },
-+	{ "afs_syscall", 137 },
-+	{ "alarm", 27 },
-+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
-+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
-+	{ "arch_prctl", __PNR_arch_prctl },
-+	{ "bdflush", 134 },
-+	{ "bind", 327 },
-+	{ "bpf", 361 },
-+	{ "break", 17 },
-+	{ "brk", 45 },
-+	{ "cachectl", __PNR_cachectl },
-+	{ "cacheflush", __PNR_cacheflush },
-+	{ "capget", 183 },
-+	{ "capset", 184 },
-+	{ "chdir", 12 },
-+	{ "chmod", 15 },
-+	{ "chown", 181 },
-+	{ "chown32", __PNR_chown32 },
-+	{ "chroot", 61 },
-+	{ "clock_adjtime", 347 },
-+	{ "clock_getres", 247 },
-+	{ "clock_gettime", 246 },
-+	{ "clock_nanosleep", 248 },
-+	{ "clock_settime", 245 },
-+	{ "clone", 120 },
-+	{ "close", 6 },
-+	{ "connect", 328 },
-+	{ "creat", 8 },
-+	{ "create_module", 127 },
-+	{ "delete_module", 129 },
-+	{ "dup", 41 },
-+	{ "dup2", 63 },
-+	{ "dup3", 316 },
-+	{ "epoll_create", 236 },
-+	{ "epoll_create1", 315 },
-+	{ "epoll_ctl", 237 },
-+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-+	{ "epoll_pwait", 303 },
-+	{ "epoll_wait", 238 },
-+	{ "epoll_wait_old", __PNR_epoll_wait_old },
-+	{ "eventfd", 307 },
-+	{ "eventfd2", 314 },
-+	{ "execve", 11 },
-+	{ "execveat", 362 },
-+	{ "exit", 1 },
-+	{ "exit_group", 234 },
-+	{ "faccessat", 298 },
-+	{ "fadvise64", 233 },
-+	{ "fadvise64_64", __PNR_fadvise64_64 },
-+	{ "fallocate", 309 },
-+	{ "fanotify_init", 323 },
-+	{ "fanotify_mark", 324 },
-+	{ "fchdir", 133 },
-+	{ "fchmod", 94 },
-+	{ "fchmodat", 297 },
-+	{ "fchown", 95 },
-+	{ "fchown32", __PNR_fchown32 },
-+	{ "fchownat", 289 },
-+	{ "fcntl", 55 },
-+	{ "fcntl64", __PNR_fcntl64 },
-+	{ "fdatasync", 148 },
-+	{ "fgetxattr", 214 },
-+	{ "finit_module", 353 },
-+	{ "flistxattr", 217 },
-+	{ "flock", 143 },
-+	{ "fork", 2 },
-+	{ "fremovexattr", 220 },
-+	{ "fsetxattr", 211 },
-+	{ "fstat", 108 },
-+	{ "fstat64", __PNR_fstat64 },
-+	{ "fstatat64", __PNR_fstatat64 },
-+	{ "fstatfs", 100 },
-+	{ "fstatfs64", 253 },
-+	{ "fsync", 118 },
-+	{ "ftime", 35 },
-+	{ "ftruncate", 93 },
-+	{ "ftruncate64", __PNR_ftruncate64 },
-+	{ "futex", 221 },
-+	{ "futimesat", 290 },
-+	{ "get_kernel_syms", 130 },
-+	{ "get_mempolicy", 260 },
-+	{ "get_robust_list", 299 },
-+	{ "get_thread_area", __PNR_get_thread_area },
-+	{ "getcpu", 302 },
-+	{ "getcwd", 182 },
-+	{ "getdents", 141 },
-+	{ "getdents64", 202 },
-+	{ "getegid", 50 },
-+	{ "getegid32", __PNR_getegid32 },
-+	{ "geteuid", 49 },
-+	{ "geteuid32", __PNR_geteuid32 },
-+	{ "getgid", 47 },
-+	{ "getgid32", __PNR_getgid32 },
-+	{ "getgroups", 80 },
-+	{ "getgroups32", __PNR_getgroups32 },
-+	{ "getitimer", 105 },
-+	{ "getpeername", 332 },
-+	{ "getpgid", 132 },
-+	{ "getpgrp", 65 },
-+	{ "getpid", 20 },
-+	{ "getpmsg", 187 },
-+	{ "getppid", 64 },
-+	{ "getpriority", 96 },
-+	{ "getrandom", 359 },
-+	{ "getresgid", 170 },
-+	{ "getresgid32", __PNR_getresgid32 },
-+	{ "getresuid", 165 },
-+	{ "getresuid32", __PNR_getresuid32 },
-+	{ "getrlimit", 76 },
-+	{ "getrusage", 77 },
-+	{ "getsid", 147 },
-+	{ "getsockname", 331 },
-+	{ "getsockopt", 340 },
-+	{ "gettid", 207 },
-+	{ "gettimeofday", 78 },
-+	{ "getuid", 24 },
-+	{ "getuid32", __PNR_getuid32 },
-+	{ "getxattr", 212 },
-+	{ "gtty", 32 },
-+	{ "idle", 112 },
-+	{ "init_module", 128 },
-+	{ "inotify_add_watch", 276 },
-+	{ "inotify_init", 275 },
-+	{ "inotify_init1", 318 },
-+	{ "inotify_rm_watch", 277 },
-+	{ "io_cancel", 231 },
-+	{ "io_destroy", 228 },
-+	{ "io_getevents", 229 },
-+	{ "io_setup", 227 },
-+	{ "io_submit", 230 },
-+	{ "ioctl", 54 },
-+	{ "ioperm", 101 },
-+	{ "iopl", 110 },
-+	{ "ioprio_get", 274 },
-+	{ "ioprio_set", 273 },
-+	{ "ipc", 117 },
-+	{ "kcmp", 354 },
-+	{ "kexec_file_load", __PNR_kexec_file_load },
-+	{ "kexec_load", 268 },
-+	{ "keyctl", 271 },
-+	{ "kill", 37 },
-+	{ "lchown", 16 },
-+	{ "lchown32", __PNR_lchown32 },
-+	{ "lgetxattr", 213 },
-+	{ "link", 9 },
-+	{ "linkat", 294 },
-+	{ "listen", 329 },
-+	{ "listxattr", 215 },
-+	{ "llistxattr", 216 },
-+	{ "lock", 53 },
-+	{ "lookup_dcookie", 235 },
-+	{ "lremovexattr", 219 },
-+	{ "lseek", 19 },
-+	{ "lsetxattr", 210 },
-+	{ "lstat", 107 },
-+	{ "lstat64", __PNR_lstat64 },
-+	{ "madvise", 205 },
-+	{ "mbind", 259 },
-+	{ "memfd_create", 360 },
-+	{ "migrate_pages", 258 },
-+	{ "mincore", 206 },
-+	{ "mkdir", 39 },
-+	{ "mkdirat", 287 },
-+	{ "mknod", 14 },
-+	{ "mknodat", 288 },
-+	{ "mlock", 150 },
-+	{ "mlockall", 152 },
-+	{ "mmap", 90 },
-+	{ "mmap2", __PNR_mmap2 },
-+	{ "modify_ldt", 123 },
-+	{ "mount", 21 },
-+	{ "move_pages", 301 },
-+	{ "mprotect", 125 },
-+	{ "mpx", 56 },
-+	{ "mq_getsetattr", 267 },
-+	{ "mq_notify", 266 },
-+	{ "mq_open", 262 },
-+	{ "mq_timedreceive", 265 },
-+	{ "mq_timedsend", 264 },
-+	{ "mq_unlink", 263 },
-+	{ "mremap", 163 },
-+	{ "msgctl", __PNR_msgctl },
-+	{ "msgget", __PNR_msgget },
-+	{ "msgrcv", __PNR_msgrcv },
-+	{ "msgsnd", __PNR_msgsnd },
-+	{ "msync", 144 },
-+	{ "multiplexer", 201 },
-+	{ "munlock", 151 },
-+	{ "munlockall", 153 },
-+	{ "munmap", 91 },
-+	{ "name_to_handle_at", 345 },
-+	{ "nanosleep", 162 },
-+	{ "newfstatat", 291 },
-+	{ "nfsservctl", 168 },
-+	{ "nice", 34 },
-+	{ "oldfstat", 28 },
-+	{ "oldlstat", 84 },
-+	{ "oldolduname", 59 },
-+	{ "oldstat", 18 },
-+	{ "olduname", 109 },
-+	{ "oldwait4", __PNR_oldwait4 },
-+	{ "open", 5 },
-+	{ "open_by_handle_at", 346 },
-+	{ "openat", 286 },
-+	{ "pause", 29 },
-+	{ "pciconfig_iobase", 200 },
-+	{ "pciconfig_read", 198 },
-+	{ "pciconfig_write", 199 },
-+	{ "perf_event_open", 319 },
-+	{ "personality", 136 },
-+	{ "pipe", 42 },
-+	{ "pipe2", 317 },
-+	{ "pivot_root", 203 },
-+	{ "poll", 167 },
-+	{ "ppoll", 281 },
-+	{ "prctl", 171 },
-+	{ "pread64", 179 },
-+	{ "preadv", 320 },
-+	{ "prlimit64", 325 },
-+	{ "process_vm_readv", 351 },
-+	{ "process_vm_writev", 352 },
-+	{ "prof", 44 },
-+	{ "profil", 98 },
-+	{ "pselect6", 280 },
-+	{ "ptrace", 26 },
-+	{ "putpmsg", 188 },
-+	{ "pwrite64", 180 },
-+	{ "pwritev", 321 },
-+	{ "query_module", 166 },
-+	{ "quotactl", 131 },
-+	{ "read", 3 },
-+	{ "readahead", 191 },
-+	{ "readdir", 89 },
-+	{ "readlink", 85 },
-+	{ "readlinkat", 296 },
-+	{ "readv", 145 },
-+	{ "reboot", 88 },
-+	{ "recv", 336 },
-+	{ "recvfrom", 337 },
-+	{ "recvmmsg", 343 },
-+	{ "recvmsg", 342 },
-+	{ "remap_file_pages", 239 },
-+	{ "removexattr", 218 },
-+	{ "rename", 38 },
-+	{ "renameat", 293 },
-+	{ "renameat2", 357 },
-+	{ "request_key", 270 },
-+	{ "restart_syscall", 0 },
-+	{ "rmdir", 40 },
-+	{ "rt_sigaction", 173 },
-+	{ "rt_sigpending", 175 },
-+	{ "rt_sigprocmask", 174 },
-+	{ "rt_sigqueueinfo", 177 },
-+	{ "rt_sigreturn", 172 },
-+	{ "rt_sigsuspend", 178 },
-+	{ "rt_sigtimedwait", 176 },
-+	{ "rt_tgsigqueueinfo", 322 },
-+	{ "rtas", 255 },
-+	{ "sched_get_priority_max", 159 },
-+	{ "sched_get_priority_min", 160 },
-+	{ "sched_getaffinity", 223 },
-+	{ "sched_getattr", 356 },
-+	{ "sched_getparam", 155 },
-+	{ "sched_getscheduler", 157 },
-+	{ "sched_rr_get_interval", 161 },
-+	{ "sched_setaffinity", 222 },
-+	{ "sched_setattr", 355 },
-+	{ "sched_setparam", 154 },
-+	{ "sched_setscheduler", 156 },
-+	{ "sched_yield", 158 },
-+	{ "seccomp", 358 },
-+	{ "security", __PNR_security },
-+	{ "select", 82 },
-+	{ "semctl", __PNR_semctl },
-+	{ "semget", __PNR_semget },
-+	{ "semop", __PNR_semop },
-+	{ "semtimedop", __PNR_semtimedop },
-+	{ "send", 334 },
-+	{ "sendfile", 186 },
-+	{ "sendfile64", __PNR_sendfile64 },
-+	{ "sendmmsg", 349 },
-+	{ "sendmsg", 341 },
-+	{ "sendto", 335 },
-+	{ "set_mempolicy", 261 },
-+	{ "set_robust_list", 300 },
-+	{ "set_thread_area", __PNR_set_thread_area },
-+	{ "set_tid_address", 232 },
-+	{ "setdomainname", 121 },
-+	{ "setfsgid", 139 },
-+	{ "setfsgid32", __PNR_setfsgid32 },
-+	{ "setfsuid", 138 },
-+	{ "setfsuid32", __PNR_setfsuid32 },
-+	{ "setgid", 46 },
-+	{ "setgid32", __PNR_setgid32 },
-+	{ "setgroups", 81 },
-+	{ "setgroups32", __PNR_setgroups32 },
-+	{ "sethostname", 74 },
-+	{ "setitimer", 104 },
-+	{ "setns", 350 },
-+	{ "setpgid", 57 },
-+	{ "setpriority", 97 },
-+	{ "setregid", 71 },
-+	{ "setregid32", __PNR_setregid32 },
-+	{ "setresgid", 169 },
-+	{ "setresgid32", __PNR_setresgid32 },
-+	{ "setresuid", 164 },
-+	{ "setresuid32", __PNR_setresuid32 },
-+	{ "setreuid", 70 },
-+	{ "setreuid32", __PNR_setreuid32 },
-+	{ "setrlimit", 75 },
-+	{ "setsid", 66 },
-+	{ "setsockopt", 339 },
-+	{ "settimeofday", 79 },
-+	{ "setuid", 23 },
-+	{ "setuid32", __PNR_setuid32 },
-+	{ "setxattr", 209 },
-+	{ "sgetmask", 68 },
-+	{ "shmat", __PNR_shmat },
-+	{ "shmctl", __PNR_shmctl },
-+	{ "shmdt", __PNR_shmdt },
-+	{ "shmget", __PNR_shmget },
-+	{ "shutdown", 338 },
-+	{ "sigaction", 67 },
-+	{ "sigaltstack", 185 },
-+	{ "signal", 48 },
-+	{ "signalfd", 305 },
-+	{ "signalfd4", 313 },
-+	{ "sigpending", 73 },
-+	{ "sigprocmask", 126 },
-+	{ "sigreturn", 119 },
-+	{ "sigsuspend", 72 },
-+	{ "socket", 326 },
-+	{ "socketcall", 102 },
-+	{ "socketpair", 333 },
-+	{ "splice", 283 },
-+	{ "spu_create", 279 },
-+	{ "spu_run", 278 },
-+	{ "ssetmask", 69 },
-+	{ "stat", 106 },
-+	{ "stat64", __PNR_stat64 },
-+	{ "statfs", 99 },
-+	{ "statfs64", 252 },
-+	{ "stime", 25 },
-+	{ "stty", 31 },
-+	{ "subpage_prot", 310 },
-+	{ "swapcontext", 249 },
-+	{ "swapoff", 115 },
-+	{ "swapon", 87 },
-+	{ "symlink", 83 },
-+	{ "symlinkat", 295 },
-+	{ "sync", 36 },
-+	{ "sync_file_range", __PNR_sync_file_range },
-+	{ "sync_file_range2", 308 },
-+	{ "syncfs", 348 },
-+	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", 256 },
-+	{ "sysfs", 135 },
-+	{ "sysinfo", 116 },
-+	{ "syslog", 103 },
-+	{ "sysmips", __PNR_sysmips },
-+	{ "tee", 284 },
-+	{ "tgkill", 250 },
-+	{ "time", 13 },
-+	{ "timer_create", 240 },
-+	{ "timer_delete", 244 },
-+	{ "timer_getoverrun", 243 },
-+	{ "timer_gettime", 242 },
-+	{ "timer_settime", 241 },
-+	{ "timerfd", __PNR_timerfd },
-+	{ "timerfd_create", 306 },
-+	{ "timerfd_gettime", 312 },
-+	{ "timerfd_settime", 311 },
-+	{ "times", 43 },
-+	{ "tkill", 208 },
-+	{ "truncate", 92 },
-+	{ "truncate64", __PNR_truncate64 },
-+	{ "tuxcall", 225 },
-+	{ "ugetrlimit", 190 },
-+	{ "ulimit", 58 },
-+	{ "umask", 60 },
-+	{ "umount", 22 },
-+	{ "umount2", 52 },
-+	{ "uname", 122 },
-+	{ "unlink", 10 },
-+	{ "unlinkat", 292 },
-+	{ "unshare", 282 },
-+	{ "uselib", 86 },
-+	{ "ustat", 62 },
-+	{ "utime", 30 },
-+	{ "utimensat", 304 },
-+	{ "utimes", 251 },
-+	{ "vfork", 189 },
-+	{ "vhangup", 111 },
-+	{ "vm86", 113 },
-+	{ "vm86old", __PNR_vm86old },
-+	{ "vmsplice", 285 },
-+	{ "vserver", __PNR_vserver },
-+	{ "wait4", 114 },
-+	{ "waitid", 272 },
-+	{ "waitpid", 7 },
-+	{ "write", 4 },
-+	{ "writev", 146 },
-+	{ NULL, __NR_SCMP_ERROR },
-+};
-+
-+/**
-+ * Resolve a syscall name to a number
-+ * @param name the syscall name
-+ *
-+ * Resolve the given syscall name to the syscall number using the syscall table.
-+ * Returns the syscall number on success, including negative pseudo syscall
-+ * numbers; returns __NR_SCMP_ERROR on failure.
-+ *
-+ */
-+int ppc64_syscall_resolve_name(const char *name)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = ppc64_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].name != NULL; iter++) {
-+		if (strcmp(name, table[iter].name) == 0)
-+			return table[iter].num;
-+	}
-+
-+	return __NR_SCMP_ERROR;
-+}
-+
-+/**
-+ * Resolve a syscall number to a name
-+ * @param num the syscall number
-+ *
-+ * Resolve the given syscall number to the syscall name using the syscall table.
-+ * Returns a pointer to the syscall name string on success, including pseudo
-+ * syscall names; returns NULL on failure.
-+ *
-+ */
-+const char *ppc64_syscall_resolve_num(int num)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = ppc64_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
-+		if (num == table[iter].num)
-+			return table[iter].name;
-+	}
-+
-+	return NULL;
-+}
-+
-+/**
-+ * Iterate through the syscall table and return the syscall name
-+ * @param spot the offset into the syscall table
-+ *
-+ * Return the syscall name at position @spot or NULL on failure.  This function
-+ * should only ever be used internally by libseccomp.
-+ *
-+ */
-+const char *ppc64_syscall_iterate_name(unsigned int spot)
-+{
-+	/* XXX - no safety checks here */
-+	return ppc64_syscall_table[spot].name;
-+}
-diff --git a/src/arch-ppc64.c b/src/arch-ppc64.c
-new file mode 100644
-index 0000000..5f461cb
---- /dev/null
-+++ b/src/arch-ppc64.c
-@@ -0,0 +1,40 @@
-+/**
-+ * Enhanced Seccomp PPC64 Specific Code
-+ *
-+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
-+ * Author: Paul Moore <pmoore@redhat.com>
-+ *
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#include <linux/audit.h>
-+
-+#include "arch.h"
-+#include "arch-ppc64.h"
-+
-+const struct arch_def arch_def_ppc64 = {
-+	.token = SCMP_ARCH_PPC64,
-+	.token_bpf = AUDIT_ARCH_PPC64,
-+	.size = ARCH_SIZE_64,
-+	.endian = ARCH_ENDIAN_BIG,
-+};
-+
-+const struct arch_def arch_def_ppc64le = {
-+	.token = SCMP_ARCH_PPC64LE,
-+	.token_bpf = AUDIT_ARCH_PPC64LE,
-+	.size = ARCH_SIZE_64,
-+	.endian = ARCH_ENDIAN_LITTLE,
-+};
-diff --git a/src/arch-ppc64.h b/src/arch-ppc64.h
-new file mode 100644
-index 0000000..1aec743
---- /dev/null
-+++ b/src/arch-ppc64.h
-@@ -0,0 +1,39 @@
-+/**
-+ * Enhanced Seccomp PPC64 Specific Code
-+ *
-+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
-+ * Author: Paul Moore <pmoore@redhat.com>
-+ *
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#ifndef _ARCH_PPC64_H
-+#define _ARCH_PPC64_H
-+
-+#include <inttypes.h>
-+
-+#include "arch.h"
-+#include "system.h"
-+
-+extern const struct arch_def arch_def_ppc64;
-+extern const struct arch_def arch_def_ppc64le;
-+
-+int ppc64_syscall_resolve_name(const char *name);
-+const char *ppc64_syscall_resolve_num(int num);
-+
-+const char *ppc64_syscall_iterate_name(unsigned int spot);
-+
-+#endif
-diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
-index a074c9d..8682483 100644
---- a/src/arch-syscall-check.c
-+++ b/src/arch-syscall-check.c
-@@ -33,6 +33,8 @@
- #include "arch-mips.h"
- #include "arch-mips64.h"
- #include "arch-mips64n32.h"
-+#include "arch-ppc64.h"
-+#include "arch-ppc.h"
- 
- /**
-  * compare the syscall values
-@@ -67,6 +69,8 @@ int main(int argc, char *argv[])
- 	int i_mips = 0;
- 	int i_mips64 = 0;
- 	int i_mips64n32 = 0;
-+	int i_ppc64 = 0;
-+	int i_ppc = 0;
- 	const char *sys_name;
- 	char str_miss[256];
- 
-@@ -93,6 +97,10 @@ int main(int argc, char *argv[])
- 			      mips64_syscall_iterate_name(i_mips64));
- 		syscall_check(str_miss, sys_name, "mips64n32",
- 			      mips64n32_syscall_iterate_name(i_mips64n32));
-+		syscall_check(str_miss, sys_name, "ppc64",
-+			      ppc64_syscall_iterate_name(i_ppc64));
-+		syscall_check(str_miss, sys_name, "ppc",
-+			      ppc_syscall_iterate_name(i_ppc));
- 
- 		/* output the results */
- 		printf("%s: ", sys_name);
-@@ -111,17 +119,22 @@ int main(int argc, char *argv[])
- 			i_x32 = -1;
- 		if (!arm_syscall_iterate_name(++i_arm))
- 			i_arm = -1;
-+		if (!aarch64_syscall_iterate_name(++i_aarch64))
-+			i_aarch64 = -1;
- 		if (!mips_syscall_iterate_name(++i_mips))
- 			i_mips = -1;
- 		if (!mips64_syscall_iterate_name(++i_mips64))
- 			i_mips64 = -1;
- 		if (!mips64n32_syscall_iterate_name(++i_mips64n32))
- 			i_mips64n32 = -1;
--		if (!aarch64_syscall_iterate_name(++i_aarch64))
--			i_aarch64 = -1;
-+		if (!ppc64_syscall_iterate_name(++i_ppc64))
-+			i_ppc64 = -1;
-+		if (!ppc_syscall_iterate_name(++i_ppc))
-+			i_ppc = -1;
- 	} while (i_x86_64 >= 0 && i_x32 >= 0 &&
- 		 i_arm >= 0 && i_aarch64 >= 0 &&
--		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0);
-+		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
-+		 i_ppc64 >= 0 && i_ppc >= 0);
- 
- 	/* check for any leftovers */
- 	sys_name = x86_syscall_iterate_name(i_x86 + 1);
-@@ -164,6 +177,16 @@ int main(int argc, char *argv[])
- 		       mips64n32_syscall_iterate_name(i_mips64n32));
- 		return 1;
- 	}
-+	if (i_ppc64 >= 0) {
-+		printf("%s: ERROR, ppc64 has additional syscalls\n",
-+		       ppc64_syscall_iterate_name(i_ppc64));
-+		return 1;
-+	}
-+	if (i_ppc >= 0) {
-+		printf("%s: ERROR, ppc has additional syscalls\n",
-+		       ppc_syscall_iterate_name(i_ppc));
-+		return 1;
-+	}
- 
- 	/* if we made it here, all is good */
- 	return 0;
-diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
-index 4f53070..62992e7 100644
---- a/src/arch-syscall-dump.c
-+++ b/src/arch-syscall-dump.c
-@@ -38,6 +38,8 @@
- #include "arch-mips64.h"
- #include "arch-mips64n32.h"
- #include "arch-aarch64.h"
-+#include "arch-ppc64.h"
-+#include "arch-ppc.h"
- 
- /**
-  * Print the usage information to stderr and exit
-@@ -97,6 +99,9 @@ int main(int argc, char *argv[])
- 		case SCMP_ARCH_ARM:
- 			sys_name = arm_syscall_iterate_name(iter);
- 			break;
-+		case SCMP_ARCH_AARCH64:
-+			sys_name = aarch64_syscall_iterate_name(iter);
-+			break;
- 		case SCMP_ARCH_MIPS:
- 		case SCMP_ARCH_MIPSEL:
- 			sys_name = mips_syscall_iterate_name(iter);
-@@ -109,9 +114,13 @@ int main(int argc, char *argv[])
- 		case SCMP_ARCH_MIPSEL64N32:
- 			sys_name = mips64n32_syscall_iterate_name(iter);
- 			break;
--		case SCMP_ARCH_AARCH64:
--			sys_name = aarch64_syscall_iterate_name(iter);
-+		case SCMP_ARCH_PPC64:
-+			sys_name = ppc64_syscall_iterate_name(iter);
-+			break;
-+		case SCMP_ARCH_PPC:
-+			sys_name = ppc_syscall_iterate_name(iter);
- 			break;
-+
- 		default:
- 			/* invalid arch */
- 			exit_usage(argv[0]);
-diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
-index 7cf7b8b..ba5cd89 100755
---- a/src/arch-syscall-validate
-+++ b/src/arch-syscall-validate
-@@ -319,6 +319,52 @@ function dump_lib_mips64n32() {
- }
- 
- #
-+# Dump the ppc64 system syscall table
-+#
-+# Arguments:
-+#     1    path to the kernel source
-+#
-+#  Dump the architecture's syscall table to stdout.
-+#
-+function dump_sys_ppc64() {
-+	gcc -E -dM -D__powerpc64__ $1/arch/powerpc/include/uapi/asm/unistd.h | \
-+		grep "^#define __NR_" | sort | \
-+		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
-+}
-+
-+#
-+# Dump the ppc64 library syscall table
-+#
-+#  Dump the library's syscall table to stdout.
-+#
-+function dump_lib_ppc64() {
-+	$LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
-+}
-+
-+#
-+# Dump the ppc system syscall table
-+#
-+# Arguments:
-+#     1    path to the kernel source
-+#
-+#  Dump the architecture's syscall table to stdout.
-+#
-+function dump_sys_ppc() {
-+	gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
-+		grep "^#define __NR_" | sort | \
-+		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
-+}
-+
-+#
-+# Dump the ppc library syscall table
-+#
-+#  Dump the library's syscall table to stdout.
-+#
-+function dump_lib_ppc() {
-+	$LIB_SYS_DUMP -a ppc | sed -e '/[^\t]\+\t-[0-9]\+/d'
-+}
-+
-+#
- # Dump the system syscall table
- #
- # Arguments:
-@@ -353,6 +399,12 @@ function dump_sys() {
- 	mips64n32)
- 		dump_sys_mips64n32 "$2"
- 		;;
-+	ppc64)
-+		dump_sys_ppc64 "$2"
-+		;;
-+	ppc)
-+		dump_sys_ppc "$2"
-+		;;
- 	*)
- 		echo ""
- 		;;
-@@ -393,6 +445,12 @@ function dump_lib() {
- 	mips64n32)
- 		dump_lib_mips64n32 "$2"
- 		;;
-+	ppc64)
-+		dump_lib_ppc64 "$2"
-+		;;
-+	ppc)
-+		dump_lib_ppc "$2"
-+		;;
- 	*)
- 		echo ""
- 		;;
-@@ -439,7 +497,7 @@ shift $(($OPTIND - 1))
- 
- # defaults
- if [[ $arches == "" ]]; then
--	arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
-+	arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc pcc64"
- fi
- 
- # sanity checks
-diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
-index dc4af60..a0b4247 100644
---- a/src/arch-x32-syscalls.c
-+++ b/src/arch-x32-syscalls.c
-@@ -224,6 +224,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "msgrcv", (X32_SYSCALL_BIT + 70) },
- 	{ "msgsnd", (X32_SYSCALL_BIT + 69) },
- 	{ "msync", (X32_SYSCALL_BIT + 26) },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", (X32_SYSCALL_BIT + 150) },
- 	{ "munlockall", (X32_SYSCALL_BIT + 152) },
- 	{ "munmap", (X32_SYSCALL_BIT + 11) },
-@@ -294,6 +295,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "rt_sigsuspend", (X32_SYSCALL_BIT + 130) },
- 	{ "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
- 	{ "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
- 	{ "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
- 	{ "sched_getaffinity", (X32_SYSCALL_BIT + 204) },
-@@ -372,6 +374,8 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "socketcall", __PNR_socketcall },
- 	{ "socketpair", (X32_SYSCALL_BIT + 53) },
- 	{ "splice", (X32_SYSCALL_BIT + 275) },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", __PNR_ssetmask },
- 	{ "stat", (X32_SYSCALL_BIT + 4) },
- 	{ "stat64", __PNR_stat64 },
-@@ -379,6 +383,8 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "statfs64", __PNR_statfs64 },
- 	{ "stime", __PNR_stime },
- 	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", (X32_SYSCALL_BIT + 168) },
- 	{ "swapon", (X32_SYSCALL_BIT + 167) },
- 	{ "symlink", (X32_SYSCALL_BIT + 88) },
-@@ -388,6 +394,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", (X32_SYSCALL_BIT + 306) },
- 	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", (X32_SYSCALL_BIT + 139) },
- 	{ "sysinfo", (X32_SYSCALL_BIT + 99) },
- 	{ "syslog", (X32_SYSCALL_BIT + 103) },
-diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
-index 1669289..d27a4d1 100644
---- a/src/arch-x86-syscalls.c
-+++ b/src/arch-x86-syscalls.c
-@@ -224,6 +224,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "msgrcv", __PNR_msgrcv },
- 	{ "msgsnd", __PNR_msgsnd },
- 	{ "msync", 144 },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", 151 },
- 	{ "munlockall", 153 },
- 	{ "munmap", 91 },
-@@ -294,6 +295,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "rt_sigsuspend", 179 },
- 	{ "rt_sigtimedwait", 177 },
- 	{ "rt_tgsigqueueinfo", 335 },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
- 	{ "sched_getaffinity", 242 },
-@@ -372,6 +374,8 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "socketcall", 102 },
- 	{ "socketpair", __PNR_socketpair },
- 	{ "splice", 313 },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", 69 },
- 	{ "stat", 106 },
- 	{ "stat64", 195 },
-@@ -379,6 +383,8 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "statfs64", 268 },
- 	{ "stime", 25 },
- 	{ "stty", 31 },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", 115 },
- 	{ "swapon", 87 },
- 	{ "symlink", 83 },
-@@ -388,6 +394,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", 344 },
- 	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", 135 },
- 	{ "sysinfo", 116 },
- 	{ "syslog", 103 },
-diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
-index 96ca210..cd9eb6d 100644
---- a/src/arch-x86_64-syscalls.c
-+++ b/src/arch-x86_64-syscalls.c
-@@ -224,6 +224,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "msgrcv", 70 },
- 	{ "msgsnd", 69 },
- 	{ "msync", 26 },
-+	{ "multiplexer", __PNR_multiplexer },
- 	{ "munlock", 150 },
- 	{ "munlockall", 152 },
- 	{ "munmap", 11 },
-@@ -294,6 +295,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "rt_sigsuspend", 130 },
- 	{ "rt_sigtimedwait", 128 },
- 	{ "rt_tgsigqueueinfo", 297 },
-+	{ "rtas", __PNR_rtas },
- 	{ "sched_get_priority_max", 146 },
- 	{ "sched_get_priority_min", 147 },
- 	{ "sched_getaffinity", 204 },
-@@ -372,6 +374,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "socketcall", __PNR_socketcall },
- 	{ "socketpair", 53 },
- 	{ "splice", 275 },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
- 	{ "ssetmask", __PNR_ssetmask },
- 	{ "stat", 4 },
- 	{ "stat64", __PNR_stat64 },
-@@ -379,6 +383,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "statfs64", __PNR_statfs64 },
- 	{ "stime", __PNR_stime },
- 	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
- 	{ "swapoff", 168 },
- 	{ "swapon", 167 },
- 	{ "symlink", 88 },
-@@ -388,6 +394,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", 306 },
- 	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
- 	{ "sysfs", 139 },
- 	{ "sysinfo", 99 },
- 	{ "syslog", 103 },
-diff --git a/src/arch.c b/src/arch.c
-index 9681115..25d1ff6 100644
---- a/src/arch.c
-+++ b/src/arch.c
-@@ -38,6 +38,8 @@
- #include "arch-mips.h"
- #include "arch-mips64.h"
- #include "arch-mips64n32.h"
-+#include "arch-ppc64.h"
-+#include "arch-ppc.h"
- #include "system.h"
- 
- #define default_arg_count_max		6
-@@ -74,6 +76,14 @@ const struct arch_def *arch_def_native = &arch_def_mips64n32;
- #elif __MIPSEL__
- const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
- #endif /* _MIPS_SIM_NABI32 */
-+#elif __PPC64__
-+#ifdef __BIG_ENDIAN__
-+const struct arch_def *arch_def_native = &arch_def_ppc64;
-+#else
-+const struct arch_def *arch_def_native = &arch_def_ppc64le;
-+#endif
-+#elif __PPC__
-+const struct arch_def *arch_def_native = &arch_def_ppc;
- #else
- #error the arch code needs to know about your machine type
- #endif /* machine type guess */
-@@ -122,6 +132,12 @@ const struct arch_def *arch_def_lookup(uint32_t token)
- 		return &arch_def_mips64n32;
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return &arch_def_mipsel64n32;
-+	case SCMP_ARCH_PPC64:
-+		return &arch_def_ppc64;
-+	case SCMP_ARCH_PPC64LE:
-+		return &arch_def_ppc64le;
-+	case SCMP_ARCH_PPC:
-+		return &arch_def_ppc;
- 	}
- 
- 	return NULL;
-@@ -158,6 +174,12 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
- 		return &arch_def_mips64n32;
- 	else if (strcmp(arch_name, "mipsel64n32") == 0)
- 		return &arch_def_mipsel64n32;
-+	else if (strcmp(arch_name, "ppc64") == 0)
-+		return &arch_def_ppc64;
-+	else if (strcmp(arch_name, "ppc64le") == 0)
-+		return &arch_def_ppc64le;
-+	else if (strcmp(arch_name, "ppc") == 0)
-+		return &arch_def_ppc;
- 
- 	return NULL;
- }
-@@ -276,6 +298,11 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
- 	case SCMP_ARCH_MIPS64N32:
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return mips64n32_syscall_resolve_name(name);
-+	case SCMP_ARCH_PPC64:
-+	case SCMP_ARCH_PPC64LE:
-+		return ppc64_syscall_resolve_name(name);
-+	case SCMP_ARCH_PPC:
-+		return ppc_syscall_resolve_name(name);
- 	}
- 
- 	return __NR_SCMP_ERROR;
-@@ -313,6 +340,11 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
- 	case SCMP_ARCH_MIPS64N32:
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return mips64n32_syscall_resolve_num(num);
-+	case SCMP_ARCH_PPC64:
-+	case SCMP_ARCH_PPC64LE:
-+		return ppc64_syscall_resolve_num(num);
-+	case SCMP_ARCH_PPC:
-+		return ppc_syscall_resolve_num(num);
- 	}
- 
- 	return NULL;
-diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
-index 2b50f3f..e9c0f6a 100644
---- a/src/python/libseccomp.pxd
-+++ b/src/python/libseccomp.pxd
-@@ -38,6 +38,9 @@ cdef extern from "seccomp.h":
-         SCMP_ARCH_MIPSEL
-         SCMP_ARCH_MIPSEL64
-         SCMP_ARCH_MIPSEL64N32
-+        SCMP_ARCH_PPC64
-+        SCMP_ARCH_PPC64LE
-+        SCMP_ARCH_PPC
- 
-     cdef enum scmp_filter_attr:
-         SCMP_FLTATR_ACT_DEFAULT
-diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
-index 686f7d2..18360a7 100644
---- a/src/python/seccomp.pyx
-+++ b/src/python/seccomp.pyx
-@@ -147,6 +147,8 @@ cdef class Arch:
-     MIPSEL - MIPS little endian O32 ABI
-     MIPSEL64 - MIPS little endian 64-bit ABI
-     MIPSEL64N32 - MIPS little endian N32 ABI
-+    PPC64 - 64-bit PowerPC
-+    PPC - 32-bit PowerPC
-     """
- 
-     cdef int _token
-@@ -163,6 +165,9 @@ cdef class Arch:
-     MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
-     MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
-     MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
-+    PPC64 = libseccomp.SCMP_ARCH_PPC64
-+    PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
-+    PPC = libseccomp.SCMP_ARCH_PPC
- 
-     def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
-         """ Initialize the architecture object.
-@@ -198,6 +203,12 @@ cdef class Arch:
-                 self._token = libseccomp.SCMP_ARCH_MIPSEL64
-             elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
-                 self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
-+            elif arch == libseccomp.SCMP_ARCH_PPC64:
-+                self._token = libseccomp.SCMP_ARCH_PPC64
-+            elif arch == libseccomp.SCMP_ARCH_PPC64LE:
-+                self._token = libseccomp.SCMP_ARCH_PPC64LE
-+            elif arch == libseccomp.SCMP_ARCH_PPC:
-+                self._token = libseccomp.SCMP_ARCH_PPC
-             else:
-                 self._token = 0;
-         elif isinstance(arch, basestring):
-diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
-index 9771913..09df44b 100644
---- a/tests/16-sim-arch_basic.c
-+++ b/tests/16-sim-arch_basic.c
-@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
- 	rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
- 	if (rc != 0)
- 		goto out;
-+	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
-+	if (rc != 0)
-+		goto out;
- 
- 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
- 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
-diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
-index 57a5ac3..d9e1939 100755
---- a/tests/16-sim-arch_basic.py
-+++ b/tests/16-sim-arch_basic.py
-@@ -39,6 +39,7 @@ def test(args):
-     f.add_arch(Arch("mipsel"))
-     f.add_arch(Arch("mipsel64"))
-     f.add_arch(Arch("mipsel64n32"))
-+    f.add_arch(Arch("ppc64le"))
-     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
-diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
-index eeb8556..9f67ed6 100644
---- a/tests/23-sim-arch_all_le_basic.c
-+++ b/tests/23-sim-arch_all_le_basic.c
-@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
- 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
- 	if (rc != 0)
- 		goto out;
-+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
-+	if (rc != 0)
-+		goto out;
- 
- 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
- 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
-diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
-index 36ab139..212ff50 100755
---- a/tests/23-sim-arch_all_le_basic.py
-+++ b/tests/23-sim-arch_all_le_basic.py
-@@ -39,6 +39,7 @@ def test(args):
-     f.add_arch(Arch("mipsel"))
-     f.add_arch(Arch("mipsel64"))
-     f.add_arch(Arch("mipsel64n32"))
-+    f.add_arch(Arch("ppc64le"))
-     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
-diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
-index a951b3c..91fcbea 100644
---- a/tests/26-sim-arch_all_be_basic.c
-+++ b/tests/26-sim-arch_all_be_basic.c
-@@ -52,6 +52,12 @@ int main(int argc, char *argv[])
- 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
- 	if (rc != 0)
- 		goto out;
-+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
-+	if (rc != 0)
-+		goto out;
-+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
-+	if (rc != 0)
-+		goto out;
- 
- 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
- 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
-diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
-index 1347406..1537013 100755
---- a/tests/26-sim-arch_all_be_basic.py
-+++ b/tests/26-sim-arch_all_be_basic.py
-@@ -33,6 +33,8 @@ def test(args):
-     f.add_arch(Arch("mips"))
-     f.add_arch(Arch("mips64"))
-     f.add_arch(Arch("mips64n32"))
-+    f.add_arch(Arch("ppc64"))
-+    f.add_arch(Arch("ppc"))
-     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
-diff --git a/tests/regression b/tests/regression
-index acb125d..2aba23b 100755
---- a/tests/regression
-+++ b/tests/regression
-@@ -21,8 +21,14 @@
- # along with this library; if not, see <http://www.gnu.org/licenses>.
- #
- 
--GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
--GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
-+GLBL_ARCH_LE_SUPPORT=" \
-+	x86 x86_64 x32 \
-+	arm aarch64 \
-+	mipsel mipsel64 mipsel64n32 \
-+	ppc64le"
-+GLBL_ARCH_BE_SUPPORT=" \
-+	mips mips64 mips64n32 \
-+	ppc64 ppc"
- 
- GLBL_SYS_ARCH="../tools/scmp_arch_detect"
- GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
-@@ -684,7 +690,7 @@ function run_test_live() {
- 
- 	# setup the arch specific return values
- 	case "$arch" in
--	x86|x86_64|x32|arm|aarch64)
-+	x86|x86_64|x32|arm|aarch64|ppc64|ppc64le|ppc)
- 		rc_kill=159
- 		rc_allow=160
- 		rc_trap=161
-diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
-index 5a87252..03644c6 100644
---- a/tools/scmp_arch_detect.c
-+++ b/tools/scmp_arch_detect.c
-@@ -99,6 +99,15 @@ int main(int argc, char *argv[])
- 		case SCMP_ARCH_MIPSEL64N32:
- 			printf("mipsel64n32\n");
- 			break;
-+		case SCMP_ARCH_PPC64:
-+			printf("ppc64\n");
-+			break;
-+		case SCMP_ARCH_PPC64LE:
-+			printf("ppc64le\n");
-+			break;
-+		case SCMP_ARCH_PPC:
-+			printf("ppc\n");
-+			break;
- 		default:
- 			printf("unknown\n");
- 		}
-diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
-index 349b8a8..d773469 100644
---- a/tools/scmp_bpf_disasm.c
-+++ b/tools/scmp_bpf_disasm.c
-@@ -334,6 +334,12 @@ int main(int argc, char *argv[])
- 				arch = AUDIT_ARCH_MIPS64N32;
- 			else if (strcmp(optarg, "mipsel64n32") == 0)
- 				arch = AUDIT_ARCH_MIPSEL64N32;
-+			else if (strcmp(optarg, "ppc64") == 0)
-+				arch = AUDIT_ARCH_PPC64;
-+			else if (strcmp(optarg, "ppc64le") == 0)
-+				arch = AUDIT_ARCH_PPC64LE;
-+			else if (strcmp(optarg, "ppc") == 0)
-+				arch = AUDIT_ARCH_PPC;
- 			else
- 				exit_usage(argv[0]);
- 			break;
-diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
-index bb3a2e7..a53b4fd 100644
---- a/tools/scmp_bpf_sim.c
-+++ b/tools/scmp_bpf_sim.c
-@@ -249,6 +249,12 @@ int main(int argc, char *argv[])
- 				arch = AUDIT_ARCH_MIPS64N32;
- 			else if (strcmp(optarg, "mipsel64n32") == 0)
- 				arch = AUDIT_ARCH_MIPSEL64N32;
-+			else if (strcmp(optarg, "ppc64") == 0)
-+				arch = AUDIT_ARCH_PPC64;
-+			else if (strcmp(optarg, "ppc64le") == 0)
-+				arch = AUDIT_ARCH_PPC64LE;
-+			else if (strcmp(optarg, "ppc") == 0)
-+				arch = AUDIT_ARCH_PPC;
- 			else
- 				exit_fault(EINVAL);
- 			break;
-diff --git a/tools/util.c b/tools/util.c
-index 9b58bbb..b45de3b 100644
---- a/tools/util.c
-+++ b/tools/util.c
-@@ -62,6 +62,14 @@
- #elif __MIPSEL__
- #define ARCH_NATIVE		AUDIT_ARCH_MIPSEL64N32
- #endif /* _MIPS_SIM_NABI32 */
-+#elif __PPC64__
-+#ifdef __BIG_ENDIAN__
-+#define ARCH_NATIVE		AUDIT_ARCH_PPC64
-+#else
-+#define ARCH_NATIVE		AUDIT_ARCH_PPC64LE
-+#endif
-+#elif __PPC__
-+#define ARCH_NATIVE		AUDIT_ARCH_PPC
- #else
- #error the simulator code needs to know about your machine type
- #endif
-diff --git a/tools/util.h b/tools/util.h
-index 4ec3f91..2fed617 100644
---- a/tools/util.h
-+++ b/tools/util.h
-@@ -63,6 +63,15 @@
- 				 __AUDIT_ARCH_CONVENTION_MIPS64_N32)
- #endif
- 
-+#ifndef AUDIT_ARCH_AARCH64
-+/* AArch64 support for audit was merged in 3.17-rc1 */
-+#define AUDIT_ARCH_AARCH64	(EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
-+#endif
-+
-+#ifndef AUDIT_ARCH_PPC64LE
-+#define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
-+#endif
-+
- extern uint32_t arch;
- 
- void exit_usage(const char *program);
diff -Nru libseccomp-2.2.3/debian/patches/git-7f3ae6e6a12390bd38f0787b242f60c47ad076c3.diff libseccomp-2.3.1/debian/patches/git-7f3ae6e6a12390bd38f0787b242f60c47ad076c3.diff
--- libseccomp-2.2.3/debian/patches/git-7f3ae6e6a12390bd38f0787b242f60c47ad076c3.diff	2016-02-10 23:14:22.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-7f3ae6e6a12390bd38f0787b242f60c47ad076c3.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,20 +0,0 @@
-commit 7f3ae6e6a12390bd38f0787b242f60c47ad076c3
-Author: Jan Willeke <willeke@linux.vnet.ibm.com>
-Date:   Fri Sep 4 14:22:00 2015 +0200
-
-    tests: s390 python test fix
-    
-    Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
-    Signed-off-by: Paul Moore <pmoore@redhat.com>
-diff --git a/tests/24-live-arg_allow.py b/tests/24-live-arg_allow.py
-index 7df970a..f3441c6 100755
---- a/tests/24-live-arg_allow.py
-+++ b/tests/24-live-arg_allow.py
-@@ -44,6 +44,7 @@ def test():
-     f.add_rule(ALLOW, "rt_sigaction")
-     f.add_rule(ALLOW, "rt_sigreturn")
-     f.add_rule(ALLOW, "exit_group")
-+    f.add_rule(ALLOW, "brk")
-     f.load()
- 
-     try:
diff -Nru libseccomp-2.2.3/debian/patches/git-a8fe571909e381b34d0ae0237aad71513f8739de.diff libseccomp-2.3.1/debian/patches/git-a8fe571909e381b34d0ae0237aad71513f8739de.diff
--- libseccomp-2.2.3/debian/patches/git-a8fe571909e381b34d0ae0237aad71513f8739de.diff	2016-02-10 23:14:23.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-a8fe571909e381b34d0ae0237aad71513f8739de.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,25 +0,0 @@
-commit a8fe571909e381b34d0ae0237aad71513f8739de
-Author: Mike Frysinger <vapier@gentoo.org>
-Date:   Fri Aug 28 01:14:47 2015 -0400
-
-    pfc: add missing ppc names
-    
-    Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-    Signed-off-by: Paul Moore <pmoore@redhat.com>
-diff --git a/src/gen_pfc.c b/src/gen_pfc.c
-index ae8361f..9219d30 100644
---- a/src/gen_pfc.c
-+++ b/src/gen_pfc.c
-@@ -71,6 +71,12 @@ static const char *_pfc_arch(const struct arch_def *arch)
- 		return "mips64n32";
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return "mipsel64n32";
-+	case SCMP_ARCH_PPC64:
-+		return "ppc64";
-+	case SCMP_ARCH_PPC64LE:
-+		return "ppc64le";
-+	case SCMP_ARCH_PPC:
-+		return "ppc";
- 	case SCMP_ARCH_S390X:
- 		return "s390x";
- 	case SCMP_ARCH_S390:
diff -Nru libseccomp-2.2.3/debian/patches/git-d2ca11b7cdddbba3782b1e306ceacf19e898faee.diff libseccomp-2.3.1/debian/patches/git-d2ca11b7cdddbba3782b1e306ceacf19e898faee.diff
--- libseccomp-2.2.3/debian/patches/git-d2ca11b7cdddbba3782b1e306ceacf19e898faee.diff	2016-03-16 15:28:14.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-d2ca11b7cdddbba3782b1e306ceacf19e898faee.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,802 +0,0 @@
-From d2ca11b7cdddbba3782b1e306ceacf19e898faee Mon Sep 17 00:00:00 2001
-From: Heiko Carstens <heiko.carstens@de.ibm.com>
-Date: Mon, 9 Nov 2015 13:15:39 +0100
-Subject: [PATCH] arch: update s390/s390x system call tables
-
-s390 and s390x gained quite a few new system calls:
-- numa related system calls
-- the separated socket system calls
-- two more s390 specific pci mmio system calls
-
-All architectures got the new membarrier and userfaultfd system calls.
-
-This patch updates the s390 specific system call tables and updates other
-architectures where needed.
-
-Also remove some extra whitespace from the s390 specific system call tables.
-
-Both 'make check' and './regression -T live' still work for s390 and s390x
-after this update.
-
-Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
-Signed-off-by: Paul Moore <pmoore@redhat.com>
----
- include/seccomp.h.in          | 20 +++++++++++++
- src/arch-aarch64-syscalls.c   |  4 +++
- src/arch-arm-syscalls.c       |  4 +++
- src/arch-mips-syscalls.c      |  4 +++
- src/arch-mips64-syscalls.c    |  4 +++
- src/arch-mips64n32-syscalls.c |  4 +++
- src/arch-ppc-syscalls.c       |  4 +++
- src/arch-ppc64-syscalls.c     |  4 +++
- src/arch-s390-syscalls.c      | 68 +++++++++++++++++++++++--------------------
- src/arch-s390x-syscalls.c     | 66 +++++++++++++++++++++--------------------
- src/arch-x32-syscalls.c       |  4 +++
- src/arch-x86-syscalls.c       |  4 +++
- src/arch-x86_64-syscalls.c    |  4 +++
- 13 files changed, 131 insertions(+), 63 deletions(-)
-
-Index: libseccomp-2.2.3/include/seccomp.h.in
-===================================================================
---- libseccomp-2.2.3.orig/include/seccomp.h.in
-+++ libseccomp-2.2.3/include/seccomp.h.in
-@@ -1557,6 +1557,26 @@ int seccomp_export_bpf(const scmp_filter
- #define __NR_s390_runtime_instr		__PNR_s390_runtime_instr
- #endif /* __NR_s390_runtime_instr */
- 
-+#define __PNR_s390_pci_mmio_read	-10197
-+#ifndef __NR_s390_pci_mmio_read
-+#define __NR_s390_pci_mmio_read		__PNR_s390_pci_mmio_read
-+#endif /* __NR_s390_pci_mmio_read */
-+
-+#define __PNR_s390_pci_mmio_write	-10198
-+#ifndef __NR_s390_pci_mmio_write
-+#define __NR_s390_pci_mmio_write	__PNR_s390_pci_mmio_write
-+#endif /* __NR_s390_pci_mmio_write */
-+
-+#define __PNR_membarrier	-10199
-+#ifndef __NR_membarrier
-+#define __NR_membarrier		__PNR_membarrier
-+#endif /* __NR_membarrier */
-+
-+#define __PNR_userfaultfd	-10200
-+#ifndef __NR_userfaultfd
-+#define __NR_userfaultfd	__PNR_userfaultfd
-+#endif /* __NR_userfaultfd */
-+
- #ifdef __cplusplus
- }
- #endif
-Index: libseccomp-2.2.3/src/arch-aarch64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-aarch64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-aarch64-syscalls.c
-@@ -196,6 +196,7 @@ const struct arch_syscall_def aarch64_sy
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 233 },
- 	{ "mbind", 235 },
-+	{ "membarrier", 283 },
- 	{ "memfd_create", 279 },
- 	{ "migrate_pages", 238 },
- 	{ "mincore", 232 },
-@@ -296,6 +297,8 @@ const struct arch_syscall_def aarch64_sy
- 	{ "rt_sigtimedwait", 137 },
- 	{ "rt_tgsigqueueinfo", 240 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 125 },
- 	{ "sched_get_priority_min", 126 },
-@@ -430,6 +433,7 @@ const struct arch_syscall_def aarch64_sy
- 	{ "uselib", __PNR_uselib },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 282 },
- 	{ "ustat", __PNR_ustat },
- 	{ "utime", __PNR_utime },
- 	{ "utimensat", 88 },
-Index: libseccomp-2.2.3/src/arch-arm-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-arm-syscalls.c
-+++ libseccomp-2.2.3/src/arch-arm-syscalls.c
-@@ -208,6 +208,7 @@ const struct arch_syscall_def arm_syscal
- 	{ "lstat64", (__NR_SYSCALL_BASE + 196) },
- 	{ "madvise", (__NR_SYSCALL_BASE + 220) },
- 	{ "mbind", (__NR_SYSCALL_BASE + 319) },
-+	{ "membarrier",  (__NR_SYSCALL_BASE + 389) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 385) },
- 	{ "migrate_pages", __PNR_migrate_pages },
- 	{ "mincore", (__NR_SYSCALL_BASE + 219) },
-@@ -308,6 +309,8 @@ const struct arch_syscall_def arm_syscal
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
-@@ -442,6 +445,7 @@ const struct arch_syscall_def arm_syscal
- 	{ "uselib", (__NR_SYSCALL_BASE + 86) },
- 	{ "usr26", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 3)) },
- 	{ "usr32", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 4)) },
-+	{ "userfaultfd", (__NR_SYSCALL_BASE + 388) },
- 	{ "ustat", (__NR_SYSCALL_BASE + 62) },
- 	{ "utime", __PNR_utime },
- 	{ "utimensat", (__NR_SYSCALL_BASE + 348) },
-Index: libseccomp-2.2.3/src/arch-mips-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-mips-syscalls.c
-+++ libseccomp-2.2.3/src/arch-mips-syscalls.c
-@@ -200,6 +200,7 @@ const struct arch_syscall_def mips_sysca
- 	{ "lstat64", (__NR_SYSCALL_BASE + 214) },
- 	{ "madvise", (__NR_SYSCALL_BASE + 218) },
- 	{ "mbind", (__NR_SYSCALL_BASE + 268) },
-+	{ "membarrier", (__NR_SYSCALL_BASE + 358) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 354) },
- 	{ "migrate_pages", (__NR_SYSCALL_BASE + 287) },
- 	{ "mincore", (__NR_SYSCALL_BASE + 217) },
-@@ -300,6 +301,8 @@ const struct arch_syscall_def mips_sysca
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 197) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 332) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 163) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 164) },
-@@ -434,6 +437,7 @@ const struct arch_syscall_def mips_sysca
- 	{ "uselib", (__NR_SYSCALL_BASE + 86) },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd",  (__NR_SYSCALL_BASE + 357) },
- 	{ "ustat", (__NR_SYSCALL_BASE + 62) },
- 	{ "utime", (__NR_SYSCALL_BASE + 30) },
- 	{ "utimensat", (__NR_SYSCALL_BASE + 316) },
-Index: libseccomp-2.2.3/src/arch-mips64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-mips64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-mips64-syscalls.c
-@@ -200,6 +200,7 @@ const struct arch_syscall_def mips64_sys
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", (__NR_SYSCALL_BASE + 27) },
- 	{ "mbind", (__NR_SYSCALL_BASE + 227) },
-+	{ "membarrier",  (__NR_SYSCALL_BASE + 318) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 314) },
- 	{ "migrate_pages", (__NR_SYSCALL_BASE + 246) },
- 	{ "mincore", (__NR_SYSCALL_BASE + 26) },
-@@ -300,6 +301,8 @@ const struct arch_syscall_def mips64_sys
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 291) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
-@@ -434,6 +437,7 @@ const struct arch_syscall_def mips64_sys
- 	{ "uselib", __PNR_uselib },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd",  (__NR_SYSCALL_BASE + 317) },
- 	{ "ustat", (__NR_SYSCALL_BASE + 133) },
- 	{ "utime", (__NR_SYSCALL_BASE + 130) },
- 	{ "utimensat", (__NR_SYSCALL_BASE + 275) },
-Index: libseccomp-2.2.3/src/arch-mips64n32-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-mips64n32-syscalls.c
-+++ libseccomp-2.2.3/src/arch-mips64n32-syscalls.c
-@@ -200,6 +200,7 @@ const struct arch_syscall_def mips64n32_
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", (__NR_SYSCALL_BASE + 27) },
- 	{ "mbind", (__NR_SYSCALL_BASE + 231) },
-+	{ "membarrier", (__NR_SYSCALL_BASE + 322) },
- 	{ "memfd_create", (__NR_SYSCALL_BASE + 318) },
- 	{ "migrate_pages", (__NR_SYSCALL_BASE + 250) },
- 	{ "mincore", (__NR_SYSCALL_BASE + 26) },
-@@ -300,6 +301,8 @@ const struct arch_syscall_def mips64n32_
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 295) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
-@@ -434,6 +437,7 @@ const struct arch_syscall_def mips64n32_
- 	{ "uselib", __PNR_uselib },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", (__NR_SYSCALL_BASE + 321) },
- 	{ "ustat", (__NR_SYSCALL_BASE + 133) },
- 	{ "utime", (__NR_SYSCALL_BASE + 130) },
- 	{ "utimensat", (__NR_SYSCALL_BASE + 279) },
-Index: libseccomp-2.2.3/src/arch-ppc-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-ppc-syscalls.c
-+++ libseccomp-2.2.3/src/arch-ppc-syscalls.c
-@@ -197,6 +197,7 @@ const struct arch_syscall_def ppc_syscal
- 	{ "lstat64", 196 },
- 	{ "madvise", 205 },
- 	{ "mbind", 259 },
-+	{ "membarrier", 365 },
- 	{ "memfd_create", 360 },
- 	{ "migrate_pages", 258 },
- 	{ "mincore", 206 },
-@@ -297,6 +298,8 @@ const struct arch_syscall_def ppc_syscal
- 	{ "rt_sigtimedwait", 176 },
- 	{ "rt_tgsigqueueinfo", 322 },
- 	{ "rtas", 255 },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
-@@ -431,6 +434,7 @@ const struct arch_syscall_def ppc_syscal
- 	{ "uselib", 86 },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 364 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 304 },
-Index: libseccomp-2.2.3/src/arch-ppc64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-ppc64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-ppc64-syscalls.c
-@@ -197,6 +197,7 @@ const struct arch_syscall_def ppc64_sysc
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 205 },
- 	{ "mbind", 259 },
-+	{ "membarrier", 365 },
- 	{ "memfd_create", 360 },
- 	{ "migrate_pages", 258 },
- 	{ "mincore", 206 },
-@@ -297,6 +298,8 @@ const struct arch_syscall_def ppc64_sysc
- 	{ "rt_sigtimedwait", 176 },
- 	{ "rt_tgsigqueueinfo", 322 },
- 	{ "rtas", 255 },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
-@@ -431,6 +434,7 @@ const struct arch_syscall_def ppc64_sysc
- 	{ "uselib", 86 },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 364 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 304 },
-Index: libseccomp-2.2.3/src/arch-s390-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-s390-syscalls.c
-+++ libseccomp-2.2.3/src/arch-s390-syscalls.c
-@@ -10,13 +10,13 @@
- #include "arch.h"
- #include "arch-s390.h"
- 
--/* NOTE: based on Linux 4.2-rc5 */
-+/* NOTE: based on Linux 4.3 */
- const struct arch_syscall_def s390_syscall_table[] = { \
- 	{ "_llseek", 140 },
- 	{ "_newselect", 142 },
- 	{ "_sysctl", 149 },
- 	{ "accept", __PNR_accept },
--	{ "accept4", __PNR_accept4 },
-+	{ "accept4", 364 },
- 	{ "access", 33 },
- 	{ "acct", 51 },
- 	{ "add_key", 278 },
-@@ -27,7 +27,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
- 	{ "arch_prctl", __PNR_arch_prctl },
- 	{ "bdflush", 134 },
--	{ "bind", __PNR_bind },
-+	{ "bind", 361 },
- 	{ "bpf", 351 },
- 	{ "break", __PNR_break },
- 	{ "breakpoint", __PNR_breakpoint },
-@@ -48,7 +48,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "clock_settime", 259 },
- 	{ "clone", 120 },
- 	{ "close", 6 },
--	{ "connect", __PNR_connect },
-+	{ "connect", 362 },
- 	{ "creat", 8 },
- 	{ "create_module", 127 },
- 	{ "delete_module", 129 },
-@@ -102,8 +102,8 @@ const struct arch_syscall_def s390_sysca
- 	{ "futex", 238 },
- 	{ "futimesat", 292 },
- 	{ "get_kernel_syms", 130 },
--	{ "get_mempolicy", __PNR_get_mempolicy },
--	{ "get_robust_list" , 305 },
-+	{ "get_mempolicy", 269 },
-+	{ "get_robust_list", 305 },
- 	{ "get_thread_area", __PNR_get_thread_area },
- 	{ "getcpu", 311 },
- 	{ "getcwd", 183 },
-@@ -118,7 +118,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "getgroups", 80 },
- 	{ "getgroups32", 205 },
- 	{ "getitimer", 105 },
--	{ "getpeername", __PNR_getpeername },
-+	{ "getpeername", 368 },
- 	{ "getpgid", 132 },
- 	{ "getpgrp", 65 },
- 	{ "getpid", 20 },
-@@ -133,8 +133,8 @@ const struct arch_syscall_def s390_sysca
- 	{ "getrlimit", 76 },
- 	{ "getrusage", 77 },
- 	{ "getsid", 147 },
--	{ "getsockname", __PNR_getsockname },
--	{ "getsockopt", __PNR_getsockopt },
-+	{ "getsockname", 367 },
-+	{ "getsockopt", 365 },
- 	{ "gettid", 236 },
- 	{ "gettimeofday", 78 },
- 	{ "getuid", 24 },
-@@ -143,10 +143,10 @@ const struct arch_syscall_def s390_sysca
- 	{ "gtty", __PNR_gtty },
- 	{ "idle", 112 },
- 	{ "init_module", 128 },
--	{ "inotify_add_watch" , 285 },
-+	{ "inotify_add_watch", 285 },
- 	{ "inotify_init", 284 },
- 	{ "inotify_init1", 324 },
--	{ "inotify_rm_watch" , 286 },
-+	{ "inotify_rm_watch", 286 },
- 	{ "io_cancel", 247 },
- 	{ "io_destroy", 244 },
- 	{ "io_getevents", 245 },
-@@ -168,7 +168,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "lgetxattr", 228 },
- 	{ "link", 9 },
- 	{ "linkat", 296 },
--	{ "listen", __PNR_listen },
-+	{ "listen", 363 },
- 	{ "listxattr", 230 },
- 	{ "llistxattr", 231 },
- 	{ "lock", __PNR_lock },
-@@ -179,9 +179,10 @@ const struct arch_syscall_def s390_sysca
- 	{ "lstat", 107 },
- 	{ "lstat64", 196 },
- 	{ "madvise", 219 },
--	{ "mbind", __PNR_mbind },
-+	{ "mbind", 268 },
-+	{ "membarrier", 356 },
- 	{ "memfd_create", 350 },
--	{ "migrate_pages", __PNR_migrate_pages},
-+	{ "migrate_pages", 287 },
- 	{ "mincore", 218 },
- 	{ "mkdir", 39 },
- 	{ "mkdirat", 289 },
-@@ -193,13 +194,13 @@ const struct arch_syscall_def s390_sysca
- 	{ "mmap2", 192 },
- 	{ "modify_ldt", __PNR_modify_ldt },
- 	{ "mount", 21 },
--	{ "move_pages", __PNR_move_pages},
-+	{ "move_pages", 310 },
- 	{ "mprotect", 125 },
- 	{ "mpx", __PNR_mpx },
- 	{ "mq_getsetattr", 276 },
- 	{ "mq_notify", 275 },
- 	{ "mq_open", 271 },
--	{ "mq_timedreceive" , 274 },
-+	{ "mq_timedreceive", 274 },
- 	{ "mq_timedsend", 273 },
- 	{ "mq_unlink", 272 },
- 	{ "mremap", 163 },
-@@ -260,9 +261,9 @@ const struct arch_syscall_def s390_sysca
- 	{ "readv", 145 },
- 	{ "reboot", 88 },
- 	{ "recv", __PNR_recv },
--	{ "recvfrom", __PNR_recvfrom },
--	{ "recvmmsg", __PNR_recvmmsg },
--	{ "recvmsg", __PNR_recvmsg },
-+	{ "recvfrom", 371 },
-+	{ "recvmmsg", 357 },
-+	{ "recvmsg", 372 },
- 	{ "remap_file_pages", 267 },
- 	{ "removexattr", 233 },
- 	{ "rename", 38 },
-@@ -280,15 +281,17 @@ const struct arch_syscall_def s390_sysca
- 	{ "rt_sigtimedwait", 177 },
- 	{ "rt_tgsigqueueinfo", 330 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", 353 },
-+	{ "s390_pci_mmio_write", 352 },
- 	{ "s390_runtime_instr", 342 },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
--	{ "sched_getaffinity" , 240 },
-+	{ "sched_getaffinity", 240 },
- 	{ "sched_getattr", 346 },
- 	{ "sched_getparam", 155 },
- 	{ "sched_getscheduler", 157 },
- 	{ "sched_rr_get_interval", 161 },
--	{ "sched_setaffinity" , 239 },
-+	{ "sched_setaffinity", 239 },
- 	{ "sched_setattr", 345 },
- 	{ "sched_setparam", 154 },
- 	{ "sched_setscheduler", 156 },
-@@ -303,11 +306,11 @@ const struct arch_syscall_def s390_sysca
- 	{ "send", __PNR_send },
- 	{ "sendfile", 187 },
- 	{ "sendfile64", 223 },
--	{ "sendmmsg", __PNR_sendmmsg },
--	{ "sendmsg", __PNR_sendmsg },
--	{ "sendto", __PNR_sendto },
--	{ "set_mempolicy", __PNR_set_mempolicy },
--	{ "set_robust_list" , 304 },
-+	{ "sendmmsg", 358 },
-+	{ "sendmsg", 370 },
-+	{ "sendto", 369 },
-+	{ "set_mempolicy", 270 },
-+	{ "set_robust_list", 304 },
- 	{ "set_thread_area", __PNR_set_thread_area },
- 	{ "set_tid_address", 252 },
- 	{ "set_tls", __PNR_set_tls },
-@@ -335,7 +338,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "setreuid32", 203 },
- 	{ "setrlimit", 75 },
- 	{ "setsid", 66 },
--	{ "setsockopt", __PNR_setsockopt },
-+	{ "setsockopt", 366 },
- 	{ "settimeofday", 79 },
- 	{ "setuid", 23 },
- 	{ "setuid32", 213 },
-@@ -345,7 +348,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "shmctl", __PNR_shmctl },
- 	{ "shmdt", __PNR_shmdt },
- 	{ "shmget", __PNR_shmget },
--	{ "shutdown", __PNR_shutdown },
-+	{ "shutdown", 373 },
- 	{ "sigaction", 67 },
- 	{ "sigaltstack", 186 },
- 	{ "signal", 48 },
-@@ -355,9 +358,9 @@ const struct arch_syscall_def s390_sysca
- 	{ "sigprocmask", 126 },
- 	{ "sigreturn", 119 },
- 	{ "sigsuspend", 72 },
--	{ "socket", __PNR_socket },
-+	{ "socket", 359 },
- 	{ "socketcall", 102 },
--	{ "socketpair", __PNR_socketpair },
-+	{ "socketpair", 360 },
- 	{ "splice", 306 },
- 	{ "spu_create", __PNR_spu_create },
- 	{ "spu_run", __PNR_spu_run },
-@@ -376,7 +379,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "symlink", 83 },
- 	{ "symlinkat", 297 },
- 	{ "sync", 36 },
--	{ "sync_file_range" , 307 },
-+	{ "sync_file_range", 307 },
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", 338 },
- 	{ "syscall", __PNR_syscall },
-@@ -387,7 +390,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "sysmips", __PNR_sysmips },
- 	{ "tee", 308 },
- 	{ "tgkill", 241 },
--	{ "time",  13 },
-+	{ "time", 13 },
- 	{ "timer_create", 254 },
- 	{ "timer_delete", 258 },
- 	{ "timer_getoverrun", 257 },
-@@ -414,6 +417,7 @@ const struct arch_syscall_def s390_sysca
- 	{ "uselib", 86 },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 355 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 315 },
-Index: libseccomp-2.2.3/src/arch-s390x-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-s390x-syscalls.c
-+++ libseccomp-2.2.3/src/arch-s390x-syscalls.c
-@@ -10,13 +10,13 @@
- #include "arch.h"
- #include "arch-s390x.h"
- 
--/* NOTE: based on Linux 4.2-rc5 */
-+/* NOTE: based on Linux 4.3 */
- const struct arch_syscall_def s390x_syscall_table[] = { \
- 	{ "_llseek", __PNR__llseek },
- 	{ "_newselect", __PNR__newselect },
- 	{ "_sysctl", 149 },
- 	{ "accept", __PNR_accept },
--	{ "accept4", __PNR_accept4 },
-+	{ "accept4", 364 },
- 	{ "access", 33 },
- 	{ "acct", 51 },
- 	{ "add_key", 278 },
-@@ -27,7 +27,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
- 	{ "arch_prctl", __PNR_arch_prctl },
- 	{ "bdflush", 134 },
--	{ "bind", __PNR_bind },
-+	{ "bind", 361 },
- 	{ "bpf", 351 },
- 	{ "break", __PNR_break },
- 	{ "breakpoint", __PNR_breakpoint },
-@@ -48,7 +48,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "clock_settime", 259 },
- 	{ "clone", 120 },
- 	{ "close", 6 },
--	{ "connect", __PNR_connect },
-+	{ "connect", 362 },
- 	{ "creat", 8 },
- 	{ "create_module", 127 },
- 	{ "delete_module", 129 },
-@@ -102,8 +102,8 @@ const struct arch_syscall_def s390x_sysc
- 	{ "futex", 238 },
- 	{ "futimesat", 292 },
- 	{ "get_kernel_syms", 130 },
--	{ "get_mempolicy", __PNR_get_mempolicy },
--	{ "get_robust_list" , 305 },
-+	{ "get_mempolicy", 269 },
-+	{ "get_robust_list", 305 },
- 	{ "get_thread_area", __PNR_get_thread_area },
- 	{ "getcpu", 311 },
- 	{ "getcwd", 183 },
-@@ -118,7 +118,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "getgroups", 205 },
- 	{ "getgroups32", __PNR_getgroups32 },
- 	{ "getitimer", 105 },
--	{ "getpeername", __PNR_getpeername },
-+	{ "getpeername", 368 },
- 	{ "getpgid", 132 },
- 	{ "getpgrp", 65 },
- 	{ "getpid", 20 },
-@@ -133,8 +133,8 @@ const struct arch_syscall_def s390x_sysc
- 	{ "getrlimit", 191 },
- 	{ "getrusage", 77 },
- 	{ "getsid", 147 },
--	{ "getsockname", __PNR_getsockname },
--	{ "getsockopt", __PNR_getsockopt },
-+	{ "getsockname", 367 },
-+	{ "getsockopt", 365 },
- 	{ "gettid", 236 },
- 	{ "gettimeofday", 78 },
- 	{ "getuid", 199 },
-@@ -143,10 +143,10 @@ const struct arch_syscall_def s390x_sysc
- 	{ "gtty", __PNR_gtty },
- 	{ "idle", 112 },
- 	{ "init_module", 128 },
--	{ "inotify_add_watch" , 285 },
-+	{ "inotify_add_watch", 285 },
- 	{ "inotify_init", 284 },
- 	{ "inotify_init1", 324 },
--	{ "inotify_rm_watch" , 286 },
-+	{ "inotify_rm_watch", 286 },
- 	{ "io_cancel", 247 },
- 	{ "io_destroy", 244 },
- 	{ "io_getevents", 245 },
-@@ -168,7 +168,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "lgetxattr", 228 },
- 	{ "link", 9 },
- 	{ "linkat", 296 },
--	{ "listen", __PNR_listen },
-+	{ "listen", 363 },
- 	{ "listxattr", 230 },
- 	{ "llistxattr", 231 },
- 	{ "lock", __PNR_lock },
-@@ -179,9 +179,10 @@ const struct arch_syscall_def s390x_sysc
- 	{ "lstat", 107 },
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 219 },
--	{ "mbind", __PNR_mbind },
-+	{ "mbind", 268 },
-+	{ "membarrier", 356 },
- 	{ "memfd_create", 350 },
--	{ "migrate_pages", __PNR_migrate_pages },
-+	{ "migrate_pages", 287 },
- 	{ "mincore", 218 },
- 	{ "mkdir", 39 },
- 	{ "mkdirat", 289 },
-@@ -193,13 +194,13 @@ const struct arch_syscall_def s390x_sysc
- 	{ "mmap2", __PNR_mmap2 },
- 	{ "modify_ldt", __PNR_modify_ldt },
- 	{ "mount", 21 },
--	{ "move_pages", __PNR_move_pages },
-+	{ "move_pages", 310 },
- 	{ "mprotect", 125 },
- 	{ "mpx", __PNR_mpx },
- 	{ "mq_getsetattr", 276 },
- 	{ "mq_notify", 275 },
- 	{ "mq_open", 271 },
--	{ "mq_timedreceive" , 274 },
-+	{ "mq_timedreceive", 274 },
- 	{ "mq_timedsend", 273 },
- 	{ "mq_unlink", 272 },
- 	{ "mremap", 163 },
-@@ -260,9 +261,9 @@ const struct arch_syscall_def s390x_sysc
- 	{ "readv", 145 },
- 	{ "reboot", 88 },
- 	{ "recv", __PNR_recv },
--	{ "recvfrom", __PNR_recvfrom },
--	{ "recvmmsg", __PNR_recvmmsg },
--	{ "recvmsg", __PNR_recvmsg },
-+	{ "recvfrom", 371 },
-+	{ "recvmmsg", 357 },
-+	{ "recvmsg", 372 },
- 	{ "remap_file_pages", 267 },
- 	{ "removexattr", 233 },
- 	{ "rename", 38 },
-@@ -280,15 +281,17 @@ const struct arch_syscall_def s390x_sysc
- 	{ "rt_sigtimedwait", 177 },
- 	{ "rt_tgsigqueueinfo", 330 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", 353 },
-+	{ "s390_pci_mmio_write", 352 },
- 	{ "s390_runtime_instr", 342 },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
--	{ "sched_getaffinity" , 240 },
-+	{ "sched_getaffinity", 240 },
- 	{ "sched_getattr", 346 },
- 	{ "sched_getparam", 155 },
- 	{ "sched_getscheduler", 157 },
- 	{ "sched_rr_get_interval", 161 },
--	{ "sched_setaffinity" , 239 },
-+	{ "sched_setaffinity", 239 },
- 	{ "sched_setattr", 345 },
- 	{ "sched_setparam", 154 },
- 	{ "sched_setscheduler", 156 },
-@@ -303,11 +306,11 @@ const struct arch_syscall_def s390x_sysc
- 	{ "send", __PNR_send },
- 	{ "sendfile", 187 },
- 	{ "sendfile64", __PNR_sendfile64 },
--	{ "sendmmsg", __PNR_sendmmsg },
--	{ "sendmsg", __PNR_sendmsg },
--	{ "sendto", __PNR_sendto },
--	{ "set_mempolicy", __PNR_set_mempolicy },
--	{ "set_robust_list" , 304 },
-+	{ "sendmmsg", 358 },
-+	{ "sendmsg", 370 },
-+	{ "sendto", 369 },
-+	{ "set_mempolicy", 270 },
-+	{ "set_robust_list", 304 },
- 	{ "set_thread_area", __PNR_set_thread_area },
- 	{ "set_tid_address", 252 },
- 	{ "set_tls", __PNR_set_tls },
-@@ -335,7 +338,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "setreuid32", __PNR_setreuid32 },
- 	{ "setrlimit", 75 },
- 	{ "setsid", 66 },
--	{ "setsockopt", __PNR_setsockopt },
-+	{ "setsockopt", 366 },
- 	{ "settimeofday", 79 },
- 	{ "setuid", 213 },
- 	{ "setuid32", __PNR_setuid32 },
-@@ -345,7 +348,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "shmctl", __PNR_shmctl },
- 	{ "shmdt", __PNR_shmdt },
- 	{ "shmget", __PNR_shmget },
--	{ "shutdown", __PNR_shutdown },
-+	{ "shutdown", 373 },
- 	{ "sigaction", 67 },
- 	{ "sigaltstack", 186 },
- 	{ "signal", 48 },
-@@ -355,9 +358,9 @@ const struct arch_syscall_def s390x_sysc
- 	{ "sigprocmask", 126 },
- 	{ "sigreturn", 119 },
- 	{ "sigsuspend", 72 },
--	{ "socket", __PNR_socket },
-+	{ "socket", 359 },
- 	{ "socketcall", 102 },
--	{ "socketpair", __PNR_socketpair },
-+	{ "socketpair", 360 },
- 	{ "splice", 306 },
- 	{ "spu_create", __PNR_spu_create },
- 	{ "spu_run", __PNR_spu_run },
-@@ -376,7 +379,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "symlink", 83 },
- 	{ "symlinkat", 297 },
- 	{ "sync", 36 },
--	{ "sync_file_range" , 307 },
-+	{ "sync_file_range", 307 },
- 	{ "sync_file_range2", __PNR_sync_file_range2 },
- 	{ "syncfs", 338 },
- 	{ "syscall", __PNR_syscall },
-@@ -414,6 +417,7 @@ const struct arch_syscall_def s390x_sysc
- 	{ "uselib", 86 },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 355 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 315 },
-Index: libseccomp-2.2.3/src/arch-x32-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-x32-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x32-syscalls.c
-@@ -196,6 +196,7 @@ const struct arch_syscall_def x32_syscal
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", (X32_SYSCALL_BIT + 28) },
- 	{ "mbind", (X32_SYSCALL_BIT + 237) },
-+	{ "membarrier",  (X32_SYSCALL_BIT + 324) },
- 	{ "memfd_create", (X32_SYSCALL_BIT + 319) },
- 	{ "migrate_pages", (X32_SYSCALL_BIT + 256) },
- 	{ "mincore", (X32_SYSCALL_BIT + 27) },
-@@ -296,6 +297,8 @@ const struct arch_syscall_def x32_syscal
- 	{ "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
- 	{ "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
- 	{ "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
-@@ -430,6 +433,7 @@ const struct arch_syscall_def x32_syscal
- 	{ "uselib", __PNR_uselib },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", (X32_SYSCALL_BIT + 323) },
- 	{ "ustat", (X32_SYSCALL_BIT + 136) },
- 	{ "utime", (X32_SYSCALL_BIT + 132) },
- 	{ "utimensat", (X32_SYSCALL_BIT + 280) },
-Index: libseccomp-2.2.3/src/arch-x86-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-x86-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x86-syscalls.c
-@@ -196,6 +196,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "lstat64", 196 },
- 	{ "madvise", 219 },
- 	{ "mbind", 274 },
-+	{ "membarrier", 375 },
- 	{ "memfd_create", 356 },
- 	{ "migrate_pages", 294 },
- 	{ "mincore", 218 },
-@@ -296,6 +297,8 @@ const struct arch_syscall_def x86_syscal
- 	{ "rt_sigtimedwait", 177 },
- 	{ "rt_tgsigqueueinfo", 335 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
-@@ -430,6 +433,7 @@ const struct arch_syscall_def x86_syscal
- 	{ "uselib", 86 },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 374 },
- 	{ "ustat", 62 },
- 	{ "utime", 30 },
- 	{ "utimensat", 320 },
-Index: libseccomp-2.2.3/src/arch-x86_64-syscalls.c
-===================================================================
---- libseccomp-2.2.3.orig/src/arch-x86_64-syscalls.c
-+++ libseccomp-2.2.3/src/arch-x86_64-syscalls.c
-@@ -196,6 +196,7 @@ const struct arch_syscall_def x86_64_sys
- 	{ "lstat64", __PNR_lstat64 },
- 	{ "madvise", 28 },
- 	{ "mbind", 237 },
-+	{ "membarrier", 324 },
- 	{ "memfd_create", 319 },
- 	{ "migrate_pages", 256 },
- 	{ "mincore", 27 },
-@@ -296,6 +297,8 @@ const struct arch_syscall_def x86_64_sys
- 	{ "rt_sigtimedwait", 128 },
- 	{ "rt_tgsigqueueinfo", 297 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
-+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
- 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 146 },
- 	{ "sched_get_priority_min", 147 },
-@@ -430,6 +433,7 @@ const struct arch_syscall_def x86_64_sys
- 	{ "uselib", 134 },
- 	{ "usr26", __PNR_usr26 },
- 	{ "usr32", __PNR_usr32 },
-+	{ "userfaultfd", 323 },
- 	{ "ustat", 136 },
- 	{ "utime", 132 },
- 	{ "utimensat", 280 },
diff -Nru libseccomp-2.2.3/debian/patches/git-fc886cbe8128e8544f5d197dfd0971403ee203b5.diff libseccomp-2.3.1/debian/patches/git-fc886cbe8128e8544f5d197dfd0971403ee203b5.diff
--- libseccomp-2.2.3/debian/patches/git-fc886cbe8128e8544f5d197dfd0971403ee203b5.diff	2016-02-10 23:14:23.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/git-fc886cbe8128e8544f5d197dfd0971403ee203b5.diff	1970-01-01 00:00:00.000000000 +0000
@@ -1,1896 +0,0 @@
-commit fc886cbe8128e8544f5d197dfd0971403ee203b5
-Merge: 6e26af4 a06972c
-Author: Paul Moore <pmoore@redhat.com>
-Date:   Fri Aug 28 15:38:34 2015 -0400
-
-    Merge branch 'working-s390' into master
-    
-    Signed-off-by: Paul Moore <pmoore@redhat.com>
-diff --git a/include/seccomp.h.in b/include/seccomp.h.in
-index 08eae61..adab19a 100644
---- a/include/seccomp.h.in
-+++ b/include/seccomp.h.in
-@@ -173,6 +173,12 @@ struct scmp_arg_cmp {
- #define SCMP_ARCH_PPC64LE	AUDIT_ARCH_PPC64LE
- 
- /**
-+ * The S390 architecture tokens
-+ */
-+#define SCMP_ARCH_S390		AUDIT_ARCH_S390
-+#define SCMP_ARCH_S390X		AUDIT_ARCH_S390X
-+
-+/**
-  * Convert a syscall name into the associated syscall number
-  * @param x the syscall name
-  */
-@@ -1526,6 +1532,31 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
- #define __NR_switch_endian	__PNR_switch_endian
- #endif /* __NR_switch_endian */
- 
-+#define __PNR_get_mempolicy	-10192
-+#ifndef __NR_get_mempolicy
-+#define __NR_get_mempolicy	__PNR_get_mempolicy
-+#endif /* __NR_get_mempolicy */
-+
-+#define __PNR_move_pages	-10193
-+#ifndef __NR_move_pages
-+#define __NR_move_pages		__PNR_move_pages
-+#endif /* __NR_move_pages */
-+
-+#define __PNR_mbind		-10194
-+#ifndef __NR_mbind
-+#define __NR_mbind		__PNR_mbind
-+#endif /* __NR_mbind */
-+
-+#define __PNR_set_mempolicy	-10195
-+#ifndef __NR_set_mempolicy
-+#define __NR_set_mempolicy	__PNR_set_mempolicy
-+#endif /* __NR_set_mempolicy */
-+
-+#define __PNR_s390_runtime_instr	-10196
-+#ifndef __NR_s390_runtime_instr
-+#define __NR_s390_runtime_instr		__PNR_s390_runtime_instr
-+#endif /* __NR_s390_runtime_instr */
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 23d9a91..ba9b9f4 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -32,7 +32,9 @@ SOURCES_ARCH = \
- 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
- 	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
- 	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
--	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c
-+	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
-+	arch-s390.h arch-s390.c arch-s390-syscalls.c \
-+	arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
- 
- SOURCES_GEN = \
- 	api.c system.h system.c \
-diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
-index 43d77ad..9ac1dd0 100644
---- a/src/arch-aarch64-syscalls.c
-+++ b/src/arch-aarch64-syscalls.c
-@@ -296,6 +296,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
- 	{ "rt_sigtimedwait", 137 },
- 	{ "rt_tgsigqueueinfo", 240 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 125 },
- 	{ "sched_get_priority_min", 126 },
- 	{ "sched_getaffinity", 123 },
-diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
-index 211bbec..c4fd31e 100644
---- a/src/arch-arm-syscalls.c
-+++ b/src/arch-arm-syscalls.c
-@@ -308,6 +308,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
-diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
-index 1fe9315..ae5ebf7 100644
---- a/src/arch-mips-syscalls.c
-+++ b/src/arch-mips-syscalls.c
-@@ -300,6 +300,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 197) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 332) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 163) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 164) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 240) },
-diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
-index 493fe87..baffe20 100644
---- a/src/arch-mips64-syscalls.c
-+++ b/src/arch-mips64-syscalls.c
-@@ -300,6 +300,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 291) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
-diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
-index e1cbf5c..dd6966e 100644
---- a/src/arch-mips64n32-syscalls.c
-+++ b/src/arch-mips64n32-syscalls.c
-@@ -300,6 +300,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
- 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
- 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 295) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
- 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
- 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
-diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
-index 92fa1c3..8ddb750 100644
---- a/src/arch-ppc-syscalls.c
-+++ b/src/arch-ppc-syscalls.c
-@@ -297,6 +297,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
- 	{ "rt_sigtimedwait", 176 },
- 	{ "rt_tgsigqueueinfo", 322 },
- 	{ "rtas", 255 },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
- 	{ "sched_getaffinity", 223 },
-diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
-index b23d743..d9060f4 100644
---- a/src/arch-ppc64-syscalls.c
-+++ b/src/arch-ppc64-syscalls.c
-@@ -297,6 +297,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
- 	{ "rt_sigtimedwait", 176 },
- 	{ "rt_tgsigqueueinfo", 322 },
- 	{ "rtas", 255 },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
- 	{ "sched_getaffinity", 223 },
-diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c
-new file mode 100644
-index 0000000..4da63ed
---- /dev/null
-+++ b/src/arch-s390-syscalls.c
-@@ -0,0 +1,492 @@
-+/*
-+ * Copyright 2015 IBM
-+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
-+ */
-+
-+#include <string.h>
-+
-+#include <seccomp.h>
-+
-+#include "arch.h"
-+#include "arch-s390.h"
-+
-+/* NOTE: based on Linux 4.2-rc5 */
-+const struct arch_syscall_def s390_syscall_table[] = { \
-+	{ "_llseek", 140 },
-+	{ "_newselect", 142 },
-+	{ "_sysctl", 149 },
-+	{ "accept", __PNR_accept },
-+	{ "accept4", __PNR_accept4 },
-+	{ "access", 33 },
-+	{ "acct", 51 },
-+	{ "add_key", 278 },
-+	{ "adjtimex", 124 },
-+	{ "afs_syscall", 137 },
-+	{ "alarm", 27 },
-+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
-+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
-+	{ "arch_prctl", __PNR_arch_prctl },
-+	{ "bdflush", 134 },
-+	{ "bind", __PNR_bind },
-+	{ "bpf", 351 },
-+	{ "break", __PNR_break },
-+	{ "breakpoint", __PNR_breakpoint },
-+	{ "brk", 45 },
-+	{ "cachectl", __PNR_cachectl },
-+	{ "cacheflush", __PNR_cacheflush },
-+	{ "capget", 184 },
-+	{ "capset", 185 },
-+	{ "chdir", 12 },
-+	{ "chmod", 15 },
-+	{ "chown", 182 },
-+	{ "chown32", 212 },
-+	{ "chroot", 61 },
-+	{ "clock_adjtime", 337 },
-+	{ "clock_getres", 261 },
-+	{ "clock_gettime", 260 },
-+	{ "clock_nanosleep", 262 },
-+	{ "clock_settime", 259 },
-+	{ "clone", 120 },
-+	{ "close", 6 },
-+	{ "connect", __PNR_connect },
-+	{ "creat", 8 },
-+	{ "create_module", 127 },
-+	{ "delete_module", 129 },
-+	{ "dup", 41 },
-+	{ "dup2", 63 },
-+	{ "dup3", 326 },
-+	{ "epoll_create", 249 },
-+	{ "epoll_create1", 327 },
-+	{ "epoll_ctl", 250 },
-+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-+	{ "epoll_pwait", 312 },
-+	{ "epoll_wait", 251 },
-+	{ "epoll_wait_old", __PNR_epoll_wait_old },
-+	{ "eventfd", 318 },
-+	{ "eventfd2", 323 },
-+	{ "execve", 11 },
-+	{ "execveat", 354 },
-+	{ "exit", 1 },
-+	{ "exit_group", 248 },
-+	{ "faccessat", 300 },
-+	{ "fadvise64", 253 },
-+	{ "fadvise64_64", 264 },
-+	{ "fallocate", 314 },
-+	{ "fanotify_init", 332 },
-+	{ "fanotify_mark", 333 },
-+	{ "fchdir", 133 },
-+	{ "fchmod", 94 },
-+	{ "fchmodat", 299 },
-+	{ "fchown", 95 },
-+	{ "fchown32", 207 },
-+	{ "fchownat", 291 },
-+	{ "fcntl", 55 },
-+	{ "fcntl64", 221 },
-+	{ "fdatasync", 148 },
-+	{ "fgetxattr", 229 },
-+	{ "finit_module", 344 },
-+	{ "flistxattr", 232 },
-+	{ "flock", 143 },
-+	{ "fork", 2 },
-+	{ "fremovexattr", 235 },
-+	{ "fsetxattr", 226 },
-+	{ "fstat", 108 },
-+	{ "fstat64", 197 },
-+	{ "fstatat64", 293 },
-+	{ "fstatfs", 100 },
-+	{ "fstatfs64", 266 },
-+	{ "fsync", 118 },
-+	{ "ftime", __PNR_ftime },
-+	{ "ftruncate", 93 },
-+	{ "ftruncate64", 194 },
-+	{ "futex", 238 },
-+	{ "futimesat", 292 },
-+	{ "get_kernel_syms", 130 },
-+	{ "get_mempolicy", __PNR_get_mempolicy },
-+	{ "get_robust_list" , 305 },
-+	{ "get_thread_area", __PNR_get_thread_area },
-+	{ "getcpu", 311 },
-+	{ "getcwd", 183 },
-+	{ "getdents", 141 },
-+	{ "getdents64", 220 },
-+	{ "getegid", 50 },
-+	{ "getegid32", 202 },
-+	{ "geteuid", 49 },
-+	{ "geteuid32", 201 },
-+	{ "getgid", 47 },
-+	{ "getgid32", 200 },
-+	{ "getgroups", 80 },
-+	{ "getgroups32", 205 },
-+	{ "getitimer", 105 },
-+	{ "getpeername", __PNR_getpeername },
-+	{ "getpgid", 132 },
-+	{ "getpgrp", 65 },
-+	{ "getpid", 20 },
-+	{ "getpmsg", 188 },
-+	{ "getppid", 64 },
-+	{ "getpriority", 96 },
-+	{ "getrandom", 349 },
-+	{ "getresgid", 171 },
-+	{ "getresgid32", 211 },
-+	{ "getresuid", 165 },
-+	{ "getresuid32", 209 },
-+	{ "getrlimit", 76 },
-+	{ "getrusage", 77 },
-+	{ "getsid", 147 },
-+	{ "getsockname", __PNR_getsockname },
-+	{ "getsockopt", __PNR_getsockopt },
-+	{ "gettid", 236 },
-+	{ "gettimeofday", 78 },
-+	{ "getuid", 24 },
-+	{ "getuid32", 199 },
-+	{ "getxattr", 227 },
-+	{ "gtty", __PNR_gtty },
-+	{ "idle", 112 },
-+	{ "init_module", 128 },
-+	{ "inotify_add_watch" , 285 },
-+	{ "inotify_init", 284 },
-+	{ "inotify_init1", 324 },
-+	{ "inotify_rm_watch" , 286 },
-+	{ "io_cancel", 247 },
-+	{ "io_destroy", 244 },
-+	{ "io_getevents", 245 },
-+	{ "io_setup", 243 },
-+	{ "io_submit", 246 },
-+	{ "ioctl", 54 },
-+	{ "ioperm", 101 },
-+	{ "iopl", __PNR_iopl },
-+	{ "ioprio_get", 283 },
-+	{ "ioprio_set", 282 },
-+	{ "ipc", 117 },
-+	{ "kcmp", 343 },
-+	{ "kexec_file_load", __PNR_kexec_file_load },
-+	{ "kexec_load", 277 },
-+	{ "keyctl", 280 },
-+	{ "kill", 37 },
-+	{ "lchown", 16 },
-+	{ "lchown32", 198 },
-+	{ "lgetxattr", 228 },
-+	{ "link", 9 },
-+	{ "linkat", 296 },
-+	{ "listen", __PNR_listen },
-+	{ "listxattr", 230 },
-+	{ "llistxattr", 231 },
-+	{ "lock", __PNR_lock },
-+	{ "lookup_dcookie", 110 },
-+	{ "lremovexattr", 234 },
-+	{ "lseek", 19 },
-+	{ "lsetxattr", 225 },
-+	{ "lstat", 107 },
-+	{ "lstat64", 196 },
-+	{ "madvise", 219 },
-+	{ "mbind", __PNR_mbind },
-+	{ "memfd_create", 350 },
-+	{ "migrate_pages", __PNR_migrate_pages},
-+	{ "mincore", 218 },
-+	{ "mkdir", 39 },
-+	{ "mkdirat", 289 },
-+	{ "mknod", 14 },
-+	{ "mknodat", 290 },
-+	{ "mlock", 150 },
-+	{ "mlockall", 152 },
-+	{ "mmap", 90 },
-+	{ "mmap2", 192 },
-+	{ "modify_ldt", __PNR_modify_ldt },
-+	{ "mount", 21 },
-+	{ "move_pages", __PNR_move_pages},
-+	{ "mprotect", 125 },
-+	{ "mpx", __PNR_mpx },
-+	{ "mq_getsetattr", 276 },
-+	{ "mq_notify", 275 },
-+	{ "mq_open", 271 },
-+	{ "mq_timedreceive" , 274 },
-+	{ "mq_timedsend", 273 },
-+	{ "mq_unlink", 272 },
-+	{ "mremap", 163 },
-+	{ "msgctl", __PNR_msgctl },
-+	{ "msgget", __PNR_msgget },
-+	{ "msgrcv", __PNR_msgrcv },
-+	{ "msgsnd", __PNR_msgsnd },
-+	{ "msync", 144 },
-+	{ "multiplexer", __PNR_multiplexer },
-+	{ "munlock", 151 },
-+	{ "munlockall", 153 },
-+	{ "munmap", 91 },
-+	{ "name_to_handle_at", 335 },
-+	{ "nanosleep", 162 },
-+	{ "newfstatat", __NR_newfstatat },
-+	{ "nfsservctl", 169 },
-+	{ "nice", 34 },
-+	{ "oldfstat", __PNR_oldfstat },
-+	{ "oldlstat", __PNR_oldlstat },
-+	{ "oldolduname", __PNR_oldolduname },
-+	{ "oldstat", __PNR_oldstat },
-+	{ "olduname", __PNR_olduname },
-+	{ "oldwait4", __PNR_oldwait4 },
-+	{ "open", 5 },
-+	{ "open_by_handle_at", 336 },
-+	{ "openat", 288 },
-+	{ "pause", 29 },
-+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
-+	{ "pciconfig_read", __PNR_pciconfig_read },
-+	{ "pciconfig_write", __PNR_pciconfig_write },
-+	{ "perf_event_open", 331 },
-+	{ "personality", 136 },
-+	{ "pipe", 42 },
-+	{ "pipe2", 325 },
-+	{ "pivot_root", 217 },
-+	{ "poll", 168 },
-+	{ "ppoll", 302 },
-+	{ "prctl", 172 },
-+	{ "pread64", 180 },
-+	{ "preadv", 328 },
-+	{ "prlimit64", 334 },
-+	{ "process_vm_readv", 340 },
-+	{ "process_vm_writev", 341 },
-+	{ "prof", __PNR_prof },
-+	{ "profil", __PNR_profil },
-+	{ "pselect6", 301 },
-+	{ "ptrace", 26 },
-+	{ "putpmsg", 189 },
-+	{ "pwrite64", 181 },
-+	{ "pwritev", 329 },
-+	{ "query_module", 167 },
-+	{ "quotactl", 131 },
-+	{ "read", 3 },
-+	{ "readahead", 222 },
-+	{ "readdir", 89 },
-+	{ "readlink", 85 },
-+	{ "readlinkat", 298 },
-+	{ "readv", 145 },
-+	{ "reboot", 88 },
-+	{ "recv", __PNR_recv },
-+	{ "recvfrom", __PNR_recvfrom },
-+	{ "recvmmsg", __PNR_recvmmsg },
-+	{ "recvmsg", __PNR_recvmsg },
-+	{ "remap_file_pages", 267 },
-+	{ "removexattr", 233 },
-+	{ "rename", 38 },
-+	{ "renameat", 295 },
-+	{ "renameat2", 347 },
-+	{ "request_key", 279 },
-+	{ "restart_syscall", 7 },
-+	{ "rmdir", 40 },
-+	{ "rt_sigaction", 174 },
-+	{ "rt_sigpending", 176 },
-+	{ "rt_sigprocmask", 175 },
-+	{ "rt_sigqueueinfo", 178 },
-+	{ "rt_sigreturn", 173 },
-+	{ "rt_sigsuspend", 179 },
-+	{ "rt_sigtimedwait", 177 },
-+	{ "rt_tgsigqueueinfo", 330 },
-+	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", 342 },
-+	{ "sched_get_priority_max", 159 },
-+	{ "sched_get_priority_min", 160 },
-+	{ "sched_getaffinity" , 240 },
-+	{ "sched_getattr", 346 },
-+	{ "sched_getparam", 155 },
-+	{ "sched_getscheduler", 157 },
-+	{ "sched_rr_get_interval", 161 },
-+	{ "sched_setaffinity" , 239 },
-+	{ "sched_setattr", 345 },
-+	{ "sched_setparam", 154 },
-+	{ "sched_setscheduler", 156 },
-+	{ "sched_yield", 158 },
-+	{ "seccomp", 348 },
-+	{ "security", __PNR_security },
-+	{ "select", __PNR_select },
-+	{ "semctl", __PNR_semctl },
-+	{ "semget", __PNR_semget },
-+	{ "semop", __PNR_semop },
-+	{ "semtimedop", __PNR_semtimedop },
-+	{ "send", __PNR_send },
-+	{ "sendfile", 187 },
-+	{ "sendfile64", 223 },
-+	{ "sendmmsg", __PNR_sendmmsg },
-+	{ "sendmsg", __PNR_sendmsg },
-+	{ "sendto", __PNR_sendto },
-+	{ "set_mempolicy", __PNR_set_mempolicy },
-+	{ "set_robust_list" , 304 },
-+	{ "set_thread_area", __PNR_set_thread_area },
-+	{ "set_tid_address", 252 },
-+	{ "set_tls", __PNR_set_tls },
-+	{ "setdomainname", 121 },
-+	{ "setfsgid", 139 },
-+	{ "setfsgid32", 216 },
-+	{ "setfsuid", 138 },
-+	{ "setfsuid32", 215 },
-+	{ "setgid", 46 },
-+	{ "setgid32", 214 },
-+	{ "setgroups", 81 },
-+	{ "setgroups32", 206 },
-+	{ "sethostname", 74 },
-+	{ "setitimer", 104 },
-+	{ "setns", 339 },
-+	{ "setpgid", 57 },
-+	{ "setpriority", 97 },
-+	{ "setregid", 71 },
-+	{ "setregid32", 204 },
-+	{ "setresgid", 170 },
-+	{ "setresgid32", 210 },
-+	{ "setresuid", 164 },
-+	{ "setresuid32", 208 },
-+	{ "setreuid", 70 },
-+	{ "setreuid32", 203 },
-+	{ "setrlimit", 75 },
-+	{ "setsid", 66 },
-+	{ "setsockopt", __PNR_setsockopt },
-+	{ "settimeofday", 79 },
-+	{ "setuid", 23 },
-+	{ "setuid32", 213 },
-+	{ "setxattr", 224 },
-+	{ "sgetmask", __PNR_sgetmask },
-+	{ "shmat", __PNR_shmat },
-+	{ "shmctl", __PNR_shmctl },
-+	{ "shmdt", __PNR_shmdt },
-+	{ "shmget", __PNR_shmget },
-+	{ "shutdown", __PNR_shutdown },
-+	{ "sigaction", 67 },
-+	{ "sigaltstack", 186 },
-+	{ "signal", 48 },
-+	{ "signalfd", 316 },
-+	{ "signalfd4", 322 },
-+	{ "sigpending", 73 },
-+	{ "sigprocmask", 126 },
-+	{ "sigreturn", 119 },
-+	{ "sigsuspend", 72 },
-+	{ "socket", __PNR_socket },
-+	{ "socketcall", 102 },
-+	{ "socketpair", __PNR_socketpair },
-+	{ "splice", 306 },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
-+	{ "ssetmask", __PNR_ssetmask },
-+	{ "stat", 106 },
-+	{ "stat64", 195 },
-+	{ "statfs", 99 },
-+	{ "statfs64", 265 },
-+	{ "stime", 25 },
-+	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
-+	{ "swapoff", 115 },
-+	{ "swapon", 87 },
-+	{ "switch_endian", __PNR_switch_endian },
-+	{ "symlink", 83 },
-+	{ "symlinkat", 297 },
-+	{ "sync", 36 },
-+	{ "sync_file_range" , 307 },
-+	{ "sync_file_range2", __PNR_sync_file_range2 },
-+	{ "syncfs", 338 },
-+	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
-+	{ "sysfs", 135 },
-+	{ "sysinfo", 116 },
-+	{ "syslog", 103 },
-+	{ "sysmips", __PNR_sysmips },
-+	{ "tee", 308 },
-+	{ "tgkill", 241 },
-+	{ "time",  13 },
-+	{ "timer_create", 254 },
-+	{ "timer_delete", 258 },
-+	{ "timer_getoverrun", 257 },
-+	{ "timer_gettime", 256 },
-+	{ "timer_settime", 255 },
-+	{ "timerfd", 317 },
-+	{ "timerfd_create", 319 },
-+	{ "timerfd_gettime", 321 },
-+	{ "timerfd_settime", 320 },
-+	{ "times", 43 },
-+	{ "tkill", 237 },
-+	{ "truncate", 92 },
-+	{ "truncate64", 193 },
-+	{ "tuxcall", __PNR_tuxcall },
-+	{ "ugetrlimit", 191 },
-+	{ "ulimit", __PNR_ulimit },
-+	{ "umask", 60 },
-+	{ "umount", 22 },
-+	{ "umount2", 52 },
-+	{ "uname", 122 },
-+	{ "unlink", 10 },
-+	{ "unlinkat", 294 },
-+	{ "unshare", 303 },
-+	{ "uselib", 86 },
-+	{ "usr26", __PNR_usr26 },
-+	{ "usr32", __PNR_usr32 },
-+	{ "ustat", 62 },
-+	{ "utime", 30 },
-+	{ "utimensat", 315 },
-+	{ "utimes", 313 },
-+	{ "vfork", 190 },
-+	{ "vhangup", 111 },
-+	{ "vm86", __PNR_vm86 },
-+	{ "vm86old", __PNR_vm86old },
-+	{ "vmsplice", 309 },
-+	{ "vserver", __PNR_vserver },
-+	{ "wait4", 114 },
-+	{ "waitid", 281 },
-+	{ "waitpid", __PNR_waitpid },
-+	{ "write", 4 },
-+	{ "writev", 146 },
-+	{ NULL, __NR_SCMP_ERROR },
-+};
-+
-+/**
-+ * Resolve a syscall name to a number
-+ * @param name the syscall name
-+ *
-+ * Resolve the given syscall name to the syscall number using the syscall table.
-+ * Returns the syscall number on success, including negative pseudo syscall
-+ * numbers; returns __NR_SCMP_ERROR on failure.
-+ *
-+ */
-+int s390_syscall_resolve_name(const char *name)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = s390_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].name != NULL; iter++) {
-+		if (strcmp(name, table[iter].name) == 0)
-+			return table[iter].num;
-+	}
-+
-+	return __NR_SCMP_ERROR;
-+}
-+
-+/**
-+ * Resolve a syscall number to a name
-+ * @param num the syscall number
-+ *
-+ * Resolve the given syscall number to the syscall name using the syscall table.
-+ * Returns a pointer to the syscall name string on success, including pseudo
-+ * syscall names; returns NULL on failure.
-+ *
-+ */
-+const char *s390_syscall_resolve_num(int num)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = s390_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
-+		if (num == table[iter].num)
-+			return table[iter].name;
-+	}
-+
-+	return NULL;
-+}
-+/**
-+ * Iterate through the syscall table and return the syscall name
-+ * @param spot the offset into the syscall table
-+ *
-+ * Return the syscall name at position @spot or NULL on failure.  This function
-+ * should only ever be used internally by libseccomp.
-+ *
-+ */
-+const char *s390_syscall_iterate_name(unsigned int spot)
-+{
-+	/* XXX - no safety checks here */
-+	return s390_syscall_table[spot].name;
-+}
-diff --git a/src/arch-s390.c b/src/arch-s390.c
-new file mode 100644
-index 0000000..5aa36fe
---- /dev/null
-+++ b/src/arch-s390.c
-@@ -0,0 +1,18 @@
-+/*
-+ * Copyright 2015 IBM
-+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
-+ */
-+
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <linux/audit.h>
-+
-+#include "arch.h"
-+#include "arch-s390.h"
-+
-+const struct arch_def arch_def_s390 = {
-+	.token = SCMP_ARCH_S390,
-+	.token_bpf = AUDIT_ARCH_S390,
-+	.size = ARCH_SIZE_32,
-+	.endian = ARCH_ENDIAN_BIG,
-+};
-diff --git a/src/arch-s390.h b/src/arch-s390.h
-new file mode 100644
-index 0000000..71ba260
---- /dev/null
-+++ b/src/arch-s390.h
-@@ -0,0 +1,23 @@
-+/*
-+ * Copyright 2015 IBM
-+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
-+ */
-+
-+#ifndef _ARCH_s390_H
-+#define _ARCH_s390_H
-+
-+#include <inttypes.h>
-+
-+#include "arch.h"
-+#include "system.h"
-+
-+#define s390_arg_count_max		6
-+
-+extern const struct arch_def arch_def_s390;
-+#define s390_arg_offset(x)		(offsetof(struct seccomp_data, args[x]))
-+
-+int s390_syscall_resolve_name(const char *name);
-+const char *s390_syscall_resolve_num(int num);
-+const char *s390_syscall_iterate_name(unsigned int spot);
-+
-+#endif
-diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c
-new file mode 100644
-index 0000000..50596cb
---- /dev/null
-+++ b/src/arch-s390x-syscalls.c
-@@ -0,0 +1,493 @@
-+/*
-+ * Copyright 2015 IBM
-+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
-+ */
-+
-+#include <string.h>
-+
-+#include <seccomp.h>
-+
-+#include "arch.h"
-+#include "arch-s390x.h"
-+
-+/* NOTE: based on Linux 4.2-rc5 */
-+const struct arch_syscall_def s390x_syscall_table[] = { \
-+	{ "_llseek", __PNR__llseek },
-+	{ "_newselect", __PNR__newselect },
-+	{ "_sysctl", 149 },
-+	{ "accept", __PNR_accept },
-+	{ "accept4", __PNR_accept4 },
-+	{ "access", 33 },
-+	{ "acct", 51 },
-+	{ "add_key", 278 },
-+	{ "adjtimex", 124 },
-+	{ "afs_syscall", 137 },
-+	{ "alarm", 27 },
-+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
-+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
-+	{ "arch_prctl", __PNR_arch_prctl },
-+	{ "bdflush", 134 },
-+	{ "bind", __PNR_bind },
-+	{ "bpf", 351 },
-+	{ "break", __PNR_break },
-+	{ "breakpoint", __PNR_breakpoint },
-+	{ "brk", 45 },
-+	{ "cachectl", __PNR_cachectl },
-+	{ "cacheflush", __PNR_cacheflush },
-+	{ "capget", 184 },
-+	{ "capset", 185 },
-+	{ "chdir", 12 },
-+	{ "chmod", 15 },
-+	{ "chown", 212 },
-+	{ "chown32", __PNR_chown32 },
-+	{ "chroot", 61 },
-+	{ "clock_adjtime", 337 },
-+	{ "clock_getres", 261 },
-+	{ "clock_gettime", 260 },
-+	{ "clock_nanosleep", 262 },
-+	{ "clock_settime", 259 },
-+	{ "clone", 120 },
-+	{ "close", 6 },
-+	{ "connect", __PNR_connect },
-+	{ "creat", 8 },
-+	{ "create_module", 127 },
-+	{ "delete_module", 129 },
-+	{ "dup", 41 },
-+	{ "dup2", 63 },
-+	{ "dup3", 326 },
-+	{ "epoll_create", 249 },
-+	{ "epoll_create1", 327 },
-+	{ "epoll_ctl", 250 },
-+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-+	{ "epoll_pwait", 312 },
-+	{ "epoll_wait", 251 },
-+	{ "epoll_wait_old", __PNR_epoll_wait_old },
-+	{ "eventfd", 318 },
-+	{ "eventfd2", 323 },
-+	{ "execve", 11 },
-+	{ "execveat", 354 },
-+	{ "exit", 1 },
-+	{ "exit_group", 248 },
-+	{ "faccessat", 300 },
-+	{ "fadvise64", 253 },
-+	{ "fadvise64_64", __PNR_fadvise64_64 },
-+	{ "fallocate", 314 },
-+	{ "fanotify_init", 332 },
-+	{ "fanotify_mark", 333 },
-+	{ "fchdir", 133 },
-+	{ "fchmod", 94 },
-+	{ "fchmodat", 299 },
-+	{ "fchown", 207 },
-+	{ "fchown32", __PNR_fchown32 },
-+	{ "fchownat", 291 },
-+	{ "fcntl", 55 },
-+	{ "fcntl64", __PNR_fcntl64 },
-+	{ "fdatasync", 148 },
-+	{ "fgetxattr", 229 },
-+	{ "finit_module", 344 },
-+	{ "flistxattr", 232 },
-+	{ "flock", 143 },
-+	{ "fork", 2 },
-+	{ "fremovexattr", 235 },
-+	{ "fsetxattr", 226 },
-+	{ "fstat", 108 },
-+	{ "fstat64", __PNR_fstat64 },
-+	{ "fstatat64", __PNR_fstatat64 },
-+	{ "fstatfs", 100 },
-+	{ "fstatfs64", 266 },
-+	{ "fsync", 118 },
-+	{ "ftime", __PNR_ftime },
-+	{ "ftruncate", 93 },
-+	{ "ftruncate64", __PNR_ftruncate64 },
-+	{ "futex", 238 },
-+	{ "futimesat", 292 },
-+	{ "get_kernel_syms", 130 },
-+	{ "get_mempolicy", __PNR_get_mempolicy },
-+	{ "get_robust_list" , 305 },
-+	{ "get_thread_area", __PNR_get_thread_area },
-+	{ "getcpu", 311 },
-+	{ "getcwd", 183 },
-+	{ "getdents", 141 },
-+	{ "getdents64", 220 },
-+	{ "getegid", 202 },
-+	{ "getegid32", __PNR_getegid32 },
-+	{ "geteuid", 201 },
-+	{ "geteuid32", __PNR_geteuid32 },
-+	{ "getgid", 200 },
-+	{ "getgid32", __PNR_getgid32 },
-+	{ "getgroups", 205 },
-+	{ "getgroups32", __PNR_getgroups32 },
-+	{ "getitimer", 105 },
-+	{ "getpeername", __PNR_getpeername },
-+	{ "getpgid", 132 },
-+	{ "getpgrp", 65 },
-+	{ "getpid", 20 },
-+	{ "getpmsg", 188 },
-+	{ "getppid", 64 },
-+	{ "getpriority", 96 },
-+	{ "getrandom", 349 },
-+	{ "getresgid", 211 },
-+	{ "getresgid32", __PNR_getresgid32 },
-+	{ "getresuid", 209 },
-+	{ "getresuid32", __PNR_getresuid32 },
-+	{ "getrlimit", 191 },
-+	{ "getrusage", 77 },
-+	{ "getsid", 147 },
-+	{ "getsockname", __PNR_getsockname },
-+	{ "getsockopt", __PNR_getsockopt },
-+	{ "gettid", 236 },
-+	{ "gettimeofday", 78 },
-+	{ "getuid", 199 },
-+	{ "getuid32", __PNR_getuid32 },
-+	{ "getxattr", 227 },
-+	{ "gtty", __PNR_gtty },
-+	{ "idle", 112 },
-+	{ "init_module", 128 },
-+	{ "inotify_add_watch" , 285 },
-+	{ "inotify_init", 284 },
-+	{ "inotify_init1", 324 },
-+	{ "inotify_rm_watch" , 286 },
-+	{ "io_cancel", 247 },
-+	{ "io_destroy", 244 },
-+	{ "io_getevents", 245 },
-+	{ "io_setup", 243 },
-+	{ "io_submit", 246 },
-+	{ "ioctl", 54 },
-+	{ "ioperm", __PNR_ioperm},
-+	{ "iopl", __PNR_iopl },
-+	{ "ioprio_get", 283 },
-+	{ "ioprio_set", 282 },
-+	{ "ipc", 117 },
-+	{ "kcmp", 343 },
-+	{ "kexec_file_load", __PNR_kexec_file_load },
-+	{ "kexec_load", 277 },
-+	{ "keyctl", 280 },
-+	{ "kill", 37 },
-+	{ "lchown", 198 },
-+	{ "lchown32", __PNR_lchown32 },
-+	{ "lgetxattr", 228 },
-+	{ "link", 9 },
-+	{ "linkat", 296 },
-+	{ "listen", __PNR_listen },
-+	{ "listxattr", 230 },
-+	{ "llistxattr", 231 },
-+	{ "lock", __PNR_lock },
-+	{ "lookup_dcookie", 110 },
-+	{ "lremovexattr", 234 },
-+	{ "lseek", 19 },
-+	{ "lsetxattr", 225 },
-+	{ "lstat", 107 },
-+	{ "lstat64", __PNR_lstat64 },
-+	{ "madvise", 219 },
-+	{ "mbind", __PNR_mbind },
-+	{ "memfd_create", 350 },
-+	{ "migrate_pages", __PNR_migrate_pages },
-+	{ "mincore", 218 },
-+	{ "mkdir", 39 },
-+	{ "mkdirat", 289 },
-+	{ "mknod", 14 },
-+	{ "mknodat", 290 },
-+	{ "mlock", 150 },
-+	{ "mlockall", 152 },
-+	{ "mmap", 90 },
-+	{ "mmap2", __PNR_mmap2 },
-+	{ "modify_ldt", __PNR_modify_ldt },
-+	{ "mount", 21 },
-+	{ "move_pages", __PNR_move_pages },
-+	{ "mprotect", 125 },
-+	{ "mpx", __PNR_mpx },
-+	{ "mq_getsetattr", 276 },
-+	{ "mq_notify", 275 },
-+	{ "mq_open", 271 },
-+	{ "mq_timedreceive" , 274 },
-+	{ "mq_timedsend", 273 },
-+	{ "mq_unlink", 272 },
-+	{ "mremap", 163 },
-+	{ "msgctl", __PNR_msgctl },
-+	{ "msgget", __PNR_msgget },
-+	{ "msgrcv", __PNR_msgrcv },
-+	{ "msgsnd", __PNR_msgsnd },
-+	{ "msync", 144 },
-+	{ "multiplexer", __PNR_multiplexer },
-+	{ "munlock", 151 },
-+	{ "munlockall", 153 },
-+	{ "munmap", 91 },
-+	{ "name_to_handle_at", 335 },
-+	{ "nanosleep", 162 },
-+	{ "newfstatat", 293 },
-+	{ "nfsservctl", 169 },
-+	{ "nice", 34 },
-+	{ "oldfstat", __PNR_oldfstat },
-+	{ "oldlstat", __PNR_oldlstat },
-+	{ "oldolduname", __PNR_oldolduname },
-+	{ "oldstat", __PNR_oldstat },
-+	{ "olduname", __PNR_olduname },
-+	{ "oldwait4", __PNR_oldwait4 },
-+	{ "open", 5 },
-+	{ "open_by_handle_at", 336 },
-+	{ "openat", 288 },
-+	{ "pause", 29 },
-+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
-+	{ "pciconfig_read", __PNR_pciconfig_read },
-+	{ "pciconfig_write", __PNR_pciconfig_write },
-+	{ "perf_event_open", 331 },
-+	{ "personality", 136 },
-+	{ "pipe", 42 },
-+	{ "pipe2", 325 },
-+	{ "pivot_root", 217 },
-+	{ "poll", 168 },
-+	{ "ppoll", 302 },
-+	{ "prctl", 172 },
-+	{ "pread64", 180 },
-+	{ "preadv", 328 },
-+	{ "prlimit64", 334 },
-+	{ "process_vm_readv", 340 },
-+	{ "process_vm_writev", 341 },
-+	{ "prof", __PNR_prof },
-+	{ "profil", __PNR_profil },
-+	{ "pselect6", 301 },
-+	{ "ptrace", 26 },
-+	{ "putpmsg", 189 },
-+	{ "pwrite64", 181 },
-+	{ "pwritev", 329 },
-+	{ "query_module", 167 },
-+	{ "quotactl", 131 },
-+	{ "read", 3 },
-+	{ "readahead", 222 },
-+	{ "readdir", 89 },
-+	{ "readlink", 85 },
-+	{ "readlinkat", 298 },
-+	{ "readv", 145 },
-+	{ "reboot", 88 },
-+	{ "recv", __PNR_recv },
-+	{ "recvfrom", __PNR_recvfrom },
-+	{ "recvmmsg", __PNR_recvmmsg },
-+	{ "recvmsg", __PNR_recvmsg },
-+	{ "remap_file_pages", 267 },
-+	{ "removexattr", 233 },
-+	{ "rename", 38 },
-+	{ "renameat", 295 },
-+	{ "renameat2", 347 },
-+	{ "request_key", 279 },
-+	{ "restart_syscall", 7 },
-+	{ "rmdir", 40 },
-+	{ "rt_sigaction", 174 },
-+	{ "rt_sigpending", 176 },
-+	{ "rt_sigprocmask", 175 },
-+	{ "rt_sigqueueinfo", 178 },
-+	{ "rt_sigreturn", 173 },
-+	{ "rt_sigsuspend", 179 },
-+	{ "rt_sigtimedwait", 177 },
-+	{ "rt_tgsigqueueinfo", 330 },
-+	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", 342 },
-+	{ "sched_get_priority_max", 159 },
-+	{ "sched_get_priority_min", 160 },
-+	{ "sched_getaffinity" , 240 },
-+	{ "sched_getattr", 346 },
-+	{ "sched_getparam", 155 },
-+	{ "sched_getscheduler", 157 },
-+	{ "sched_rr_get_interval", 161 },
-+	{ "sched_setaffinity" , 239 },
-+	{ "sched_setattr", 345 },
-+	{ "sched_setparam", 154 },
-+	{ "sched_setscheduler", 156 },
-+	{ "sched_yield", 158 },
-+	{ "seccomp", 348 },
-+	{ "security", __PNR_security },
-+	{ "select", 142 },
-+	{ "semctl", __PNR_semctl },
-+	{ "semget", __PNR_semget },
-+	{ "semop", __PNR_semop },
-+	{ "semtimedop", __PNR_semtimedop },
-+	{ "send", __PNR_send },
-+	{ "sendfile", 187 },
-+	{ "sendfile64", __PNR_sendfile64 },
-+	{ "sendmmsg", __PNR_sendmmsg },
-+	{ "sendmsg", __PNR_sendmsg },
-+	{ "sendto", __PNR_sendto },
-+	{ "set_mempolicy", __PNR_set_mempolicy },
-+	{ "set_robust_list" , 304 },
-+	{ "set_thread_area", __PNR_set_thread_area },
-+	{ "set_tid_address", 252 },
-+	{ "set_tls", __PNR_set_tls },
-+	{ "setdomainname", 121 },
-+	{ "setfsgid", 216 },
-+	{ "setfsgid32", __PNR_setfsgid32 },
-+	{ "setfsuid", 215 },
-+	{ "setfsuid32", __PNR_setfsuid32 },
-+	{ "setgid", 214 },
-+	{ "setgid32", __PNR_setgid32 },
-+	{ "setgroups", 206 },
-+	{ "setgroups32", __PNR_setgroups32 },
-+	{ "sethostname", 74 },
-+	{ "setitimer", 104 },
-+	{ "setns", 339 },
-+	{ "setpgid", 57 },
-+	{ "setpriority", 97 },
-+	{ "setregid", 204 },
-+	{ "setregid32", __PNR_setregid32 },
-+	{ "setresgid", 210 },
-+	{ "setresgid32", __PNR_setresgid32 },
-+	{ "setresuid", 208 },
-+	{ "setresuid32", __PNR_setresuid32 },
-+	{ "setreuid", 203 },
-+	{ "setreuid32", __PNR_setreuid32 },
-+	{ "setrlimit", 75 },
-+	{ "setsid", 66 },
-+	{ "setsockopt", __PNR_setsockopt },
-+	{ "settimeofday", 79 },
-+	{ "setuid", 213 },
-+	{ "setuid32", __PNR_setuid32 },
-+	{ "setxattr", 224 },
-+	{ "sgetmask", __PNR_sgetmask },
-+	{ "shmat", __PNR_shmat },
-+	{ "shmctl", __PNR_shmctl },
-+	{ "shmdt", __PNR_shmdt },
-+	{ "shmget", __PNR_shmget },
-+	{ "shutdown", __PNR_shutdown },
-+	{ "sigaction", 67 },
-+	{ "sigaltstack", 186 },
-+	{ "signal", 48 },
-+	{ "signalfd", 316 },
-+	{ "signalfd4", 322 },
-+	{ "sigpending", 73 },
-+	{ "sigprocmask", 126 },
-+	{ "sigreturn", 119 },
-+	{ "sigsuspend", 72 },
-+	{ "socket", __PNR_socket },
-+	{ "socketcall", 102 },
-+	{ "socketpair", __PNR_socketpair },
-+	{ "splice", 306 },
-+	{ "spu_create", __PNR_spu_create },
-+	{ "spu_run", __PNR_spu_run },
-+	{ "ssetmask", __PNR_ssetmask },
-+	{ "stat", 106 },
-+	{ "stat64", __PNR_stat64 },
-+	{ "statfs", 99 },
-+	{ "statfs64", 265 },
-+	{ "stime", __PNR_stime },
-+	{ "stty", __PNR_stty },
-+	{ "subpage_prot", __PNR_subpage_prot },
-+	{ "swapcontext", __PNR_swapcontext },
-+	{ "swapoff", 115 },
-+	{ "swapon", 87 },
-+	{ "switch_endian", __PNR_switch_endian },
-+	{ "symlink", 83 },
-+	{ "symlinkat", 297 },
-+	{ "sync", 36 },
-+	{ "sync_file_range" , 307 },
-+	{ "sync_file_range2", __PNR_sync_file_range2 },
-+	{ "syncfs", 338 },
-+	{ "syscall", __PNR_syscall },
-+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
-+	{ "sysfs", 135 },
-+	{ "sysinfo", 116 },
-+	{ "syslog", 103 },
-+	{ "sysmips", __PNR_sysmips },
-+	{ "tee", 308 },
-+	{ "tgkill", 241 },
-+	{ "time",  __PNR_time },
-+	{ "timer_create", 254 },
-+	{ "timer_delete", 258 },
-+	{ "timer_getoverrun", 257 },
-+	{ "timer_gettime", 256 },
-+	{ "timer_settime", 255 },
-+	{ "timerfd", 317 },
-+	{ "timerfd_create", 319 },
-+	{ "timerfd_gettime", 321 },
-+	{ "timerfd_settime", 320 },
-+	{ "times", 43 },
-+	{ "tkill", 237 },
-+	{ "truncate", 92 },
-+	{ "truncate64", __PNR_truncate64 },
-+	{ "tuxcall", __PNR_tuxcall },
-+	{ "ugetrlimit", __PNR_ugetrlimit },
-+	{ "ulimit", __PNR_ulimit },
-+	{ "umask", 60 },
-+	{ "umount", 22 },
-+	{ "umount2", 52 },
-+	{ "uname", 122 },
-+	{ "unlink", 10 },
-+	{ "unlinkat", 294 },
-+	{ "unshare", 303 },
-+	{ "uselib", 86 },
-+	{ "usr26", __PNR_usr26 },
-+	{ "usr32", __PNR_usr32 },
-+	{ "ustat", 62 },
-+	{ "utime", 30 },
-+	{ "utimensat", 315 },
-+	{ "utimes", 313 },
-+	{ "vfork", 190 },
-+	{ "vhangup", 111 },
-+	{ "vm86", __PNR_vm86 },
-+	{ "vm86old", __PNR_vm86old },
-+	{ "vmsplice", 309 },
-+	{ "vserver", __PNR_vserver },
-+	{ "wait4", 114 },
-+	{ "waitid", 281 },
-+	{ "waitpid", __PNR_waitpid },
-+	{ "write", 4 },
-+	{ "writev", 146 },
-+	{ NULL, __NR_SCMP_ERROR },
-+};
-+
-+/**
-+ * Resolve a syscall name to a number
-+ * @param name the syscall name
-+ *
-+ * Resolve the given syscall name to the syscall number using the syscall table.
-+ * Returns the syscall number on success, including negative pseudo syscall
-+ * numbers; returns __NR_SCMP_ERROR on failure.
-+ *
-+ */
-+int s390x_syscall_resolve_name(const char *name)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = s390x_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].name != NULL; iter++) {
-+		if (strcmp(name, table[iter].name) == 0)
-+			return table[iter].num;
-+	}
-+
-+	return __NR_SCMP_ERROR;
-+}
-+
-+/**
-+ * Resolve a syscall number to a name
-+ * @param num the syscall number
-+ *
-+ * Resolve the given syscall number to the syscall name using the syscall table.
-+ * Returns a pointer to the syscall name string on success, including pseudo
-+ * syscall names; returns NULL on failure.
-+ *
-+ */
-+const char *s390x_syscall_resolve_num(int num)
-+{
-+	unsigned int iter;
-+	const struct arch_syscall_def *table = s390x_syscall_table;
-+
-+	/* XXX - plenty of room for future improvement here */
-+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
-+		if (num == table[iter].num)
-+			return table[iter].name;
-+	}
-+
-+	return NULL;
-+}
-+
-+/**
-+ * Iterate through the syscall table and return the syscall name
-+ * @param spot the offset into the syscall table
-+ *
-+ * Return the syscall name at position @spot or NULL on failure.  This function
-+ * should only ever be used internally by libseccomp.
-+ *
-+ */
-+const char *s390x_syscall_iterate_name(unsigned int spot)
-+{
-+	/* XXX - no safety checks here */
-+	return s390x_syscall_table[spot].name;
-+}
-diff --git a/src/arch-s390x.c b/src/arch-s390x.c
-new file mode 100644
-index 0000000..23c711c
---- /dev/null
-+++ b/src/arch-s390x.c
-@@ -0,0 +1,18 @@
-+/*
-+ * Copyright 2015 IBM
-+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
-+ */
-+
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <linux/audit.h>
-+
-+#include "arch.h"
-+#include "arch-s390x.h"
-+
-+const struct arch_def arch_def_s390x = {
-+	.token = SCMP_ARCH_S390X,
-+	.token_bpf = AUDIT_ARCH_S390X,
-+	.size = ARCH_SIZE_64,
-+	.endian = ARCH_ENDIAN_BIG,
-+};
-diff --git a/src/arch-s390x.h b/src/arch-s390x.h
-new file mode 100644
-index 0000000..054044b
---- /dev/null
-+++ b/src/arch-s390x.h
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright 2015 IBM
-+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
-+ */
-+
-+#ifndef _ARCH_s390x_H
-+#define _ARCH_s390x_H
-+
-+#include <inttypes.h>
-+
-+#include "arch.h"
-+#include "system.h"
-+
-+#define s390x_arg_count_max		6
-+
-+extern const struct arch_def arch_def_s390x;
-+#define s390x_arg_offset(x)		(offsetof(struct seccomp_data, args[x]))
-+
-+#define s390x_arg_offset_lo(x)		(s390x_arg_offset(x) + 4)
-+#define s390x_arg_offset_hi(x)		(s390x_arg_offset(x))
-+
-+int s390x_syscall_resolve_name(const char *name);
-+const char *s390x_syscall_resolve_num(int num);
-+const char *s390x_syscall_iterate_name(unsigned int spot);
-+const char *s390x_syscall_iterate_name(unsigned int spot);
-+#endif
-diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
-index 8682483..9668aec 100644
---- a/src/arch-syscall-check.c
-+++ b/src/arch-syscall-check.c
-@@ -33,8 +33,10 @@
- #include "arch-mips.h"
- #include "arch-mips64.h"
- #include "arch-mips64n32.h"
--#include "arch-ppc64.h"
- #include "arch-ppc.h"
-+#include "arch-ppc64.h"
-+#include "arch-s390.h"
-+#include "arch-s390x.h"
- 
- /**
-  * compare the syscall values
-@@ -69,8 +71,10 @@ int main(int argc, char *argv[])
- 	int i_mips = 0;
- 	int i_mips64 = 0;
- 	int i_mips64n32 = 0;
--	int i_ppc64 = 0;
- 	int i_ppc = 0;
-+	int i_ppc64 = 0;
-+	int i_s390 = 0;
-+	int i_s390x = 0;
- 	const char *sys_name;
- 	char str_miss[256];
- 
-@@ -97,10 +101,14 @@ int main(int argc, char *argv[])
- 			      mips64_syscall_iterate_name(i_mips64));
- 		syscall_check(str_miss, sys_name, "mips64n32",
- 			      mips64n32_syscall_iterate_name(i_mips64n32));
--		syscall_check(str_miss, sys_name, "ppc64",
--			      ppc64_syscall_iterate_name(i_ppc64));
- 		syscall_check(str_miss, sys_name, "ppc",
- 			      ppc_syscall_iterate_name(i_ppc));
-+		syscall_check(str_miss, sys_name, "ppc64",
-+			      ppc64_syscall_iterate_name(i_ppc64));
-+		syscall_check(str_miss, sys_name, "s390",
-+			      s390_syscall_iterate_name(i_s390));
-+		syscall_check(str_miss, sys_name, "s390x",
-+			      s390x_syscall_iterate_name(i_s390x));
- 
- 		/* output the results */
- 		printf("%s: ", sys_name);
-@@ -127,14 +135,19 @@ int main(int argc, char *argv[])
- 			i_mips64 = -1;
- 		if (!mips64n32_syscall_iterate_name(++i_mips64n32))
- 			i_mips64n32 = -1;
--		if (!ppc64_syscall_iterate_name(++i_ppc64))
--			i_ppc64 = -1;
- 		if (!ppc_syscall_iterate_name(++i_ppc))
- 			i_ppc = -1;
-+		if (!ppc64_syscall_iterate_name(++i_ppc64))
-+			i_ppc64 = -1;
-+		if (!s390_syscall_iterate_name(++i_s390))
-+			i_s390 = -1;
-+		if (!s390x_syscall_iterate_name(++i_s390x))
-+			i_s390x = -1;
- 	} while (i_x86_64 >= 0 && i_x32 >= 0 &&
- 		 i_arm >= 0 && i_aarch64 >= 0 &&
- 		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
--		 i_ppc64 >= 0 && i_ppc >= 0);
-+		 i_ppc >= 0 && i_ppc64 >= 0 &&
-+		 i_s390 >= 0 && i_s390x >= 0);
- 
- 	/* check for any leftovers */
- 	sys_name = x86_syscall_iterate_name(i_x86 + 1);
-@@ -177,14 +190,23 @@ int main(int argc, char *argv[])
- 		       mips64n32_syscall_iterate_name(i_mips64n32));
- 		return 1;
- 	}
-+	if (i_ppc >= 0) {
-+		printf("%s: ERROR, ppc has additional syscalls\n",
-+		       ppc_syscall_iterate_name(i_ppc));
-+	}
- 	if (i_ppc64 >= 0) {
- 		printf("%s: ERROR, ppc64 has additional syscalls\n",
- 		       ppc64_syscall_iterate_name(i_ppc64));
- 		return 1;
- 	}
--	if (i_ppc >= 0) {
--		printf("%s: ERROR, ppc has additional syscalls\n",
--		       ppc_syscall_iterate_name(i_ppc));
-+	if (i_s390 >= 0) {
-+		printf("%s: ERROR, s390 has additional syscalls\n",
-+		       s390_syscall_iterate_name(i_s390));
-+		return 1;
-+	}
-+	if (i_s390x >= 0) {
-+		printf("%s: ERROR, s390x has additional syscalls\n",
-+		       s390x_syscall_iterate_name(i_s390x));
- 		return 1;
- 	}
- 
-diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
-index 62992e7..4534aec 100644
---- a/src/arch-syscall-dump.c
-+++ b/src/arch-syscall-dump.c
-@@ -38,8 +38,10 @@
- #include "arch-mips64.h"
- #include "arch-mips64n32.h"
- #include "arch-aarch64.h"
--#include "arch-ppc64.h"
- #include "arch-ppc.h"
-+#include "arch-ppc64.h"
-+#include "arch-s390.h"
-+#include "arch-s390x.h"
- 
- /**
-  * Print the usage information to stderr and exit
-@@ -114,13 +116,19 @@ int main(int argc, char *argv[])
- 		case SCMP_ARCH_MIPSEL64N32:
- 			sys_name = mips64n32_syscall_iterate_name(iter);
- 			break;
-+		case SCMP_ARCH_PPC:
-+			sys_name = ppc_syscall_iterate_name(iter);
-+			break;
- 		case SCMP_ARCH_PPC64:
-+		case SCMP_ARCH_PPC64LE:
- 			sys_name = ppc64_syscall_iterate_name(iter);
- 			break;
--		case SCMP_ARCH_PPC:
--			sys_name = ppc_syscall_iterate_name(iter);
-+		case SCMP_ARCH_S390:
-+			sys_name = s390_syscall_iterate_name(iter);
-+			break;
-+		case SCMP_ARCH_S390X:
-+			sys_name = s390x_syscall_iterate_name(iter);
- 			break;
--
- 		default:
- 			/* invalid arch */
- 			exit_usage(argv[0]);
-diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
-index ba5cd89..89cce3a 100755
---- a/src/arch-syscall-validate
-+++ b/src/arch-syscall-validate
-@@ -319,6 +319,29 @@ function dump_lib_mips64n32() {
- }
- 
- #
-+# Dump the ppc system syscall table
-+#
-+# Arguments:
-+#     1    path to the kernel source
-+#
-+#  Dump the architecture's syscall table to stdout.
-+#
-+function dump_sys_ppc() {
-+	gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
-+		grep "^#define __NR_" | sort | \
-+		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
-+}
-+
-+#
-+# Dump the ppc library syscall table
-+#
-+#  Dump the library's syscall table to stdout.
-+#
-+function dump_lib_ppc() {
-+	$LIB_SYS_DUMP -a ppc | sed -e '/[^\t]\+\t-[0-9]\+/d'
-+}
-+
-+#
- # Dump the ppc64 system syscall table
- #
- # Arguments:
-@@ -342,26 +365,47 @@ function dump_lib_ppc64() {
- }
- 
- #
--# Dump the ppc system syscall table
-+# Dump the s390 system syscall table
- #
- # Arguments:
- #     1    path to the kernel source
- #
- #  Dump the architecture's syscall table to stdout.
- #
--function dump_sys_ppc() {
--	gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
--		grep "^#define __NR_" | sort | \
--		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
-+function dump_sys_s390() {
-+	gcc -dM -m31 -E $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \
-+	    sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort
- }
- 
- #
--# Dump the ppc library syscall table
-+# Dump the s390 library syscall table
- #
- #  Dump the library's syscall table to stdout.
- #
--function dump_lib_ppc() {
--	$LIB_SYS_DUMP -a ppc | sed -e '/[^\t]\+\t-[0-9]\+/d'
-+function dump_lib_s390() {
-+	$LIB_SYS_DUMP -a s390 | grep -v - | sort
-+}
-+
-+#
-+# Dump the s390x system syscall table
-+#
-+# Arguments:
-+#     1    path to the kernel source
-+#
-+#  Dump the architecture's syscall table to stdout.
-+#
-+function dump_sys_s390x() {
-+	gcc -dM -E $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \
-+	    sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort
-+}
-+
-+#
-+# Dump the s390x library syscall table
-+#
-+#  Dump the library's syscall table to stdout.
-+#
-+function dump_lib_s390x() {
-+	$LIB_SYS_DUMP -a s390x | grep -v - | sort
- }
- 
- #
-@@ -399,11 +443,17 @@ function dump_sys() {
- 	mips64n32)
- 		dump_sys_mips64n32 "$2"
- 		;;
-+	ppc)
-+		dump_sys_ppc "$2"
-+		;;
- 	ppc64)
- 		dump_sys_ppc64 "$2"
- 		;;
--	ppc)
--		dump_sys_ppc "$2"
-+	s390)
-+		dump_sys_s390 "$2"
-+		;;
-+	s390x)
-+		dump_sys_s390x "$2"
- 		;;
- 	*)
- 		echo ""
-@@ -445,11 +495,17 @@ function dump_lib() {
- 	mips64n32)
- 		dump_lib_mips64n32 "$2"
- 		;;
-+	ppc)
-+		dump_lib_ppc "$2"
-+		;;
- 	ppc64)
- 		dump_lib_ppc64 "$2"
- 		;;
--	ppc)
--		dump_lib_ppc "$2"
-+	s390)
-+		dump_lib_s390 "$2"
-+		;;
-+	s390x)
-+		dump_lib_s390x "$2"
- 		;;
- 	*)
- 		echo ""
-@@ -497,7 +553,12 @@ shift $(($OPTIND - 1))
- 
- # defaults
- if [[ $arches == "" ]]; then
--	arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc pcc64"
-+	arches=" \
-+		x86 x86_64 x32 \
-+		arm aarch64 \
-+		mips mips64 mips64n32 \
-+		ppc pcc64 \
-+		s390 s390x"
- fi
- 
- # sanity checks
-diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
-index 66a58a1..d6ea9d4 100644
---- a/src/arch-x32-syscalls.c
-+++ b/src/arch-x32-syscalls.c
-@@ -296,6 +296,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
- 	{ "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
- 	{ "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
- 	{ "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
- 	{ "sched_getaffinity", (X32_SYSCALL_BIT + 204) },
-diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
-index 53f7cfa..b6665aa 100644
---- a/src/arch-x86-syscalls.c
-+++ b/src/arch-x86-syscalls.c
-@@ -296,6 +296,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
- 	{ "rt_sigtimedwait", 177 },
- 	{ "rt_tgsigqueueinfo", 335 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 159 },
- 	{ "sched_get_priority_min", 160 },
- 	{ "sched_getaffinity", 242 },
-diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
-index b50ec23..90cc21f 100644
---- a/src/arch-x86_64-syscalls.c
-+++ b/src/arch-x86_64-syscalls.c
-@@ -296,6 +296,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
- 	{ "rt_sigtimedwait", 128 },
- 	{ "rt_tgsigqueueinfo", 297 },
- 	{ "rtas", __PNR_rtas },
-+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
- 	{ "sched_get_priority_max", 146 },
- 	{ "sched_get_priority_min", 147 },
- 	{ "sched_getaffinity", 204 },
-diff --git a/src/arch.c b/src/arch.c
-index 5bb7f69..33f35a7 100644
---- a/src/arch.c
-+++ b/src/arch.c
-@@ -38,8 +38,10 @@
- #include "arch-mips.h"
- #include "arch-mips64.h"
- #include "arch-mips64n32.h"
--#include "arch-ppc64.h"
- #include "arch-ppc.h"
-+#include "arch-ppc64.h"
-+#include "arch-s390.h"
-+#include "arch-s390x.h"
- #include "system.h"
- 
- #define default_arg_count_max		6
-@@ -84,6 +86,10 @@ const struct arch_def *arch_def_native = &arch_def_ppc64le;
- #endif
- #elif __PPC__
- const struct arch_def *arch_def_native = &arch_def_ppc;
-+#elif __s390x__ /* s390x must be checked before s390 */
-+const struct arch_def *arch_def_native = &arch_def_s390x;
-+#elif __s390__
-+const struct arch_def *arch_def_native = &arch_def_s390;
- #else
- #error the arch code needs to know about your machine type
- #endif /* machine type guess */
-@@ -132,12 +138,16 @@ const struct arch_def *arch_def_lookup(uint32_t token)
- 		return &arch_def_mips64n32;
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return &arch_def_mipsel64n32;
-+	case SCMP_ARCH_PPC:
-+		return &arch_def_ppc;
- 	case SCMP_ARCH_PPC64:
- 		return &arch_def_ppc64;
- 	case SCMP_ARCH_PPC64LE:
- 		return &arch_def_ppc64le;
--	case SCMP_ARCH_PPC:
--		return &arch_def_ppc;
-+	case SCMP_ARCH_S390:
-+		return &arch_def_s390;
-+	case SCMP_ARCH_S390X:
-+		return &arch_def_s390x;
- 	}
- 
- 	return NULL;
-@@ -174,12 +184,16 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
- 		return &arch_def_mips64n32;
- 	else if (strcmp(arch_name, "mipsel64n32") == 0)
- 		return &arch_def_mipsel64n32;
-+	else if (strcmp(arch_name, "ppc") == 0)
-+		return &arch_def_ppc;
- 	else if (strcmp(arch_name, "ppc64") == 0)
- 		return &arch_def_ppc64;
- 	else if (strcmp(arch_name, "ppc64le") == 0)
- 		return &arch_def_ppc64le;
--	else if (strcmp(arch_name, "ppc") == 0)
--		return &arch_def_ppc;
-+	else if (strcmp(arch_name, "s390") == 0)
-+		return &arch_def_s390;
-+	else if (strcmp(arch_name, "s390x") == 0)
-+		return &arch_def_s390x;
- 
- 	return NULL;
- }
-@@ -298,11 +312,15 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
- 	case SCMP_ARCH_MIPS64N32:
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return mips64n32_syscall_resolve_name(name);
-+	case SCMP_ARCH_PPC:
-+		return ppc_syscall_resolve_name(name);
- 	case SCMP_ARCH_PPC64:
- 	case SCMP_ARCH_PPC64LE:
- 		return ppc64_syscall_resolve_name(name);
--	case SCMP_ARCH_PPC:
--		return ppc_syscall_resolve_name(name);
-+	case SCMP_ARCH_S390:
-+		return s390_syscall_resolve_name(name);
-+	case SCMP_ARCH_S390X:
-+		return s390x_syscall_resolve_name(name);
- 	}
- 
- 	return __NR_SCMP_ERROR;
-@@ -340,11 +358,15 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
- 	case SCMP_ARCH_MIPS64N32:
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return mips64n32_syscall_resolve_num(num);
-+	case SCMP_ARCH_PPC:
-+		return ppc_syscall_resolve_num(num);
- 	case SCMP_ARCH_PPC64:
- 	case SCMP_ARCH_PPC64LE:
- 		return ppc64_syscall_resolve_num(num);
--	case SCMP_ARCH_PPC:
--		return ppc_syscall_resolve_num(num);
-+	case SCMP_ARCH_S390:
-+		return s390_syscall_resolve_num(num);
-+	case SCMP_ARCH_S390X:
-+		return s390x_syscall_resolve_num(num);
- 	}
- 
- 	return NULL;
-diff --git a/src/gen_pfc.c b/src/gen_pfc.c
-index 4f2ee4f..ae8361f 100644
---- a/src/gen_pfc.c
-+++ b/src/gen_pfc.c
-@@ -71,6 +71,10 @@ static const char *_pfc_arch(const struct arch_def *arch)
- 		return "mips64n32";
- 	case SCMP_ARCH_MIPSEL64N32:
- 		return "mipsel64n32";
-+	case SCMP_ARCH_S390X:
-+		return "s390x";
-+	case SCMP_ARCH_S390:
-+		return "s390";
- 	default:
- 		return "UNKNOWN";
- 	}
-diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
-index e9c0f6a..1f29c5f 100644
---- a/src/python/libseccomp.pxd
-+++ b/src/python/libseccomp.pxd
-@@ -38,9 +38,11 @@ cdef extern from "seccomp.h":
-         SCMP_ARCH_MIPSEL
-         SCMP_ARCH_MIPSEL64
-         SCMP_ARCH_MIPSEL64N32
-+        SCMP_ARCH_PPC
-         SCMP_ARCH_PPC64
-         SCMP_ARCH_PPC64LE
--        SCMP_ARCH_PPC
-+        SCMP_ARCH_S390
-+        SCMP_ARCH_S390X
- 
-     cdef enum scmp_filter_attr:
-         SCMP_FLTATR_ACT_DEFAULT
-diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
-index 18360a7..2d753a9 100644
---- a/src/python/seccomp.pyx
-+++ b/src/python/seccomp.pyx
-@@ -165,9 +165,11 @@ cdef class Arch:
-     MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
-     MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
-     MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
-+    PPC = libseccomp.SCMP_ARCH_PPC
-     PPC64 = libseccomp.SCMP_ARCH_PPC64
-     PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
--    PPC = libseccomp.SCMP_ARCH_PPC
-+    S390 = libseccomp.SCMP_ARCH_S390
-+    S390X = libseccomp.SCMP_ARCH_S390X
- 
-     def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
-         """ Initialize the architecture object.
-@@ -203,12 +205,16 @@ cdef class Arch:
-                 self._token = libseccomp.SCMP_ARCH_MIPSEL64
-             elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
-                 self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
-+            elif arch == libseccomp.SCMP_ARCH_PPC:
-+                self._token = libseccomp.SCMP_ARCH_PPC
-             elif arch == libseccomp.SCMP_ARCH_PPC64:
-                 self._token = libseccomp.SCMP_ARCH_PPC64
-             elif arch == libseccomp.SCMP_ARCH_PPC64LE:
-                 self._token = libseccomp.SCMP_ARCH_PPC64LE
--            elif arch == libseccomp.SCMP_ARCH_PPC:
--                self._token = libseccomp.SCMP_ARCH_PPC
-+            elif arch == libseccomp.SCMP_ARCH_S390:
-+                self._token = libseccomp.SCMP_ARCH_S390
-+            elif arch == libseccomp.SCMP_ARCH_S390X:
-+                self._token = libseccomp.SCMP_ARCH_S390X
-             else:
-                 self._token = 0;
-         elif isinstance(arch, basestring):
-diff --git a/tests/20-live-basic_die.py b/tests/20-live-basic_die.py
-index c9f437f..4d5b914 100755
---- a/tests/20-live-basic_die.py
-+++ b/tests/20-live-basic_die.py
-@@ -34,6 +34,7 @@ def test():
-         util.install_trap()
-     f = SyscallFilter(action)
-     f.add_rule(ALLOW, "rt_sigreturn")
-+    f.add_rule(ALLOW, "sigreturn")
-     f.add_rule(ALLOW, "exit_group")
-     f.load()
-     try:
-diff --git a/tests/21-live-basic_allow.py b/tests/21-live-basic_allow.py
-index 97dd61a..df79c9d 100755
---- a/tests/21-live-basic_allow.py
-+++ b/tests/21-live-basic_allow.py
-@@ -46,6 +46,8 @@ def test():
-     f.add_rule(ALLOW, "close")
-     f.add_rule(ALLOW, "rt_sigaction")
-     f.add_rule(ALLOW, "rt_sigreturn")
-+    f.add_rule(ALLOW, "sigreturn")
-+    f.add_rule(ALLOW, "brk")
-     f.add_rule(ALLOW, "exit_group")
-     f.load()
-     try:
-diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
-index 91fcbea..d2c191c 100644
---- a/tests/26-sim-arch_all_be_basic.c
-+++ b/tests/26-sim-arch_all_be_basic.c
-@@ -52,10 +52,16 @@ int main(int argc, char *argv[])
- 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
- 	if (rc != 0)
- 		goto out;
-+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
-+	if (rc != 0)
-+		goto out;
- 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
- 	if (rc != 0)
- 		goto out;
--	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
-+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("s390"));
-+	if (rc != 0)
-+		goto out;
-+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("s390x"));
- 	if (rc != 0)
- 		goto out;
- 
-diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
-index 1537013..b0b660a 100755
---- a/tests/26-sim-arch_all_be_basic.py
-+++ b/tests/26-sim-arch_all_be_basic.py
-@@ -33,8 +33,10 @@ def test(args):
-     f.add_arch(Arch("mips"))
-     f.add_arch(Arch("mips64"))
-     f.add_arch(Arch("mips64n32"))
--    f.add_arch(Arch("ppc64"))
-     f.add_arch(Arch("ppc"))
-+    f.add_arch(Arch("ppc64"))
-+    f.add_arch(Arch("s390"))
-+    f.add_arch(Arch("s390x"))
-     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
-     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
-diff --git a/tests/regression b/tests/regression
-index 6bf6ea3..53d26b2 100755
---- a/tests/regression
-+++ b/tests/regression
-@@ -28,7 +28,8 @@ GLBL_ARCH_LE_SUPPORT=" \
- 	ppc64le"
- GLBL_ARCH_BE_SUPPORT=" \
- 	mips mips64 mips64n32 \
--	ppc64 ppc"
-+	ppc ppc64 \
-+	s390 s390x"
- 
- GLBL_SYS_ARCH="../tools/scmp_arch_detect"
- GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
-@@ -700,7 +701,7 @@ function run_test_live() {
- 
- 	# setup the arch specific return values
- 	case "$arch" in
--	x86|x86_64|x32|arm|aarch64|ppc64|ppc64le|ppc)
-+	x86|x86_64|x32|arm|aarch64|ppc|ppc64|ppc64le|ppc|s390|s390x)
- 		rc_kill=159
- 		rc_allow=160
- 		rc_trap=161
-diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
-index 03644c6..51c45c9 100644
---- a/tools/scmp_arch_detect.c
-+++ b/tools/scmp_arch_detect.c
-@@ -99,14 +99,20 @@ int main(int argc, char *argv[])
- 		case SCMP_ARCH_MIPSEL64N32:
- 			printf("mipsel64n32\n");
- 			break;
-+		case SCMP_ARCH_PPC:
-+			printf("ppc\n");
-+			break;
- 		case SCMP_ARCH_PPC64:
- 			printf("ppc64\n");
- 			break;
- 		case SCMP_ARCH_PPC64LE:
- 			printf("ppc64le\n");
- 			break;
--		case SCMP_ARCH_PPC:
--			printf("ppc\n");
-+		case SCMP_ARCH_S390:
-+			printf("s390\n");
-+			break;
-+		case SCMP_ARCH_S390X:
-+			printf("s390x\n");
- 			break;
- 		default:
- 			printf("unknown\n");
-diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
-index 6b70105..ddd216c 100644
---- a/tools/scmp_bpf_sim.c
-+++ b/tools/scmp_bpf_sim.c
-@@ -265,12 +265,16 @@ int main(int argc, char *argv[])
- 				arch = AUDIT_ARCH_MIPS64N32;
- 			else if (strcmp(optarg, "mipsel64n32") == 0)
- 				arch = AUDIT_ARCH_MIPSEL64N32;
-+			else if (strcmp(optarg, "ppc") == 0)
-+				arch = AUDIT_ARCH_PPC;
- 			else if (strcmp(optarg, "ppc64") == 0)
- 				arch = AUDIT_ARCH_PPC64;
- 			else if (strcmp(optarg, "ppc64le") == 0)
- 				arch = AUDIT_ARCH_PPC64LE;
--			else if (strcmp(optarg, "ppc") == 0)
--				arch = AUDIT_ARCH_PPC;
-+			else if (strcmp(optarg, "s390") == 0)
-+				arch = AUDIT_ARCH_S390;
-+			else if (strcmp(optarg, "s390x") == 0)
-+				arch = AUDIT_ARCH_S390X;
- 			else
- 				exit_fault(EINVAL);
- 			break;
-diff --git a/tools/util.c b/tools/util.c
-index a52c865..5b21559 100644
---- a/tools/util.c
-+++ b/tools/util.c
-@@ -70,6 +70,10 @@
- #endif
- #elif __PPC__
- #define ARCH_NATIVE		AUDIT_ARCH_PPC
-+#elif __s390x__ /* s390x must be checked before s390 */
-+#define ARCH_NATIVE		AUDIT_ARCH_S390X
-+#elif __s390__
-+#define ARCH_NATIVE		AUDIT_ARCH_S390
- #else
- #error the simulator code needs to know about your machine type
- #endif
diff -Nru libseccomp-2.2.3/debian/patches/series libseccomp-2.3.1/debian/patches/series
--- libseccomp-2.2.3/debian/patches/series	2016-03-16 14:44:44.000000000 +0000
+++ libseccomp-2.3.1/debian/patches/series	2016-05-28 17:56:56.000000000 +0000
@@ -1,8 +1 @@
-git-29753076fddfed772511c67887bed1f0621b32cf.diff
-git-18c7d1176fb236d98656eb4f4cd0343ebcfe5cc0.diff
-git-fc886cbe8128e8544f5d197dfd0971403ee203b5.diff
-git-13386c1fd34834b6c9d46d36c43616b623736a93.diff
-git-7f3ae6e6a12390bd38f0787b242f60c47ad076c3.diff
-git-a8fe571909e381b34d0ae0237aad71513f8739de.diff
-git-d2ca11b7cdddbba3782b1e306ceacf19e898faee.diff
-add-x86-32bit-socket-calls.patch
+28-parisc_support.patch
diff -Nru libseccomp-2.2.3/debian/tests/test-scmp_sys_resolver libseccomp-2.3.1/debian/tests/test-scmp_sys_resolver
--- libseccomp-2.2.3/debian/tests/test-scmp_sys_resolver	2016-02-11 15:15:58.000000000 +0000
+++ libseccomp-2.3.1/debian/tests/test-scmp_sys_resolver	2016-06-10 17:13:23.000000000 +0000
@@ -18,20 +18,25 @@
     high=$2
     echo "Testing syscalls $low-$high"
     for i in `seq $low $high` ; do
-        res=`scmp_sys_resolver $i` || {
+        res=`scmp_sys_resolver -- $i` || {
             echo "'$i' failed"
             failed="yes"
         }
         if [ "$res" = "UNKNOWN" ]; then
             continue
         fi
-        res2=`scmp_sys_resolver $res` || {
+        res2=`scmp_sys_resolver -- $res` || {
             echo "'$res' failed"
             failed="yes"
         }
         if [ "$res2" != "$i" ]; then
-            echo "FAIL: $i ($res) != $res ($res2)"
-            failed="yes"
+	    res3=`scmp_sys_resolver -- $res2`
+	    if [ "$res" = "$res3" ]; then
+		echo "pass: $i ($res) == $res ($res2 which is $res3)"
+	    else
+		echo "FAIL: $i ($res) != $res ($res2)"
+		failed="yes"
+	    fi
         else
             echo "pass: $i ($res) == $res ($res2)"
         fi
diff -Nru libseccomp-2.2.3/doc/Makefile.am libseccomp-2.3.1/doc/Makefile.am
--- libseccomp-2.2.3/doc/Makefile.am	2015-02-06 22:50:01.420595066 +0000
+++ libseccomp-2.3.1/doc/Makefile.am	2016-02-18 19:29:30.334085349 +0000
@@ -42,4 +42,5 @@
 	man/man3/seccomp_syscall_resolve_name.3 \
 	man/man3/seccomp_syscall_resolve_name_arch.3 \
 	man/man3/seccomp_syscall_resolve_name_rewrite.3 \
-	man/man3/seccomp_syscall_resolve_num_arch.3
+	man/man3/seccomp_syscall_resolve_num_arch.3 \
+	man/man3/seccomp_version.3
diff -Nru libseccomp-2.2.3/doc/Makefile.in libseccomp-2.3.1/doc/Makefile.in
--- libseccomp-2.2.3/doc/Makefile.in	2015-07-08 19:16:28.924206385 +0000
+++ libseccomp-2.3.1/doc/Makefile.in	2016-04-20 20:11:08.821211389 +0000
@@ -311,7 +311,8 @@
 	man/man3/seccomp_syscall_resolve_name.3 \
 	man/man3/seccomp_syscall_resolve_name_arch.3 \
 	man/man3/seccomp_syscall_resolve_name_rewrite.3 \
-	man/man3/seccomp_syscall_resolve_num_arch.3
+	man/man3/seccomp_syscall_resolve_num_arch.3 \
+	man/man3/seccomp_version.3
 
 all: all-am
 
diff -Nru libseccomp-2.2.3/doc/man/man3/seccomp_init.3 libseccomp-2.3.1/doc/man/man3/seccomp_init.3
--- libseccomp-2.2.3/doc/man/man3/seccomp_init.3	2015-02-06 22:50:01.420595066 +0000
+++ libseccomp-2.3.1/doc/man/man3/seccomp_init.3	2015-08-28 23:25:19.621512733 +0000
@@ -48,12 +48,17 @@
 values are as follows:
 .TP
 .B SCMP_ACT_KILL
-The thread will be killed by the kernel when it calls a syscall that does not
-match any of the configured seccomp filter rules.
+The thread will be terminated by the kernel with SIGSYS when it calls a syscall
+that does not match any of the configured seccomp filter rules.  The thread
+will not be able to catch the signal.
 .TP
 .B SCMP_ACT_TRAP
-The thread will throw a SIGSYS signal when it calls a syscall that does not
-match any of the configured seccomp filter rules.
+The thread will be sent a SIGSYS signal when it calls a syscall that does not
+match any of the configured seccomp filter rules.  It may catch this and change
+its behavior accordingly.  When using SA_SIGINFO with
+.BR sigaction (2),
+si_code will be set to SYS_SECCOMP, si_syscall will be set to the syscall that
+failed the rules, and si_arch will be set to the AUDIT_ARCH for the active ABI.
 .TP
 .B SCMP_ACT_ERRNO(uint16_t errno)
 The thread will receive a return value of
@@ -67,8 +72,8 @@
 option in the call to
 .BR ptrace (2),
 the tracing process will be notified, via
-.B PTRACE_EVENT_SECCOMP
-, and the value provided in
+.BR PTRACE_EVENT_SECCOMP ,
+and the value provided in
 .I msg_num
 can be retrieved using the
 .B PTRACE_GETEVENTMSG
diff -Nru libseccomp-2.2.3/doc/man/man3/seccomp_version.3 libseccomp-2.3.1/doc/man/man3/seccomp_version.3
--- libseccomp-2.2.3/doc/man/man3/seccomp_version.3	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/doc/man/man3/seccomp_version.3	2016-02-18 19:40:58.407033852 +0000
@@ -0,0 +1,87 @@
+.TH "seccomp_version" 3 "18 February 2016" "paul@paul-moore.com" "libseccomp Documentation"
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NAME
+.\" //////////////////////////////////////////////////////////////////////////
+seccomp_version \- Query the libseccomp version information
+.\" //////////////////////////////////////////////////////////////////////////
+.SH SYNOPSIS
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+.B #include <seccomp.h>
+.sp
+.B struct scmp_version {
+.B 	unsigned int major;
+.B 	unsigned int minor;
+.B 	unsigned int micro;
+.B }
+.sp
+.BI "const struct scmp_version *seccomp_version(" void ");"
+.sp
+Link with \fI\-lseccomp\fP.
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH DESCRIPTION
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+The
+.BR seccomp_version ()
+and
+.BR seccomp_reset ()
+functions return a pointer to a
+.B scmp_version
+struct which contains the version information of the currently loaded
+libseccomp library.  This function can be used by applications that need to
+verify that they are linked to a specific libseccomp version at runtime.
+.P
+The caller should not attempt to free the returned
+.B scmp_version
+struct when finished.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH RETURN VALUE
+.\" //////////////////////////////////////////////////////////////////////////
+The
+.BR seccomp_version ()
+function returns a pointer to a
+.B scmp_version
+structure on success, NULL on failure.  The caller should not attempt to free
+the returned structure.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH EXAMPLES
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+	const struct scmp_version *ver;
+
+	ver = seccomp_version();
+	if (ver == NULL)
+		goto err;
+
+	/* ... */
+
+	return 0;
+
+err:
+	return \-1;
+}
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NOTES
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+While the seccomp filter can be generated independent of the kernel, kernel
+support is required to load and enforce the seccomp filter generated by
+libseccomp.
+.P
+The libseccomp project site, with more information and the source code
+repository, can be found at https://github.com/seccomp/libseccomp.  This tool,
+as well as the libseccomp library, is currently under development, please
+report any bugs at the project site or directly to the author.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH AUTHOR
+.\" //////////////////////////////////////////////////////////////////////////
+Paul Moore <paul@paul-moore.com>
+.\" //////////////////////////////////////////////////////////////////////////
+
diff -Nru libseccomp-2.2.3/include/seccomp.h libseccomp-2.3.1/include/seccomp.h
--- libseccomp-2.2.3/include/seccomp.h	2015-07-08 19:16:49.300204860 +0000
+++ libseccomp-2.3.1/include/seccomp.h	2016-04-20 20:11:11.437211194 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library
  *
  * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -36,8 +36,14 @@
  */
 
 #define SCMP_VER_MAJOR		2
-#define SCMP_VER_MINOR		2
-#define SCMP_VER_MICRO		3
+#define SCMP_VER_MINOR		3
+#define SCMP_VER_MICRO		1
+
+struct scmp_version {
+	unsigned int major;
+	unsigned int minor;
+	unsigned int micro;
+};
 
 /*
  * types
@@ -163,6 +169,22 @@
 #define SCMP_ARCH_MIPSEL64N32	AUDIT_ARCH_MIPSEL64N32
 
 /**
+ * The PowerPC architecture tokens
+ */
+#define SCMP_ARCH_PPC		AUDIT_ARCH_PPC
+#define SCMP_ARCH_PPC64		AUDIT_ARCH_PPC64
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+#define SCMP_ARCH_PPC64LE	AUDIT_ARCH_PPC64LE
+
+/**
+ * The S390 architecture tokens
+ */
+#define SCMP_ARCH_S390		AUDIT_ARCH_S390
+#define SCMP_ARCH_S390X		AUDIT_ARCH_S390X
+
+/**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name
  */
@@ -237,6 +259,15 @@
  */
 
 /**
+ * Query the library version information
+ *
+ * This function returns a pointer to a populated scmp_version struct, the
+ * caller does not need to free the structure when finished.
+ *
+ */
+const struct scmp_version *seccomp_version(void);
+
+/**
  * Initialize the filter state
  * @param def_action the default filter action
  *
@@ -554,6 +585,7 @@
 
 /* NOTE - pseudo syscall values {-1..-99} are reserved */
 #define __NR_SCMP_ERROR		-1
+#define __NR_SCMP_UNDEF		-2
 
 /* socket syscalls */
 
@@ -1227,11 +1259,13 @@
 #endif /* __NR_cachectl */
 
 #define __PNR_cacheflush	-10104
+#ifndef __NR_cacheflush
 #ifdef __ARM_NR_cacheflush
 #define __NR_cacheflush		__ARM_NR_cacheflush
 #else
 #define __NR_cacheflush		__PNR_cacheflush
-#endif /* __ARM_NR_cacheflush */
+#endif
+#endif /* __NR_cacheflush */
 
 #define __PNR_sysmips		-10106
 #ifndef __NR_sysmips
@@ -1449,32 +1483,125 @@
 #endif /* __NR_utimes */
 
 #define __PNR_breakpoint	-10182
+#ifndef __NR_breakpoint
 #ifdef __ARM_NR_breakpoint
 #define __NR_breakpoint		__ARM_NR_breakpoint
 #else
 #define __NR_breakpoint		__PNR_breakpoint
-#endif /* __ARM_NR_breakpoint */
+#endif
+#endif /* __NR_breakpoint */
 
 #define __PNR_set_tls		-10183
+#ifndef __NR_set_tls
 #ifdef __ARM_NR_set_tls
 #define __NR_set_tls		__ARM_NR_set_tls
 #else
 #define __NR_set_tls		__PNR_set_tls
-#endif /* __ARM_NR_set_tls */
+#endif
+#endif /* __NR_set_tls */
 
 #define __PNR_usr26		-10184
+#ifndef __NR_usr26
 #ifdef __ARM_NR_usr26
 #define __NR_usr26		__ARM_NR_usr26
 #else
 #define __NR_usr26		__PNR_usr26
-#endif /* __ARM_NR_usr26 */
+#endif
+#endif /* __NR_usr26 */
 
 #define __PNR_usr32		-10185
+#ifndef __NR_usr32
 #ifdef __ARM_NR_usr32
 #define __NR_usr32		__ARM_NR_usr32
 #else
 #define __NR_usr32		__PNR_usr32
-#endif /* __ARM_NR_usr32 */
+#endif
+#endif /* __NR_usr32 */
+
+#define __PNR_multiplexer	-10186
+#ifndef __NR_multiplexer
+#define __NR_multiplexer	__PNR_multiplexer
+#endif /* __NR_multiplexer */
+
+#define __PNR_rtas		-10187
+#ifndef __NR_rtas
+#define __NR_rtas		__PNR_rtas
+#endif /* __NR_rtas */
+
+#define __PNR_spu_create	-10188
+#ifndef __NR_spu_create
+#define __NR_spu_create		__PNR_spu_create
+#endif /* __NR_spu_create */
+
+#define __PNR_spu_run		-10189
+#ifndef __NR_spu_run
+#define __NR_spu_run		__PNR_spu_run
+#endif /* __NR_spu_run */
+
+#define __PNR_subpage_prot	-10189
+#ifndef __NR_subpage_prot
+#define __NR_subpage_prot	__PNR_subpage_prot
+#endif /* __NR_subpage_prot */
+
+#define __PNR_swapcontext	-10190
+#ifndef __NR_swapcontext
+#define __NR_swapcontext	__PNR_swapcontext
+#endif /* __NR_swapcontext */
+
+#define __PNR_sys_debug_setcontext	-10191
+#ifndef __NR_sys_debug_setcontext
+#define __NR_sys_debug_setcontext	__PNR_sys_debug_setcontext
+#endif /* __NR_sys_debug_setcontext */
+
+#define __PNR_switch_endian	-10191
+#ifndef __NR_switch_endian
+#define __NR_switch_endian	__PNR_switch_endian
+#endif /* __NR_switch_endian */
+
+#define __PNR_get_mempolicy	-10192
+#ifndef __NR_get_mempolicy
+#define __NR_get_mempolicy	__PNR_get_mempolicy
+#endif /* __NR_get_mempolicy */
+
+#define __PNR_move_pages	-10193
+#ifndef __NR_move_pages
+#define __NR_move_pages		__PNR_move_pages
+#endif /* __NR_move_pages */
+
+#define __PNR_mbind		-10194
+#ifndef __NR_mbind
+#define __NR_mbind		__PNR_mbind
+#endif /* __NR_mbind */
+
+#define __PNR_set_mempolicy	-10195
+#ifndef __NR_set_mempolicy
+#define __NR_set_mempolicy	__PNR_set_mempolicy
+#endif /* __NR_set_mempolicy */
+
+#define __PNR_s390_runtime_instr	-10196
+#ifndef __NR_s390_runtime_instr
+#define __NR_s390_runtime_instr		__PNR_s390_runtime_instr
+#endif /* __NR_s390_runtime_instr */
+
+#define __PNR_s390_pci_mmio_read	-10197
+#ifndef __NR_s390_pci_mmio_read
+#define __NR_s390_pci_mmio_read		__PNR_s390_pci_mmio_read
+#endif /* __NR_s390_pci_mmio_read */
+
+#define __PNR_s390_pci_mmio_write	-10198
+#ifndef __NR_s390_pci_mmio_write
+#define __NR_s390_pci_mmio_write	__PNR_s390_pci_mmio_write
+#endif /* __NR_s390_pci_mmio_write */
+
+#define __PNR_membarrier	-10199
+#ifndef __NR_membarrier
+#define __NR_membarrier		__PNR_membarrier
+#endif /* __NR_membarrier */
+
+#define __PNR_userfaultfd	-10200
+#ifndef __NR_userfaultfd
+#define __NR_userfaultfd	__PNR_userfaultfd
+#endif /* __NR_userfaultfd */
 
 #ifdef __cplusplus
 }
diff -Nru libseccomp-2.2.3/include/seccomp.h.in libseccomp-2.3.1/include/seccomp.h.in
--- libseccomp-2.2.3/include/seccomp.h.in	2015-07-01 17:52:39.784897327 +0000
+++ libseccomp-2.3.1/include/seccomp.h.in	2016-02-18 19:10:17.906171599 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library
  *
  * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -39,6 +39,12 @@
 #define SCMP_VER_MINOR		@VERSION_MINOR@
 #define SCMP_VER_MICRO		@VERSION_MICRO@
 
+struct scmp_version {
+	unsigned int major;
+	unsigned int minor;
+	unsigned int micro;
+};
+
 /*
  * types
  */
@@ -163,6 +169,22 @@
 #define SCMP_ARCH_MIPSEL64N32	AUDIT_ARCH_MIPSEL64N32
 
 /**
+ * The PowerPC architecture tokens
+ */
+#define SCMP_ARCH_PPC		AUDIT_ARCH_PPC
+#define SCMP_ARCH_PPC64		AUDIT_ARCH_PPC64
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+#define SCMP_ARCH_PPC64LE	AUDIT_ARCH_PPC64LE
+
+/**
+ * The S390 architecture tokens
+ */
+#define SCMP_ARCH_S390		AUDIT_ARCH_S390
+#define SCMP_ARCH_S390X		AUDIT_ARCH_S390X
+
+/**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name
  */
@@ -237,6 +259,15 @@
  */
 
 /**
+ * Query the library version information
+ *
+ * This function returns a pointer to a populated scmp_version struct, the
+ * caller does not need to free the structure when finished.
+ *
+ */
+const struct scmp_version *seccomp_version(void);
+
+/**
  * Initialize the filter state
  * @param def_action the default filter action
  *
@@ -554,6 +585,7 @@
 
 /* NOTE - pseudo syscall values {-1..-99} are reserved */
 #define __NR_SCMP_ERROR		-1
+#define __NR_SCMP_UNDEF		-2
 
 /* socket syscalls */
 
@@ -1227,11 +1259,13 @@
 #endif /* __NR_cachectl */
 
 #define __PNR_cacheflush	-10104
+#ifndef __NR_cacheflush
 #ifdef __ARM_NR_cacheflush
 #define __NR_cacheflush		__ARM_NR_cacheflush
 #else
 #define __NR_cacheflush		__PNR_cacheflush
-#endif /* __ARM_NR_cacheflush */
+#endif
+#endif /* __NR_cacheflush */
 
 #define __PNR_sysmips		-10106
 #ifndef __NR_sysmips
@@ -1449,32 +1483,125 @@
 #endif /* __NR_utimes */
 
 #define __PNR_breakpoint	-10182
+#ifndef __NR_breakpoint
 #ifdef __ARM_NR_breakpoint
 #define __NR_breakpoint		__ARM_NR_breakpoint
 #else
 #define __NR_breakpoint		__PNR_breakpoint
-#endif /* __ARM_NR_breakpoint */
+#endif
+#endif /* __NR_breakpoint */
 
 #define __PNR_set_tls		-10183
+#ifndef __NR_set_tls
 #ifdef __ARM_NR_set_tls
 #define __NR_set_tls		__ARM_NR_set_tls
 #else
 #define __NR_set_tls		__PNR_set_tls
-#endif /* __ARM_NR_set_tls */
+#endif
+#endif /* __NR_set_tls */
 
 #define __PNR_usr26		-10184
+#ifndef __NR_usr26
 #ifdef __ARM_NR_usr26
 #define __NR_usr26		__ARM_NR_usr26
 #else
 #define __NR_usr26		__PNR_usr26
-#endif /* __ARM_NR_usr26 */
+#endif
+#endif /* __NR_usr26 */
 
 #define __PNR_usr32		-10185
+#ifndef __NR_usr32
 #ifdef __ARM_NR_usr32
 #define __NR_usr32		__ARM_NR_usr32
 #else
 #define __NR_usr32		__PNR_usr32
-#endif /* __ARM_NR_usr32 */
+#endif
+#endif /* __NR_usr32 */
+
+#define __PNR_multiplexer	-10186
+#ifndef __NR_multiplexer
+#define __NR_multiplexer	__PNR_multiplexer
+#endif /* __NR_multiplexer */
+
+#define __PNR_rtas		-10187
+#ifndef __NR_rtas
+#define __NR_rtas		__PNR_rtas
+#endif /* __NR_rtas */
+
+#define __PNR_spu_create	-10188
+#ifndef __NR_spu_create
+#define __NR_spu_create		__PNR_spu_create
+#endif /* __NR_spu_create */
+
+#define __PNR_spu_run		-10189
+#ifndef __NR_spu_run
+#define __NR_spu_run		__PNR_spu_run
+#endif /* __NR_spu_run */
+
+#define __PNR_subpage_prot	-10189
+#ifndef __NR_subpage_prot
+#define __NR_subpage_prot	__PNR_subpage_prot
+#endif /* __NR_subpage_prot */
+
+#define __PNR_swapcontext	-10190
+#ifndef __NR_swapcontext
+#define __NR_swapcontext	__PNR_swapcontext
+#endif /* __NR_swapcontext */
+
+#define __PNR_sys_debug_setcontext	-10191
+#ifndef __NR_sys_debug_setcontext
+#define __NR_sys_debug_setcontext	__PNR_sys_debug_setcontext
+#endif /* __NR_sys_debug_setcontext */
+
+#define __PNR_switch_endian	-10191
+#ifndef __NR_switch_endian
+#define __NR_switch_endian	__PNR_switch_endian
+#endif /* __NR_switch_endian */
+
+#define __PNR_get_mempolicy	-10192
+#ifndef __NR_get_mempolicy
+#define __NR_get_mempolicy	__PNR_get_mempolicy
+#endif /* __NR_get_mempolicy */
+
+#define __PNR_move_pages	-10193
+#ifndef __NR_move_pages
+#define __NR_move_pages		__PNR_move_pages
+#endif /* __NR_move_pages */
+
+#define __PNR_mbind		-10194
+#ifndef __NR_mbind
+#define __NR_mbind		__PNR_mbind
+#endif /* __NR_mbind */
+
+#define __PNR_set_mempolicy	-10195
+#ifndef __NR_set_mempolicy
+#define __NR_set_mempolicy	__PNR_set_mempolicy
+#endif /* __NR_set_mempolicy */
+
+#define __PNR_s390_runtime_instr	-10196
+#ifndef __NR_s390_runtime_instr
+#define __NR_s390_runtime_instr		__PNR_s390_runtime_instr
+#endif /* __NR_s390_runtime_instr */
+
+#define __PNR_s390_pci_mmio_read	-10197
+#ifndef __NR_s390_pci_mmio_read
+#define __NR_s390_pci_mmio_read		__PNR_s390_pci_mmio_read
+#endif /* __NR_s390_pci_mmio_read */
+
+#define __PNR_s390_pci_mmio_write	-10198
+#ifndef __NR_s390_pci_mmio_write
+#define __NR_s390_pci_mmio_write	__PNR_s390_pci_mmio_write
+#endif /* __NR_s390_pci_mmio_write */
+
+#define __PNR_membarrier	-10199
+#ifndef __NR_membarrier
+#define __NR_membarrier		__PNR_membarrier
+#endif /* __NR_membarrier */
+
+#define __PNR_userfaultfd	-10200
+#ifndef __NR_userfaultfd
+#define __NR_userfaultfd	__PNR_userfaultfd
+#endif /* __NR_userfaultfd */
 
 #ifdef __cplusplus
 }
diff -Nru libseccomp-2.2.3/libseccomp.pc.in libseccomp-2.3.1/libseccomp.pc.in
--- libseccomp-2.2.3/libseccomp.pc.in	2015-02-06 22:50:01.420595066 +0000
+++ libseccomp-2.3.1/libseccomp.pc.in	2016-02-11 18:24:50.094705563 +0000
@@ -2,7 +2,7 @@
 # Enhanced Seccomp Library pkg-config Configuration
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/README libseccomp-2.3.1/README
--- libseccomp-2.2.3/README	2015-06-10 12:30:03.078978516 +0000
+++ libseccomp-2.3.1/README	2015-08-13 01:12:39.830522758 +0000
@@ -18,7 +18,8 @@
 please note that a Google account is not required to subscribe to the mailing
 list.
 
-	-> https://groups.google.com/d/forum/libseccomp
+	-> https://groups.google.com/forum/#!forum/libseccomp
+	-> https://groups.google.com/forum/#!forum/libseccomp/join
 
 * Documentation
 
diff -Nru libseccomp-2.2.3/src/api.c libseccomp-2.3.1/src/api.c
--- libseccomp-2.2.3/src/api.c	2015-06-28 16:17:00.420527444 +0000
+++ libseccomp-2.3.1/src/api.c	2016-02-18 19:13:30.296157200 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library API
  *
  * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -38,6 +38,12 @@
 
 #define API	__attribute__((visibility("default")))
 
+const struct scmp_version library_version = {
+	.major = SCMP_VER_MAJOR,
+	.minor = SCMP_VER_MINOR,
+	.micro = SCMP_VER_MICRO,
+};
+
 /**
  * Validate a filter context
  * @param ctx the filter context
@@ -67,53 +73,29 @@
 }
 
 /* NOTE - function header comment in include/seccomp.h */
-API scmp_filter_ctx seccomp_init(uint32_t def_action)
+API const struct scmp_version *seccomp_version(void)
 {
-	struct db_filter_col *col;
-	struct db_filter *db;
+	return &library_version;
+}
 
+/* NOTE - function header comment in include/seccomp.h */
+API scmp_filter_ctx seccomp_init(uint32_t def_action)
+{
 	if (db_action_valid(def_action) < 0)
 		return NULL;
 
-	col = db_col_init(def_action);
-	if (col == NULL)
-		return NULL;
-	db = db_init(arch_def_native);
-	if (db == NULL)
-		goto init_failure_col;
-
-	if (db_col_db_add(col, db) < 0)
-		goto init_failure_db;
-
-	return col;
-
-init_failure_db:
-	db_release(db);
-init_failure_col:
-	db_col_release(col);
-	return NULL;
+	return db_col_init(def_action);
 }
 
 /* NOTE - function header comment in include/seccomp.h */
 API int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action)
 {
-	int rc;
 	struct db_filter_col *col = (struct db_filter_col *)ctx;
-	struct db_filter *db;
 
 	if (ctx == NULL || db_action_valid(def_action) < 0)
 		return -EINVAL;
 
-	db_col_reset(col, def_action);
-
-	db = db_init(arch_def_native);
-	if (db == NULL)
-		return -ENOMEM;
-	rc = db_col_db_add(col, db);
-	if (rc < 0)
-		db_release(db);
-
-	return rc;
+	return db_col_reset(col, def_action);
 }
 
 /* NOTE - function header comment in include/seccomp.h */
@@ -180,9 +162,7 @@
 /* NOTE - function header comment in include/seccomp.h */
 API int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token)
 {
-	int rc;
 	const struct arch_def *arch;
-	struct db_filter *db;
 	struct db_filter_col *col = (struct db_filter_col *)ctx;
 
 	if (arch_token == 0)
@@ -196,14 +176,7 @@
 	arch = arch_def_lookup(arch_token);
 	if (arch == NULL)
 		return -EFAULT;
-	db = db_init(arch);
-	if (db == NULL)
-		return -ENOMEM;
-	rc = db_col_db_add(col, db);
-	if (rc < 0)
-		db_release(db);
-
-	return rc;
+	return db_col_db_new(col, arch);
 }
 
 /* NOTE - function header comment in include/seccomp.h */
@@ -298,6 +271,7 @@
 API int seccomp_syscall_resolve_name_rewrite(uint32_t arch_token,
 					     const char *name)
 {
+	int rc;
 	int syscall;
 	const struct arch_def *arch;
 
@@ -315,7 +289,11 @@
 	syscall = arch_syscall_resolve_name(arch, name);
 	if (syscall == __NR_SCMP_ERROR)
 		return __NR_SCMP_ERROR;
-	if (arch_syscall_rewrite(arch, 0, &syscall) < 0)
+	rc = arch_syscall_rewrite(arch, &syscall);
+	if (rc == -EDOM)
+		/* if we can't rewrite the syscall, just pass it through */
+		return syscall;
+	else if (rc < 0)
 		return __NR_SCMP_ERROR;
 
 	return syscall;
@@ -331,81 +309,25 @@
 API int seccomp_syscall_priority(scmp_filter_ctx ctx,
 				 int syscall, uint8_t priority)
 {
-	int rc = 0, rc_tmp;
-	unsigned int iter;
-	int sc_tmp;
-	struct db_filter_col *col;
-	struct db_filter *filter;
+	struct db_filter_col *col = (struct db_filter_col *)ctx;
 
-	if (_ctx_valid(ctx) || _syscall_valid(syscall))
+	if (db_col_valid(col) || _syscall_valid(syscall))
 		return -EINVAL;
-	col = (struct db_filter_col *)ctx;
-
-	for (iter = 0; iter < col->filter_cnt; iter++) {
-		filter = col->filters[iter];
-		sc_tmp = syscall;
-
-		rc_tmp = arch_syscall_translate(filter->arch, &sc_tmp);
-		if (rc_tmp < 0)
-			goto syscall_priority_failure;
-
-		/* if this is a pseudo syscall (syscall < 0) then we need to
-		 * rewrite the syscall for some arch specific reason */
-		if (sc_tmp < 0) {
-			/* we set this as a strict op - we don't really care
-			 * since priorities are a "best effort" thing - as we
-			 * want to catch the -EDOM error and bail on this
-			 * architecture */
-			rc_tmp = arch_syscall_rewrite(filter->arch, 1, &sc_tmp);
-			if (rc_tmp == -EDOM)
-				continue;
-			if (rc_tmp < 0)
-				goto syscall_priority_failure;
-		}
-
-		rc_tmp = db_syscall_priority(filter, sc_tmp, priority);
-
-syscall_priority_failure:
-		if (rc == 0 && rc_tmp < 0)
-			rc = rc_tmp;
-	}
 
-	return rc;
+	return db_col_syscall_priority(col, syscall, priority);
 }
 
-/**
- * Add a new rule to the current filter
- * @param col the filter collection
- * @param strict the strict flag
- * @param action the filter action
- * @param syscall the syscall number
- * @param arg_cnt the number of argument filters in the argument filter chain
- * @param arg_array the argument filter chain, (uint, enum scmp_compare, ulong)
- *
- * This function adds a new argument/comparison/value to the seccomp filter for
- * a syscall; multiple arguments can be specified and they will be chained
- * together (essentially AND'd together) in the filter.  When the strict flag
- * is true the function will fail if the exact rule can not be added to the
- * filter, if the strict flag is false the function will not fail if the
- * function needs to adjust the rule due to architecture specifics.  Returns
- * zero on success, negative values on failure.
- *
- */
-static int _seccomp_rule_add(struct db_filter_col *col,
-			     bool strict, uint32_t action, int syscall,
-			     unsigned int arg_cnt,
-			     const struct scmp_arg_cmp *arg_array)
-{
-	int rc = 0, rc_tmp;
-	int sc_tmp;
-	unsigned int iter;
-	unsigned int chain_len;
-	unsigned int arg_num;
-	size_t chain_size;
-	struct db_filter *filter;
-	struct db_api_arg *chain = NULL, *chain_tmp;
-	struct scmp_arg_cmp arg_data;
+/* NOTE - function header comment in include/seccomp.h */
+API int seccomp_rule_add_array(scmp_filter_ctx ctx,
+			       uint32_t action, int syscall,
+			       unsigned int arg_cnt,
+			       const struct scmp_arg_cmp *arg_array)
+{
+	int rc;
+	struct db_filter_col *col = (struct db_filter_col *)ctx;
 
+	if (arg_cnt > ARG_COUNT_MAX)
+		return -EINVAL;
 	if (arg_cnt > 0 && arg_array == NULL)
 		return -EINVAL;
 
@@ -418,110 +340,7 @@
 	if (action == col->attr.act_default)
 		return -EPERM;
 
-	if (strict && col->filter_cnt > 1)
-		return -EOPNOTSUPP;
-
-	/* collect the arguments for the filter rule */
-	chain_len = ARG_COUNT_MAX;
-	chain_size = sizeof(*chain) * chain_len;
-	chain = malloc(chain_size);
-	if (chain == NULL)
-		return -ENOMEM;
-	memset(chain, 0, chain_size);
-	for (iter = 0; iter < arg_cnt; iter++) {
-		arg_data = arg_array[iter];
-		arg_num = arg_data.arg;
-		if (arg_num < chain_len && chain[arg_num].valid == 0) {
-			chain[arg_num].valid = 1;
-			chain[arg_num].arg = arg_num;
-			chain[arg_num].op = arg_data.op;
-			/* XXX - we should check datum/mask size against the
-			 *	 arch definition, e.g. 64 bit datum on x86 */
-			switch (chain[arg_num].op) {
-			case SCMP_CMP_NE:
-			case SCMP_CMP_LT:
-			case SCMP_CMP_LE:
-			case SCMP_CMP_EQ:
-			case SCMP_CMP_GE:
-			case SCMP_CMP_GT:
-				chain[arg_num].mask = DATUM_MAX;
-				chain[arg_num].datum = arg_data.datum_a;
-				break;
-			case SCMP_CMP_MASKED_EQ:
-				chain[arg_num].mask = arg_data.datum_a;
-				chain[arg_num].datum = arg_data.datum_b;
-				break;
-			default:
-				rc = -EINVAL;
-				goto rule_add_return;
-			}
-		} else {
-			rc = -EINVAL;
-			goto rule_add_return;
-		}
-	}
-
-	for (iter = 0; iter < col->filter_cnt; iter++) {
-		filter = col->filters[iter];
-		sc_tmp = syscall;
-
-		rc_tmp = arch_syscall_translate(filter->arch, &sc_tmp);
-		if (rc_tmp < 0)
-			goto rule_add_failure;
-
-		/* if this is a pseudo syscall (syscall < 0) then we need to
-		 * rewrite the rule for some arch specific reason */
-		if (sc_tmp < 0) {
-			/* make a private copy of the chain */
-			chain_tmp = malloc(chain_size);
-			if (chain_tmp == NULL) {
-				rc = -ENOMEM;
-				goto rule_add_failure;
-			}
-			memcpy(chain_tmp, chain, chain_size);
-
-			/* mangle the private chain copy */
-			rc_tmp = arch_filter_rewrite(filter->arch, strict,
-						     &sc_tmp, chain_tmp);
-			if ((rc == -EDOM) && (!strict)) {
-				free(chain_tmp);
-				continue;
-			}
-			if (rc_tmp < 0) {
-				free(chain_tmp);
-				goto rule_add_failure;
-			}
-
-			/* add the new rule to the existing filter */
-			rc_tmp = db_rule_add(filter, action, sc_tmp, chain_tmp);
-			free(chain_tmp);
-		} else
-			/* add the new rule to the existing filter */
-			rc_tmp = db_rule_add(filter, action, sc_tmp, chain);
-
-rule_add_failure:
-		if (rc == 0 && rc_tmp < 0)
-			rc = rc_tmp;
-	}
-
-rule_add_return:
-	if (chain != NULL)
-		free(chain);
-	return rc;
-}
-
-/* NOTE - function header comment in include/seccomp.h */
-API int seccomp_rule_add_array(scmp_filter_ctx ctx,
-			       uint32_t action, int syscall,
-			       unsigned int arg_cnt,
-			       const struct scmp_arg_cmp *arg_array)
-{
-	/* arg_cnt is unsigned, so no need to check the lower bound */
-	if (arg_cnt > ARG_COUNT_MAX)
-		return -EINVAL;
-
-	return _seccomp_rule_add((struct db_filter_col *)ctx,
-				 0, action, syscall, arg_cnt, arg_array);
+	return db_col_rule_add(col, 0, action, syscall, arg_cnt, arg_array);
 }
 
 /* NOTE - function header comment in include/seccomp.h */
@@ -553,12 +372,27 @@
 				     unsigned int arg_cnt,
 				     const struct scmp_arg_cmp *arg_array)
 {
-	/* arg_cnt is unsigned, so no need to check the lower bound */
+	int rc;
+	struct db_filter_col *col = (struct db_filter_col *)ctx;
+
 	if (arg_cnt > ARG_COUNT_MAX)
 		return -EINVAL;
+	if (arg_cnt > 0 && arg_array == NULL)
+		return -EINVAL;
+
+	if (db_col_valid(col) || _syscall_valid(syscall))
+		return -EINVAL;
+
+	rc = db_action_valid(action);
+	if (rc < 0)
+		return rc;
+	if (action == col->attr.act_default)
+		return -EPERM;
+
+	if (col->filter_cnt > 1)
+		return -EOPNOTSUPP;
 
-	return _seccomp_rule_add((struct db_filter_col *)ctx,
-				 1, action, syscall, arg_cnt, arg_array);
+	return db_col_rule_add(col, 1, action, syscall, arg_cnt, arg_array);
 }
 
 /* NOTE - function header comment in include/seccomp.h */
diff -Nru libseccomp-2.2.3/src/arch-aarch64.c libseccomp-2.3.1/src/arch-aarch64.c
--- libseccomp-2.2.3/src/arch-aarch64.c	2015-06-28 16:17:00.432527443 +0000
+++ libseccomp-2.3.1/src/arch-aarch64.c	2016-02-11 18:32:37.526670579 +0000
@@ -31,4 +31,8 @@
 	.token_bpf = AUDIT_ARCH_AARCH64,
 	.size = ARCH_SIZE_64,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = aarch64_syscall_resolve_name,
+	.syscall_resolve_num = aarch64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-aarch64-syscalls.c libseccomp-2.3.1/src/arch-aarch64-syscalls.c
--- libseccomp-2.2.3/src/arch-aarch64-syscalls.c	2015-06-28 16:17:00.428527443 +0000
+++ libseccomp-2.3.1/src/arch-aarch64-syscalls.c	2016-02-19 16:05:36.999890615 +0000
@@ -26,7 +26,7 @@
 #include "arch.h"
 #include "arch-aarch64.h"
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def aarch64_syscall_table[] = { \
 	{ "_llseek", __PNR__llseek },
 	{ "_newselect", __PNR__newselect },
@@ -65,6 +65,7 @@
 	{ "clone", 220 },
 	{ "close", 57 },
 	{ "connect", 203 },
+	{ "copy_file_range", 285 },
 	{ "creat", __PNR_creat },
 	{ "create_module", __PNR_create_module },
 	{ "delete_module", 106 },
@@ -196,6 +197,7 @@
 	{ "lstat64", __PNR_lstat64 },
 	{ "madvise", 233 },
 	{ "mbind", 235 },
+	{ "membarrier", 283 },
 	{ "memfd_create", 279 },
 	{ "migrate_pages", 238 },
 	{ "mincore", 232 },
@@ -204,6 +206,7 @@
 	{ "mknod", __PNR_mknod },
 	{ "mknodat", 33 },
 	{ "mlock", 228 },
+	{ "mlock2", 284 },
 	{ "mlockall", 230 },
 	{ "mmap", 222 },
 	{ "mmap2", __PNR_mmap2 },
@@ -224,6 +227,7 @@
 	{ "msgrcv", 188 },
 	{ "msgsnd", 189 },
 	{ "msync", 227 },
+	{ "multiplexer", __PNR_multiplexer },
 	{ "munlock", 229 },
 	{ "munlockall", 231 },
 	{ "munmap", 215 },
@@ -294,6 +298,10 @@
 	{ "rt_sigsuspend", 133 },
 	{ "rt_sigtimedwait", 137 },
 	{ "rt_tgsigqueueinfo", 240 },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", 125 },
 	{ "sched_get_priority_min", 126 },
 	{ "sched_getaffinity", 123 },
@@ -372,6 +380,8 @@
 	{ "socketcall", __PNR_socketcall },
 	{ "socketpair", 199 },
 	{ "splice", 76 },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", __PNR_ssetmask },
 	{ "stat", __PNR_stat },
 	{ "stat64", __PNR_stat64 },
@@ -379,8 +389,11 @@
 	{ "statfs64", __PNR_statfs64 },
 	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
 	{ "swapoff", 225 },
 	{ "swapon", 224 },
+	{ "switch_endian", __PNR_switch_endian },
 	{ "symlink", __PNR_symlink },
 	{ "symlinkat", 36 },
 	{ "sync", 81 },
@@ -388,6 +401,7 @@
 	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", 267 },
 	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
 	{ "sysfs", __PNR_sysfs },
 	{ "sysinfo", 179 },
 	{ "syslog", 116 },
@@ -419,6 +433,7 @@
 	{ "unlinkat", 35 },
 	{ "unshare", 97 },
 	{ "uselib", __PNR_uselib },
+	{ "userfaultfd", 282 },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
 	{ "ustat", __PNR_ustat },
diff -Nru libseccomp-2.2.3/src/arch-arm.c libseccomp-2.3.1/src/arch-arm.c
--- libseccomp-2.2.3/src/arch-arm.c	2015-06-28 16:17:00.445527442 +0000
+++ libseccomp-2.3.1/src/arch-arm.c	2016-02-11 18:32:37.528670579 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp ARM Specific Code
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -31,4 +31,8 @@
 	.token_bpf = AUDIT_ARCH_ARM,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = arm_syscall_resolve_name,
+	.syscall_resolve_num = arm_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-arm.h libseccomp-2.3.1/src/arch-arm.h
--- libseccomp-2.2.3/src/arch-arm.h	2015-06-28 16:17:00.611527430 +0000
+++ libseccomp-2.3.1/src/arch-arm.h	2016-02-11 18:32:39.775670411 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp ARM Specific Code
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/src/arch-arm-syscalls.c libseccomp-2.3.1/src/arch-arm-syscalls.c
--- libseccomp-2.2.3/src/arch-arm-syscalls.c	2015-06-28 16:17:00.441527442 +0000
+++ libseccomp-2.3.1/src/arch-arm-syscalls.c	2016-02-19 16:05:36.999890615 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp ARM Syscall Table
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -26,428 +26,443 @@
 #include "arch.h"
 #include "arch-arm.h"
 
-#define __NR_OABI_SYSCALL_BASE	0x900000
-#define __ARM_NR_BASE		0x0f0000
+#define __SCMP_NR_OABI_SYSCALL_BASE	0x900000
+#define __SCMP_ARM_NR_BASE		0x0f0000
 
 /* NOTE: we currently only support the ARM EABI, more info at the URL below:
  *       -> http://wiki.embeddedarm.com/wiki/EABI_vs_OABI */
 #if 1
-#define __NR_SYSCALL_BASE	0
+#define __SCMP_NR_BASE			0
 #else
-#define __NR_SYSCALL_BASE	__NR_OABI_SYSCALL_BASE
+#define __SCMP_NR_BASE			__SCMP_NR_OABI_SYSCALL_BASE
 #endif
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def arm_syscall_table[] = { \
 	/* NOTE: arm_sync_file_range() and sync_file_range2() share values */
-	{ "_llseek", (__NR_SYSCALL_BASE + 140) },
-	{ "_newselect", (__NR_SYSCALL_BASE + 142) },
-	{ "_sysctl", (__NR_SYSCALL_BASE + 149) },
-	{ "accept", (__NR_SYSCALL_BASE + 285) },
-	{ "accept4", (__NR_SYSCALL_BASE + 366) },
-	{ "access", (__NR_SYSCALL_BASE + 33) },
-	{ "acct", (__NR_SYSCALL_BASE + 51) },
-	{ "add_key", (__NR_SYSCALL_BASE + 309) },
-	{ "adjtimex", (__NR_SYSCALL_BASE + 124) },
+	{ "_llseek", (__SCMP_NR_BASE + 140) },
+	{ "_newselect", (__SCMP_NR_BASE + 142) },
+	{ "_sysctl", (__SCMP_NR_BASE + 149) },
+	{ "accept", (__SCMP_NR_BASE + 285) },
+	{ "accept4", (__SCMP_NR_BASE + 366) },
+	{ "access", (__SCMP_NR_BASE + 33) },
+	{ "acct", (__SCMP_NR_BASE + 51) },
+	{ "add_key", (__SCMP_NR_BASE + 309) },
+	{ "adjtimex", (__SCMP_NR_BASE + 124) },
 	{ "afs_syscall", __PNR_afs_syscall },
 	{ "alarm", __PNR_alarm },
-	{ "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) },
-	{ "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) },
+	{ "arm_fadvise64_64", (__SCMP_NR_BASE + 270) },
+	{ "arm_sync_file_range", (__SCMP_NR_BASE + 341) },
 	{ "arch_prctl", __PNR_arch_prctl },
-	{ "bdflush", (__NR_SYSCALL_BASE + 134) },
-	{ "bind", (__NR_SYSCALL_BASE + 282) },
-	{ "bpf", (__NR_SYSCALL_BASE + 386) },
+	{ "bdflush", (__SCMP_NR_BASE + 134) },
+	{ "bind", (__SCMP_NR_BASE + 282) },
+	{ "bpf", (__SCMP_NR_BASE + 386) },
 	{ "break", __PNR_break },
-	{ "breakpoint", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 1)) },
-	{ "brk", (__NR_SYSCALL_BASE + 45) },
+	{ "breakpoint", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 1)) },
+	{ "brk", (__SCMP_NR_BASE + 45) },
 	{ "cachectl", __PNR_cachectl },
-	{ "cacheflush", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 2)) },
-	{ "capget", (__NR_SYSCALL_BASE + 184) },
-	{ "capset", (__NR_SYSCALL_BASE + 185) },
-	{ "chdir", (__NR_SYSCALL_BASE + 12) },
-	{ "chmod", (__NR_SYSCALL_BASE + 15) },
-	{ "chown", (__NR_SYSCALL_BASE + 182) },
-	{ "chown32", (__NR_SYSCALL_BASE + 212) },
-	{ "chroot", (__NR_SYSCALL_BASE + 61) },
-	{ "clock_adjtime", (__NR_SYSCALL_BASE + 372) },
-	{ "clock_getres", (__NR_SYSCALL_BASE + 264) },
-	{ "clock_gettime", (__NR_SYSCALL_BASE + 263) },
-	{ "clock_nanosleep", (__NR_SYSCALL_BASE + 265) },
-	{ "clock_settime", (__NR_SYSCALL_BASE + 262) },
-	{ "clone", (__NR_SYSCALL_BASE + 120) },
-	{ "close", (__NR_SYSCALL_BASE +  6) },
-	{ "connect", (__NR_SYSCALL_BASE + 283) },
-	{ "creat", (__NR_SYSCALL_BASE +  8) },
+	{ "cacheflush", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 2)) },
+	{ "capget", (__SCMP_NR_BASE + 184) },
+	{ "capset", (__SCMP_NR_BASE + 185) },
+	{ "chdir", (__SCMP_NR_BASE + 12) },
+	{ "chmod", (__SCMP_NR_BASE + 15) },
+	{ "chown", (__SCMP_NR_BASE + 182) },
+	{ "chown32", (__SCMP_NR_BASE + 212) },
+	{ "chroot", (__SCMP_NR_BASE + 61) },
+	{ "clock_adjtime", (__SCMP_NR_BASE + 372) },
+	{ "clock_getres", (__SCMP_NR_BASE + 264) },
+	{ "clock_gettime", (__SCMP_NR_BASE + 263) },
+	{ "clock_nanosleep", (__SCMP_NR_BASE + 265) },
+	{ "clock_settime", (__SCMP_NR_BASE + 262) },
+	{ "clone", (__SCMP_NR_BASE + 120) },
+	{ "close", (__SCMP_NR_BASE +  6) },
+	{ "connect", (__SCMP_NR_BASE + 283) },
+	{ "copy_file_range", (__SCMP_NR_BASE + 391) },
+	{ "creat", (__SCMP_NR_BASE +  8) },
 	{ "create_module", __PNR_create_module },
-	{ "delete_module", (__NR_SYSCALL_BASE + 129) },
-	{ "dup", (__NR_SYSCALL_BASE + 41) },
-	{ "dup2", (__NR_SYSCALL_BASE + 63) },
-	{ "dup3", (__NR_SYSCALL_BASE + 358) },
-	{ "epoll_create", (__NR_SYSCALL_BASE + 250) },
-	{ "epoll_create1", (__NR_SYSCALL_BASE + 357) },
-	{ "epoll_ctl", (__NR_SYSCALL_BASE + 251) },
+	{ "delete_module", (__SCMP_NR_BASE + 129) },
+	{ "dup", (__SCMP_NR_BASE + 41) },
+	{ "dup2", (__SCMP_NR_BASE + 63) },
+	{ "dup3", (__SCMP_NR_BASE + 358) },
+	{ "epoll_create", (__SCMP_NR_BASE + 250) },
+	{ "epoll_create1", (__SCMP_NR_BASE + 357) },
+	{ "epoll_ctl", (__SCMP_NR_BASE + 251) },
 	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-	{ "epoll_pwait", (__NR_SYSCALL_BASE + 346) },
-	{ "epoll_wait", (__NR_SYSCALL_BASE + 252) },
+	{ "epoll_pwait", (__SCMP_NR_BASE + 346) },
+	{ "epoll_wait", (__SCMP_NR_BASE + 252) },
 	{ "epoll_wait_old", __PNR_epoll_wait_old },
-	{ "eventfd", (__NR_SYSCALL_BASE + 351) },
-	{ "eventfd2", (__NR_SYSCALL_BASE + 356) },
-	{ "execve", (__NR_SYSCALL_BASE + 11) },
-	{ "execveat", (__NR_SYSCALL_BASE + 387) },
-	{ "exit", (__NR_SYSCALL_BASE +  1) },
-	{ "exit_group", (__NR_SYSCALL_BASE + 248) },
-	{ "faccessat", (__NR_SYSCALL_BASE + 334) },
+	{ "eventfd", (__SCMP_NR_BASE + 351) },
+	{ "eventfd2", (__SCMP_NR_BASE + 356) },
+	{ "execve", (__SCMP_NR_BASE + 11) },
+	{ "execveat", (__SCMP_NR_BASE + 387) },
+	{ "exit", (__SCMP_NR_BASE +  1) },
+	{ "exit_group", (__SCMP_NR_BASE + 248) },
+	{ "faccessat", (__SCMP_NR_BASE + 334) },
 	{ "fadvise64", __PNR_fadvise64 },
 	{ "fadvise64_64", __PNR_fadvise64_64 },
-	{ "fallocate", (__NR_SYSCALL_BASE + 352) },
-	{ "fanotify_init", (__NR_SYSCALL_BASE + 367) },
-	{ "fanotify_mark", (__NR_SYSCALL_BASE + 368) },
-	{ "fchdir", (__NR_SYSCALL_BASE + 133) },
-	{ "fchmod", (__NR_SYSCALL_BASE + 94) },
-	{ "fchmodat", (__NR_SYSCALL_BASE + 333) },
-	{ "fchown", (__NR_SYSCALL_BASE + 95) },
-	{ "fchown32", (__NR_SYSCALL_BASE + 207) },
-	{ "fchownat", (__NR_SYSCALL_BASE + 325) },
-	{ "fcntl", (__NR_SYSCALL_BASE + 55) },
-	{ "fcntl64", (__NR_SYSCALL_BASE + 221) },
-	{ "fdatasync", (__NR_SYSCALL_BASE + 148) },
-	{ "fgetxattr", (__NR_SYSCALL_BASE + 231) },
-	{ "finit_module", (__NR_SYSCALL_BASE + 379) },
-	{ "flistxattr", (__NR_SYSCALL_BASE + 234) },
-	{ "flock", (__NR_SYSCALL_BASE + 143) },
-	{ "fork", (__NR_SYSCALL_BASE +  2) },
-	{ "fremovexattr", (__NR_SYSCALL_BASE + 237) },
-	{ "fsetxattr", (__NR_SYSCALL_BASE + 228) },
-	{ "fstat", (__NR_SYSCALL_BASE + 108) },
-	{ "fstat64", (__NR_SYSCALL_BASE + 197) },
-	{ "fstatat64", (__NR_SYSCALL_BASE + 327) },
-	{ "fstatfs", (__NR_SYSCALL_BASE + 100) },
-	{ "fstatfs64", (__NR_SYSCALL_BASE + 267) },
-	{ "fsync", (__NR_SYSCALL_BASE + 118) },
+	{ "fallocate", (__SCMP_NR_BASE + 352) },
+	{ "fanotify_init", (__SCMP_NR_BASE + 367) },
+	{ "fanotify_mark", (__SCMP_NR_BASE + 368) },
+	{ "fchdir", (__SCMP_NR_BASE + 133) },
+	{ "fchmod", (__SCMP_NR_BASE + 94) },
+	{ "fchmodat", (__SCMP_NR_BASE + 333) },
+	{ "fchown", (__SCMP_NR_BASE + 95) },
+	{ "fchown32", (__SCMP_NR_BASE + 207) },
+	{ "fchownat", (__SCMP_NR_BASE + 325) },
+	{ "fcntl", (__SCMP_NR_BASE + 55) },
+	{ "fcntl64", (__SCMP_NR_BASE + 221) },
+	{ "fdatasync", (__SCMP_NR_BASE + 148) },
+	{ "fgetxattr", (__SCMP_NR_BASE + 231) },
+	{ "finit_module", (__SCMP_NR_BASE + 379) },
+	{ "flistxattr", (__SCMP_NR_BASE + 234) },
+	{ "flock", (__SCMP_NR_BASE + 143) },
+	{ "fork", (__SCMP_NR_BASE +  2) },
+	{ "fremovexattr", (__SCMP_NR_BASE + 237) },
+	{ "fsetxattr", (__SCMP_NR_BASE + 228) },
+	{ "fstat", (__SCMP_NR_BASE + 108) },
+	{ "fstat64", (__SCMP_NR_BASE + 197) },
+	{ "fstatat64", (__SCMP_NR_BASE + 327) },
+	{ "fstatfs", (__SCMP_NR_BASE + 100) },
+	{ "fstatfs64", (__SCMP_NR_BASE + 267) },
+	{ "fsync", (__SCMP_NR_BASE + 118) },
 	{ "ftime", __PNR_ftime },
-	{ "ftruncate", (__NR_SYSCALL_BASE + 93) },
-	{ "ftruncate64", (__NR_SYSCALL_BASE + 194) },
-	{ "futex", (__NR_SYSCALL_BASE + 240) },
-	{ "futimesat", (__NR_SYSCALL_BASE + 326) },
+	{ "ftruncate", (__SCMP_NR_BASE + 93) },
+	{ "ftruncate64", (__SCMP_NR_BASE + 194) },
+	{ "futex", (__SCMP_NR_BASE + 240) },
+	{ "futimesat", (__SCMP_NR_BASE + 326) },
 	{ "get_kernel_syms", __PNR_get_kernel_syms },
-	{ "get_mempolicy", (__NR_SYSCALL_BASE + 320) },
-	{ "get_robust_list", (__NR_SYSCALL_BASE + 339) },
+	{ "get_mempolicy", (__SCMP_NR_BASE + 320) },
+	{ "get_robust_list", (__SCMP_NR_BASE + 339) },
 	{ "get_thread_area", __PNR_get_thread_area },
-	{ "getcpu", (__NR_SYSCALL_BASE + 345) },
-	{ "getcwd", (__NR_SYSCALL_BASE + 183) },
-	{ "getdents", (__NR_SYSCALL_BASE + 141) },
-	{ "getdents64", (__NR_SYSCALL_BASE + 217) },
-	{ "getegid", (__NR_SYSCALL_BASE + 50) },
-	{ "getegid32", (__NR_SYSCALL_BASE + 202) },
-	{ "geteuid", (__NR_SYSCALL_BASE + 49) },
-	{ "geteuid32", (__NR_SYSCALL_BASE + 201) },
-	{ "getgid", (__NR_SYSCALL_BASE + 47) },
-	{ "getgid32", (__NR_SYSCALL_BASE + 200) },
-	{ "getgroups", (__NR_SYSCALL_BASE + 80) },
-	{ "getgroups32", (__NR_SYSCALL_BASE + 205) },
-	{ "getitimer", (__NR_SYSCALL_BASE + 105) },
-	{ "getpeername", (__NR_SYSCALL_BASE + 287) },
-	{ "getpgid", (__NR_SYSCALL_BASE + 132) },
-	{ "getpgrp", (__NR_SYSCALL_BASE + 65) },
-	{ "getpid", (__NR_SYSCALL_BASE + 20) },
+	{ "getcpu", (__SCMP_NR_BASE + 345) },
+	{ "getcwd", (__SCMP_NR_BASE + 183) },
+	{ "getdents", (__SCMP_NR_BASE + 141) },
+	{ "getdents64", (__SCMP_NR_BASE + 217) },
+	{ "getegid", (__SCMP_NR_BASE + 50) },
+	{ "getegid32", (__SCMP_NR_BASE + 202) },
+	{ "geteuid", (__SCMP_NR_BASE + 49) },
+	{ "geteuid32", (__SCMP_NR_BASE + 201) },
+	{ "getgid", (__SCMP_NR_BASE + 47) },
+	{ "getgid32", (__SCMP_NR_BASE + 200) },
+	{ "getgroups", (__SCMP_NR_BASE + 80) },
+	{ "getgroups32", (__SCMP_NR_BASE + 205) },
+	{ "getitimer", (__SCMP_NR_BASE + 105) },
+	{ "getpeername", (__SCMP_NR_BASE + 287) },
+	{ "getpgid", (__SCMP_NR_BASE + 132) },
+	{ "getpgrp", (__SCMP_NR_BASE + 65) },
+	{ "getpid", (__SCMP_NR_BASE + 20) },
 	{ "getpmsg", __PNR_getpmsg },
-	{ "getppid", (__NR_SYSCALL_BASE + 64) },
-	{ "getpriority", (__NR_SYSCALL_BASE + 96) },
-	{ "getrandom", (__NR_SYSCALL_BASE + 384) },
-	{ "getresgid", (__NR_SYSCALL_BASE + 171) },
-	{ "getresgid32", (__NR_SYSCALL_BASE + 211) },
-	{ "getresuid", (__NR_SYSCALL_BASE + 165) },
-	{ "getresuid32", (__NR_SYSCALL_BASE + 209) },
+	{ "getppid", (__SCMP_NR_BASE + 64) },
+	{ "getpriority", (__SCMP_NR_BASE + 96) },
+	{ "getrandom", (__SCMP_NR_BASE + 384) },
+	{ "getresgid", (__SCMP_NR_BASE + 171) },
+	{ "getresgid32", (__SCMP_NR_BASE + 211) },
+	{ "getresuid", (__SCMP_NR_BASE + 165) },
+	{ "getresuid32", (__SCMP_NR_BASE + 209) },
 	{ "getrlimit", __PNR_getrlimit },
-	{ "getrusage", (__NR_SYSCALL_BASE + 77) },
-	{ "getsid", (__NR_SYSCALL_BASE + 147) },
-	{ "getsockname", (__NR_SYSCALL_BASE + 286) },
-	{ "getsockopt", (__NR_SYSCALL_BASE + 295) },
-	{ "gettid", (__NR_SYSCALL_BASE + 224) },
-	{ "gettimeofday", (__NR_SYSCALL_BASE + 78) },
-	{ "getuid", (__NR_SYSCALL_BASE + 24) },
-	{ "getuid32", (__NR_SYSCALL_BASE + 199) },
-	{ "getxattr", (__NR_SYSCALL_BASE + 229) },
+	{ "getrusage", (__SCMP_NR_BASE + 77) },
+	{ "getsid", (__SCMP_NR_BASE + 147) },
+	{ "getsockname", (__SCMP_NR_BASE + 286) },
+	{ "getsockopt", (__SCMP_NR_BASE + 295) },
+	{ "gettid", (__SCMP_NR_BASE + 224) },
+	{ "gettimeofday", (__SCMP_NR_BASE + 78) },
+	{ "getuid", (__SCMP_NR_BASE + 24) },
+	{ "getuid32", (__SCMP_NR_BASE + 199) },
+	{ "getxattr", (__SCMP_NR_BASE + 229) },
 	{ "gtty", __PNR_gtty },
 	{ "idle", __PNR_idle },
-	{ "init_module", (__NR_SYSCALL_BASE + 128) },
-	{ "inotify_add_watch", (__NR_SYSCALL_BASE + 317) },
-	{ "inotify_init", (__NR_SYSCALL_BASE + 316) },
-	{ "inotify_init1", (__NR_SYSCALL_BASE + 360) },
-	{ "inotify_rm_watch", (__NR_SYSCALL_BASE + 318) },
-	{ "io_cancel", (__NR_SYSCALL_BASE + 247) },
-	{ "io_destroy", (__NR_SYSCALL_BASE + 244) },
-	{ "io_getevents", (__NR_SYSCALL_BASE + 245) },
-	{ "io_setup", (__NR_SYSCALL_BASE + 243) },
-	{ "io_submit", (__NR_SYSCALL_BASE + 246) },
-	{ "ioctl", (__NR_SYSCALL_BASE + 54) },
+	{ "init_module", (__SCMP_NR_BASE + 128) },
+	{ "inotify_add_watch", (__SCMP_NR_BASE + 317) },
+	{ "inotify_init", (__SCMP_NR_BASE + 316) },
+	{ "inotify_init1", (__SCMP_NR_BASE + 360) },
+	{ "inotify_rm_watch", (__SCMP_NR_BASE + 318) },
+	{ "io_cancel", (__SCMP_NR_BASE + 247) },
+	{ "io_destroy", (__SCMP_NR_BASE + 244) },
+	{ "io_getevents", (__SCMP_NR_BASE + 245) },
+	{ "io_setup", (__SCMP_NR_BASE + 243) },
+	{ "io_submit", (__SCMP_NR_BASE + 246) },
+	{ "ioctl", (__SCMP_NR_BASE + 54) },
 	{ "ioperm", __PNR_ioperm },
 	{ "iopl", __PNR_iopl },
-	{ "ioprio_get", (__NR_SYSCALL_BASE + 315) },
-	{ "ioprio_set", (__NR_SYSCALL_BASE + 314) },
+	{ "ioprio_get", (__SCMP_NR_BASE + 315) },
+	{ "ioprio_set", (__SCMP_NR_BASE + 314) },
 	{ "ipc", __PNR_ipc },
-	{ "kcmp", (__NR_SYSCALL_BASE + 378) },
+	{ "kcmp", (__SCMP_NR_BASE + 378) },
 	{ "kexec_file_load", __PNR_kexec_file_load },
-	{ "kexec_load", (__NR_SYSCALL_BASE + 347) },
-	{ "keyctl", (__NR_SYSCALL_BASE + 311) },
-	{ "kill", (__NR_SYSCALL_BASE + 37) },
-	{ "lchown", (__NR_SYSCALL_BASE + 16) },
-	{ "lchown32", (__NR_SYSCALL_BASE + 198) },
-	{ "lgetxattr", (__NR_SYSCALL_BASE + 230) },
-	{ "link", (__NR_SYSCALL_BASE +  9) },
-	{ "linkat", (__NR_SYSCALL_BASE + 330) },
-	{ "listen", (__NR_SYSCALL_BASE + 284) },
-	{ "listxattr", (__NR_SYSCALL_BASE + 232) },
-	{ "llistxattr", (__NR_SYSCALL_BASE + 233) },
+	{ "kexec_load", (__SCMP_NR_BASE + 347) },
+	{ "keyctl", (__SCMP_NR_BASE + 311) },
+	{ "kill", (__SCMP_NR_BASE + 37) },
+	{ "lchown", (__SCMP_NR_BASE + 16) },
+	{ "lchown32", (__SCMP_NR_BASE + 198) },
+	{ "lgetxattr", (__SCMP_NR_BASE + 230) },
+	{ "link", (__SCMP_NR_BASE +  9) },
+	{ "linkat", (__SCMP_NR_BASE + 330) },
+	{ "listen", (__SCMP_NR_BASE + 284) },
+	{ "listxattr", (__SCMP_NR_BASE + 232) },
+	{ "llistxattr", (__SCMP_NR_BASE + 233) },
 	{ "lock", __PNR_lock },
-	{ "lookup_dcookie", (__NR_SYSCALL_BASE + 249) },
-	{ "lremovexattr", (__NR_SYSCALL_BASE + 236) },
-	{ "lseek", (__NR_SYSCALL_BASE + 19) },
-	{ "lsetxattr", (__NR_SYSCALL_BASE + 227) },
-	{ "lstat", (__NR_SYSCALL_BASE + 107) },
-	{ "lstat64", (__NR_SYSCALL_BASE + 196) },
-	{ "madvise", (__NR_SYSCALL_BASE + 220) },
-	{ "mbind", (__NR_SYSCALL_BASE + 319) },
-	{ "memfd_create", (__NR_SYSCALL_BASE + 385) },
+	{ "lookup_dcookie", (__SCMP_NR_BASE + 249) },
+	{ "lremovexattr", (__SCMP_NR_BASE + 236) },
+	{ "lseek", (__SCMP_NR_BASE + 19) },
+	{ "lsetxattr", (__SCMP_NR_BASE + 227) },
+	{ "lstat", (__SCMP_NR_BASE + 107) },
+	{ "lstat64", (__SCMP_NR_BASE + 196) },
+	{ "madvise", (__SCMP_NR_BASE + 220) },
+	{ "mbind", (__SCMP_NR_BASE + 319) },
+	{ "membarrier",  (__SCMP_NR_BASE + 389) },
+	{ "memfd_create", (__SCMP_NR_BASE + 385) },
 	{ "migrate_pages", __PNR_migrate_pages },
-	{ "mincore", (__NR_SYSCALL_BASE + 219) },
-	{ "mkdir", (__NR_SYSCALL_BASE + 39) },
-	{ "mkdirat", (__NR_SYSCALL_BASE + 323) },
-	{ "mknod", (__NR_SYSCALL_BASE + 14) },
-	{ "mknodat", (__NR_SYSCALL_BASE + 324) },
-	{ "mlock", (__NR_SYSCALL_BASE + 150) },
-	{ "mlockall", (__NR_SYSCALL_BASE + 152) },
+	{ "mincore", (__SCMP_NR_BASE + 219) },
+	{ "mkdir", (__SCMP_NR_BASE + 39) },
+	{ "mkdirat", (__SCMP_NR_BASE + 323) },
+	{ "mknod", (__SCMP_NR_BASE + 14) },
+	{ "mknodat", (__SCMP_NR_BASE + 324) },
+	{ "mlock", (__SCMP_NR_BASE + 150) },
+	{ "mlock2", (__SCMP_NR_BASE + 390) },
+	{ "mlockall", (__SCMP_NR_BASE + 152) },
 	{ "mmap", __PNR_mmap },
-	{ "mmap2", (__NR_SYSCALL_BASE + 192) },
+	{ "mmap2", (__SCMP_NR_BASE + 192) },
 	{ "modify_ldt", __PNR_modify_ldt },
-	{ "mount", (__NR_SYSCALL_BASE + 21) },
-	{ "move_pages", (__NR_SYSCALL_BASE + 344) },
-	{ "mprotect", (__NR_SYSCALL_BASE + 125) },
+	{ "mount", (__SCMP_NR_BASE + 21) },
+	{ "move_pages", (__SCMP_NR_BASE + 344) },
+	{ "mprotect", (__SCMP_NR_BASE + 125) },
 	{ "mpx", __PNR_mpx },
-	{ "mq_getsetattr", (__NR_SYSCALL_BASE + 279) },
-	{ "mq_notify", (__NR_SYSCALL_BASE + 278) },
-	{ "mq_open", (__NR_SYSCALL_BASE + 274) },
-	{ "mq_timedreceive", (__NR_SYSCALL_BASE + 277) },
-	{ "mq_timedsend", (__NR_SYSCALL_BASE + 276) },
-	{ "mq_unlink", (__NR_SYSCALL_BASE + 275) },
-	{ "mremap", (__NR_SYSCALL_BASE + 163) },
-	{ "msgctl", (__NR_SYSCALL_BASE + 304) },
-	{ "msgget", (__NR_SYSCALL_BASE + 303) },
-	{ "msgrcv", (__NR_SYSCALL_BASE + 302) },
-	{ "msgsnd", (__NR_SYSCALL_BASE + 301) },
-	{ "msync", (__NR_SYSCALL_BASE + 144) },
-	{ "munlock", (__NR_SYSCALL_BASE + 151) },
-	{ "munlockall", (__NR_SYSCALL_BASE + 153) },
-	{ "munmap", (__NR_SYSCALL_BASE + 91) },
-	{ "name_to_handle_at", (__NR_SYSCALL_BASE + 370) },
-	{ "nanosleep", (__NR_SYSCALL_BASE + 162) },
+	{ "mq_getsetattr", (__SCMP_NR_BASE + 279) },
+	{ "mq_notify", (__SCMP_NR_BASE + 278) },
+	{ "mq_open", (__SCMP_NR_BASE + 274) },
+	{ "mq_timedreceive", (__SCMP_NR_BASE + 277) },
+	{ "mq_timedsend", (__SCMP_NR_BASE + 276) },
+	{ "mq_unlink", (__SCMP_NR_BASE + 275) },
+	{ "mremap", (__SCMP_NR_BASE + 163) },
+	{ "msgctl", (__SCMP_NR_BASE + 304) },
+	{ "msgget", (__SCMP_NR_BASE + 303) },
+	{ "msgrcv", (__SCMP_NR_BASE + 302) },
+	{ "msgsnd", (__SCMP_NR_BASE + 301) },
+	{ "msync", (__SCMP_NR_BASE + 144) },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", (__SCMP_NR_BASE + 151) },
+	{ "munlockall", (__SCMP_NR_BASE + 153) },
+	{ "munmap", (__SCMP_NR_BASE + 91) },
+	{ "name_to_handle_at", (__SCMP_NR_BASE + 370) },
+	{ "nanosleep", (__SCMP_NR_BASE + 162) },
 	{ "newfstatat", __PNR_newfstatat },
-	{ "nfsservctl", (__NR_SYSCALL_BASE + 169) },
-	{ "nice", (__NR_SYSCALL_BASE + 34) },
+	{ "nfsservctl", (__SCMP_NR_BASE + 169) },
+	{ "nice", (__SCMP_NR_BASE + 34) },
 	{ "oldfstat", __PNR_oldfstat },
 	{ "oldlstat", __PNR_oldlstat },
 	{ "oldolduname", __PNR_oldolduname },
 	{ "oldstat", __PNR_oldstat },
 	{ "olduname", __PNR_olduname },
 	{ "oldwait4", __PNR_oldwait4 },
-	{ "open", (__NR_SYSCALL_BASE +  5) },
-	{ "open_by_handle_at", (__NR_SYSCALL_BASE + 371) },
-	{ "openat", (__NR_SYSCALL_BASE + 322) },
-	{ "pause", (__NR_SYSCALL_BASE + 29) },
-	{ "pciconfig_iobase", (__NR_SYSCALL_BASE + 271) },
-	{ "pciconfig_read", (__NR_SYSCALL_BASE + 272) },
-	{ "pciconfig_write", (__NR_SYSCALL_BASE + 273) },
-	{ "perf_event_open", (__NR_SYSCALL_BASE + 364) },
-	{ "personality", (__NR_SYSCALL_BASE + 136) },
-	{ "pipe", (__NR_SYSCALL_BASE + 42) },
-	{ "pipe2", (__NR_SYSCALL_BASE + 359) },
-	{ "pivot_root", (__NR_SYSCALL_BASE + 218) },
-	{ "poll", (__NR_SYSCALL_BASE + 168) },
-	{ "ppoll", (__NR_SYSCALL_BASE + 336) },
-	{ "prctl", (__NR_SYSCALL_BASE + 172) },
-	{ "pread64", (__NR_SYSCALL_BASE + 180) },
-	{ "preadv", (__NR_SYSCALL_BASE + 361) },
-	{ "prlimit64", (__NR_SYSCALL_BASE + 369) },
-	{ "process_vm_readv", (__NR_SYSCALL_BASE + 376) },
-	{ "process_vm_writev", (__NR_SYSCALL_BASE + 377) },
+	{ "open", (__SCMP_NR_BASE +  5) },
+	{ "open_by_handle_at", (__SCMP_NR_BASE + 371) },
+	{ "openat", (__SCMP_NR_BASE + 322) },
+	{ "pause", (__SCMP_NR_BASE + 29) },
+	{ "pciconfig_iobase", (__SCMP_NR_BASE + 271) },
+	{ "pciconfig_read", (__SCMP_NR_BASE + 272) },
+	{ "pciconfig_write", (__SCMP_NR_BASE + 273) },
+	{ "perf_event_open", (__SCMP_NR_BASE + 364) },
+	{ "personality", (__SCMP_NR_BASE + 136) },
+	{ "pipe", (__SCMP_NR_BASE + 42) },
+	{ "pipe2", (__SCMP_NR_BASE + 359) },
+	{ "pivot_root", (__SCMP_NR_BASE + 218) },
+	{ "poll", (__SCMP_NR_BASE + 168) },
+	{ "ppoll", (__SCMP_NR_BASE + 336) },
+	{ "prctl", (__SCMP_NR_BASE + 172) },
+	{ "pread64", (__SCMP_NR_BASE + 180) },
+	{ "preadv", (__SCMP_NR_BASE + 361) },
+	{ "prlimit64", (__SCMP_NR_BASE + 369) },
+	{ "process_vm_readv", (__SCMP_NR_BASE + 376) },
+	{ "process_vm_writev", (__SCMP_NR_BASE + 377) },
 	{ "prof", __PNR_prof },
 	{ "profil", __PNR_profil },
-	{ "pselect6", (__NR_SYSCALL_BASE + 335) },
-	{ "ptrace", (__NR_SYSCALL_BASE + 26) },
+	{ "pselect6", (__SCMP_NR_BASE + 335) },
+	{ "ptrace", (__SCMP_NR_BASE + 26) },
 	{ "putpmsg", __PNR_putpmsg },
-	{ "pwrite64", (__NR_SYSCALL_BASE + 181) },
-	{ "pwritev", (__NR_SYSCALL_BASE + 362) },
+	{ "pwrite64", (__SCMP_NR_BASE + 181) },
+	{ "pwritev", (__SCMP_NR_BASE + 362) },
 	{ "query_module", __PNR_query_module },
-	{ "quotactl", (__NR_SYSCALL_BASE + 131) },
-	{ "read", (__NR_SYSCALL_BASE +  3) },
-	{ "readahead", (__NR_SYSCALL_BASE + 225) },
+	{ "quotactl", (__SCMP_NR_BASE + 131) },
+	{ "read", (__SCMP_NR_BASE +  3) },
+	{ "readahead", (__SCMP_NR_BASE + 225) },
 	{ "readdir", __PNR_readdir },
-	{ "readlink", (__NR_SYSCALL_BASE + 85) },
-	{ "readlinkat", (__NR_SYSCALL_BASE + 332) },
-	{ "readv", (__NR_SYSCALL_BASE + 145) },
-	{ "reboot", (__NR_SYSCALL_BASE + 88) },
-	{ "recv", (__NR_SYSCALL_BASE + 291) },
-	{ "recvfrom", (__NR_SYSCALL_BASE + 292) },
-	{ "recvmmsg", (__NR_SYSCALL_BASE + 365) },
-	{ "recvmsg", (__NR_SYSCALL_BASE + 297) },
-	{ "remap_file_pages", (__NR_SYSCALL_BASE + 253) },
-	{ "removexattr", (__NR_SYSCALL_BASE + 235) },
-	{ "rename", (__NR_SYSCALL_BASE + 38) },
-	{ "renameat", (__NR_SYSCALL_BASE + 329) },
-	{ "renameat2", (__NR_SYSCALL_BASE + 382) },
-	{ "request_key", (__NR_SYSCALL_BASE + 310) },
-	{ "restart_syscall", (__NR_SYSCALL_BASE +  0) },
-	{ "rmdir", (__NR_SYSCALL_BASE + 40) },
-	{ "rt_sigaction", (__NR_SYSCALL_BASE + 174) },
-	{ "rt_sigpending", (__NR_SYSCALL_BASE + 176) },
-	{ "rt_sigprocmask", (__NR_SYSCALL_BASE + 175) },
-	{ "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 178) },
-	{ "rt_sigreturn", (__NR_SYSCALL_BASE + 173) },
-	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) },
-	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
-	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
-	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
-	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
-	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
-	{ "sched_getattr", (__NR_SYSCALL_BASE + 381) },
-	{ "sched_getparam", (__NR_SYSCALL_BASE + 155) },
-	{ "sched_getscheduler", (__NR_SYSCALL_BASE + 157) },
-	{ "sched_rr_get_interval", (__NR_SYSCALL_BASE + 161) },
-	{ "sched_setaffinity", (__NR_SYSCALL_BASE + 241) },
-	{ "sched_setattr", (__NR_SYSCALL_BASE + 380) },
-	{ "sched_setparam", (__NR_SYSCALL_BASE + 154) },
-	{ "sched_setscheduler", (__NR_SYSCALL_BASE + 156) },
-	{ "sched_yield", (__NR_SYSCALL_BASE + 158) },
-	{ "seccomp", (__NR_SYSCALL_BASE + 383) },
+	{ "readlink", (__SCMP_NR_BASE + 85) },
+	{ "readlinkat", (__SCMP_NR_BASE + 332) },
+	{ "readv", (__SCMP_NR_BASE + 145) },
+	{ "reboot", (__SCMP_NR_BASE + 88) },
+	{ "recv", (__SCMP_NR_BASE + 291) },
+	{ "recvfrom", (__SCMP_NR_BASE + 292) },
+	{ "recvmmsg", (__SCMP_NR_BASE + 365) },
+	{ "recvmsg", (__SCMP_NR_BASE + 297) },
+	{ "remap_file_pages", (__SCMP_NR_BASE + 253) },
+	{ "removexattr", (__SCMP_NR_BASE + 235) },
+	{ "rename", (__SCMP_NR_BASE + 38) },
+	{ "renameat", (__SCMP_NR_BASE + 329) },
+	{ "renameat2", (__SCMP_NR_BASE + 382) },
+	{ "request_key", (__SCMP_NR_BASE + 310) },
+	{ "restart_syscall", (__SCMP_NR_BASE +  0) },
+	{ "rmdir", (__SCMP_NR_BASE + 40) },
+	{ "rt_sigaction", (__SCMP_NR_BASE + 174) },
+	{ "rt_sigpending", (__SCMP_NR_BASE + 176) },
+	{ "rt_sigprocmask", (__SCMP_NR_BASE + 175) },
+	{ "rt_sigqueueinfo", (__SCMP_NR_BASE + 178) },
+	{ "rt_sigreturn", (__SCMP_NR_BASE + 173) },
+	{ "rt_sigsuspend", (__SCMP_NR_BASE + 179) },
+	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 177) },
+	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 363) },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "sched_get_priority_max", (__SCMP_NR_BASE + 159) },
+	{ "sched_get_priority_min", (__SCMP_NR_BASE + 160) },
+	{ "sched_getaffinity", (__SCMP_NR_BASE + 242) },
+	{ "sched_getattr", (__SCMP_NR_BASE + 381) },
+	{ "sched_getparam", (__SCMP_NR_BASE + 155) },
+	{ "sched_getscheduler", (__SCMP_NR_BASE + 157) },
+	{ "sched_rr_get_interval", (__SCMP_NR_BASE + 161) },
+	{ "sched_setaffinity", (__SCMP_NR_BASE + 241) },
+	{ "sched_setattr", (__SCMP_NR_BASE + 380) },
+	{ "sched_setparam", (__SCMP_NR_BASE + 154) },
+	{ "sched_setscheduler", (__SCMP_NR_BASE + 156) },
+	{ "sched_yield", (__SCMP_NR_BASE + 158) },
+	{ "seccomp", (__SCMP_NR_BASE + 383) },
 	{ "security", __PNR_security },
 	{ "select", __PNR_select },
-	{ "semctl", (__NR_SYSCALL_BASE + 300) },
-	{ "semget", (__NR_SYSCALL_BASE + 299) },
-	{ "semop", (__NR_SYSCALL_BASE + 298) },
-	{ "semtimedop", (__NR_SYSCALL_BASE + 312) },
-	{ "send", (__NR_SYSCALL_BASE + 289) },
-	{ "sendfile", (__NR_SYSCALL_BASE + 187) },
-	{ "sendfile64", (__NR_SYSCALL_BASE + 239) },
-	{ "sendmmsg", (__NR_SYSCALL_BASE + 374) },
-	{ "sendmsg", (__NR_SYSCALL_BASE + 296) },
-	{ "sendto", (__NR_SYSCALL_BASE + 290) },
-	{ "set_mempolicy", (__NR_SYSCALL_BASE + 321) },
-	{ "set_robust_list", (__NR_SYSCALL_BASE + 338) },
+	{ "semctl", (__SCMP_NR_BASE + 300) },
+	{ "semget", (__SCMP_NR_BASE + 299) },
+	{ "semop", (__SCMP_NR_BASE + 298) },
+	{ "semtimedop", (__SCMP_NR_BASE + 312) },
+	{ "send", (__SCMP_NR_BASE + 289) },
+	{ "sendfile", (__SCMP_NR_BASE + 187) },
+	{ "sendfile64", (__SCMP_NR_BASE + 239) },
+	{ "sendmmsg", (__SCMP_NR_BASE + 374) },
+	{ "sendmsg", (__SCMP_NR_BASE + 296) },
+	{ "sendto", (__SCMP_NR_BASE + 290) },
+	{ "set_mempolicy", (__SCMP_NR_BASE + 321) },
+	{ "set_robust_list", (__SCMP_NR_BASE + 338) },
 	{ "set_thread_area", __PNR_set_thread_area },
-	{ "set_tid_address", (__NR_SYSCALL_BASE + 256) },
-	{ "set_tls", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 5)) },
-	{ "setdomainname", (__NR_SYSCALL_BASE + 121) },
-	{ "setfsgid", (__NR_SYSCALL_BASE + 139) },
-	{ "setfsgid32", (__NR_SYSCALL_BASE + 216) },
-	{ "setfsuid", (__NR_SYSCALL_BASE + 138) },
-	{ "setfsuid32", (__NR_SYSCALL_BASE + 215) },
-	{ "setgid", (__NR_SYSCALL_BASE + 46) },
-	{ "setgid32", (__NR_SYSCALL_BASE + 214) },
-	{ "setgroups", (__NR_SYSCALL_BASE + 81) },
-	{ "setgroups32", (__NR_SYSCALL_BASE + 206) },
-	{ "sethostname", (__NR_SYSCALL_BASE + 74) },
-	{ "setitimer", (__NR_SYSCALL_BASE + 104) },
-	{ "setns", (__NR_SYSCALL_BASE + 375) },
-	{ "setpgid", (__NR_SYSCALL_BASE + 57) },
-	{ "setpriority", (__NR_SYSCALL_BASE + 97) },
-	{ "setregid", (__NR_SYSCALL_BASE + 71) },
-	{ "setregid32", (__NR_SYSCALL_BASE + 204) },
-	{ "setresgid", (__NR_SYSCALL_BASE + 170) },
-	{ "setresgid32", (__NR_SYSCALL_BASE + 210) },
-	{ "setresuid", (__NR_SYSCALL_BASE + 164) },
-	{ "setresuid32", (__NR_SYSCALL_BASE + 208) },
-	{ "setreuid", (__NR_SYSCALL_BASE + 70) },
-	{ "setreuid32", (__NR_SYSCALL_BASE + 203) },
-	{ "setrlimit", (__NR_SYSCALL_BASE + 75) },
-	{ "setsid", (__NR_SYSCALL_BASE + 66) },
-	{ "setsockopt", (__NR_SYSCALL_BASE + 294) },
-	{ "settimeofday", (__NR_SYSCALL_BASE + 79) },
-	{ "setuid", (__NR_SYSCALL_BASE + 23) },
-	{ "setuid32", (__NR_SYSCALL_BASE + 213) },
-	{ "setxattr", (__NR_SYSCALL_BASE + 226) },
+	{ "set_tid_address", (__SCMP_NR_BASE + 256) },
+	{ "set_tls", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 5)) },
+	{ "setdomainname", (__SCMP_NR_BASE + 121) },
+	{ "setfsgid", (__SCMP_NR_BASE + 139) },
+	{ "setfsgid32", (__SCMP_NR_BASE + 216) },
+	{ "setfsuid", (__SCMP_NR_BASE + 138) },
+	{ "setfsuid32", (__SCMP_NR_BASE + 215) },
+	{ "setgid", (__SCMP_NR_BASE + 46) },
+	{ "setgid32", (__SCMP_NR_BASE + 214) },
+	{ "setgroups", (__SCMP_NR_BASE + 81) },
+	{ "setgroups32", (__SCMP_NR_BASE + 206) },
+	{ "sethostname", (__SCMP_NR_BASE + 74) },
+	{ "setitimer", (__SCMP_NR_BASE + 104) },
+	{ "setns", (__SCMP_NR_BASE + 375) },
+	{ "setpgid", (__SCMP_NR_BASE + 57) },
+	{ "setpriority", (__SCMP_NR_BASE + 97) },
+	{ "setregid", (__SCMP_NR_BASE + 71) },
+	{ "setregid32", (__SCMP_NR_BASE + 204) },
+	{ "setresgid", (__SCMP_NR_BASE + 170) },
+	{ "setresgid32", (__SCMP_NR_BASE + 210) },
+	{ "setresuid", (__SCMP_NR_BASE + 164) },
+	{ "setresuid32", (__SCMP_NR_BASE + 208) },
+	{ "setreuid", (__SCMP_NR_BASE + 70) },
+	{ "setreuid32", (__SCMP_NR_BASE + 203) },
+	{ "setrlimit", (__SCMP_NR_BASE + 75) },
+	{ "setsid", (__SCMP_NR_BASE + 66) },
+	{ "setsockopt", (__SCMP_NR_BASE + 294) },
+	{ "settimeofday", (__SCMP_NR_BASE + 79) },
+	{ "setuid", (__SCMP_NR_BASE + 23) },
+	{ "setuid32", (__SCMP_NR_BASE + 213) },
+	{ "setxattr", (__SCMP_NR_BASE + 226) },
 	{ "sgetmask", __PNR_sgetmask },
-	{ "shmat", (__NR_SYSCALL_BASE + 305) },
-	{ "shmctl", (__NR_SYSCALL_BASE + 308) },
-	{ "shmdt", (__NR_SYSCALL_BASE + 306) },
-	{ "shmget", (__NR_SYSCALL_BASE + 307) },
-	{ "shutdown", (__NR_SYSCALL_BASE + 293) },
-	{ "sigaction", (__NR_SYSCALL_BASE + 67) },
-	{ "sigaltstack", (__NR_SYSCALL_BASE + 186) },
+	{ "shmat", (__SCMP_NR_BASE + 305) },
+	{ "shmctl", (__SCMP_NR_BASE + 308) },
+	{ "shmdt", (__SCMP_NR_BASE + 306) },
+	{ "shmget", (__SCMP_NR_BASE + 307) },
+	{ "shutdown", (__SCMP_NR_BASE + 293) },
+	{ "sigaction", (__SCMP_NR_BASE + 67) },
+	{ "sigaltstack", (__SCMP_NR_BASE + 186) },
 	{ "signal", __PNR_signal },
-	{ "signalfd", (__NR_SYSCALL_BASE + 349) },
-	{ "signalfd4", (__NR_SYSCALL_BASE + 355) },
-	{ "sigpending", (__NR_SYSCALL_BASE + 73) },
-	{ "sigprocmask", (__NR_SYSCALL_BASE + 126) },
-	{ "sigreturn", (__NR_SYSCALL_BASE + 119) },
-	{ "sigsuspend", (__NR_SYSCALL_BASE + 72) },
-	{ "socket", (__NR_SYSCALL_BASE + 281) },
+	{ "signalfd", (__SCMP_NR_BASE + 349) },
+	{ "signalfd4", (__SCMP_NR_BASE + 355) },
+	{ "sigpending", (__SCMP_NR_BASE + 73) },
+	{ "sigprocmask", (__SCMP_NR_BASE + 126) },
+	{ "sigreturn", (__SCMP_NR_BASE + 119) },
+	{ "sigsuspend", (__SCMP_NR_BASE + 72) },
+	{ "socket", (__SCMP_NR_BASE + 281) },
 	{ "socketcall", __PNR_socketcall },
-	{ "socketpair", (__NR_SYSCALL_BASE + 288) },
-	{ "splice", (__NR_SYSCALL_BASE + 340) },
+	{ "socketpair", (__SCMP_NR_BASE + 288) },
+	{ "splice", (__SCMP_NR_BASE + 340) },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", __PNR_ssetmask },
-	{ "stat", (__NR_SYSCALL_BASE + 106) },
-	{ "stat64", (__NR_SYSCALL_BASE + 195) },
-	{ "statfs", (__NR_SYSCALL_BASE + 99) },
-	{ "statfs64", (__NR_SYSCALL_BASE + 266) },
+	{ "stat", (__SCMP_NR_BASE + 106) },
+	{ "stat64", (__SCMP_NR_BASE + 195) },
+	{ "statfs", (__SCMP_NR_BASE + 99) },
+	{ "statfs64", (__SCMP_NR_BASE + 266) },
 	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
-	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
-	{ "swapon", (__NR_SYSCALL_BASE + 87) },
-	{ "symlink", (__NR_SYSCALL_BASE + 83) },
-	{ "symlinkat", (__NR_SYSCALL_BASE + 331) },
-	{ "sync", (__NR_SYSCALL_BASE + 36) },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", (__SCMP_NR_BASE + 115) },
+	{ "swapon", (__SCMP_NR_BASE + 87) },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", (__SCMP_NR_BASE + 83) },
+	{ "symlinkat", (__SCMP_NR_BASE + 331) },
+	{ "sync", (__SCMP_NR_BASE + 36) },
 	{ "sync_file_range", __PNR_sync_file_range },
-	{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
-	{ "syncfs", (__NR_SYSCALL_BASE + 373) },
-	{ "syscall", __PNR_syscall },
-	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
-	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
-	{ "syslog", (__NR_SYSCALL_BASE + 103) },
+	{ "sync_file_range2", (__SCMP_NR_BASE + 341) },
+	{ "syncfs", (__SCMP_NR_BASE + 373) },
+	{ "syscall", (__PNR_syscall) },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", (__SCMP_NR_BASE + 135) },
+	{ "sysinfo", (__SCMP_NR_BASE + 116) },
+	{ "syslog", (__SCMP_NR_BASE + 103) },
 	{ "sysmips", __PNR_sysmips },
-	{ "tee", (__NR_SYSCALL_BASE + 342) },
-	{ "tgkill", (__NR_SYSCALL_BASE + 268) },
+	{ "tee", (__SCMP_NR_BASE + 342) },
+	{ "tgkill", (__SCMP_NR_BASE + 268) },
 	{ "time", __PNR_time },
-	{ "timer_create", (__NR_SYSCALL_BASE + 257) },
-	{ "timer_delete", (__NR_SYSCALL_BASE + 261) },
-	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
-	{ "timer_gettime", (__NR_SYSCALL_BASE + 259) },
-	{ "timer_settime", (__NR_SYSCALL_BASE + 258) },
+	{ "timer_create", (__SCMP_NR_BASE + 257) },
+	{ "timer_delete", (__SCMP_NR_BASE + 261) },
+	{ "timer_getoverrun", (__SCMP_NR_BASE + 260) },
+	{ "timer_gettime", (__SCMP_NR_BASE + 259) },
+	{ "timer_settime", (__SCMP_NR_BASE + 258) },
 	{ "timerfd", __PNR_timerfd },
-	{ "timerfd_create", (__NR_SYSCALL_BASE + 350) },
-	{ "timerfd_gettime", (__NR_SYSCALL_BASE + 354) },
-	{ "timerfd_settime", (__NR_SYSCALL_BASE + 353) },
-	{ "times", (__NR_SYSCALL_BASE + 43) },
-	{ "tkill", (__NR_SYSCALL_BASE + 238) },
-	{ "truncate", (__NR_SYSCALL_BASE + 92) },
-	{ "truncate64", (__NR_SYSCALL_BASE + 193) },
+	{ "timerfd_create", (__SCMP_NR_BASE + 350) },
+	{ "timerfd_gettime", (__SCMP_NR_BASE + 354) },
+	{ "timerfd_settime", (__SCMP_NR_BASE + 353) },
+	{ "times", (__SCMP_NR_BASE + 43) },
+	{ "tkill", (__SCMP_NR_BASE + 238) },
+	{ "truncate", (__SCMP_NR_BASE + 92) },
+	{ "truncate64", (__SCMP_NR_BASE + 193) },
 	{ "tuxcall", __PNR_tuxcall },
-	{ "ugetrlimit", (__NR_SYSCALL_BASE + 191) },
+	{ "ugetrlimit", (__SCMP_NR_BASE + 191) },
 	{ "ulimit", __PNR_ulimit },
-	{ "umask", (__NR_SYSCALL_BASE + 60) },
+	{ "umask", (__SCMP_NR_BASE + 60) },
 	{ "umount", __PNR_umount },
-	{ "umount2", (__NR_SYSCALL_BASE + 52) },
-	{ "uname", (__NR_SYSCALL_BASE + 122) },
-	{ "unlink", (__NR_SYSCALL_BASE + 10) },
-	{ "unlinkat", (__NR_SYSCALL_BASE + 328) },
-	{ "unshare", (__NR_SYSCALL_BASE + 337) },
-	{ "uselib", (__NR_SYSCALL_BASE + 86) },
-	{ "usr26", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 3)) },
-	{ "usr32", (__NR_SYSCALL_BASE + (__ARM_NR_BASE + 4)) },
-	{ "ustat", (__NR_SYSCALL_BASE + 62) },
+	{ "umount2", (__SCMP_NR_BASE + 52) },
+	{ "uname", (__SCMP_NR_BASE + 122) },
+	{ "unlink", (__SCMP_NR_BASE + 10) },
+	{ "unlinkat", (__SCMP_NR_BASE + 328) },
+	{ "unshare", (__SCMP_NR_BASE + 337) },
+	{ "uselib", (__SCMP_NR_BASE + 86) },
+	{ "userfaultfd", (__SCMP_NR_BASE + 388) },
+	{ "usr26", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 3)) },
+	{ "usr32", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 4)) },
+	{ "ustat", (__SCMP_NR_BASE + 62) },
 	{ "utime", __PNR_utime },
-	{ "utimensat", (__NR_SYSCALL_BASE + 348) },
-	{ "utimes", (__NR_SYSCALL_BASE + 269) },
-	{ "vfork", (__NR_SYSCALL_BASE + 190) },
-	{ "vhangup", (__NR_SYSCALL_BASE + 111) },
+	{ "utimensat", (__SCMP_NR_BASE + 348) },
+	{ "utimes", (__SCMP_NR_BASE + 269) },
+	{ "vfork", (__SCMP_NR_BASE + 190) },
+	{ "vhangup", (__SCMP_NR_BASE + 111) },
 	{ "vm86", __PNR_vm86 },
 	{ "vm86old", __PNR_vm86old },
-	{ "vmsplice", (__NR_SYSCALL_BASE + 343) },
-	{ "vserver", (__NR_SYSCALL_BASE + 313) },
-	{ "wait4", (__NR_SYSCALL_BASE + 114) },
-	{ "waitid", (__NR_SYSCALL_BASE + 280) },
+	{ "vmsplice", (__SCMP_NR_BASE + 343) },
+	{ "vserver", (__SCMP_NR_BASE + 313) },
+	{ "wait4", (__SCMP_NR_BASE + 114) },
+	{ "waitid", (__SCMP_NR_BASE + 280) },
 	{ "waitpid", __PNR_waitpid },
-	{ "write", (__NR_SYSCALL_BASE +  4) },
-	{ "writev", (__NR_SYSCALL_BASE + 146) },
+	{ "write", (__SCMP_NR_BASE +  4) },
+	{ "writev", (__SCMP_NR_BASE + 146) },
 	{ NULL, __NR_SCMP_ERROR },
 };
 
diff -Nru libseccomp-2.2.3/src/arch.c libseccomp-2.3.1/src/arch.c
--- libseccomp-2.2.3/src/arch.c	2015-06-28 16:17:00.540527435 +0000
+++ libseccomp-2.3.1/src/arch.c	2016-02-11 18:32:37.551670577 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp Architecture/Machine Specific Code
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -38,6 +38,11 @@
 #include "arch-mips.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
+#include "arch-ppc.h"
+#include "arch-ppc64.h"
+#include "arch-s390.h"
+#include "arch-s390x.h"
+#include "db.h"
 #include "system.h"
 
 #define default_arg_count_max		6
@@ -74,6 +79,18 @@
 #elif __MIPSEL__
 const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
 #endif /* _MIPS_SIM_NABI32 */
+#elif __PPC64__
+#ifdef __BIG_ENDIAN__
+const struct arch_def *arch_def_native = &arch_def_ppc64;
+#else
+const struct arch_def *arch_def_native = &arch_def_ppc64le;
+#endif
+#elif __PPC__
+const struct arch_def *arch_def_native = &arch_def_ppc;
+#elif __s390x__ /* s390x must be checked before s390 */
+const struct arch_def *arch_def_native = &arch_def_s390x;
+#elif __s390__
+const struct arch_def *arch_def_native = &arch_def_s390;
 #else
 #error the arch code needs to know about your machine type
 #endif /* machine type guess */
@@ -122,6 +139,16 @@
 		return &arch_def_mips64n32;
 	case SCMP_ARCH_MIPSEL64N32:
 		return &arch_def_mipsel64n32;
+	case SCMP_ARCH_PPC:
+		return &arch_def_ppc;
+	case SCMP_ARCH_PPC64:
+		return &arch_def_ppc64;
+	case SCMP_ARCH_PPC64LE:
+		return &arch_def_ppc64le;
+	case SCMP_ARCH_S390:
+		return &arch_def_s390;
+	case SCMP_ARCH_S390X:
+		return &arch_def_s390x;
 	}
 
 	return NULL;
@@ -158,6 +185,16 @@
 		return &arch_def_mips64n32;
 	else if (strcmp(arch_name, "mipsel64n32") == 0)
 		return &arch_def_mipsel64n32;
+	else if (strcmp(arch_name, "ppc") == 0)
+		return &arch_def_ppc;
+	else if (strcmp(arch_name, "ppc64") == 0)
+		return &arch_def_ppc64;
+	else if (strcmp(arch_name, "ppc64le") == 0)
+		return &arch_def_ppc64le;
+	else if (strcmp(arch_name, "s390") == 0)
+		return &arch_def_s390;
+	else if (strcmp(arch_name, "s390x") == 0)
+		return &arch_def_s390x;
 
 	return NULL;
 }
@@ -256,27 +293,8 @@
  */
 int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
 {
-	switch (arch->token) {
-	case SCMP_ARCH_X86:
-		return x86_syscall_resolve_name(name);
-	case SCMP_ARCH_X86_64:
-		return x86_64_syscall_resolve_name(name);
-	case SCMP_ARCH_X32:
-		return x32_syscall_resolve_name(name);
-	case SCMP_ARCH_ARM:
-		return arm_syscall_resolve_name(name);
-	case SCMP_ARCH_AARCH64:
-		return aarch64_syscall_resolve_name(name);
-	case SCMP_ARCH_MIPS:
-	case SCMP_ARCH_MIPSEL:
-		return mips_syscall_resolve_name(name);
-	case SCMP_ARCH_MIPS64:
-	case SCMP_ARCH_MIPSEL64:
-		return mips64_syscall_resolve_name(name);
-	case SCMP_ARCH_MIPS64N32:
-	case SCMP_ARCH_MIPSEL64N32:
-		return mips64n32_syscall_resolve_name(name);
-	}
+	if (arch->syscall_resolve_name)
+		return (*arch->syscall_resolve_name)(name);
 
 	return __NR_SCMP_ERROR;
 }
@@ -293,27 +311,8 @@
  */
 const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
 {
-	switch (arch->token) {
-	case SCMP_ARCH_X86:
-		return x86_syscall_resolve_num(num);
-	case SCMP_ARCH_X86_64:
-		return x86_64_syscall_resolve_num(num);
-	case SCMP_ARCH_X32:
-		return x32_syscall_resolve_num(num);
-	case SCMP_ARCH_ARM:
-		return arm_syscall_resolve_num(num);
-	case SCMP_ARCH_AARCH64:
-		return aarch64_syscall_resolve_num(num);
-	case SCMP_ARCH_MIPS:
-	case SCMP_ARCH_MIPSEL:
-		return mips_syscall_resolve_num(num);
-	case SCMP_ARCH_MIPS64:
-	case SCMP_ARCH_MIPSEL64:
-		return mips64_syscall_resolve_num(num);
-	case SCMP_ARCH_MIPS64N32:
-	case SCMP_ARCH_MIPSEL64N32:
-		return mips64n32_syscall_resolve_num(num);
-	}
+	if (arch->syscall_resolve_num)
+		return (*arch->syscall_resolve_num)(num);
 
 	return NULL;
 }
@@ -351,18 +350,15 @@
 /**
  * Rewrite a syscall value to match the architecture
  * @param arch the architecture definition
- * @param strict strict flag
  * @param syscall the syscall number
  *
  * Syscalls can vary across different architectures so this function rewrites
- * the syscall into the correct value for the specified architecture.  If
- * @strict is true then the function will fail if the syscall can not be
- * preservered, however, if @strict is false the function will do a "best
- * effort" rewrite and not fail. Returns zero on success, negative values on
- * failure.
+ * the syscall into the correct value for the specified architecture. Returns
+ * zero on success, -EDOM if the syscall is not defined for @arch, and negative
+ * values on failure.
  *
  */
-int arch_syscall_rewrite(const struct arch_def *arch, bool strict, int *syscall)
+int arch_syscall_rewrite(const struct arch_def *arch, int *syscall)
 {
 	int sys = *syscall;
 
@@ -374,58 +370,104 @@
 		return -EINVAL;
 	} else if (sys <= -100 && sys > -10000) {
 		/* rewritable syscalls */
-		switch (arch->token) {
-		case SCMP_ARCH_X86:
-			return x86_syscall_rewrite(arch, strict, syscall);
-		}
-		/* NOTE: we fall through to the default handling (strict?) if
-		 *       we don't support any rewriting for the architecture */
+		if (arch->syscall_rewrite)
+			(*arch->syscall_rewrite)(syscall);
 	}
 
 	/* syscalls not defined on this architecture */
-	if (strict)
+	if ((*syscall) < 0)
 		return -EDOM;
 	return 0;
 }
 
 /**
- * Rewrite a filter rule to match the architecture specifics
- * @param arch the architecture definition
- * @param strict strict flag
+ * Add a new rule to the specified filter
+ * @param col the filter collection
+ * @param db the seccomp filter db
+ * @param strict the strict flag
+ * @param action the filter action
  * @param syscall the syscall number
+ * @param chain_len the number of argument filters in the argument filter chain
  * @param chain the argument filter chain
  *
- * Syscalls can vary across different architectures so this function handles
- * the necessary seccomp rule rewrites to ensure the right thing is done
- * regardless of the rule or architecture.  If @strict is true then the
- * function will fail if the entire filter can not be preservered, however,
- * if @strict is false the function will do a "best effort" rewrite and not
- * fail.  Returns zero on success, negative values on failure.
- *
- */
-int arch_filter_rewrite(const struct arch_def *arch,
-			bool strict, int *syscall, struct db_api_arg *chain)
-{
-	int sys = *syscall;
+ * This function adds a new argument/comparison/value to the seccomp filter for
+ * a syscall; multiple arguments can be specified and they will be chained
+ * together (essentially AND'd together) in the filter.  When the strict flag
+ * is true the function will fail if the exact rule can not be added to the
+ * filter, if the strict flag is false the function will not fail if the
+ * function needs to adjust the rule due to architecture specifics.  Returns
+ * zero on success, negative values on failure.
+ *
+ */
+int arch_filter_rule_add(struct db_filter_col *col, struct db_filter *db,
+			 bool strict, uint32_t action, int syscall,
+			 unsigned int chain_len, struct db_api_arg *chain)
+{
+	int rc;
+	size_t chain_size = sizeof(*chain) * chain_len;
+	struct db_api_rule_list *rule, *rule_tail;
 
-	if (sys >= 0) {
-		/* we shouldn't be here - no rewrite needed */
-		return 0;
-	} else if (sys < 0 && sys > -100) {
-		/* reserved values */
+	/* ensure we aren't using any reserved syscall values */
+	if (syscall < 0 && syscall > -100)
 		return -EINVAL;
-	} else if (sys <= -100 && sys > -10000) {
-		/* rewritable syscalls */
-		switch (arch->token) {
-		case SCMP_ARCH_X86:
-			return x86_filter_rewrite(arch, strict, syscall, chain);
-		}
-		/* NOTE: we fall through to the default handling (strict?) if
-		 *       we don't support any rewriting for the architecture */
+
+	/* translate the syscall */
+	rc = arch_syscall_translate(db->arch, &syscall);
+	if (rc < 0)
+		return rc;
+
+	/* copy of the chain for each filter in the collection */
+	rule = malloc(sizeof(*rule));
+	if (rule == NULL)
+		return -ENOMEM;
+	rule->args = malloc(chain_size);
+	if (rule->args == NULL) {
+		free(rule);
+		return -ENOMEM;
 	}
+	rule->action = action;
+	rule->syscall = syscall;
+	rule->args_cnt = chain_len;
+	memcpy(rule->args, chain, chain_size);
+	rule->prev = NULL;
+	rule->next = NULL;
+
+	/* add the new rule to the existing filter */
+	if (db->arch->rule_add == NULL) {
+		/* negative syscalls require a db->arch->rule_add() function */
+		if (syscall < 0 && strict) {
+			rc = -EDOM;
+			goto rule_add_failure;
+		}
+		rc = db_rule_add(db, rule);
+	} else
+		rc = (db->arch->rule_add)(col, db, strict, rule);
+	if (rc == 0) {
+		/* insert the chain to the end of the filter's rule list */
+		rule_tail = rule;
+		while (rule_tail->next)
+			rule_tail = rule_tail->next;
+		if (db->rules != NULL) {
+			rule->prev = db->rules->prev;
+			rule_tail->next = db->rules;
+			db->rules->prev->next = rule;
+			db->rules->prev = rule_tail;
+		} else {
+			rule->prev = rule_tail;
+			rule_tail->next = rule;
+			db->rules = rule;
+		}
+	} else
+		goto rule_add_failure;
 
-	/* syscalls not defined on this architecture */
-	if (strict)
-		return -EDOM;
 	return 0;
+
+rule_add_failure:
+	do {
+		rule_tail = rule;
+		rule = rule->next;
+		free(rule_tail->args);
+		free(rule_tail);
+	} while (rule);
+	return rc;
 }
diff -Nru libseccomp-2.2.3/src/arch.h libseccomp-2.3.1/src/arch.h
--- libseccomp-2.2.3/src/arch.h	2015-06-28 16:17:00.642527427 +0000
+++ libseccomp-2.3.1/src/arch.h	2016-02-19 19:24:11.025998940 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp Architecture/Machine Specific Code
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -30,9 +30,12 @@
 
 #include "system.h"
 
+struct db_filter;
 struct db_api_arg;
+struct db_api_rule_list;
 
 struct arch_def {
+	/* arch definition */
 	uint32_t token;
 	uint32_t token_bpf;
 	enum {
@@ -45,6 +48,13 @@
 		ARCH_ENDIAN_LITTLE,
 		ARCH_ENDIAN_BIG,
 	} endian;
+
+	/* arch specific functions */
+	int (*syscall_resolve_name)(const char *name);
+	const char *(*syscall_resolve_num)(int num);
+	int (*syscall_rewrite)(int *syscall);
+	int (*rule_add)(struct db_filter_col *col, struct db_filter *db,
+			bool strict, struct db_api_rule_list *rule);
 };
 
 /* arch_def for the current architecture */
@@ -90,10 +100,10 @@
 const char *arch_syscall_resolve_num(const struct arch_def *arch, int num);
 
 int arch_syscall_translate(const struct arch_def *arch, int *syscall);
-int arch_syscall_rewrite(const struct arch_def *arch, bool strict,
-			 int *syscall);
+int arch_syscall_rewrite(const struct arch_def *arch, int *syscall);
 
-int arch_filter_rewrite(const struct arch_def *arch,
-			bool strict, int *syscall, struct db_api_arg *chain);
+int arch_filter_rule_add(struct db_filter_col *col, struct db_filter *db,
+			 bool strict, uint32_t action, int syscall,
+			 unsigned int chain_len, struct db_api_arg *chain);
 
 #endif
diff -Nru libseccomp-2.2.3/src/arch-mips64.c libseccomp-2.3.1/src/arch-mips64.c
--- libseccomp-2.2.3/src/arch-mips64.c	2015-06-28 16:17:00.472527440 +0000
+++ libseccomp-2.3.1/src/arch-mips64.c	2016-02-11 18:32:37.534670579 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp MIPS64 Specific Code
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
@@ -30,6 +30,10 @@
 	.token_bpf = AUDIT_ARCH_MIPS64,
 	.size = ARCH_SIZE_64,
 	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = mips64_syscall_resolve_name,
+	.syscall_resolve_num = mips64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
 
 const struct arch_def arch_def_mipsel64 = {
@@ -37,4 +41,8 @@
 	.token_bpf = AUDIT_ARCH_MIPSEL64,
 	.size = ARCH_SIZE_64,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = mips64_syscall_resolve_name,
+	.syscall_resolve_num = mips64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-mips64.h libseccomp-2.3.1/src/arch-mips64.h
--- libseccomp-2.2.3/src/arch-mips64.h	2015-06-28 16:17:00.620527429 +0000
+++ libseccomp-2.3.1/src/arch-mips64.h	2016-02-11 18:32:39.775670411 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp MIPS64 Specific Code
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
diff -Nru libseccomp-2.2.3/src/arch-mips64n32.c libseccomp-2.3.1/src/arch-mips64n32.c
--- libseccomp-2.2.3/src/arch-mips64n32.c	2015-06-28 16:17:00.485527439 +0000
+++ libseccomp-2.3.1/src/arch-mips64n32.c	2016-02-11 18:32:37.536670579 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp MIPS Specific Code
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
@@ -32,6 +32,10 @@
 	.token_bpf = AUDIT_ARCH_MIPS64N32,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = mips64n32_syscall_resolve_name,
+	.syscall_resolve_num = mips64n32_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
 
 const struct arch_def arch_def_mipsel64n32 = {
@@ -39,4 +43,8 @@
 	.token_bpf = AUDIT_ARCH_MIPSEL64N32,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = mips64n32_syscall_resolve_name,
+	.syscall_resolve_num = mips64n32_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-mips64n32.h libseccomp-2.3.1/src/arch-mips64n32.h
--- libseccomp-2.2.3/src/arch-mips64n32.h	2015-06-28 16:17:00.623527429 +0000
+++ libseccomp-2.3.1/src/arch-mips64n32.h	2016-02-11 18:32:39.775670411 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp MIPS Specific Code
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
diff -Nru libseccomp-2.2.3/src/arch-mips64n32-syscalls.c libseccomp-2.3.1/src/arch-mips64n32-syscalls.c
--- libseccomp-2.2.3/src/arch-mips64n32-syscalls.c	2015-06-28 16:17:00.481527439 +0000
+++ libseccomp-2.3.1/src/arch-mips64n32-syscalls.c	2016-02-19 16:05:36.999890615 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp MIPS Specific Code
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
@@ -28,213 +28,217 @@
 #include "arch-mips64n32.h"
 
 /* N32 ABI */
-#define __NR_SYSCALL_BASE	6000
+#define __SCMP_NR_BASE	6000
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def mips64n32_syscall_table[] = { \
 	{ "_llseek", __PNR__llseek },
-	{ "_newselect", (__NR_SYSCALL_BASE + 22) },
-	{ "_sysctl", (__NR_SYSCALL_BASE + 152) },
-	{ "accept", (__NR_SYSCALL_BASE + 42) },
-	{ "accept4", (__NR_SYSCALL_BASE + 297) },
-	{ "access", (__NR_SYSCALL_BASE + 20) },
-	{ "acct", (__NR_SYSCALL_BASE + 158) },
-	{ "add_key", (__NR_SYSCALL_BASE + 243) },
-	{ "adjtimex", (__NR_SYSCALL_BASE + 154) },
-	{ "afs_syscall", (__NR_SYSCALL_BASE + 176) },
-	{ "alarm", (__NR_SYSCALL_BASE + 37) },
+	{ "_newselect", (__SCMP_NR_BASE + 22) },
+	{ "_sysctl", (__SCMP_NR_BASE + 152) },
+	{ "accept", (__SCMP_NR_BASE + 42) },
+	{ "accept4", (__SCMP_NR_BASE + 297) },
+	{ "access", (__SCMP_NR_BASE + 20) },
+	{ "acct", (__SCMP_NR_BASE + 158) },
+	{ "add_key", (__SCMP_NR_BASE + 243) },
+	{ "adjtimex", (__SCMP_NR_BASE + 154) },
+	{ "afs_syscall", (__SCMP_NR_BASE + 176) },
+	{ "alarm", (__SCMP_NR_BASE + 37) },
 	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", __PNR_arch_prctl },
 	{ "bdflush", __PNR_bdflush },
-	{ "bind", (__NR_SYSCALL_BASE + 48) },
-	{ "bpf", (__NR_SYSCALL_BASE + 319) },
+	{ "bind", (__SCMP_NR_BASE + 48) },
+	{ "bpf", (__SCMP_NR_BASE + 319) },
 	{ "break", __PNR_break },
 	{ "breakpoint", __PNR_breakpoint },
-	{ "brk", (__NR_SYSCALL_BASE + 12) },
-	{ "cachectl", (__NR_SYSCALL_BASE + 198) },
-	{ "cacheflush", (__NR_SYSCALL_BASE + 197) },
-	{ "capget", (__NR_SYSCALL_BASE + 123) },
-	{ "capset", (__NR_SYSCALL_BASE + 124) },
-	{ "chdir", (__NR_SYSCALL_BASE + 78) },
-	{ "chmod", (__NR_SYSCALL_BASE + 88) },
-	{ "chown", (__NR_SYSCALL_BASE + 90) },
+	{ "brk", (__SCMP_NR_BASE + 12) },
+	{ "cachectl", (__SCMP_NR_BASE + 198) },
+	{ "cacheflush", (__SCMP_NR_BASE + 197) },
+	{ "capget", (__SCMP_NR_BASE + 123) },
+	{ "capset", (__SCMP_NR_BASE + 124) },
+	{ "chdir", (__SCMP_NR_BASE + 78) },
+	{ "chmod", (__SCMP_NR_BASE + 88) },
+	{ "chown", (__SCMP_NR_BASE + 90) },
 	{ "chown32", __PNR_chown32 },
-	{ "chroot", (__NR_SYSCALL_BASE + 156) },
-	{ "clock_adjtime", (__NR_SYSCALL_BASE + 305) },
-	{ "clock_getres", (__NR_SYSCALL_BASE + 227) },
-	{ "clock_gettime", (__NR_SYSCALL_BASE + 226) },
-	{ "clock_nanosleep", (__NR_SYSCALL_BASE + 228) },
-	{ "clock_settime", (__NR_SYSCALL_BASE + 225) },
-	{ "clone", (__NR_SYSCALL_BASE + 55) },
-	{ "close", (__NR_SYSCALL_BASE + 3) },
-	{ "connect", (__NR_SYSCALL_BASE + 41) },
-	{ "creat", (__NR_SYSCALL_BASE + 83) },
-	{ "create_module", (__NR_SYSCALL_BASE + 167) },
-	{ "delete_module", (__NR_SYSCALL_BASE + 169) },
-	{ "dup", (__NR_SYSCALL_BASE + 31) },
-	{ "dup2", (__NR_SYSCALL_BASE + 32) },
-	{ "dup3", (__NR_SYSCALL_BASE + 290) },
-	{ "epoll_create", (__NR_SYSCALL_BASE + 207) },
-	{ "epoll_create1", (__NR_SYSCALL_BASE + 289) },
-	{ "epoll_ctl", (__NR_SYSCALL_BASE + 208) },
+	{ "chroot", (__SCMP_NR_BASE + 156) },
+	{ "clock_adjtime", (__SCMP_NR_BASE + 305) },
+	{ "clock_getres", (__SCMP_NR_BASE + 227) },
+	{ "clock_gettime", (__SCMP_NR_BASE + 226) },
+	{ "clock_nanosleep", (__SCMP_NR_BASE + 228) },
+	{ "clock_settime", (__SCMP_NR_BASE + 225) },
+	{ "clone", (__SCMP_NR_BASE + 55) },
+	{ "close", (__SCMP_NR_BASE + 3) },
+	{ "connect", (__SCMP_NR_BASE + 41) },
+	{ "copy_file_range", (__SCMP_NR_BASE + 324) },
+	{ "creat", (__SCMP_NR_BASE + 83) },
+	{ "create_module", (__SCMP_NR_BASE + 167) },
+	{ "delete_module", (__SCMP_NR_BASE + 169) },
+	{ "dup", (__SCMP_NR_BASE + 31) },
+	{ "dup2", (__SCMP_NR_BASE + 32) },
+	{ "dup3", (__SCMP_NR_BASE + 290) },
+	{ "epoll_create", (__SCMP_NR_BASE + 207) },
+	{ "epoll_create1", (__SCMP_NR_BASE + 289) },
+	{ "epoll_ctl", (__SCMP_NR_BASE + 208) },
 	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-	{ "epoll_pwait", (__NR_SYSCALL_BASE + 276) },
-	{ "epoll_wait", (__NR_SYSCALL_BASE + 209) },
+	{ "epoll_pwait", (__SCMP_NR_BASE + 276) },
+	{ "epoll_wait", (__SCMP_NR_BASE + 209) },
 	{ "epoll_wait_old", __PNR_epoll_wait_old },
-	{ "eventfd", (__NR_SYSCALL_BASE + 282) },
-	{ "eventfd2", (__NR_SYSCALL_BASE + 288) },
-	{ "execve", (__NR_SYSCALL_BASE + 57) },
-	{ "execveat", (__NR_SYSCALL_BASE + 320) },
-	{ "exit", (__NR_SYSCALL_BASE + 58) },
-	{ "exit_group", (__NR_SYSCALL_BASE + 205) },
-	{ "faccessat", (__NR_SYSCALL_BASE + 263) },
-	{ "fadvise64", (__NR_SYSCALL_BASE + 216) },
+	{ "eventfd", (__SCMP_NR_BASE + 282) },
+	{ "eventfd2", (__SCMP_NR_BASE + 288) },
+	{ "execve", (__SCMP_NR_BASE + 57) },
+	{ "execveat", (__SCMP_NR_BASE + 320) },
+	{ "exit", (__SCMP_NR_BASE + 58) },
+	{ "exit_group", (__SCMP_NR_BASE + 205) },
+	{ "faccessat", (__SCMP_NR_BASE + 263) },
+	{ "fadvise64", (__SCMP_NR_BASE + 216) },
 	{ "fadvise64_64", __PNR_fadvise64_64 },
-	{ "fallocate", (__NR_SYSCALL_BASE + 283) },
-	{ "fanotify_init", (__NR_SYSCALL_BASE + 300) },
-	{ "fanotify_mark", (__NR_SYSCALL_BASE + 301) },
-	{ "fchdir", (__NR_SYSCALL_BASE + 79) },
-	{ "fchmod", (__NR_SYSCALL_BASE + 89) },
-	{ "fchmodat", (__NR_SYSCALL_BASE + 262) },
-	{ "fchown", (__NR_SYSCALL_BASE + 91) },
+	{ "fallocate", (__SCMP_NR_BASE + 283) },
+	{ "fanotify_init", (__SCMP_NR_BASE + 300) },
+	{ "fanotify_mark", (__SCMP_NR_BASE + 301) },
+	{ "fchdir", (__SCMP_NR_BASE + 79) },
+	{ "fchmod", (__SCMP_NR_BASE + 89) },
+	{ "fchmodat", (__SCMP_NR_BASE + 262) },
+	{ "fchown", (__SCMP_NR_BASE + 91) },
 	{ "fchown32", __PNR_fchown32 },
-	{ "fchownat", (__NR_SYSCALL_BASE + 254) },
-	{ "fcntl", (__NR_SYSCALL_BASE + 70) },
-	{ "fcntl64", (__NR_SYSCALL_BASE + 212) },
-	{ "fdatasync", (__NR_SYSCALL_BASE + 73) },
-	{ "fgetxattr", (__NR_SYSCALL_BASE + 185) },
-	{ "finit_module", (__NR_SYSCALL_BASE + 312) },
-	{ "flistxattr", (__NR_SYSCALL_BASE + 188) },
-	{ "flock", (__NR_SYSCALL_BASE + 71) },
-	{ "fork", (__NR_SYSCALL_BASE + 56) },
-	{ "fremovexattr", (__NR_SYSCALL_BASE + 191) },
-	{ "fsetxattr", (__NR_SYSCALL_BASE + 182) },
-	{ "fstat", (__NR_SYSCALL_BASE + 5) },
+	{ "fchownat", (__SCMP_NR_BASE + 254) },
+	{ "fcntl", (__SCMP_NR_BASE + 70) },
+	{ "fcntl64", (__SCMP_NR_BASE + 212) },
+	{ "fdatasync", (__SCMP_NR_BASE + 73) },
+	{ "fgetxattr", (__SCMP_NR_BASE + 185) },
+	{ "finit_module", (__SCMP_NR_BASE + 312) },
+	{ "flistxattr", (__SCMP_NR_BASE + 188) },
+	{ "flock", (__SCMP_NR_BASE + 71) },
+	{ "fork", (__SCMP_NR_BASE + 56) },
+	{ "fremovexattr", (__SCMP_NR_BASE + 191) },
+	{ "fsetxattr", (__SCMP_NR_BASE + 182) },
+	{ "fstat", (__SCMP_NR_BASE + 5) },
 	{ "fstat64", __PNR_fstat64 },
 	{ "fstatat64", __PNR_fstat64 },
-	{ "fstatfs", (__NR_SYSCALL_BASE + 135) },
-	{ "fstatfs64", (__NR_SYSCALL_BASE + 218) },
-	{ "fsync", (__NR_SYSCALL_BASE + 72) },
+	{ "fstatfs", (__SCMP_NR_BASE + 135) },
+	{ "fstatfs64", (__SCMP_NR_BASE + 218) },
+	{ "fsync", (__SCMP_NR_BASE + 72) },
 	{ "ftime", __PNR_ftime },
-	{ "ftruncate", (__NR_SYSCALL_BASE + 75) },
+	{ "ftruncate", (__SCMP_NR_BASE + 75) },
 	{ "ftruncate64", __PNR_ftruncate64 },
-	{ "futex", (__NR_SYSCALL_BASE + 194) },
-	{ "futimesat", (__NR_SYSCALL_BASE + 255) },
-	{ "get_kernel_syms", (__NR_SYSCALL_BASE + 170) },
-	{ "get_mempolicy", (__NR_SYSCALL_BASE + 232) },
-	{ "get_robust_list", (__NR_SYSCALL_BASE + 273) },
+	{ "futex", (__SCMP_NR_BASE + 194) },
+	{ "futimesat", (__SCMP_NR_BASE + 255) },
+	{ "get_kernel_syms", (__SCMP_NR_BASE + 170) },
+	{ "get_mempolicy", (__SCMP_NR_BASE + 232) },
+	{ "get_robust_list", (__SCMP_NR_BASE + 273) },
 	{ "get_thread_area", __PNR_get_thread_area },
-	{ "getcpu", (__NR_SYSCALL_BASE + 275) },
-	{ "getcwd", (__NR_SYSCALL_BASE + 77) },
-	{ "getdents", (__NR_SYSCALL_BASE + 76) },
-	{ "getdents64", (__NR_SYSCALL_BASE + 299) },
-	{ "getegid", (__NR_SYSCALL_BASE + 106) },
+	{ "getcpu", (__SCMP_NR_BASE + 275) },
+	{ "getcwd", (__SCMP_NR_BASE + 77) },
+	{ "getdents", (__SCMP_NR_BASE + 76) },
+	{ "getdents64", (__SCMP_NR_BASE + 299) },
+	{ "getegid", (__SCMP_NR_BASE + 106) },
 	{ "getegid32", __PNR_getegid32 },
-	{ "geteuid", (__NR_SYSCALL_BASE + 105) },
+	{ "geteuid", (__SCMP_NR_BASE + 105) },
 	{ "geteuid32", __PNR_geteuid32 },
-	{ "getgid", (__NR_SYSCALL_BASE + 102) },
+	{ "getgid", (__SCMP_NR_BASE + 102) },
 	{ "getgid32", __PNR_getgid32 },
-	{ "getgroups", (__NR_SYSCALL_BASE + 113) },
+	{ "getgroups", (__SCMP_NR_BASE + 113) },
 	{ "getgroups32", __PNR_getgroups32 },
-	{ "getitimer", (__NR_SYSCALL_BASE + 35) },
-	{ "getpeername", (__NR_SYSCALL_BASE + 51) },
-	{ "getpgid", (__NR_SYSCALL_BASE + 119) },
-	{ "getpgrp", (__NR_SYSCALL_BASE + 109) },
-	{ "getpid", (__NR_SYSCALL_BASE + 38) },
-	{ "getpmsg", (__NR_SYSCALL_BASE + 174) },
-	{ "getppid", (__NR_SYSCALL_BASE + 108) },
-	{ "getpriority", (__NR_SYSCALL_BASE + 137) },
-	{ "getrandom", (__NR_SYSCALL_BASE + 317) },
-	{ "getresgid", (__NR_SYSCALL_BASE + 118) },
+	{ "getitimer", (__SCMP_NR_BASE + 35) },
+	{ "getpeername", (__SCMP_NR_BASE + 51) },
+	{ "getpgid", (__SCMP_NR_BASE + 119) },
+	{ "getpgrp", (__SCMP_NR_BASE + 109) },
+	{ "getpid", (__SCMP_NR_BASE + 38) },
+	{ "getpmsg", (__SCMP_NR_BASE + 174) },
+	{ "getppid", (__SCMP_NR_BASE + 108) },
+	{ "getpriority", (__SCMP_NR_BASE + 137) },
+	{ "getrandom", (__SCMP_NR_BASE + 317) },
+	{ "getresgid", (__SCMP_NR_BASE + 118) },
 	{ "getresgid32", __PNR_getresgid32 },
-	{ "getresuid", (__NR_SYSCALL_BASE + 116) },
+	{ "getresuid", (__SCMP_NR_BASE + 116) },
 	{ "getresuid32", __PNR_getresuid32 },
-	{ "getrlimit", (__NR_SYSCALL_BASE + 95) },
-	{ "getrusage", (__NR_SYSCALL_BASE + 96) },
-	{ "getsid", (__NR_SYSCALL_BASE + 122) },
-	{ "getsockname", (__NR_SYSCALL_BASE + 50) },
-	{ "getsockopt", (__NR_SYSCALL_BASE + 54) },
-	{ "gettid", (__NR_SYSCALL_BASE + 178) },
-	{ "gettimeofday", (__NR_SYSCALL_BASE + 94) },
-	{ "getuid", (__NR_SYSCALL_BASE + 100) },
+	{ "getrlimit", (__SCMP_NR_BASE + 95) },
+	{ "getrusage", (__SCMP_NR_BASE + 96) },
+	{ "getsid", (__SCMP_NR_BASE + 122) },
+	{ "getsockname", (__SCMP_NR_BASE + 50) },
+	{ "getsockopt", (__SCMP_NR_BASE + 54) },
+	{ "gettid", (__SCMP_NR_BASE + 178) },
+	{ "gettimeofday", (__SCMP_NR_BASE + 94) },
+	{ "getuid", (__SCMP_NR_BASE + 100) },
 	{ "getuid32", __PNR_getuid32 },
-	{ "getxattr", (__NR_SYSCALL_BASE + 183) },
+	{ "getxattr", (__SCMP_NR_BASE + 183) },
 	{ "gtty", __PNR_gtty },
 	{ "idle", __PNR_idle },
-	{ "init_module", (__NR_SYSCALL_BASE + 168) },
-	{ "inotify_add_watch", (__NR_SYSCALL_BASE + 248) },
-	{ "inotify_init", (__NR_SYSCALL_BASE + 247) },
-	{ "inotify_init1", (__NR_SYSCALL_BASE + 292) },
-	{ "inotify_rm_watch", (__NR_SYSCALL_BASE + 249) },
-	{ "io_cancel", (__NR_SYSCALL_BASE + 204) },
-	{ "io_destroy", (__NR_SYSCALL_BASE + 201) },
-	{ "io_getevents", (__NR_SYSCALL_BASE + 202) },
-	{ "io_setup", (__NR_SYSCALL_BASE + 200) },
-	{ "io_submit", (__NR_SYSCALL_BASE + 203) },
-	{ "ioctl", (__NR_SYSCALL_BASE + 15) },
+	{ "init_module", (__SCMP_NR_BASE + 168) },
+	{ "inotify_add_watch", (__SCMP_NR_BASE + 248) },
+	{ "inotify_init", (__SCMP_NR_BASE + 247) },
+	{ "inotify_init1", (__SCMP_NR_BASE + 292) },
+	{ "inotify_rm_watch", (__SCMP_NR_BASE + 249) },
+	{ "io_cancel", (__SCMP_NR_BASE + 204) },
+	{ "io_destroy", (__SCMP_NR_BASE + 201) },
+	{ "io_getevents", (__SCMP_NR_BASE + 202) },
+	{ "io_setup", (__SCMP_NR_BASE + 200) },
+	{ "io_submit", (__SCMP_NR_BASE + 203) },
+	{ "ioctl", (__SCMP_NR_BASE + 15) },
 	{ "ioperm", __PNR_ioperm },
 	{ "iopl", __PNR_iopl },
-	{ "ioprio_get", (__NR_SYSCALL_BASE + 278) },
-	{ "ioprio_set", (__NR_SYSCALL_BASE + 277) },
+	{ "ioprio_get", (__SCMP_NR_BASE + 278) },
+	{ "ioprio_set", (__SCMP_NR_BASE + 277) },
 	{ "ipc", __PNR_ipc },
-	{ "kcmp", (__NR_SYSCALL_BASE + 311) },
+	{ "kcmp", (__SCMP_NR_BASE + 311) },
 	{ "kexec_file_load", __PNR_kexec_file_load },
-	{ "kexec_load", (__NR_SYSCALL_BASE + 274) },
-	{ "keyctl", (__NR_SYSCALL_BASE + 245) },
-	{ "kill", (__NR_SYSCALL_BASE + 60) },
-	{ "lchown", (__NR_SYSCALL_BASE + 92) },
+	{ "kexec_load", (__SCMP_NR_BASE + 274) },
+	{ "keyctl", (__SCMP_NR_BASE + 245) },
+	{ "kill", (__SCMP_NR_BASE + 60) },
+	{ "lchown", (__SCMP_NR_BASE + 92) },
 	{ "lchown32", __PNR_lchown32 },
-	{ "lgetxattr", (__NR_SYSCALL_BASE + 184) },
-	{ "link", (__NR_SYSCALL_BASE + 84) },
-	{ "linkat", (__NR_SYSCALL_BASE + 259) },
-	{ "listen", (__NR_SYSCALL_BASE + 49) },
-	{ "listxattr", (__NR_SYSCALL_BASE + 186) },
-	{ "llistxattr", (__NR_SYSCALL_BASE + 187) },
+	{ "lgetxattr", (__SCMP_NR_BASE + 184) },
+	{ "link", (__SCMP_NR_BASE + 84) },
+	{ "linkat", (__SCMP_NR_BASE + 259) },
+	{ "listen", (__SCMP_NR_BASE + 49) },
+	{ "listxattr", (__SCMP_NR_BASE + 186) },
+	{ "llistxattr", (__SCMP_NR_BASE + 187) },
 	{ "lock", __PNR_lock },
-	{ "lookup_dcookie", (__NR_SYSCALL_BASE + 206) },
-	{ "lremovexattr", (__NR_SYSCALL_BASE + 190) },
-	{ "lseek", (__NR_SYSCALL_BASE + 8) },
-	{ "lsetxattr", (__NR_SYSCALL_BASE + 181) },
-	{ "lstat", (__NR_SYSCALL_BASE + 6) },
+	{ "lookup_dcookie", (__SCMP_NR_BASE + 206) },
+	{ "lremovexattr", (__SCMP_NR_BASE + 190) },
+	{ "lseek", (__SCMP_NR_BASE + 8) },
+	{ "lsetxattr", (__SCMP_NR_BASE + 181) },
+	{ "lstat", (__SCMP_NR_BASE + 6) },
 	{ "lstat64", __PNR_lstat64 },
-	{ "madvise", (__NR_SYSCALL_BASE + 27) },
-	{ "mbind", (__NR_SYSCALL_BASE + 231) },
-	{ "memfd_create", (__NR_SYSCALL_BASE + 318) },
-	{ "migrate_pages", (__NR_SYSCALL_BASE + 250) },
-	{ "mincore", (__NR_SYSCALL_BASE + 26) },
-	{ "mkdir", (__NR_SYSCALL_BASE + 81) },
-	{ "mkdirat", (__NR_SYSCALL_BASE + 252) },
-	{ "mknod", (__NR_SYSCALL_BASE + 131) },
-	{ "mknodat", (__NR_SYSCALL_BASE + 253) },
-	{ "mlock", (__NR_SYSCALL_BASE + 146) },
-	{ "mlockall", (__NR_SYSCALL_BASE + 148) },
-	{ "mmap", (__NR_SYSCALL_BASE + 9) },
+	{ "madvise", (__SCMP_NR_BASE + 27) },
+	{ "mbind", (__SCMP_NR_BASE + 231) },
+	{ "membarrier", (__SCMP_NR_BASE + 322) },
+	{ "memfd_create", (__SCMP_NR_BASE + 318) },
+	{ "migrate_pages", (__SCMP_NR_BASE + 250) },
+	{ "mincore", (__SCMP_NR_BASE + 26) },
+	{ "mkdir", (__SCMP_NR_BASE + 81) },
+	{ "mkdirat", (__SCMP_NR_BASE + 252) },
+	{ "mknod", (__SCMP_NR_BASE + 131) },
+	{ "mknodat", (__SCMP_NR_BASE + 253) },
+	{ "mlock", (__SCMP_NR_BASE + 146) },
+	{ "mlock2", (__SCMP_NR_BASE + 323) },
+	{ "mlockall", (__SCMP_NR_BASE + 148) },
+	{ "mmap", (__SCMP_NR_BASE + 9) },
 	{ "mmap2", __PNR_mmap2 },
 	{ "modify_ldt", __PNR_modify_ldt },
-	{ "mount", (__NR_SYSCALL_BASE + 160) },
-	{ "move_pages", (__NR_SYSCALL_BASE + 271) },
-	{ "mprotect", (__NR_SYSCALL_BASE + 10) },
+	{ "mount", (__SCMP_NR_BASE + 160) },
+	{ "move_pages", (__SCMP_NR_BASE + 271) },
+	{ "mprotect", (__SCMP_NR_BASE + 10) },
 	{ "mpx", __PNR_mpx },
-	{ "mq_getsetattr", (__NR_SYSCALL_BASE + 239) },
-	{ "mq_notify", (__NR_SYSCALL_BASE + 238) },
-	{ "mq_open", (__NR_SYSCALL_BASE + 234) },
-	{ "mq_timedreceive", (__NR_SYSCALL_BASE + 237) },
-	{ "mq_timedsend", (__NR_SYSCALL_BASE + 236) },
-	{ "mq_unlink", (__NR_SYSCALL_BASE + 235) },
-	{ "mremap", (__NR_SYSCALL_BASE + 24) },
-	{ "msgctl", (__NR_SYSCALL_BASE + 69) },
-	{ "msgget", (__NR_SYSCALL_BASE + 66) },
-	{ "msgrcv", (__NR_SYSCALL_BASE + 68) },
-	{ "msgsnd", (__NR_SYSCALL_BASE + 67) },
-	{ "msync", (__NR_SYSCALL_BASE + 25) },
-	{ "munlock", (__NR_SYSCALL_BASE + 147) },
-	{ "munlockall", (__NR_SYSCALL_BASE + 149) },
-	{ "munmap", (__NR_SYSCALL_BASE + 11) },
-	{ "name_to_handle_at", (__NR_SYSCALL_BASE + 303) },
-	{ "nanosleep", (__NR_SYSCALL_BASE + 34) },
-	{ "newfstatat", (__NR_SYSCALL_BASE + 256) },
-	{ "nfsservctl", (__NR_SYSCALL_BASE + 173) },
+	{ "mq_getsetattr", (__SCMP_NR_BASE + 239) },
+	{ "mq_notify", (__SCMP_NR_BASE + 238) },
+	{ "mq_open", (__SCMP_NR_BASE + 234) },
+	{ "mq_timedreceive", (__SCMP_NR_BASE + 237) },
+	{ "mq_timedsend", (__SCMP_NR_BASE + 236) },
+	{ "mq_unlink", (__SCMP_NR_BASE + 235) },
+	{ "mremap", (__SCMP_NR_BASE + 24) },
+	{ "msgctl", (__SCMP_NR_BASE + 69) },
+	{ "msgget", (__SCMP_NR_BASE + 66) },
+	{ "msgrcv", (__SCMP_NR_BASE + 68) },
+	{ "msgsnd", (__SCMP_NR_BASE + 67) },
+	{ "msync", (__SCMP_NR_BASE + 25) },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", (__SCMP_NR_BASE + 147) },
+	{ "munlockall", (__SCMP_NR_BASE + 149) },
+	{ "munmap", (__SCMP_NR_BASE + 11) },
+	{ "name_to_handle_at", (__SCMP_NR_BASE + 303) },
+	{ "nanosleep", (__SCMP_NR_BASE + 34) },
+	{ "newfstatat", (__SCMP_NR_BASE + 256) },
+	{ "nfsservctl", (__SCMP_NR_BASE + 173) },
 	{ "nice", __PNR_nice },
 	{ "oldfstat", __PNR_oldfstat },
 	{ "oldlstat", __PNR_oldlstat },
@@ -242,204 +246,215 @@
 	{ "oldstat", __PNR_oldstat },
 	{ "olduname", __PNR_olduname },
 	{ "oldwait4", __PNR_oldwait4 },
-	{ "open", (__NR_SYSCALL_BASE + 2) },
-	{ "open_by_handle_at", (__NR_SYSCALL_BASE + 304) },
-	{ "openat", (__NR_SYSCALL_BASE + 251) },
-	{ "pause", (__NR_SYSCALL_BASE + 33) },
+	{ "open", (__SCMP_NR_BASE + 2) },
+	{ "open_by_handle_at", (__SCMP_NR_BASE + 304) },
+	{ "openat", (__SCMP_NR_BASE + 251) },
+	{ "pause", (__SCMP_NR_BASE + 33) },
 	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
 	{ "pciconfig_read", __PNR_pciconfig_read },
 	{ "pciconfig_write", __PNR_pciconfig_write },
-	{ "perf_event_open", (__NR_SYSCALL_BASE + 296) },
-	{ "personality", (__NR_SYSCALL_BASE + 132) },
-	{ "pipe", (__NR_SYSCALL_BASE + 21) },
-	{ "pipe2", (__NR_SYSCALL_BASE + 291) },
-	{ "pivot_root", (__NR_SYSCALL_BASE + 151) },
-	{ "poll", (__NR_SYSCALL_BASE + 7) },
-	{ "ppoll", (__NR_SYSCALL_BASE + 265) },
-	{ "prctl", (__NR_SYSCALL_BASE + 153) },
-	{ "pread64", (__NR_SYSCALL_BASE + 16) },
-	{ "preadv", (__NR_SYSCALL_BASE + 293) },
-	{ "prlimit64", (__NR_SYSCALL_BASE + 302) },
-	{ "process_vm_readv", (__NR_SYSCALL_BASE + 309) },
-	{ "process_vm_writev", (__NR_SYSCALL_BASE + 310) },
+	{ "perf_event_open", (__SCMP_NR_BASE + 296) },
+	{ "personality", (__SCMP_NR_BASE + 132) },
+	{ "pipe", (__SCMP_NR_BASE + 21) },
+	{ "pipe2", (__SCMP_NR_BASE + 291) },
+	{ "pivot_root", (__SCMP_NR_BASE + 151) },
+	{ "poll", (__SCMP_NR_BASE + 7) },
+	{ "ppoll", (__SCMP_NR_BASE + 265) },
+	{ "prctl", (__SCMP_NR_BASE + 153) },
+	{ "pread64", (__SCMP_NR_BASE + 16) },
+	{ "preadv", (__SCMP_NR_BASE + 293) },
+	{ "prlimit64", (__SCMP_NR_BASE + 302) },
+	{ "process_vm_readv", (__SCMP_NR_BASE + 309) },
+	{ "process_vm_writev", (__SCMP_NR_BASE + 310) },
 	{ "prof", __PNR_prof },
 	{ "profil", __PNR_profil },
-	{ "pselect6", (__NR_SYSCALL_BASE + 264) },
-	{ "ptrace", (__NR_SYSCALL_BASE + 99) },
-	{ "putpmsg", (__NR_SYSCALL_BASE + 175) },
-	{ "pwrite64", (__NR_SYSCALL_BASE + 17) },
-	{ "pwritev", (__NR_SYSCALL_BASE + 294) },
-	{ "query_module", (__NR_SYSCALL_BASE + 171) },
-	{ "quotactl", (__NR_SYSCALL_BASE + 172) },
-	{ "read", (__NR_SYSCALL_BASE + 0) },
-	{ "readahead", (__NR_SYSCALL_BASE + 179) },
+	{ "pselect6", (__SCMP_NR_BASE + 264) },
+	{ "ptrace", (__SCMP_NR_BASE + 99) },
+	{ "putpmsg", (__SCMP_NR_BASE + 175) },
+	{ "pwrite64", (__SCMP_NR_BASE + 17) },
+	{ "pwritev", (__SCMP_NR_BASE + 294) },
+	{ "query_module", (__SCMP_NR_BASE + 171) },
+	{ "quotactl", (__SCMP_NR_BASE + 172) },
+	{ "read", (__SCMP_NR_BASE + 0) },
+	{ "readahead", (__SCMP_NR_BASE + 179) },
 	{ "readdir", __PNR_readdir },
-	{ "readlink", (__NR_SYSCALL_BASE + 87) },
-	{ "readlinkat", (__NR_SYSCALL_BASE + 261) },
-	{ "readv", (__NR_SYSCALL_BASE + 18) },
-	{ "reboot", (__NR_SYSCALL_BASE + 164) },
+	{ "readlink", (__SCMP_NR_BASE + 87) },
+	{ "readlinkat", (__SCMP_NR_BASE + 261) },
+	{ "readv", (__SCMP_NR_BASE + 18) },
+	{ "reboot", (__SCMP_NR_BASE + 164) },
 	{ "recv", __PNR_recv },
-	{ "recvfrom", (__NR_SYSCALL_BASE + 44) },
-	{ "recvmmsg", (__NR_SYSCALL_BASE + 298) },
-	{ "recvmsg", (__NR_SYSCALL_BASE + 46) },
-	{ "remap_file_pages", (__NR_SYSCALL_BASE + 210) },
-	{ "removexattr", (__NR_SYSCALL_BASE + 189) },
-	{ "rename", (__NR_SYSCALL_BASE + 80) },
-	{ "renameat", (__NR_SYSCALL_BASE + 258) },
-	{ "renameat2", (__NR_SYSCALL_BASE + 315) },
-	{ "request_key", (__NR_SYSCALL_BASE + 244) },
-	{ "restart_syscall", (__NR_SYSCALL_BASE + 214) },
-	{ "rmdir", (__NR_SYSCALL_BASE + 82) },
-	{ "rt_sigaction", (__NR_SYSCALL_BASE + 13) },
-	{ "rt_sigpending", (__NR_SYSCALL_BASE + 125) },
-	{ "rt_sigprocmask", (__NR_SYSCALL_BASE + 14) },
-	{ "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 127) },
-	{ "rt_sigreturn", (__NR_SYSCALL_BASE + 211) },
-	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
-	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
-	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 295) },
-	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
-	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
-	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
-	{ "sched_getattr", (__NR_SYSCALL_BASE + 314) },
-	{ "sched_getparam", (__NR_SYSCALL_BASE + 140) },
-	{ "sched_getscheduler", (__NR_SYSCALL_BASE + 142) },
-	{ "sched_rr_get_interval", (__NR_SYSCALL_BASE + 145) },
-	{ "sched_setaffinity", (__NR_SYSCALL_BASE + 195) },
-	{ "sched_setattr", (__NR_SYSCALL_BASE + 313) },
-	{ "sched_setparam", (__NR_SYSCALL_BASE + 139) },
-	{ "sched_setscheduler", (__NR_SYSCALL_BASE + 141) },
-	{ "sched_yield", (__NR_SYSCALL_BASE + 23) },
-	{ "seccomp", (__NR_SYSCALL_BASE + 316) },
+	{ "recvfrom", (__SCMP_NR_BASE + 44) },
+	{ "recvmmsg", (__SCMP_NR_BASE + 298) },
+	{ "recvmsg", (__SCMP_NR_BASE + 46) },
+	{ "remap_file_pages", (__SCMP_NR_BASE + 210) },
+	{ "removexattr", (__SCMP_NR_BASE + 189) },
+	{ "rename", (__SCMP_NR_BASE + 80) },
+	{ "renameat", (__SCMP_NR_BASE + 258) },
+	{ "renameat2", (__SCMP_NR_BASE + 315) },
+	{ "request_key", (__SCMP_NR_BASE + 244) },
+	{ "restart_syscall", (__SCMP_NR_BASE + 214) },
+	{ "rmdir", (__SCMP_NR_BASE + 82) },
+	{ "rt_sigaction", (__SCMP_NR_BASE + 13) },
+	{ "rt_sigpending", (__SCMP_NR_BASE + 125) },
+	{ "rt_sigprocmask", (__SCMP_NR_BASE + 14) },
+	{ "rt_sigqueueinfo", (__SCMP_NR_BASE + 127) },
+	{ "rt_sigreturn", (__SCMP_NR_BASE + 211) },
+	{ "rt_sigsuspend", (__SCMP_NR_BASE + 128) },
+	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 126) },
+	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 295) },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "sched_get_priority_max", (__SCMP_NR_BASE + 143) },
+	{ "sched_get_priority_min", (__SCMP_NR_BASE + 144) },
+	{ "sched_getaffinity", (__SCMP_NR_BASE + 196) },
+	{ "sched_getattr", (__SCMP_NR_BASE + 314) },
+	{ "sched_getparam", (__SCMP_NR_BASE + 140) },
+	{ "sched_getscheduler", (__SCMP_NR_BASE + 142) },
+	{ "sched_rr_get_interval", (__SCMP_NR_BASE + 145) },
+	{ "sched_setaffinity", (__SCMP_NR_BASE + 195) },
+	{ "sched_setattr", (__SCMP_NR_BASE + 313) },
+	{ "sched_setparam", (__SCMP_NR_BASE + 139) },
+	{ "sched_setscheduler", (__SCMP_NR_BASE + 141) },
+	{ "sched_yield", (__SCMP_NR_BASE + 23) },
+	{ "seccomp", (__SCMP_NR_BASE + 316) },
 	{ "security", __PNR_security },
 	{ "select", __PNR_select },
-	{ "semctl", (__NR_SYSCALL_BASE + 64) },
-	{ "semget", (__NR_SYSCALL_BASE + 62) },
-	{ "semop", (__NR_SYSCALL_BASE + 63) },
-	{ "semtimedop", (__NR_SYSCALL_BASE + 215) },
+	{ "semctl", (__SCMP_NR_BASE + 64) },
+	{ "semget", (__SCMP_NR_BASE + 62) },
+	{ "semop", (__SCMP_NR_BASE + 63) },
+	{ "semtimedop", (__SCMP_NR_BASE + 215) },
 	{ "send", __PNR_send },
-	{ "sendfile", (__NR_SYSCALL_BASE + 39) },
-	{ "sendfile64", (__NR_SYSCALL_BASE + 219) },
-	{ "sendmmsg", (__NR_SYSCALL_BASE + 307) },
-	{ "sendmsg", (__NR_SYSCALL_BASE + 45) },
-	{ "sendto", (__NR_SYSCALL_BASE + 43) },
-	{ "set_mempolicy", (__NR_SYSCALL_BASE + 233) },
-	{ "set_robust_list", (__NR_SYSCALL_BASE + 272) },
-	{ "set_thread_area", (__NR_SYSCALL_BASE + 246) },
-	{ "set_tid_address", (__NR_SYSCALL_BASE + 213) },
+	{ "sendfile", (__SCMP_NR_BASE + 39) },
+	{ "sendfile64", (__SCMP_NR_BASE + 219) },
+	{ "sendmmsg", (__SCMP_NR_BASE + 307) },
+	{ "sendmsg", (__SCMP_NR_BASE + 45) },
+	{ "sendto", (__SCMP_NR_BASE + 43) },
+	{ "set_mempolicy", (__SCMP_NR_BASE + 233) },
+	{ "set_robust_list", (__SCMP_NR_BASE + 272) },
+	{ "set_thread_area", (__SCMP_NR_BASE + 246) },
+	{ "set_tid_address", (__SCMP_NR_BASE + 213) },
 	{ "set_tls", __PNR_set_tls },
-	{ "setdomainname", (__NR_SYSCALL_BASE + 166) },
-	{ "setfsgid", (__NR_SYSCALL_BASE + 121) },
+	{ "setdomainname", (__SCMP_NR_BASE + 166) },
+	{ "setfsgid", (__SCMP_NR_BASE + 121) },
 	{ "setfsgid32", __PNR_setfsgid32 },
-	{ "setfsuid", (__NR_SYSCALL_BASE + 120) },
+	{ "setfsuid", (__SCMP_NR_BASE + 120) },
 	{ "setfsuid32", __PNR_setfsuid32 },
-	{ "setgid", (__NR_SYSCALL_BASE + 104) },
+	{ "setgid", (__SCMP_NR_BASE + 104) },
 	{ "setgid32", __PNR_setgid32 },
-	{ "setgroups", (__NR_SYSCALL_BASE + 114) },
+	{ "setgroups", (__SCMP_NR_BASE + 114) },
 	{ "setgroups32", __PNR_setgroups32 },
-	{ "sethostname", (__NR_SYSCALL_BASE + 165) },
-	{ "setitimer", (__NR_SYSCALL_BASE + 36) },
-	{ "setns", (__NR_SYSCALL_BASE + 308) },
-	{ "setpgid", (__NR_SYSCALL_BASE + 107) },
-	{ "setpriority", (__NR_SYSCALL_BASE + 138) },
-	{ "setregid", (__NR_SYSCALL_BASE + 112) },
+	{ "sethostname", (__SCMP_NR_BASE + 165) },
+	{ "setitimer", (__SCMP_NR_BASE + 36) },
+	{ "setns", (__SCMP_NR_BASE + 308) },
+	{ "setpgid", (__SCMP_NR_BASE + 107) },
+	{ "setpriority", (__SCMP_NR_BASE + 138) },
+	{ "setregid", (__SCMP_NR_BASE + 112) },
 	{ "setregid32", __PNR_setregid32 },
-	{ "setresgid", (__NR_SYSCALL_BASE + 117) },
+	{ "setresgid", (__SCMP_NR_BASE + 117) },
 	{ "setresgid32", __PNR_setresgid32 },
-	{ "setresuid", (__NR_SYSCALL_BASE + 115) },
+	{ "setresuid", (__SCMP_NR_BASE + 115) },
 	{ "setresuid32", __PNR_setresuid32 },
-	{ "setreuid", (__NR_SYSCALL_BASE + 111) },
+	{ "setreuid", (__SCMP_NR_BASE + 111) },
 	{ "setreuid32", __PNR_setreuid32 },
-	{ "setrlimit", (__NR_SYSCALL_BASE + 155) },
-	{ "setsid", (__NR_SYSCALL_BASE + 110) },
-	{ "setsockopt", (__NR_SYSCALL_BASE + 53) },
-	{ "settimeofday", (__NR_SYSCALL_BASE + 159) },
-	{ "setuid", (__NR_SYSCALL_BASE + 103) },
+	{ "setrlimit", (__SCMP_NR_BASE + 155) },
+	{ "setsid", (__SCMP_NR_BASE + 110) },
+	{ "setsockopt", (__SCMP_NR_BASE + 53) },
+	{ "settimeofday", (__SCMP_NR_BASE + 159) },
+	{ "setuid", (__SCMP_NR_BASE + 103) },
 	{ "setuid32", __PNR_setuid32 },
-	{ "setxattr", (__NR_SYSCALL_BASE + 180) },
+	{ "setxattr", (__SCMP_NR_BASE + 180) },
 	{ "sgetmask", __PNR_sgetmask },
-	{ "shmat", (__NR_SYSCALL_BASE + 29) },
-	{ "shmctl", (__NR_SYSCALL_BASE + 30) },
-	{ "shmdt", (__NR_SYSCALL_BASE + 65) },
-	{ "shmget", (__NR_SYSCALL_BASE + 28) },
-	{ "shutdown", (__NR_SYSCALL_BASE + 47) },
+	{ "shmat", (__SCMP_NR_BASE + 29) },
+	{ "shmctl", (__SCMP_NR_BASE + 30) },
+	{ "shmdt", (__SCMP_NR_BASE + 65) },
+	{ "shmget", (__SCMP_NR_BASE + 28) },
+	{ "shutdown", (__SCMP_NR_BASE + 47) },
 	{ "sigaction", __PNR_sigaction },
-	{ "sigaltstack", (__NR_SYSCALL_BASE + 129) },
+	{ "sigaltstack", (__SCMP_NR_BASE + 129) },
 	{ "signal", __PNR_signal },
-	{ "signalfd", (__NR_SYSCALL_BASE + 280) },
-	{ "signalfd4", (__NR_SYSCALL_BASE + 287) },
+	{ "signalfd", (__SCMP_NR_BASE + 280) },
+	{ "signalfd4", (__SCMP_NR_BASE + 287) },
 	{ "sigpending", __PNR_sigpending },
 	{ "sigprocmask", __PNR_sigprocmask },
 	{ "sigreturn", __PNR_sigreturn },
 	{ "sigsuspend", __PNR_sigsuspend },
-	{ "socket", (__NR_SYSCALL_BASE + 40) },
+	{ "socket", (__SCMP_NR_BASE + 40) },
 	{ "socketcall", __PNR_socketcall },
-	{ "socketpair", (__NR_SYSCALL_BASE + 52) },
-	{ "splice", (__NR_SYSCALL_BASE + 267) },
+	{ "socketpair", (__SCMP_NR_BASE + 52) },
+	{ "splice", (__SCMP_NR_BASE + 267) },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", __PNR_ssetmask },
-	{ "stat", (__NR_SYSCALL_BASE + 4) },
+	{ "stat", (__SCMP_NR_BASE + 4) },
 	{ "stat64", __PNR_stat64 },
-	{ "statfs", (__NR_SYSCALL_BASE + 134) },
-	{ "statfs64", (__NR_SYSCALL_BASE + 217) },
+	{ "statfs", (__SCMP_NR_BASE + 134) },
+	{ "statfs64", (__SCMP_NR_BASE + 217) },
 	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
-	{ "swapoff", (__NR_SYSCALL_BASE + 163) },
-	{ "swapon", (__NR_SYSCALL_BASE + 162) },
-	{ "symlink", (__NR_SYSCALL_BASE + 86) },
-	{ "symlinkat", (__NR_SYSCALL_BASE + 260) },
-	{ "sync", (__NR_SYSCALL_BASE + 157) },
-	{ "sync_file_range", (__NR_SYSCALL_BASE + 268) },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", (__SCMP_NR_BASE + 163) },
+	{ "swapon", (__SCMP_NR_BASE + 162) },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", (__SCMP_NR_BASE + 86) },
+	{ "symlinkat", (__SCMP_NR_BASE + 260) },
+	{ "sync", (__SCMP_NR_BASE + 157) },
+	{ "sync_file_range", (__SCMP_NR_BASE + 268) },
 	{ "sync_file_range2", __PNR_sync_file_range2 },
-	{ "syncfs", (__NR_SYSCALL_BASE + 306) },
+	{ "syncfs", (__SCMP_NR_BASE + 306) },
 	{ "syscall", __PNR_syscall },
-	{ "sysfs", (__NR_SYSCALL_BASE + 136) },
-	{ "sysinfo", (__NR_SYSCALL_BASE + 97) },
-	{ "syslog", (__NR_SYSCALL_BASE + 101) },
-	{ "sysmips", (__NR_SYSCALL_BASE + 199) },
-	{ "tee", (__NR_SYSCALL_BASE + 269) },
-	{ "tgkill", (__NR_SYSCALL_BASE + 229) },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", (__SCMP_NR_BASE + 136) },
+	{ "sysinfo", (__SCMP_NR_BASE + 97) },
+	{ "syslog", (__SCMP_NR_BASE + 101) },
+	{ "sysmips", (__SCMP_NR_BASE + 199) },
+	{ "tee", (__SCMP_NR_BASE + 269) },
+	{ "tgkill", (__SCMP_NR_BASE + 229) },
 	{ "time", __PNR_time },
-	{ "timer_create", (__NR_SYSCALL_BASE + 220) },
-	{ "timer_delete", (__NR_SYSCALL_BASE + 224) },
-	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 223) },
-	{ "timer_gettime", (__NR_SYSCALL_BASE + 222) },
-	{ "timer_settime", (__NR_SYSCALL_BASE + 221) },
-	{ "timerfd", (__NR_SYSCALL_BASE + 281) },
-	{ "timerfd_create", (__NR_SYSCALL_BASE + 284) },
-	{ "timerfd_gettime", (__NR_SYSCALL_BASE + 285) },
-	{ "timerfd_settime", (__NR_SYSCALL_BASE + 286) },
-	{ "times", (__NR_SYSCALL_BASE + 98) },
-	{ "tkill", (__NR_SYSCALL_BASE + 192) },
-	{ "truncate", (__NR_SYSCALL_BASE + 74) },
+	{ "timer_create", (__SCMP_NR_BASE + 220) },
+	{ "timer_delete", (__SCMP_NR_BASE + 224) },
+	{ "timer_getoverrun", (__SCMP_NR_BASE + 223) },
+	{ "timer_gettime", (__SCMP_NR_BASE + 222) },
+	{ "timer_settime", (__SCMP_NR_BASE + 221) },
+	{ "timerfd", (__SCMP_NR_BASE + 281) },
+	{ "timerfd_create", (__SCMP_NR_BASE + 284) },
+	{ "timerfd_gettime", (__SCMP_NR_BASE + 285) },
+	{ "timerfd_settime", (__SCMP_NR_BASE + 286) },
+	{ "times", (__SCMP_NR_BASE + 98) },
+	{ "tkill", (__SCMP_NR_BASE + 192) },
+	{ "truncate", (__SCMP_NR_BASE + 74) },
 	{ "truncate64", __PNR_truncate64 },
 	{ "tuxcall", __PNR_tuxcall },
 	{ "ugetrlimit", __PNR_ugetrlimit },
 	{ "ulimit", __PNR_ulimit },
-	{ "umask", (__NR_SYSCALL_BASE + 93) },
+	{ "umask", (__SCMP_NR_BASE + 93) },
 	{ "umount", __PNR_umount },
-	{ "umount2", (__NR_SYSCALL_BASE + 161) },
-	{ "uname", (__NR_SYSCALL_BASE + 61) },
-	{ "unlink", (__NR_SYSCALL_BASE + 85) },
-	{ "unlinkat", (__NR_SYSCALL_BASE + 257) },
-	{ "unshare", (__NR_SYSCALL_BASE + 266) },
+	{ "umount2", (__SCMP_NR_BASE + 161) },
+	{ "uname", (__SCMP_NR_BASE + 61) },
+	{ "unlink", (__SCMP_NR_BASE + 85) },
+	{ "unlinkat", (__SCMP_NR_BASE + 257) },
+	{ "unshare", (__SCMP_NR_BASE + 266) },
 	{ "uselib", __PNR_uselib },
+	{ "userfaultfd", (__SCMP_NR_BASE + 321) },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
-	{ "ustat", (__NR_SYSCALL_BASE + 133) },
-	{ "utime", (__NR_SYSCALL_BASE + 130) },
-	{ "utimensat", (__NR_SYSCALL_BASE + 279) },
-	{ "utimes", (__NR_SYSCALL_BASE + 230) },
+	{ "ustat", (__SCMP_NR_BASE + 133) },
+	{ "utime", (__SCMP_NR_BASE + 130) },
+	{ "utimensat", (__SCMP_NR_BASE + 279) },
+	{ "utimes", (__SCMP_NR_BASE + 230) },
 	{ "vfork", __PNR_vfork },
-	{ "vhangup", (__NR_SYSCALL_BASE + 150) },
+	{ "vhangup", (__SCMP_NR_BASE + 150) },
 	{ "vm86", __PNR_vm86 },
 	{ "vm86old", __PNR_vm86old },
-	{ "vmsplice", (__NR_SYSCALL_BASE + 270) },
-	{ "vserver", (__NR_SYSCALL_BASE + 240) },
-	{ "wait4", (__NR_SYSCALL_BASE + 59) },
-	{ "waitid", (__NR_SYSCALL_BASE + 241) },
+	{ "vmsplice", (__SCMP_NR_BASE + 270) },
+	{ "vserver", (__SCMP_NR_BASE + 240) },
+	{ "wait4", (__SCMP_NR_BASE + 59) },
+	{ "waitid", (__SCMP_NR_BASE + 241) },
 	{ "waitpid", __PNR_waitpid },
-	{ "write", (__NR_SYSCALL_BASE + 1) },
-	{ "writev", (__NR_SYSCALL_BASE + 19) },
+	{ "write", (__SCMP_NR_BASE + 1) },
+	{ "writev", (__SCMP_NR_BASE + 19) },
 	{ NULL, __NR_SCMP_ERROR },
 };
 
diff -Nru libseccomp-2.2.3/src/arch-mips64-syscalls.c libseccomp-2.3.1/src/arch-mips64-syscalls.c
--- libseccomp-2.2.3/src/arch-mips64-syscalls.c	2015-06-28 16:17:00.468527440 +0000
+++ libseccomp-2.3.1/src/arch-mips64-syscalls.c	2016-02-19 16:05:36.999890615 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp MIPS64 Specific Code
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
@@ -28,213 +28,217 @@
 #include "arch-mips64.h"
 
 /* 64 ABI */
-#define __NR_SYSCALL_BASE	5000
+#define __SCMP_NR_BASE	5000
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def mips64_syscall_table[] = { \
 	{ "_llseek", __PNR__llseek },
-	{ "_newselect", (__NR_SYSCALL_BASE + 22) },
-	{ "_sysctl", (__NR_SYSCALL_BASE + 152) },
-	{ "accept", (__NR_SYSCALL_BASE + 42) },
-	{ "accept4", (__NR_SYSCALL_BASE + 293) },
-	{ "access", (__NR_SYSCALL_BASE + 20) },
-	{ "acct", (__NR_SYSCALL_BASE + 158) },
-	{ "add_key", (__NR_SYSCALL_BASE + 239) },
-	{ "adjtimex", (__NR_SYSCALL_BASE + 154) },
-	{ "afs_syscall", (__NR_SYSCALL_BASE + 176) },
-	{ "alarm", (__NR_SYSCALL_BASE + 37) },
+	{ "_newselect", (__SCMP_NR_BASE + 22) },
+	{ "_sysctl", (__SCMP_NR_BASE + 152) },
+	{ "accept", (__SCMP_NR_BASE + 42) },
+	{ "accept4", (__SCMP_NR_BASE + 293) },
+	{ "access", (__SCMP_NR_BASE + 20) },
+	{ "acct", (__SCMP_NR_BASE + 158) },
+	{ "add_key", (__SCMP_NR_BASE + 239) },
+	{ "adjtimex", (__SCMP_NR_BASE + 154) },
+	{ "afs_syscall", (__SCMP_NR_BASE + 176) },
+	{ "alarm", (__SCMP_NR_BASE + 37) },
 	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", __PNR_arch_prctl },
 	{ "bdflush", __PNR_bdflush },
-	{ "bind", (__NR_SYSCALL_BASE + 48) },
-	{ "bpf", (__NR_SYSCALL_BASE + 315) },
+	{ "bind", (__SCMP_NR_BASE + 48) },
+	{ "bpf", (__SCMP_NR_BASE + 315) },
 	{ "break", __PNR_break },
 	{ "breakpoint", __PNR_breakpoint },
-	{ "brk", (__NR_SYSCALL_BASE + 12) },
-	{ "cachectl", (__NR_SYSCALL_BASE + 198) },
-	{ "cacheflush", (__NR_SYSCALL_BASE + 197) },
-	{ "capget", (__NR_SYSCALL_BASE + 123) },
-	{ "capset", (__NR_SYSCALL_BASE + 124) },
-	{ "chdir", (__NR_SYSCALL_BASE + 78) },
-	{ "chmod", (__NR_SYSCALL_BASE + 88) },
-	{ "chown", (__NR_SYSCALL_BASE + 90) },
+	{ "brk", (__SCMP_NR_BASE + 12) },
+	{ "cachectl", (__SCMP_NR_BASE + 198) },
+	{ "cacheflush", (__SCMP_NR_BASE + 197) },
+	{ "capget", (__SCMP_NR_BASE + 123) },
+	{ "capset", (__SCMP_NR_BASE + 124) },
+	{ "chdir", (__SCMP_NR_BASE + 78) },
+	{ "chmod", (__SCMP_NR_BASE + 88) },
+	{ "chown", (__SCMP_NR_BASE + 90) },
 	{ "chown32", __PNR_chown32 },
-	{ "chroot", (__NR_SYSCALL_BASE + 156) },
-	{ "clock_adjtime", (__NR_SYSCALL_BASE + 300) },
-	{ "clock_getres", (__NR_SYSCALL_BASE + 223) },
-	{ "clock_gettime", (__NR_SYSCALL_BASE + 222) },
-	{ "clock_nanosleep", (__NR_SYSCALL_BASE + 224) },
-	{ "clock_settime", (__NR_SYSCALL_BASE + 221) },
-	{ "clone", (__NR_SYSCALL_BASE + 55) },
-	{ "close", (__NR_SYSCALL_BASE + 3) },
-	{ "connect", (__NR_SYSCALL_BASE + 41) },
-	{ "creat", (__NR_SYSCALL_BASE + 83) },
-	{ "create_module", (__NR_SYSCALL_BASE + 167) },
-	{ "delete_module", (__NR_SYSCALL_BASE + 169) },
-	{ "dup", (__NR_SYSCALL_BASE + 31) },
-	{ "dup2", (__NR_SYSCALL_BASE + 32) },
-	{ "dup3", (__NR_SYSCALL_BASE + 286) },
-	{ "epoll_create", (__NR_SYSCALL_BASE + 207) },
-	{ "epoll_create1", (__NR_SYSCALL_BASE + 285) },
-	{ "epoll_ctl", (__NR_SYSCALL_BASE + 208) },
+	{ "chroot", (__SCMP_NR_BASE + 156) },
+	{ "clock_adjtime", (__SCMP_NR_BASE + 300) },
+	{ "clock_getres", (__SCMP_NR_BASE + 223) },
+	{ "clock_gettime", (__SCMP_NR_BASE + 222) },
+	{ "clock_nanosleep", (__SCMP_NR_BASE + 224) },
+	{ "clock_settime", (__SCMP_NR_BASE + 221) },
+	{ "clone", (__SCMP_NR_BASE + 55) },
+	{ "close", (__SCMP_NR_BASE + 3) },
+	{ "connect", (__SCMP_NR_BASE + 41) },
+	{ "copy_file_range", (__SCMP_NR_BASE + 320) },
+	{ "creat", (__SCMP_NR_BASE + 83) },
+	{ "create_module", (__SCMP_NR_BASE + 167) },
+	{ "delete_module", (__SCMP_NR_BASE + 169) },
+	{ "dup", (__SCMP_NR_BASE + 31) },
+	{ "dup2", (__SCMP_NR_BASE + 32) },
+	{ "dup3", (__SCMP_NR_BASE + 286) },
+	{ "epoll_create", (__SCMP_NR_BASE + 207) },
+	{ "epoll_create1", (__SCMP_NR_BASE + 285) },
+	{ "epoll_ctl", (__SCMP_NR_BASE + 208) },
 	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-	{ "epoll_pwait", (__NR_SYSCALL_BASE + 272) },
-	{ "epoll_wait", (__NR_SYSCALL_BASE + 209) },
+	{ "epoll_pwait", (__SCMP_NR_BASE + 272) },
+	{ "epoll_wait", (__SCMP_NR_BASE + 209) },
 	{ "epoll_wait_old", __PNR_epoll_wait_old },
-	{ "eventfd", (__NR_SYSCALL_BASE + 278) },
-	{ "eventfd2", (__NR_SYSCALL_BASE + 284) },
-	{ "execve", (__NR_SYSCALL_BASE + 57) },
-	{ "execveat", (__NR_SYSCALL_BASE + 316) },
-	{ "exit", (__NR_SYSCALL_BASE + 58) },
-	{ "exit_group", (__NR_SYSCALL_BASE + 205) },
-	{ "faccessat", (__NR_SYSCALL_BASE + 259) },
-	{ "fadvise64", (__NR_SYSCALL_BASE + 215) },
+	{ "eventfd", (__SCMP_NR_BASE + 278) },
+	{ "eventfd2", (__SCMP_NR_BASE + 284) },
+	{ "execve", (__SCMP_NR_BASE + 57) },
+	{ "execveat", (__SCMP_NR_BASE + 316) },
+	{ "exit", (__SCMP_NR_BASE + 58) },
+	{ "exit_group", (__SCMP_NR_BASE + 205) },
+	{ "faccessat", (__SCMP_NR_BASE + 259) },
+	{ "fadvise64", (__SCMP_NR_BASE + 215) },
 	{ "fadvise64_64", __PNR_fadvise64_64 },
-	{ "fallocate", (__NR_SYSCALL_BASE + 279) },
-	{ "fanotify_init", (__NR_SYSCALL_BASE + 295) },
-	{ "fanotify_mark", (__NR_SYSCALL_BASE + 296) },
-	{ "fchdir", (__NR_SYSCALL_BASE + 79) },
-	{ "fchmod", (__NR_SYSCALL_BASE + 89) },
-	{ "fchmodat", (__NR_SYSCALL_BASE + 258) },
-	{ "fchown", (__NR_SYSCALL_BASE + 91) },
+	{ "fallocate", (__SCMP_NR_BASE + 279) },
+	{ "fanotify_init", (__SCMP_NR_BASE + 295) },
+	{ "fanotify_mark", (__SCMP_NR_BASE + 296) },
+	{ "fchdir", (__SCMP_NR_BASE + 79) },
+	{ "fchmod", (__SCMP_NR_BASE + 89) },
+	{ "fchmodat", (__SCMP_NR_BASE + 258) },
+	{ "fchown", (__SCMP_NR_BASE + 91) },
 	{ "fchown32", __PNR_fchown32 },
-	{ "fchownat", (__NR_SYSCALL_BASE + 250) },
-	{ "fcntl", (__NR_SYSCALL_BASE + 70) },
+	{ "fchownat", (__SCMP_NR_BASE + 250) },
+	{ "fcntl", (__SCMP_NR_BASE + 70) },
 	{ "fcntl64", __PNR_fcntl64 },
-	{ "fdatasync", (__NR_SYSCALL_BASE + 73) },
-	{ "fgetxattr", (__NR_SYSCALL_BASE + 185) },
-	{ "finit_module", (__NR_SYSCALL_BASE + 307) },
-	{ "flistxattr", (__NR_SYSCALL_BASE + 188) },
-	{ "flock", (__NR_SYSCALL_BASE + 71) },
-	{ "fork", (__NR_SYSCALL_BASE + 56) },
-	{ "fremovexattr", (__NR_SYSCALL_BASE + 191) },
-	{ "fsetxattr", (__NR_SYSCALL_BASE + 182) },
-	{ "fstat", (__NR_SYSCALL_BASE + 5) },
+	{ "fdatasync", (__SCMP_NR_BASE + 73) },
+	{ "fgetxattr", (__SCMP_NR_BASE + 185) },
+	{ "finit_module", (__SCMP_NR_BASE + 307) },
+	{ "flistxattr", (__SCMP_NR_BASE + 188) },
+	{ "flock", (__SCMP_NR_BASE + 71) },
+	{ "fork", (__SCMP_NR_BASE + 56) },
+	{ "fremovexattr", (__SCMP_NR_BASE + 191) },
+	{ "fsetxattr", (__SCMP_NR_BASE + 182) },
+	{ "fstat", (__SCMP_NR_BASE + 5) },
 	{ "fstat64", __PNR_fstat64 },
 	{ "fstatat64", __PNR_fstat64 },
-	{ "fstatfs", (__NR_SYSCALL_BASE + 135) },
+	{ "fstatfs", (__SCMP_NR_BASE + 135) },
 	{ "fstatfs64", __PNR_fstatfs64 },
-	{ "fsync", (__NR_SYSCALL_BASE + 72) },
+	{ "fsync", (__SCMP_NR_BASE + 72) },
 	{ "ftime", __PNR_ftime },
-	{ "ftruncate", (__NR_SYSCALL_BASE + 75) },
+	{ "ftruncate", (__SCMP_NR_BASE + 75) },
 	{ "ftruncate64", __PNR_ftruncate64 },
-	{ "futex", (__NR_SYSCALL_BASE + 194) },
-	{ "futimesat", (__NR_SYSCALL_BASE + 251) },
-	{ "get_kernel_syms", (__NR_SYSCALL_BASE + 170) },
-	{ "get_mempolicy", (__NR_SYSCALL_BASE + 228) },
-	{ "get_robust_list", (__NR_SYSCALL_BASE + 269) },
+	{ "futex", (__SCMP_NR_BASE + 194) },
+	{ "futimesat", (__SCMP_NR_BASE + 251) },
+	{ "get_kernel_syms", (__SCMP_NR_BASE + 170) },
+	{ "get_mempolicy", (__SCMP_NR_BASE + 228) },
+	{ "get_robust_list", (__SCMP_NR_BASE + 269) },
 	{ "get_thread_area", __PNR_get_thread_area },
-	{ "getcpu", (__NR_SYSCALL_BASE + 271) },
-	{ "getcwd", (__NR_SYSCALL_BASE + 77) },
-	{ "getdents", (__NR_SYSCALL_BASE + 76) },
-	{ "getdents64", (__NR_SYSCALL_BASE + 308) },
-	{ "getegid", (__NR_SYSCALL_BASE + 106) },
+	{ "getcpu", (__SCMP_NR_BASE + 271) },
+	{ "getcwd", (__SCMP_NR_BASE + 77) },
+	{ "getdents", (__SCMP_NR_BASE + 76) },
+	{ "getdents64", (__SCMP_NR_BASE + 308) },
+	{ "getegid", (__SCMP_NR_BASE + 106) },
 	{ "getegid32", __PNR_getegid32 },
-	{ "geteuid", (__NR_SYSCALL_BASE + 105) },
+	{ "geteuid", (__SCMP_NR_BASE + 105) },
 	{ "geteuid32", __PNR_geteuid32 },
-	{ "getgid", (__NR_SYSCALL_BASE + 102) },
+	{ "getgid", (__SCMP_NR_BASE + 102) },
 	{ "getgid32", __PNR_getgid32 },
-	{ "getgroups", (__NR_SYSCALL_BASE + 113) },
+	{ "getgroups", (__SCMP_NR_BASE + 113) },
 	{ "getgroups32", __PNR_getgroups32 },
-	{ "getitimer", (__NR_SYSCALL_BASE + 35) },
-	{ "getpeername", (__NR_SYSCALL_BASE + 51) },
-	{ "getpgid", (__NR_SYSCALL_BASE + 119) },
-	{ "getpgrp", (__NR_SYSCALL_BASE + 109) },
-	{ "getpid", (__NR_SYSCALL_BASE + 38) },
-	{ "getpmsg", (__NR_SYSCALL_BASE + 174) },
-	{ "getppid", (__NR_SYSCALL_BASE + 108) },
-	{ "getpriority", (__NR_SYSCALL_BASE + 137) },
-	{ "getrandom", (__NR_SYSCALL_BASE + 313) },
-	{ "getresgid", (__NR_SYSCALL_BASE + 118) },
+	{ "getitimer", (__SCMP_NR_BASE + 35) },
+	{ "getpeername", (__SCMP_NR_BASE + 51) },
+	{ "getpgid", (__SCMP_NR_BASE + 119) },
+	{ "getpgrp", (__SCMP_NR_BASE + 109) },
+	{ "getpid", (__SCMP_NR_BASE + 38) },
+	{ "getpmsg", (__SCMP_NR_BASE + 174) },
+	{ "getppid", (__SCMP_NR_BASE + 108) },
+	{ "getpriority", (__SCMP_NR_BASE + 137) },
+	{ "getrandom", (__SCMP_NR_BASE + 313) },
+	{ "getresgid", (__SCMP_NR_BASE + 118) },
 	{ "getresgid32", __PNR_getresgid32 },
-	{ "getresuid", (__NR_SYSCALL_BASE + 116) },
+	{ "getresuid", (__SCMP_NR_BASE + 116) },
 	{ "getresuid32", __PNR_getresuid32 },
-	{ "getrlimit", (__NR_SYSCALL_BASE + 95) },
-	{ "getrusage", (__NR_SYSCALL_BASE + 96) },
-	{ "getsid", (__NR_SYSCALL_BASE + 122) },
-	{ "getsockname", (__NR_SYSCALL_BASE + 50) },
-	{ "getsockopt", (__NR_SYSCALL_BASE + 54) },
-	{ "gettid", (__NR_SYSCALL_BASE + 178) },
-	{ "gettimeofday", (__NR_SYSCALL_BASE + 94) },
-	{ "getuid", (__NR_SYSCALL_BASE + 100) },
+	{ "getrlimit", (__SCMP_NR_BASE + 95) },
+	{ "getrusage", (__SCMP_NR_BASE + 96) },
+	{ "getsid", (__SCMP_NR_BASE + 122) },
+	{ "getsockname", (__SCMP_NR_BASE + 50) },
+	{ "getsockopt", (__SCMP_NR_BASE + 54) },
+	{ "gettid", (__SCMP_NR_BASE + 178) },
+	{ "gettimeofday", (__SCMP_NR_BASE + 94) },
+	{ "getuid", (__SCMP_NR_BASE + 100) },
 	{ "getuid32", __PNR_getuid32 },
-	{ "getxattr", (__NR_SYSCALL_BASE + 183) },
+	{ "getxattr", (__SCMP_NR_BASE + 183) },
 	{ "gtty", __PNR_gtty },
 	{ "idle", __PNR_idle },
-	{ "init_module", (__NR_SYSCALL_BASE + 168) },
-	{ "inotify_add_watch", (__NR_SYSCALL_BASE + 244) },
-	{ "inotify_init", (__NR_SYSCALL_BASE + 243) },
-	{ "inotify_init1", (__NR_SYSCALL_BASE + 288) },
-	{ "inotify_rm_watch", (__NR_SYSCALL_BASE + 245) },
-	{ "io_cancel", (__NR_SYSCALL_BASE + 204) },
-	{ "io_destroy", (__NR_SYSCALL_BASE + 201) },
-	{ "io_getevents", (__NR_SYSCALL_BASE + 202) },
-	{ "io_setup", (__NR_SYSCALL_BASE + 200) },
-	{ "io_submit", (__NR_SYSCALL_BASE + 203) },
-	{ "ioctl", (__NR_SYSCALL_BASE + 15) },
+	{ "init_module", (__SCMP_NR_BASE + 168) },
+	{ "inotify_add_watch", (__SCMP_NR_BASE + 244) },
+	{ "inotify_init", (__SCMP_NR_BASE + 243) },
+	{ "inotify_init1", (__SCMP_NR_BASE + 288) },
+	{ "inotify_rm_watch", (__SCMP_NR_BASE + 245) },
+	{ "io_cancel", (__SCMP_NR_BASE + 204) },
+	{ "io_destroy", (__SCMP_NR_BASE + 201) },
+	{ "io_getevents", (__SCMP_NR_BASE + 202) },
+	{ "io_setup", (__SCMP_NR_BASE + 200) },
+	{ "io_submit", (__SCMP_NR_BASE + 203) },
+	{ "ioctl", (__SCMP_NR_BASE + 15) },
 	{ "ioperm", __PNR_ioperm },
 	{ "iopl", __PNR_iopl },
-	{ "ioprio_get", (__NR_SYSCALL_BASE + 274) },
-	{ "ioprio_set", (__NR_SYSCALL_BASE + 273) },
+	{ "ioprio_get", (__SCMP_NR_BASE + 274) },
+	{ "ioprio_set", (__SCMP_NR_BASE + 273) },
 	{ "ipc", __PNR_ipc },
-	{ "kcmp", (__NR_SYSCALL_BASE + 306) },
+	{ "kcmp", (__SCMP_NR_BASE + 306) },
 	{ "kexec_file_load", __PNR_kexec_file_load },
-	{ "kexec_load", (__NR_SYSCALL_BASE + 270) },
-	{ "keyctl", (__NR_SYSCALL_BASE + 241) },
-	{ "kill", (__NR_SYSCALL_BASE + 60) },
-	{ "lchown", (__NR_SYSCALL_BASE + 92) },
+	{ "kexec_load", (__SCMP_NR_BASE + 270) },
+	{ "keyctl", (__SCMP_NR_BASE + 241) },
+	{ "kill", (__SCMP_NR_BASE + 60) },
+	{ "lchown", (__SCMP_NR_BASE + 92) },
 	{ "lchown32", __PNR_lchown32 },
-	{ "lgetxattr", (__NR_SYSCALL_BASE + 184) },
-	{ "link", (__NR_SYSCALL_BASE + 84) },
-	{ "linkat", (__NR_SYSCALL_BASE + 255) },
-	{ "listen", (__NR_SYSCALL_BASE + 49) },
-	{ "listxattr", (__NR_SYSCALL_BASE + 186) },
-	{ "llistxattr", (__NR_SYSCALL_BASE + 187) },
+	{ "lgetxattr", (__SCMP_NR_BASE + 184) },
+	{ "link", (__SCMP_NR_BASE + 84) },
+	{ "linkat", (__SCMP_NR_BASE + 255) },
+	{ "listen", (__SCMP_NR_BASE + 49) },
+	{ "listxattr", (__SCMP_NR_BASE + 186) },
+	{ "llistxattr", (__SCMP_NR_BASE + 187) },
 	{ "lock", __PNR_lock },
-	{ "lookup_dcookie", (__NR_SYSCALL_BASE + 206) },
-	{ "lremovexattr", (__NR_SYSCALL_BASE + 190) },
-	{ "lseek", (__NR_SYSCALL_BASE + 8) },
-	{ "lsetxattr", (__NR_SYSCALL_BASE + 181) },
-	{ "lstat", (__NR_SYSCALL_BASE + 6) },
+	{ "lookup_dcookie", (__SCMP_NR_BASE + 206) },
+	{ "lremovexattr", (__SCMP_NR_BASE + 190) },
+	{ "lseek", (__SCMP_NR_BASE + 8) },
+	{ "lsetxattr", (__SCMP_NR_BASE + 181) },
+	{ "lstat", (__SCMP_NR_BASE + 6) },
 	{ "lstat64", __PNR_lstat64 },
-	{ "madvise", (__NR_SYSCALL_BASE + 27) },
-	{ "mbind", (__NR_SYSCALL_BASE + 227) },
-	{ "memfd_create", (__NR_SYSCALL_BASE + 314) },
-	{ "migrate_pages", (__NR_SYSCALL_BASE + 246) },
-	{ "mincore", (__NR_SYSCALL_BASE + 26) },
-	{ "mkdir", (__NR_SYSCALL_BASE + 81) },
-	{ "mkdirat", (__NR_SYSCALL_BASE + 248) },
-	{ "mknod", (__NR_SYSCALL_BASE + 131) },
-	{ "mknodat", (__NR_SYSCALL_BASE + 249) },
-	{ "mlock", (__NR_SYSCALL_BASE + 146) },
-	{ "mlockall", (__NR_SYSCALL_BASE + 148) },
-	{ "mmap", (__NR_SYSCALL_BASE + 9) },
+	{ "madvise", (__SCMP_NR_BASE + 27) },
+	{ "mbind", (__SCMP_NR_BASE + 227) },
+	{ "membarrier",  (__SCMP_NR_BASE + 318) },
+	{ "memfd_create", (__SCMP_NR_BASE + 314) },
+	{ "migrate_pages", (__SCMP_NR_BASE + 246) },
+	{ "mincore", (__SCMP_NR_BASE + 26) },
+	{ "mkdir", (__SCMP_NR_BASE + 81) },
+	{ "mkdirat", (__SCMP_NR_BASE + 248) },
+	{ "mknod", (__SCMP_NR_BASE + 131) },
+	{ "mknodat", (__SCMP_NR_BASE + 249) },
+	{ "mlock", (__SCMP_NR_BASE + 146) },
+	{ "mlock2", (__SCMP_NR_BASE + 319) },
+	{ "mlockall", (__SCMP_NR_BASE + 148) },
+	{ "mmap", (__SCMP_NR_BASE + 9) },
 	{ "mmap2", __PNR_mmap2 },
 	{ "modify_ldt", __PNR_modify_ldt },
-	{ "mount", (__NR_SYSCALL_BASE + 160) },
-	{ "move_pages", (__NR_SYSCALL_BASE + 267) },
-	{ "mprotect", (__NR_SYSCALL_BASE + 10) },
+	{ "mount", (__SCMP_NR_BASE + 160) },
+	{ "move_pages", (__SCMP_NR_BASE + 267) },
+	{ "mprotect", (__SCMP_NR_BASE + 10) },
 	{ "mpx", __PNR_mpx },
-	{ "mq_getsetattr", (__NR_SYSCALL_BASE + 235) },
-	{ "mq_notify", (__NR_SYSCALL_BASE + 234) },
-	{ "mq_open", (__NR_SYSCALL_BASE + 230) },
-	{ "mq_timedreceive", (__NR_SYSCALL_BASE + 233) },
-	{ "mq_timedsend", (__NR_SYSCALL_BASE + 232) },
-	{ "mq_unlink", (__NR_SYSCALL_BASE + 231) },
-	{ "mremap", (__NR_SYSCALL_BASE + 24) },
-	{ "msgctl", (__NR_SYSCALL_BASE + 69) },
-	{ "msgget", (__NR_SYSCALL_BASE + 66) },
-	{ "msgrcv", (__NR_SYSCALL_BASE + 68) },
-	{ "msgsnd", (__NR_SYSCALL_BASE + 67) },
-	{ "msync", (__NR_SYSCALL_BASE + 25) },
-	{ "munlock", (__NR_SYSCALL_BASE + 147) },
-	{ "munlockall", (__NR_SYSCALL_BASE + 149) },
-	{ "munmap", (__NR_SYSCALL_BASE + 11) },
-	{ "name_to_handle_at", (__NR_SYSCALL_BASE + 298) },
-	{ "nanosleep", (__NR_SYSCALL_BASE + 34) },
-	{ "newfstatat", (__NR_SYSCALL_BASE + 252) },
-	{ "nfsservctl", (__NR_SYSCALL_BASE + 173) },
+	{ "mq_getsetattr", (__SCMP_NR_BASE + 235) },
+	{ "mq_notify", (__SCMP_NR_BASE + 234) },
+	{ "mq_open", (__SCMP_NR_BASE + 230) },
+	{ "mq_timedreceive", (__SCMP_NR_BASE + 233) },
+	{ "mq_timedsend", (__SCMP_NR_BASE + 232) },
+	{ "mq_unlink", (__SCMP_NR_BASE + 231) },
+	{ "mremap", (__SCMP_NR_BASE + 24) },
+	{ "msgctl", (__SCMP_NR_BASE + 69) },
+	{ "msgget", (__SCMP_NR_BASE + 66) },
+	{ "msgrcv", (__SCMP_NR_BASE + 68) },
+	{ "msgsnd", (__SCMP_NR_BASE + 67) },
+	{ "msync", (__SCMP_NR_BASE + 25) },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", (__SCMP_NR_BASE + 147) },
+	{ "munlockall", (__SCMP_NR_BASE + 149) },
+	{ "munmap", (__SCMP_NR_BASE + 11) },
+	{ "name_to_handle_at", (__SCMP_NR_BASE + 298) },
+	{ "nanosleep", (__SCMP_NR_BASE + 34) },
+	{ "newfstatat", (__SCMP_NR_BASE + 252) },
+	{ "nfsservctl", (__SCMP_NR_BASE + 173) },
 	{ "nice", __PNR_nice },
 	{ "oldfstat", __PNR_oldfstat },
 	{ "oldlstat", __PNR_oldlstat },
@@ -242,204 +246,215 @@
 	{ "oldstat", __PNR_oldstat },
 	{ "olduname", __PNR_olduname },
 	{ "oldwait4", __PNR_oldwait4 },
-	{ "open", (__NR_SYSCALL_BASE + 2) },
-	{ "open_by_handle_at", (__NR_SYSCALL_BASE + 299) },
-	{ "openat", (__NR_SYSCALL_BASE + 247) },
-	{ "pause", (__NR_SYSCALL_BASE + 33) },
+	{ "open", (__SCMP_NR_BASE + 2) },
+	{ "open_by_handle_at", (__SCMP_NR_BASE + 299) },
+	{ "openat", (__SCMP_NR_BASE + 247) },
+	{ "pause", (__SCMP_NR_BASE + 33) },
 	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
 	{ "pciconfig_read", __PNR_pciconfig_read },
 	{ "pciconfig_write", __PNR_pciconfig_write },
-	{ "perf_event_open", (__NR_SYSCALL_BASE + 292) },
-	{ "personality", (__NR_SYSCALL_BASE + 132) },
-	{ "pipe", (__NR_SYSCALL_BASE + 21) },
-	{ "pipe2", (__NR_SYSCALL_BASE + 287) },
-	{ "pivot_root", (__NR_SYSCALL_BASE + 151) },
-	{ "poll", (__NR_SYSCALL_BASE + 7) },
-	{ "ppoll", (__NR_SYSCALL_BASE + 261) },
-	{ "prctl", (__NR_SYSCALL_BASE + 153) },
-	{ "pread64", (__NR_SYSCALL_BASE + 16) },
-	{ "preadv", (__NR_SYSCALL_BASE + 289) },
-	{ "prlimit64", (__NR_SYSCALL_BASE + 297) },
-	{ "process_vm_readv", (__NR_SYSCALL_BASE + 304) },
-	{ "process_vm_writev", (__NR_SYSCALL_BASE + 305) },
+	{ "perf_event_open", (__SCMP_NR_BASE + 292) },
+	{ "personality", (__SCMP_NR_BASE + 132) },
+	{ "pipe", (__SCMP_NR_BASE + 21) },
+	{ "pipe2", (__SCMP_NR_BASE + 287) },
+	{ "pivot_root", (__SCMP_NR_BASE + 151) },
+	{ "poll", (__SCMP_NR_BASE + 7) },
+	{ "ppoll", (__SCMP_NR_BASE + 261) },
+	{ "prctl", (__SCMP_NR_BASE + 153) },
+	{ "pread64", (__SCMP_NR_BASE + 16) },
+	{ "preadv", (__SCMP_NR_BASE + 289) },
+	{ "prlimit64", (__SCMP_NR_BASE + 297) },
+	{ "process_vm_readv", (__SCMP_NR_BASE + 304) },
+	{ "process_vm_writev", (__SCMP_NR_BASE + 305) },
 	{ "prof", __PNR_prof },
 	{ "profil", __PNR_profil },
-	{ "pselect6", (__NR_SYSCALL_BASE + 260) },
-	{ "ptrace", (__NR_SYSCALL_BASE + 99) },
-	{ "putpmsg", (__NR_SYSCALL_BASE + 175) },
-	{ "pwrite64", (__NR_SYSCALL_BASE + 17) },
-	{ "pwritev", (__NR_SYSCALL_BASE + 290) },
-	{ "query_module", (__NR_SYSCALL_BASE + 171) },
-	{ "quotactl", (__NR_SYSCALL_BASE + 172) },
-	{ "read", (__NR_SYSCALL_BASE + 0) },
-	{ "readahead", (__NR_SYSCALL_BASE + 179) },
+	{ "pselect6", (__SCMP_NR_BASE + 260) },
+	{ "ptrace", (__SCMP_NR_BASE + 99) },
+	{ "putpmsg", (__SCMP_NR_BASE + 175) },
+	{ "pwrite64", (__SCMP_NR_BASE + 17) },
+	{ "pwritev", (__SCMP_NR_BASE + 290) },
+	{ "query_module", (__SCMP_NR_BASE + 171) },
+	{ "quotactl", (__SCMP_NR_BASE + 172) },
+	{ "read", (__SCMP_NR_BASE + 0) },
+	{ "readahead", (__SCMP_NR_BASE + 179) },
 	{ "readdir", __PNR_readdir },
-	{ "readlink", (__NR_SYSCALL_BASE + 87) },
-	{ "readlinkat", (__NR_SYSCALL_BASE + 257) },
-	{ "readv", (__NR_SYSCALL_BASE + 18) },
-	{ "reboot", (__NR_SYSCALL_BASE + 164) },
+	{ "readlink", (__SCMP_NR_BASE + 87) },
+	{ "readlinkat", (__SCMP_NR_BASE + 257) },
+	{ "readv", (__SCMP_NR_BASE + 18) },
+	{ "reboot", (__SCMP_NR_BASE + 164) },
 	{ "recv", __PNR_recv },
-	{ "recvfrom", (__NR_SYSCALL_BASE + 44) },
-	{ "recvmmsg", (__NR_SYSCALL_BASE + 294) },
-	{ "recvmsg", (__NR_SYSCALL_BASE + 46) },
-	{ "remap_file_pages", (__NR_SYSCALL_BASE + 210) },
-	{ "removexattr", (__NR_SYSCALL_BASE + 189) },
-	{ "rename", (__NR_SYSCALL_BASE + 80) },
-	{ "renameat", (__NR_SYSCALL_BASE + 254) },
-	{ "renameat2", (__NR_SYSCALL_BASE + 311) },
-	{ "request_key", (__NR_SYSCALL_BASE + 240) },
-	{ "restart_syscall", (__NR_SYSCALL_BASE + 213) },
-	{ "rmdir", (__NR_SYSCALL_BASE + 82) },
-	{ "rt_sigaction", (__NR_SYSCALL_BASE + 13) },
-	{ "rt_sigpending", (__NR_SYSCALL_BASE + 125) },
-	{ "rt_sigprocmask", (__NR_SYSCALL_BASE + 14) },
-	{ "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 127) },
-	{ "rt_sigreturn", (__NR_SYSCALL_BASE + 211) },
-	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
-	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
-	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 291) },
-	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
-	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
-	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
-	{ "sched_getattr", (__NR_SYSCALL_BASE + 310) },
-	{ "sched_getparam", (__NR_SYSCALL_BASE + 140) },
-	{ "sched_getscheduler", (__NR_SYSCALL_BASE + 142) },
-	{ "sched_rr_get_interval", (__NR_SYSCALL_BASE + 145) },
-	{ "sched_setaffinity", (__NR_SYSCALL_BASE + 195) },
-	{ "sched_setattr", (__NR_SYSCALL_BASE + 309) },
-	{ "sched_setparam", (__NR_SYSCALL_BASE + 139) },
-	{ "sched_setscheduler", (__NR_SYSCALL_BASE + 141) },
-	{ "sched_yield", (__NR_SYSCALL_BASE + 23) },
-	{ "seccomp", (__NR_SYSCALL_BASE + 312) },
+	{ "recvfrom", (__SCMP_NR_BASE + 44) },
+	{ "recvmmsg", (__SCMP_NR_BASE + 294) },
+	{ "recvmsg", (__SCMP_NR_BASE + 46) },
+	{ "remap_file_pages", (__SCMP_NR_BASE + 210) },
+	{ "removexattr", (__SCMP_NR_BASE + 189) },
+	{ "rename", (__SCMP_NR_BASE + 80) },
+	{ "renameat", (__SCMP_NR_BASE + 254) },
+	{ "renameat2", (__SCMP_NR_BASE + 311) },
+	{ "request_key", (__SCMP_NR_BASE + 240) },
+	{ "restart_syscall", (__SCMP_NR_BASE + 213) },
+	{ "rmdir", (__SCMP_NR_BASE + 82) },
+	{ "rt_sigaction", (__SCMP_NR_BASE + 13) },
+	{ "rt_sigpending", (__SCMP_NR_BASE + 125) },
+	{ "rt_sigprocmask", (__SCMP_NR_BASE + 14) },
+	{ "rt_sigqueueinfo", (__SCMP_NR_BASE + 127) },
+	{ "rt_sigreturn", (__SCMP_NR_BASE + 211) },
+	{ "rt_sigsuspend", (__SCMP_NR_BASE + 128) },
+	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 126) },
+	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 291) },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "sched_get_priority_max", (__SCMP_NR_BASE + 143) },
+	{ "sched_get_priority_min", (__SCMP_NR_BASE + 144) },
+	{ "sched_getaffinity", (__SCMP_NR_BASE + 196) },
+	{ "sched_getattr", (__SCMP_NR_BASE + 310) },
+	{ "sched_getparam", (__SCMP_NR_BASE + 140) },
+	{ "sched_getscheduler", (__SCMP_NR_BASE + 142) },
+	{ "sched_rr_get_interval", (__SCMP_NR_BASE + 145) },
+	{ "sched_setaffinity", (__SCMP_NR_BASE + 195) },
+	{ "sched_setattr", (__SCMP_NR_BASE + 309) },
+	{ "sched_setparam", (__SCMP_NR_BASE + 139) },
+	{ "sched_setscheduler", (__SCMP_NR_BASE + 141) },
+	{ "sched_yield", (__SCMP_NR_BASE + 23) },
+	{ "seccomp", (__SCMP_NR_BASE + 312) },
 	{ "security", __PNR_security },
 	{ "select", __PNR_select },
-	{ "semctl", (__NR_SYSCALL_BASE + 64) },
-	{ "semget", (__NR_SYSCALL_BASE + 62) },
-	{ "semop", (__NR_SYSCALL_BASE + 63) },
-	{ "semtimedop", (__NR_SYSCALL_BASE + 214) },
+	{ "semctl", (__SCMP_NR_BASE + 64) },
+	{ "semget", (__SCMP_NR_BASE + 62) },
+	{ "semop", (__SCMP_NR_BASE + 63) },
+	{ "semtimedop", (__SCMP_NR_BASE + 214) },
 	{ "send", __PNR_send },
-	{ "sendfile", (__NR_SYSCALL_BASE + 39) },
+	{ "sendfile", (__SCMP_NR_BASE + 39) },
 	{ "sendfile64", __PNR_sendfile64 },
-	{ "sendmmsg", (__NR_SYSCALL_BASE + 302) },
-	{ "sendmsg", (__NR_SYSCALL_BASE + 45) },
-	{ "sendto", (__NR_SYSCALL_BASE + 43) },
-	{ "set_mempolicy", (__NR_SYSCALL_BASE + 229) },
-	{ "set_robust_list", (__NR_SYSCALL_BASE + 268) },
-	{ "set_thread_area", (__NR_SYSCALL_BASE + 242) },
-	{ "set_tid_address", (__NR_SYSCALL_BASE + 212) },
+	{ "sendmmsg", (__SCMP_NR_BASE + 302) },
+	{ "sendmsg", (__SCMP_NR_BASE + 45) },
+	{ "sendto", (__SCMP_NR_BASE + 43) },
+	{ "set_mempolicy", (__SCMP_NR_BASE + 229) },
+	{ "set_robust_list", (__SCMP_NR_BASE + 268) },
+	{ "set_thread_area", (__SCMP_NR_BASE + 242) },
+	{ "set_tid_address", (__SCMP_NR_BASE + 212) },
 	{ "set_tls", __PNR_set_tls },
-	{ "setdomainname", (__NR_SYSCALL_BASE + 166) },
-	{ "setfsgid", (__NR_SYSCALL_BASE + 121) },
+	{ "setdomainname", (__SCMP_NR_BASE + 166) },
+	{ "setfsgid", (__SCMP_NR_BASE + 121) },
 	{ "setfsgid32", __PNR_setfsgid32 },
-	{ "setfsuid", (__NR_SYSCALL_BASE + 120) },
+	{ "setfsuid", (__SCMP_NR_BASE + 120) },
 	{ "setfsuid32", __PNR_setfsuid32 },
-	{ "setgid", (__NR_SYSCALL_BASE + 104) },
+	{ "setgid", (__SCMP_NR_BASE + 104) },
 	{ "setgid32", __PNR_setgid32 },
-	{ "setgroups", (__NR_SYSCALL_BASE + 114) },
+	{ "setgroups", (__SCMP_NR_BASE + 114) },
 	{ "setgroups32", __PNR_setgroups32 },
-	{ "sethostname", (__NR_SYSCALL_BASE + 165) },
-	{ "setitimer", (__NR_SYSCALL_BASE + 36) },
-	{ "setns", (__NR_SYSCALL_BASE + 303) },
-	{ "setpgid", (__NR_SYSCALL_BASE + 107) },
-	{ "setpriority", (__NR_SYSCALL_BASE + 138) },
-	{ "setregid", (__NR_SYSCALL_BASE + 112) },
+	{ "sethostname", (__SCMP_NR_BASE + 165) },
+	{ "setitimer", (__SCMP_NR_BASE + 36) },
+	{ "setns", (__SCMP_NR_BASE + 303) },
+	{ "setpgid", (__SCMP_NR_BASE + 107) },
+	{ "setpriority", (__SCMP_NR_BASE + 138) },
+	{ "setregid", (__SCMP_NR_BASE + 112) },
 	{ "setregid32", __PNR_setregid32 },
-	{ "setresgid", (__NR_SYSCALL_BASE + 117) },
+	{ "setresgid", (__SCMP_NR_BASE + 117) },
 	{ "setresgid32", __PNR_setresgid32 },
-	{ "setresuid", (__NR_SYSCALL_BASE + 115) },
+	{ "setresuid", (__SCMP_NR_BASE + 115) },
 	{ "setresuid32", __PNR_setresuid32 },
-	{ "setreuid", (__NR_SYSCALL_BASE + 111) },
+	{ "setreuid", (__SCMP_NR_BASE + 111) },
 	{ "setreuid32", __PNR_setreuid32 },
-	{ "setrlimit", (__NR_SYSCALL_BASE + 155) },
-	{ "setsid", (__NR_SYSCALL_BASE + 110) },
-	{ "setsockopt", (__NR_SYSCALL_BASE + 53) },
-	{ "settimeofday", (__NR_SYSCALL_BASE + 159) },
-	{ "setuid", (__NR_SYSCALL_BASE + 103) },
+	{ "setrlimit", (__SCMP_NR_BASE + 155) },
+	{ "setsid", (__SCMP_NR_BASE + 110) },
+	{ "setsockopt", (__SCMP_NR_BASE + 53) },
+	{ "settimeofday", (__SCMP_NR_BASE + 159) },
+	{ "setuid", (__SCMP_NR_BASE + 103) },
 	{ "setuid32", __PNR_setuid32 },
-	{ "setxattr", (__NR_SYSCALL_BASE + 180) },
+	{ "setxattr", (__SCMP_NR_BASE + 180) },
 	{ "sgetmask", __PNR_sgetmask },
-	{ "shmat", (__NR_SYSCALL_BASE + 29) },
-	{ "shmctl", (__NR_SYSCALL_BASE + 30) },
-	{ "shmdt", (__NR_SYSCALL_BASE + 65) },
-	{ "shmget", (__NR_SYSCALL_BASE + 28) },
-	{ "shutdown", (__NR_SYSCALL_BASE + 47) },
+	{ "shmat", (__SCMP_NR_BASE + 29) },
+	{ "shmctl", (__SCMP_NR_BASE + 30) },
+	{ "shmdt", (__SCMP_NR_BASE + 65) },
+	{ "shmget", (__SCMP_NR_BASE + 28) },
+	{ "shutdown", (__SCMP_NR_BASE + 47) },
 	{ "sigaction", __PNR_sigaction },
-	{ "sigaltstack", (__NR_SYSCALL_BASE + 129) },
+	{ "sigaltstack", (__SCMP_NR_BASE + 129) },
 	{ "signal", __PNR_signal },
-	{ "signalfd", (__NR_SYSCALL_BASE + 276) },
-	{ "signalfd4", (__NR_SYSCALL_BASE + 283) },
+	{ "signalfd", (__SCMP_NR_BASE + 276) },
+	{ "signalfd4", (__SCMP_NR_BASE + 283) },
 	{ "sigpending", __PNR_sigpending },
 	{ "sigprocmask", __PNR_sigprocmask },
 	{ "sigreturn", __PNR_sigreturn },
 	{ "sigsuspend", __PNR_sigsuspend },
-	{ "socket", (__NR_SYSCALL_BASE + 40) },
+	{ "socket", (__SCMP_NR_BASE + 40) },
 	{ "socketcall", __PNR_socketcall },
-	{ "socketpair", (__NR_SYSCALL_BASE + 52) },
-	{ "splice", (__NR_SYSCALL_BASE + 263) },
+	{ "socketpair", (__SCMP_NR_BASE + 52) },
+	{ "splice", (__SCMP_NR_BASE + 263) },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", __PNR_ssetmask },
-	{ "stat", (__NR_SYSCALL_BASE + 4) },
+	{ "stat", (__SCMP_NR_BASE + 4) },
 	{ "stat64", __PNR_stat64 },
-	{ "statfs", (__NR_SYSCALL_BASE + 134) },
+	{ "statfs", (__SCMP_NR_BASE + 134) },
 	{ "statfs64", __PNR_statfs64 },
 	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
-	{ "swapoff", (__NR_SYSCALL_BASE + 163) },
-	{ "swapon", (__NR_SYSCALL_BASE + 162) },
-	{ "symlink", (__NR_SYSCALL_BASE + 86) },
-	{ "symlinkat", (__NR_SYSCALL_BASE + 256) },
-	{ "sync", (__NR_SYSCALL_BASE + 157) },
-	{ "sync_file_range", (__NR_SYSCALL_BASE + 264) },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", (__SCMP_NR_BASE + 163) },
+	{ "swapon", (__SCMP_NR_BASE + 162) },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", (__SCMP_NR_BASE + 86) },
+	{ "symlinkat", (__SCMP_NR_BASE + 256) },
+	{ "sync", (__SCMP_NR_BASE + 157) },
+	{ "sync_file_range", (__SCMP_NR_BASE + 264) },
 	{ "sync_file_range2", __PNR_sync_file_range2 },
-	{ "syncfs", (__NR_SYSCALL_BASE + 301) },
+	{ "syncfs", (__SCMP_NR_BASE + 301) },
 	{ "syscall", __PNR_syscall },
-	{ "sysfs", (__NR_SYSCALL_BASE + 136) },
-	{ "sysinfo", (__NR_SYSCALL_BASE + 97) },
-	{ "syslog", (__NR_SYSCALL_BASE + 101) },
-	{ "sysmips", (__NR_SYSCALL_BASE + 199) },
-	{ "tee", (__NR_SYSCALL_BASE + 265) },
-	{ "tgkill", (__NR_SYSCALL_BASE + 225) },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", (__SCMP_NR_BASE + 136) },
+	{ "sysinfo", (__SCMP_NR_BASE + 97) },
+	{ "syslog", (__SCMP_NR_BASE + 101) },
+	{ "sysmips", (__SCMP_NR_BASE + 199) },
+	{ "tee", (__SCMP_NR_BASE + 265) },
+	{ "tgkill", (__SCMP_NR_BASE + 225) },
 	{ "time", __PNR_time },
-	{ "timer_create", (__NR_SYSCALL_BASE + 216) },
-	{ "timer_delete", (__NR_SYSCALL_BASE + 220) },
-	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 219) },
-	{ "timer_gettime", (__NR_SYSCALL_BASE + 218) },
-	{ "timer_settime", (__NR_SYSCALL_BASE + 217) },
-	{ "timerfd", (__NR_SYSCALL_BASE + 277) },
-	{ "timerfd_create", (__NR_SYSCALL_BASE + 280) },
-	{ "timerfd_gettime", (__NR_SYSCALL_BASE + 281) },
-	{ "timerfd_settime", (__NR_SYSCALL_BASE + 282) },
-	{ "times", (__NR_SYSCALL_BASE + 98) },
-	{ "tkill", (__NR_SYSCALL_BASE + 192) },
-	{ "truncate", (__NR_SYSCALL_BASE + 74) },
+	{ "timer_create", (__SCMP_NR_BASE + 216) },
+	{ "timer_delete", (__SCMP_NR_BASE + 220) },
+	{ "timer_getoverrun", (__SCMP_NR_BASE + 219) },
+	{ "timer_gettime", (__SCMP_NR_BASE + 218) },
+	{ "timer_settime", (__SCMP_NR_BASE + 217) },
+	{ "timerfd", (__SCMP_NR_BASE + 277) },
+	{ "timerfd_create", (__SCMP_NR_BASE + 280) },
+	{ "timerfd_gettime", (__SCMP_NR_BASE + 281) },
+	{ "timerfd_settime", (__SCMP_NR_BASE + 282) },
+	{ "times", (__SCMP_NR_BASE + 98) },
+	{ "tkill", (__SCMP_NR_BASE + 192) },
+	{ "truncate", (__SCMP_NR_BASE + 74) },
 	{ "truncate64", __PNR_truncate64 },
 	{ "tuxcall", __PNR_tuxcall },
 	{ "ugetrlimit", __PNR_ugetrlimit },
 	{ "ulimit", __PNR_ulimit },
-	{ "umask", (__NR_SYSCALL_BASE + 93) },
+	{ "umask", (__SCMP_NR_BASE + 93) },
 	{ "umount", __PNR_umount },
-	{ "umount2", (__NR_SYSCALL_BASE + 161) },
-	{ "uname", (__NR_SYSCALL_BASE + 61) },
-	{ "unlink", (__NR_SYSCALL_BASE + 85) },
-	{ "unlinkat", (__NR_SYSCALL_BASE + 253) },
-	{ "unshare", (__NR_SYSCALL_BASE + 262) },
+	{ "umount2", (__SCMP_NR_BASE + 161) },
+	{ "uname", (__SCMP_NR_BASE + 61) },
+	{ "unlink", (__SCMP_NR_BASE + 85) },
+	{ "unlinkat", (__SCMP_NR_BASE + 253) },
+	{ "unshare", (__SCMP_NR_BASE + 262) },
 	{ "uselib", __PNR_uselib },
+	{ "userfaultfd",  (__SCMP_NR_BASE + 317) },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
-	{ "ustat", (__NR_SYSCALL_BASE + 133) },
-	{ "utime", (__NR_SYSCALL_BASE + 130) },
-	{ "utimensat", (__NR_SYSCALL_BASE + 275) },
-	{ "utimes", (__NR_SYSCALL_BASE + 226) },
+	{ "ustat", (__SCMP_NR_BASE + 133) },
+	{ "utime", (__SCMP_NR_BASE + 130) },
+	{ "utimensat", (__SCMP_NR_BASE + 275) },
+	{ "utimes", (__SCMP_NR_BASE + 226) },
 	{ "vfork", __PNR_vfork },
-	{ "vhangup", (__NR_SYSCALL_BASE + 150) },
+	{ "vhangup", (__SCMP_NR_BASE + 150) },
 	{ "vm86", __PNR_vm86 },
 	{ "vm86old", __PNR_vm86old },
-	{ "vmsplice", (__NR_SYSCALL_BASE + 266) },
-	{ "vserver", (__NR_SYSCALL_BASE + 236) },
-	{ "wait4", (__NR_SYSCALL_BASE + 59) },
-	{ "waitid", (__NR_SYSCALL_BASE + 237) },
+	{ "vmsplice", (__SCMP_NR_BASE + 266) },
+	{ "vserver", (__SCMP_NR_BASE + 236) },
+	{ "wait4", (__SCMP_NR_BASE + 59) },
+	{ "waitid", (__SCMP_NR_BASE + 237) },
 	{ "waitpid", __PNR_waitpid },
-	{ "write", (__NR_SYSCALL_BASE + 1) },
-	{ "writev", (__NR_SYSCALL_BASE + 19) },
+	{ "write", (__SCMP_NR_BASE + 1) },
+	{ "writev", (__SCMP_NR_BASE + 19) },
 	{ NULL, __NR_SCMP_ERROR },
 };
 
diff -Nru libseccomp-2.2.3/src/arch-mips.c libseccomp-2.3.1/src/arch-mips.c
--- libseccomp-2.2.3/src/arch-mips.c	2015-06-28 16:17:00.459527441 +0000
+++ libseccomp-2.3.1/src/arch-mips.c	2016-02-11 18:32:37.531670579 +0000
@@ -32,6 +32,10 @@
 	.token_bpf = AUDIT_ARCH_MIPS,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = mips_syscall_resolve_name,
+	.syscall_resolve_num = mips_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
 
 const struct arch_def arch_def_mipsel = {
@@ -39,4 +43,8 @@
 	.token_bpf = AUDIT_ARCH_MIPSEL,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = mips_syscall_resolve_name,
+	.syscall_resolve_num = mips_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-mips-syscalls.c libseccomp-2.3.1/src/arch-mips-syscalls.c
--- libseccomp-2.2.3/src/arch-mips-syscalls.c	2015-06-28 16:17:00.454527441 +0000
+++ libseccomp-2.3.1/src/arch-mips-syscalls.c	2016-02-19 16:05:36.999890615 +0000
@@ -28,418 +28,433 @@
 #include "arch-mips.h"
 
 /* O32 ABI */
-#define __NR_SYSCALL_BASE	4000
+#define __SCMP_NR_BASE		4000
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def mips_syscall_table[] = { \
-	{ "_llseek", (__NR_SYSCALL_BASE + 140) },
-	{ "_newselect", (__NR_SYSCALL_BASE + 142) },
-	{ "_sysctl", (__NR_SYSCALL_BASE + 153) },
-	{ "accept", (__NR_SYSCALL_BASE + 168) },
-	{ "accept4", (__NR_SYSCALL_BASE + 334) },
-	{ "access", (__NR_SYSCALL_BASE + 33) },
-	{ "acct", (__NR_SYSCALL_BASE + 51) },
-	{ "add_key", (__NR_SYSCALL_BASE + 280) },
-	{ "adjtimex", (__NR_SYSCALL_BASE + 124) },
-	{ "afs_syscall", __NR_SYSCALL_BASE + 137 },
-	{ "alarm", (__NR_SYSCALL_BASE + 27) },
+	{ "_llseek", (__SCMP_NR_BASE + 140) },
+	{ "_newselect", (__SCMP_NR_BASE + 142) },
+	{ "_sysctl", (__SCMP_NR_BASE + 153) },
+	{ "accept", (__SCMP_NR_BASE + 168) },
+	{ "accept4", (__SCMP_NR_BASE + 334) },
+	{ "access", (__SCMP_NR_BASE + 33) },
+	{ "acct", (__SCMP_NR_BASE + 51) },
+	{ "add_key", (__SCMP_NR_BASE + 280) },
+	{ "adjtimex", (__SCMP_NR_BASE + 124) },
+	{ "afs_syscall", __SCMP_NR_BASE + 137 },
+	{ "alarm", (__SCMP_NR_BASE + 27) },
 	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", __PNR_arch_prctl },
-	{ "bdflush", (__NR_SYSCALL_BASE + 134) },
-	{ "bind", (__NR_SYSCALL_BASE + 169) },
-	{ "bpf", (__NR_SYSCALL_BASE + 355) },
-	{ "break", __NR_SYSCALL_BASE + 17 },
+	{ "bdflush", (__SCMP_NR_BASE + 134) },
+	{ "bind", (__SCMP_NR_BASE + 169) },
+	{ "bpf", (__SCMP_NR_BASE + 355) },
+	{ "break", __SCMP_NR_BASE + 17 },
 	{ "breakpoint", __PNR_breakpoint },
-	{ "brk", (__NR_SYSCALL_BASE + 45) },
-	{ "cachectl", (__NR_SYSCALL_BASE + 148) },
-	{ "cacheflush", (__NR_SYSCALL_BASE + 147) },
-	{ "capget", (__NR_SYSCALL_BASE + 204) },
-	{ "capset", (__NR_SYSCALL_BASE + 205) },
-	{ "chdir", (__NR_SYSCALL_BASE + 12) },
-	{ "chmod", (__NR_SYSCALL_BASE + 15) },
-	{ "chown", (__NR_SYSCALL_BASE + 202) },
+	{ "brk", (__SCMP_NR_BASE + 45) },
+	{ "cachectl", (__SCMP_NR_BASE + 148) },
+	{ "cacheflush", (__SCMP_NR_BASE + 147) },
+	{ "capget", (__SCMP_NR_BASE + 204) },
+	{ "capset", (__SCMP_NR_BASE + 205) },
+	{ "chdir", (__SCMP_NR_BASE + 12) },
+	{ "chmod", (__SCMP_NR_BASE + 15) },
+	{ "chown", (__SCMP_NR_BASE + 202) },
 	{ "chown32", (__PNR_chown32) },
-	{ "chroot", (__NR_SYSCALL_BASE + 61) },
-	{ "clock_adjtime", (__NR_SYSCALL_BASE + 341) },
-	{ "clock_getres", (__NR_SYSCALL_BASE + 264) },
-	{ "clock_gettime", (__NR_SYSCALL_BASE + 263) },
-	{ "clock_nanosleep", (__NR_SYSCALL_BASE + 265) },
-	{ "clock_settime", (__NR_SYSCALL_BASE + 262) },
-	{ "clone", (__NR_SYSCALL_BASE + 120) },
-	{ "close", (__NR_SYSCALL_BASE + 6) },
-	{ "connect", (__NR_SYSCALL_BASE + 170) },
-	{ "creat", (__NR_SYSCALL_BASE + 8) },
-	{ "create_module", __NR_SYSCALL_BASE + 127 },
-	{ "delete_module", (__NR_SYSCALL_BASE + 129) },
-	{ "dup", (__NR_SYSCALL_BASE + 41) },
-	{ "dup2", (__NR_SYSCALL_BASE + 63) },
-	{ "dup3", (__NR_SYSCALL_BASE + 327) },
-	{ "epoll_create", (__NR_SYSCALL_BASE + 248) },
-	{ "epoll_create1", (__NR_SYSCALL_BASE + 326) },
-	{ "epoll_ctl", (__NR_SYSCALL_BASE + 249) },
+	{ "chroot", (__SCMP_NR_BASE + 61) },
+	{ "clock_adjtime", (__SCMP_NR_BASE + 341) },
+	{ "clock_getres", (__SCMP_NR_BASE + 264) },
+	{ "clock_gettime", (__SCMP_NR_BASE + 263) },
+	{ "clock_nanosleep", (__SCMP_NR_BASE + 265) },
+	{ "clock_settime", (__SCMP_NR_BASE + 262) },
+	{ "clone", (__SCMP_NR_BASE + 120) },
+	{ "close", (__SCMP_NR_BASE + 6) },
+	{ "connect", (__SCMP_NR_BASE + 170) },
+	{ "copy_file_range", (__SCMP_NR_BASE + 360) },
+	{ "creat", (__SCMP_NR_BASE + 8) },
+	{ "create_module", __SCMP_NR_BASE + 127 },
+	{ "delete_module", (__SCMP_NR_BASE + 129) },
+	{ "dup", (__SCMP_NR_BASE + 41) },
+	{ "dup2", (__SCMP_NR_BASE + 63) },
+	{ "dup3", (__SCMP_NR_BASE + 327) },
+	{ "epoll_create", (__SCMP_NR_BASE + 248) },
+	{ "epoll_create1", (__SCMP_NR_BASE + 326) },
+	{ "epoll_ctl", (__SCMP_NR_BASE + 249) },
 	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
-	{ "epoll_pwait", (__NR_SYSCALL_BASE + 313) },
-	{ "epoll_wait", (__NR_SYSCALL_BASE + 250) },
+	{ "epoll_pwait", (__SCMP_NR_BASE + 313) },
+	{ "epoll_wait", (__SCMP_NR_BASE + 250) },
 	{ "epoll_wait_old", __PNR_epoll_wait_old },
-	{ "eventfd", (__NR_SYSCALL_BASE + 319) },
-	{ "eventfd2", (__NR_SYSCALL_BASE + 325) },
-	{ "execve", (__NR_SYSCALL_BASE + 11) },
-	{ "execveat", (__NR_SYSCALL_BASE + 356) },
-	{ "exit", (__NR_SYSCALL_BASE + 1) },
-	{ "exit_group", (__NR_SYSCALL_BASE + 246) },
-	{ "faccessat", (__NR_SYSCALL_BASE + 300) },
-	{ "fadvise64", __NR_SYSCALL_BASE + 254 },
+	{ "eventfd", (__SCMP_NR_BASE + 319) },
+	{ "eventfd2", (__SCMP_NR_BASE + 325) },
+	{ "execve", (__SCMP_NR_BASE + 11) },
+	{ "execveat", (__SCMP_NR_BASE + 356) },
+	{ "exit", (__SCMP_NR_BASE + 1) },
+	{ "exit_group", (__SCMP_NR_BASE + 246) },
+	{ "faccessat", (__SCMP_NR_BASE + 300) },
+	{ "fadvise64", __SCMP_NR_BASE + 254 },
 	{ "fadvise64_64", __PNR_fadvise64_64 },
-	{ "fallocate", (__NR_SYSCALL_BASE + 320) },
-	{ "fanotify_init", (__NR_SYSCALL_BASE + 336) },
-	{ "fanotify_mark", (__NR_SYSCALL_BASE + 337) },
-	{ "fchdir", (__NR_SYSCALL_BASE + 133) },
-	{ "fchmod", (__NR_SYSCALL_BASE + 94) },
-	{ "fchmodat", (__NR_SYSCALL_BASE + 299) },
-	{ "fchown", (__NR_SYSCALL_BASE + 95) },
+	{ "fallocate", (__SCMP_NR_BASE + 320) },
+	{ "fanotify_init", (__SCMP_NR_BASE + 336) },
+	{ "fanotify_mark", (__SCMP_NR_BASE + 337) },
+	{ "fchdir", (__SCMP_NR_BASE + 133) },
+	{ "fchmod", (__SCMP_NR_BASE + 94) },
+	{ "fchmodat", (__SCMP_NR_BASE + 299) },
+	{ "fchown", (__SCMP_NR_BASE + 95) },
 	{ "fchown32", (__PNR_fchown32) },
-	{ "fchownat", (__NR_SYSCALL_BASE + 291) },
-	{ "fcntl", (__NR_SYSCALL_BASE + 55) },
-	{ "fcntl64", (__NR_SYSCALL_BASE + 220) },
-	{ "fdatasync", (__NR_SYSCALL_BASE + 152) },
-	{ "fgetxattr", (__NR_SYSCALL_BASE + 229) },
-	{ "finit_module", (__NR_SYSCALL_BASE + 348) },
-	{ "flistxattr", (__NR_SYSCALL_BASE + 232) },
-	{ "flock", (__NR_SYSCALL_BASE + 143) },
-	{ "fork", (__NR_SYSCALL_BASE + 2) },
-	{ "fremovexattr", (__NR_SYSCALL_BASE + 235) },
-	{ "fsetxattr", (__NR_SYSCALL_BASE + 226) },
-	{ "fstat", (__NR_SYSCALL_BASE + 108) },
-	{ "fstat64", (__NR_SYSCALL_BASE + 215) },
-	{ "fstatat64", (__NR_SYSCALL_BASE + 293) },
-	{ "fstatfs", (__NR_SYSCALL_BASE + 100) },
-	{ "fstatfs64", (__NR_SYSCALL_BASE + 256) },
-	{ "fsync", (__NR_SYSCALL_BASE + 118) },
-	{ "ftime", (__NR_SYSCALL_BASE + 35) },
-	{ "ftruncate", (__NR_SYSCALL_BASE + 93) },
-	{ "ftruncate64", (__NR_SYSCALL_BASE + 212) },
-	{ "futex", (__NR_SYSCALL_BASE + 238) },
-	{ "futimesat", (__NR_SYSCALL_BASE + 292) },
-	{ "get_kernel_syms", (__NR_SYSCALL_BASE + 130) },
-	{ "get_mempolicy", (__NR_SYSCALL_BASE + 269) },
-	{ "get_robust_list", (__NR_SYSCALL_BASE + 310) },
+	{ "fchownat", (__SCMP_NR_BASE + 291) },
+	{ "fcntl", (__SCMP_NR_BASE + 55) },
+	{ "fcntl64", (__SCMP_NR_BASE + 220) },
+	{ "fdatasync", (__SCMP_NR_BASE + 152) },
+	{ "fgetxattr", (__SCMP_NR_BASE + 229) },
+	{ "finit_module", (__SCMP_NR_BASE + 348) },
+	{ "flistxattr", (__SCMP_NR_BASE + 232) },
+	{ "flock", (__SCMP_NR_BASE + 143) },
+	{ "fork", (__SCMP_NR_BASE + 2) },
+	{ "fremovexattr", (__SCMP_NR_BASE + 235) },
+	{ "fsetxattr", (__SCMP_NR_BASE + 226) },
+	{ "fstat", (__SCMP_NR_BASE + 108) },
+	{ "fstat64", (__SCMP_NR_BASE + 215) },
+	{ "fstatat64", (__SCMP_NR_BASE + 293) },
+	{ "fstatfs", (__SCMP_NR_BASE + 100) },
+	{ "fstatfs64", (__SCMP_NR_BASE + 256) },
+	{ "fsync", (__SCMP_NR_BASE + 118) },
+	{ "ftime", (__SCMP_NR_BASE + 35) },
+	{ "ftruncate", (__SCMP_NR_BASE + 93) },
+	{ "ftruncate64", (__SCMP_NR_BASE + 212) },
+	{ "futex", (__SCMP_NR_BASE + 238) },
+	{ "futimesat", (__SCMP_NR_BASE + 292) },
+	{ "get_kernel_syms", (__SCMP_NR_BASE + 130) },
+	{ "get_mempolicy", (__SCMP_NR_BASE + 269) },
+	{ "get_robust_list", (__SCMP_NR_BASE + 310) },
 	{ "get_thread_area", __PNR_get_thread_area },
-	{ "getcpu", (__NR_SYSCALL_BASE + 312) },
-	{ "getcwd", (__NR_SYSCALL_BASE + 203) },
-	{ "getdents", (__NR_SYSCALL_BASE + 141) },
-	{ "getdents64", (__NR_SYSCALL_BASE + 219) },
-	{ "getegid", (__NR_SYSCALL_BASE + 50) },
+	{ "getcpu", (__SCMP_NR_BASE + 312) },
+	{ "getcwd", (__SCMP_NR_BASE + 203) },
+	{ "getdents", (__SCMP_NR_BASE + 141) },
+	{ "getdents64", (__SCMP_NR_BASE + 219) },
+	{ "getegid", (__SCMP_NR_BASE + 50) },
 	{ "getegid32", __PNR_getegid32 },
-	{ "geteuid", (__NR_SYSCALL_BASE + 49) },
+	{ "geteuid", (__SCMP_NR_BASE + 49) },
 	{ "geteuid32", __PNR_geteuid32 },
-	{ "getgid", (__NR_SYSCALL_BASE + 47) },
+	{ "getgid", (__SCMP_NR_BASE + 47) },
 	{ "getgid32", __PNR_getgid32 },
-	{ "getgroups", (__NR_SYSCALL_BASE + 80) },
+	{ "getgroups", (__SCMP_NR_BASE + 80) },
 	{ "getgroups32", __PNR_getgroups32 },
-	{ "getitimer", (__NR_SYSCALL_BASE + 105) },
-	{ "getpeername", (__NR_SYSCALL_BASE + 171) },
-	{ "getpgid", (__NR_SYSCALL_BASE + 132) },
-	{ "getpgrp", (__NR_SYSCALL_BASE + 65) },
-	{ "getpid", (__NR_SYSCALL_BASE + 20) },
-	{ "getpmsg", (__NR_SYSCALL_BASE + 208) },
-	{ "getppid", (__NR_SYSCALL_BASE + 64) },
-	{ "getpriority", (__NR_SYSCALL_BASE + 96) },
-	{ "getrandom", (__NR_SYSCALL_BASE + 353) },
-	{ "getresgid", (__NR_SYSCALL_BASE + 191) },
+	{ "getitimer", (__SCMP_NR_BASE + 105) },
+	{ "getpeername", (__SCMP_NR_BASE + 171) },
+	{ "getpgid", (__SCMP_NR_BASE + 132) },
+	{ "getpgrp", (__SCMP_NR_BASE + 65) },
+	{ "getpid", (__SCMP_NR_BASE + 20) },
+	{ "getpmsg", (__SCMP_NR_BASE + 208) },
+	{ "getppid", (__SCMP_NR_BASE + 64) },
+	{ "getpriority", (__SCMP_NR_BASE + 96) },
+	{ "getrandom", (__SCMP_NR_BASE + 353) },
+	{ "getresgid", (__SCMP_NR_BASE + 191) },
 	{ "getresgid32", __PNR_getresgid32 },
-	{ "getresuid", (__NR_SYSCALL_BASE + 186) },
+	{ "getresuid", (__SCMP_NR_BASE + 186) },
 	{ "getresuid32", __PNR_getresuid32 },
-	{ "getrlimit", (__NR_SYSCALL_BASE + 76) },
-	{ "getrusage", (__NR_SYSCALL_BASE + 77) },
-	{ "getsid", (__NR_SYSCALL_BASE + 151) },
-	{ "getsockname", (__NR_SYSCALL_BASE + 172) },
-	{ "getsockopt", (__NR_SYSCALL_BASE + 173) },
-	{ "gettid", (__NR_SYSCALL_BASE + 222) },
-	{ "gettimeofday", (__NR_SYSCALL_BASE + 78) },
-	{ "getuid", (__NR_SYSCALL_BASE + 24) },
+	{ "getrlimit", (__SCMP_NR_BASE + 76) },
+	{ "getrusage", (__SCMP_NR_BASE + 77) },
+	{ "getsid", (__SCMP_NR_BASE + 151) },
+	{ "getsockname", (__SCMP_NR_BASE + 172) },
+	{ "getsockopt", (__SCMP_NR_BASE + 173) },
+	{ "gettid", (__SCMP_NR_BASE + 222) },
+	{ "gettimeofday", (__SCMP_NR_BASE + 78) },
+	{ "getuid", (__SCMP_NR_BASE + 24) },
 	{ "getuid32", __PNR_getuid32 },
-	{ "getxattr", (__NR_SYSCALL_BASE + 227) },
-	{ "gtty", (__NR_SYSCALL_BASE + 32) },
-	{ "idle", (__NR_SYSCALL_BASE + 112) },
-	{ "init_module", (__NR_SYSCALL_BASE + 128) },
-	{ "inotify_add_watch", (__NR_SYSCALL_BASE + 285) },
-	{ "inotify_init", (__NR_SYSCALL_BASE + 284) },
-	{ "inotify_init1", (__NR_SYSCALL_BASE + 329) },
-	{ "inotify_rm_watch", (__NR_SYSCALL_BASE + 286) },
-	{ "io_cancel", (__NR_SYSCALL_BASE + 245) },
-	{ "io_destroy", (__NR_SYSCALL_BASE + 242) },
-	{ "io_getevents", (__NR_SYSCALL_BASE + 243) },
-	{ "io_setup", (__NR_SYSCALL_BASE + 241) },
-	{ "io_submit", (__NR_SYSCALL_BASE + 244) },
-	{ "ioctl", (__NR_SYSCALL_BASE + 54) },
-	{ "ioperm", (__NR_SYSCALL_BASE + 101) },
-	{ "iopl", (__NR_SYSCALL_BASE + 110) },
-	{ "ioprio_get", (__NR_SYSCALL_BASE + 315) },
-	{ "ioprio_set", (__NR_SYSCALL_BASE + 314) },
-	{ "ipc", (__NR_SYSCALL_BASE + 117) },
-	{ "kcmp", (__NR_SYSCALL_BASE + 347)  },
+	{ "getxattr", (__SCMP_NR_BASE + 227) },
+	{ "gtty", (__SCMP_NR_BASE + 32) },
+	{ "idle", (__SCMP_NR_BASE + 112) },
+	{ "init_module", (__SCMP_NR_BASE + 128) },
+	{ "inotify_add_watch", (__SCMP_NR_BASE + 285) },
+	{ "inotify_init", (__SCMP_NR_BASE + 284) },
+	{ "inotify_init1", (__SCMP_NR_BASE + 329) },
+	{ "inotify_rm_watch", (__SCMP_NR_BASE + 286) },
+	{ "io_cancel", (__SCMP_NR_BASE + 245) },
+	{ "io_destroy", (__SCMP_NR_BASE + 242) },
+	{ "io_getevents", (__SCMP_NR_BASE + 243) },
+	{ "io_setup", (__SCMP_NR_BASE + 241) },
+	{ "io_submit", (__SCMP_NR_BASE + 244) },
+	{ "ioctl", (__SCMP_NR_BASE + 54) },
+	{ "ioperm", (__SCMP_NR_BASE + 101) },
+	{ "iopl", (__SCMP_NR_BASE + 110) },
+	{ "ioprio_get", (__SCMP_NR_BASE + 315) },
+	{ "ioprio_set", (__SCMP_NR_BASE + 314) },
+	{ "ipc", (__SCMP_NR_BASE + 117) },
+	{ "kcmp", (__SCMP_NR_BASE + 347)  },
 	{ "kexec_file_load", __PNR_kexec_file_load },
-	{ "kexec_load", (__NR_SYSCALL_BASE + 311) },
-	{ "keyctl", (__NR_SYSCALL_BASE + 282) },
-	{ "kill", (__NR_SYSCALL_BASE + 37) },
-	{ "lchown", (__NR_SYSCALL_BASE + 16) },
+	{ "kexec_load", (__SCMP_NR_BASE + 311) },
+	{ "keyctl", (__SCMP_NR_BASE + 282) },
+	{ "kill", (__SCMP_NR_BASE + 37) },
+	{ "lchown", (__SCMP_NR_BASE + 16) },
 	{ "lchown32", __PNR_lchown32 },
-	{ "lgetxattr", (__NR_SYSCALL_BASE + 228) },
-	{ "link", (__NR_SYSCALL_BASE + 9) },
-	{ "linkat", (__NR_SYSCALL_BASE + 296) },
-	{ "listen", (__NR_SYSCALL_BASE + 174) },
-	{ "listxattr", (__NR_SYSCALL_BASE + 230) },
-	{ "llistxattr", (__NR_SYSCALL_BASE + 231) },
-	{ "lock", (__NR_SYSCALL_BASE + 53) },
-	{ "lookup_dcookie", (__NR_SYSCALL_BASE + 247) },
-	{ "lremovexattr", (__NR_SYSCALL_BASE + 234) },
-	{ "lseek", (__NR_SYSCALL_BASE + 19) },
-	{ "lsetxattr", (__NR_SYSCALL_BASE + 225) },
-	{ "lstat", (__NR_SYSCALL_BASE + 107) },
-	{ "lstat64", (__NR_SYSCALL_BASE + 214) },
-	{ "madvise", (__NR_SYSCALL_BASE + 218) },
-	{ "mbind", (__NR_SYSCALL_BASE + 268) },
-	{ "memfd_create", (__NR_SYSCALL_BASE + 354) },
-	{ "migrate_pages", (__NR_SYSCALL_BASE + 287) },
-	{ "mincore", (__NR_SYSCALL_BASE + 217) },
-	{ "mkdir", (__NR_SYSCALL_BASE + 39) },
-	{ "mkdirat", (__NR_SYSCALL_BASE + 289) },
-	{ "mknod", (__NR_SYSCALL_BASE + 14) },
-	{ "mknodat", (__NR_SYSCALL_BASE + 290) },
-	{ "mlock", (__NR_SYSCALL_BASE + 154) },
-	{ "mlockall", (__NR_SYSCALL_BASE + 156) },
-	{ "mmap", (__NR_SYSCALL_BASE + 90) },
-	{ "mmap2", (__NR_SYSCALL_BASE + 210) },
-	{ "modify_ldt", (__NR_SYSCALL_BASE + 123) },
-	{ "mount", (__NR_SYSCALL_BASE + 21) },
-	{ "move_pages", (__NR_SYSCALL_BASE + 308) },
-	{ "mprotect", (__NR_SYSCALL_BASE + 125) },
-	{ "mpx", (__NR_SYSCALL_BASE + 56) },
-	{ "mq_getsetattr", (__NR_SYSCALL_BASE + 276) },
-	{ "mq_notify", (__NR_SYSCALL_BASE + 275) },
-	{ "mq_open", (__NR_SYSCALL_BASE + 271) },
-	{ "mq_timedreceive", (__NR_SYSCALL_BASE + 274) },
-	{ "mq_timedsend", (__NR_SYSCALL_BASE + 273) },
-	{ "mq_unlink", (__NR_SYSCALL_BASE + 272) },
-	{ "mremap", (__NR_SYSCALL_BASE + 167) },
+	{ "lgetxattr", (__SCMP_NR_BASE + 228) },
+	{ "link", (__SCMP_NR_BASE + 9) },
+	{ "linkat", (__SCMP_NR_BASE + 296) },
+	{ "listen", (__SCMP_NR_BASE + 174) },
+	{ "listxattr", (__SCMP_NR_BASE + 230) },
+	{ "llistxattr", (__SCMP_NR_BASE + 231) },
+	{ "lock", (__SCMP_NR_BASE + 53) },
+	{ "lookup_dcookie", (__SCMP_NR_BASE + 247) },
+	{ "lremovexattr", (__SCMP_NR_BASE + 234) },
+	{ "lseek", (__SCMP_NR_BASE + 19) },
+	{ "lsetxattr", (__SCMP_NR_BASE + 225) },
+	{ "lstat", (__SCMP_NR_BASE + 107) },
+	{ "lstat64", (__SCMP_NR_BASE + 214) },
+	{ "madvise", (__SCMP_NR_BASE + 218) },
+	{ "mbind", (__SCMP_NR_BASE + 268) },
+	{ "membarrier", (__SCMP_NR_BASE + 358) },
+	{ "memfd_create", (__SCMP_NR_BASE + 354) },
+	{ "migrate_pages", (__SCMP_NR_BASE + 287) },
+	{ "mincore", (__SCMP_NR_BASE + 217) },
+	{ "mkdir", (__SCMP_NR_BASE + 39) },
+	{ "mkdirat", (__SCMP_NR_BASE + 289) },
+	{ "mknod", (__SCMP_NR_BASE + 14) },
+	{ "mknodat", (__SCMP_NR_BASE + 290) },
+	{ "mlock", (__SCMP_NR_BASE + 154) },
+	{ "mlock2", (__SCMP_NR_BASE + 359) },
+	{ "mlockall", (__SCMP_NR_BASE + 156) },
+	{ "mmap", (__SCMP_NR_BASE + 90) },
+	{ "mmap2", (__SCMP_NR_BASE + 210) },
+	{ "modify_ldt", (__SCMP_NR_BASE + 123) },
+	{ "mount", (__SCMP_NR_BASE + 21) },
+	{ "move_pages", (__SCMP_NR_BASE + 308) },
+	{ "mprotect", (__SCMP_NR_BASE + 125) },
+	{ "mpx", (__SCMP_NR_BASE + 56) },
+	{ "mq_getsetattr", (__SCMP_NR_BASE + 276) },
+	{ "mq_notify", (__SCMP_NR_BASE + 275) },
+	{ "mq_open", (__SCMP_NR_BASE + 271) },
+	{ "mq_timedreceive", (__SCMP_NR_BASE + 274) },
+	{ "mq_timedsend", (__SCMP_NR_BASE + 273) },
+	{ "mq_unlink", (__SCMP_NR_BASE + 272) },
+	{ "mremap", (__SCMP_NR_BASE + 167) },
 	{ "msgctl", __PNR_msgctl },
 	{ "msgget", __PNR_msgget },
 	{ "msgrcv", __PNR_msgrcv },
 	{ "msgsnd", __PNR_msgsnd },
-	{ "msync", (__NR_SYSCALL_BASE + 144) },
-	{ "munlock", (__NR_SYSCALL_BASE + 155) },
-	{ "munlockall", (__NR_SYSCALL_BASE + 157) },
-	{ "munmap", (__NR_SYSCALL_BASE + 91) },
-	{ "name_to_handle_at", (__NR_SYSCALL_BASE + 339) },
-	{ "nanosleep", (__NR_SYSCALL_BASE + 166) },
+	{ "msync", (__SCMP_NR_BASE + 144) },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", (__SCMP_NR_BASE + 155) },
+	{ "munlockall", (__SCMP_NR_BASE + 157) },
+	{ "munmap", (__SCMP_NR_BASE + 91) },
+	{ "name_to_handle_at", (__SCMP_NR_BASE + 339) },
+	{ "nanosleep", (__SCMP_NR_BASE + 166) },
 	{ "newfstatat", __PNR_newfstatat },
-	{ "nfsservctl", (__NR_SYSCALL_BASE + 189) },
-	{ "nice", (__NR_SYSCALL_BASE + 34) },
+	{ "nfsservctl", (__SCMP_NR_BASE + 189) },
+	{ "nice", (__SCMP_NR_BASE + 34) },
 	{ "oldfstat", __PNR_oldfstat },
 	{ "oldlstat", __PNR_oldlstat },
 	{ "oldolduname", __PNR_oldolduname },
 	{ "oldstat", __PNR_oldstat },
 	{ "olduname", __PNR_olduname },
 	{ "oldwait4", __PNR_oldwait4 },
-	{ "open", (__NR_SYSCALL_BASE + 5) },
-	{ "open_by_handle_at", (__NR_SYSCALL_BASE + 340) },
-	{ "openat", (__NR_SYSCALL_BASE + 288) },
-	{ "pause", (__NR_SYSCALL_BASE + 29) },
+	{ "open", (__SCMP_NR_BASE + 5) },
+	{ "open_by_handle_at", (__SCMP_NR_BASE + 340) },
+	{ "openat", (__SCMP_NR_BASE + 288) },
+	{ "pause", (__SCMP_NR_BASE + 29) },
 	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
 	{ "pciconfig_read", __PNR_pciconfig_read },
 	{ "pciconfig_write", __PNR_pciconfig_write },
-	{ "perf_event_open", (__NR_SYSCALL_BASE + 333) },
-	{ "personality", (__NR_SYSCALL_BASE + 136) },
-	{ "pipe", (__NR_SYSCALL_BASE + 42) },
-	{ "pipe2", (__NR_SYSCALL_BASE + 328) },
-	{ "pivot_root", (__NR_SYSCALL_BASE + 216) },
-	{ "poll", (__NR_SYSCALL_BASE + 188) },
-	{ "ppoll", (__NR_SYSCALL_BASE + 302) },
-	{ "prctl", (__NR_SYSCALL_BASE + 192) },
-	{ "pread64", (__NR_SYSCALL_BASE + 200) },
-	{ "preadv", (__NR_SYSCALL_BASE + 330) },
-	{ "prlimit64", (__NR_SYSCALL_BASE + 338) },
-	{ "process_vm_readv", (__NR_SYSCALL_BASE + 345) },
-	{ "process_vm_writev", (__NR_SYSCALL_BASE + 346) },
-	{ "prof", (__NR_SYSCALL_BASE + 44) },
-	{ "profil", (__NR_SYSCALL_BASE + 98) },
-	{ "pselect6", (__NR_SYSCALL_BASE + 301) },
-	{ "ptrace", (__NR_SYSCALL_BASE + 26) },
-	{ "putpmsg", (__NR_SYSCALL_BASE + 209) },
-	{ "pwrite64", (__NR_SYSCALL_BASE + 201) },
-	{ "pwritev", (__NR_SYSCALL_BASE + 331) },
-	{ "query_module", (__NR_SYSCALL_BASE + 187) },
-	{ "quotactl", (__NR_SYSCALL_BASE + 131) },
-	{ "read", (__NR_SYSCALL_BASE + 3) },
-	{ "readahead", (__NR_SYSCALL_BASE + 223) },
-	{ "readdir", (__NR_SYSCALL_BASE + 89) },
-	{ "readlink", (__NR_SYSCALL_BASE + 85) },
-	{ "readlinkat", (__NR_SYSCALL_BASE + 298) },
-	{ "readv", (__NR_SYSCALL_BASE + 145) },
-	{ "reboot", (__NR_SYSCALL_BASE + 88) },
-	{ "recv", (__NR_SYSCALL_BASE + 175) },
-	{ "recvfrom", (__NR_SYSCALL_BASE + 176) },
-	{ "recvmmsg", (__NR_SYSCALL_BASE + 335) },
-	{ "recvmsg", (__NR_SYSCALL_BASE + 177) },
-	{ "remap_file_pages", (__NR_SYSCALL_BASE + 251) },
-	{ "removexattr", (__NR_SYSCALL_BASE + 233) },
-	{ "rename", (__NR_SYSCALL_BASE + 38) },
-	{ "renameat", (__NR_SYSCALL_BASE + 295) },
-	{ "renameat2", (__NR_SYSCALL_BASE + 351) },
-	{ "request_key", (__NR_SYSCALL_BASE + 281) },
-	{ "restart_syscall", (__NR_SYSCALL_BASE + 253) },
-	{ "rmdir", (__NR_SYSCALL_BASE + 40) },
-	{ "rt_sigaction", (__NR_SYSCALL_BASE + 194) },
-	{ "rt_sigpending", (__NR_SYSCALL_BASE + 196) },
-	{ "rt_sigprocmask", (__NR_SYSCALL_BASE + 195) },
-	{ "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 198) },
-	{ "rt_sigreturn", (__NR_SYSCALL_BASE + 193) },
-	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 199) },
-	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 197) },
-	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 332) },
-	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 163) },
-	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 164) },
-	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 240) },
-	{ "sched_getattr", (__NR_SYSCALL_BASE + 350) },
-	{ "sched_getparam", (__NR_SYSCALL_BASE + 159) },
-	{ "sched_getscheduler", (__NR_SYSCALL_BASE + 161) },
-	{ "sched_rr_get_interval", (__NR_SYSCALL_BASE + 165) },
-	{ "sched_setaffinity", (__NR_SYSCALL_BASE + 239) },
-	{ "sched_setattr", (__NR_SYSCALL_BASE + 349) },
-	{ "sched_setparam", (__NR_SYSCALL_BASE + 158) },
-	{ "sched_setscheduler", (__NR_SYSCALL_BASE + 160) },
-	{ "sched_yield", (__NR_SYSCALL_BASE + 162) },
-	{ "seccomp", (__NR_SYSCALL_BASE + 352) },
+	{ "perf_event_open", (__SCMP_NR_BASE + 333) },
+	{ "personality", (__SCMP_NR_BASE + 136) },
+	{ "pipe", (__SCMP_NR_BASE + 42) },
+	{ "pipe2", (__SCMP_NR_BASE + 328) },
+	{ "pivot_root", (__SCMP_NR_BASE + 216) },
+	{ "poll", (__SCMP_NR_BASE + 188) },
+	{ "ppoll", (__SCMP_NR_BASE + 302) },
+	{ "prctl", (__SCMP_NR_BASE + 192) },
+	{ "pread64", (__SCMP_NR_BASE + 200) },
+	{ "preadv", (__SCMP_NR_BASE + 330) },
+	{ "prlimit64", (__SCMP_NR_BASE + 338) },
+	{ "process_vm_readv", (__SCMP_NR_BASE + 345) },
+	{ "process_vm_writev", (__SCMP_NR_BASE + 346) },
+	{ "prof", (__SCMP_NR_BASE + 44) },
+	{ "profil", (__SCMP_NR_BASE + 98) },
+	{ "pselect6", (__SCMP_NR_BASE + 301) },
+	{ "ptrace", (__SCMP_NR_BASE + 26) },
+	{ "putpmsg", (__SCMP_NR_BASE + 209) },
+	{ "pwrite64", (__SCMP_NR_BASE + 201) },
+	{ "pwritev", (__SCMP_NR_BASE + 331) },
+	{ "query_module", (__SCMP_NR_BASE + 187) },
+	{ "quotactl", (__SCMP_NR_BASE + 131) },
+	{ "read", (__SCMP_NR_BASE + 3) },
+	{ "readahead", (__SCMP_NR_BASE + 223) },
+	{ "readdir", (__SCMP_NR_BASE + 89) },
+	{ "readlink", (__SCMP_NR_BASE + 85) },
+	{ "readlinkat", (__SCMP_NR_BASE + 298) },
+	{ "readv", (__SCMP_NR_BASE + 145) },
+	{ "reboot", (__SCMP_NR_BASE + 88) },
+	{ "recv", (__SCMP_NR_BASE + 175) },
+	{ "recvfrom", (__SCMP_NR_BASE + 176) },
+	{ "recvmmsg", (__SCMP_NR_BASE + 335) },
+	{ "recvmsg", (__SCMP_NR_BASE + 177) },
+	{ "remap_file_pages", (__SCMP_NR_BASE + 251) },
+	{ "removexattr", (__SCMP_NR_BASE + 233) },
+	{ "rename", (__SCMP_NR_BASE + 38) },
+	{ "renameat", (__SCMP_NR_BASE + 295) },
+	{ "renameat2", (__SCMP_NR_BASE + 351) },
+	{ "request_key", (__SCMP_NR_BASE + 281) },
+	{ "restart_syscall", (__SCMP_NR_BASE + 253) },
+	{ "rmdir", (__SCMP_NR_BASE + 40) },
+	{ "rt_sigaction", (__SCMP_NR_BASE + 194) },
+	{ "rt_sigpending", (__SCMP_NR_BASE + 196) },
+	{ "rt_sigprocmask", (__SCMP_NR_BASE + 195) },
+	{ "rt_sigqueueinfo", (__SCMP_NR_BASE + 198) },
+	{ "rt_sigreturn", (__SCMP_NR_BASE + 193) },
+	{ "rt_sigsuspend", (__SCMP_NR_BASE + 199) },
+	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 197) },
+	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 332) },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "sched_get_priority_max", (__SCMP_NR_BASE + 163) },
+	{ "sched_get_priority_min", (__SCMP_NR_BASE + 164) },
+	{ "sched_getaffinity", (__SCMP_NR_BASE + 240) },
+	{ "sched_getattr", (__SCMP_NR_BASE + 350) },
+	{ "sched_getparam", (__SCMP_NR_BASE + 159) },
+	{ "sched_getscheduler", (__SCMP_NR_BASE + 161) },
+	{ "sched_rr_get_interval", (__SCMP_NR_BASE + 165) },
+	{ "sched_setaffinity", (__SCMP_NR_BASE + 239) },
+	{ "sched_setattr", (__SCMP_NR_BASE + 349) },
+	{ "sched_setparam", (__SCMP_NR_BASE + 158) },
+	{ "sched_setscheduler", (__SCMP_NR_BASE + 160) },
+	{ "sched_yield", (__SCMP_NR_BASE + 162) },
+	{ "seccomp", (__SCMP_NR_BASE + 352) },
 	{ "security", __PNR_security },
 	{ "select", __PNR_select },
 	{ "semctl", __PNR_semctl },
 	{ "semget", __PNR_semget },
 	{ "semop", __PNR_semop },
 	{ "semtimedop", __PNR_semtimedop },
-	{ "send", (__NR_SYSCALL_BASE + 178) },
-	{ "sendfile", (__NR_SYSCALL_BASE + 207) },
-	{ "sendfile64", (__NR_SYSCALL_BASE + 237) },
-	{ "sendmmsg", (__NR_SYSCALL_BASE + 343) },
-	{ "sendmsg", (__NR_SYSCALL_BASE + 179) },
-	{ "sendto", (__NR_SYSCALL_BASE + 180) },
-	{ "set_mempolicy", (__NR_SYSCALL_BASE + 270) },
-	{ "set_robust_list", (__NR_SYSCALL_BASE + 309) },
-	{ "set_thread_area", (__NR_SYSCALL_BASE + 283) },
-	{ "set_tid_address", (__NR_SYSCALL_BASE + 252) },
+	{ "send", (__SCMP_NR_BASE + 178) },
+	{ "sendfile", (__SCMP_NR_BASE + 207) },
+	{ "sendfile64", (__SCMP_NR_BASE + 237) },
+	{ "sendmmsg", (__SCMP_NR_BASE + 343) },
+	{ "sendmsg", (__SCMP_NR_BASE + 179) },
+	{ "sendto", (__SCMP_NR_BASE + 180) },
+	{ "set_mempolicy", (__SCMP_NR_BASE + 270) },
+	{ "set_robust_list", (__SCMP_NR_BASE + 309) },
+	{ "set_thread_area", (__SCMP_NR_BASE + 283) },
+	{ "set_tid_address", (__SCMP_NR_BASE + 252) },
 	{ "set_tls", __PNR_set_tls },
-	{ "setdomainname", (__NR_SYSCALL_BASE + 121) },
-	{ "setfsgid", (__NR_SYSCALL_BASE + 139) },
+	{ "setdomainname", (__SCMP_NR_BASE + 121) },
+	{ "setfsgid", (__SCMP_NR_BASE + 139) },
 	{ "setfsgid32", __PNR_setfsgid32 },
-	{ "setfsuid", (__NR_SYSCALL_BASE + 138) },
+	{ "setfsuid", (__SCMP_NR_BASE + 138) },
 	{ "setfsuid32", __PNR_setfsuid32 },
-	{ "setgid", (__NR_SYSCALL_BASE + 46) },
+	{ "setgid", (__SCMP_NR_BASE + 46) },
 	{ "setgid32", __PNR_setgid32 },
-	{ "setgroups", (__NR_SYSCALL_BASE + 81) },
+	{ "setgroups", (__SCMP_NR_BASE + 81) },
 	{ "setgroups32", __PNR_setgroups32 },
-	{ "sethostname", (__NR_SYSCALL_BASE + 74) },
-	{ "setitimer", (__NR_SYSCALL_BASE + 104) },
-	{ "setns", (__NR_SYSCALL_BASE + 344) },
-	{ "setpgid", (__NR_SYSCALL_BASE + 57) },
-	{ "setpriority", (__NR_SYSCALL_BASE + 97) },
-	{ "setregid", (__NR_SYSCALL_BASE + 71) },
+	{ "sethostname", (__SCMP_NR_BASE + 74) },
+	{ "setitimer", (__SCMP_NR_BASE + 104) },
+	{ "setns", (__SCMP_NR_BASE + 344) },
+	{ "setpgid", (__SCMP_NR_BASE + 57) },
+	{ "setpriority", (__SCMP_NR_BASE + 97) },
+	{ "setregid", (__SCMP_NR_BASE + 71) },
 	{ "setregid32", __PNR_setregid32 },
-	{ "setresgid", (__NR_SYSCALL_BASE + 190) },
+	{ "setresgid", (__SCMP_NR_BASE + 190) },
 	{ "setresgid32", __PNR_setresgid32 },
-	{ "setresuid", (__NR_SYSCALL_BASE + 185) },
+	{ "setresuid", (__SCMP_NR_BASE + 185) },
 	{ "setresuid32", __PNR_setresuid32 },
-	{ "setreuid", (__NR_SYSCALL_BASE + 70) },
+	{ "setreuid", (__SCMP_NR_BASE + 70) },
 	{ "setreuid32", __PNR_setreuid32 },
-	{ "setrlimit", (__NR_SYSCALL_BASE + 75) },
-	{ "setsid", (__NR_SYSCALL_BASE + 66) },
-	{ "setsockopt", (__NR_SYSCALL_BASE + 181) },
-	{ "settimeofday", (__NR_SYSCALL_BASE + 79) },
-	{ "setuid", (__NR_SYSCALL_BASE + 23) },
+	{ "setrlimit", (__SCMP_NR_BASE + 75) },
+	{ "setsid", (__SCMP_NR_BASE + 66) },
+	{ "setsockopt", (__SCMP_NR_BASE + 181) },
+	{ "settimeofday", (__SCMP_NR_BASE + 79) },
+	{ "setuid", (__SCMP_NR_BASE + 23) },
 	{ "setuid32", __PNR_setuid32 },
-	{ "setxattr", (__NR_SYSCALL_BASE + 224) },
-	{ "sgetmask", (__NR_SYSCALL_BASE + 68) },
+	{ "setxattr", (__SCMP_NR_BASE + 224) },
+	{ "sgetmask", (__SCMP_NR_BASE + 68) },
 	{ "shmat", __PNR_shmat },
 	{ "shmctl", __PNR_shmctl },
 	{ "shmdt", __PNR_shmdt },
 	{ "shmget", __PNR_shmget },
-	{ "shutdown", (__NR_SYSCALL_BASE + 182) },
-	{ "sigaction", (__NR_SYSCALL_BASE + 67) },
-	{ "sigaltstack", (__NR_SYSCALL_BASE + 206) },
-	{ "signal", (__NR_SYSCALL_BASE + 48) },
-	{ "signalfd", (__NR_SYSCALL_BASE + 317) },
-	{ "signalfd4", (__NR_SYSCALL_BASE + 324) },
-	{ "sigpending", (__NR_SYSCALL_BASE + 73) },
-	{ "sigprocmask", (__NR_SYSCALL_BASE + 126) },
-	{ "sigreturn", (__NR_SYSCALL_BASE + 119) },
-	{ "sigsuspend", (__NR_SYSCALL_BASE + 72) },
-	{ "socket", (__NR_SYSCALL_BASE + 183) },
-	{ "socketcall", (__NR_SYSCALL_BASE + 102) },
-	{ "socketpair", (__NR_SYSCALL_BASE + 184) },
-	{ "splice", (__NR_SYSCALL_BASE + 304) },
-	{ "ssetmask", (__NR_SYSCALL_BASE + 69) },
-	{ "stat", (__NR_SYSCALL_BASE + 106) },
-	{ "stat64", (__NR_SYSCALL_BASE + 213) },
-	{ "statfs", (__NR_SYSCALL_BASE + 99) },
-	{ "statfs64", (__NR_SYSCALL_BASE + 255) },
-	{ "stime", (__NR_SYSCALL_BASE + 25) },
-	{ "stty", (__NR_SYSCALL_BASE + 31) },
-	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
-	{ "swapon", (__NR_SYSCALL_BASE + 87) },
-	{ "symlink", (__NR_SYSCALL_BASE + 83) },
-	{ "symlinkat", (__NR_SYSCALL_BASE + 297) },
-	{ "sync", (__NR_SYSCALL_BASE + 36) },
-	{ "sync_file_range", (__NR_SYSCALL_BASE + 305) },
+	{ "shutdown", (__SCMP_NR_BASE + 182) },
+	{ "sigaction", (__SCMP_NR_BASE + 67) },
+	{ "sigaltstack", (__SCMP_NR_BASE + 206) },
+	{ "signal", (__SCMP_NR_BASE + 48) },
+	{ "signalfd", (__SCMP_NR_BASE + 317) },
+	{ "signalfd4", (__SCMP_NR_BASE + 324) },
+	{ "sigpending", (__SCMP_NR_BASE + 73) },
+	{ "sigprocmask", (__SCMP_NR_BASE + 126) },
+	{ "sigreturn", (__SCMP_NR_BASE + 119) },
+	{ "sigsuspend", (__SCMP_NR_BASE + 72) },
+	{ "socket", (__SCMP_NR_BASE + 183) },
+	{ "socketcall", (__SCMP_NR_BASE + 102) },
+	{ "socketpair", (__SCMP_NR_BASE + 184) },
+	{ "splice", (__SCMP_NR_BASE + 304) },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
+	{ "ssetmask", (__SCMP_NR_BASE + 69) },
+	{ "stat", (__SCMP_NR_BASE + 106) },
+	{ "stat64", (__SCMP_NR_BASE + 213) },
+	{ "statfs", (__SCMP_NR_BASE + 99) },
+	{ "statfs64", (__SCMP_NR_BASE + 255) },
+	{ "stime", (__SCMP_NR_BASE + 25) },
+	{ "stty", (__SCMP_NR_BASE + 31) },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", (__SCMP_NR_BASE + 115) },
+	{ "swapon", (__SCMP_NR_BASE + 87) },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", (__SCMP_NR_BASE + 83) },
+	{ "symlinkat", (__SCMP_NR_BASE + 297) },
+	{ "sync", (__SCMP_NR_BASE + 36) },
+	{ "sync_file_range", (__SCMP_NR_BASE + 305) },
 	{ "sync_file_range2", __PNR_sync_file_range2 },
-	{ "syncfs", (__NR_SYSCALL_BASE + 342) },
-	{ "syscall", (__NR_SYSCALL_BASE + 0) },
-	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
-	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
-	{ "syslog", (__NR_SYSCALL_BASE + 103) },
-	{ "sysmips", (__NR_SYSCALL_BASE + 149) },
-	{ "tee", (__NR_SYSCALL_BASE + 306) },
-	{ "tgkill", (__NR_SYSCALL_BASE + 266) },
-	{ "time", (__NR_SYSCALL_BASE + 13) },
-	{ "timer_create", (__NR_SYSCALL_BASE + 257) },
-	{ "timer_delete", (__NR_SYSCALL_BASE + 261) },
-	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
-	{ "timer_gettime", (__NR_SYSCALL_BASE + 259) },
-	{ "timer_settime", (__NR_SYSCALL_BASE + 258) },
-	{ "timerfd", (__NR_SYSCALL_BASE + 318) },
-	{ "timerfd_create", (__NR_SYSCALL_BASE + 321) },
-	{ "timerfd_gettime", (__NR_SYSCALL_BASE + 322) },
-	{ "timerfd_settime", (__NR_SYSCALL_BASE + 323) },
-	{ "times", (__NR_SYSCALL_BASE + 43) },
-	{ "tkill", (__NR_SYSCALL_BASE + 236) },
-	{ "truncate", (__NR_SYSCALL_BASE + 92) },
-	{ "truncate64", (__NR_SYSCALL_BASE + 211) },
+	{ "syncfs", (__SCMP_NR_BASE + 342) },
+	{ "syscall", (__SCMP_NR_BASE + 0) },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", (__SCMP_NR_BASE + 135) },
+	{ "sysinfo", (__SCMP_NR_BASE + 116) },
+	{ "syslog", (__SCMP_NR_BASE + 103) },
+	{ "sysmips", (__SCMP_NR_BASE + 149) },
+	{ "tee", (__SCMP_NR_BASE + 306) },
+	{ "tgkill", (__SCMP_NR_BASE + 266) },
+	{ "time", (__SCMP_NR_BASE + 13) },
+	{ "timer_create", (__SCMP_NR_BASE + 257) },
+	{ "timer_delete", (__SCMP_NR_BASE + 261) },
+	{ "timer_getoverrun", (__SCMP_NR_BASE + 260) },
+	{ "timer_gettime", (__SCMP_NR_BASE + 259) },
+	{ "timer_settime", (__SCMP_NR_BASE + 258) },
+	{ "timerfd", (__SCMP_NR_BASE + 318) },
+	{ "timerfd_create", (__SCMP_NR_BASE + 321) },
+	{ "timerfd_gettime", (__SCMP_NR_BASE + 322) },
+	{ "timerfd_settime", (__SCMP_NR_BASE + 323) },
+	{ "times", (__SCMP_NR_BASE + 43) },
+	{ "tkill", (__SCMP_NR_BASE + 236) },
+	{ "truncate", (__SCMP_NR_BASE + 92) },
+	{ "truncate64", (__SCMP_NR_BASE + 211) },
 	{ "tuxcall", __PNR_tuxcall },
 	{ "ugetrlimit", __PNR_ugetrlimit },
-	{ "ulimit", (__NR_SYSCALL_BASE + 58) },
-	{ "umask", (__NR_SYSCALL_BASE + 60) },
-	{ "umount", (__NR_SYSCALL_BASE + 22) },
-	{ "umount2", (__NR_SYSCALL_BASE + 52) },
-	{ "uname", (__NR_SYSCALL_BASE + 122) },
-	{ "unlink", (__NR_SYSCALL_BASE + 10) },
-	{ "unlinkat", (__NR_SYSCALL_BASE + 294) },
-	{ "unshare", (__NR_SYSCALL_BASE + 303) },
-	{ "uselib", (__NR_SYSCALL_BASE + 86) },
+	{ "ulimit", (__SCMP_NR_BASE + 58) },
+	{ "umask", (__SCMP_NR_BASE + 60) },
+	{ "umount", (__SCMP_NR_BASE + 22) },
+	{ "umount2", (__SCMP_NR_BASE + 52) },
+	{ "uname", (__SCMP_NR_BASE + 122) },
+	{ "unlink", (__SCMP_NR_BASE + 10) },
+	{ "unlinkat", (__SCMP_NR_BASE + 294) },
+	{ "unshare", (__SCMP_NR_BASE + 303) },
+	{ "uselib", (__SCMP_NR_BASE + 86) },
+	{ "userfaultfd",  (__SCMP_NR_BASE + 357) },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
-	{ "ustat", (__NR_SYSCALL_BASE + 62) },
-	{ "utime", (__NR_SYSCALL_BASE + 30) },
-	{ "utimensat", (__NR_SYSCALL_BASE + 316) },
-	{ "utimes", (__NR_SYSCALL_BASE + 267) },
+	{ "ustat", (__SCMP_NR_BASE + 62) },
+	{ "utime", (__SCMP_NR_BASE + 30) },
+	{ "utimensat", (__SCMP_NR_BASE + 316) },
+	{ "utimes", (__SCMP_NR_BASE + 267) },
 	{ "vfork", __PNR_vfork },
-	{ "vhangup", (__NR_SYSCALL_BASE + 111) },
-	{ "vm86", (__NR_SYSCALL_BASE + 113) },
+	{ "vhangup", (__SCMP_NR_BASE + 111) },
+	{ "vm86", (__SCMP_NR_BASE + 113) },
 	{ "vm86old", __PNR_vm86old },
-	{ "vmsplice", (__NR_SYSCALL_BASE + 307) },
-	{ "vserver", (__NR_SYSCALL_BASE + 277) },
-	{ "wait4", (__NR_SYSCALL_BASE + 114) },
-	{ "waitid", (__NR_SYSCALL_BASE + 278) },
-	{ "waitpid", (__NR_SYSCALL_BASE + 7) },
-	{ "write", (__NR_SYSCALL_BASE +  4) },
-	{ "writev", (__NR_SYSCALL_BASE + 146) },
+	{ "vmsplice", (__SCMP_NR_BASE + 307) },
+	{ "vserver", (__SCMP_NR_BASE + 277) },
+	{ "wait4", (__SCMP_NR_BASE + 114) },
+	{ "waitid", (__SCMP_NR_BASE + 278) },
+	{ "waitpid", (__SCMP_NR_BASE + 7) },
+	{ "write", (__SCMP_NR_BASE +  4) },
+	{ "writev", (__SCMP_NR_BASE + 146) },
 	{ NULL, __NR_SCMP_ERROR },
 };
 
diff -Nru libseccomp-2.2.3/src/arch-ppc64.c libseccomp-2.3.1/src/arch-ppc64.c
--- libseccomp-2.2.3/src/arch-ppc64.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-ppc64.c	2016-02-11 18:32:37.540670578 +0000
@@ -0,0 +1,48 @@
+/**
+ * Enhanced Seccomp PPC64 Specific Code
+ *
+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-ppc64.h"
+
+const struct arch_def arch_def_ppc64 = {
+	.token = SCMP_ARCH_PPC64,
+	.token_bpf = AUDIT_ARCH_PPC64,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = ppc64_syscall_resolve_name,
+	.syscall_resolve_num = ppc64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
+};
+
+const struct arch_def arch_def_ppc64le = {
+	.token = SCMP_ARCH_PPC64LE,
+	.token_bpf = AUDIT_ARCH_PPC64LE,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = ppc64_syscall_resolve_name,
+	.syscall_resolve_num = ppc64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
+};
diff -Nru libseccomp-2.2.3/src/arch-ppc64.h libseccomp-2.3.1/src/arch-ppc64.h
--- libseccomp-2.2.3/src/arch-ppc64.h	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-ppc64.h	2016-02-11 18:32:39.776670411 +0000
@@ -0,0 +1,39 @@
+/**
+ * Enhanced Seccomp PPC64 Specific Code
+ *
+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_PPC64_H
+#define _ARCH_PPC64_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+extern const struct arch_def arch_def_ppc64;
+extern const struct arch_def arch_def_ppc64le;
+
+int ppc64_syscall_resolve_name(const char *name);
+const char *ppc64_syscall_resolve_num(int num);
+
+const char *ppc64_syscall_iterate_name(unsigned int spot);
+
+#endif
diff -Nru libseccomp-2.2.3/src/arch-ppc64-syscalls.c libseccomp-2.3.1/src/arch-ppc64-syscalls.c
--- libseccomp-2.2.3/src/arch-ppc64-syscalls.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-ppc64-syscalls.c	2016-02-19 16:07:13.721883376 +0000
@@ -0,0 +1,516 @@
+/**
+ * Enhanced Seccomp PPC64 Specific Code
+ *
+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-ppc64.h"
+
+/* NOTE: based on Linux 4.5-rc4 */
+const struct arch_syscall_def ppc64_syscall_table[] = { \
+	{ "_llseek", 140 },
+	{ "_newselect", 142 },
+	{ "_sysctl", 149 },
+	{ "accept", 330 },
+	{ "accept4", 344 },
+	{ "access", 33 },
+	{ "acct", 51 },
+	{ "add_key", 269 },
+	{ "adjtimex", 124 },
+	{ "afs_syscall", 137 },
+	{ "alarm", 27 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", 134 },
+	{ "bind", 327 },
+	{ "bpf", 361 },
+	{ "break", 17 },
+	{ "breakpoint", __PNR_breakpoint },
+	{ "brk", 45 },
+	{ "cachectl", __PNR_cachectl },
+	{ "cacheflush", __PNR_cacheflush },
+	{ "capget", 183 },
+	{ "capset", 184 },
+	{ "chdir", 12 },
+	{ "chmod", 15 },
+	{ "chown", 181 },
+	{ "chown32", __PNR_chown32 },
+	{ "chroot", 61 },
+	{ "clock_adjtime", 347 },
+	{ "clock_getres", 247 },
+	{ "clock_gettime", 246 },
+	{ "clock_nanosleep", 248 },
+	{ "clock_settime", 245 },
+	{ "clone", 120 },
+	{ "close", 6 },
+	{ "connect", 328 },
+	{ "copy_file_range", 379 },
+	{ "creat", 8 },
+	{ "create_module", 127 },
+	{ "delete_module", 129 },
+	{ "dup", 41 },
+	{ "dup2", 63 },
+	{ "dup3", 316 },
+	{ "epoll_create", 236 },
+	{ "epoll_create1", 315 },
+	{ "epoll_ctl", 237 },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", 303 },
+	{ "epoll_wait", 238 },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", 307 },
+	{ "eventfd2", 314 },
+	{ "execve", 11 },
+	{ "execveat", 362 },
+	{ "exit", 1 },
+	{ "exit_group", 234 },
+	{ "faccessat", 298 },
+	{ "fadvise64", 233 },
+	{ "fadvise64_64", __PNR_fadvise64_64 },
+	{ "fallocate", 309 },
+	{ "fanotify_init", 323 },
+	{ "fanotify_mark", 324 },
+	{ "fchdir", 133 },
+	{ "fchmod", 94 },
+	{ "fchmodat", 297 },
+	{ "fchown", 95 },
+	{ "fchown32", __PNR_fchown32 },
+	{ "fchownat", 289 },
+	{ "fcntl", 55 },
+	{ "fcntl64", __PNR_fcntl64 },
+	{ "fdatasync", 148 },
+	{ "fgetxattr", 214 },
+	{ "finit_module", 353 },
+	{ "flistxattr", 217 },
+	{ "flock", 143 },
+	{ "fork", 2 },
+	{ "fremovexattr", 220 },
+	{ "fsetxattr", 211 },
+	{ "fstat", 108 },
+	{ "fstat64", __PNR_fstat64 },
+	{ "fstatat64", __PNR_fstatat64 },
+	{ "fstatfs", 100 },
+	{ "fstatfs64", 253 },
+	{ "fsync", 118 },
+	{ "ftime", 35 },
+	{ "ftruncate", 93 },
+	{ "ftruncate64", __PNR_ftruncate64 },
+	{ "futex", 221 },
+	{ "futimesat", 290 },
+	{ "get_kernel_syms", 130 },
+	{ "get_mempolicy", 260 },
+	{ "get_robust_list", 299 },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "getcpu", 302 },
+	{ "getcwd", 182 },
+	{ "getdents", 141 },
+	{ "getdents64", 202 },
+	{ "getegid", 50 },
+	{ "getegid32", __PNR_getegid32 },
+	{ "geteuid", 49 },
+	{ "geteuid32", __PNR_geteuid32 },
+	{ "getgid", 47 },
+	{ "getgid32", __PNR_getgid32 },
+	{ "getgroups", 80 },
+	{ "getgroups32", __PNR_getgroups32 },
+	{ "getitimer", 105 },
+	{ "getpeername", 332 },
+	{ "getpgid", 132 },
+	{ "getpgrp", 65 },
+	{ "getpid", 20 },
+	{ "getpmsg", 187 },
+	{ "getppid", 64 },
+	{ "getpriority", 96 },
+	{ "getrandom", 359 },
+	{ "getresgid", 170 },
+	{ "getresgid32", __PNR_getresgid32 },
+	{ "getresuid", 165 },
+	{ "getresuid32", __PNR_getresuid32 },
+	{ "getrlimit", 76 },
+	{ "getrusage", 77 },
+	{ "getsid", 147 },
+	{ "getsockname", 331 },
+	{ "getsockopt", 340 },
+	{ "gettid", 207 },
+	{ "gettimeofday", 78 },
+	{ "getuid", 24 },
+	{ "getuid32", __PNR_getuid32 },
+	{ "getxattr", 212 },
+	{ "gtty", 32 },
+	{ "idle", 112 },
+	{ "init_module", 128 },
+	{ "inotify_add_watch", 276 },
+	{ "inotify_init", 275 },
+	{ "inotify_init1", 318 },
+	{ "inotify_rm_watch", 277 },
+	{ "io_cancel", 231 },
+	{ "io_destroy", 228 },
+	{ "io_getevents", 229 },
+	{ "io_setup", 227 },
+	{ "io_submit", 230 },
+	{ "ioctl", 54 },
+	{ "ioperm", 101 },
+	{ "iopl", 110 },
+	{ "ioprio_get", 274 },
+	{ "ioprio_set", 273 },
+	{ "ipc", 117 },
+	{ "kcmp", 354 },
+	{ "kexec_file_load", __PNR_kexec_file_load },
+	{ "kexec_load", 268 },
+	{ "keyctl", 271 },
+	{ "kill", 37 },
+	{ "lchown", 16 },
+	{ "lchown32", __PNR_lchown32 },
+	{ "lgetxattr", 213 },
+	{ "link", 9 },
+	{ "linkat", 294 },
+	{ "listen", 329 },
+	{ "listxattr", 215 },
+	{ "llistxattr", 216 },
+	{ "lock", 53 },
+	{ "lookup_dcookie", 235 },
+	{ "lremovexattr", 219 },
+	{ "lseek", 19 },
+	{ "lsetxattr", 210 },
+	{ "lstat", 107 },
+	{ "lstat64", __PNR_lstat64 },
+	{ "madvise", 205 },
+	{ "mbind", 259 },
+	{ "membarrier", 365 },
+	{ "memfd_create", 360 },
+	{ "migrate_pages", 258 },
+	{ "mincore", 206 },
+	{ "mkdir", 39 },
+	{ "mkdirat", 287 },
+	{ "mknod", 14 },
+	{ "mknodat", 288 },
+	{ "mlock", 150 },
+	{ "mlock2", 378 },
+	{ "mlockall", 152 },
+	{ "mmap", 90 },
+	{ "mmap2", __PNR_mmap2 },
+	{ "modify_ldt", 123 },
+	{ "mount", 21 },
+	{ "move_pages", 301 },
+	{ "mprotect", 125 },
+	{ "mpx", 56 },
+	{ "mq_getsetattr", 267 },
+	{ "mq_notify", 266 },
+	{ "mq_open", 262 },
+	{ "mq_timedreceive", 265 },
+	{ "mq_timedsend", 264 },
+	{ "mq_unlink", 263 },
+	{ "mremap", 163 },
+	{ "msgctl", __PNR_msgctl },
+	{ "msgget", __PNR_msgget },
+	{ "msgrcv", __PNR_msgrcv },
+	{ "msgsnd", __PNR_msgsnd },
+	{ "msync", 144 },
+	{ "multiplexer", 201 },
+	{ "munlock", 151 },
+	{ "munlockall", 153 },
+	{ "munmap", 91 },
+	{ "name_to_handle_at", 345 },
+	{ "nanosleep", 162 },
+	{ "newfstatat", 291 },
+	{ "nfsservctl", 168 },
+	{ "nice", 34 },
+	{ "oldfstat", 28 },
+	{ "oldlstat", 84 },
+	{ "oldolduname", 59 },
+	{ "oldstat", 18 },
+	{ "olduname", 109 },
+	{ "oldwait4", __PNR_oldwait4 },
+	{ "open", 5 },
+	{ "open_by_handle_at", 346 },
+	{ "openat", 286 },
+	{ "pause", 29 },
+	{ "pciconfig_iobase", 200 },
+	{ "pciconfig_read", 198 },
+	{ "pciconfig_write", 199 },
+	{ "perf_event_open", 319 },
+	{ "personality", 136 },
+	{ "pipe", 42 },
+	{ "pipe2", 317 },
+	{ "pivot_root", 203 },
+	{ "poll", 167 },
+	{ "ppoll", 281 },
+	{ "prctl", 171 },
+	{ "pread64", 179 },
+	{ "preadv", 320 },
+	{ "prlimit64", 325 },
+	{ "process_vm_readv", 351 },
+	{ "process_vm_writev", 352 },
+	{ "prof", 44 },
+	{ "profil", 98 },
+	{ "pselect6", 280 },
+	{ "ptrace", 26 },
+	{ "putpmsg", 188 },
+	{ "pwrite64", 180 },
+	{ "pwritev", 321 },
+	{ "query_module", 166 },
+	{ "quotactl", 131 },
+	{ "read", 3 },
+	{ "readahead", 191 },
+	{ "readdir", 89 },
+	{ "readlink", 85 },
+	{ "readlinkat", 296 },
+	{ "readv", 145 },
+	{ "reboot", 88 },
+	{ "recv", 336 },
+	{ "recvfrom", 337 },
+	{ "recvmmsg", 343 },
+	{ "recvmsg", 342 },
+	{ "remap_file_pages", 239 },
+	{ "removexattr", 218 },
+	{ "rename", 38 },
+	{ "renameat", 293 },
+	{ "renameat2", 357 },
+	{ "request_key", 270 },
+	{ "restart_syscall", 0 },
+	{ "rmdir", 40 },
+	{ "rt_sigaction", 173 },
+	{ "rt_sigpending", 175 },
+	{ "rt_sigprocmask", 174 },
+	{ "rt_sigqueueinfo", 177 },
+	{ "rt_sigreturn", 172 },
+	{ "rt_sigsuspend", 178 },
+	{ "rt_sigtimedwait", 176 },
+	{ "rt_tgsigqueueinfo", 322 },
+	{ "rtas", 255 },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "sched_get_priority_max", 159 },
+	{ "sched_get_priority_min", 160 },
+	{ "sched_getaffinity", 223 },
+	{ "sched_getattr", 356 },
+	{ "sched_getparam", 155 },
+	{ "sched_getscheduler", 157 },
+	{ "sched_rr_get_interval", 161 },
+	{ "sched_setaffinity", 222 },
+	{ "sched_setattr", 355 },
+	{ "sched_setparam", 154 },
+	{ "sched_setscheduler", 156 },
+	{ "sched_yield", 158 },
+	{ "seccomp", 358 },
+	{ "security", __PNR_security },
+	{ "select", 82 },
+	{ "semctl", __PNR_semctl },
+	{ "semget", __PNR_semget },
+	{ "semop", __PNR_semop },
+	{ "semtimedop", __PNR_semtimedop },
+	{ "send", 334 },
+	{ "sendfile", 186 },
+	{ "sendfile64", __PNR_sendfile64 },
+	{ "sendmmsg", 349 },
+	{ "sendmsg", 341 },
+	{ "sendto", 335 },
+	{ "set_mempolicy", 261 },
+	{ "set_robust_list", 300 },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", 232 },
+	{ "set_tls", __PNR_set_tls },
+	{ "setdomainname", 121 },
+	{ "setfsgid", 139 },
+	{ "setfsgid32", __PNR_setfsgid32 },
+	{ "setfsuid", 138 },
+	{ "setfsuid32", __PNR_setfsuid32 },
+	{ "setgid", 46 },
+	{ "setgid32", __PNR_setgid32 },
+	{ "setgroups", 81 },
+	{ "setgroups32", __PNR_setgroups32 },
+	{ "sethostname", 74 },
+	{ "setitimer", 104 },
+	{ "setns", 350 },
+	{ "setpgid", 57 },
+	{ "setpriority", 97 },
+	{ "setregid", 71 },
+	{ "setregid32", __PNR_setregid32 },
+	{ "setresgid", 169 },
+	{ "setresgid32", __PNR_setresgid32 },
+	{ "setresuid", 164 },
+	{ "setresuid32", __PNR_setresuid32 },
+	{ "setreuid", 70 },
+	{ "setreuid32", __PNR_setreuid32 },
+	{ "setrlimit", 75 },
+	{ "setsid", 66 },
+	{ "setsockopt", 339 },
+	{ "settimeofday", 79 },
+	{ "setuid", 23 },
+	{ "setuid32", __PNR_setuid32 },
+	{ "setxattr", 209 },
+	{ "sgetmask", 68 },
+	{ "shmat", __PNR_shmat },
+	{ "shmctl", __PNR_shmctl },
+	{ "shmdt", __PNR_shmdt },
+	{ "shmget", __PNR_shmget },
+	{ "shutdown", 338 },
+	{ "sigaction", 67 },
+	{ "sigaltstack", 185 },
+	{ "signal", 48 },
+	{ "signalfd", 305 },
+	{ "signalfd4", 313 },
+	{ "sigpending", 73 },
+	{ "sigprocmask", 126 },
+	{ "sigreturn", 119 },
+	{ "sigsuspend", 72 },
+	{ "socket", 326 },
+	{ "socketcall", 102 },
+	{ "socketpair", 333 },
+	{ "splice", 283 },
+	{ "spu_create", 279 },
+	{ "spu_run", 278 },
+	{ "ssetmask", 69 },
+	{ "stat", 106 },
+	{ "stat64", __PNR_stat64 },
+	{ "statfs", 99 },
+	{ "statfs64", 252 },
+	{ "stime", 25 },
+	{ "stty", 31 },
+	{ "subpage_prot", 310 },
+	{ "swapcontext", 249 },
+	{ "swapoff", 115 },
+	{ "swapon", 87 },
+	{ "switch_endian", 363 },
+	{ "symlink", 83 },
+	{ "symlinkat", 295 },
+	{ "sync", 36 },
+	{ "sync_file_range", __PNR_sync_file_range },
+	{ "sync_file_range2", 308 },
+	{ "syncfs", 348 },
+	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", 256 },
+	{ "sysfs", 135 },
+	{ "sysinfo", 116 },
+	{ "syslog", 103 },
+	{ "sysmips", __PNR_sysmips },
+	{ "tee", 284 },
+	{ "tgkill", 250 },
+	{ "time", 13 },
+	{ "timer_create", 240 },
+	{ "timer_delete", 244 },
+	{ "timer_getoverrun", 243 },
+	{ "timer_gettime", 242 },
+	{ "timer_settime", 241 },
+	{ "timerfd", __PNR_timerfd },
+	{ "timerfd_create", 306 },
+	{ "timerfd_gettime", 312 },
+	{ "timerfd_settime", 311 },
+	{ "times", 43 },
+	{ "tkill", 208 },
+	{ "truncate", 92 },
+	{ "truncate64", __PNR_truncate64 },
+	{ "tuxcall", 225 },
+	{ "ugetrlimit", 190 },
+	{ "ulimit", 58 },
+	{ "umask", 60 },
+	{ "umount", 22 },
+	{ "umount2", 52 },
+	{ "uname", 122 },
+	{ "unlink", 10 },
+	{ "unlinkat", 292 },
+	{ "unshare", 282 },
+	{ "uselib", 86 },
+	{ "userfaultfd", 364 },
+	{ "usr26", __PNR_usr26 },
+	{ "usr32", __PNR_usr32 },
+	{ "ustat", 62 },
+	{ "utime", 30 },
+	{ "utimensat", 304 },
+	{ "utimes", 251 },
+	{ "vfork", 189 },
+	{ "vhangup", 111 },
+	{ "vm86", 113 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", 285 },
+	{ "vserver", __PNR_vserver },
+	{ "wait4", 114 },
+	{ "waitid", 272 },
+	{ "waitpid", 7 },
+	{ "write", 4 },
+	{ "writev", 146 },
+	{ NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int ppc64_syscall_resolve_name(const char *name)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = ppc64_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].name != NULL; iter++) {
+		if (strcmp(name, table[iter].name) == 0)
+			return table[iter].num;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *ppc64_syscall_resolve_num(int num)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = ppc64_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+		if (num == table[iter].num)
+			return table[iter].name;
+	}
+
+	return NULL;
+}
+
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure.  This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *ppc64_syscall_iterate_name(unsigned int spot)
+{
+	/* XXX - no safety checks here */
+	return ppc64_syscall_table[spot].name;
+}
diff -Nru libseccomp-2.2.3/src/arch-ppc.c libseccomp-2.3.1/src/arch-ppc.c
--- libseccomp-2.2.3/src/arch-ppc.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-ppc.c	2016-02-11 18:32:37.538670578 +0000
@@ -0,0 +1,37 @@
+/**
+ * Enhanced Seccomp PPC Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-ppc.h"
+
+const struct arch_def arch_def_ppc = {
+	.token = SCMP_ARCH_PPC,
+	.token_bpf = AUDIT_ARCH_PPC,
+	.size = ARCH_SIZE_32,
+	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = ppc_syscall_resolve_name,
+	.syscall_resolve_num = ppc_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
+};
diff -Nru libseccomp-2.2.3/src/arch-ppc.h libseccomp-2.3.1/src/arch-ppc.h
--- libseccomp-2.2.3/src/arch-ppc.h	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-ppc.h	2016-02-11 18:32:39.775670411 +0000
@@ -0,0 +1,38 @@
+/**
+ * Enhanced Seccomp PPC Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_PPC_H
+#define _ARCH_PPC_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+extern const struct arch_def arch_def_ppc;
+
+int ppc_syscall_resolve_name(const char *name);
+const char *ppc_syscall_resolve_num(int num);
+
+const char *ppc_syscall_iterate_name(unsigned int spot);
+
+#endif
diff -Nru libseccomp-2.2.3/src/arch-ppc-syscalls.c libseccomp-2.3.1/src/arch-ppc-syscalls.c
--- libseccomp-2.2.3/src/arch-ppc-syscalls.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-ppc-syscalls.c	2016-02-19 16:05:36.999890615 +0000
@@ -0,0 +1,516 @@
+/**
+ * Enhanced Seccomp PPC Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-ppc.h"
+
+/* NOTE: based on Linux 4.5-rc4 */
+const struct arch_syscall_def ppc_syscall_table[] = { \
+	{ "_llseek", 140 },
+	{ "_newselect", 142 },
+	{ "_sysctl", 149 },
+	{ "accept", 330 },
+	{ "accept4", 344 },
+	{ "access", 33 },
+	{ "acct", 51 },
+	{ "add_key", 269 },
+	{ "adjtimex", 124 },
+	{ "afs_syscall", 137 },
+	{ "alarm", 27 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", 134 },
+	{ "bind", 327 },
+	{ "bpf", 361 },
+	{ "break", 17 },
+	{ "breakpoint", __PNR_breakpoint },
+	{ "brk", 45 },
+	{ "cachectl", __PNR_cachectl },
+	{ "cacheflush", __PNR_cacheflush },
+	{ "capget", 183 },
+	{ "capset", 184 },
+	{ "chdir", 12 },
+	{ "chmod", 15 },
+	{ "chown", 181 },
+	{ "chown32", __PNR_chown32 },
+	{ "chroot", 61 },
+	{ "clock_adjtime", 347 },
+	{ "clock_getres", 247 },
+	{ "clock_gettime", 246 },
+	{ "clock_nanosleep", 248 },
+	{ "clock_settime", 245 },
+	{ "clone", 120 },
+	{ "close", 6 },
+	{ "connect", 328 },
+	{ "copy_file_range", 379 },
+	{ "creat", 8 },
+	{ "create_module", 127 },
+	{ "delete_module", 129 },
+	{ "dup", 41 },
+	{ "dup2", 63 },
+	{ "dup3", 316 },
+	{ "epoll_create", 236 },
+	{ "epoll_create1", 315 },
+	{ "epoll_ctl", 237 },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", 303 },
+	{ "epoll_wait", 238 },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", 307 },
+	{ "eventfd2", 314 },
+	{ "execve", 11 },
+	{ "execveat", 362 },
+	{ "exit", 1 },
+	{ "exit_group", 234 },
+	{ "faccessat", 298 },
+	{ "fadvise64", 233 },
+	{ "fadvise64_64", 254 },
+	{ "fallocate", 309 },
+	{ "fanotify_init", 323 },
+	{ "fanotify_mark", 324 },
+	{ "fchdir", 133 },
+	{ "fchmod", 94 },
+	{ "fchmodat", 297 },
+	{ "fchown", 95 },
+	{ "fchown32", __PNR_fchown32 },
+	{ "fchownat", 289 },
+	{ "fcntl", 55 },
+	{ "fcntl64", 204 },
+	{ "fdatasync", 148 },
+	{ "fgetxattr", 214 },
+	{ "finit_module", 353 },
+	{ "flistxattr", 217 },
+	{ "flock", 143 },
+	{ "fork", 2 },
+	{ "fremovexattr", 220 },
+	{ "fsetxattr", 211 },
+	{ "fstat", 108 },
+	{ "fstat64", 197 },
+	{ "fstatat64", 291 },
+	{ "fstatfs", 100 },
+	{ "fstatfs64", 253 },
+	{ "fsync", 118 },
+	{ "ftime", 35 },
+	{ "ftruncate", 93 },
+	{ "ftruncate64", 194 },
+	{ "futex", 221 },
+	{ "futimesat", 290 },
+	{ "get_kernel_syms", 130 },
+	{ "get_mempolicy", 260 },
+	{ "get_robust_list", 299 },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "getcpu", 302 },
+	{ "getcwd", 182 },
+	{ "getdents", 141 },
+	{ "getdents64", 202 },
+	{ "getegid", 50 },
+	{ "getegid32", __PNR_getegid32 },
+	{ "geteuid", 49 },
+	{ "geteuid32", __PNR_geteuid32 },
+	{ "getgid", 47 },
+	{ "getgid32", __PNR_getgid32 },
+	{ "getgroups", 80 },
+	{ "getgroups32", __PNR_getgroups32 },
+	{ "getitimer", 105 },
+	{ "getpeername", 332 },
+	{ "getpgid", 132 },
+	{ "getpgrp", 65 },
+	{ "getpid", 20 },
+	{ "getpmsg", 187 },
+	{ "getppid", 64 },
+	{ "getpriority", 96 },
+	{ "getrandom", 359 },
+	{ "getresgid", 170 },
+	{ "getresgid32", __PNR_getresgid32 },
+	{ "getresuid", 165 },
+	{ "getresuid32", __PNR_getresuid32 },
+	{ "getrlimit", 76 },
+	{ "getrusage", 77 },
+	{ "getsid", 147 },
+	{ "getsockname", 331 },
+	{ "getsockopt", 340 },
+	{ "gettid", 207 },
+	{ "gettimeofday", 78 },
+	{ "getuid", 24 },
+	{ "getuid32", __PNR_getuid32 },
+	{ "getxattr", 212 },
+	{ "gtty", 32 },
+	{ "idle", 112 },
+	{ "init_module", 128 },
+	{ "inotify_add_watch", 276 },
+	{ "inotify_init", 275 },
+	{ "inotify_init1", 318 },
+	{ "inotify_rm_watch", 277 },
+	{ "io_cancel", 231 },
+	{ "io_destroy", 228 },
+	{ "io_getevents", 229 },
+	{ "io_setup", 227 },
+	{ "io_submit", 230 },
+	{ "ioctl", 54 },
+	{ "ioperm", 101 },
+	{ "iopl", 110 },
+	{ "ioprio_get", 274 },
+	{ "ioprio_set", 273 },
+	{ "ipc", 117 },
+	{ "kcmp", 354 },
+	{ "kexec_file_load", __PNR_kexec_file_load },
+	{ "kexec_load", 268 },
+	{ "keyctl", 271 },
+	{ "kill", 37 },
+	{ "lchown", 16 },
+	{ "lchown32", __PNR_lchown32 },
+	{ "lgetxattr", 213 },
+	{ "link", 9 },
+	{ "linkat", 294 },
+	{ "listen", 329 },
+	{ "listxattr", 215 },
+	{ "llistxattr", 216 },
+	{ "lock", 53 },
+	{ "lookup_dcookie", 235 },
+	{ "lremovexattr", 219 },
+	{ "lseek", 19 },
+	{ "lsetxattr", 210 },
+	{ "lstat", 107 },
+	{ "lstat64", 196 },
+	{ "madvise", 205 },
+	{ "mbind", 259 },
+	{ "membarrier", 365 },
+	{ "memfd_create", 360 },
+	{ "migrate_pages", 258 },
+	{ "mincore", 206 },
+	{ "mkdir", 39 },
+	{ "mkdirat", 287 },
+	{ "mknod", 14 },
+	{ "mknodat", 288 },
+	{ "mlock", 150 },
+	{ "mlock2", 378 },
+	{ "mlockall", 152 },
+	{ "mmap", 90 },
+	{ "mmap2", 192 },
+	{ "modify_ldt", 123 },
+	{ "mount", 21 },
+	{ "move_pages", 301 },
+	{ "mprotect", 125 },
+	{ "mpx", 56 },
+	{ "mq_getsetattr", 267 },
+	{ "mq_notify", 266 },
+	{ "mq_open", 262 },
+	{ "mq_timedreceive", 265 },
+	{ "mq_timedsend", 264 },
+	{ "mq_unlink", 263 },
+	{ "mremap", 163 },
+	{ "msgctl", __PNR_msgctl },
+	{ "msgget", __PNR_msgget },
+	{ "msgrcv", __PNR_msgrcv },
+	{ "msgsnd", __PNR_msgsnd },
+	{ "msync", 144 },
+	{ "multiplexer", 201 },
+	{ "munlock", 151 },
+	{ "munlockall", 153 },
+	{ "munmap", 91 },
+	{ "name_to_handle_at", 345 },
+	{ "nanosleep", 162 },
+	{ "newfstatat", __PNR_newfstatat },
+	{ "nfsservctl", 168 },
+	{ "nice", 34 },
+	{ "oldfstat", 28 },
+	{ "oldlstat", 84 },
+	{ "oldolduname", 59 },
+	{ "oldstat", 18 },
+	{ "olduname", 109 },
+	{ "oldwait4", __PNR_oldwait4 },
+	{ "open", 5 },
+	{ "open_by_handle_at", 346 },
+	{ "openat", 286 },
+	{ "pause", 29 },
+	{ "pciconfig_iobase", 200 },
+	{ "pciconfig_read", 198 },
+	{ "pciconfig_write", 199 },
+	{ "perf_event_open", 319 },
+	{ "personality", 136 },
+	{ "pipe", 42 },
+	{ "pipe2", 317 },
+	{ "pivot_root", 203 },
+	{ "poll", 167 },
+	{ "ppoll", 281 },
+	{ "prctl", 171 },
+	{ "pread64", 179 },
+	{ "preadv", 320 },
+	{ "prlimit64", 325 },
+	{ "process_vm_readv", 351 },
+	{ "process_vm_writev", 352 },
+	{ "prof", 44 },
+	{ "profil", 98 },
+	{ "pselect6", 280 },
+	{ "ptrace", 26 },
+	{ "putpmsg", 188 },
+	{ "pwrite64", 180 },
+	{ "pwritev", 321 },
+	{ "query_module", 166 },
+	{ "quotactl", 131 },
+	{ "read", 3 },
+	{ "readahead", 191 },
+	{ "readdir", 89 },
+	{ "readlink", 85 },
+	{ "readlinkat", 296 },
+	{ "readv", 145 },
+	{ "reboot", 88 },
+	{ "recv", 336 },
+	{ "recvfrom", 337 },
+	{ "recvmmsg", 343 },
+	{ "recvmsg", 342 },
+	{ "remap_file_pages", 239 },
+	{ "removexattr", 218 },
+	{ "rename", 38 },
+	{ "renameat", 293 },
+	{ "renameat2", 357 },
+	{ "request_key", 270 },
+	{ "restart_syscall", 0 },
+	{ "rmdir", 40 },
+	{ "rt_sigaction", 173 },
+	{ "rt_sigpending", 175 },
+	{ "rt_sigprocmask", 174 },
+	{ "rt_sigqueueinfo", 177 },
+	{ "rt_sigreturn", 172 },
+	{ "rt_sigsuspend", 178 },
+	{ "rt_sigtimedwait", 176 },
+	{ "rt_tgsigqueueinfo", 322 },
+	{ "rtas", 255 },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "sched_get_priority_max", 159 },
+	{ "sched_get_priority_min", 160 },
+	{ "sched_getaffinity", 223 },
+	{ "sched_getattr", 356 },
+	{ "sched_getparam", 155 },
+	{ "sched_getscheduler", 157 },
+	{ "sched_rr_get_interval", 161 },
+	{ "sched_setaffinity", 222 },
+	{ "sched_setattr", 355 },
+	{ "sched_setparam", 154 },
+	{ "sched_setscheduler", 156 },
+	{ "sched_yield", 158 },
+	{ "seccomp", 358 },
+	{ "security", __PNR_security },
+	{ "select", 82 },
+	{ "semctl", __PNR_semctl },
+	{ "semget", __PNR_semget },
+	{ "semop", __PNR_semop },
+	{ "semtimedop", __PNR_semtimedop },
+	{ "send", 334 },
+	{ "sendfile", 186 },
+	{ "sendfile64", 226 },
+	{ "sendmmsg", 349 },
+	{ "sendmsg", 341 },
+	{ "sendto", 335 },
+	{ "set_mempolicy", 261 },
+	{ "set_robust_list", 300 },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", 232 },
+	{ "set_tls", __PNR_set_tls },
+	{ "setdomainname", 121 },
+	{ "setfsgid", 139 },
+	{ "setfsgid32", __PNR_setfsgid32 },
+	{ "setfsuid", 138 },
+	{ "setfsuid32", __PNR_setfsuid32 },
+	{ "setgid", 46 },
+	{ "setgid32", __PNR_setgid32 },
+	{ "setgroups", 81 },
+	{ "setgroups32", __PNR_setgroups32 },
+	{ "sethostname", 74 },
+	{ "setitimer", 104 },
+	{ "setns", 350 },
+	{ "setpgid", 57 },
+	{ "setpriority", 97 },
+	{ "setregid", 71 },
+	{ "setregid32", __PNR_setregid32 },
+	{ "setresgid", 169 },
+	{ "setresgid32", __PNR_setresgid32 },
+	{ "setresuid", 164 },
+	{ "setresuid32", __PNR_setresuid32 },
+	{ "setreuid", 70 },
+	{ "setreuid32", __PNR_setreuid32 },
+	{ "setrlimit", 75 },
+	{ "setsid", 66 },
+	{ "setsockopt", 339 },
+	{ "settimeofday", 79 },
+	{ "setuid", 23 },
+	{ "setuid32", __PNR_setuid32 },
+	{ "setxattr", 209 },
+	{ "sgetmask", 68 },
+	{ "shmat", __PNR_shmat },
+	{ "shmctl", __PNR_shmctl },
+	{ "shmdt", __PNR_shmdt },
+	{ "shmget", __PNR_shmget },
+	{ "shutdown", 338 },
+	{ "sigaction", 67 },
+	{ "sigaltstack", 185 },
+	{ "signal", 48 },
+	{ "signalfd", 305 },
+	{ "signalfd4", 313 },
+	{ "sigpending", 73 },
+	{ "sigprocmask", 126 },
+	{ "sigreturn", 119 },
+	{ "sigsuspend", 72 },
+	{ "socket", 326 },
+	{ "socketcall", 102 },
+	{ "socketpair", 333 },
+	{ "splice", 283 },
+	{ "spu_create", 279 },
+	{ "spu_run", 278 },
+	{ "ssetmask", 69 },
+	{ "stat", 106 },
+	{ "stat64", 195 },
+	{ "statfs", 99 },
+	{ "statfs64", 252 },
+	{ "stime", 25 },
+	{ "stty", 31 },
+	{ "subpage_prot", 310 },
+	{ "swapcontext", 249 },
+	{ "swapoff", 115 },
+	{ "swapon", 87 },
+	{ "switch_endian", 363 },
+	{ "symlink", 83 },
+	{ "symlinkat", 295 },
+	{ "sync", 36 },
+	{ "sync_file_range", __PNR_sync_file_range },
+	{ "sync_file_range2", 308 },
+	{ "syncfs", 348 },
+	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", 256 },
+	{ "sysfs", 135 },
+	{ "sysinfo", 116 },
+	{ "syslog", 103 },
+	{ "sysmips", __PNR_sysmips },
+	{ "tee", 284 },
+	{ "tgkill", 250 },
+	{ "time", 13 },
+	{ "timer_create", 240 },
+	{ "timer_delete", 244 },
+	{ "timer_getoverrun", 243 },
+	{ "timer_gettime", 242 },
+	{ "timer_settime", 241 },
+	{ "timerfd", __PNR_timerfd },
+	{ "timerfd_create", 306 },
+	{ "timerfd_gettime", 312 },
+	{ "timerfd_settime", 311 },
+	{ "times", 43 },
+	{ "tkill", 208 },
+	{ "truncate", 92 },
+	{ "truncate64", 193 },
+	{ "tuxcall", 225 },
+	{ "ugetrlimit", 190 },
+	{ "ulimit", 58 },
+	{ "umask", 60 },
+	{ "umount", 22 },
+	{ "umount2", 52 },
+	{ "uname", 122 },
+	{ "unlink", 10 },
+	{ "unlinkat", 292 },
+	{ "unshare", 282 },
+	{ "uselib", 86 },
+	{ "userfaultfd", 364 },
+	{ "usr26", __PNR_usr26 },
+	{ "usr32", __PNR_usr32 },
+	{ "ustat", 62 },
+	{ "utime", 30 },
+	{ "utimensat", 304 },
+	{ "utimes", 251 },
+	{ "vfork", 189 },
+	{ "vhangup", 111 },
+	{ "vm86", 113 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", 285 },
+	{ "vserver", __PNR_vserver },
+	{ "wait4", 114 },
+	{ "waitid", 272 },
+	{ "waitpid", 7 },
+	{ "write", 4 },
+	{ "writev", 146 },
+	{ NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int ppc_syscall_resolve_name(const char *name)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = ppc_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].name != NULL; iter++) {
+		if (strcmp(name, table[iter].name) == 0)
+			return table[iter].num;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *ppc_syscall_resolve_num(int num)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = ppc_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+		if (num == table[iter].num)
+			return table[iter].name;
+	}
+
+	return NULL;
+}
+
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure.  This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *ppc_syscall_iterate_name(unsigned int spot)
+{
+	/* XXX - no safety checks here */
+	return ppc_syscall_table[spot].name;
+}
diff -Nru libseccomp-2.2.3/src/arch-s390.c libseccomp-2.3.1/src/arch-s390.c
--- libseccomp-2.2.3/src/arch-s390.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-s390.c	2016-04-20 17:49:44.634846367 +0000
@@ -0,0 +1,328 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-s390.h"
+
+/* s390 syscall numbers */
+#define __s390_NR_socketcall		102
+#define __s390_NR_ipc			117
+
+const struct arch_def arch_def_s390 = {
+	.token = SCMP_ARCH_S390,
+	.token_bpf = AUDIT_ARCH_S390,
+	.size = ARCH_SIZE_32,
+	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = s390_syscall_resolve_name,
+	.syscall_resolve_num = s390_syscall_resolve_num,
+	.syscall_rewrite = s390_syscall_rewrite,
+	.rule_add = s390_rule_add,
+};
+
+/**
+ * Convert a multiplexed pseudo socket syscall into a direct syscall
+ * @param socketcall the multiplexed pseudo syscall number
+ *
+ * Return the related direct syscall number, __NR_SCMP_UNDEF is there is
+ * no related syscall, or __NR_SCMP_ERROR otherwise.
+ *
+ */
+int _s390_sock_demux(int socketcall)
+{
+	switch (socketcall) {
+	case -101:
+		/* socket */
+		return 359;
+	case -102:
+		/* bind */
+		return 361;
+	case -103:
+		/* connect */
+		return 362;
+	case -104:
+		/* listen */
+		return 363;
+	case -105:
+		/* accept - not defined */
+		return __NR_SCMP_UNDEF;
+	case -106:
+		/* getsockname */
+		return 367;
+	case -107:
+		/* getpeername */
+		return 368;
+	case -108:
+		/* socketpair */
+		return 360;
+	case -109:
+		/* send - not defined */
+		return __NR_SCMP_UNDEF;
+	case -110:
+		/* recv - not defined */
+		return __NR_SCMP_UNDEF;
+	case -111:
+		/* sendto */
+		return 369;
+	case -112:
+		/* recvfrom */
+		return 371;
+	case -113:
+		/* shutdown */
+		return 373;
+	case -114:
+		/* setsockopt */
+		return 366;
+	case -115:
+		/* getsockopt */
+		return 365;
+	case -116:
+		/* sendmsg */
+		return 370;
+	case -117:
+		/* recvmsg */
+		return 372;
+	case -118:
+		/* accept4 */
+		return 364;
+	case -119:
+		/* recvmmsg */
+		return 337;
+	case -120:
+		/* sendmmsg */
+		return 345;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Convert a direct socket syscall into multiplexed pseudo socket syscall
+ * @param syscall the direct syscall
+ *
+ * Return the related multiplexed pseduo syscall number, __NR_SCMP_UNDEF is
+ * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise.
+ *
+ */
+int _s390_sock_mux(int syscall)
+{
+	switch (syscall) {
+	case 337:
+		/* recvmmsg */
+		return -119;
+	case 345:
+		/* sendmmsg */
+		return -120;
+	case 359:
+		/* socket */
+		return -101;
+	case 360:
+		/* socketpair */
+		return -108;
+	case 361:
+		/* bind */
+		return -102;
+	case 362:
+		/* connect */
+		return -103;
+	case 363:
+		/* listen */
+		return -104;
+	case 364:
+		/* accept4 */
+		return -118;
+	case 365:
+		/* getsockopt */
+		return -115;
+	case 366:
+		/* setsockopt */
+		return -114;
+	case 367:
+		/* getsockname */
+		return -106;
+	case 368:
+		/* getpeername */
+		return -107;
+	case 369:
+		/* sendto */
+		return -111;
+	case 370:
+		/* sendmsg */
+		return -116;
+	case 371:
+		/* recvfrom */
+		return -112;
+	case 372:
+		/* recvmsg */
+		return -117;
+	case 373:
+		/* shutdown */
+		return -113;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Rewrite a syscall value to match the architecture
+ * @param syscall the syscall number
+ *
+ * Syscalls can vary across different architectures so this function rewrites
+ * the syscall into the correct value for the specified architecture.  Returns
+ * zero on success, negative values on failure.
+ *
+ */
+int s390_syscall_rewrite(int *syscall)
+{
+	int sys = *syscall;
+
+	if (sys <= -100 && sys >= -120)
+		*syscall = __s390_NR_socketcall;
+	else if (sys <= -200 && sys >= -224)
+		*syscall = __s390_NR_ipc;
+	else if (sys < 0)
+		return -EDOM;
+
+	return 0;
+}
+
+/**
+ * add a new rule to the s390 seccomp filter
+ * @param col the filter collection
+ * @param db the seccomp filter db
+ * @param strict the strict flag
+ * @param rule the filter rule
+ *
+ * This function adds a new syscall filter to the seccomp filter db, making any
+ * necessary adjustments for the s390 ABI.  Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int s390_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
+		  struct db_api_rule_list *rule)
+{
+	int rc;
+	unsigned int iter;
+	size_t args_size;
+	int sys = rule->syscall;
+	int sys_a, sys_b;
+	struct db_api_rule_list *rule_a, *rule_b;
+
+	if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) {
+		/* (-100 to -120) : multiplexed socket syscalls
+		   (359 to 373)   : direct socket syscalls, Linux 4.3+ */
+
+		/* strict check for the multiplexed socket syscalls */
+		for (iter = 0; iter < rule->args_cnt; iter++) {
+			if ((rule->args[iter].valid != 0) && (strict))
+				return -EINVAL;
+		}
+
+		/* determine both the muxed and direct syscall numbers */
+		if (sys > 0) {
+			sys_a = _s390_sock_mux(sys);
+			if (sys_a == __NR_SCMP_ERROR)
+				return __NR_SCMP_ERROR;
+			sys_b = sys;
+		} else {
+			sys_a = sys;
+			sys_b = _s390_sock_demux(sys);
+			if (sys_b == __NR_SCMP_ERROR)
+				return __NR_SCMP_ERROR;
+		}
+
+		/* use rule_a for the multiplexed syscall and use rule_b for
+		 * the direct wired syscall */
+
+		if (sys_a == __NR_SCMP_UNDEF) {
+			rule_a = NULL;
+			rule_b = rule;
+		} else if (sys_b == __NR_SCMP_UNDEF) {
+			rule_a = rule;
+			rule_b = NULL;
+		} else {
+			/* need two rules, dup the first and link together */
+			rule_a = rule;
+			rule_b = malloc(sizeof(*rule_b));
+			if (rule_b == NULL)
+				return -ENOMEM;
+			args_size = sizeof(*rule_b->args) * rule_a->args_cnt;
+			rule_b->args = malloc(args_size);
+			if (rule_b->args == NULL) {
+				free(rule_b);
+				return -ENOMEM;
+			}
+			rule_b->action = rule_a->action;
+			rule_b->syscall = rule_a->syscall;
+			rule_b->args_cnt = rule_a->args_cnt;
+			memcpy(rule_b->args, rule_a->args, args_size);
+			rule_b->prev = rule_a;
+			rule_b->next = NULL;
+			rule_a->next = rule_b;
+		}
+
+		/* multiplexed socket syscalls */
+		if (rule_a != NULL) {
+			rule_a->syscall = __s390_NR_socketcall;
+			rule_a->args[0].arg = 0;
+			rule_a->args[0].op = SCMP_CMP_EQ;
+			rule_a->args[0].mask = DATUM_MAX;
+			rule_a->args[0].datum = (-sys_a) % 100;
+			rule_a->args[0].valid = 1;
+		}
+
+		/* direct wired socket syscalls */
+		if (rule_b != NULL)
+			rule_b->syscall = sys_b;
+
+		/* add the rules as a single transaction */
+		rc = db_col_transaction_start(col);
+		if (rc < 0)
+			return rc;
+		if (rule_a != NULL) {
+			rc = db_rule_add(db, rule_a);
+			if (rc < 0)
+				goto fail_transaction;
+		}
+		if (rule_b != NULL) {
+			rc = db_rule_add(db, rule_b);
+			if (rc < 0)
+				goto fail_transaction;
+		}
+		db_col_transaction_commit(col);
+	} else if (sys <= -200 && sys >= -224) {
+		/* multiplexed ipc syscalls */
+		for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
+			if ((rule->args[iter].valid != 0) && (strict))
+				return -EINVAL;
+		}
+		rule->args[0].arg = 0;
+		rule->args[0].op = SCMP_CMP_EQ;
+		rule->args[0].mask = DATUM_MAX;
+		rule->args[0].datum = abs(sys) % 200;
+		rule->args[0].valid = 1;
+		rule->syscall = __s390_NR_ipc;
+
+		rc = db_rule_add(db, rule);
+		if (rc < 0)
+			return rc;
+	} else if (sys >= 0) {
+		/* normal syscall processing */
+		rc = db_rule_add(db, rule);
+		if (rc < 0)
+			return rc;
+	} else if (strict)
+		return -EDOM;
+
+	return 0;
+
+fail_transaction:
+	db_col_transaction_abort(col);
+	return rc;
+}
diff -Nru libseccomp-2.2.3/src/arch-s390.h libseccomp-2.3.1/src/arch-s390.h
--- libseccomp-2.2.3/src/arch-s390.h	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-s390.h	2016-04-20 17:49:04.574849365 +0000
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#ifndef _ARCH_S390_H
+#define _ARCH_S390_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "db.h"
+#include "system.h"
+
+#define s390_arg_count_max		6
+
+extern const struct arch_def arch_def_s390;
+#define s390_arg_offset(x)		(offsetof(struct seccomp_data, args[x]))
+
+int s390_syscall_resolve_name(const char *name);
+const char *s390_syscall_resolve_num(int num);
+
+const char *s390_syscall_iterate_name(unsigned int spot);
+
+int s390_syscall_rewrite(int *syscall);
+
+int s390_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
+		  struct db_api_rule_list *rule);
+
+#endif
diff -Nru libseccomp-2.2.3/src/arch-s390-syscalls.c libseccomp-2.3.1/src/arch-s390-syscalls.c
--- libseccomp-2.2.3/src/arch-s390-syscalls.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-s390-syscalls.c	2016-04-20 17:49:04.574849365 +0000
@@ -0,0 +1,582 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-s390.h"
+
+/* NOTE: based on Linux 4.5-rc4 */
+const struct arch_syscall_def s390_syscall_table[] = { \
+	{ "_llseek", 140 },
+	{ "_newselect", 142 },
+	{ "_sysctl", 149 },
+	{ "accept", __PNR_accept },
+	{ "accept4", 364 },
+	{ "access", 33 },
+	{ "acct", 51 },
+	{ "add_key", 278 },
+	{ "adjtimex", 124 },
+	{ "afs_syscall", 137 },
+	{ "alarm", 27 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", 134 },
+	{ "bind", 361 },
+	{ "bpf", 351 },
+	{ "break", __PNR_break },
+	{ "breakpoint", __PNR_breakpoint },
+	{ "brk", 45 },
+	{ "cachectl", __PNR_cachectl },
+	{ "cacheflush", __PNR_cacheflush },
+	{ "capget", 184 },
+	{ "capset", 185 },
+	{ "chdir", 12 },
+	{ "chmod", 15 },
+	{ "chown", 182 },
+	{ "chown32", 212 },
+	{ "chroot", 61 },
+	{ "clock_adjtime", 337 },
+	{ "clock_getres", 261 },
+	{ "clock_gettime", 260 },
+	{ "clock_nanosleep", 262 },
+	{ "clock_settime", 259 },
+	{ "clone", 120 },
+	{ "close", 6 },
+	{ "connect", 362 },
+	{ "copy_file_range", 375 },
+	{ "creat", 8 },
+	{ "create_module", 127 },
+	{ "delete_module", 129 },
+	{ "dup", 41 },
+	{ "dup2", 63 },
+	{ "dup3", 326 },
+	{ "epoll_create", 249 },
+	{ "epoll_create1", 327 },
+	{ "epoll_ctl", 250 },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", 312 },
+	{ "epoll_wait", 251 },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", 318 },
+	{ "eventfd2", 323 },
+	{ "execve", 11 },
+	{ "execveat", 354 },
+	{ "exit", 1 },
+	{ "exit_group", 248 },
+	{ "faccessat", 300 },
+	{ "fadvise64", 253 },
+	{ "fadvise64_64", 264 },
+	{ "fallocate", 314 },
+	{ "fanotify_init", 332 },
+	{ "fanotify_mark", 333 },
+	{ "fchdir", 133 },
+	{ "fchmod", 94 },
+	{ "fchmodat", 299 },
+	{ "fchown", 95 },
+	{ "fchown32", 207 },
+	{ "fchownat", 291 },
+	{ "fcntl", 55 },
+	{ "fcntl64", 221 },
+	{ "fdatasync", 148 },
+	{ "fgetxattr", 229 },
+	{ "finit_module", 344 },
+	{ "flistxattr", 232 },
+	{ "flock", 143 },
+	{ "fork", 2 },
+	{ "fremovexattr", 235 },
+	{ "fsetxattr", 226 },
+	{ "fstat", 108 },
+	{ "fstat64", 197 },
+	{ "fstatat64", 293 },
+	{ "fstatfs", 100 },
+	{ "fstatfs64", 266 },
+	{ "fsync", 118 },
+	{ "ftime", __PNR_ftime },
+	{ "ftruncate", 93 },
+	{ "ftruncate64", 194 },
+	{ "futex", 238 },
+	{ "futimesat", 292 },
+	{ "get_kernel_syms", 130 },
+	{ "get_mempolicy", 269 },
+	{ "get_robust_list", 305 },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "getcpu", 311 },
+	{ "getcwd", 183 },
+	{ "getdents", 141 },
+	{ "getdents64", 220 },
+	{ "getegid", 50 },
+	{ "getegid32", 202 },
+	{ "geteuid", 49 },
+	{ "geteuid32", 201 },
+	{ "getgid", 47 },
+	{ "getgid32", 200 },
+	{ "getgroups", 80 },
+	{ "getgroups32", 205 },
+	{ "getitimer", 105 },
+	{ "getpeername", 368 },
+	{ "getpgid", 132 },
+	{ "getpgrp", 65 },
+	{ "getpid", 20 },
+	{ "getpmsg", 188 },
+	{ "getppid", 64 },
+	{ "getpriority", 96 },
+	{ "getrandom", 349 },
+	{ "getresgid", 171 },
+	{ "getresgid32", 211 },
+	{ "getresuid", 165 },
+	{ "getresuid32", 209 },
+	{ "getrlimit", 76 },
+	{ "getrusage", 77 },
+	{ "getsid", 147 },
+	{ "getsockname", 367 },
+	{ "getsockopt", 365 },
+	{ "gettid", 236 },
+	{ "gettimeofday", 78 },
+	{ "getuid", 24 },
+	{ "getuid32", 199 },
+	{ "getxattr", 227 },
+	{ "gtty", __PNR_gtty },
+	{ "idle", 112 },
+	{ "init_module", 128 },
+	{ "inotify_add_watch", 285 },
+	{ "inotify_init", 284 },
+	{ "inotify_init1", 324 },
+	{ "inotify_rm_watch", 286 },
+	{ "io_cancel", 247 },
+	{ "io_destroy", 244 },
+	{ "io_getevents", 245 },
+	{ "io_setup", 243 },
+	{ "io_submit", 246 },
+	{ "ioctl", 54 },
+	{ "ioperm", 101 },
+	{ "iopl", __PNR_iopl },
+	{ "ioprio_get", 283 },
+	{ "ioprio_set", 282 },
+	{ "ipc", 117 },
+	{ "kcmp", 343 },
+	{ "kexec_file_load", __PNR_kexec_file_load },
+	{ "kexec_load", 277 },
+	{ "keyctl", 280 },
+	{ "kill", 37 },
+	{ "lchown", 16 },
+	{ "lchown32", 198 },
+	{ "lgetxattr", 228 },
+	{ "link", 9 },
+	{ "linkat", 296 },
+	{ "listen", 363 },
+	{ "listxattr", 230 },
+	{ "llistxattr", 231 },
+	{ "lock", __PNR_lock },
+	{ "lookup_dcookie", 110 },
+	{ "lremovexattr", 234 },
+	{ "lseek", 19 },
+	{ "lsetxattr", 225 },
+	{ "lstat", 107 },
+	{ "lstat64", 196 },
+	{ "madvise", 219 },
+	{ "mbind", 268 },
+	{ "membarrier", 356 },
+	{ "memfd_create", 350 },
+	{ "migrate_pages", 287 },
+	{ "mincore", 218 },
+	{ "mkdir", 39 },
+	{ "mkdirat", 289 },
+	{ "mknod", 14 },
+	{ "mknodat", 290 },
+	{ "mlock", 150 },
+	{ "mlock2", 374 },
+	{ "mlockall", 152 },
+	{ "mmap", 90 },
+	{ "mmap2", 192 },
+	{ "modify_ldt", __PNR_modify_ldt },
+	{ "mount", 21 },
+	{ "move_pages", 310 },
+	{ "mprotect", 125 },
+	{ "mpx", __PNR_mpx },
+	{ "mq_getsetattr", 276 },
+	{ "mq_notify", 275 },
+	{ "mq_open", 271 },
+	{ "mq_timedreceive", 274 },
+	{ "mq_timedsend", 273 },
+	{ "mq_unlink", 272 },
+	{ "mremap", 163 },
+	{ "msgctl", __PNR_msgctl },
+	{ "msgget", __PNR_msgget },
+	{ "msgrcv", __PNR_msgrcv },
+	{ "msgsnd", __PNR_msgsnd },
+	{ "msync", 144 },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", 151 },
+	{ "munlockall", 153 },
+	{ "munmap", 91 },
+	{ "name_to_handle_at", 335 },
+	{ "nanosleep", 162 },
+	{ "newfstatat", __PNR_newfstatat },
+	{ "nfsservctl", 169 },
+	{ "nice", 34 },
+	{ "oldfstat", __PNR_oldfstat },
+	{ "oldlstat", __PNR_oldlstat },
+	{ "oldolduname", __PNR_oldolduname },
+	{ "oldstat", __PNR_oldstat },
+	{ "olduname", __PNR_olduname },
+	{ "oldwait4", __PNR_oldwait4 },
+	{ "open", 5 },
+	{ "open_by_handle_at", 336 },
+	{ "openat", 288 },
+	{ "pause", 29 },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
+	{ "perf_event_open", 331 },
+	{ "personality", 136 },
+	{ "pipe", 42 },
+	{ "pipe2", 325 },
+	{ "pivot_root", 217 },
+	{ "poll", 168 },
+	{ "ppoll", 302 },
+	{ "prctl", 172 },
+	{ "pread64", 180 },
+	{ "preadv", 328 },
+	{ "prlimit64", 334 },
+	{ "process_vm_readv", 340 },
+	{ "process_vm_writev", 341 },
+	{ "prof", __PNR_prof },
+	{ "profil", __PNR_profil },
+	{ "pselect6", 301 },
+	{ "ptrace", 26 },
+	{ "putpmsg", 189 },
+	{ "pwrite64", 181 },
+	{ "pwritev", 329 },
+	{ "query_module", 167 },
+	{ "quotactl", 131 },
+	{ "read", 3 },
+	{ "readahead", 222 },
+	{ "readdir", 89 },
+	{ "readlink", 85 },
+	{ "readlinkat", 298 },
+	{ "readv", 145 },
+	{ "reboot", 88 },
+	{ "recv", __PNR_recv },
+	{ "recvfrom", 371 },
+	{ "recvmmsg", 357 },
+	{ "recvmsg", 372 },
+	{ "remap_file_pages", 267 },
+	{ "removexattr", 233 },
+	{ "rename", 38 },
+	{ "renameat", 295 },
+	{ "renameat2", 347 },
+	{ "request_key", 279 },
+	{ "restart_syscall", 7 },
+	{ "rmdir", 40 },
+	{ "rt_sigaction", 174 },
+	{ "rt_sigpending", 176 },
+	{ "rt_sigprocmask", 175 },
+	{ "rt_sigqueueinfo", 178 },
+	{ "rt_sigreturn", 173 },
+	{ "rt_sigsuspend", 179 },
+	{ "rt_sigtimedwait", 177 },
+	{ "rt_tgsigqueueinfo", 330 },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", 353 },
+	{ "s390_pci_mmio_write", 352 },
+	{ "s390_runtime_instr", 342 },
+	{ "sched_get_priority_max", 159 },
+	{ "sched_get_priority_min", 160 },
+	{ "sched_getaffinity", 240 },
+	{ "sched_getattr", 346 },
+	{ "sched_getparam", 155 },
+	{ "sched_getscheduler", 157 },
+	{ "sched_rr_get_interval", 161 },
+	{ "sched_setaffinity", 239 },
+	{ "sched_setattr", 345 },
+	{ "sched_setparam", 154 },
+	{ "sched_setscheduler", 156 },
+	{ "sched_yield", 158 },
+	{ "seccomp", 348 },
+	{ "security", __PNR_security },
+	{ "select", __PNR_select },
+	{ "semctl", __PNR_semctl },
+	{ "semget", __PNR_semget },
+	{ "semop", __PNR_semop },
+	{ "semtimedop", __PNR_semtimedop },
+	{ "send", __PNR_send },
+	{ "sendfile", 187 },
+	{ "sendfile64", 223 },
+	{ "sendmmsg", 358 },
+	{ "sendmsg", 370 },
+	{ "sendto", 369 },
+	{ "set_mempolicy", 270 },
+	{ "set_robust_list", 304 },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", 252 },
+	{ "set_tls", __PNR_set_tls },
+	{ "setdomainname", 121 },
+	{ "setfsgid", 139 },
+	{ "setfsgid32", 216 },
+	{ "setfsuid", 138 },
+	{ "setfsuid32", 215 },
+	{ "setgid", 46 },
+	{ "setgid32", 214 },
+	{ "setgroups", 81 },
+	{ "setgroups32", 206 },
+	{ "sethostname", 74 },
+	{ "setitimer", 104 },
+	{ "setns", 339 },
+	{ "setpgid", 57 },
+	{ "setpriority", 97 },
+	{ "setregid", 71 },
+	{ "setregid32", 204 },
+	{ "setresgid", 170 },
+	{ "setresgid32", 210 },
+	{ "setresuid", 164 },
+	{ "setresuid32", 208 },
+	{ "setreuid", 70 },
+	{ "setreuid32", 203 },
+	{ "setrlimit", 75 },
+	{ "setsid", 66 },
+	{ "setsockopt", 366 },
+	{ "settimeofday", 79 },
+	{ "setuid", 23 },
+	{ "setuid32", 213 },
+	{ "setxattr", 224 },
+	{ "sgetmask", __PNR_sgetmask },
+	{ "shmat", __PNR_shmat },
+	{ "shmctl", __PNR_shmctl },
+	{ "shmdt", __PNR_shmdt },
+	{ "shmget", __PNR_shmget },
+	{ "shutdown", 373 },
+	{ "sigaction", 67 },
+	{ "sigaltstack", 186 },
+	{ "signal", 48 },
+	{ "signalfd", 316 },
+	{ "signalfd4", 322 },
+	{ "sigpending", 73 },
+	{ "sigprocmask", 126 },
+	{ "sigreturn", 119 },
+	{ "sigsuspend", 72 },
+	{ "socket", 359 },
+	{ "socketcall", 102 },
+	{ "socketpair", 360 },
+	{ "splice", 306 },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
+	{ "ssetmask", __PNR_ssetmask },
+	{ "stat", 106 },
+	{ "stat64", 195 },
+	{ "statfs", 99 },
+	{ "statfs64", 265 },
+	{ "stime", 25 },
+	{ "stty", __PNR_stty },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", 115 },
+	{ "swapon", 87 },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", 83 },
+	{ "symlinkat", 297 },
+	{ "sync", 36 },
+	{ "sync_file_range", 307 },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
+	{ "syncfs", 338 },
+	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", 135 },
+	{ "sysinfo", 116 },
+	{ "syslog", 103 },
+	{ "sysmips", __PNR_sysmips },
+	{ "tee", 308 },
+	{ "tgkill", 241 },
+	{ "time", 13 },
+	{ "timer_create", 254 },
+	{ "timer_delete", 258 },
+	{ "timer_getoverrun", 257 },
+	{ "timer_gettime", 256 },
+	{ "timer_settime", 255 },
+	{ "timerfd", 317 },
+	{ "timerfd_create", 319 },
+	{ "timerfd_gettime", 321 },
+	{ "timerfd_settime", 320 },
+	{ "times", 43 },
+	{ "tkill", 237 },
+	{ "truncate", 92 },
+	{ "truncate64", 193 },
+	{ "tuxcall", __PNR_tuxcall },
+	{ "ugetrlimit", 191 },
+	{ "ulimit", __PNR_ulimit },
+	{ "umask", 60 },
+	{ "umount", 22 },
+	{ "umount2", 52 },
+	{ "uname", 122 },
+	{ "unlink", 10 },
+	{ "unlinkat", 294 },
+	{ "unshare", 303 },
+	{ "uselib", 86 },
+	{ "userfaultfd", 355 },
+	{ "usr26", __PNR_usr26 },
+	{ "usr32", __PNR_usr32 },
+	{ "ustat", 62 },
+	{ "utime", 30 },
+	{ "utimensat", 315 },
+	{ "utimes", 313 },
+	{ "vfork", 190 },
+	{ "vhangup", 111 },
+	{ "vm86", __PNR_vm86 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", 309 },
+	{ "vserver", __PNR_vserver },
+	{ "wait4", 114 },
+	{ "waitid", 281 },
+	{ "waitpid", __PNR_waitpid },
+	{ "write", 4 },
+	{ "writev", 146 },
+	{ NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int s390_syscall_resolve_name(const char *name)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = s390_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+
+	if (strcmp(name, "accept") == 0)
+		return __PNR_accept;
+	if (strcmp(name, "accept4") == 0)
+		return __PNR_accept4;
+	else if (strcmp(name, "bind") == 0)
+		return __PNR_bind;
+	else if (strcmp(name, "connect") == 0)
+		return __PNR_connect;
+	else if (strcmp(name, "getpeername") == 0)
+		return __PNR_getpeername;
+	else if (strcmp(name, "getsockname") == 0)
+		return __PNR_getsockname;
+	else if (strcmp(name, "getsockopt") == 0)
+		return __PNR_getsockopt;
+	else if (strcmp(name, "listen") == 0)
+		return __PNR_listen;
+	else if (strcmp(name, "recv") == 0)
+		return __PNR_recv;
+	else if (strcmp(name, "recvfrom") == 0)
+		return __PNR_recvfrom;
+	else if (strcmp(name, "recvmsg") == 0)
+		return __PNR_recvmsg;
+	else if (strcmp(name, "recvmmsg") == 0)
+		return __PNR_recvmmsg;
+	else if (strcmp(name, "send") == 0)
+		return __PNR_send;
+	else if (strcmp(name, "sendmsg") == 0)
+		return __PNR_sendmsg;
+	else if (strcmp(name, "sendmmsg") == 0)
+		return __PNR_sendmmsg;
+	else if (strcmp(name, "sendto") == 0)
+		return __PNR_sendto;
+	else if (strcmp(name, "setsockopt") == 0)
+		return __PNR_setsockopt;
+	else if (strcmp(name, "shutdown") == 0)
+		return __PNR_shutdown;
+	else if (strcmp(name, "socket") == 0)
+		return __PNR_socket;
+	else if (strcmp(name, "socketpair") == 0)
+		return __PNR_socketpair;
+
+	for (iter = 0; table[iter].name != NULL; iter++) {
+		if (strcmp(name, table[iter].name) == 0)
+			return table[iter].num;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *s390_syscall_resolve_num(int num)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = s390_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+
+	if (num == __PNR_accept)
+		return "accept";
+	else if (num == __PNR_accept4)
+		return "accept4";
+	else if (num == __PNR_bind)
+		return "bind";
+	else if (num == __PNR_connect)
+		return "connect";
+	else if (num == __PNR_getpeername)
+		return "getpeername";
+	else if (num == __PNR_getsockname)
+		return "getsockname";
+	else if (num == __PNR_getsockopt)
+		return "getsockopt";
+	else if (num == __PNR_listen)
+		return "listen";
+	else if (num == __PNR_recv)
+		return "recv";
+	else if (num == __PNR_recvfrom)
+		return "recvfrom";
+	else if (num == __PNR_recvmsg)
+		return "recvmsg";
+	else if (num == __PNR_recvmmsg)
+		return "recvmmsg";
+	else if (num == __PNR_send)
+		return "send";
+	else if (num == __PNR_sendmsg)
+		return "sendmsg";
+	else if (num == __PNR_sendmmsg)
+		return "sendmmsg";
+	else if (num == __PNR_sendto)
+		return "sendto";
+	else if (num == __PNR_setsockopt)
+		return "setsockopt";
+	else if (num == __PNR_shutdown)
+		return "shutdown";
+	else if (num == __PNR_socket)
+		return "socket";
+	else if (num == __PNR_socketpair)
+		return "socketpair";
+
+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+		if (num == table[iter].num)
+			return table[iter].name;
+	}
+
+	return NULL;
+}
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure.  This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *s390_syscall_iterate_name(unsigned int spot)
+{
+	/* XXX - no safety checks here */
+	return s390_syscall_table[spot].name;
+}
diff -Nru libseccomp-2.2.3/src/arch-s390x.c libseccomp-2.3.1/src/arch-s390x.c
--- libseccomp-2.2.3/src/arch-s390x.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-s390x.c	2016-04-20 17:49:44.634846367 +0000
@@ -0,0 +1,328 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-s390x.h"
+
+/* s390x syscall numbers */
+#define __s390x_NR_socketcall		102
+#define __s390x_NR_ipc			117
+
+const struct arch_def arch_def_s390x = {
+	.token = SCMP_ARCH_S390X,
+	.token_bpf = AUDIT_ARCH_S390X,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = s390x_syscall_resolve_name,
+	.syscall_resolve_num = s390x_syscall_resolve_num,
+	.syscall_rewrite = s390x_syscall_rewrite,
+	.rule_add = s390x_rule_add,
+};
+
+/**
+ * Convert a multiplexed pseudo socket syscall into a direct syscall
+ * @param socketcall the multiplexed pseudo syscall number
+ *
+ * Return the related direct syscall number, __NR_SCMP_UNDEF is there is
+ * no related syscall, or __NR_SCMP_ERROR otherwise.
+ *
+ */
+int _s390x_sock_demux(int socketcall)
+{
+	switch (socketcall) {
+	case -101:
+		/* socket */
+		return 359;
+	case -102:
+		/* bind */
+		return 361;
+	case -103:
+		/* connect */
+		return 362;
+	case -104:
+		/* listen */
+		return 363;
+	case -105:
+		/* accept - not defined */
+		return __NR_SCMP_UNDEF;
+	case -106:
+		/* getsockname */
+		return 367;
+	case -107:
+		/* getpeername */
+		return 368;
+	case -108:
+		/* socketpair */
+		return 360;
+	case -109:
+		/* send - not defined */
+		return __NR_SCMP_UNDEF;
+	case -110:
+		/* recv - not defined */
+		return __NR_SCMP_UNDEF;
+	case -111:
+		/* sendto */
+		return 369;
+	case -112:
+		/* recvfrom */
+		return 371;
+	case -113:
+		/* shutdown */
+		return 373;
+	case -114:
+		/* setsockopt */
+		return 366;
+	case -115:
+		/* getsockopt */
+		return 365;
+	case -116:
+		/* sendmsg */
+		return 370;
+	case -117:
+		/* recvmsg */
+		return 372;
+	case -118:
+		/* accept4 */
+		return 364;
+	case -119:
+		/* recvmmsg */
+		return 337;
+	case -120:
+		/* sendmmsg */
+		return 345;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Convert a direct socket syscall into multiplexed pseudo socket syscall
+ * @param syscall the direct syscall
+ *
+ * Return the related multiplexed pseduo syscall number, __NR_SCMP_UNDEF is
+ * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise.
+ *
+ */
+int _s390x_sock_mux(int syscall)
+{
+	switch (syscall) {
+	case 337:
+		/* recvmmsg */
+		return -119;
+	case 345:
+		/* sendmmsg */
+		return -120;
+	case 359:
+		/* socket */
+		return -101;
+	case 360:
+		/* socketpair */
+		return -108;
+	case 361:
+		/* bind */
+		return -102;
+	case 362:
+		/* connect */
+		return -103;
+	case 363:
+		/* listen */
+		return -104;
+	case 364:
+		/* accept4 */
+		return -118;
+	case 365:
+		/* getsockopt */
+		return -115;
+	case 366:
+		/* setsockopt */
+		return -114;
+	case 367:
+		/* getsockname */
+		return -106;
+	case 368:
+		/* getpeername */
+		return -107;
+	case 369:
+		/* sendto */
+		return -111;
+	case 370:
+		/* sendmsg */
+		return -116;
+	case 371:
+		/* recvfrom */
+		return -112;
+	case 372:
+		/* recvmsg */
+		return -117;
+	case 373:
+		/* shutdown */
+		return -113;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Rewrite a syscall value to match the architecture
+ * @param syscall the syscall number
+ *
+ * Syscalls can vary across different architectures so this function rewrites
+ * the syscall into the correct value for the specified architecture.  Returns
+ * zero on success, negative values on failure.
+ *
+ */
+int s390x_syscall_rewrite(int *syscall)
+{
+	int sys = *syscall;
+
+	if (sys <= -100 && sys >= -120)
+		*syscall = __s390x_NR_socketcall;
+	else if (sys <= -200 && sys >= -224)
+		*syscall = __s390x_NR_ipc;
+	else if (sys < 0)
+		return -EDOM;
+
+	return 0;
+}
+
+/**
+ * add a new rule to the s390x seccomp filter
+ * @param col the filter collection
+ * @param db the seccomp filter db
+ * @param strict the strict flag
+ * @param rule the filter rule
+ *
+ * This function adds a new syscall filter to the seccomp filter db, making any
+ * necessary adjustments for the s390x ABI.  Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int s390x_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
+		   struct db_api_rule_list *rule)
+{
+	int rc;
+	unsigned int iter;
+	size_t args_size;
+	int sys = rule->syscall;
+	int sys_a, sys_b;
+	struct db_api_rule_list *rule_a, *rule_b;
+
+	if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) {
+		/* (-100 to -120) : multiplexed socket syscalls
+		   (359 to 373)   : direct socket syscalls, Linux 4.3+ */
+
+		/* strict check for the multiplexed socket syscalls */
+		for (iter = 0; iter < rule->args_cnt; iter++) {
+			if ((rule->args[iter].valid != 0) && (strict))
+				return -EINVAL;
+		}
+
+		/* determine both the muxed and direct syscall numbers */
+		if (sys > 0) {
+			sys_a = _s390x_sock_mux(sys);
+			if (sys_a == __NR_SCMP_ERROR)
+				return __NR_SCMP_ERROR;
+			sys_b = sys;
+		} else {
+			sys_a = sys;
+			sys_b = _s390x_sock_demux(sys);
+			if (sys_b == __NR_SCMP_ERROR)
+				return __NR_SCMP_ERROR;
+		}
+
+		/* use rule_a for the multiplexed syscall and use rule_b for
+		 * the direct wired syscall */
+
+		if (sys_a == __NR_SCMP_UNDEF) {
+			rule_a = NULL;
+			rule_b = rule;
+		} else if (sys_b == __NR_SCMP_UNDEF) {
+			rule_a = rule;
+			rule_b = NULL;
+		} else {
+			/* need two rules, dup the first and link together */
+			rule_a = rule;
+			rule_b = malloc(sizeof(*rule_b));
+			if (rule_b == NULL)
+				return -ENOMEM;
+			args_size = sizeof(*rule_b->args) * rule_a->args_cnt;
+			rule_b->args = malloc(args_size);
+			if (rule_b->args == NULL) {
+				free(rule_b);
+				return -ENOMEM;
+			}
+			rule_b->action = rule_a->action;
+			rule_b->syscall = rule_a->syscall;
+			rule_b->args_cnt = rule_a->args_cnt;
+			memcpy(rule_b->args, rule_a->args, args_size);
+			rule_b->prev = rule_a;
+			rule_b->next = NULL;
+			rule_a->next = rule_b;
+		}
+
+		/* multiplexed socket syscalls */
+		if (rule_a != NULL) {
+			rule_a->syscall = __s390x_NR_socketcall;
+			rule_a->args[0].arg = 0;
+			rule_a->args[0].op = SCMP_CMP_EQ;
+			rule_a->args[0].mask = DATUM_MAX;
+			rule_a->args[0].datum = (-sys_a) % 100;
+			rule_a->args[0].valid = 1;
+		}
+
+		/* direct wired socket syscalls */
+		if (rule_b != NULL)
+			rule_b->syscall = sys_b;
+
+		/* add the rules as a single transaction */
+		rc = db_col_transaction_start(col);
+		if (rc < 0)
+			return rc;
+		if (rule_a != NULL) {
+			rc = db_rule_add(db, rule_a);
+			if (rc < 0)
+				goto fail_transaction;
+		}
+		if (rule_b != NULL) {
+			rc = db_rule_add(db, rule_b);
+			if (rc < 0)
+				goto fail_transaction;
+		}
+		db_col_transaction_commit(col);
+	} else if (sys <= -200 && sys >= -224) {
+		/* multiplexed ipc syscalls */
+		for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
+			if ((rule->args[iter].valid != 0) && (strict))
+				return -EINVAL;
+		}
+		rule->args[0].arg = 0;
+		rule->args[0].op = SCMP_CMP_EQ;
+		rule->args[0].mask = DATUM_MAX;
+		rule->args[0].datum = abs(sys) % 200;
+		rule->args[0].valid = 1;
+		rule->syscall = __s390x_NR_ipc;
+
+		rc = db_rule_add(db, rule);
+		if (rc < 0)
+			return rc;
+	} else if (sys >= 0) {
+		/* normal syscall processing */
+		rc = db_rule_add(db, rule);
+		if (rc < 0)
+			return rc;
+	} else if (strict)
+		return -EDOM;
+
+	return 0;
+
+fail_transaction:
+	db_col_transaction_abort(col);
+	return rc;
+}
diff -Nru libseccomp-2.2.3/src/arch-s390x.h libseccomp-2.3.1/src/arch-s390x.h
--- libseccomp-2.2.3/src/arch-s390x.h	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-s390x.h	2016-04-20 17:49:04.575849365 +0000
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#ifndef _ARCH_S390X_H
+#define _ARCH_S390X_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "db.h"
+#include "system.h"
+
+#define s390x_arg_count_max		6
+
+extern const struct arch_def arch_def_s390x;
+#define s390x_arg_offset(x)		(offsetof(struct seccomp_data, args[x]))
+
+#define s390x_arg_offset_lo(x)		(s390x_arg_offset(x) + 4)
+#define s390x_arg_offset_hi(x)		(s390x_arg_offset(x))
+
+int s390x_syscall_resolve_name(const char *name);
+const char *s390x_syscall_resolve_num(int num);
+
+const char *s390x_syscall_iterate_name(unsigned int spot);
+
+int s390x_syscall_rewrite(int *syscall);
+
+int s390x_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
+		   struct db_api_rule_list *rule);
+
+#endif
diff -Nru libseccomp-2.2.3/src/arch-s390x-syscalls.c libseccomp-2.3.1/src/arch-s390x-syscalls.c
--- libseccomp-2.2.3/src/arch-s390x-syscalls.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/src/arch-s390x-syscalls.c	2016-04-20 17:49:04.574849365 +0000
@@ -0,0 +1,583 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-s390x.h"
+
+/* NOTE: based on Linux 4.5-rc4 */
+const struct arch_syscall_def s390x_syscall_table[] = { \
+	{ "_llseek", __PNR__llseek },
+	{ "_newselect", __PNR__newselect },
+	{ "_sysctl", 149 },
+	{ "accept", __PNR_accept },
+	{ "accept4", 364 },
+	{ "access", 33 },
+	{ "acct", 51 },
+	{ "add_key", 278 },
+	{ "adjtimex", 124 },
+	{ "afs_syscall", 137 },
+	{ "alarm", 27 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", 134 },
+	{ "bind", 361 },
+	{ "bpf", 351 },
+	{ "break", __PNR_break },
+	{ "breakpoint", __PNR_breakpoint },
+	{ "brk", 45 },
+	{ "cachectl", __PNR_cachectl },
+	{ "cacheflush", __PNR_cacheflush },
+	{ "capget", 184 },
+	{ "capset", 185 },
+	{ "chdir", 12 },
+	{ "chmod", 15 },
+	{ "chown", 212 },
+	{ "chown32", __PNR_chown32 },
+	{ "chroot", 61 },
+	{ "clock_adjtime", 337 },
+	{ "clock_getres", 261 },
+	{ "clock_gettime", 260 },
+	{ "clock_nanosleep", 262 },
+	{ "clock_settime", 259 },
+	{ "clone", 120 },
+	{ "close", 6 },
+	{ "connect", 362 },
+	{ "copy_file_range", 375 },
+	{ "creat", 8 },
+	{ "create_module", 127 },
+	{ "delete_module", 129 },
+	{ "dup", 41 },
+	{ "dup2", 63 },
+	{ "dup3", 326 },
+	{ "epoll_create", 249 },
+	{ "epoll_create1", 327 },
+	{ "epoll_ctl", 250 },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", 312 },
+	{ "epoll_wait", 251 },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", 318 },
+	{ "eventfd2", 323 },
+	{ "execve", 11 },
+	{ "execveat", 354 },
+	{ "exit", 1 },
+	{ "exit_group", 248 },
+	{ "faccessat", 300 },
+	{ "fadvise64", 253 },
+	{ "fadvise64_64", __PNR_fadvise64_64 },
+	{ "fallocate", 314 },
+	{ "fanotify_init", 332 },
+	{ "fanotify_mark", 333 },
+	{ "fchdir", 133 },
+	{ "fchmod", 94 },
+	{ "fchmodat", 299 },
+	{ "fchown", 207 },
+	{ "fchown32", __PNR_fchown32 },
+	{ "fchownat", 291 },
+	{ "fcntl", 55 },
+	{ "fcntl64", __PNR_fcntl64 },
+	{ "fdatasync", 148 },
+	{ "fgetxattr", 229 },
+	{ "finit_module", 344 },
+	{ "flistxattr", 232 },
+	{ "flock", 143 },
+	{ "fork", 2 },
+	{ "fremovexattr", 235 },
+	{ "fsetxattr", 226 },
+	{ "fstat", 108 },
+	{ "fstat64", __PNR_fstat64 },
+	{ "fstatat64", __PNR_fstatat64 },
+	{ "fstatfs", 100 },
+	{ "fstatfs64", 266 },
+	{ "fsync", 118 },
+	{ "ftime", __PNR_ftime },
+	{ "ftruncate", 93 },
+	{ "ftruncate64", __PNR_ftruncate64 },
+	{ "futex", 238 },
+	{ "futimesat", 292 },
+	{ "get_kernel_syms", 130 },
+	{ "get_mempolicy", 269 },
+	{ "get_robust_list", 305 },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "getcpu", 311 },
+	{ "getcwd", 183 },
+	{ "getdents", 141 },
+	{ "getdents64", 220 },
+	{ "getegid", 202 },
+	{ "getegid32", __PNR_getegid32 },
+	{ "geteuid", 201 },
+	{ "geteuid32", __PNR_geteuid32 },
+	{ "getgid", 200 },
+	{ "getgid32", __PNR_getgid32 },
+	{ "getgroups", 205 },
+	{ "getgroups32", __PNR_getgroups32 },
+	{ "getitimer", 105 },
+	{ "getpeername", 368 },
+	{ "getpgid", 132 },
+	{ "getpgrp", 65 },
+	{ "getpid", 20 },
+	{ "getpmsg", 188 },
+	{ "getppid", 64 },
+	{ "getpriority", 96 },
+	{ "getrandom", 349 },
+	{ "getresgid", 211 },
+	{ "getresgid32", __PNR_getresgid32 },
+	{ "getresuid", 209 },
+	{ "getresuid32", __PNR_getresuid32 },
+	{ "getrlimit", 191 },
+	{ "getrusage", 77 },
+	{ "getsid", 147 },
+	{ "getsockname", 367 },
+	{ "getsockopt", 365 },
+	{ "gettid", 236 },
+	{ "gettimeofday", 78 },
+	{ "getuid", 199 },
+	{ "getuid32", __PNR_getuid32 },
+	{ "getxattr", 227 },
+	{ "gtty", __PNR_gtty },
+	{ "idle", 112 },
+	{ "init_module", 128 },
+	{ "inotify_add_watch", 285 },
+	{ "inotify_init", 284 },
+	{ "inotify_init1", 324 },
+	{ "inotify_rm_watch", 286 },
+	{ "io_cancel", 247 },
+	{ "io_destroy", 244 },
+	{ "io_getevents", 245 },
+	{ "io_setup", 243 },
+	{ "io_submit", 246 },
+	{ "ioctl", 54 },
+	{ "ioperm", __PNR_ioperm},
+	{ "iopl", __PNR_iopl },
+	{ "ioprio_get", 283 },
+	{ "ioprio_set", 282 },
+	{ "ipc", 117 },
+	{ "kcmp", 343 },
+	{ "kexec_file_load", __PNR_kexec_file_load },
+	{ "kexec_load", 277 },
+	{ "keyctl", 280 },
+	{ "kill", 37 },
+	{ "lchown", 198 },
+	{ "lchown32", __PNR_lchown32 },
+	{ "lgetxattr", 228 },
+	{ "link", 9 },
+	{ "linkat", 296 },
+	{ "listen", 363 },
+	{ "listxattr", 230 },
+	{ "llistxattr", 231 },
+	{ "lock", __PNR_lock },
+	{ "lookup_dcookie", 110 },
+	{ "lremovexattr", 234 },
+	{ "lseek", 19 },
+	{ "lsetxattr", 225 },
+	{ "lstat", 107 },
+	{ "lstat64", __PNR_lstat64 },
+	{ "madvise", 219 },
+	{ "mbind", 268 },
+	{ "membarrier", 356 },
+	{ "memfd_create", 350 },
+	{ "migrate_pages", 287 },
+	{ "mincore", 218 },
+	{ "mkdir", 39 },
+	{ "mkdirat", 289 },
+	{ "mknod", 14 },
+	{ "mknodat", 290 },
+	{ "mlock", 150 },
+	{ "mlock2", 374 },
+	{ "mlockall", 152 },
+	{ "mmap", 90 },
+	{ "mmap2", __PNR_mmap2 },
+	{ "modify_ldt", __PNR_modify_ldt },
+	{ "mount", 21 },
+	{ "move_pages", 310 },
+	{ "mprotect", 125 },
+	{ "mpx", __PNR_mpx },
+	{ "mq_getsetattr", 276 },
+	{ "mq_notify", 275 },
+	{ "mq_open", 271 },
+	{ "mq_timedreceive", 274 },
+	{ "mq_timedsend", 273 },
+	{ "mq_unlink", 272 },
+	{ "mremap", 163 },
+	{ "msgctl", __PNR_msgctl },
+	{ "msgget", __PNR_msgget },
+	{ "msgrcv", __PNR_msgrcv },
+	{ "msgsnd", __PNR_msgsnd },
+	{ "msync", 144 },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", 151 },
+	{ "munlockall", 153 },
+	{ "munmap", 91 },
+	{ "name_to_handle_at", 335 },
+	{ "nanosleep", 162 },
+	{ "newfstatat", 293 },
+	{ "nfsservctl", 169 },
+	{ "nice", 34 },
+	{ "oldfstat", __PNR_oldfstat },
+	{ "oldlstat", __PNR_oldlstat },
+	{ "oldolduname", __PNR_oldolduname },
+	{ "oldstat", __PNR_oldstat },
+	{ "olduname", __PNR_olduname },
+	{ "oldwait4", __PNR_oldwait4 },
+	{ "open", 5 },
+	{ "open_by_handle_at", 336 },
+	{ "openat", 288 },
+	{ "pause", 29 },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
+	{ "perf_event_open", 331 },
+	{ "personality", 136 },
+	{ "pipe", 42 },
+	{ "pipe2", 325 },
+	{ "pivot_root", 217 },
+	{ "poll", 168 },
+	{ "ppoll", 302 },
+	{ "prctl", 172 },
+	{ "pread64", 180 },
+	{ "preadv", 328 },
+	{ "prlimit64", 334 },
+	{ "process_vm_readv", 340 },
+	{ "process_vm_writev", 341 },
+	{ "prof", __PNR_prof },
+	{ "profil", __PNR_profil },
+	{ "pselect6", 301 },
+	{ "ptrace", 26 },
+	{ "putpmsg", 189 },
+	{ "pwrite64", 181 },
+	{ "pwritev", 329 },
+	{ "query_module", 167 },
+	{ "quotactl", 131 },
+	{ "read", 3 },
+	{ "readahead", 222 },
+	{ "readdir", 89 },
+	{ "readlink", 85 },
+	{ "readlinkat", 298 },
+	{ "readv", 145 },
+	{ "reboot", 88 },
+	{ "recv", __PNR_recv },
+	{ "recvfrom", 371 },
+	{ "recvmmsg", 357 },
+	{ "recvmsg", 372 },
+	{ "remap_file_pages", 267 },
+	{ "removexattr", 233 },
+	{ "rename", 38 },
+	{ "renameat", 295 },
+	{ "renameat2", 347 },
+	{ "request_key", 279 },
+	{ "restart_syscall", 7 },
+	{ "rmdir", 40 },
+	{ "rt_sigaction", 174 },
+	{ "rt_sigpending", 176 },
+	{ "rt_sigprocmask", 175 },
+	{ "rt_sigqueueinfo", 178 },
+	{ "rt_sigreturn", 173 },
+	{ "rt_sigsuspend", 179 },
+	{ "rt_sigtimedwait", 177 },
+	{ "rt_tgsigqueueinfo", 330 },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", 353 },
+	{ "s390_pci_mmio_write", 352 },
+	{ "s390_runtime_instr", 342 },
+	{ "sched_get_priority_max", 159 },
+	{ "sched_get_priority_min", 160 },
+	{ "sched_getaffinity", 240 },
+	{ "sched_getattr", 346 },
+	{ "sched_getparam", 155 },
+	{ "sched_getscheduler", 157 },
+	{ "sched_rr_get_interval", 161 },
+	{ "sched_setaffinity", 239 },
+	{ "sched_setattr", 345 },
+	{ "sched_setparam", 154 },
+	{ "sched_setscheduler", 156 },
+	{ "sched_yield", 158 },
+	{ "seccomp", 348 },
+	{ "security", __PNR_security },
+	{ "select", 142 },
+	{ "semctl", __PNR_semctl },
+	{ "semget", __PNR_semget },
+	{ "semop", __PNR_semop },
+	{ "semtimedop", __PNR_semtimedop },
+	{ "send", __PNR_send },
+	{ "sendfile", 187 },
+	{ "sendfile64", __PNR_sendfile64 },
+	{ "sendmmsg", 358 },
+	{ "sendmsg", 370 },
+	{ "sendto", 369 },
+	{ "set_mempolicy", 270 },
+	{ "set_robust_list", 304 },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", 252 },
+	{ "set_tls", __PNR_set_tls },
+	{ "setdomainname", 121 },
+	{ "setfsgid", 216 },
+	{ "setfsgid32", __PNR_setfsgid32 },
+	{ "setfsuid", 215 },
+	{ "setfsuid32", __PNR_setfsuid32 },
+	{ "setgid", 214 },
+	{ "setgid32", __PNR_setgid32 },
+	{ "setgroups", 206 },
+	{ "setgroups32", __PNR_setgroups32 },
+	{ "sethostname", 74 },
+	{ "setitimer", 104 },
+	{ "setns", 339 },
+	{ "setpgid", 57 },
+	{ "setpriority", 97 },
+	{ "setregid", 204 },
+	{ "setregid32", __PNR_setregid32 },
+	{ "setresgid", 210 },
+	{ "setresgid32", __PNR_setresgid32 },
+	{ "setresuid", 208 },
+	{ "setresuid32", __PNR_setresuid32 },
+	{ "setreuid", 203 },
+	{ "setreuid32", __PNR_setreuid32 },
+	{ "setrlimit", 75 },
+	{ "setsid", 66 },
+	{ "setsockopt", 366 },
+	{ "settimeofday", 79 },
+	{ "setuid", 213 },
+	{ "setuid32", __PNR_setuid32 },
+	{ "setxattr", 224 },
+	{ "sgetmask", __PNR_sgetmask },
+	{ "shmat", __PNR_shmat },
+	{ "shmctl", __PNR_shmctl },
+	{ "shmdt", __PNR_shmdt },
+	{ "shmget", __PNR_shmget },
+	{ "shutdown", 373 },
+	{ "sigaction", 67 },
+	{ "sigaltstack", 186 },
+	{ "signal", 48 },
+	{ "signalfd", 316 },
+	{ "signalfd4", 322 },
+	{ "sigpending", 73 },
+	{ "sigprocmask", 126 },
+	{ "sigreturn", 119 },
+	{ "sigsuspend", 72 },
+	{ "socket", 359 },
+	{ "socketcall", 102 },
+	{ "socketpair", 360 },
+	{ "splice", 306 },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
+	{ "ssetmask", __PNR_ssetmask },
+	{ "stat", 106 },
+	{ "stat64", __PNR_stat64 },
+	{ "statfs", 99 },
+	{ "statfs64", 265 },
+	{ "stime", __PNR_stime },
+	{ "stty", __PNR_stty },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", 115 },
+	{ "swapon", 87 },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", 83 },
+	{ "symlinkat", 297 },
+	{ "sync", 36 },
+	{ "sync_file_range", 307 },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
+	{ "syncfs", 338 },
+	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", 135 },
+	{ "sysinfo", 116 },
+	{ "syslog", 103 },
+	{ "sysmips", __PNR_sysmips },
+	{ "tee", 308 },
+	{ "tgkill", 241 },
+	{ "time",  __PNR_time },
+	{ "timer_create", 254 },
+	{ "timer_delete", 258 },
+	{ "timer_getoverrun", 257 },
+	{ "timer_gettime", 256 },
+	{ "timer_settime", 255 },
+	{ "timerfd", 317 },
+	{ "timerfd_create", 319 },
+	{ "timerfd_gettime", 321 },
+	{ "timerfd_settime", 320 },
+	{ "times", 43 },
+	{ "tkill", 237 },
+	{ "truncate", 92 },
+	{ "truncate64", __PNR_truncate64 },
+	{ "tuxcall", __PNR_tuxcall },
+	{ "ugetrlimit", __PNR_ugetrlimit },
+	{ "ulimit", __PNR_ulimit },
+	{ "umask", 60 },
+	{ "umount", 22 },
+	{ "umount2", 52 },
+	{ "uname", 122 },
+	{ "unlink", 10 },
+	{ "unlinkat", 294 },
+	{ "unshare", 303 },
+	{ "uselib", 86 },
+	{ "userfaultfd", 355 },
+	{ "usr26", __PNR_usr26 },
+	{ "usr32", __PNR_usr32 },
+	{ "ustat", 62 },
+	{ "utime", 30 },
+	{ "utimensat", 315 },
+	{ "utimes", 313 },
+	{ "vfork", 190 },
+	{ "vhangup", 111 },
+	{ "vm86", __PNR_vm86 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", 309 },
+	{ "vserver", __PNR_vserver },
+	{ "wait4", 114 },
+	{ "waitid", 281 },
+	{ "waitpid", __PNR_waitpid },
+	{ "write", 4 },
+	{ "writev", 146 },
+	{ NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int s390x_syscall_resolve_name(const char *name)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = s390x_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+
+	if (strcmp(name, "accept") == 0)
+		return __PNR_accept;
+	if (strcmp(name, "accept4") == 0)
+		return __PNR_accept4;
+	else if (strcmp(name, "bind") == 0)
+		return __PNR_bind;
+	else if (strcmp(name, "connect") == 0)
+		return __PNR_connect;
+	else if (strcmp(name, "getpeername") == 0)
+		return __PNR_getpeername;
+	else if (strcmp(name, "getsockname") == 0)
+		return __PNR_getsockname;
+	else if (strcmp(name, "getsockopt") == 0)
+		return __PNR_getsockopt;
+	else if (strcmp(name, "listen") == 0)
+		return __PNR_listen;
+	else if (strcmp(name, "recv") == 0)
+		return __PNR_recv;
+	else if (strcmp(name, "recvfrom") == 0)
+		return __PNR_recvfrom;
+	else if (strcmp(name, "recvmsg") == 0)
+		return __PNR_recvmsg;
+	else if (strcmp(name, "recvmmsg") == 0)
+		return __PNR_recvmmsg;
+	else if (strcmp(name, "send") == 0)
+		return __PNR_send;
+	else if (strcmp(name, "sendmsg") == 0)
+		return __PNR_sendmsg;
+	else if (strcmp(name, "sendmmsg") == 0)
+		return __PNR_sendmmsg;
+	else if (strcmp(name, "sendto") == 0)
+		return __PNR_sendto;
+	else if (strcmp(name, "setsockopt") == 0)
+		return __PNR_setsockopt;
+	else if (strcmp(name, "shutdown") == 0)
+		return __PNR_shutdown;
+	else if (strcmp(name, "socket") == 0)
+		return __PNR_socket;
+	else if (strcmp(name, "socketpair") == 0)
+		return __PNR_socketpair;
+
+	for (iter = 0; table[iter].name != NULL; iter++) {
+		if (strcmp(name, table[iter].name) == 0)
+			return table[iter].num;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *s390x_syscall_resolve_num(int num)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = s390x_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+
+	if (num == __PNR_accept)
+		return "accept";
+	else if (num == __PNR_accept4)
+		return "accept4";
+	else if (num == __PNR_bind)
+		return "bind";
+	else if (num == __PNR_connect)
+		return "connect";
+	else if (num == __PNR_getpeername)
+		return "getpeername";
+	else if (num == __PNR_getsockname)
+		return "getsockname";
+	else if (num == __PNR_getsockopt)
+		return "getsockopt";
+	else if (num == __PNR_listen)
+		return "listen";
+	else if (num == __PNR_recv)
+		return "recv";
+	else if (num == __PNR_recvfrom)
+		return "recvfrom";
+	else if (num == __PNR_recvmsg)
+		return "recvmsg";
+	else if (num == __PNR_recvmmsg)
+		return "recvmmsg";
+	else if (num == __PNR_send)
+		return "send";
+	else if (num == __PNR_sendmsg)
+		return "sendmsg";
+	else if (num == __PNR_sendmmsg)
+		return "sendmmsg";
+	else if (num == __PNR_sendto)
+		return "sendto";
+	else if (num == __PNR_setsockopt)
+		return "setsockopt";
+	else if (num == __PNR_shutdown)
+		return "shutdown";
+	else if (num == __PNR_socket)
+		return "socket";
+	else if (num == __PNR_socketpair)
+		return "socketpair";
+
+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+		if (num == table[iter].num)
+			return table[iter].name;
+	}
+
+	return NULL;
+}
+
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure.  This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *s390x_syscall_iterate_name(unsigned int spot)
+{
+	/* XXX - no safety checks here */
+	return s390x_syscall_table[spot].name;
+}
diff -Nru libseccomp-2.2.3/src/arch-syscall-check.c libseccomp-2.3.1/src/arch-syscall-check.c
--- libseccomp-2.2.3/src/arch-syscall-check.c	2015-06-28 16:17:00.490527439 +0000
+++ libseccomp-2.3.1/src/arch-syscall-check.c	2016-02-11 18:32:37.544670578 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp Architecture Sycall Checker
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
@@ -33,6 +33,10 @@
 #include "arch-mips.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
+#include "arch-ppc.h"
+#include "arch-ppc64.h"
+#include "arch-s390.h"
+#include "arch-s390x.h"
 
 /**
  * compare the syscall values
@@ -67,6 +71,10 @@
 	int i_mips = 0;
 	int i_mips64 = 0;
 	int i_mips64n32 = 0;
+	int i_ppc = 0;
+	int i_ppc64 = 0;
+	int i_s390 = 0;
+	int i_s390x = 0;
 	const char *sys_name;
 	char str_miss[256];
 
@@ -93,6 +101,14 @@
 			      mips64_syscall_iterate_name(i_mips64));
 		syscall_check(str_miss, sys_name, "mips64n32",
 			      mips64n32_syscall_iterate_name(i_mips64n32));
+		syscall_check(str_miss, sys_name, "ppc",
+			      ppc_syscall_iterate_name(i_ppc));
+		syscall_check(str_miss, sys_name, "ppc64",
+			      ppc64_syscall_iterate_name(i_ppc64));
+		syscall_check(str_miss, sys_name, "s390",
+			      s390_syscall_iterate_name(i_s390));
+		syscall_check(str_miss, sys_name, "s390x",
+			      s390x_syscall_iterate_name(i_s390x));
 
 		/* output the results */
 		printf("%s: ", sys_name);
@@ -111,17 +127,27 @@
 			i_x32 = -1;
 		if (!arm_syscall_iterate_name(++i_arm))
 			i_arm = -1;
+		if (!aarch64_syscall_iterate_name(++i_aarch64))
+			i_aarch64 = -1;
 		if (!mips_syscall_iterate_name(++i_mips))
 			i_mips = -1;
 		if (!mips64_syscall_iterate_name(++i_mips64))
 			i_mips64 = -1;
 		if (!mips64n32_syscall_iterate_name(++i_mips64n32))
 			i_mips64n32 = -1;
-		if (!aarch64_syscall_iterate_name(++i_aarch64))
-			i_aarch64 = -1;
+		if (!ppc_syscall_iterate_name(++i_ppc))
+			i_ppc = -1;
+		if (!ppc64_syscall_iterate_name(++i_ppc64))
+			i_ppc64 = -1;
+		if (!s390_syscall_iterate_name(++i_s390))
+			i_s390 = -1;
+		if (!s390x_syscall_iterate_name(++i_s390x))
+			i_s390x = -1;
 	} while (i_x86_64 >= 0 && i_x32 >= 0 &&
 		 i_arm >= 0 && i_aarch64 >= 0 &&
-		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0);
+		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
+		 i_ppc >= 0 && i_ppc64 >= 0 &&
+		 i_s390 >= 0 && i_s390x >= 0);
 
 	/* check for any leftovers */
 	sys_name = x86_syscall_iterate_name(i_x86 + 1);
@@ -164,6 +190,25 @@
 		       mips64n32_syscall_iterate_name(i_mips64n32));
 		return 1;
 	}
+	if (i_ppc >= 0) {
+		printf("%s: ERROR, ppc has additional syscalls\n",
+		       ppc_syscall_iterate_name(i_ppc));
+	}
+	if (i_ppc64 >= 0) {
+		printf("%s: ERROR, ppc64 has additional syscalls\n",
+		       ppc64_syscall_iterate_name(i_ppc64));
+		return 1;
+	}
+	if (i_s390 >= 0) {
+		printf("%s: ERROR, s390 has additional syscalls\n",
+		       s390_syscall_iterate_name(i_s390));
+		return 1;
+	}
+	if (i_s390x >= 0) {
+		printf("%s: ERROR, s390x has additional syscalls\n",
+		       s390x_syscall_iterate_name(i_s390x));
+		return 1;
+	}
 
 	/* if we made it here, all is good */
 	return 0;
diff -Nru libseccomp-2.2.3/src/arch-syscall-dump.c libseccomp-2.3.1/src/arch-syscall-dump.c
--- libseccomp-2.2.3/src/arch-syscall-dump.c	2015-06-28 16:17:00.495527438 +0000
+++ libseccomp-2.3.1/src/arch-syscall-dump.c	2016-02-11 18:32:37.545670578 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp Architecture Sycall Checker
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  *
  */
 
@@ -38,6 +38,10 @@
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
 #include "arch-aarch64.h"
+#include "arch-ppc.h"
+#include "arch-ppc64.h"
+#include "arch-s390.h"
+#include "arch-s390x.h"
 
 /**
  * Print the usage information to stderr and exit
@@ -97,6 +101,9 @@
 		case SCMP_ARCH_ARM:
 			sys_name = arm_syscall_iterate_name(iter);
 			break;
+		case SCMP_ARCH_AARCH64:
+			sys_name = aarch64_syscall_iterate_name(iter);
+			break;
 		case SCMP_ARCH_MIPS:
 		case SCMP_ARCH_MIPSEL:
 			sys_name = mips_syscall_iterate_name(iter);
@@ -109,8 +116,18 @@
 		case SCMP_ARCH_MIPSEL64N32:
 			sys_name = mips64n32_syscall_iterate_name(iter);
 			break;
-		case SCMP_ARCH_AARCH64:
-			sys_name = aarch64_syscall_iterate_name(iter);
+		case SCMP_ARCH_PPC:
+			sys_name = ppc_syscall_iterate_name(iter);
+			break;
+		case SCMP_ARCH_PPC64:
+		case SCMP_ARCH_PPC64LE:
+			sys_name = ppc64_syscall_iterate_name(iter);
+			break;
+		case SCMP_ARCH_S390:
+			sys_name = s390_syscall_iterate_name(iter);
+			break;
+		case SCMP_ARCH_S390X:
+			sys_name = s390x_syscall_iterate_name(iter);
 			break;
 		default:
 			/* invalid arch */
diff -Nru libseccomp-2.2.3/src/arch-syscall-validate libseccomp-2.3.1/src/arch-syscall-validate
--- libseccomp-2.2.3/src/arch-syscall-validate	2015-07-08 19:16:23.415206798 +0000
+++ libseccomp-2.3.1/src/arch-syscall-validate	2016-02-19 16:04:24.309896055 +0000
@@ -4,7 +4,7 @@
 # libseccomp syscall validation script
 #
 # Copyright (c) 2014 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -63,10 +63,31 @@
 optional arguments:
   -h             show this help message and exit
   -a             architecture
+  -l             output the library's syscall definitions
+  -s             output the system's syscall definitions
 EOF
 }
 
 #
+# Dump the library syscall table for a given architecture
+#
+# Arguments:
+#     1    architecture
+#     2    offset (optional)
+#
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_arch() {
+	local offset_str=""
+
+	[[ -z $1 ]] && return
+
+	[[ -n $2 ]] && offset_str="-o $2"
+	$LIB_SYS_DUMP -a $1 $offset_str | sed -e '/[^\t]\+\t-[0-9]\+/d'
+}
+
+#
 # Dump the x86 system syscall table
 #
 # Arguments:
@@ -86,7 +107,7 @@
 #  Dump the library's syscall table to stdout.
 #
 function dump_lib_x86() {
-	$LIB_SYS_DUMP -a x86 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch x86
 }
 
 #
@@ -109,7 +130,7 @@
 #  Dump the library's syscall table to stdout.
 #
 function dump_lib_x86_64() {
-	$LIB_SYS_DUMP -a x86_64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch x86_64
 }
 
 #
@@ -133,7 +154,7 @@
 #
 function dump_lib_x32() {
 	# 1073741824 == 0x40000000
-	$LIB_SYS_DUMP -a x32 -o 1073741824 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch x32 1073741824
 }
 
 #
@@ -159,7 +180,6 @@
 				echo "$line"; \
 			fi; \
 		done | \
-		cat - | \
 		sed -e '/#define __NR_sync_file_range2[ \t]\+__NR_arm_sync_file_range/d' | \
 		sort
 }
@@ -171,8 +191,7 @@
 #
 function dump_lib_arm() {
 	# NOTE: arm_sync_file_range() and sync_file_range2() share values
-	$LIB_SYS_DUMP -a arm | sed -e '/[^\t]\+\t-[0-9]\+/d' | \
-		sed -e '/sync_file_range2[ \t]\+341/d'
+	dump_lib_arch arm | sed -e '/sync_file_range2[ \t]\+341/d'
 }
 
 #
@@ -211,7 +230,7 @@
 #  Dump the library's syscall table to stdout.
 #
 function dump_lib_aarch64() {
-	$LIB_SYS_DUMP -a aarch64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch aarch64
 }
 
 #
@@ -245,7 +264,7 @@
 #  Dump the library's syscall table to stdout.
 #
 function dump_lib_mips() {
-	$LIB_SYS_DUMP -a mips -o 4000 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch mips 4000
 }
 
 #
@@ -279,7 +298,7 @@
 #  Dump the library's syscall table to stdout.
 #
 function dump_lib_mips64() {
-	$LIB_SYS_DUMP -a mips64 -o 5000 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch mips64 5000
 }
 
 #
@@ -313,7 +332,115 @@
 #  Dump the library's syscall table to stdout.
 #
 function dump_lib_mips64n32() {
-	$LIB_SYS_DUMP -a mips64n32 -o 6000 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+	dump_lib_arch mips64n32 6000
+}
+
+#
+# Dump the ppc system syscall table
+#
+# Arguments:
+#     1    path to the kernel source
+#
+#  Dump the architecture's syscall table to stdout.
+#
+function dump_sys_ppc() {
+	gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
+		grep "^#define __NR_" | \
+		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/' | \
+		sort
+}
+
+#
+# Dump the ppc library syscall table
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_ppc() {
+	dump_lib_arch ppc
+}
+
+#
+# Dump the ppc64 system syscall table
+#
+# Arguments:
+#     1    path to the kernel source
+#
+#  Dump the architecture's syscall table to stdout.
+#
+function dump_sys_ppc64() {
+	gcc -E -dM -D__powerpc64__ $1/arch/powerpc/include/uapi/asm/unistd.h | \
+		grep "^#define __NR_" | \
+		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/' | \
+		sort
+}
+
+#
+# Dump the ppc64 library syscall table
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_ppc64() {
+	dump_lib_arch ppc64
+}
+
+#
+# Dump the s390 system syscall table
+#
+# Arguments:
+#     1    path to the kernel source
+#
+#  Dump the architecture's syscall table to stdout.
+#
+function dump_sys_s390() {
+	gcc -E -dM $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \
+		sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_timer_create[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t254 + \2/' | \
+		while read line; do \
+			if echo "$line" | grep -q "+"; then \
+				echo "$line" | awk '{ print $1"\t"$2+$4 }'; \
+			else \
+				echo "$line"; \
+			fi; \
+		done | \
+		sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort
+}
+
+#
+# Dump the s390 library syscall table
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_s390() {
+	dump_lib_arch s390
+}
+
+#
+# Dump the s390x system syscall table
+#
+# Arguments:
+#     1    path to the kernel source
+#
+#  Dump the architecture's syscall table to stdout.
+#
+function dump_sys_s390x() {
+	gcc -E -dM -D __s390x__ $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \
+		sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_timer_create[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t254 + \2/' | \
+		while read line; do \
+			if echo "$line" | grep -q "+"; then \
+				echo "$line" | awk '{ print $1"\t"$2+$4 }'; \
+			else \
+				echo "$line"; \
+			fi; \
+		done | \
+		sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort
+}
+
+#
+# Dump the s390x library syscall table
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_s390x() {
+	dump_lib_arch s390x
 }
 
 #
@@ -351,10 +478,25 @@
 	mips64n32)
 		dump_sys_mips64n32 "$2"
 		;;
+	ppc)
+		dump_sys_ppc "$2"
+		;;
+	ppc64)
+		dump_sys_ppc64 "$2"
+		;;
+	s390)
+		dump_sys_s390 "$2"
+		;;
+	s390x)
+		dump_sys_s390x "$2"
+		;;
 	*)
 		echo ""
+		return 1
 		;;
 	esac
+
+	return 0
 }
 
 #
@@ -368,33 +510,48 @@
 function dump_lib() {
 	case $1 in
 	x86)
-		dump_lib_x86 "$2"
+		dump_lib_x86
 		;;
 	x86_64)
-		dump_lib_x86_64 "$2"
+		dump_lib_x86_64
 		;;
 	x32)
-		dump_lib_x32 "$2"
+		dump_lib_x32
 		;;
 	arm)
-		dump_lib_arm "$2"
+		dump_lib_arm
 		;;
 	aarch64)
-		dump_lib_aarch64 "$2"
+		dump_lib_aarch64
 		;;
 	mips)
-		dump_lib_mips "$2"
+		dump_lib_mips
 		;;
 	mips64)
-		dump_lib_mips64 "$2"
+		dump_lib_mips64
 		;;
 	mips64n32)
-		dump_lib_mips64n32 "$2"
+		dump_lib_mips64n32
+		;;
+	ppc)
+		dump_lib_ppc "$2"
+		;;
+	ppc64)
+		dump_lib_ppc64 "$2"
+		;;
+	s390)
+		dump_lib_s390 "$2"
+		;;
+	s390x)
+		dump_lib_s390x "$2"
 		;;
 	*)
 		echo ""
+		return 1
 		;;
 	esac
+
+	return 0
 }
 
 ####
@@ -410,12 +567,22 @@
 	exit 1
 fi
 
-arches=""
+opt_arches=""
+opt_sys=""
+opt_lib=""
 
-while getopts "a:h" opt; do
+while getopts "a:slh" opt; do
 	case $opt in
 	a)
-		arches+="$OPTARG "
+		opt_arches+="$OPTARG "
+		;;
+	s)
+		opt_sys=1
+		opt_lib=0
+		;;
+	l)
+		opt_sys=0
+		opt_lib=1
 		;;
 	h|*)
 		usage
@@ -426,8 +593,13 @@
 shift $(($OPTIND - 1))
 
 # defaults
-if [[ $arches == "" ]]; then
-	arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
+if [[ $opt_arches == "" ]]; then
+	opt_arches=" \
+		x86 x86_64 x32 \
+		arm aarch64 \
+		mips mips64 mips64n32 \
+		ppc ppc64 \
+		s390 s390x"
 fi
 
 # sanity checks
@@ -442,20 +614,35 @@
 fi
 
 # generate some temp files
-tmp_orig=$(mktemp -t syscall_validate_XXXXXX)
-tmp_new=$(mktemp -t syscall_validate_XXXXXX)
+tmp_lib=$(mktemp -t syscall_validate_XXXXXX)
+tmp_sys=$(mktemp -t syscall_validate_XXXXXX)
 
-# loop through the architectures
-for i in $arches; do
+# loop through the architectures and compare
+for i in $opt_arches; do
 	# dump the syscall tables
-	dump_lib $i > $tmp_orig
-	dump_sys $i "$kernel_dir" > $tmp_new
+	dump_lib $i > $tmp_lib
+	if [[ $? -ne 0 ]]; then
+		echo "error: unknown arch $i"
+		exit 1
+	fi
+	dump_sys $i "$kernel_dir" > $tmp_sys
+	if [[ $? -ne 0 ]]; then
+		echo "error: unknown arch $i"
+		exit 1
+	fi
 
-	# do the comparison
-	diff -u --label="$i [library]" $tmp_orig --label "$i [system]" $tmp_new
+	if [[ $opt_lib -eq 1 ]]; then
+		cat $tmp_lib
+	elif [[ $opt_sys -eq 1 ]]; then
+		cat $tmp_sys
+	else
+		#  compare the lib and sys output
+		diff -u --label="$i [library]" $tmp_lib \
+			--label "$i [system]" $tmp_sys
+	fi
 done
 
 # cleanup and exit
-rm -f $tmp_orig $tmp_new
+rm -f $tmp_lib $tmp_sys
 
 exit 0
diff -Nru libseccomp-2.2.3/src/arch-x32.c libseccomp-2.3.1/src/arch-x32.c
--- libseccomp-2.2.3/src/arch-x32.c	2015-06-28 16:17:00.509527437 +0000
+++ libseccomp-2.3.1/src/arch-x32.c	2016-02-11 18:32:37.546670578 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x32 Specific Code
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -32,4 +32,8 @@
 	.token_bpf = AUDIT_ARCH_X86_64,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = x32_syscall_resolve_name,
+	.syscall_resolve_num = x32_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-x32.h libseccomp-2.3.1/src/arch-x32.h
--- libseccomp-2.2.3/src/arch-x32.h	2015-06-28 16:17:00.628527428 +0000
+++ libseccomp-2.3.1/src/arch-x32.h	2016-02-11 18:32:39.776670411 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x32 Specific Code
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/src/arch-x32-syscalls.c libseccomp-2.3.1/src/arch-x32-syscalls.c
--- libseccomp-2.2.3/src/arch-x32-syscalls.c	2015-06-28 16:17:00.504527438 +0000
+++ libseccomp-2.3.1/src/arch-x32-syscalls.c	2016-02-19 16:05:37.000890615 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x32 Syscall Table
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -26,7 +26,7 @@
 #include "arch.h"
 #include "arch-x32.h"
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def x32_syscall_table[] = { \
 	{ "_llseek", __PNR__llseek },
 	{ "_newselect", __PNR__newselect },
@@ -65,6 +65,7 @@
 	{ "clone", (X32_SYSCALL_BIT + 56) },
 	{ "close", (X32_SYSCALL_BIT + 3) },
 	{ "connect", (X32_SYSCALL_BIT + 42) },
+	{ "copy_file_range", (X32_SYSCALL_BIT + 326) },
 	{ "creat", (X32_SYSCALL_BIT + 85) },
 	{ "create_module", __PNR_create_module },
 	{ "delete_module", (X32_SYSCALL_BIT + 176) },
@@ -196,6 +197,7 @@
 	{ "lstat64", __PNR_lstat64 },
 	{ "madvise", (X32_SYSCALL_BIT + 28) },
 	{ "mbind", (X32_SYSCALL_BIT + 237) },
+	{ "membarrier",  (X32_SYSCALL_BIT + 324) },
 	{ "memfd_create", (X32_SYSCALL_BIT + 319) },
 	{ "migrate_pages", (X32_SYSCALL_BIT + 256) },
 	{ "mincore", (X32_SYSCALL_BIT + 27) },
@@ -204,6 +206,7 @@
 	{ "mknod", (X32_SYSCALL_BIT + 133) },
 	{ "mknodat", (X32_SYSCALL_BIT + 259) },
 	{ "mlock", (X32_SYSCALL_BIT + 149) },
+	{ "mlock2", (X32_SYSCALL_BIT + 325) },
 	{ "mlockall", (X32_SYSCALL_BIT + 151) },
 	{ "mmap", (X32_SYSCALL_BIT + 9) },
 	{ "mmap2", __PNR_mmap2 },
@@ -224,6 +227,7 @@
 	{ "msgrcv", (X32_SYSCALL_BIT + 70) },
 	{ "msgsnd", (X32_SYSCALL_BIT + 69) },
 	{ "msync", (X32_SYSCALL_BIT + 26) },
+	{ "multiplexer", __PNR_multiplexer },
 	{ "munlock", (X32_SYSCALL_BIT + 150) },
 	{ "munlockall", (X32_SYSCALL_BIT + 152) },
 	{ "munmap", (X32_SYSCALL_BIT + 11) },
@@ -294,6 +298,10 @@
 	{ "rt_sigsuspend", (X32_SYSCALL_BIT + 130) },
 	{ "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
 	{ "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
 	{ "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
 	{ "sched_getaffinity", (X32_SYSCALL_BIT + 204) },
@@ -372,6 +380,8 @@
 	{ "socketcall", __PNR_socketcall },
 	{ "socketpair", (X32_SYSCALL_BIT + 53) },
 	{ "splice", (X32_SYSCALL_BIT + 275) },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", __PNR_ssetmask },
 	{ "stat", (X32_SYSCALL_BIT + 4) },
 	{ "stat64", __PNR_stat64 },
@@ -379,8 +389,11 @@
 	{ "statfs64", __PNR_statfs64 },
 	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
 	{ "swapoff", (X32_SYSCALL_BIT + 168) },
 	{ "swapon", (X32_SYSCALL_BIT + 167) },
+	{ "switch_endian", __PNR_switch_endian },
 	{ "symlink", (X32_SYSCALL_BIT + 88) },
 	{ "symlinkat", (X32_SYSCALL_BIT + 266) },
 	{ "sync", (X32_SYSCALL_BIT + 162) },
@@ -388,6 +401,7 @@
 	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", (X32_SYSCALL_BIT + 306) },
 	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
 	{ "sysfs", (X32_SYSCALL_BIT + 139) },
 	{ "sysinfo", (X32_SYSCALL_BIT + 99) },
 	{ "syslog", (X32_SYSCALL_BIT + 103) },
@@ -419,6 +433,7 @@
 	{ "unlinkat", (X32_SYSCALL_BIT + 263) },
 	{ "unshare", (X32_SYSCALL_BIT + 272) },
 	{ "uselib", __PNR_uselib },
+	{ "userfaultfd", (X32_SYSCALL_BIT + 323) },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
 	{ "ustat", (X32_SYSCALL_BIT + 136) },
diff -Nru libseccomp-2.2.3/src/arch-x86_64.c libseccomp-2.3.1/src/arch-x86_64.c
--- libseccomp-2.2.3/src/arch-x86_64.c	2015-06-28 16:17:00.533527435 +0000
+++ libseccomp-2.3.1/src/arch-x86_64.c	2016-02-11 18:32:37.550670577 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x86_64 Specific Code
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -31,4 +31,8 @@
 	.token_bpf = AUDIT_ARCH_X86_64,
 	.size = ARCH_SIZE_64,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = x86_64_syscall_resolve_name,
+	.syscall_resolve_num = x86_64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
 };
diff -Nru libseccomp-2.2.3/src/arch-x86_64.h libseccomp-2.3.1/src/arch-x86_64.h
--- libseccomp-2.2.3/src/arch-x86_64.h	2015-06-28 16:17:00.637527428 +0000
+++ libseccomp-2.3.1/src/arch-x86_64.h	2016-02-11 18:32:39.776670411 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x86_64 Specific Code
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/src/arch-x86_64-syscalls.c libseccomp-2.3.1/src/arch-x86_64-syscalls.c
--- libseccomp-2.2.3/src/arch-x86_64-syscalls.c	2015-06-28 16:17:00.529527436 +0000
+++ libseccomp-2.3.1/src/arch-x86_64-syscalls.c	2016-02-19 16:05:37.000890615 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x86_64 Syscall Table
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -26,7 +26,7 @@
 #include "arch.h"
 #include "arch-x86_64.h"
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def x86_64_syscall_table[] = { \
 	{ "_llseek", __PNR__llseek },
 	{ "_newselect", __PNR__newselect },
@@ -65,6 +65,7 @@
 	{ "clone", 56 },
 	{ "close", 3 },
 	{ "connect", 42 },
+	{ "copy_file_range", 326 },
 	{ "creat", 85 },
 	{ "create_module", 174 },
 	{ "delete_module", 176 },
@@ -196,6 +197,7 @@
 	{ "lstat64", __PNR_lstat64 },
 	{ "madvise", 28 },
 	{ "mbind", 237 },
+	{ "membarrier", 324 },
 	{ "memfd_create", 319 },
 	{ "migrate_pages", 256 },
 	{ "mincore", 27 },
@@ -204,6 +206,7 @@
 	{ "mknod", 133 },
 	{ "mknodat", 259 },
 	{ "mlock", 149 },
+	{ "mlock2", 325 },
 	{ "mlockall", 151 },
 	{ "mmap", 9 },
 	{ "mmap2", __PNR_mmap2 },
@@ -224,6 +227,7 @@
 	{ "msgrcv", 70 },
 	{ "msgsnd", 69 },
 	{ "msync", 26 },
+	{ "multiplexer", __PNR_multiplexer },
 	{ "munlock", 150 },
 	{ "munlockall", 152 },
 	{ "munmap", 11 },
@@ -294,6 +298,10 @@
 	{ "rt_sigsuspend", 130 },
 	{ "rt_sigtimedwait", 128 },
 	{ "rt_tgsigqueueinfo", 297 },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", 146 },
 	{ "sched_get_priority_min", 147 },
 	{ "sched_getaffinity", 204 },
@@ -372,6 +380,8 @@
 	{ "socketcall", __PNR_socketcall },
 	{ "socketpair", 53 },
 	{ "splice", 275 },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", __PNR_ssetmask },
 	{ "stat", 4 },
 	{ "stat64", __PNR_stat64 },
@@ -379,8 +389,11 @@
 	{ "statfs64", __PNR_statfs64 },
 	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
 	{ "swapoff", 168 },
 	{ "swapon", 167 },
+	{ "switch_endian", __PNR_switch_endian },
 	{ "symlink", 88 },
 	{ "symlinkat", 266 },
 	{ "sync", 162 },
@@ -388,6 +401,7 @@
 	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", 306 },
 	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
 	{ "sysfs", 139 },
 	{ "sysinfo", 99 },
 	{ "syslog", 103 },
@@ -419,6 +433,7 @@
 	{ "unlinkat", 263 },
 	{ "unshare", 272 },
 	{ "uselib", 134 },
+	{ "userfaultfd", 323 },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
 	{ "ustat", 136 },
diff -Nru libseccomp-2.2.3/src/arch-x86.c libseccomp-2.3.1/src/arch-x86.c
--- libseccomp-2.2.3/src/arch-x86.c	2015-06-28 16:17:00.522527436 +0000
+++ libseccomp-2.3.1/src/arch-x86.c	2016-04-20 17:49:44.634846367 +0000
@@ -1,8 +1,8 @@
 /**
  * Enhanced Seccomp x86 Specific Code
  *
- * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Copyright (c) 2012,2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -21,6 +21,7 @@
 
 #include <stdlib.h>
 #include <errno.h>
+#include <string.h>
 #include <linux/audit.h>
 
 #include "arch.h"
@@ -35,83 +36,309 @@
 	.token_bpf = AUDIT_ARCH_I386,
 	.size = ARCH_SIZE_32,
 	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = x86_syscall_resolve_name,
+	.syscall_resolve_num = x86_syscall_resolve_num,
+	.syscall_rewrite = x86_syscall_rewrite,
+	.rule_add = x86_rule_add,
 };
 
 /**
+ * Convert a multiplexed pseudo socket syscall into a direct syscall
+ * @param socketcall the multiplexed pseudo syscall number
+ *
+ * Return the related direct syscall number, __NR_SCMP_UNDEF is there is
+ * no related syscall, or __NR_SCMP_ERROR otherwise.
+ *
+ */
+int _x86_sock_demux(int socketcall)
+{
+	switch (socketcall) {
+	case -101:
+		/* socket */
+		return 359;
+	case -102:
+		/* bind */
+		return 361;
+	case -103:
+		/* connect */
+		return 362;
+	case -104:
+		/* listen */
+		return 363;
+	case -105:
+		/* accept - not defined */
+		return __NR_SCMP_UNDEF;
+	case -106:
+		/* getsockname */
+		return 367;
+	case -107:
+		/* getpeername */
+		return 368;
+	case -108:
+		/* socketpair */
+		return 360;
+	case -109:
+		/* send - not defined */
+		return __NR_SCMP_UNDEF;
+	case -110:
+		/* recv - not defined */
+		return __NR_SCMP_UNDEF;
+	case -111:
+		/* sendto */
+		return 369;
+	case -112:
+		/* recvfrom */
+		return 371;
+	case -113:
+		/* shutdown */
+		return 373;
+	case -114:
+		/* setsockopt */
+		return 366;
+	case -115:
+		/* getsockopt */
+		return 365;
+	case -116:
+		/* sendmsg */
+		return 370;
+	case -117:
+		/* recvmsg */
+		return 372;
+	case -118:
+		/* accept4 */
+		return 364;
+	case -119:
+		/* recvmmsg */
+		return 337;
+	case -120:
+		/* sendmmsg */
+		return 345;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Convert a direct socket syscall into multiplexed pseudo socket syscall
+ * @param syscall the direct syscall
+ *
+ * Return the related multiplexed pseduo syscall number, __NR_SCMP_UNDEF is
+ * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise.
+ *
+ */
+int _x86_sock_mux(int syscall)
+{
+	switch (syscall) {
+	case 337:
+		/* recvmmsg */
+		return -119;
+	case 345:
+		/* sendmmsg */
+		return -120;
+	case 359:
+		/* socket */
+		return -101;
+	case 360:
+		/* socketpair */
+		return -108;
+	case 361:
+		/* bind */
+		return -102;
+	case 362:
+		/* connect */
+		return -103;
+	case 363:
+		/* listen */
+		return -104;
+	case 364:
+		/* accept4 */
+		return -118;
+	case 365:
+		/* getsockopt */
+		return -115;
+	case 366:
+		/* setsockopt */
+		return -114;
+	case 367:
+		/* getsockname */
+		return -106;
+	case 368:
+		/* getpeername */
+		return -107;
+	case 369:
+		/* sendto */
+		return -111;
+	case 370:
+		/* sendmsg */
+		return -116;
+	case 371:
+		/* recvfrom */
+		return -112;
+	case 372:
+		/* recvmsg */
+		return -117;
+	case 373:
+		/* shutdown */
+		return -113;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
  * Rewrite a syscall value to match the architecture
- * @param arch the architecture definition
- * @param strict strict flag
  * @param syscall the syscall number
  *
  * Syscalls can vary across different architectures so this function rewrites
- * the syscall into the correct value for the specified architecture.  If
- * @strict is true then the function will fail if the syscall can not be
- * preservered, however, if @strict is false the function will do a "best
- * effort" rewrite and not fail. Returns zero on success, negative values on
- * failure.
+ * the syscall into the correct value for the specified architecture.  Returns
+ * zero on success, negative values on failure.
  *
  */
-int x86_syscall_rewrite(const struct arch_def *arch, bool strict, int *syscall)
+int x86_syscall_rewrite(int *syscall)
 {
-	if ((*syscall) <= -100 && (*syscall) >= -117)
+	int sys = *syscall;
+
+	if (sys <= -100 && sys >= -120)
 		*syscall = __x86_NR_socketcall;
-	else if ((*syscall) <= -200 && (*syscall) >= -211)
+	else if (sys <= -200 && sys >= -224)
 		*syscall = __x86_NR_ipc;
-	else if (((*syscall) < 0) && (strict))
+	else if (sys < 0)
 		return -EDOM;
 
 	return 0;
 }
 
 /**
- * Rewrite a filter rule to match the architecture specifics
- * @param arch the architecture definition
- * @param strict strict flag
- * @param syscall the syscall number
- * @param chain the argument filter chain
+ * add a new rule to the x86 seccomp filter
+ * @param col the filter collection
+ * @param db the seccomp filter db
+ * @param strict the strict flag
+ * @param rule the filter rule
  *
- * Syscalls can vary across different architectures so this function handles
- * the necessary seccomp rule rewrites to ensure the right thing is done
- * regardless of the rule or architecture.  If @strict is true then the
- * function will fail if the entire filter can not be preservered, however,
- * if @strict is false the function will do a "best effort" rewrite and not
- * fail.  Returns zero on success, negative values on failure.
+ * This function adds a new syscall filter to the seccomp filter db, making any
+ * necessary adjustments for the x86 ABI.  Returns zero on success, negative
+ * values on failure.
  *
  */
-int x86_filter_rewrite(const struct arch_def *arch, bool strict,
-		       int *syscall, struct db_api_arg *chain)
+int x86_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
+		 struct db_api_rule_list *rule)
 {
+	int rc;
 	unsigned int iter;
-	int arg_max;
-
-	arg_max = arch_arg_count_max(arch);
-	if (arg_max < 0)
-		return arg_max;
-
-	if ((*syscall) <= -100 && (*syscall) >= -117) {
-		for (iter = 0; iter < arg_max; iter++) {
-			if ((chain[iter].valid != 0) && (strict))
+	size_t args_size;
+	int sys = rule->syscall;
+	int sys_a, sys_b;
+	struct db_api_rule_list *rule_a, *rule_b;
+
+	if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) {
+		/* (-100 to -120) : multiplexed socket syscalls
+		   (359 to 373)   : direct socket syscalls, Linux 4.3+ */
+
+		/* strict check for the multiplexed socket syscalls */
+		for (iter = 0; iter < rule->args_cnt; iter++) {
+			if ((rule->args[iter].valid != 0) && (strict))
 				return -EINVAL;
 		}
-		chain[0].arg = 0;
-		chain[0].op = SCMP_CMP_EQ;
-		chain[0].mask = DATUM_MAX;
-		chain[0].datum = abs(*syscall) % 100;
-		chain[0].valid = 1;
-		*syscall = __x86_NR_socketcall;
-	} else if ((*syscall) <= -200 && (*syscall) >= -211) {
-		for (iter = 0; iter < arg_max; iter++) {
-			if ((chain[iter].valid != 0) && (strict))
+
+		/* determine both the muxed and direct syscall numbers */
+		if (sys > 0) {
+			sys_a = _x86_sock_mux(sys);
+			if (sys_a == __NR_SCMP_ERROR)
+				return __NR_SCMP_ERROR;
+			sys_b = sys;
+		} else {
+			sys_a = sys;
+			sys_b = _x86_sock_demux(sys);
+			if (sys_b == __NR_SCMP_ERROR)
+				return __NR_SCMP_ERROR;
+		}
+
+		/* use rule_a for the multiplexed syscall and use rule_b for
+		 * the direct wired syscall */
+
+		if (sys_a == __NR_SCMP_UNDEF) {
+			rule_a = NULL;
+			rule_b = rule;
+		} else if (sys_b == __NR_SCMP_UNDEF) {
+			rule_a = rule;
+			rule_b = NULL;
+		} else {
+			/* need two rules, dup the first and link together */
+			rule_a = rule;
+			rule_b = malloc(sizeof(*rule_b));
+			if (rule_b == NULL)
+				return -ENOMEM;
+			args_size = sizeof(*rule_b->args) * rule_a->args_cnt;
+			rule_b->args = malloc(args_size);
+			if (rule_b->args == NULL) {
+				free(rule_b);
+				return -ENOMEM;
+			}
+			rule_b->action = rule_a->action;
+			rule_b->syscall = rule_a->syscall;
+			rule_b->args_cnt = rule_a->args_cnt;
+			memcpy(rule_b->args, rule_a->args, args_size);
+			rule_b->prev = rule_a;
+			rule_b->next = NULL;
+			rule_a->next = rule_b;
+		}
+
+		/* multiplexed socket syscalls */
+		if (rule_a != NULL) {
+			rule_a->syscall = __x86_NR_socketcall;
+			rule_a->args[0].arg = 0;
+			rule_a->args[0].op = SCMP_CMP_EQ;
+			rule_a->args[0].mask = DATUM_MAX;
+			rule_a->args[0].datum = (-sys_a) % 100;
+			rule_a->args[0].valid = 1;
+		}
+
+		/* direct wired socket syscalls */
+		if (rule_b != NULL)
+			rule_b->syscall = sys_b;
+
+		/* add the rules as a single transaction */
+		rc = db_col_transaction_start(col);
+		if (rc < 0)
+			return rc;
+		if (rule_a != NULL) {
+			rc = db_rule_add(db, rule_a);
+			if (rc < 0)
+				goto fail_transaction;
+		}
+		if (rule_b != NULL) {
+			rc = db_rule_add(db, rule_b);
+			if (rc < 0)
+				goto fail_transaction;
+		}
+		db_col_transaction_commit(col);
+	} else if (sys <= -200 && sys >= -224) {
+		/* multiplexed ipc syscalls */
+		for (iter = 0; iter < ARG_COUNT_MAX; iter++) {
+			if ((rule->args[iter].valid != 0) && (strict))
 				return -EINVAL;
 		}
-		chain[0].arg = 0;
-		chain[0].op = SCMP_CMP_EQ;
-		chain[0].mask = DATUM_MAX;
-		chain[0].datum = abs(*syscall) % 200;
-		chain[0].valid = 1;
-		*syscall = __x86_NR_ipc;
-	} else if (((*syscall) < 0) && (strict))
+		rule->args[0].arg = 0;
+		rule->args[0].op = SCMP_CMP_EQ;
+		rule->args[0].mask = DATUM_MAX;
+		rule->args[0].datum = abs(sys) % 200;
+		rule->args[0].valid = 1;
+		rule->syscall = __x86_NR_ipc;
+
+		rc = db_rule_add(db, rule);
+		if (rc < 0)
+			return rc;
+	} else if (sys >= 0) {
+		/* normal syscall processing */
+		rc = db_rule_add(db, rule);
+		if (rc < 0)
+			return rc;
+	} else if (strict)
 		return -EDOM;
 
 	return 0;
+
+fail_transaction:
+	db_col_transaction_abort(col);
+	return rc;
 }
diff -Nru libseccomp-2.2.3/src/arch-x86.h libseccomp-2.3.1/src/arch-x86.h
--- libseccomp-2.2.3/src/arch-x86.h	2015-06-28 16:17:00.633527428 +0000
+++ libseccomp-2.3.1/src/arch-x86.h	2016-02-11 18:32:39.776670411 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x86 Specific Code
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -35,9 +35,9 @@
 
 const char *x86_syscall_iterate_name(unsigned int spot);
 
-int x86_syscall_rewrite(const struct arch_def *arch, bool strict, int *syscall);
+int x86_syscall_rewrite(int *syscall);
 
-int x86_filter_rewrite(const struct arch_def *arch, bool strict,
-		       int *syscall, struct db_api_arg *chain);
+int x86_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict,
+		 struct db_api_rule_list *rule);
 
 #endif
diff -Nru libseccomp-2.2.3/src/arch-x86-syscalls.c libseccomp-2.3.1/src/arch-x86-syscalls.c
--- libseccomp-2.2.3/src/arch-x86-syscalls.c	2015-06-28 16:17:00.517527437 +0000
+++ libseccomp-2.3.1/src/arch-x86-syscalls.c	2016-04-10 21:33:50.342181903 +0000
@@ -2,7 +2,7 @@
  * Enhanced Seccomp x86 Syscall Table
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -26,13 +26,13 @@
 #include "arch.h"
 #include "arch-x86.h"
 
-/* NOTE: based on Linux 3.19 */
+/* NOTE: based on Linux 4.5-rc4 */
 const struct arch_syscall_def x86_syscall_table[] = { \
 	{ "_llseek", 140 },
 	{ "_newselect", 142 },
 	{ "_sysctl", 149 },
 	{ "accept", __PNR_accept },
-	{ "accept4", __PNR_accept4 },
+	{ "accept4", 364 },
 	{ "access", 33 },
 	{ "acct", 51 },
 	{ "add_key", 286 },
@@ -43,7 +43,7 @@
 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
 	{ "arch_prctl", __PNR_arch_prctl },
 	{ "bdflush", 134 },
-	{ "bind", __PNR_bind },
+	{ "bind", 361 },
 	{ "bpf", 357 },
 	{ "break", 17 },
 	{ "breakpoint", __PNR_breakpoint },
@@ -64,7 +64,8 @@
 	{ "clock_settime", 264 },
 	{ "clone", 120 },
 	{ "close", 6 },
-	{ "connect", __PNR_connect },
+	{ "connect", 362 },
+	{ "copy_file_range", 377 },
 	{ "creat", 8 },
 	{ "create_module", 127 },
 	{ "delete_module", 129 },
@@ -134,7 +135,7 @@
 	{ "getgroups", 80 },
 	{ "getgroups32", 205 },
 	{ "getitimer", 105 },
-	{ "getpeername", __PNR_getpeername },
+	{ "getpeername", 368 },
 	{ "getpgid", 132 },
 	{ "getpgrp", 65 },
 	{ "getpid", 20 },
@@ -149,8 +150,8 @@
 	{ "getrlimit", 76 },
 	{ "getrusage", 77 },
 	{ "getsid", 147 },
-	{ "getsockname", __PNR_getsockname },
-	{ "getsockopt", __PNR_getsockopt },
+	{ "getsockname", 367 },
+	{ "getsockopt", 365 },
 	{ "gettid", 224 },
 	{ "gettimeofday", 78 },
 	{ "getuid", 24 },
@@ -184,7 +185,7 @@
 	{ "lgetxattr", 230 },
 	{ "link", 9 },
 	{ "linkat", 303 },
-	{ "listen", __PNR_listen },
+	{ "listen", 363 },
 	{ "listxattr", 232 },
 	{ "llistxattr", 233 },
 	{ "lock", 53 },
@@ -196,6 +197,7 @@
 	{ "lstat64", 196 },
 	{ "madvise", 219 },
 	{ "mbind", 274 },
+	{ "membarrier", 375 },
 	{ "memfd_create", 356 },
 	{ "migrate_pages", 294 },
 	{ "mincore", 218 },
@@ -204,6 +206,7 @@
 	{ "mknod", 14 },
 	{ "mknodat", 297 },
 	{ "mlock", 150 },
+	{ "mlock2", 376 },
 	{ "mlockall", 152 },
 	{ "mmap", 90 },
 	{ "mmap2", 192 },
@@ -224,6 +227,7 @@
 	{ "msgrcv", __PNR_msgrcv },
 	{ "msgsnd", __PNR_msgsnd },
 	{ "msync", 144 },
+	{ "multiplexer", __PNR_multiplexer },
 	{ "munlock", 151 },
 	{ "munlockall", 153 },
 	{ "munmap", 91 },
@@ -275,9 +279,9 @@
 	{ "readv", 145 },
 	{ "reboot", 88 },
 	{ "recv", __PNR_recv },
-	{ "recvfrom", __PNR_recvfrom },
+	{ "recvfrom", 371 },
 	{ "recvmmsg", 337 },
-	{ "recvmsg", __PNR_recvmsg },
+	{ "recvmsg", 372 },
 	{ "remap_file_pages", 257 },
 	{ "removexattr", 235 },
 	{ "rename", 38 },
@@ -294,6 +298,10 @@
 	{ "rt_sigsuspend", 179 },
 	{ "rt_sigtimedwait", 177 },
 	{ "rt_tgsigqueueinfo", 335 },
+	{ "rtas", __PNR_rtas },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", 159 },
 	{ "sched_get_priority_min", 160 },
 	{ "sched_getaffinity", 242 },
@@ -317,8 +325,8 @@
 	{ "sendfile", 187 },
 	{ "sendfile64", 239 },
 	{ "sendmmsg", 345 },
-	{ "sendmsg", __PNR_sendmsg },
-	{ "sendto", __PNR_sendto },
+	{ "sendmsg", 370 },
+	{ "sendto", 369 },
 	{ "set_mempolicy", 276 },
 	{ "set_robust_list", 311 },
 	{ "set_thread_area", 243 },
@@ -348,7 +356,7 @@
 	{ "setreuid32", 203 },
 	{ "setrlimit", 75 },
 	{ "setsid", 66 },
-	{ "setsockopt", __PNR_setsockopt },
+	{ "setsockopt", 366 },
 	{ "settimeofday", 79 },
 	{ "setuid", 23 },
 	{ "setuid32", 213 },
@@ -358,7 +366,7 @@
 	{ "shmctl", __PNR_shmctl },
 	{ "shmdt", __PNR_shmdt },
 	{ "shmget", __PNR_shmget },
-	{ "shutdown", __PNR_shutdown },
+	{ "shutdown", 373 },
 	{ "sigaction", 67 },
 	{ "sigaltstack", 186 },
 	{ "signal", 48 },
@@ -368,10 +376,12 @@
 	{ "sigprocmask", 126 },
 	{ "sigreturn", 119 },
 	{ "sigsuspend", 72 },
-	{ "socket", __PNR_socket },
+	{ "socket", 359 },
 	{ "socketcall", 102 },
-	{ "socketpair", __PNR_socketpair },
+	{ "socketpair", 360 },
 	{ "splice", 313 },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
 	{ "ssetmask", 69 },
 	{ "stat", 106 },
 	{ "stat64", 195 },
@@ -379,8 +389,11 @@
 	{ "statfs64", 268 },
 	{ "stime", 25 },
 	{ "stty", 31 },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
 	{ "swapoff", 115 },
 	{ "swapon", 87 },
+	{ "switch_endian", __PNR_switch_endian },
 	{ "symlink", 83 },
 	{ "symlinkat", 304 },
 	{ "sync", 36 },
@@ -388,6 +401,7 @@
 	{ "sync_file_range2", __PNR_sync_file_range2 },
 	{ "syncfs", 344 },
 	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
 	{ "sysfs", 135 },
 	{ "sysinfo", 116 },
 	{ "syslog", 103 },
@@ -419,6 +433,7 @@
 	{ "unlinkat", 301 },
 	{ "unshare", 310 },
 	{ "uselib", 86 },
+	{ "userfaultfd", 374 },
 	{ "usr26", __PNR_usr26 },
 	{ "usr32", __PNR_usr32 },
 	{ "ustat", 62 },
@@ -454,6 +469,48 @@
 	const struct arch_syscall_def *table = x86_syscall_table;
 
 	/* XXX - plenty of room for future improvement here */
+
+	if (strcmp(name, "accept") == 0)
+		return __PNR_accept;
+	if (strcmp(name, "accept4") == 0)
+		return __PNR_accept4;
+	else if (strcmp(name, "bind") == 0)
+		return __PNR_bind;
+	else if (strcmp(name, "connect") == 0)
+		return __PNR_connect;
+	else if (strcmp(name, "getpeername") == 0)
+		return __PNR_getpeername;
+	else if (strcmp(name, "getsockname") == 0)
+		return __PNR_getsockname;
+	else if (strcmp(name, "getsockopt") == 0)
+		return __PNR_getsockopt;
+	else if (strcmp(name, "listen") == 0)
+		return __PNR_listen;
+	else if (strcmp(name, "recv") == 0)
+		return __PNR_recv;
+	else if (strcmp(name, "recvfrom") == 0)
+		return __PNR_recvfrom;
+	else if (strcmp(name, "recvmsg") == 0)
+		return __PNR_recvmsg;
+	else if (strcmp(name, "recvmmsg") == 0)
+		return __PNR_recvmmsg;
+	else if (strcmp(name, "send") == 0)
+		return __PNR_send;
+	else if (strcmp(name, "sendmsg") == 0)
+		return __PNR_sendmsg;
+	else if (strcmp(name, "sendmmsg") == 0)
+		return __PNR_sendmmsg;
+	else if (strcmp(name, "sendto") == 0)
+		return __PNR_sendto;
+	else if (strcmp(name, "setsockopt") == 0)
+		return __PNR_setsockopt;
+	else if (strcmp(name, "shutdown") == 0)
+		return __PNR_shutdown;
+	else if (strcmp(name, "socket") == 0)
+		return __PNR_socket;
+	else if (strcmp(name, "socketpair") == 0)
+		return __PNR_socketpair;
+
 	for (iter = 0; table[iter].name != NULL; iter++) {
 		if (strcmp(name, table[iter].name) == 0)
 			return table[iter].num;
@@ -477,6 +534,48 @@
 	const struct arch_syscall_def *table = x86_syscall_table;
 
 	/* XXX - plenty of room for future improvement here */
+
+	if (num == __PNR_accept)
+		return "accept";
+	else if (num == __PNR_accept4)
+		return "accept4";
+	else if (num == __PNR_bind)
+		return "bind";
+	else if (num == __PNR_connect)
+		return "connect";
+	else if (num == __PNR_getpeername)
+		return "getpeername";
+	else if (num == __PNR_getsockname)
+		return "getsockname";
+	else if (num == __PNR_getsockopt)
+		return "getsockopt";
+	else if (num == __PNR_listen)
+		return "listen";
+	else if (num == __PNR_recv)
+		return "recv";
+	else if (num == __PNR_recvfrom)
+		return "recvfrom";
+	else if (num == __PNR_recvmsg)
+		return "recvmsg";
+	else if (num == __PNR_recvmmsg)
+		return "recvmmsg";
+	else if (num == __PNR_send)
+		return "send";
+	else if (num == __PNR_sendmsg)
+		return "sendmsg";
+	else if (num == __PNR_sendmmsg)
+		return "sendmmsg";
+	else if (num == __PNR_sendto)
+		return "sendto";
+	else if (num == __PNR_setsockopt)
+		return "setsockopt";
+	else if (num == __PNR_shutdown)
+		return "shutdown";
+	else if (num == __PNR_socket)
+		return "socket";
+	else if (num == __PNR_socketpair)
+		return "socketpair";
+
 	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
 		if (num == table[iter].num)
 			return table[iter].name;
diff -Nru libseccomp-2.2.3/src/db.c libseccomp-2.3.1/src/db.c
--- libseccomp-2.2.3/src/db.c	2015-07-06 15:49:38.021855097 +0000
+++ libseccomp-2.3.1/src/db.c	2016-02-22 22:43:28.747435551 +0000
@@ -1,8 +1,8 @@
 /**
  * Enhanced Seccomp Filter DB
  *
- * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Copyright (c) 2012,2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -30,6 +30,7 @@
 
 #include "arch.h"
 #include "db.h"
+#include "system.h"
 
 /* state values */
 #define _DB_STA_VALID			0xA1B2C3D4
@@ -346,26 +347,169 @@
 }
 
 /**
- * Validate the seccomp action
- * @param action the seccomp action
+ * Free and reset the seccomp filter DB
+ * @param db the seccomp filter DB
+ *
+ * This function frees any existing filters and resets the filter DB to a
+ * default state; only the DB architecture is preserved.
  *
- * Verify that the given action is a valid seccomp action; return zero if
- * valid, -EINVAL if invalid.
  */
-int db_action_valid(uint32_t action)
+static void _db_reset(struct db_filter *db)
 {
-	if (action == SCMP_ACT_KILL)
-		return 0;
-	else if (action == SCMP_ACT_TRAP)
-		return 0;
-	else if (action == SCMP_ACT_ERRNO(action & 0x0000ffff))
-		return 0;
-	else if (action == SCMP_ACT_TRACE(action & 0x0000ffff))
-		return 0;
-	else if (action == SCMP_ACT_ALLOW)
+	struct db_sys_list *s_iter;
+	struct db_api_rule_list *r_iter;
+
+	if (db == NULL)
+		return;
+
+	/* free any filters */
+	if (db->syscalls != NULL) {
+		s_iter = db->syscalls;
+		while (s_iter != NULL) {
+			db->syscalls = s_iter->next;
+			_db_tree_free(s_iter->chains);
+			free(s_iter);
+			s_iter = db->syscalls;
+		}
+		db->syscalls = NULL;
+	}
+
+	/* free any rules */
+	if (db->rules != NULL) {
+		/* split the loop first then loop and free */
+		db->rules->prev->next = NULL;
+		r_iter = db->rules;
+		while (r_iter != NULL) {
+			db->rules = r_iter->next;
+			free(r_iter->args);
+			free(r_iter);
+			r_iter = db->rules;
+		}
+		db->rules = NULL;
+	}
+}
+
+/**
+ * Intitalize a seccomp filter DB
+ * @param arch the architecture definition
+ *
+ * This function initializes a seccomp filter DB and readies it for use.
+ * Returns a pointer to the DB on success, NULL on failure.
+ *
+ */
+static struct db_filter *_db_init(const struct arch_def *arch)
+{
+	struct db_filter *db;
+
+	db = malloc(sizeof(*db));
+	if (db == NULL)
+		return NULL;
+
+	/* clear the buffer for the first time and set the arch */
+	memset(db, 0, sizeof(*db));
+	db->arch = arch;
+
+	/* reset the DB to a known state */
+	_db_reset(db);
+
+	return db;
+}
+
+/**
+ * Destroy a seccomp filter DB
+ * @param db the seccomp filter DB
+ *
+ * This function destroys a seccomp filter DB.  After calling this function,
+ * the filter should no longer be referenced.
+ *
+ */
+static void _db_release(struct db_filter *db)
+{
+	if (db == NULL)
+		return;
+
+	/* free and reset the DB */
+	_db_reset(db);
+	free(db);
+}
+
+/**
+ * Destroy a seccomp filter snapshot
+ * @param snap the seccomp filter snapshot
+ *
+ * This function destroys a seccomp filter snapshot.  After calling this
+ * function, the snapshot should no longer be referenced.
+ *
+ */
+static void _db_snap_release(struct db_filter_snap *snap)
+{
+	unsigned int iter;
+
+	if (snap->filter_cnt > 0) {
+		for (iter = 0; iter < snap->filter_cnt; iter++) {
+			if (snap->filters[iter])
+				_db_release(snap->filters[iter]);
+		}
+		free(snap->filters);
+	}
+	free(snap);
+}
+
+/**
+ * Update the user specified portion of the syscall priority
+ * @param db the seccomp filter db
+ * @param syscall the syscall number
+ * @param priority the syscall priority
+ *
+ * This function sets, or updates, the syscall priority; the highest priority
+ * value between the existing and specified value becomes the new syscall
+ * priority.  If the syscall entry does not already exist, a new phantom
+ * syscall entry is created as a placeholder.  Returns zero on success,
+ * negative values on failure.
+ *
+ */
+static int _db_syscall_priority(struct db_filter *db,
+				int syscall, uint8_t priority)
+{
+	unsigned int sys_pri = _DB_PRI_USER(priority);
+	struct db_sys_list *s_new, *s_iter, *s_prev = NULL;
+
+	assert(db != NULL);
+
+	s_iter = db->syscalls;
+	while (s_iter != NULL && s_iter->num < syscall) {
+		s_prev = s_iter;
+		s_iter = s_iter->next;
+	}
+
+	/* matched an existing syscall entry */
+	if (s_iter != NULL && s_iter->num == syscall) {
+		if (sys_pri > (s_iter->priority & _DB_PRI_MASK_USER)) {
+			s_iter->priority &= (~_DB_PRI_MASK_USER);
+			s_iter->priority |= sys_pri;
+		}
 		return 0;
+	}
 
-	return -EINVAL;
+	/* no existing syscall entry - create a phantom entry */
+	s_new = malloc(sizeof(*s_new));
+	if (s_new == NULL)
+		return -ENOMEM;
+	memset(s_new, 0, sizeof(*s_new));
+	s_new->num = syscall;
+	s_new->priority = sys_pri;
+	s_new->valid = false;
+
+	/* add it before s_iter */
+	if (s_prev != NULL) {
+		s_new->next = s_prev->next;
+		s_prev->next = s_new;
+	} else {
+		s_new->next = db->syscalls;
+		db->syscalls = s_new;
+	}
+
+	return 0;
 }
 
 /**
@@ -374,19 +518,23 @@
  * @param def_action the default filter action
  *
  * This function frees any existing filter DBs and resets the collection to a
- * default state.
+ * default state.  In the case of failure the filter collection may be in an
+ * unknown state and should be released.  Returns zero on success, negative
+ * values on failure.
  *
  */
-void db_col_reset(struct db_filter_col *col, uint32_t def_action)
+int db_col_reset(struct db_filter_col *col, uint32_t def_action)
 {
 	unsigned int iter;
+	struct db_filter *db;
+	struct db_filter_snap *snap;
 
 	if (col == NULL)
-		return;
+		return -EINVAL;
 
 	/* free any filters */
 	for (iter = 0; iter < col->filter_cnt; iter++)
-		db_release(col->filters[iter]);
+		_db_release(col->filters[iter]);
 	col->filter_cnt = 0;
 	if (col->filters)
 		free(col->filters);
@@ -403,6 +551,27 @@
 
 	/* set the state */
 	col->state = _DB_STA_VALID;
+
+	/* reset the initial db */
+	db = _db_init(arch_def_native);
+	if (db == NULL)
+		return -ENOMEM;
+	if (db_col_db_add(col, db) < 0) {
+		_db_release(db);
+		return -ENOMEM;
+	}
+
+	/* reset the transactions */
+	while (col->snapshots) {
+		snap = col->snapshots;
+		col->snapshots = snap->next;
+		for (iter = 0; iter < snap->filter_cnt; iter++)
+			_db_release(snap->filters[iter]);
+		free(snap->filters);
+		free(snap);
+	}
+
+	return 0;
 }
 
 /**
@@ -425,9 +594,14 @@
 	memset(col, 0, sizeof(*col));
 
 	/* reset the DB to a known state */
-	db_col_reset(col, def_action);
+	if (db_col_reset(col, def_action) < 0)
+		goto init_failure;
 
 	return col;
+
+init_failure:
+	db_col_release(col);
+	return NULL;
 }
 
 /**
@@ -440,18 +614,51 @@
  */
 void db_col_release(struct db_filter_col *col)
 {
+	unsigned int iter;
+
 	if (col == NULL)
 		return;
 
 	/* set the state, just in case */
 	col->state = _DB_STA_FREED;
 
-	/* free and reset the DB */
-	db_col_reset(col, 0);
+	/* free any filters */
+	for (iter = 0; iter < col->filter_cnt; iter++)
+		_db_release(col->filters[iter]);
+	col->filter_cnt = 0;
+	if (col->filters)
+		free(col->filters);
+	col->filters = NULL;
+
+	/* free the collection */
 	free(col);
 }
 
 /**
+ * Validate the seccomp action
+ * @param action the seccomp action
+ *
+ * Verify that the given action is a valid seccomp action; return zero if
+ * valid, -EINVAL if invalid.
+ */
+int db_action_valid(uint32_t action)
+{
+	if (action == SCMP_ACT_KILL)
+		return 0;
+	else if (action == SCMP_ACT_TRAP)
+		return 0;
+	else if ((action == SCMP_ACT_ERRNO(action & 0x0000ffff)) &&
+		 ((action & 0x0000ffff) < MAX_ERRNO))
+		return 0;
+	else if (action == SCMP_ACT_TRACE(action & 0x0000ffff))
+		return 0;
+	else if (action == SCMP_ACT_ALLOW)
+		return 0;
+
+	return -EINVAL;
+}
+
+/**
  * Validate a filter collection
  * @param col the seccomp filter collection
  *
@@ -604,9 +811,13 @@
 		break;
 	case SCMP_FLTATR_CTL_TSYNC:
 		rc = sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC);
-		if (rc)
-			return rc;
-		col->attr.tsync_enable = (value ? 1 : 0);
+		if (rc == 1) {
+			/* supported */
+			rc = 0;
+			col->attr.tsync_enable = (value ? 1 : 0);
+		} else if (rc == 0)
+			/* unsupported */
+			rc = -EOPNOTSUPP;
 		break;
 	default:
 		rc = -EEXIST;
@@ -617,6 +828,31 @@
 }
 
 /**
+ * Add a new architecture filter to a filter collection
+ * @param col the seccomp filter collection
+ * @param arch the architecture
+ *
+ * This function adds a new architecture filter DB to an existing seccomp
+ * filter collection assuming there isn't a filter DB already present with the
+ * same architecture.  Returns zero on success, negative values on failure.
+ *
+ */
+int db_col_db_new(struct db_filter_col *col, const struct arch_def *arch)
+{
+	int rc;
+	struct db_filter *db;
+
+	db = _db_init(arch);
+	if (db == NULL)
+		return -ENOMEM;
+	rc = db_col_db_add(col, db);
+	if (rc < 0)
+		_db_release(db);
+
+	return rc;
+}
+
+/**
  * Add a new filter DB to a filter collection
  * @param col the seccomp filter collection
  * @param db the seccomp filter DB
@@ -671,7 +907,7 @@
 		if (found)
 			col->filters[iter - 1] = col->filters[iter];
 		else if (col->filters[iter]->arch->token == arch_token) {
-			db_release(col->filters[iter]);
+			_db_release(col->filters[iter]);
 			found = 1;
 		}
 	}
@@ -696,135 +932,6 @@
 }
 
 /**
- * Free and reset the seccomp filter DB
- * @param db the seccomp filter DB
- *
- * This function frees any existing filters and resets the filter DB to a
- * default state; only the DB architecture is preserved.
- *
- */
-void db_reset(struct db_filter *db)
-{
-	struct db_sys_list *s_iter;
-
-	if (db == NULL)
-		return;
-
-	/* free any filters */
-	if (db->syscalls != NULL) {
-		s_iter = db->syscalls;
-		while (s_iter != NULL) {
-			db->syscalls = s_iter->next;
-			_db_tree_free(s_iter->chains);
-			free(s_iter);
-			s_iter = db->syscalls;
-		}
-		db->syscalls = NULL;
-	}
-}
-
-/**
- * Intitalize a seccomp filter DB
- * @param arch the architecture definition
- *
- * This function initializes a seccomp filter DB and readies it for use.
- * Returns a pointer to the DB on success, NULL on failure.
- *
- */
-struct db_filter *db_init(const struct arch_def *arch)
-{
-	struct db_filter *db;
-
-	db = malloc(sizeof(*db));
-	if (db == NULL)
-		return NULL;
-
-	/* clear the buffer for the first time and set the arch */
-	memset(db, 0, sizeof(*db));
-	db->arch = arch;
-
-	/* reset the DB to a known state */
-	db_reset(db);
-
-	return db;
-}
-
-/**
- * Destroy a seccomp filter DB
- * @param db the seccomp filter DB
- *
- * This function destroys a seccomp filter DB.  After calling this function,
- * the filter should no longer be referenced.
- *
- */
-void db_release(struct db_filter *db)
-{
-	if (db == NULL)
-		return;
-
-	/* free and reset the DB */
-	db_reset(db);
-	free(db);
-}
-
-/**
- * Update the user specified portion of the syscall priority
- * @param db the seccomp filter db
- * @param syscall the syscall number
- * @param priority the syscall priority
- *
- * This function sets, or updates, the syscall priority; the highest priority
- * value between the existing and specified value becomes the new syscall
- * priority.  If the syscall entry does not already exist, a new phantom
- * syscall entry is created as a placeholder.  Returns zero on success,
- * negative values on failure.
- *
- */
-int db_syscall_priority(struct db_filter *db,
-			unsigned int syscall, uint8_t priority)
-{
-	unsigned int sys_pri = _DB_PRI_USER(priority);
-	struct db_sys_list *s_new, *s_iter, *s_prev = NULL;
-
-	assert(db != NULL);
-
-	s_iter = db->syscalls;
-	while (s_iter != NULL && s_iter->num < syscall) {
-		s_prev = s_iter;
-		s_iter = s_iter->next;
-	}
-
-	/* matched an existing syscall entry */
-	if (s_iter != NULL && s_iter->num == syscall) {
-		if (sys_pri > (s_iter->priority & _DB_PRI_MASK_USER)) {
-			s_iter->priority &= (~_DB_PRI_MASK_USER);
-			s_iter->priority |= sys_pri;
-		}
-		return 0;
-	}
-
-	/* no existing syscall entry - create a phantom entry */
-	s_new = malloc(sizeof(*s_new));
-	if (s_new == NULL)
-		return -ENOMEM;
-	memset(s_new, 0, sizeof(*s_new));
-	s_new->num = syscall;
-	s_new->priority = sys_pri;
-	s_new->valid = false;
-
-	/* add it before s_iter */
-	if (s_prev != NULL) {
-		s_new->next = s_prev->next;
-		s_prev->next = s_new;
-	} else {
-		s_new->next = db->syscalls;
-		db->syscalls = s_new;
-	}
-
-	return 0;
-}
-
-/**
  * Test if the argument filter can be skipped because it's a tautology
  * @param arg argument filter
  *
@@ -1117,9 +1224,7 @@
 /**
  * Add a new rule to the seccomp filter DB
  * @param db the seccomp filter db
- * @param action the filter action
- * @param syscall the syscall number
- * @param chain argument filter chain
+ * @param rule the filter rule
  *
  * This function adds a new syscall filter to the seccomp filter DB, adding to
  * the existing filters for the syscall, unless no argument specific filters
@@ -1128,10 +1233,12 @@
  * filter DB. Returns zero on success, negative values on failure.
  *
  */
-int db_rule_add(struct db_filter *db, uint32_t action, unsigned int syscall,
-		struct db_api_arg *chain)
+int db_rule_add(struct db_filter *db, const struct db_api_rule_list *rule)
 {
 	int rc = -ENOMEM;
+	int syscall = rule->syscall;
+	uint32_t action = rule->action;
+	struct db_api_arg *chain = rule->args;
 	struct db_sys_list *s_new, *s_iter, *s_prev = NULL;
 	struct db_arg_chain_tree *c_iter = NULL, *c_prev = NULL;
 	struct db_arg_chain_tree *ec_iter;
@@ -1384,3 +1491,276 @@
 	}
 	return rc;
 }
+
+/**
+ * Set the priority of a given syscall
+ * @param col the filter collection
+ * @param syscall the syscall number
+ * @param priority priority value, higher value == higher priority
+ *
+ * This function sets the priority of the given syscall; this value is used
+ * when generating the seccomp filter code such that higher priority syscalls
+ * will incur less filter code overhead than the lower priority syscalls in the
+ * filter.  Returns zero on success, negative values on failure.
+ *
+ */
+int db_col_syscall_priority(struct db_filter_col *col,
+			    int syscall, uint8_t priority)
+{
+	int rc = 0, rc_tmp;
+	unsigned int iter;
+	int sc_tmp;
+	struct db_filter *filter;
+
+	for (iter = 0; iter < col->filter_cnt; iter++) {
+		filter = col->filters[iter];
+		sc_tmp = syscall;
+
+		rc_tmp = arch_syscall_translate(filter->arch, &sc_tmp);
+		if (rc_tmp < 0)
+			goto priority_failure;
+
+		/* if this is a pseudo syscall (syscall < 0) then we need to
+		 * rewrite the syscall for some arch specific reason */
+		if (sc_tmp < 0) {
+			/* we set this as a strict op - we don't really care
+			 * since priorities are a "best effort" thing - as we
+			 * want to catch the -EDOM error and bail on this
+			 * architecture */
+			rc_tmp = arch_syscall_rewrite(filter->arch, &sc_tmp);
+			if (rc_tmp == -EDOM)
+				continue;
+			if (rc_tmp < 0)
+				goto priority_failure;
+		}
+
+		rc_tmp = _db_syscall_priority(filter, sc_tmp, priority);
+
+priority_failure:
+		if (rc == 0 && rc_tmp < 0)
+			rc = rc_tmp;
+	}
+
+	return rc;
+}
+
+/**
+ * Add a new rule to the current filter
+ * @param col the filter collection
+ * @param strict the strict flag
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of argument filters in the argument filter chain
+ * @param arg_array the argument filter chain, (uint, enum scmp_compare, ulong)
+ *
+ * This function adds a new argument/comparison/value to the seccomp filter for
+ * a syscall; multiple arguments can be specified and they will be chained
+ * together (essentially AND'd together) in the filter.  When the strict flag
+ * is true the function will fail if the exact rule can not be added to the
+ * filter, if the strict flag is false the function will not fail if the
+ * function needs to adjust the rule due to architecture specifics.  Returns
+ * zero on success, negative values on failure.
+ *
+ */
+int db_col_rule_add(struct db_filter_col *col,
+		    bool strict, uint32_t action, int syscall,
+		    unsigned int arg_cnt, const struct scmp_arg_cmp *arg_array)
+{
+	int rc = 0, rc_tmp;
+	unsigned int iter;
+	unsigned int chain_len;
+	unsigned int arg_num;
+	size_t chain_size;
+	struct db_api_arg *chain = NULL;
+	struct scmp_arg_cmp arg_data;
+
+	/* collect the arguments for the filter rule */
+	chain_len = ARG_COUNT_MAX;
+	chain_size = sizeof(*chain) * chain_len;
+	chain = malloc(chain_size);
+	if (chain == NULL)
+		return -ENOMEM;
+	memset(chain, 0, chain_size);
+	for (iter = 0; iter < arg_cnt; iter++) {
+		arg_data = arg_array[iter];
+		arg_num = arg_data.arg;
+		if (arg_num < chain_len && chain[arg_num].valid == 0) {
+			chain[arg_num].valid = 1;
+			chain[arg_num].arg = arg_num;
+			chain[arg_num].op = arg_data.op;
+			/* XXX - we should check datum/mask size against the
+			 *	 arch definition, e.g. 64 bit datum on x86 */
+			switch (chain[arg_num].op) {
+			case SCMP_CMP_NE:
+			case SCMP_CMP_LT:
+			case SCMP_CMP_LE:
+			case SCMP_CMP_EQ:
+			case SCMP_CMP_GE:
+			case SCMP_CMP_GT:
+				chain[arg_num].mask = DATUM_MAX;
+				chain[arg_num].datum = arg_data.datum_a;
+				break;
+			case SCMP_CMP_MASKED_EQ:
+				chain[arg_num].mask = arg_data.datum_a;
+				chain[arg_num].datum = arg_data.datum_b;
+				break;
+			default:
+				rc = -EINVAL;
+				goto add_return;
+			}
+		} else {
+			rc = -EINVAL;
+			goto add_return;
+		}
+	}
+
+	for (iter = 0; iter < col->filter_cnt; iter++) {
+		rc_tmp = arch_filter_rule_add(col, col->filters[iter], strict,
+					      action, syscall,
+					      chain_len, chain);
+		if (rc == 0 && rc_tmp < 0)
+			rc = rc_tmp;
+	}
+
+add_return:
+	if (chain != NULL)
+		free(chain);
+	return rc;
+}
+
+/**
+ * Start a new seccomp filter transaction
+ * @param col the filter collection
+ *
+ * This function starts a new seccomp filter transaction for the given filter
+ * collection.  Returns zero on success, negative values on failure.
+ *
+ */
+int db_col_transaction_start(struct db_filter_col *col)
+{
+	unsigned int iter;
+	size_t args_size;
+	struct db_filter_snap *snap;
+	struct db_filter *filter_o, *filter_s;
+	struct db_api_rule_list *rule_o, *rule_s;
+
+	/* allocate the snapshot */
+	snap = malloc(sizeof(*snap));
+	if (snap == NULL)
+		return -ENOMEM;
+	snap->filters = malloc(sizeof(struct db_filter *) * col->filter_cnt);
+	if (snap->filters == NULL) {
+		free(snap);
+		return -ENOMEM;
+	}
+	snap->filter_cnt = col->filter_cnt;
+	for (iter = 0; iter < snap->filter_cnt; iter++)
+		snap->filters[iter] = NULL;
+	snap->next = NULL;
+
+	/* create a snapshot of the current filter state */
+	for (iter = 0; iter < col->filter_cnt; iter++) {
+		/* allocate a new filter */
+		filter_o = col->filters[iter];
+		filter_s = _db_init(filter_o->arch);
+		if (filter_s == NULL)
+			goto trans_start_failure;
+		snap->filters[iter] = filter_s;
+
+		/* create a filter snapshot from existing rules */
+		rule_o = filter_o->rules;
+		if (rule_o == NULL)
+			continue;
+		do {
+			/* copy the rule */
+			rule_s = malloc(sizeof(*rule_s));
+			if (rule_s == NULL)
+				goto trans_start_failure;
+			args_size = sizeof(*rule_s->args) * rule_o->args_cnt;
+			rule_s->args = malloc(args_size);
+			if (rule_s->args == NULL) {
+				free(rule_s);
+				goto trans_start_failure;
+			}
+			rule_s->action = rule_o->action;
+			rule_s->syscall = rule_o->syscall;
+			rule_s->args_cnt = rule_o->args_cnt;
+			memcpy(rule_s->args, rule_o->args, args_size);
+			if (filter_s->rules != NULL) {
+				rule_s->prev = filter_s->rules->prev;
+				rule_s->next = filter_s->rules;
+				filter_s->rules->prev->next = rule_s;
+				filter_s->rules->prev = rule_s;
+			} else {
+				rule_s->prev = rule_s;
+				rule_s->next = rule_s;
+				filter_s->rules = rule_s;
+			}
+
+			/* insert the rule into the filter */
+			if (db_rule_add(filter_s, rule_o) != 0)
+				goto trans_start_failure;
+
+			/* next rule */
+			rule_o = rule_o->next;
+		} while (rule_o != filter_o->rules);
+	}
+
+	/* add the snapshot to the list */
+	snap->next = col->snapshots;
+	col->snapshots = snap;
+
+	return 0;
+
+trans_start_failure:
+	_db_snap_release(snap);
+	return -ENOMEM;
+}
+
+/**
+ * Abort the top most seccomp filter transaction
+ * @param col the filter collection
+ *
+ * This function aborts the most recent seccomp filter transaction.
+ *
+ */
+void db_col_transaction_abort(struct db_filter_col *col)
+{
+	int iter;
+	unsigned int filter_cnt;
+	struct db_filter **filters;
+	struct db_filter_snap *snap;
+
+	if (col->snapshots == NULL)
+		return;
+
+	/* replace the current filter with the last snapshot */
+	snap = col->snapshots;
+	col->snapshots = snap->next;
+	filter_cnt = col->filter_cnt;
+	filters = col->filters;
+	col->filter_cnt = snap->filter_cnt;
+	col->filters = snap->filters;
+	free(snap);
+
+	/* free the filter we swapped out */
+	for (iter = 0; iter < filter_cnt; iter++)
+		_db_release(filters[iter]);
+	free(filters);
+}
+
+/**
+ * Commit the top most seccomp filter transaction
+ * @param col the filter collection
+ *
+ * This function commits the most recent seccomp filter transaction.
+ *
+ */
+void db_col_transaction_commit(struct db_filter_col *col)
+{
+	struct db_filter_snap *snap;
+
+	snap = col->snapshots;
+	col->snapshots = snap->next;
+	_db_snap_release(snap);
+}
diff -Nru libseccomp-2.2.3/src/db.h libseccomp-2.3.1/src/db.h
--- libseccomp-2.2.3/src/db.h	2015-07-08 19:16:23.415206798 +0000
+++ libseccomp-2.3.1/src/db.h	2016-02-11 18:32:39.777670411 +0000
@@ -1,8 +1,8 @@
 /**
  * Enhanced Seccomp Filter DB
  *
- * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Copyright (c) 2012,2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -33,13 +33,22 @@
 
 struct db_api_arg {
 	unsigned int arg;
-	unsigned int op;
+	enum scmp_compare op;
 	scmp_datum_t mask;
 	scmp_datum_t datum;
 
 	bool valid;
 };
 
+struct db_api_rule_list {
+	uint32_t action;
+	int syscall;
+	struct db_api_arg *args;
+	unsigned int args_cnt;
+
+	struct db_api_rule_list *prev, *next;
+};
+
 struct db_arg_chain_tree {
 	/* argument number (a0 = 0, a1 = 1, etc.) */
 	unsigned int arg;
@@ -137,6 +146,17 @@
 
 	/* syscall filters, kept as a sorted single-linked list */
 	struct db_sys_list *syscalls;
+
+	/* list of rules used to build the filters, kept in order */
+	struct db_api_rule_list *rules;
+};
+
+struct db_filter_snap {
+	/* individual filters */
+	struct db_filter **filters;
+	unsigned int filter_cnt;
+
+	struct db_filter_snap *next;
 };
 
 struct db_filter_col {
@@ -150,6 +170,9 @@
 	int endian;
 	struct db_filter **filters;
 	unsigned int filter_cnt;
+
+	/* transaction snapshots */
+	struct db_filter_snap *snapshots;
 };
 
 /**
@@ -167,7 +190,7 @@
 int db_action_valid(uint32_t action);
 
 struct db_filter_col *db_col_init(uint32_t def_action);
-void db_col_reset(struct db_filter_col *col, uint32_t def_action);
+int db_col_reset(struct db_filter_col *col, uint32_t def_action);
 void db_col_release(struct db_filter_col *col);
 
 int db_col_valid(struct db_filter_col *col);
@@ -181,17 +204,21 @@
 int db_col_attr_set(struct db_filter_col *col,
 		    enum scmp_filter_attr attr, uint32_t value);
 
+int db_col_db_new(struct db_filter_col *col, const struct arch_def *arch);
 int db_col_db_add(struct db_filter_col *col, struct db_filter *db);
 int db_col_db_remove(struct db_filter_col *col, uint32_t arch_token);
 
-struct db_filter *db_init(const struct arch_def *arch);
-void db_reset(struct db_filter *db);
-void db_release(struct db_filter *db);
-
-int db_syscall_priority(struct db_filter *db,
-			unsigned int syscall, uint8_t priority);
+int db_col_rule_add(struct db_filter_col *col,
+		    bool strict, uint32_t action, int syscall,
+		    unsigned int arg_cnt, const struct scmp_arg_cmp *arg_array);
+
+int db_col_syscall_priority(struct db_filter_col *col,
+			    int syscall, uint8_t priority);
+
+int db_col_transaction_start(struct db_filter_col *col);
+void db_col_transaction_abort(struct db_filter_col *col);
+void db_col_transaction_commit(struct db_filter_col *col);
 
-int db_rule_add(struct db_filter *db, uint32_t action, unsigned int syscall,
-		struct db_api_arg *chain);
+int db_rule_add(struct db_filter *db, const struct db_api_rule_list *rule);
 
 #endif
diff -Nru libseccomp-2.2.3/src/gen_bpf.c libseccomp-2.3.1/src/gen_bpf.c
--- libseccomp-2.2.3/src/gen_bpf.c	2015-07-01 17:51:47.578901235 +0000
+++ libseccomp-2.3.1/src/gen_bpf.c	2016-02-11 18:32:37.559670577 +0000
@@ -2,7 +2,7 @@
  * Seccomp BPF Translator
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -880,7 +880,6 @@
 	case SCMP_CMP_NE:
 	case SCMP_CMP_LT:
 	case SCMP_CMP_LE:
-		/* if we hit here it means the filter db isn't correct */
 	default:
 		/* fatal error, we should never get here */
 		goto node_failure;
diff -Nru libseccomp-2.2.3/src/gen_bpf.h libseccomp-2.3.1/src/gen_bpf.h
--- libseccomp-2.2.3/src/gen_bpf.h	2015-06-28 16:17:00.652527426 +0000
+++ libseccomp-2.3.1/src/gen_bpf.h	2016-02-11 18:32:39.778670411 +0000
@@ -2,7 +2,7 @@
  * Seccomp BPF Translator
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/src/gen_pfc.c libseccomp-2.3.1/src/gen_pfc.c
--- libseccomp-2.2.3/src/gen_pfc.c	2015-06-28 16:17:00.589527431 +0000
+++ libseccomp-2.3.1/src/gen_pfc.c	2016-02-11 18:32:37.560670577 +0000
@@ -2,7 +2,7 @@
  * Seccomp Pseudo Filter Code (PFC) Generator
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -71,6 +71,16 @@
 		return "mips64n32";
 	case SCMP_ARCH_MIPSEL64N32:
 		return "mipsel64n32";
+	case SCMP_ARCH_PPC64:
+		return "ppc64";
+	case SCMP_ARCH_PPC64LE:
+		return "ppc64le";
+	case SCMP_ARCH_PPC:
+		return "ppc";
+	case SCMP_ARCH_S390X:
+		return "s390x";
+	case SCMP_ARCH_S390:
+		return "s390";
 	default:
 		return "UNKNOWN";
 	}
diff -Nru libseccomp-2.2.3/src/gen_pfc.h libseccomp-2.3.1/src/gen_pfc.h
--- libseccomp-2.2.3/src/gen_pfc.h	2015-06-28 16:17:00.655527426 +0000
+++ libseccomp-2.3.1/src/gen_pfc.h	2016-02-11 18:32:39.778670411 +0000
@@ -2,7 +2,7 @@
  * Seccomp String Translator
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/src/Makefile.am libseccomp-2.3.1/src/Makefile.am
--- libseccomp-2.2.3/src/Makefile.am	2015-07-01 17:50:58.936904875 +0000
+++ libseccomp-2.3.1/src/Makefile.am	2016-02-26 19:38:52.943505996 +0000
@@ -21,7 +21,11 @@
 SUBDIRS += python
 endif
 
-SOURCES_ARCH = \
+SOURCES_ALL = \
+	api.c system.h system.c \
+	gen_pfc.h gen_pfc.c gen_bpf.h gen_bpf.c \
+	hash.h hash.c \
+	db.h db.c \
 	arch.c arch.h \
 	arch-x86.h arch-x86.c arch-x86-syscalls.c \
 	arch-x86_64.h arch-x86_64.c arch-x86_64-syscalls.c \
@@ -30,13 +34,11 @@
 	arch-aarch64.h arch-aarch64.c arch-aarch64-syscalls.c \
 	arch-mips.h arch-mips.c arch-mips-syscalls.c \
 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
-	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c
-
-SOURCES_GEN = \
-	api.c system.h system.c \
-	db.h db.c \
-	hash.h hash.c \
-	gen_pfc.h gen_pfc.c gen_bpf.h gen_bpf.c
+	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
+	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
+	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
+	arch-s390.h arch-s390.c arch-s390-syscalls.c \
+	arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
 
 EXTRA_DIST = arch-syscall-validate
 
@@ -46,12 +48,12 @@
 
 lib_LTLIBRARIES = libseccomp.la
 
-arch_syscall_dump_SOURCES = arch-syscall-dump.c ${SOURCES_ARCH}
+arch_syscall_dump_SOURCES = arch-syscall-dump.c ${SOURCES_ALL}
 
-arch_syscall_check_SOURCES = arch-syscall-check.c ${SOURCES_ARCH}
+arch_syscall_check_SOURCES = arch-syscall-check.c ${SOURCES_ALL}
 
-libseccomp_la_SOURCES = ${SOURCES_GEN} ${SOURCES_ARCH}
-libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} -I$(top_builddir)/include
+libseccomp_la_SOURCES = ${SOURCES_ALL}
+libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} -I${top_builddir}/include
 libseccomp_la_CFLAGS = ${AM_CFLAGS} ${CFLAGS} -fPIC -DPIC -fvisibility=hidden
 libseccomp_la_LDFLAGS = ${AM_LDFLAGS} ${LDFLAGS} \
 	-version-number ${VERSION_MAJOR}:${VERSION_MINOR}:${VERSION_MICRO}
diff -Nru libseccomp-2.2.3/src/Makefile.in libseccomp-2.3.1/src/Makefile.in
--- libseccomp-2.2.3/src/Makefile.in	2015-07-08 19:16:29.004206379 +0000
+++ libseccomp-2.3.1/src/Makefile.in	2016-04-20 20:11:08.920211382 +0000
@@ -145,9 +145,9 @@
 LTLIBRARIES = $(lib_LTLIBRARIES)
 libseccomp_la_LIBADD =
 am__objects_1 = libseccomp_la-api.lo libseccomp_la-system.lo \
-	libseccomp_la-db.lo libseccomp_la-hash.lo \
-	libseccomp_la-gen_pfc.lo libseccomp_la-gen_bpf.lo
-am__objects_2 = libseccomp_la-arch.lo libseccomp_la-arch-x86.lo \
+	libseccomp_la-gen_pfc.lo libseccomp_la-gen_bpf.lo \
+	libseccomp_la-hash.lo libseccomp_la-db.lo \
+	libseccomp_la-arch.lo libseccomp_la-arch-x86.lo \
 	libseccomp_la-arch-x86-syscalls.lo \
 	libseccomp_la-arch-x86_64.lo \
 	libseccomp_la-arch-x86_64-syscalls.lo \
@@ -159,8 +159,14 @@
 	libseccomp_la-arch-mips64.lo \
 	libseccomp_la-arch-mips64-syscalls.lo \
 	libseccomp_la-arch-mips64n32.lo \
-	libseccomp_la-arch-mips64n32-syscalls.lo
-am_libseccomp_la_OBJECTS = $(am__objects_1) $(am__objects_2)
+	libseccomp_la-arch-mips64n32-syscalls.lo \
+	libseccomp_la-arch-ppc.lo libseccomp_la-arch-ppc-syscalls.lo \
+	libseccomp_la-arch-ppc64.lo \
+	libseccomp_la-arch-ppc64-syscalls.lo \
+	libseccomp_la-arch-s390.lo libseccomp_la-arch-s390-syscalls.lo \
+	libseccomp_la-arch-s390x.lo \
+	libseccomp_la-arch-s390x-syscalls.lo
+am_libseccomp_la_OBJECTS = $(am__objects_1)
 libseccomp_la_OBJECTS = $(am_libseccomp_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -169,21 +175,26 @@
 libseccomp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libseccomp_la_CFLAGS) \
 	$(CFLAGS) $(libseccomp_la_LDFLAGS) $(LDFLAGS) -o $@
-am__objects_3 = arch.$(OBJEXT) arch-x86.$(OBJEXT) \
-	arch-x86-syscalls.$(OBJEXT) arch-x86_64.$(OBJEXT) \
-	arch-x86_64-syscalls.$(OBJEXT) arch-x32.$(OBJEXT) \
-	arch-x32-syscalls.$(OBJEXT) arch-arm.$(OBJEXT) \
-	arch-arm-syscalls.$(OBJEXT) arch-aarch64.$(OBJEXT) \
-	arch-aarch64-syscalls.$(OBJEXT) arch-mips.$(OBJEXT) \
-	arch-mips-syscalls.$(OBJEXT) arch-mips64.$(OBJEXT) \
-	arch-mips64-syscalls.$(OBJEXT) arch-mips64n32.$(OBJEXT) \
-	arch-mips64n32-syscalls.$(OBJEXT)
+am__objects_2 = api.$(OBJEXT) system.$(OBJEXT) gen_pfc.$(OBJEXT) \
+	gen_bpf.$(OBJEXT) hash.$(OBJEXT) db.$(OBJEXT) arch.$(OBJEXT) \
+	arch-x86.$(OBJEXT) arch-x86-syscalls.$(OBJEXT) \
+	arch-x86_64.$(OBJEXT) arch-x86_64-syscalls.$(OBJEXT) \
+	arch-x32.$(OBJEXT) arch-x32-syscalls.$(OBJEXT) \
+	arch-arm.$(OBJEXT) arch-arm-syscalls.$(OBJEXT) \
+	arch-aarch64.$(OBJEXT) arch-aarch64-syscalls.$(OBJEXT) \
+	arch-mips.$(OBJEXT) arch-mips-syscalls.$(OBJEXT) \
+	arch-mips64.$(OBJEXT) arch-mips64-syscalls.$(OBJEXT) \
+	arch-mips64n32.$(OBJEXT) arch-mips64n32-syscalls.$(OBJEXT) \
+	arch-ppc.$(OBJEXT) arch-ppc-syscalls.$(OBJEXT) \
+	arch-ppc64.$(OBJEXT) arch-ppc64-syscalls.$(OBJEXT) \
+	arch-s390.$(OBJEXT) arch-s390-syscalls.$(OBJEXT) \
+	arch-s390x.$(OBJEXT) arch-s390x-syscalls.$(OBJEXT)
 am_arch_syscall_check_OBJECTS = arch-syscall-check.$(OBJEXT) \
-	$(am__objects_3)
+	$(am__objects_2)
 arch_syscall_check_OBJECTS = $(am_arch_syscall_check_OBJECTS)
 arch_syscall_check_LDADD = $(LDADD)
 am_arch_syscall_dump_OBJECTS = arch-syscall-dump.$(OBJEXT) \
-	$(am__objects_3)
+	$(am__objects_2)
 arch_syscall_dump_OBJECTS = $(am_arch_syscall_dump_OBJECTS)
 arch_syscall_dump_LDADD = $(LDADD)
 AM_V_P = $(am__v_P_@AM_V@)
@@ -437,7 +448,11 @@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 SUBDIRS = . $(am__append_1)
-SOURCES_ARCH = \
+SOURCES_ALL = \
+	api.c system.h system.c \
+	gen_pfc.h gen_pfc.c gen_bpf.h gen_bpf.c \
+	hash.h hash.c \
+	db.h db.c \
 	arch.c arch.h \
 	arch-x86.h arch-x86.c arch-x86-syscalls.c \
 	arch-x86_64.h arch-x86_64.c arch-x86_64-syscalls.c \
@@ -446,20 +461,18 @@
 	arch-aarch64.h arch-aarch64.c arch-aarch64-syscalls.c \
 	arch-mips.h arch-mips.c arch-mips-syscalls.c \
 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
-	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c
-
-SOURCES_GEN = \
-	api.c system.h system.c \
-	db.h db.c \
-	hash.h hash.c \
-	gen_pfc.h gen_pfc.c gen_bpf.h gen_bpf.c
+	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
+	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
+	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
+	arch-s390.h arch-s390.c arch-s390-syscalls.c \
+	arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
 
 EXTRA_DIST = arch-syscall-validate
 lib_LTLIBRARIES = libseccomp.la
-arch_syscall_dump_SOURCES = arch-syscall-dump.c ${SOURCES_ARCH}
-arch_syscall_check_SOURCES = arch-syscall-check.c ${SOURCES_ARCH}
-libseccomp_la_SOURCES = ${SOURCES_GEN} ${SOURCES_ARCH}
-libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} -I$(top_builddir)/include
+arch_syscall_dump_SOURCES = arch-syscall-dump.c ${SOURCES_ALL}
+arch_syscall_check_SOURCES = arch-syscall-check.c ${SOURCES_ALL}
+libseccomp_la_SOURCES = ${SOURCES_ALL}
+libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} -I${top_builddir}/include
 libseccomp_la_CFLAGS = ${AM_CFLAGS} ${CFLAGS} -fPIC -DPIC -fvisibility=hidden
 libseccomp_la_LDFLAGS = ${AM_LDFLAGS} ${LDFLAGS} \
 	-version-number ${VERSION_MAJOR}:${VERSION_MINOR}:${VERSION_MICRO}
@@ -560,6 +573,7 @@
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-aarch64-syscalls.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-aarch64.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-arm-syscalls.Po@am__quote@
@@ -570,6 +584,14 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64n32-syscalls.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64n32.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc-syscalls.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc64-syscalls.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc64.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390-syscalls.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390x-syscalls.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390x.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-syscall-check.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-syscall-dump.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x32-syscalls.Po@am__quote@
@@ -579,6 +601,10 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86_64-syscalls.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86_64.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_bpf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_pfc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-api.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-aarch64-syscalls.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-aarch64.Plo@am__quote@
@@ -590,6 +616,14 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64n32-syscalls.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64n32.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc64.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390x.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x32-syscalls.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x32.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86-syscalls.Plo@am__quote@
@@ -602,6 +636,7 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-gen_pfc.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-hash.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-system.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Po@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -641,20 +676,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-system.lo `test -f 'system.c' || echo '$(srcdir)/'`system.c
 
-libseccomp_la-db.lo: db.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-db.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-db.Tpo -c -o libseccomp_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-db.Tpo $(DEPDIR)/libseccomp_la-db.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='db.c' object='libseccomp_la-db.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
-
-libseccomp_la-hash.lo: hash.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-hash.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-hash.Tpo -c -o libseccomp_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-hash.Tpo $(DEPDIR)/libseccomp_la-hash.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hash.c' object='libseccomp_la-hash.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
-
 libseccomp_la-gen_pfc.lo: gen_pfc.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-gen_pfc.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-gen_pfc.Tpo -c -o libseccomp_la-gen_pfc.lo `test -f 'gen_pfc.c' || echo '$(srcdir)/'`gen_pfc.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-gen_pfc.Tpo $(DEPDIR)/libseccomp_la-gen_pfc.Plo
@@ -669,6 +690,20 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-gen_bpf.lo `test -f 'gen_bpf.c' || echo '$(srcdir)/'`gen_bpf.c
 
+libseccomp_la-hash.lo: hash.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-hash.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-hash.Tpo -c -o libseccomp_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-hash.Tpo $(DEPDIR)/libseccomp_la-hash.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hash.c' object='libseccomp_la-hash.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
+
+libseccomp_la-db.lo: db.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-db.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-db.Tpo -c -o libseccomp_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-db.Tpo $(DEPDIR)/libseccomp_la-db.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='db.c' object='libseccomp_la-db.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
+
 libseccomp_la-arch.lo: arch.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch.Tpo -c -o libseccomp_la-arch.lo `test -f 'arch.c' || echo '$(srcdir)/'`arch.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch.Tpo $(DEPDIR)/libseccomp_la-arch.Plo
@@ -788,6 +823,62 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-mips64n32-syscalls.lo `test -f 'arch-mips64n32-syscalls.c' || echo '$(srcdir)/'`arch-mips64n32-syscalls.c
 
+libseccomp_la-arch-ppc.lo: arch-ppc.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-ppc.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-ppc.Tpo -c -o libseccomp_la-arch-ppc.lo `test -f 'arch-ppc.c' || echo '$(srcdir)/'`arch-ppc.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-ppc.Tpo $(DEPDIR)/libseccomp_la-arch-ppc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-ppc.c' object='libseccomp_la-arch-ppc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-ppc.lo `test -f 'arch-ppc.c' || echo '$(srcdir)/'`arch-ppc.c
+
+libseccomp_la-arch-ppc-syscalls.lo: arch-ppc-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-ppc-syscalls.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Tpo -c -o libseccomp_la-arch-ppc-syscalls.lo `test -f 'arch-ppc-syscalls.c' || echo '$(srcdir)/'`arch-ppc-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Tpo $(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-ppc-syscalls.c' object='libseccomp_la-arch-ppc-syscalls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-ppc-syscalls.lo `test -f 'arch-ppc-syscalls.c' || echo '$(srcdir)/'`arch-ppc-syscalls.c
+
+libseccomp_la-arch-ppc64.lo: arch-ppc64.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-ppc64.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-ppc64.Tpo -c -o libseccomp_la-arch-ppc64.lo `test -f 'arch-ppc64.c' || echo '$(srcdir)/'`arch-ppc64.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-ppc64.Tpo $(DEPDIR)/libseccomp_la-arch-ppc64.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-ppc64.c' object='libseccomp_la-arch-ppc64.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-ppc64.lo `test -f 'arch-ppc64.c' || echo '$(srcdir)/'`arch-ppc64.c
+
+libseccomp_la-arch-ppc64-syscalls.lo: arch-ppc64-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-ppc64-syscalls.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Tpo -c -o libseccomp_la-arch-ppc64-syscalls.lo `test -f 'arch-ppc64-syscalls.c' || echo '$(srcdir)/'`arch-ppc64-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Tpo $(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-ppc64-syscalls.c' object='libseccomp_la-arch-ppc64-syscalls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-ppc64-syscalls.lo `test -f 'arch-ppc64-syscalls.c' || echo '$(srcdir)/'`arch-ppc64-syscalls.c
+
+libseccomp_la-arch-s390.lo: arch-s390.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-s390.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-s390.Tpo -c -o libseccomp_la-arch-s390.lo `test -f 'arch-s390.c' || echo '$(srcdir)/'`arch-s390.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-s390.Tpo $(DEPDIR)/libseccomp_la-arch-s390.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-s390.c' object='libseccomp_la-arch-s390.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-s390.lo `test -f 'arch-s390.c' || echo '$(srcdir)/'`arch-s390.c
+
+libseccomp_la-arch-s390-syscalls.lo: arch-s390-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-s390-syscalls.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-s390-syscalls.Tpo -c -o libseccomp_la-arch-s390-syscalls.lo `test -f 'arch-s390-syscalls.c' || echo '$(srcdir)/'`arch-s390-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-s390-syscalls.Tpo $(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-s390-syscalls.c' object='libseccomp_la-arch-s390-syscalls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-s390-syscalls.lo `test -f 'arch-s390-syscalls.c' || echo '$(srcdir)/'`arch-s390-syscalls.c
+
+libseccomp_la-arch-s390x.lo: arch-s390x.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-s390x.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-s390x.Tpo -c -o libseccomp_la-arch-s390x.lo `test -f 'arch-s390x.c' || echo '$(srcdir)/'`arch-s390x.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-s390x.Tpo $(DEPDIR)/libseccomp_la-arch-s390x.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-s390x.c' object='libseccomp_la-arch-s390x.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-s390x.lo `test -f 'arch-s390x.c' || echo '$(srcdir)/'`arch-s390x.c
+
+libseccomp_la-arch-s390x-syscalls.lo: arch-s390x-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-s390x-syscalls.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Tpo -c -o libseccomp_la-arch-s390x-syscalls.lo `test -f 'arch-s390x-syscalls.c' || echo '$(srcdir)/'`arch-s390x-syscalls.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Tpo $(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='arch-s390x-syscalls.c' object='libseccomp_la-arch-s390x-syscalls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-s390x-syscalls.lo `test -f 'arch-s390x-syscalls.c' || echo '$(srcdir)/'`arch-s390x-syscalls.c
+
 mostlyclean-libtool:
 	-rm -f *.lo
 
diff -Nru libseccomp-2.2.3/src/python/libseccomp.pxd libseccomp-2.3.1/src/python/libseccomp.pxd
--- libseccomp-2.2.3/src/python/libseccomp.pxd	2015-06-12 20:30:16.264618441 +0000
+++ libseccomp-2.3.1/src/python/libseccomp.pxd	2016-02-22 22:40:55.777446999 +0000
@@ -2,7 +2,7 @@
 # Seccomp Library Python Bindings
 #
 # Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -23,6 +23,11 @@
 
 cdef extern from "seccomp.h":
 
+    cdef struct scmp_version:
+        unsigned int major
+        unsigned int minor
+        unsigned int micro
+
     ctypedef void* scmp_filter_ctx
 
     cdef enum:
@@ -38,11 +43,17 @@
         SCMP_ARCH_MIPSEL
         SCMP_ARCH_MIPSEL64
         SCMP_ARCH_MIPSEL64N32
+        SCMP_ARCH_PPC
+        SCMP_ARCH_PPC64
+        SCMP_ARCH_PPC64LE
+        SCMP_ARCH_S390
+        SCMP_ARCH_S390X
 
     cdef enum scmp_filter_attr:
         SCMP_FLTATR_ACT_DEFAULT
         SCMP_FLTATR_ACT_BADARCH
         SCMP_FLTATR_CTL_NNP
+        SCMP_FLTATR_CTL_TSYNC
 
     cdef enum scmp_compare:
         SCMP_CMP_NE
@@ -68,6 +79,8 @@
         scmp_datum_t datum_a
         scmp_datum_t datum_b
 
+    scmp_version *seccomp_version()
+
     scmp_filter_ctx seccomp_init(uint32_t def_action)
     int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action)
     void seccomp_release(scmp_filter_ctx ctx)
@@ -96,9 +109,16 @@
 
     int seccomp_rule_add(scmp_filter_ctx ctx, uint32_t action,
                          int syscall, unsigned int arg_cnt, ...)
-
+    int seccomp_rule_add_array(scmp_filter_ctx ctx,
+                               uint32_t action, int syscall,
+                               unsigned int arg_cnt,
+                               scmp_arg_cmp *arg_array)
     int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
                                int syscall, unsigned int arg_cnt, ...)
+    int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
+                                     uint32_t action, int syscall,
+                                     unsigned int arg_cnt,
+                                     scmp_arg_cmp *arg_array)
 
     int seccomp_export_pfc(scmp_filter_ctx ctx, int fd)
     int seccomp_export_bpf(scmp_filter_ctx ctx, int fd)
diff -Nru libseccomp-2.2.3/src/python/seccomp.pyx libseccomp-2.3.1/src/python/seccomp.pyx
--- libseccomp-2.2.3/src/python/seccomp.pyx	2015-06-12 20:30:16.264618441 +0000
+++ libseccomp-2.3.1/src/python/seccomp.pyx	2016-02-22 22:40:55.777446999 +0000
@@ -2,7 +2,7 @@
 # Seccomp Library Python Bindings
 #
 # Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -147,6 +147,8 @@
     MIPSEL - MIPS little endian O32 ABI
     MIPSEL64 - MIPS little endian 64-bit ABI
     MIPSEL64N32 - MIPS little endian N32 ABI
+    PPC64 - 64-bit PowerPC
+    PPC - 32-bit PowerPC
     """
 
     cdef int _token
@@ -163,6 +165,11 @@
     MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
     MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
     MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
+    PPC = libseccomp.SCMP_ARCH_PPC
+    PPC64 = libseccomp.SCMP_ARCH_PPC64
+    PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
+    S390 = libseccomp.SCMP_ARCH_S390
+    S390X = libseccomp.SCMP_ARCH_S390X
 
     def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
         """ Initialize the architecture object.
@@ -198,6 +205,16 @@
                 self._token = libseccomp.SCMP_ARCH_MIPSEL64
             elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
                 self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
+            elif arch == libseccomp.SCMP_ARCH_PPC:
+                self._token = libseccomp.SCMP_ARCH_PPC
+            elif arch == libseccomp.SCMP_ARCH_PPC64:
+                self._token = libseccomp.SCMP_ARCH_PPC64
+            elif arch == libseccomp.SCMP_ARCH_PPC64LE:
+                self._token = libseccomp.SCMP_ARCH_PPC64LE
+            elif arch == libseccomp.SCMP_ARCH_S390:
+                self._token = libseccomp.SCMP_ARCH_S390
+            elif arch == libseccomp.SCMP_ARCH_S390X:
+                self._token = libseccomp.SCMP_ARCH_S390X
             else:
                 self._token = 0;
         elif isinstance(arch, basestring):
@@ -223,10 +240,12 @@
     ACT_DEFAULT - the filter's default action
     ACT_BADARCH - the filter's bad architecture action
     CTL_NNP - the filter's "no new privileges" flag
+    CTL_NNP - the filter's thread sync flag
     """
     ACT_DEFAULT = libseccomp.SCMP_FLTATR_ACT_DEFAULT
     ACT_BADARCH = libseccomp.SCMP_FLTATR_ACT_BADARCH
     CTL_NNP = libseccomp.SCMP_FLTATR_CTL_NNP
+    CTL_TSYNC = libseccomp.SCMP_FLTATR_CTL_TSYNC
 
 cdef class Arg:
     """ Python object representing a SyscallFilter syscall argument.
diff -Nru libseccomp-2.2.3/src/python/setup.py libseccomp-2.3.1/src/python/setup.py
--- libseccomp-2.2.3/src/python/setup.py	2015-02-06 22:50:01.420595066 +0000
+++ libseccomp-2.3.1/src/python/setup.py	2016-02-26 19:42:12.881491032 +0000
@@ -4,7 +4,7 @@
 # Enhanced Seccomp Library Python Module Build Script
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -32,7 +32,7 @@
 	version = os.environ["VERSION_RELEASE"],
 	description = "Python binding for libseccomp",
 	long_description = "Python API for the Linux Kernel's syscall filtering capability, seccomp.",
-	url = "http://libseccomp.sf.net",
+	url = "https://github.com/seccomp/libseccomp",
 	maintainer = "Paul Moore",
 	maintainer_email = "paul@paul-moore.com",
 	license = "LGPLv2.1",
diff -Nru libseccomp-2.2.3/src/system.c libseccomp-2.3.1/src/system.c
--- libseccomp-2.2.3/src/system.c	2015-06-28 16:17:00.603527430 +0000
+++ libseccomp-2.3.1/src/system.c	2016-02-26 18:02:27.728938976 +0000
@@ -2,7 +2,7 @@
  * Seccomp System Interfaces
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -23,32 +23,97 @@
 #include <errno.h>
 #include <sys/prctl.h>
 
+#define _GNU_SOURCE
+#include <unistd.h>
+
 #include <seccomp.h>
 
+#include "arch.h"
 #include "db.h"
 #include "gen_bpf.h"
 #include "system.h"
 
+/* NOTE: the seccomp syscall whitelist is currently disabled for testing
+ *       purposes, but unless we can verify all of the supported ABIs before
+ *       our next release we may have to enable the whitelist */
+#define SYSCALL_WHITELIST_ENABLE	0
+
+static int _nr_seccomp = -1;
+static int _support_seccomp_syscall = -1;
+
+/**
+ * Check to see if the seccomp() syscall is supported
+ *
+ * This function attempts to see if the system supports the seccomp() syscall.
+ * Unfortunately, there are a few reasons why this check may fail, including
+ * a previously loaded seccomp filter, so it is hard to say for certain.
+ * Return one if the syscall is supported, zero otherwise.
+ *
+ */
+int sys_chk_seccomp_syscall(void)
+{
+	int rc;
+	int nr_seccomp;
+
+	/* NOTE: it is reasonably safe to assume that we should be able to call
+	 *       seccomp() when the caller first starts, but we can't rely on
+	 *       it later so we need to cache our findings for use later */
+	if (_support_seccomp_syscall >= 0)
+		return _support_seccomp_syscall;
+
+#if SYSCALL_WHITELIST_ENABLE
+	/* architecture whitelist */
+	switch (arch_def_native->token) {
+	case SCMP_ARCH_X86_64:
+	case SCMP_ARCH_ARM:
+	case SCMP_ARCH_AARCH64:
+	case SCMP_ARCH_PPC64:
+	case SCMP_ARCH_PPC64LE:
+	case SCMP_ARCH_S390:
+	case SCMP_ARCH_S390X:
+		break;
+	default:
+		goto unsupported;
+	}
+#endif
+
+	nr_seccomp = arch_syscall_resolve_name(arch_def_native, "seccomp");
+	if (nr_seccomp < 0)
+		goto unsupported;
+
+	/* this is an invalid call because the second argument is non-zero, but
+	 * depending on the errno value of ENOSYS or EINVAL we can guess if the
+	 * seccomp() syscal is supported or not */
+	rc = syscall(nr_seccomp, SECCOMP_SET_MODE_STRICT, 1, NULL);
+	if (rc < 0 && errno == EINVAL)
+		goto supported;
+
+unsupported:
+	_support_seccomp_syscall = 0;
+	return 0;
+supported:
+	_nr_seccomp = nr_seccomp;
+	_support_seccomp_syscall = 1;
+	return 1;
+}
+
 /**
  * Check to see if a seccomp() flag is supported
  * @param flag the seccomp() flag
  *
  * This function checks to see if a seccomp() flag is supported by the system.
- * If the flag is supported zero is returned, negative values otherwise.
+ * If the flag is supported one is returned, zero if unsupported, negative
+ * values on error.
  *
  */
 int sys_chk_seccomp_flag(int flag)
 {
-#ifdef HAVE_SECCOMP
-	switch (flags) {
+	switch (flag) {
 	case SECCOMP_FILTER_FLAG_TSYNC:
-		return 0;
-	default:
-		return -EOPNOTSUPP;
+		return sys_chk_seccomp_syscall();
 	}
-#else
+
 	return -EOPNOTSUPP;
-#endif /* HAVE_SECCOMP */
 }
 
 /**
@@ -64,10 +129,10 @@
 int sys_filter_load(const struct db_filter_col *col)
 {
 	int rc;
-	struct bpf_program *program = NULL;
+	struct bpf_program *prgm = NULL;
 
-	program = gen_bpf_generate(col);
-	if (program == NULL)
+	prgm = gen_bpf_generate(col);
+	if (prgm == NULL)
 		return -ENOMEM;
 
 	/* attempt to set NO_NEW_PRIVS */
@@ -78,23 +143,20 @@
 	}
 
 	/* load the filter into the kernel */
-#ifdef HAVE_SECCOMP
-	{
-		int flags = 0;
+	if (sys_chk_seccomp_syscall() == 1) {
+		int flgs = 0;
 		if (col->attr.tsync_enable)
-			flags = SECCOMP_FILTER_FLAG_TSYNC;
-		rc = seccomp(SECCOMP_SET_MODE_FILTER, flags, program);
+			flgs = SECCOMP_FILTER_FLAG_TSYNC;
+		rc = syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flgs, prgm);
 		if (rc > 0 && col->attr.tsync_enable)
 			/* always return -ESRCH if we fail to sync threads */
-			errno = -ESRCH;
-	}
-#else
-	rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, program);
-#endif /* HAVE_SECCOMP */
+			errno = ESRCH;
+	} else
+		rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, prgm);
 
 filter_load_out:
 	/* cleanup and return */
-	gen_bpf_release(program);
+	gen_bpf_release(prgm);
 	if (rc < 0)
 		return -errno;
 	return 0;
diff -Nru libseccomp-2.2.3/src/system.h libseccomp-2.3.1/src/system.h
--- libseccomp-2.2.3/src/system.h	2015-06-28 16:17:00.664527426 +0000
+++ libseccomp-2.3.1/src/system.h	2016-02-24 17:40:35.184963098 +0000
@@ -2,7 +2,7 @@
  * Seccomp System Interfaces
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -23,10 +23,13 @@
 #define _SYSTEM_H
 
 #include <linux/filter.h>
-#include <linux/prctl.h>
+#include <sys/prctl.h>
 
 #include "configure.h"
 
+/* NOTE: this was taken from the Linux Kernel sources */
+#define MAX_ERRNO		4095
+
 struct db_filter_col;
 
 #ifdef HAVE_LINUX_SECCOMP_H
@@ -62,14 +65,14 @@
 #define SECCOMP_RET_ACTION	0x7fff0000U
 #define SECCOMP_RET_DATA	0x0000ffffU
 
-/*
+/**
  * struct seccomp_data - the format the BPF program executes over.
  * @nr: the system call number
  * @arch: indicates system call convention as an AUDIT_ARCH_* value
- *	  as defined in <linux/audit.h>.
+ *        as defined in <linux/audit.h>.
  * @instruction_pointer: at the time of the system call.
  * @args: up to 6 system call arguments always stored as 64-bit values
- *	  regardless of the architecture.
+ *        regardless of the architecture.
  */
 struct seccomp_data {
 	int nr;
@@ -93,7 +96,7 @@
 #endif
 
 /* operations for the seccomp() syscall */
-#ifndef SECCOMP_MODE_STRICT
+#ifndef SECCOMP_SET_MODE_STRICT
 #define SECCOMP_SET_MODE_STRICT		0
 #endif
 #ifndef SECCOMP_SET_MODE_FILTER
@@ -105,6 +108,7 @@
 #define SECCOMP_FILTER_FLAG_TSYNC	1
 #endif
 
+int sys_chk_seccomp_syscall(void);
 int sys_chk_seccomp_flag(int flag);
 
 int sys_filter_load(const struct db_filter_col *col);
diff -Nru libseccomp-2.2.3/tests/00-test.c libseccomp-2.3.1/tests/00-test.c
--- libseccomp-2.2.3/tests/00-test.c	2015-06-28 16:17:00.670527425 +0000
+++ libseccomp-2.3.1/tests/00-test.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,135 +0,0 @@
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <errno.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-
-#include <seccomp.h>
-
-const int blocks[] = {
-	3,  4,  5,  6,
-	7,  8,  9,  11,
-	12, 13, 14, 15
-};
-
-int block_call(int syscall, enum scmp_compare op, uint64_t value,
-	       scmp_filter_ctx ctx);
-
-int main(int argc, char **argv)
-{
-	int ret_code, socket_syscall_num, i;
-	scmp_filter_ctx filter;
-
-	// Let us make a Seccomp filter
-	filter = seccomp_init(SCMP_ACT_ALLOW);
-
-	if(filter == NULL) {
-		printf("Error initializing filter!\n");
-		return -1;
-	}
-
-	// We need to know which syscall Socket is
-	socket_syscall_num = seccomp_syscall_resolve_name("socket");
-	if(socket_syscall_num == __NR_SCMP_ERROR) {
-		printf("Error looking up syscall number of Socket!\n");
-		return -1;
-	}
-
-#if 0
-	printf("Got syscall number of Socket as %d\n", socket_syscall_num);
-#endif
-
-	// Block all our predefined argument numbers
-	for(i = 0; i < 12; i++) {
-		ret_code = block_call(socket_syscall_num, SCMP_CMP_EQ, blocks[i], filter);
-		if(ret_code != 0) {
-			printf("Error creating filter rule!\n");
-			return -1;
-		}
-	}
-
-#if 1
-	// Block everything over 16
-	ret_code = block_call(socket_syscall_num, SCMP_CMP_GT, 16, filter);
-	if(ret_code != 0) {
-		printf("Error creating filter rule!\n");
-		return -1;
-	}
-#endif
-
-	seccomp_export_bpf(filter, STDOUT_FILENO);
-	exit(0);
-
-	printf("Filter initialized and filled!\n");
-
-	// Load the filter into the kernel
-	ret_code = seccomp_load(filter);
-	if(ret_code != 0) {
-		printf("Filter load failed!\n");
-		return -1;
-	}
-
-	printf("Filter load successful!\n");
-
-	// Release the filter when we're done to free memory
-	seccomp_release(filter);
-
-	// All right. Go through socket invocations. See which ones succeed, which ones fail.
-	for(i = 1; i < AF_MAX; i++) {
-		ret_code = socket(i, 0, SOCK_STREAM);
-
-		if(ret_code != -1) {
-			printf("Socket call for address family %d succeeded!\n", i);
-		} else {
-			printf("Error creating socket for address family %d: %d %s\n", i, ret_code,
-			       strerror(errno));
-		}
-	}
-
-	return 0;
-}
-
-
-/**
- * Add a single rule to a preexisting filter
- */
-int block_call(int syscall, enum scmp_compare op, uint64_t value,
-	       scmp_filter_ctx ctx)
-{
-	struct scmp_arg_cmp *arg;
-	int ret_code;
-
-	// Malloc/free to mimic the way the bindings behave to the greatest extent possible
-	arg = (struct scmp_arg_cmp *)malloc(sizeof(struct scmp_arg_cmp));
-	if(arg == NULL) {
-		printf("Malloc failed!\n");
-		return -1;
-	}
-
-	arg->arg = 0;
-	arg->op = op;
-	arg->datum_a = value;
-	arg->datum_b = 0;
-
-	ret_code = seccomp_rule_add_exact_array(ctx, SCMP_ACT_ERRNO(EPERM), syscall, 1,
-						arg);
-	if(ret_code != 0) {
-		return -1;
-	}
-
-	free(arg);
-
-	return 0;
-}
diff -Nru libseccomp-2.2.3/tests/01-sim-allow.c libseccomp-2.3.1/tests/01-sim-allow.c
--- libseccomp-2.2.3/tests/01-sim-allow.c	2015-06-28 16:17:00.674527425 +0000
+++ libseccomp-2.3.1/tests/01-sim-allow.c	2016-02-11 18:36:42.606652237 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/01-sim-allow.py libseccomp-2.3.1/tests/01-sim-allow.py
--- libseccomp-2.2.3/tests/01-sim-allow.py	2013-02-07 15:12:22.415097308 +0000
+++ libseccomp-2.3.1/tests/01-sim-allow.py	2016-02-11 18:36:42.606652237 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/02-sim-basic.c libseccomp-2.3.1/tests/02-sim-basic.c
--- libseccomp-2.2.3/tests/02-sim-basic.c	2015-06-28 16:17:00.679527424 +0000
+++ libseccomp-2.3.1/tests/02-sim-basic.c	2016-02-11 18:36:42.608652237 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/02-sim-basic.py libseccomp-2.3.1/tests/02-sim-basic.py
--- libseccomp-2.2.3/tests/02-sim-basic.py	2015-06-10 12:30:03.095978514 +0000
+++ libseccomp-2.3.1/tests/02-sim-basic.py	2016-02-11 18:36:42.608652237 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/03-sim-basic_chains.c libseccomp-2.3.1/tests/03-sim-basic_chains.c
--- libseccomp-2.2.3/tests/03-sim-basic_chains.c	2015-06-28 16:17:00.684527424 +0000
+++ libseccomp-2.3.1/tests/03-sim-basic_chains.c	2016-02-11 18:36:42.610652237 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/03-sim-basic_chains.py libseccomp-2.3.1/tests/03-sim-basic_chains.py
--- libseccomp-2.2.3/tests/03-sim-basic_chains.py	2015-06-10 12:30:03.097978514 +0000
+++ libseccomp-2.3.1/tests/03-sim-basic_chains.py	2016-02-11 18:36:42.611652237 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/04-sim-multilevel_chains.c libseccomp-2.3.1/tests/04-sim-multilevel_chains.c
--- libseccomp-2.2.3/tests/04-sim-multilevel_chains.c	2015-06-28 16:17:00.689527424 +0000
+++ libseccomp-2.3.1/tests/04-sim-multilevel_chains.c	2016-02-11 18:36:42.612652236 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/04-sim-multilevel_chains.py libseccomp-2.3.1/tests/04-sim-multilevel_chains.py
--- libseccomp-2.2.3/tests/04-sim-multilevel_chains.py	2015-06-10 12:30:03.097978514 +0000
+++ libseccomp-2.3.1/tests/04-sim-multilevel_chains.py	2016-02-11 18:36:42.613652236 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/05-sim-long_jumps.c libseccomp-2.3.1/tests/05-sim-long_jumps.c
--- libseccomp-2.2.3/tests/05-sim-long_jumps.c	2015-06-28 16:17:00.693527423 +0000
+++ libseccomp-2.3.1/tests/05-sim-long_jumps.c	2016-02-11 18:36:42.615652236 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/05-sim-long_jumps.py libseccomp-2.3.1/tests/05-sim-long_jumps.py
--- libseccomp-2.2.3/tests/05-sim-long_jumps.py	2013-02-07 15:12:22.415097308 +0000
+++ libseccomp-2.3.1/tests/05-sim-long_jumps.py	2016-02-11 18:36:42.616652236 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/06-sim-actions.c libseccomp-2.3.1/tests/06-sim-actions.c
--- libseccomp-2.2.3/tests/06-sim-actions.c	2015-06-28 16:17:00.697527423 +0000
+++ libseccomp-2.3.1/tests/06-sim-actions.c	2016-02-11 18:36:42.617652236 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/06-sim-actions.py libseccomp-2.3.1/tests/06-sim-actions.py
--- libseccomp-2.2.3/tests/06-sim-actions.py	2014-08-27 14:12:31.547296440 +0000
+++ libseccomp-2.3.1/tests/06-sim-actions.py	2016-02-11 18:36:42.618652236 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/07-sim-db_bug_looping.py libseccomp-2.3.1/tests/07-sim-db_bug_looping.py
--- libseccomp-2.2.3/tests/07-sim-db_bug_looping.py	2013-10-30 19:25:42.699582374 +0000
+++ libseccomp-2.3.1/tests/07-sim-db_bug_looping.py	2016-02-11 18:36:42.620652236 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/08-sim-subtree_checks.c libseccomp-2.3.1/tests/08-sim-subtree_checks.c
--- libseccomp-2.2.3/tests/08-sim-subtree_checks.c	2015-06-28 16:17:00.707527422 +0000
+++ libseccomp-2.3.1/tests/08-sim-subtree_checks.c	2016-02-11 18:36:42.623652236 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/08-sim-subtree_checks.py libseccomp-2.3.1/tests/08-sim-subtree_checks.py
--- libseccomp-2.2.3/tests/08-sim-subtree_checks.py	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/08-sim-subtree_checks.py	2016-02-11 18:36:42.624652236 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/09-sim-syscall_priority_pre.c libseccomp-2.3.1/tests/09-sim-syscall_priority_pre.c
--- libseccomp-2.2.3/tests/09-sim-syscall_priority_pre.c	2015-06-28 16:17:00.712527422 +0000
+++ libseccomp-2.3.1/tests/09-sim-syscall_priority_pre.c	2016-02-11 18:36:42.626652235 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/09-sim-syscall_priority_pre.py libseccomp-2.3.1/tests/09-sim-syscall_priority_pre.py
--- libseccomp-2.2.3/tests/09-sim-syscall_priority_pre.py	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/09-sim-syscall_priority_pre.py	2016-02-11 18:36:42.627652235 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/10-sim-syscall_priority_post.c libseccomp-2.3.1/tests/10-sim-syscall_priority_post.c
--- libseccomp-2.2.3/tests/10-sim-syscall_priority_post.c	2015-06-28 16:17:00.717527422 +0000
+++ libseccomp-2.3.1/tests/10-sim-syscall_priority_post.c	2016-02-11 18:36:42.628652235 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/10-sim-syscall_priority_post.py libseccomp-2.3.1/tests/10-sim-syscall_priority_post.py
--- libseccomp-2.2.3/tests/10-sim-syscall_priority_post.py	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/10-sim-syscall_priority_post.py	2016-02-11 18:36:42.629652235 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/11-basic-basic_errors.c libseccomp-2.3.1/tests/11-basic-basic_errors.c
--- libseccomp-2.2.3/tests/11-basic-basic_errors.c	2015-06-28 16:17:00.722527421 +0000
+++ libseccomp-2.3.1/tests/11-basic-basic_errors.c	2016-02-11 18:36:42.631652235 +0000
@@ -130,6 +130,16 @@
 	seccomp_release(ctx);
 	ctx = NULL;
 
+	/* errno values beyond MAX_ERRNO */
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return -1;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(0xffff), 0, 0);
+	if (rc != -EINVAL)
+		return -1;
+	seccomp_release(ctx);
+	ctx = NULL;
+
 	/* seccomp_export_pfc errors */
 	rc = seccomp_export_pfc(ctx, STDOUT_FILENO);
 	if (rc != -EINVAL)
diff -Nru libseccomp-2.2.3/tests/11-basic-basic_errors.py libseccomp-2.3.1/tests/11-basic-basic_errors.py
--- libseccomp-2.2.3/tests/11-basic-basic_errors.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/11-basic-basic_errors.py	2016-02-11 18:36:42.632652235 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -81,6 +81,12 @@
     except RuntimeError:
         pass
 
+    f = SyscallFilter(ALLOW)
+    try:
+        f.add_rule(ERRNO(0xffff), "read")
+    except RuntimeError:
+        pass
+
 test()
 
 # kate: syntax python;
diff -Nru libseccomp-2.2.3/tests/12-sim-basic_masked_ops.c libseccomp-2.3.1/tests/12-sim-basic_masked_ops.c
--- libseccomp-2.2.3/tests/12-sim-basic_masked_ops.c	2015-06-28 16:17:00.726527421 +0000
+++ libseccomp-2.3.1/tests/12-sim-basic_masked_ops.c	2016-02-11 18:36:42.633652235 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/12-sim-basic_masked_ops.py libseccomp-2.3.1/tests/12-sim-basic_masked_ops.py
--- libseccomp-2.2.3/tests/12-sim-basic_masked_ops.py	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/12-sim-basic_masked_ops.py	2016-02-11 18:36:42.634652235 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/12-sim-basic_masked_ops.tests libseccomp-2.3.1/tests/12-sim-basic_masked_ops.tests
--- libseccomp-2.2.3/tests/12-sim-basic_masked_ops.tests	2015-07-08 18:52:06.671315824 +0000
+++ libseccomp-2.3.1/tests/12-sim-basic_masked_ops.tests	2016-02-11 18:36:42.635652235 +0000
@@ -7,38 +7,35 @@
 
 test type: bpf-sim
 
-# Testname			Arch	Syscall	Arg0	Arg1		Arg2	Arg3	Arg4	Arg5	Result
-12-sim-basic_masked_ops		all	1000	0	1		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x01		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x02-0x0A	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x101		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	11		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x0B		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x0C-0x6E	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x1000B		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	111		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x6F		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x70-0x100	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x102-0x200	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x10002-0x1000A	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x1000C-0x1006E	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x1006F		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	1000		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x3E8		2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x2FF		2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x300-0x3FF	2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x400		2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x402-0x4FF	2	N	N	N	KILL
-12-sim-basic_masked_ops		all	1000	0	0x10300-0x103FF	2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x00000000F00003E8	2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x00000000800003E8	2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x00000001800003E8	2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x00000001000003E8	2	N	N	N	ALLOW
-12-sim-basic_masked_ops		all	1000	0	0x0000000F000003E8	2	N	N	N	ALLOW
-# NOTE: disabling the test below due to problems on 32-bit ARM relating to the
-#       shell utilities, see the thread below
-# -> https://groups.google.com/forum/#!topic/libseccomp/VtrClkXxLGA
-#12-sim-basic_masked_ops	all	1000	0	0xFFFFFFFFFFFF03E8	2	N	N	N	ALLOW
+# Testname		Arch	Syscall	Arg0	Arg1		Arg2	Arg3	Arg4	Arg5	Result
+12-sim-basic_masked_ops	all	1000	0	1		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x01		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x02-0x0A	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x101		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	11		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x0B		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x0C-0x6E	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x1000B		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	111		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x6F		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x70-0x100	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x102-0x200	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x10002-0x1000A	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x1000C-0x1006E	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x1006F		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	1000		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x3E8		2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x2FF		2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x300-0x3FF	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x400		2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x402-0x4FF	2	N	N	N	KILL
+12-sim-basic_masked_ops	all	1000	0	0x10300-0x103FF	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x00000000F00003E8	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x00000000800003E8	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x00000001800003E8	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x00000001000003E8	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0x0000000F000003E8	2	N	N	N	ALLOW
+12-sim-basic_masked_ops	all	1000	0	0xFFFFFFFFFFFF03E8	2	N	N	N	ALLOW
 
 test type: bpf-sim-fuzz
 
diff -Nru libseccomp-2.2.3/tests/13-basic-attrs.c libseccomp-2.3.1/tests/13-basic-attrs.c
--- libseccomp-2.2.3/tests/13-basic-attrs.c	2015-06-28 16:17:00.731527421 +0000
+++ libseccomp-2.3.1/tests/13-basic-attrs.c	2016-02-11 18:36:42.636652235 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/13-basic-attrs.py libseccomp-2.3.1/tests/13-basic-attrs.py
--- libseccomp-2.2.3/tests/13-basic-attrs.py	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/13-basic-attrs.py	2016-02-11 18:36:42.637652235 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/14-sim-reset.c libseccomp-2.3.1/tests/14-sim-reset.c
--- libseccomp-2.2.3/tests/14-sim-reset.c	2015-06-28 16:17:00.735527420 +0000
+++ libseccomp-2.3.1/tests/14-sim-reset.c	2016-02-11 18:36:42.638652235 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/14-sim-reset.py libseccomp-2.3.1/tests/14-sim-reset.py
--- libseccomp-2.2.3/tests/14-sim-reset.py	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/14-sim-reset.py	2016-02-11 18:36:42.639652234 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/14-sim-reset.tests libseccomp-2.3.1/tests/14-sim-reset.tests
--- libseccomp-2.2.3/tests/14-sim-reset.tests	2013-10-30 19:25:42.705582374 +0000
+++ libseccomp-2.3.1/tests/14-sim-reset.tests	2016-02-11 18:36:42.639652234 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/15-basic-resolver.c libseccomp-2.3.1/tests/15-basic-resolver.c
--- libseccomp-2.2.3/tests/15-basic-resolver.c	2015-06-28 16:17:00.739527420 +0000
+++ libseccomp-2.3.1/tests/15-basic-resolver.c	2016-04-19 15:27:43.817798464 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -31,7 +31,7 @@
 
 	if (seccomp_syscall_resolve_name("open") != __NR_open)
 		goto fail;
-	if (seccomp_syscall_resolve_name("socket") != __NR_socket)
+	if (seccomp_syscall_resolve_name("read") != __NR_read)
 		goto fail;
 	if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR)
 		goto fail;
@@ -40,7 +40,7 @@
 					      "open") != __NR_open)
 		goto fail;
 	if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE,
-					      "socket") != __NR_socket)
+					      "read") != __NR_read)
 		goto fail;
 	if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE,
 					      "INVALID") != __NR_SCMP_ERROR)
@@ -51,8 +51,8 @@
 		goto fail;
 	free(name);
 
-	name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, __NR_socket);
-	if (name == NULL || strcmp(name, "socket") != 0)
+	name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, __NR_read);
+	if (name == NULL || strcmp(name, "read") != 0)
 		goto fail;
 	free(name);
 
diff -Nru libseccomp-2.2.3/tests/15-basic-resolver.py libseccomp-2.3.1/tests/15-basic-resolver.py
--- libseccomp-2.2.3/tests/15-basic-resolver.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/15-basic-resolver.py	2016-04-19 15:27:43.818798464 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -33,7 +33,7 @@
     # this differs from the native test as we don't support the syscall
     # resolution functions by themselves
     f.add_rule(ALLOW, "open")
-    f.add_rule(ALLOW, "socket")
+    f.add_rule(ALLOW, "read")
     try:
         f.add_rule(ALLOW, "INVALID")
     except RuntimeError:
@@ -43,9 +43,9 @@
     sys_name = resolve_syscall(Arch(), sys_num)
     if (sys_name != "open"):
         raise RuntimeError("Test failure")
-    sys_num = resolve_syscall(Arch(), "socket")
+    sys_num = resolve_syscall(Arch(), "read")
     sys_name = resolve_syscall(Arch(), sys_num)
-    if (sys_name != "socket"):
+    if (sys_name != "read"):
         raise RuntimeError("Test failure")
 
 test()
diff -Nru libseccomp-2.2.3/tests/15-basic-resolver.tests libseccomp-2.3.1/tests/15-basic-resolver.tests
--- libseccomp-2.2.3/tests/15-basic-resolver.tests	2013-02-07 15:12:22.416097319 +0000
+++ libseccomp-2.3.1/tests/15-basic-resolver.tests	2016-02-11 18:36:42.641652234 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: basic
diff -Nru libseccomp-2.2.3/tests/16-sim-arch_basic.c libseccomp-2.3.1/tests/16-sim-arch_basic.c
--- libseccomp-2.2.3/tests/16-sim-arch_basic.c	2015-06-28 16:17:00.744527420 +0000
+++ libseccomp-2.3.1/tests/16-sim-arch_basic.c	2016-02-11 18:36:42.642652234 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -68,6 +68,9 @@
 	rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
+	if (rc != 0)
+		goto out;
 
 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff -Nru libseccomp-2.2.3/tests/16-sim-arch_basic.py libseccomp-2.3.1/tests/16-sim-arch_basic.py
--- libseccomp-2.2.3/tests/16-sim-arch_basic.py	2015-06-10 12:30:03.099978514 +0000
+++ libseccomp-2.3.1/tests/16-sim-arch_basic.py	2016-02-11 18:36:42.643652234 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -39,6 +39,7 @@
     f.add_arch(Arch("mipsel"))
     f.add_arch(Arch("mipsel64"))
     f.add_arch(Arch("mipsel64n32"))
+    f.add_arch(Arch("ppc64le"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff -Nru libseccomp-2.2.3/tests/16-sim-arch_basic.tests libseccomp-2.3.1/tests/16-sim-arch_basic.tests
--- libseccomp-2.2.3/tests/16-sim-arch_basic.tests	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/16-sim-arch_basic.tests	2016-04-20 16:39:05.651163623 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/17-sim-arch_merge.c libseccomp-2.3.1/tests/17-sim-arch_merge.c
--- libseccomp-2.2.3/tests/17-sim-arch_merge.c	2015-06-28 16:17:00.749527419 +0000
+++ libseccomp-2.3.1/tests/17-sim-arch_merge.c	2016-02-11 18:36:42.645652234 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/17-sim-arch_merge.py libseccomp-2.3.1/tests/17-sim-arch_merge.py
--- libseccomp-2.2.3/tests/17-sim-arch_merge.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/17-sim-arch_merge.py	2016-02-11 18:36:42.646652234 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/17-sim-arch_merge.tests libseccomp-2.3.1/tests/17-sim-arch_merge.tests
--- libseccomp-2.2.3/tests/17-sim-arch_merge.tests	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/17-sim-arch_merge.tests	2016-02-11 18:36:42.647652234 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/18-sim-basic_whitelist.c libseccomp-2.3.1/tests/18-sim-basic_whitelist.c
--- libseccomp-2.2.3/tests/18-sim-basic_whitelist.c	2015-06-28 16:17:00.753527419 +0000
+++ libseccomp-2.3.1/tests/18-sim-basic_whitelist.c	2016-02-11 18:36:42.648652234 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/18-sim-basic_whitelist.py libseccomp-2.3.1/tests/18-sim-basic_whitelist.py
--- libseccomp-2.2.3/tests/18-sim-basic_whitelist.py	2015-06-10 12:30:03.099978514 +0000
+++ libseccomp-2.3.1/tests/18-sim-basic_whitelist.py	2016-02-11 18:36:42.648652234 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/18-sim-basic_whitelist.tests libseccomp-2.3.1/tests/18-sim-basic_whitelist.tests
--- libseccomp-2.2.3/tests/18-sim-basic_whitelist.tests	2013-10-30 19:25:42.708582374 +0000
+++ libseccomp-2.3.1/tests/18-sim-basic_whitelist.tests	2016-02-11 18:36:42.649652234 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/19-sim-missing_syscalls.c libseccomp-2.3.1/tests/19-sim-missing_syscalls.c
--- libseccomp-2.2.3/tests/19-sim-missing_syscalls.c	2015-06-28 16:17:00.757527419 +0000
+++ libseccomp-2.3.1/tests/19-sim-missing_syscalls.c	2016-02-11 18:36:42.650652234 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/19-sim-missing_syscalls.py libseccomp-2.3.1/tests/19-sim-missing_syscalls.py
--- libseccomp-2.2.3/tests/19-sim-missing_syscalls.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/19-sim-missing_syscalls.py	2016-02-11 18:36:42.650652234 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/19-sim-missing_syscalls.tests libseccomp-2.3.1/tests/19-sim-missing_syscalls.tests
--- libseccomp-2.2.3/tests/19-sim-missing_syscalls.tests	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/19-sim-missing_syscalls.tests	2016-02-11 18:36:42.651652234 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/20-live-basic_die.c libseccomp-2.3.1/tests/20-live-basic_die.c
--- libseccomp-2.2.3/tests/20-live-basic_die.c	2015-06-28 16:17:00.763527418 +0000
+++ libseccomp-2.3.1/tests/20-live-basic_die.c	2016-02-11 18:36:42.651652234 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/20-live-basic_die.py libseccomp-2.3.1/tests/20-live-basic_die.py
--- libseccomp-2.2.3/tests/20-live-basic_die.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/20-live-basic_die.py	2016-02-11 18:36:42.652652233 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -34,6 +34,7 @@
         util.install_trap()
     f = SyscallFilter(action)
     f.add_rule(ALLOW, "rt_sigreturn")
+    f.add_rule(ALLOW, "sigreturn")
     f.add_rule(ALLOW, "exit_group")
     f.load()
     try:
diff -Nru libseccomp-2.2.3/tests/20-live-basic_die.tests libseccomp-2.3.1/tests/20-live-basic_die.tests
--- libseccomp-2.2.3/tests/20-live-basic_die.tests	2013-02-07 15:14:16.305367687 +0000
+++ libseccomp-2.3.1/tests/20-live-basic_die.tests	2016-02-11 18:36:42.652652233 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: live
diff -Nru libseccomp-2.2.3/tests/21-live-basic_allow.c libseccomp-2.3.1/tests/21-live-basic_allow.c
--- libseccomp-2.2.3/tests/21-live-basic_allow.c	2015-06-28 16:17:00.767527418 +0000
+++ libseccomp-2.3.1/tests/21-live-basic_allow.c	2016-02-11 18:36:42.653652233 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/21-live-basic_allow.py libseccomp-2.3.1/tests/21-live-basic_allow.py
--- libseccomp-2.2.3/tests/21-live-basic_allow.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/21-live-basic_allow.py	2016-02-11 18:36:42.654652233 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -46,6 +46,8 @@
     f.add_rule(ALLOW, "close")
     f.add_rule(ALLOW, "rt_sigaction")
     f.add_rule(ALLOW, "rt_sigreturn")
+    f.add_rule(ALLOW, "sigreturn")
+    f.add_rule(ALLOW, "brk")
     f.add_rule(ALLOW, "exit_group")
     f.load()
     try:
diff -Nru libseccomp-2.2.3/tests/21-live-basic_allow.tests libseccomp-2.3.1/tests/21-live-basic_allow.tests
--- libseccomp-2.2.3/tests/21-live-basic_allow.tests	2013-02-07 15:14:16.305367687 +0000
+++ libseccomp-2.3.1/tests/21-live-basic_allow.tests	2016-02-11 18:36:42.654652233 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: live
diff -Nru libseccomp-2.2.3/tests/22-sim-basic_chains_array.c libseccomp-2.3.1/tests/22-sim-basic_chains_array.c
--- libseccomp-2.2.3/tests/22-sim-basic_chains_array.c	2015-06-28 16:17:00.772527417 +0000
+++ libseccomp-2.3.1/tests/22-sim-basic_chains_array.c	2016-02-11 18:36:42.655652233 +0000
@@ -1,7 +1,7 @@
 /**
  * Seccomp Library test program
  *
- * Author: Paul Moore <pmoore@redhat.com>, Vitaly Shukela <vi0oss@gmail.com>
+ * Author: Paul Moore <paul@paul-moore.com>, Vitaly Shukela <vi0oss@gmail.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/22-sim-basic_chains_array.py libseccomp-2.3.1/tests/22-sim-basic_chains_array.py
--- libseccomp-2.2.3/tests/22-sim-basic_chains_array.py	2015-06-10 12:30:03.099978514 +0000
+++ libseccomp-2.3.1/tests/22-sim-basic_chains_array.py	2016-02-11 18:36:42.656652233 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/23-sim-arch_all_le_basic.c libseccomp-2.3.1/tests/23-sim-arch_all_le_basic.c
--- libseccomp-2.2.3/tests/23-sim-arch_all_le_basic.c	2015-06-28 16:17:00.777527417 +0000
+++ libseccomp-2.3.1/tests/23-sim-arch_all_le_basic.c	2016-02-11 18:36:42.658652233 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -68,6 +68,9 @@
 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
+	if (rc != 0)
+		goto out;
 
 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff -Nru libseccomp-2.2.3/tests/23-sim-arch_all_le_basic.py libseccomp-2.3.1/tests/23-sim-arch_all_le_basic.py
--- libseccomp-2.2.3/tests/23-sim-arch_all_le_basic.py	2015-06-10 12:30:03.100978514 +0000
+++ libseccomp-2.3.1/tests/23-sim-arch_all_le_basic.py	2016-02-11 18:36:42.659652233 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -39,6 +39,7 @@
     f.add_arch(Arch("mipsel"))
     f.add_arch(Arch("mipsel64"))
     f.add_arch(Arch("mipsel64n32"))
+    f.add_arch(Arch("ppc64le"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff -Nru libseccomp-2.2.3/tests/23-sim-arch_all_le_basic.tests libseccomp-2.3.1/tests/23-sim-arch_all_le_basic.tests
--- libseccomp-2.2.3/tests/23-sim-arch_all_le_basic.tests	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/23-sim-arch_all_le_basic.tests	2016-02-11 18:36:42.659652233 +0000
@@ -3,7 +3,7 @@
 #
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/24-live-arg_allow.c libseccomp-2.3.1/tests/24-live-arg_allow.c
--- libseccomp-2.2.3/tests/24-live-arg_allow.c	2015-06-28 16:17:00.782527417 +0000
+++ libseccomp-2.3.1/tests/24-live-arg_allow.c	2016-02-11 18:36:42.661652233 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/24-live-arg_allow.py libseccomp-2.3.1/tests/24-live-arg_allow.py
--- libseccomp-2.2.3/tests/24-live-arg_allow.py	2014-10-21 20:13:10.467150222 +0000
+++ libseccomp-2.3.1/tests/24-live-arg_allow.py	2016-02-11 18:36:42.662652233 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -44,6 +44,7 @@
     f.add_rule(ALLOW, "rt_sigaction")
     f.add_rule(ALLOW, "rt_sigreturn")
     f.add_rule(ALLOW, "exit_group")
+    f.add_rule(ALLOW, "brk")
     f.load()
 
     try:
diff -Nru libseccomp-2.2.3/tests/24-live-arg_allow.tests libseccomp-2.3.1/tests/24-live-arg_allow.tests
--- libseccomp-2.2.3/tests/24-live-arg_allow.tests	2013-03-28 15:33:14.052314344 +0000
+++ libseccomp-2.3.1/tests/24-live-arg_allow.tests	2016-02-11 18:36:42.662652233 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: live
diff -Nru libseccomp-2.2.3/tests/25-sim-multilevel_chains_adv.c libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.c
--- libseccomp-2.2.3/tests/25-sim-multilevel_chains_adv.c	2015-06-28 16:17:00.786527416 +0000
+++ libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.c	2016-02-11 18:36:42.662652233 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/25-sim-multilevel_chains_adv.py libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.py
--- libseccomp-2.2.3/tests/25-sim-multilevel_chains_adv.py	2015-06-10 12:30:03.100978514 +0000
+++ libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.py	2016-02-11 18:36:42.663652233 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/25-sim-multilevel_chains_adv.tests libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.tests
--- libseccomp-2.2.3/tests/25-sim-multilevel_chains_adv.tests	2013-10-30 19:25:42.711582374 +0000
+++ libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.tests	2016-02-11 18:36:42.663652233 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/26-sim-arch_all_be_basic.c libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.c
--- libseccomp-2.2.3/tests/26-sim-arch_all_be_basic.c	2015-06-28 16:17:00.791527416 +0000
+++ libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.c	2016-02-11 18:36:42.664652233 +0000
@@ -52,6 +52,18 @@
 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("s390"));
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("s390x"));
+	if (rc != 0)
+		goto out;
 
 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff -Nru libseccomp-2.2.3/tests/26-sim-arch_all_be_basic.py libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.py
--- libseccomp-2.2.3/tests/26-sim-arch_all_be_basic.py	2015-06-12 20:30:16.265618441 +0000
+++ libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.py	2016-02-11 18:36:42.664652233 +0000
@@ -33,6 +33,10 @@
     f.add_arch(Arch("mips"))
     f.add_arch(Arch("mips64"))
     f.add_arch(Arch("mips64n32"))
+    f.add_arch(Arch("ppc"))
+    f.add_arch(Arch("ppc64"))
+    f.add_arch(Arch("s390"))
+    f.add_arch(Arch("s390x"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff -Nru libseccomp-2.2.3/tests/27-sim-bpf_blk_state.c libseccomp-2.3.1/tests/27-sim-bpf_blk_state.c
--- libseccomp-2.2.3/tests/27-sim-bpf_blk_state.c	2015-07-01 17:50:34.360906715 +0000
+++ libseccomp-2.3.1/tests/27-sim-bpf_blk_state.c	2016-02-11 18:36:42.665652232 +0000
@@ -2,7 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2015 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tests/27-sim-bpf_blk_state.py libseccomp-2.3.1/tests/27-sim-bpf_blk_state.py
--- libseccomp-2.2.3/tests/27-sim-bpf_blk_state.py	2015-07-01 17:50:34.360906715 +0000
+++ libseccomp-2.3.1/tests/27-sim-bpf_blk_state.py	2016-02-11 18:36:42.666652232 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2015 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/27-sim-bpf_blk_state.tests libseccomp-2.3.1/tests/27-sim-bpf_blk_state.tests
--- libseccomp-2.2.3/tests/27-sim-bpf_blk_state.tests	2015-07-01 17:50:34.360906715 +0000
+++ libseccomp-2.3.1/tests/27-sim-bpf_blk_state.tests	2016-02-11 18:36:42.666652232 +0000
@@ -2,7 +2,7 @@
 # libseccomp regression test automation data
 #
 # Copyright (c) 2015 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 test type: bpf-sim
diff -Nru libseccomp-2.2.3/tests/28-sim-arch_x86.py libseccomp-2.3.1/tests/28-sim-arch_x86.py
--- libseccomp-2.2.3/tests/28-sim-arch_x86.py	2015-07-01 17:51:28.603902655 +0000
+++ libseccomp-2.3.1/tests/28-sim-arch_x86.py	2016-02-11 18:36:42.667652232 +0000
@@ -4,7 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2015 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 # Adapted from 29-sim-arch_x86.c by Mathias Krause <minipli@googlemail.com>
 #
diff -Nru libseccomp-2.2.3/tests/28-sim-arch_x86.tests libseccomp-2.3.1/tests/28-sim-arch_x86.tests
--- libseccomp-2.2.3/tests/28-sim-arch_x86.tests	2015-07-01 17:51:47.579901235 +0000
+++ libseccomp-2.3.1/tests/28-sim-arch_x86.tests	2016-02-11 18:36:42.667652232 +0000
@@ -16,11 +16,6 @@
 28-sim-arch_x86	+arm,+x32	read	N	N	N	N	N	N	KILL
 28-sim-arch_x86	+arm,+x32	close	N	N	N	N	N	N	KILL
 
-test type: bpf-sim-fuzz
-
-# Testname	StressCount
-28-sim-arch_x86	50
-
 test type: bpf-valgrind
 
 # Testname
diff -Nru libseccomp-2.2.3/tests/29-sim-pseudo_syscall.c libseccomp-2.3.1/tests/29-sim-pseudo_syscall.c
--- libseccomp-2.2.3/tests/29-sim-pseudo_syscall.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/29-sim-pseudo_syscall.c	2016-02-11 18:36:42.668652232 +0000
@@ -0,0 +1,71 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2015 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	struct util_options opts;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_getopt(argc, argv, &opts);
+	if (rc < 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	/* NOTE: we have to be careful here because some ABIs use syscall
+	 *       offsets which could interfere with our test, x86 is safe */
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
+	if (rc < 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_X86);
+	if (rc < 0)
+		goto out;
+
+	/* SCMP_SYS(sysmips) == 4294957190 (unsigned) */
+	rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(sysmips), 0);
+	if (rc < 0)
+		goto out;
+	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(sysmips), 0);
+	if (rc == 0)
+		goto out;
+	/* -10001 == 4294957295 (unsigned) */
+	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, -11001, 0);
+	if (rc == 0)
+		goto out;
+
+	rc = util_filter_output(&opts, ctx);
+	if (rc)
+		goto out;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff -Nru libseccomp-2.2.3/tests/29-sim-pseudo_syscall.py libseccomp-2.3.1/tests/29-sim-pseudo_syscall.py
--- libseccomp-2.2.3/tests/29-sim-pseudo_syscall.py	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/29-sim-pseudo_syscall.py	2016-02-11 18:36:42.668652232 +0000
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2015 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(ALLOW)
+    f.remove_arch(Arch())
+    f.add_arch(Arch("x86"))
+    f.add_rule(KILL, "sysmips")
+    try:
+        f.add_rule_exactly(KILL, "sysmips")
+    except RuntimeError:
+        pass
+    try:
+        f.add_rule_exactly(KILL, -10001)
+    except RuntimeError:
+        pass
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff -Nru libseccomp-2.2.3/tests/29-sim-pseudo_syscall.tests libseccomp-2.3.1/tests/29-sim-pseudo_syscall.tests
--- libseccomp-2.2.3/tests/29-sim-pseudo_syscall.tests	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/29-sim-pseudo_syscall.tests	2016-02-11 18:36:42.668652232 +0000
@@ -0,0 +1,18 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2015 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: bpf-sim
+
+# Testname		Arch	Syscall		Arg0	Arg1	Arg2	Arg3	Arg4	Arg5	Result
+29-sim-pseudo_syscall	+x86	0-10		N	N	N	N	N	N	ALLOW
+29-sim-pseudo_syscall	+x86	4294957190	N	N	N	N	N	N	ALLOW
+29-sim-pseudo_syscall	+x86	4294957295	N	N	N	N	N	N	ALLOW
+
+test type: bpf-valgrind
+
+# Testname
+29-sim-pseudo_syscall
diff -Nru libseccomp-2.2.3/tests/30-sim-socket_syscalls.c libseccomp-2.3.1/tests/30-sim-socket_syscalls.c
--- libseccomp-2.2.3/tests/30-sim-socket_syscalls.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/30-sim-socket_syscalls.c	2016-02-11 18:36:42.669652232 +0000
@@ -0,0 +1,84 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	struct util_options opts;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_getopt(argc, argv, &opts);
+	if (rc < 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_KILL);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_X86);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_X32);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(connect), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shutdown), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = util_filter_output(&opts, ctx);
+	if (rc)
+		goto out;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff -Nru libseccomp-2.2.3/tests/30-sim-socket_syscalls.py libseccomp-2.3.1/tests/30-sim-socket_syscalls.py
--- libseccomp-2.2.3/tests/30-sim-socket_syscalls.py	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/30-sim-socket_syscalls.py	2016-02-11 18:36:42.669652232 +0000
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.remove_arch(Arch())
+    f.add_arch(Arch("x86"))
+    f.add_arch(Arch("x86_64"))
+    f.add_arch(Arch("x32"))
+    f.add_rule(ALLOW, "socket")
+    f.add_rule(ALLOW, "connect")
+    f.add_rule(ALLOW, "accept")
+    f.add_rule(ALLOW, "accept4")
+    f.add_rule(ALLOW, "shutdown")
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff -Nru libseccomp-2.2.3/tests/30-sim-socket_syscalls.tests libseccomp-2.3.1/tests/30-sim-socket_syscalls.tests
--- libseccomp-2.2.3/tests/30-sim-socket_syscalls.tests	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/30-sim-socket_syscalls.tests	2016-04-10 21:33:50.342181903 +0000
@@ -0,0 +1,31 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: bpf-sim
+
+# Testname		Arch	Syscall		Arg0		Arg1		Arg2	Arg3	Arg4	Arg5	Result
+30-sim-socket_syscalls	+x86	socketcall	1		N		N	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	socketcall	3		N		N	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	socketcall	5		N		N	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	socketcall	13		N		N	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	359		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	362		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	364		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	373		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	accept		5		N		N	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	accept		0		1		2	N	N	N	KILL
+30-sim-socket_syscalls	+x86	accept4		18		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86	accept4		0		1		2	N	N	N	KILL
+30-sim-socket_syscalls	+x86_64	socket		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86_64	connect		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86_64	accept4		0		1		2	N	N	N	ALLOW
+30-sim-socket_syscalls	+x86_64	shutdown	0		1		2	N	N	N	ALLOW
+
+test type: bpf-valgrind
+
+# Testname
+30-sim-socket_syscalls
diff -Nru libseccomp-2.2.3/tests/31-basic-version_check.c libseccomp-2.3.1/tests/31-basic-version_check.c
--- libseccomp-2.2.3/tests/31-basic-version_check.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/31-basic-version_check.c	2016-02-18 19:23:26.500112579 +0000
@@ -0,0 +1,41 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+	const struct scmp_version *ver;
+
+	ver = seccomp_version();
+	if (ver == NULL)
+		return -1;
+
+	if (ver->major != SCMP_VER_MAJOR ||
+	    ver->minor != SCMP_VER_MINOR ||
+	    ver->micro != SCMP_VER_MICRO)
+		return -2;
+
+	return 0;
+}
diff -Nru libseccomp-2.2.3/tests/31-basic-version_check.py libseccomp-2.3.1/tests/31-basic-version_check.py
--- libseccomp-2.2.3/tests/31-basic-version_check.py	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/31-basic-version_check.py	2016-02-18 19:19:07.496131964 +0000
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+# NOTE: this is a NULL test since we don't support the seccomp_version() API
+#       via the libseccomp python bindings
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff -Nru libseccomp-2.2.3/tests/31-basic-version_check.tests libseccomp-2.3.1/tests/31-basic-version_check.tests
--- libseccomp-2.2.3/tests/31-basic-version_check.tests	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/31-basic-version_check.tests	2016-02-22 21:43:54.226703077 +0000
@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: basic
+
+# Test command
+31-basic-version_check
diff -Nru libseccomp-2.2.3/tests/32-live-tsync_allow.c libseccomp-2.3.1/tests/32-live-tsync_allow.c
--- libseccomp-2.2.3/tests/32-live-tsync_allow.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/32-live-tsync_allow.c	2016-02-22 22:44:01.726433083 +0000
@@ -0,0 +1,84 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_action_parse(argv[1]);
+	if (rc != SCMP_ACT_ALLOW) {
+		rc = 1;
+		goto out;
+	}
+
+	rc = util_trap_install();
+	if (rc != 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_TRAP);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_load(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = util_file_write("/dev/null");
+	if (rc != 0)
+		goto out;
+
+	rc = 160;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff -Nru libseccomp-2.2.3/tests/32-live-tsync_allow.py libseccomp-2.3.1/tests/32-live-tsync_allow.py
--- libseccomp-2.2.3/tests/32-live-tsync_allow.py	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/32-live-tsync_allow.py	2016-02-22 22:44:01.726433083 +0000
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test():
+    action = util.parse_action(sys.argv[1])
+    if not action == ALLOW:
+        quit(1)
+    util.install_trap()
+    f = SyscallFilter(TRAP)
+    f.set_attr(Attr.CTL_TSYNC, 1)
+    # NOTE: additional syscalls required for python
+    f.add_rule(ALLOW, "stat")
+    f.add_rule(ALLOW, "fstat")
+    f.add_rule(ALLOW, "open")
+    f.add_rule(ALLOW, "openat")
+    f.add_rule(ALLOW, "mmap")
+    f.add_rule(ALLOW, "munmap")
+    f.add_rule(ALLOW, "read")
+    f.add_rule(ALLOW, "write")
+    f.add_rule(ALLOW, "close")
+    f.add_rule(ALLOW, "rt_sigaction")
+    f.add_rule(ALLOW, "rt_sigreturn")
+    f.add_rule(ALLOW, "sigreturn")
+    f.add_rule(ALLOW, "brk")
+    f.add_rule(ALLOW, "exit_group")
+    f.load()
+    try:
+        util.write_file("/dev/null")
+    except OSError as ex:
+        quit(ex.errno)
+    quit(160)
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff -Nru libseccomp-2.2.3/tests/32-live-tsync_allow.tests libseccomp-2.3.1/tests/32-live-tsync_allow.tests
--- libseccomp-2.2.3/tests/32-live-tsync_allow.tests	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/32-live-tsync_allow.tests	2016-02-22 22:44:01.726433083 +0000
@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: live
+
+# Testname		Result
+32-live-tsync_allow	ALLOW
diff -Nru libseccomp-2.2.3/tests/33-sim-socket_syscalls_be.c libseccomp-2.3.1/tests/33-sim-socket_syscalls_be.c
--- libseccomp-2.2.3/tests/33-sim-socket_syscalls_be.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/33-sim-socket_syscalls_be.c	2016-04-20 17:49:04.575849365 +0000
@@ -0,0 +1,81 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	struct util_options opts;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_getopt(argc, argv, &opts);
+	if (rc < 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_KILL);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_S390);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_S390X);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(connect), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shutdown), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = util_filter_output(&opts, ctx);
+	if (rc)
+		goto out;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff -Nru libseccomp-2.2.3/tests/33-sim-socket_syscalls_be.py libseccomp-2.3.1/tests/33-sim-socket_syscalls_be.py
--- libseccomp-2.2.3/tests/33-sim-socket_syscalls_be.py	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/33-sim-socket_syscalls_be.py	2016-04-20 17:49:04.575849365 +0000
@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.remove_arch(Arch())
+    f.add_arch(Arch("s390"))
+    f.add_arch(Arch("s390x"))
+    f.add_rule(ALLOW, "socket")
+    f.add_rule(ALLOW, "connect")
+    f.add_rule(ALLOW, "accept")
+    f.add_rule(ALLOW, "accept4")
+    f.add_rule(ALLOW, "shutdown")
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff -Nru libseccomp-2.2.3/tests/33-sim-socket_syscalls_be.tests libseccomp-2.3.1/tests/33-sim-socket_syscalls_be.tests
--- libseccomp-2.2.3/tests/33-sim-socket_syscalls_be.tests	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/33-sim-socket_syscalls_be.tests	2016-04-20 17:49:04.575849365 +0000
@@ -0,0 +1,39 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: bpf-sim
+
+# Testname			Arch	Syscall		Arg0		Arg1		Arg2	Arg3	Arg4	Arg5	Result
+33-sim-socket_syscalls_be	+s390	socketcall	1		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	socketcall	3		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	socketcall	5		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	socketcall	13		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	359		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	362		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	364		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	373		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	accept		5		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	accept		0		1		2	N	N	N	KILL
+33-sim-socket_syscalls_be	+s390	accept4		18		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390	accept4		0		1		2	N	N	N	KILL
+33-sim-socket_syscalls_be	+s390x	socketcall	1		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	socketcall	3		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	socketcall	5		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	socketcall	13		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	359		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	362		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	364		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	373		0		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	accept		5		N		N	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	accept		0		1		2	N	N	N	KILL
+33-sim-socket_syscalls_be	+s390x	accept4		18		1		2	N	N	N	ALLOW
+33-sim-socket_syscalls_be	+s390x	accept4		0		1		2	N	N	N	KILL
+
+test type: bpf-valgrind
+
+# Testname
+33-sim-socket_syscalls_be
diff -Nru libseccomp-2.2.3/tests/Makefile.am libseccomp-2.3.1/tests/Makefile.am
--- libseccomp-2.2.3/tests/Makefile.am	2015-07-01 17:52:16.268899087 +0000
+++ libseccomp-2.3.1/tests/Makefile.am	2016-04-20 17:49:04.575849365 +0000
@@ -23,9 +23,12 @@
 util_la_SOURCES = util.c util.h
 util_la_LDFLAGS = -module
 
+miniseq_LDADD =
+
 TESTS = regression
 
 check_PROGRAMS = \
+	miniseq \
 	01-sim-allow \
 	02-sim-basic \
 	03-sim-basic_chains \
@@ -53,7 +56,12 @@
 	25-sim-multilevel_chains_adv \
 	26-sim-arch_all_be_basic \
 	27-sim-bpf_blk_state \
-	28-sim-arch_x86
+	28-sim-arch_x86 \
+	29-sim-pseudo_syscall \
+	30-sim-socket_syscalls \
+	31-basic-version_check \
+	32-live-tsync_allow \
+	33-sim-socket_syscalls_be
 
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -84,7 +92,12 @@
 	25-sim-multilevel_chains_adv.py \
 	26-sim-arch_all_be_basic.py \
 	27-sim-bpf_blk_state.py \
-	28-sim-arch_x86.py
+	28-sim-arch_x86.py \
+	29-sim-pseudo_syscall.py \
+	30-sim-socket_syscalls.py \
+	31-basic-version_check.py \
+	32-live-tsync_allow.py \
+	33-sim-socket_syscalls_be.py
 
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -114,7 +127,12 @@
 	25-sim-multilevel_chains_adv.tests \
 	26-sim-arch_all_be_basic.tests \
 	27-sim-bpf_blk_state.tests \
-	28-sim-arch_x86.tests
+	28-sim-arch_x86.tests \
+	29-sim-pseudo_syscall.tests \
+	30-sim-socket_syscalls.tests \
+	31-basic-version_check.tests \
+	32-live-tsync_allow.tests \
+	33-sim-socket_syscalls_be.tests
 
 EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen
 
@@ -126,6 +144,7 @@
 	${EXTRA_DIST_TESTSCRIPTS} \
 	${EXTRA_DIST_TESTVALGRIND}
 
+nodist_00_test_SOURCES = 00-test.c
 EXTRA_PROGRAMS = 00-test
 
 check-build:
diff -Nru libseccomp-2.2.3/tests/Makefile.in libseccomp-2.3.1/tests/Makefile.in
--- libseccomp-2.2.3/tests/Makefile.in	2015-07-08 19:16:29.066206375 +0000
+++ libseccomp-2.3.1/tests/Makefile.in	2016-04-20 20:11:08.994211376 +0000
@@ -95,10 +95,11 @@
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-check_PROGRAMS = 01-sim-allow$(EXEEXT) 02-sim-basic$(EXEEXT) \
-	03-sim-basic_chains$(EXEEXT) 04-sim-multilevel_chains$(EXEEXT) \
-	05-sim-long_jumps$(EXEEXT) 06-sim-actions$(EXEEXT) \
-	07-sim-db_bug_looping$(EXEEXT) 08-sim-subtree_checks$(EXEEXT) \
+check_PROGRAMS = miniseq$(EXEEXT) 01-sim-allow$(EXEEXT) \
+	02-sim-basic$(EXEEXT) 03-sim-basic_chains$(EXEEXT) \
+	04-sim-multilevel_chains$(EXEEXT) 05-sim-long_jumps$(EXEEXT) \
+	06-sim-actions$(EXEEXT) 07-sim-db_bug_looping$(EXEEXT) \
+	08-sim-subtree_checks$(EXEEXT) \
 	09-sim-syscall_priority_pre$(EXEEXT) \
 	10-sim-syscall_priority_post$(EXEEXT) \
 	11-basic-basic_errors$(EXEEXT) \
@@ -112,7 +113,10 @@
 	23-sim-arch_all_le_basic$(EXEEXT) 24-live-arg_allow$(EXEEXT) \
 	25-sim-multilevel_chains_adv$(EXEEXT) \
 	26-sim-arch_all_be_basic$(EXEEXT) \
-	27-sim-bpf_blk_state$(EXEEXT) 28-sim-arch_x86$(EXEEXT)
+	27-sim-bpf_blk_state$(EXEEXT) 28-sim-arch_x86$(EXEEXT) \
+	29-sim-pseudo_syscall$(EXEEXT) 30-sim-socket_syscalls$(EXEEXT) \
+	31-basic-version_check$(EXEEXT) 32-live-tsync_allow$(EXEEXT) \
+	33-sim-socket_syscalls_be$(EXEEXT)
 EXTRA_PROGRAMS = 00-test$(EXEEXT)
 subdir = tests
 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
@@ -138,8 +142,8 @@
 util_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(util_la_LDFLAGS) $(LDFLAGS) -o $@
-00_test_SOURCES = 00-test.c
-00_test_OBJECTS = 00-test.$(OBJEXT)
+nodist_00_test_OBJECTS = 00-test.$(OBJEXT)
+00_test_OBJECTS = $(nodist_00_test_OBJECTS)
 00_test_LDADD = $(LDADD)
 00_test_DEPENDENCIES = util.la ../src/libseccomp.la
 01_sim_allow_SOURCES = 01-sim-allow.c
@@ -261,6 +265,30 @@
 28_sim_arch_x86_OBJECTS = 28-sim-arch_x86.$(OBJEXT)
 28_sim_arch_x86_LDADD = $(LDADD)
 28_sim_arch_x86_DEPENDENCIES = util.la ../src/libseccomp.la
+29_sim_pseudo_syscall_SOURCES = 29-sim-pseudo_syscall.c
+29_sim_pseudo_syscall_OBJECTS = 29-sim-pseudo_syscall.$(OBJEXT)
+29_sim_pseudo_syscall_LDADD = $(LDADD)
+29_sim_pseudo_syscall_DEPENDENCIES = util.la ../src/libseccomp.la
+30_sim_socket_syscalls_SOURCES = 30-sim-socket_syscalls.c
+30_sim_socket_syscalls_OBJECTS = 30-sim-socket_syscalls.$(OBJEXT)
+30_sim_socket_syscalls_LDADD = $(LDADD)
+30_sim_socket_syscalls_DEPENDENCIES = util.la ../src/libseccomp.la
+31_basic_version_check_SOURCES = 31-basic-version_check.c
+31_basic_version_check_OBJECTS = 31-basic-version_check.$(OBJEXT)
+31_basic_version_check_LDADD = $(LDADD)
+31_basic_version_check_DEPENDENCIES = util.la ../src/libseccomp.la
+32_live_tsync_allow_SOURCES = 32-live-tsync_allow.c
+32_live_tsync_allow_OBJECTS = 32-live-tsync_allow.$(OBJEXT)
+32_live_tsync_allow_LDADD = $(LDADD)
+32_live_tsync_allow_DEPENDENCIES = util.la ../src/libseccomp.la
+33_sim_socket_syscalls_be_SOURCES = 33-sim-socket_syscalls_be.c
+33_sim_socket_syscalls_be_OBJECTS =  \
+	33-sim-socket_syscalls_be.$(OBJEXT)
+33_sim_socket_syscalls_be_LDADD = $(LDADD)
+33_sim_socket_syscalls_be_DEPENDENCIES = util.la ../src/libseccomp.la
+miniseq_SOURCES = miniseq.c
+miniseq_OBJECTS = miniseq.$(OBJEXT)
+miniseq_DEPENDENCIES =
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -295,9 +323,10 @@
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(util_la_SOURCES) 00-test.c 01-sim-allow.c 02-sim-basic.c \
-	03-sim-basic_chains.c 04-sim-multilevel_chains.c \
-	05-sim-long_jumps.c 06-sim-actions.c 07-sim-db_bug_looping.c \
+SOURCES = $(util_la_SOURCES) $(nodist_00_test_SOURCES) 01-sim-allow.c \
+	02-sim-basic.c 03-sim-basic_chains.c \
+	04-sim-multilevel_chains.c 05-sim-long_jumps.c \
+	06-sim-actions.c 07-sim-db_bug_looping.c \
 	08-sim-subtree_checks.c 09-sim-syscall_priority_pre.c \
 	10-sim-syscall_priority_post.c 11-basic-basic_errors.c \
 	12-sim-basic_masked_ops.c 13-basic-attrs.c 14-sim-reset.c \
@@ -307,11 +336,12 @@
 	22-sim-basic_chains_array.c 23-sim-arch_all_le_basic.c \
 	24-live-arg_allow.c 25-sim-multilevel_chains_adv.c \
 	26-sim-arch_all_be_basic.c 27-sim-bpf_blk_state.c \
-	28-sim-arch_x86.c
-DIST_SOURCES = $(util_la_SOURCES) 00-test.c 01-sim-allow.c \
-	02-sim-basic.c 03-sim-basic_chains.c \
-	04-sim-multilevel_chains.c 05-sim-long_jumps.c \
-	06-sim-actions.c 07-sim-db_bug_looping.c \
+	28-sim-arch_x86.c 29-sim-pseudo_syscall.c \
+	30-sim-socket_syscalls.c 31-basic-version_check.c \
+	32-live-tsync_allow.c 33-sim-socket_syscalls_be.c miniseq.c
+DIST_SOURCES = $(util_la_SOURCES) 01-sim-allow.c 02-sim-basic.c \
+	03-sim-basic_chains.c 04-sim-multilevel_chains.c \
+	05-sim-long_jumps.c 06-sim-actions.c 07-sim-db_bug_looping.c \
 	08-sim-subtree_checks.c 09-sim-syscall_priority_pre.c \
 	10-sim-syscall_priority_post.c 11-basic-basic_errors.c \
 	12-sim-basic_masked_ops.c 13-basic-attrs.c 14-sim-reset.c \
@@ -321,7 +351,9 @@
 	22-sim-basic_chains_array.c 23-sim-arch_all_le_basic.c \
 	24-live-arg_allow.c 25-sim-multilevel_chains_adv.c \
 	26-sim-arch_all_be_basic.c 27-sim-bpf_blk_state.c \
-	28-sim-arch_x86.c
+	28-sim-arch_x86.c 29-sim-pseudo_syscall.c \
+	30-sim-socket_syscalls.c 31-basic-version_check.c \
+	32-live-tsync_allow.c 33-sim-socket_syscalls_be.c miniseq.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -496,6 +528,7 @@
 check_LTLIBRARIES = util.la
 util_la_SOURCES = util.c util.h
 util_la_LDFLAGS = -module
+miniseq_LDADD = 
 TESTS = regression
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -526,7 +559,12 @@
 	25-sim-multilevel_chains_adv.py \
 	26-sim-arch_all_be_basic.py \
 	27-sim-bpf_blk_state.py \
-	28-sim-arch_x86.py
+	28-sim-arch_x86.py \
+	29-sim-pseudo_syscall.py \
+	30-sim-socket_syscalls.py \
+	31-basic-version_check.py \
+	32-live-tsync_allow.py \
+	33-sim-socket_syscalls_be.py
 
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -556,7 +594,12 @@
 	25-sim-multilevel_chains_adv.tests \
 	26-sim-arch_all_be_basic.tests \
 	27-sim-bpf_blk_state.tests \
-	28-sim-arch_x86.tests
+	28-sim-arch_x86.tests \
+	29-sim-pseudo_syscall.tests \
+	30-sim-socket_syscalls.tests \
+	31-basic-version_check.tests \
+	32-live-tsync_allow.tests \
+	33-sim-socket_syscalls_be.tests
 
 EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen
 EXTRA_DIST_TESTVALGRIND = valgrind_test.supp
@@ -566,6 +609,7 @@
 	${EXTRA_DIST_TESTSCRIPTS} \
 	${EXTRA_DIST_TESTVALGRIND}
 
+nodist_00_test_SOURCES = 00-test.c
 all: all-am
 
 .SUFFIXES:
@@ -740,6 +784,30 @@
 	@rm -f 28-sim-arch_x86$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(28_sim_arch_x86_OBJECTS) $(28_sim_arch_x86_LDADD) $(LIBS)
 
+29-sim-pseudo_syscall$(EXEEXT): $(29_sim_pseudo_syscall_OBJECTS) $(29_sim_pseudo_syscall_DEPENDENCIES) $(EXTRA_29_sim_pseudo_syscall_DEPENDENCIES) 
+	@rm -f 29-sim-pseudo_syscall$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(29_sim_pseudo_syscall_OBJECTS) $(29_sim_pseudo_syscall_LDADD) $(LIBS)
+
+30-sim-socket_syscalls$(EXEEXT): $(30_sim_socket_syscalls_OBJECTS) $(30_sim_socket_syscalls_DEPENDENCIES) $(EXTRA_30_sim_socket_syscalls_DEPENDENCIES) 
+	@rm -f 30-sim-socket_syscalls$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(30_sim_socket_syscalls_OBJECTS) $(30_sim_socket_syscalls_LDADD) $(LIBS)
+
+31-basic-version_check$(EXEEXT): $(31_basic_version_check_OBJECTS) $(31_basic_version_check_DEPENDENCIES) $(EXTRA_31_basic_version_check_DEPENDENCIES) 
+	@rm -f 31-basic-version_check$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(31_basic_version_check_OBJECTS) $(31_basic_version_check_LDADD) $(LIBS)
+
+32-live-tsync_allow$(EXEEXT): $(32_live_tsync_allow_OBJECTS) $(32_live_tsync_allow_DEPENDENCIES) $(EXTRA_32_live_tsync_allow_DEPENDENCIES) 
+	@rm -f 32-live-tsync_allow$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(32_live_tsync_allow_OBJECTS) $(32_live_tsync_allow_LDADD) $(LIBS)
+
+33-sim-socket_syscalls_be$(EXEEXT): $(33_sim_socket_syscalls_be_OBJECTS) $(33_sim_socket_syscalls_be_DEPENDENCIES) $(EXTRA_33_sim_socket_syscalls_be_DEPENDENCIES) 
+	@rm -f 33-sim-socket_syscalls_be$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(33_sim_socket_syscalls_be_OBJECTS) $(33_sim_socket_syscalls_be_LDADD) $(LIBS)
+
+miniseq$(EXEEXT): $(miniseq_OBJECTS) $(miniseq_DEPENDENCIES) $(EXTRA_miniseq_DEPENDENCIES) 
+	@rm -f miniseq$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(miniseq_OBJECTS) $(miniseq_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
@@ -775,6 +843,12 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/26-sim-arch_all_be_basic.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/27-sim-bpf_blk_state.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/28-sim-arch_x86.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/29-sim-pseudo_syscall.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/30-sim-socket_syscalls.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/31-basic-version_check.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/32-live-tsync_allow.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/33-sim-socket_syscalls_be.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/miniseq.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Plo@am__quote@
 
 .c.o:
diff -Nru libseccomp-2.2.3/tests/miniseq.c libseccomp-2.3.1/tests/miniseq.c
--- libseccomp-2.2.3/tests/miniseq.c	1970-01-01 00:00:00.000000000 +0000
+++ libseccomp-2.3.1/tests/miniseq.c	2016-02-25 18:46:53.948445334 +0000
@@ -0,0 +1,57 @@
+/**
+ * Seccomp Library test support program
+ *
+ * Copyright (c) 2015 Mathias Krause <minipli@googlemail.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <inttypes.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <errno.h>
+
+static int get_number(char *str, uint64_t *res)
+{
+	char *end = str;
+
+	errno = 0;
+	*res = strtoull(str, &end, 0);
+	if (errno || *end != '\0') {
+		fprintf(stderr, "error: failed to convert '%s'\n", str);
+		return -1;
+	}
+
+	return 0;
+}
+
+int main(int argc, char *argv[])
+{
+	uint64_t first, last, cur;
+
+	if (argc != 3) {
+		fprintf(stderr, "usage: %s FIRST LAST\n", argv[0]);
+		return 1;
+	}
+
+	if (get_number(argv[1], &first) || get_number(argv[2], &last))
+		return 1;
+
+	for (cur = first; cur <= last; cur++)
+		printf("%" PRIu64 "\n", cur);
+
+	return 0;
+}
diff -Nru libseccomp-2.2.3/tests/regression libseccomp-2.3.1/tests/regression
--- libseccomp-2.2.3/tests/regression	2015-07-08 15:19:31.782270431 +0000
+++ libseccomp-2.3.1/tests/regression	2016-04-20 20:08:22.393223845 +0000
@@ -21,8 +21,15 @@
 # along with this library; if not, see <http://www.gnu.org/licenses>.
 #
 
-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
+GLBL_ARCH_LE_SUPPORT=" \
+	x86 x86_64 x32 \
+	arm aarch64 \
+	mipsel mipsel64 mipsel64n32 \
+	ppc64le"
+GLBL_ARCH_BE_SUPPORT=" \
+	mips mips64 mips64n32 \
+	ppc ppc64 \
+	s390 s390x"
 
 GLBL_SYS_ARCH="../tools/scmp_arch_detect"
 GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
@@ -164,6 +171,33 @@
 }
 
 #
+# Get the number sequence for a given range with increments of 1, i.e.
+# implement a specialized seq(1).
+#
+# We use our own implementation based on miniseq in favour to the standard seq
+# tool as, at least, seq of coreutils v8.23 and v8.24 has problems on 32 bit
+# ARM for large numbers (see the mailing thread at
+# https://groups.google.com/forum/#!topic/libseccomp/VtrClkXxLGA).
+#
+# Arguments:
+#     1    starting value
+#     2    last value
+#
+function get_seq() {
+	# NOTE: this whole thing is a bit hacky, but we need to search around
+	#       for miniseq to fix 'make distcheck', someday we should fix this
+	if [[ -x ./miniseq ]]; then
+		./miniseq "$1" "$2"
+	elif [[ -x $basedir/miniseq ]]; then
+		$basedir/miniseq "$1" "$2"
+	else
+		# we're often run from a subshell, so we can't simply exit
+		echo "error: unable to find miniseq" >&2
+		kill $pid
+	fi
+}
+
+#
 # Run the specified test command (with valgrind if requested)
 #
 # Arguments:
@@ -245,7 +279,7 @@
 	local testname=${line[0]}
 	local stress_count=${line[1]}
 
-	for i in $(seq 1 $stress_count); do
+	for i in $(get_seq 1 $stress_count); do
 		local sys=$(generate_random_data)
 		local -a arg=($(generate_random_data) $(generate_random_data) \
 			      $(generate_random_data) $(generate_random_data) \
@@ -462,13 +496,13 @@
 		# and arg ranges and generate/run every combination of requested
 		# tests; if no ranges were specifed, then the single test is
 		# run
-		for sys in $(seq -f "%1.0f" $low_syscall $high_syscall); do
-		for arg0 in $(seq -f "%1.0f" ${low_arg[0]} ${high_arg[0]}); do
-		for arg1 in $(seq -f "%1.0f" ${low_arg[1]} ${high_arg[1]}); do
-		for arg2 in $(seq -f "%1.0f" ${low_arg[2]} ${high_arg[2]}); do
-		for arg3 in $(seq -f "%1.0f" ${low_arg[3]} ${high_arg[3]}); do
-		for arg4 in $(seq -f "%1.0f" ${low_arg[4]} ${high_arg[4]}); do
-		for arg5 in $(seq -f "%1.0f" ${low_arg[5]} ${high_arg[5]}); do
+		for sys in $(get_seq $low_syscall $high_syscall); do
+		for arg0 in $(get_seq ${low_arg[0]} ${high_arg[0]}); do
+		for arg1 in $(get_seq ${low_arg[1]} ${high_arg[1]}); do
+		for arg2 in $(get_seq ${low_arg[2]} ${high_arg[2]}); do
+		for arg3 in $(get_seq ${low_arg[3]} ${high_arg[3]}); do
+		for arg4 in $(get_seq ${low_arg[4]} ${high_arg[4]}); do
+		for arg5 in $(get_seq ${low_arg[5]} ${high_arg[5]}); do
 			local -a arg=($arg0 $arg1 $arg2 $arg3 $arg4 $arg5)
 
 			# Get the generated sub-test num string
@@ -667,7 +701,7 @@
 
 	# setup the arch specific return values
 	case "$arch" in
-	x86|x86_64|x32|arm|aarch64)
+	x86|x86_64|x32|arm|aarch64|ppc|ppc64|ppc64le|ppc|s390|s390x)
 		rc_kill=159
 		rc_allow=160
 		rc_trap=161
@@ -827,7 +861,6 @@
 verify_deps head
 verify_deps sed
 verify_deps awk
-verify_deps seq
 verify_deps tr
 
 # global variables
@@ -853,6 +886,9 @@
 # set the test root directory
 basedir=$(dirname $0)
 
+# set the test harness pid
+pid=$$
+
 # parse the command line
 while getopts "ab:gl:m:s:t:T:vh" opt; do
 	case $opt in
diff -Nru libseccomp-2.2.3/tests/testdiff libseccomp-2.3.1/tests/testdiff
--- libseccomp-2.2.3/tests/testdiff	2013-10-30 19:25:42.714582374 +0000
+++ libseccomp-2.3.1/tests/testdiff	2016-02-11 18:36:42.704652230 +0000
@@ -4,7 +4,7 @@
 # libseccomp test diff generator
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/testgen libseccomp-2.3.1/tests/testgen
--- libseccomp-2.2.3/tests/testgen	2014-10-21 20:13:10.468150222 +0000
+++ libseccomp-2.3.1/tests/testgen	2016-02-11 18:36:42.705652229 +0000
@@ -4,7 +4,7 @@
 # libseccomp test output generator
 #
 # Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tests/util.py libseccomp-2.3.1/tests/util.py
--- libseccomp-2.2.3/tests/util.py	2013-02-07 15:12:54.707458078 +0000
+++ libseccomp-2.3.1/tests/util.py	2016-02-11 18:36:42.708652229 +0000
@@ -2,7 +2,7 @@
 # Seccomp Library utility code for tests
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tools/bpf.h libseccomp-2.3.1/tools/bpf.h
--- libseccomp-2.2.3/tools/bpf.h	2015-06-28 16:17:00.843527412 +0000
+++ libseccomp-2.3.1/tools/bpf.h	2016-02-11 18:37:06.639650438 +0000
@@ -2,7 +2,7 @@
  * BPF Language Definitions
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tools/check-syntax libseccomp-2.3.1/tools/check-syntax
--- libseccomp-2.2.3/tools/check-syntax	2015-07-08 19:16:23.415206798 +0000
+++ libseccomp-2.3.1/tools/check-syntax	2016-02-11 18:37:06.641650438 +0000
@@ -3,8 +3,8 @@
 #
 # libseccomp code syntax checking tool
 #
-# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Copyright (c) 2013,2015 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
@@ -54,18 +54,17 @@
 libseccomp code syntax checking tool
 optional arguments:
   -h             show this help message and exit
+  -f             fix the file formatting
 EOF
 }
 
 #
-# Check the formatting on a C source/header file
+# Generate a properly formatted C source/header file
 #
 # Arguments:
-#     1    File to check
+#     1    Source file
 #
 function tool_c_style() {
-	[[ -z "$1" || ! -r "$1" ]] && return
-
 	astyle --options=none --lineend=linux --mode=c \
 		--style=linux \
 		--indent=force-tab=8 \
@@ -77,8 +76,33 @@
 		--align-pointer=name \
 		--align-reference=name \
 		--max-code-length=80 \
-		--break-after-logical < "$1" \
-		| diff -pu --label="$1.orig" "$1" --label="$1" -
+		--break-after-logical < "$1"
+}
+
+#
+# Check the formatting on a C source/header file
+#
+# Arguments:
+#     1    File to check
+#
+function tool_c_style_check() {
+	[[ -z "$1" || ! -r "$1" ]] && return
+
+	tool_c_style "$1" | diff -pu --label="$1.orig" "$1" --label="$1" -
+}
+
+#
+# Fix the formatting on a C source/header file
+#
+# Arguments:
+#     1    File to fix
+#
+function tool_c_style_fix() {
+	[[ -z "$1" || ! -r "$1" ]] && return
+
+	tmp="$(mktemp --tmpdir=$(dirname "$1"))"
+	tool_c_style "$1" > "$tmp"
+	mv "$tmp" "$1"
 }
 
 #
@@ -88,7 +112,18 @@
 	for i in $CHK_C_LIST; do
 		echo "$CHK_C_EXCLUDE" | grep -q "$i" && continue
 		echo "Differences for $i"
-		tool_c_style "$i"
+		tool_c_style_check "$i"
+	done
+}
+
+#
+# Perform all known syntax fixess for the configured C sources/headers
+#
+function fix_c() {
+	for i in $CHK_C_LIST; do
+		echo "$CHK_C_EXCLUDE" | grep -q "$i" && continue
+		echo "Fixing $i"
+		tool_c_style_fix "$i"
 	done
 }
 
@@ -97,8 +132,13 @@
 
 verify_deps astyle
 
-while getopts "h" opt; do
+opt_fix=0
+
+while getopts "fh" opt; do
 	case $opt in
+	f)
+		opt_fix=1
+		;;
 	h|*)
 		usage
 		exit 1
@@ -109,7 +149,11 @@
 # display the results
 echo "=============== $(date) ==============="
 echo "Code Syntax Check Results (\"check-syntax $*\")"
-check_c
+if [[ $opt_fix -eq 1 ]]; then
+	fix_c
+else
+	check_c
+fi
 echo "============================================================"
 
 # exit
diff -Nru libseccomp-2.2.3/tools/Makefile.am libseccomp-2.3.1/tools/Makefile.am
--- libseccomp-2.2.3/tools/Makefile.am	2015-07-01 17:50:58.936904875 +0000
+++ libseccomp-2.3.1/tools/Makefile.am	2016-02-26 19:39:32.584503029 +0000
@@ -16,7 +16,7 @@
 # along with this library; if not, see <http://www.gnu.org/licenses>.
 #
 
-AM_CPPFLAGS = -I$(top_builddir)/include
+AM_CPPFLAGS = -I${top_builddir}/include
 
 noinst_LTLIBRARIES = util.la
 util_la_SOURCES = util.c util.h bpf.h
diff -Nru libseccomp-2.2.3/tools/Makefile.in libseccomp-2.3.1/tools/Makefile.in
--- libseccomp-2.2.3/tools/Makefile.in	2015-07-08 19:16:29.095206373 +0000
+++ libseccomp-2.3.1/tools/Makefile.in	2016-04-20 20:11:09.026211374 +0000
@@ -215,7 +215,7 @@
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
 AM_CFLAGS = @AM_CFLAGS@
-AM_CPPFLAGS = -I$(top_builddir)/include
+AM_CPPFLAGS = -I${top_builddir}/include
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AM_LDFLAGS = @AM_LDFLAGS@
 AR = @AR@
diff -Nru libseccomp-2.2.3/tools/scmp_app_inspector libseccomp-2.3.1/tools/scmp_app_inspector
--- libseccomp-2.2.3/tools/scmp_app_inspector	2013-05-29 18:45:36.495153620 +0000
+++ libseccomp-2.3.1/tools/scmp_app_inspector	2016-02-11 18:37:06.642650438 +0000
@@ -4,7 +4,7 @@
 # Runtime syscall inspector
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
 #
 
 #
diff -Nru libseccomp-2.2.3/tools/scmp_arch_detect.c libseccomp-2.3.1/tools/scmp_arch_detect.c
--- libseccomp-2.2.3/tools/scmp_arch_detect.c	2015-06-28 16:17:00.816527414 +0000
+++ libseccomp-2.3.1/tools/scmp_arch_detect.c	2016-02-11 18:37:06.644650438 +0000
@@ -2,7 +2,7 @@
  * Architecture Detector
  *
  * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -99,6 +99,21 @@
 		case SCMP_ARCH_MIPSEL64N32:
 			printf("mipsel64n32\n");
 			break;
+		case SCMP_ARCH_PPC:
+			printf("ppc\n");
+			break;
+		case SCMP_ARCH_PPC64:
+			printf("ppc64\n");
+			break;
+		case SCMP_ARCH_PPC64LE:
+			printf("ppc64le\n");
+			break;
+		case SCMP_ARCH_S390:
+			printf("s390\n");
+			break;
+		case SCMP_ARCH_S390X:
+			printf("s390x\n");
+			break;
 		default:
 			printf("unknown\n");
 		}
diff -Nru libseccomp-2.2.3/tools/scmp_bpf_disasm.c libseccomp-2.3.1/tools/scmp_bpf_disasm.c
--- libseccomp-2.2.3/tools/scmp_bpf_disasm.c	2015-06-28 16:17:00.823527414 +0000
+++ libseccomp-2.3.1/tools/scmp_bpf_disasm.c	2016-02-11 18:37:06.649650437 +0000
@@ -2,7 +2,7 @@
  * BPF Disassembler
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -24,6 +24,7 @@
 #include <inttypes.h>
 #include <limits.h>
 #include <stdlib.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -37,13 +38,26 @@
 #define _OP_FMT			"%-3s"
 
 /**
+ * Print the usage information to stderr and exit
+ * @param program the name of the current program being invoked
+ *
+ * Print the usage information and exit with EINVAL.
+ *
+ */
+static void exit_usage(const char *program)
+{
+	fprintf(stderr, "usage: %s -a <arch> [-d] [-h]\n", program);
+	exit(EINVAL);
+}
+
+/**
  * Decode the BPF operand
  * @param bpf the BPF instruction
  *
  * Decode the BPF operand and print it to stdout.
  *
  */
-static void bpf_decode_op(const bpf_instr_raw *bpf)
+static const char *bpf_decode_op(const bpf_instr_raw *bpf)
 {
 	switch (bpf->code) {
 	case BPF_LD+BPF_W+BPF_IMM:
@@ -52,24 +66,21 @@
 	case BPF_LD+BPF_W+BPF_MEM:
 	case BPF_LD+BPF_W+BPF_LEN:
 	case BPF_LD+BPF_W+BPF_MSH:
-		printf(_OP_FMT, "ld");
-		break;
+		return "ld";
 	case BPF_LD+BPF_H+BPF_IMM:
 	case BPF_LD+BPF_H+BPF_ABS:
 	case BPF_LD+BPF_H+BPF_IND:
 	case BPF_LD+BPF_H+BPF_MEM:
 	case BPF_LD+BPF_H+BPF_LEN:
 	case BPF_LD+BPF_H+BPF_MSH:
-		printf(_OP_FMT, "ldh");
-		break;
+		return "ldh";
 	case BPF_LD+BPF_B+BPF_IMM:
 	case BPF_LD+BPF_B+BPF_ABS:
 	case BPF_LD+BPF_B+BPF_IND:
 	case BPF_LD+BPF_B+BPF_MEM:
 	case BPF_LD+BPF_B+BPF_LEN:
 	case BPF_LD+BPF_B+BPF_MSH:
-		printf(_OP_FMT, "ldb");
-		break;
+		return "ldb";
 	case BPF_LDX+BPF_W+BPF_IMM:
 	case BPF_LDX+BPF_W+BPF_ABS:
 	case BPF_LDX+BPF_W+BPF_IND:
@@ -88,83 +99,95 @@
 	case BPF_LDX+BPF_B+BPF_MEM:
 	case BPF_LDX+BPF_B+BPF_LEN:
 	case BPF_LDX+BPF_B+BPF_MSH:
-		printf(_OP_FMT, "ldx");
-		break;
+		return "ldx";
 	case BPF_ST:
-		printf(_OP_FMT, "st");
-		break;
+		return "st";
 	case BPF_STX:
-		printf(_OP_FMT, "stx");
-		break;
+		return "stx";
 	case BPF_ALU+BPF_ADD+BPF_K:
 	case BPF_ALU+BPF_ADD+BPF_X:
-		printf(_OP_FMT, "add");
-		break;
+		return "add";
 	case BPF_ALU+BPF_SUB+BPF_K:
 	case BPF_ALU+BPF_SUB+BPF_X:
-		printf(_OP_FMT, "sub");
-		break;
+		return "sub";
 	case BPF_ALU+BPF_MUL+BPF_K:
 	case BPF_ALU+BPF_MUL+BPF_X:
-		printf(_OP_FMT, "mul");
-		break;
+		return "mul";
 	case BPF_ALU+BPF_DIV+BPF_K:
 	case BPF_ALU+BPF_DIV+BPF_X:
-		printf(_OP_FMT, "div");
-		break;
+		return "div";
 	case BPF_ALU+BPF_OR+BPF_K:
 	case BPF_ALU+BPF_OR+BPF_X:
-		printf(_OP_FMT, "or");
-		break;
+		return "or";
 	case BPF_ALU+BPF_AND+BPF_K:
 	case BPF_ALU+BPF_AND+BPF_X:
-		printf(_OP_FMT, "and");
-		break;
+		return "and";
 	case BPF_ALU+BPF_LSH+BPF_K:
 	case BPF_ALU+BPF_LSH+BPF_X:
-		printf(_OP_FMT, "lsh");
-		break;
+		return "lsh";
 	case BPF_ALU+BPF_RSH+BPF_K:
 	case BPF_ALU+BPF_RSH+BPF_X:
-		printf(_OP_FMT, "rsh");
-		break;
+		return "rsh";
 	case BPF_ALU+BPF_NEG+BPF_K:
 	case BPF_ALU+BPF_NEG+BPF_X:
-		printf(_OP_FMT, "neg");
-		break;
+		return "neg";
 	case BPF_JMP+BPF_JA+BPF_K:
 	case BPF_JMP+BPF_JA+BPF_X:
-		printf(_OP_FMT, "jmp");
-		break;
+		return "jmp";
 	case BPF_JMP+BPF_JEQ+BPF_K:
 	case BPF_JMP+BPF_JEQ+BPF_X:
-		printf(_OP_FMT, "jeq");
-		break;
+		return "jeq";
 	case BPF_JMP+BPF_JGT+BPF_K:
 	case BPF_JMP+BPF_JGT+BPF_X:
-		printf(_OP_FMT, "jgt");
-		break;
+		return "jgt";
 	case BPF_JMP+BPF_JGE+BPF_K:
 	case BPF_JMP+BPF_JGE+BPF_X:
-		printf(_OP_FMT, "jge");
-		break;
+		return "jge";
 	case BPF_JMP+BPF_JSET+BPF_K:
 	case BPF_JMP+BPF_JSET+BPF_X:
-		printf(_OP_FMT, "jset");
-		break;
+		return "jset";
 	case BPF_RET+BPF_K:
 	case BPF_RET+BPF_X:
 	case BPF_RET+BPF_A:
-		printf(_OP_FMT, "ret");
-		break;
+		return "ret";
 	case BPF_MISC+BPF_TAX:
-		printf(_OP_FMT, "tax");
-		break;
+		return "tax";
 	case BPF_MISC+BPF_TXA:
-		printf(_OP_FMT, "txa");
+		return "txa";
+	}
+	return "???";
+}
+
+/**
+ * Decode a RET action
+ * @param k the return action
+ *
+ * Decode the action and print it to stdout.
+ *
+ */
+static void bpf_decode_action(uint32_t k)
+{
+	uint32_t act = k & SECCOMP_RET_ACTION;
+	uint32_t data = k & SECCOMP_RET_DATA;
+
+	switch (act) {
+	case SECCOMP_RET_KILL:
+		printf("KILL");
+		break;
+	case SECCOMP_RET_TRAP:
+		printf("TRAP");
+		break;
+	case SECCOMP_RET_ERRNO:
+		printf("ERRNO(%u)", data);
+		break;
+	case SECCOMP_RET_TRACE:
+		printf("TRACE(%u)", data);
+		break;
+	case SECCOMP_RET_ALLOW:
+		printf("ALLOW");
 		break;
 	default:
-		printf(_OP_FMT, "???");
+		printf("0x%.8x", k);
 	}
 }
 
@@ -189,6 +212,18 @@
 		case BPF_MEM:
 			printf("$temp[%u]", bpf->k);
 			break;
+		case BPF_IMM:
+			printf("%u", bpf->k);
+			break;
+		case BPF_IND:
+			printf("$data[X + %u]", bpf->k);
+			break;
+		case BPF_LEN:
+			printf("len($data)");
+			break;
+		case BPF_MSH:
+			printf("4 * $data[%u] & 0x0f", bpf->k);
+			break;
 		}
 		break;
 	case BPF_ST:
@@ -223,28 +258,7 @@
 			/* XXX - accumulator? */
 			printf("$acc");
 		} else if (BPF_SRC(bpf->code) == BPF_K) {
-			uint32_t act = bpf->k & SECCOMP_RET_ACTION;
-			uint32_t data = bpf->k & SECCOMP_RET_DATA;
-
-			switch (act) {
-			case SECCOMP_RET_KILL:
-				printf("KILL");
-				break;
-			case SECCOMP_RET_TRAP:
-				printf("TRAP");
-				break;
-			case SECCOMP_RET_ERRNO:
-				printf("ERRNO(%u)", data);
-				break;
-			case SECCOMP_RET_TRACE:
-				printf("TRACE(%u)", data);
-				break;
-			case SECCOMP_RET_ALLOW:
-				printf("ALLOW");
-				break;
-			default:
-				printf("0x%.8x", bpf->k);
-			}
+			bpf_decode_action(bpf->k);
 		} else if (BPF_SRC(bpf->code) == BPF_X) {
 			/* XXX - any idea? */
 			printf("???");
@@ -286,7 +300,7 @@
 
 		/* display the assembler statements */
 		printf("   ");
-		bpf_decode_op(&bpf);
+		printf(_OP_FMT, bpf_decode_op(&bpf));
 		printf(" ");
 		bpf_decode_args(&bpf, line);
 		printf("\n");
@@ -300,16 +314,154 @@
 }
 
 /**
+ * Decode the BPF arguments (JT, JF, and K)
+ * @param bpf the BPF instruction
+ * @param line the current line number
+ *
+ * Decode the BPF arguments (JT, JF, and K) and print the relevant information
+ * to stdout based on the operand.
+ *
+ */
+static void bpf_dot_decode_args(const bpf_instr_raw *bpf, unsigned int line)
+{
+	const char *op = bpf_decode_op(bpf);
+
+	printf("\tline%d[label=\"%s", line, op);
+	switch (BPF_CLASS(bpf->code)) {
+	case BPF_LD:
+	case BPF_LDX:
+		switch (BPF_MODE(bpf->code)) {
+		case BPF_ABS:
+			printf(" $data[%u]\",shape=parallelogram]\n", bpf->k);
+			break;
+		case BPF_MEM:
+			printf(" $temp[%u]\",shape=parallelogram]\n", bpf->k);
+			break;
+		case BPF_IMM:
+			printf(" %u\",shape=parallelogram]\n", bpf->k);
+			break;
+		case BPF_IND:
+			printf(" $data[X + %u]\",shape=parallelogram]\n", bpf->k);
+			break;
+		case BPF_LEN:
+			printf(" len($data)\",shape=parallelogram]\n");
+			break;
+		case BPF_MSH:
+			printf(" 4 * $data[%u] & 0x0f\",shape=parallelogram]\n", bpf->k);
+			break;
+		}
+		break;
+	case BPF_ST:
+	case BPF_STX:
+		printf(" $temp[%u]\",shape=parallelogram]\n",
+		       bpf->k);
+		break;
+	case BPF_ALU:
+		if (BPF_SRC(bpf->code) == BPF_K) {
+			switch (BPF_OP(bpf->code)) {
+			case BPF_OR:
+			case BPF_AND:
+				printf(" 0x%.8x\",shape=rectangle]\n", bpf->k);
+				break;
+			default:
+				printf(" %u\",shape=rectangle]\n", bpf->k);
+			}
+		} else
+			printf(" %u\",shape=rectangle]\n", bpf->k);
+		break;
+	case BPF_JMP:
+		if (BPF_OP(bpf->code) == BPF_JA) {
+			printf("\",shape=hexagon]\n");
+			printf("\tline%d -> line%d\n",
+			       line, (line + 1) + bpf->k);
+		} else {
+			printf(" %-4u", bpf->k);
+			/* Heuristic: if k > 256, also emit hex version */
+			if (bpf->k > 256)
+				printf("\\n(0x%.8x)", bpf->k);
+			printf("\",shape=diamond]\n");
+			printf("\tline%d -> line%d [label=\"true\"]\n",
+			       line, (line + 1) + bpf->jt);
+			printf("\tline%d -> line%d [label=\"false\"]\n",
+			       line, (line + 1) + bpf->jf);
+		}
+		break;
+	case BPF_RET:
+		if (BPF_RVAL(bpf->code) == BPF_A) {
+			/* XXX - accumulator? */
+			printf(" $acc\", shape=\"box\", style=rounded]\n");
+		} else if (BPF_SRC(bpf->code) == BPF_K) {
+			printf(" ");
+			bpf_decode_action(bpf->k);
+			printf("\", shape=\"box\", style=rounded]\n");
+		} else if (BPF_SRC(bpf->code) == BPF_X) {
+			/* XXX - any idea? */
+			printf(" ???\", shape=\"box\", style=rounded]\n");
+		}
+		break;
+	case BPF_MISC:
+		printf("\"]\n");
+		break;
+	default:
+		printf(" ???\"]\n");
+	}
+}
+
+/**
+ * Perform a simple decoding of the BPF program to a dot graph
+ * @param file the BPF program
+ *
+ * Read the BPF program and display the instructions.  Returns zero on success,
+ * negative values on failure.
+ *
+ */
+static int bpf_dot_decode(FILE *file)
+{
+	unsigned int line = 0;
+	size_t len;
+	bpf_instr_raw bpf;
+	int prev_class = 0;
+
+	/* header */
+	printf("digraph {\n");
+	printf("\tstart[shape=\"box\", style=rounded];\n");
+
+	while ((len = fread(&bpf, sizeof(bpf), 1, file))) {
+		/* convert the bpf statement */
+		bpf.code = ttoh16(arch, bpf.code);
+		bpf.k = ttoh32(arch, bpf.k);
+
+		/* display the statement */
+		bpf_dot_decode_args(&bpf, line);
+
+		/* if previous line wasn't RET/JMP, link it to this line */
+		if (line == 0)
+			printf("\tstart -> line%d\n", line);
+		else if ((prev_class != BPF_JMP) && (prev_class != BPF_RET))
+			printf("\tline%d -> line%d\n", line - 1, line);
+		prev_class = BPF_CLASS(bpf.code);
+
+		line++;
+	}
+	printf("}\n");
+
+	if (ferror(file))
+		return errno;
+	return 0;
+}
+
+/**
  * main
  */
 int main(int argc, char *argv[])
 {
 	int rc;
 	int opt;
+	bool dot_out = false;
 	FILE *file;
 
 	/* parse the command line */
-	while ((opt = getopt(argc, argv, "a:h")) > 0) {
+	while ((opt = getopt(argc, argv, "a:dh")) > 0) {
 		switch (opt) {
 		case 'a':
 			if (strcmp(optarg, "x86") == 0)
@@ -334,9 +486,22 @@
 				arch = AUDIT_ARCH_MIPS64N32;
 			else if (strcmp(optarg, "mipsel64n32") == 0)
 				arch = AUDIT_ARCH_MIPSEL64N32;
+			else if (strcmp(optarg, "ppc64") == 0)
+				arch = AUDIT_ARCH_PPC64;
+			else if (strcmp(optarg, "ppc64le") == 0)
+				arch = AUDIT_ARCH_PPC64LE;
+			else if (strcmp(optarg, "ppc") == 0)
+				arch = AUDIT_ARCH_PPC;
+			else if (strcmp(optarg, "s390") == 0)
+				arch = AUDIT_ARCH_S390;
+			else if (strcmp(optarg, "s390x") == 0)
+				arch = AUDIT_ARCH_S390X;
 			else
 				exit_usage(argv[0]);
 			break;
+		case 'd':
+			dot_out = true;
+			break;
 		default:
 			/* usage information */
 			exit_usage(argv[0]);
@@ -354,7 +519,10 @@
 	} else
 		file = stdin;
 
-	rc = bpf_decode(file);
+	if (dot_out)
+		rc = bpf_dot_decode(file);
+	else
+		rc = bpf_decode(file);
 	fclose(file);
 
 	return rc;
diff -Nru libseccomp-2.2.3/tools/scmp_bpf_sim.c libseccomp-2.3.1/tools/scmp_bpf_sim.c
--- libseccomp-2.2.3/tools/scmp_bpf_sim.c	2015-06-28 16:17:00.830527413 +0000
+++ libseccomp-2.3.1/tools/scmp_bpf_sim.c	2016-02-11 18:37:06.653650437 +0000
@@ -2,7 +2,7 @@
  * BPF Simulator
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -52,6 +52,22 @@
 static unsigned int opt_verbose = 0;
 
 /**
+ * Print the usage information to stderr and exit
+ * @param program the name of the current program being invoked
+ *
+ * Print the usage information and exit with EINVAL.
+ *
+ */
+static void exit_usage(const char *program)
+{
+	fprintf(stderr,
+		"usage: %s -f <bpf_file> [-v] [-h]"
+		" -a <arch> -s <syscall_num> [-0 <a0>] ... [-5 <a5>]\n",
+		program);
+	exit(EINVAL);
+}
+
+/**
  * Handle a simulator fault
  * @param rc the error or return code
  *
@@ -224,7 +240,7 @@
 	memset(&sys_data, 0, sizeof(sys_data));
 
 	/* parse the command line */
-	while ((opt = getopt(argc, argv, "a:f:h:s:v0:1:2:3:4:5:")) > 0) {
+	while ((opt = getopt(argc, argv, "a:f:hs:v0:1:2:3:4:5:")) > 0) {
 		switch (opt) {
 		case 'a':
 			if (strcmp(optarg, "x86") == 0)
@@ -249,6 +265,16 @@
 				arch = AUDIT_ARCH_MIPS64N32;
 			else if (strcmp(optarg, "mipsel64n32") == 0)
 				arch = AUDIT_ARCH_MIPSEL64N32;
+			else if (strcmp(optarg, "ppc") == 0)
+				arch = AUDIT_ARCH_PPC;
+			else if (strcmp(optarg, "ppc64") == 0)
+				arch = AUDIT_ARCH_PPC64;
+			else if (strcmp(optarg, "ppc64le") == 0)
+				arch = AUDIT_ARCH_PPC64LE;
+			else if (strcmp(optarg, "s390") == 0)
+				arch = AUDIT_ARCH_S390;
+			else if (strcmp(optarg, "s390x") == 0)
+				arch = AUDIT_ARCH_S390X;
 			else
 				exit_fault(EINVAL);
 			break;
diff -Nru libseccomp-2.2.3/tools/scmp_sys_resolver.c libseccomp-2.3.1/tools/scmp_sys_resolver.c
--- libseccomp-2.2.3/tools/scmp_sys_resolver.c	2015-06-28 16:17:00.834527413 +0000
+++ libseccomp-2.3.1/tools/scmp_sys_resolver.c	2016-02-11 18:37:06.654650437 +0000
@@ -2,7 +2,7 @@
  * Syscall resolver
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
diff -Nru libseccomp-2.2.3/tools/util.c libseccomp-2.3.1/tools/util.c
--- libseccomp-2.2.3/tools/util.c	2015-06-28 16:17:00.839527412 +0000
+++ libseccomp-2.3.1/tools/util.c	2016-02-11 18:37:06.656650437 +0000
@@ -2,7 +2,7 @@
  * Tool utility functions
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -62,6 +62,18 @@
 #elif __MIPSEL__
 #define ARCH_NATIVE		AUDIT_ARCH_MIPSEL64N32
 #endif /* _MIPS_SIM_NABI32 */
+#elif __PPC64__
+#ifdef __BIG_ENDIAN__
+#define ARCH_NATIVE		AUDIT_ARCH_PPC64
+#else
+#define ARCH_NATIVE		AUDIT_ARCH_PPC64LE
+#endif
+#elif __PPC__
+#define ARCH_NATIVE		AUDIT_ARCH_PPC
+#elif __s390x__ /* s390x must be checked before s390 */
+#define ARCH_NATIVE		AUDIT_ARCH_S390X
+#elif __s390__
+#define ARCH_NATIVE		AUDIT_ARCH_S390
 #else
 #error the simulator code needs to know about your machine type
 #endif
@@ -70,22 +82,6 @@
 uint32_t arch = ARCH_NATIVE;
 
 /**
- * Print the usage information to stderr and exit
- * @param program the name of the current program being invoked
- *
- * Print the usage information and exit with EINVAL.
- *
- */
-void exit_usage(const char *program)
-{
-	fprintf(stderr,
-		"usage: %s -f <bpf_file> [-v]"
-		" -a <arch> -s <syscall_num> [-0 <a0>] ... [-5 <a5>]\n",
-		program);
-	exit(EINVAL);
-}
-
-/**
  * Convert a 16-bit target integer into the host's endianess
  * @param arch the architecture token
  * @param val the 16-bit integer
diff -Nru libseccomp-2.2.3/tools/util.h libseccomp-2.3.1/tools/util.h
--- libseccomp-2.2.3/tools/util.h	2015-06-28 16:17:00.848527412 +0000
+++ libseccomp-2.3.1/tools/util.h	2016-02-11 18:37:06.657650437 +0000
@@ -2,7 +2,7 @@
  * Tool utility functions
  *
  * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
- * Author: Paul Moore <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
  */
 
 /*
@@ -63,9 +63,16 @@
 				 __AUDIT_ARCH_CONVENTION_MIPS64_N32)
 #endif
 
-extern uint32_t arch;
+#ifndef AUDIT_ARCH_AARCH64
+/* AArch64 support for audit was merged in 3.17-rc1 */
+#define AUDIT_ARCH_AARCH64	(EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
 
-void exit_usage(const char *program);
+extern uint32_t arch;
 
 uint16_t ttoh16(uint32_t arch, uint16_t val);
 uint32_t ttoh32(uint32_t arch, uint32_t val);