diff -Nru libseccomp-2.3.1/aclocal.m4 libseccomp-2.4.1/aclocal.m4 --- libseccomp-2.3.1/aclocal.m4 2016-04-20 20:11:08.070211446 +0000 +++ libseccomp-2.4.1/aclocal.m4 2019-04-17 21:02:39.189598162 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.16.1 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +# Copyright (C) 2002-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.14' +[am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.14.1], [], +m4_if([$1], [1.16.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,12 +51,12 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.14.1])dnl +[AM_AUTOMAKE_VERSION([1.16.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) -# Copyright (C) 2011-2013 Free Software Foundation, Inc. +# Copyright (C) 2011-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -118,7 +118,7 @@ # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -163,15 +163,14 @@ # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[dnl Rely on autoconf to set up CDPATH properly. -AC_PREREQ([2.50])dnl -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -202,7 +201,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -393,13 +392,12 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. - # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], @@ -407,49 +405,41 @@ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + AS_CASE([$CONFIG_FILES], + [*\'*], [eval set x "$CONFIG_FILES"], + [*], [set x $CONFIG_FILES]) shift - for mf + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf do # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line + am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`AS_DIRNAME("$mf")` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`AS_DIRNAME(["$file"])` - AS_MKDIR_P([$dirpart/$fdir]) - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`AS_DIRNAME(["$am_mf"])` + am_filepart=`AS_BASENAME(["$am_mf"])` + AM_RUN_LOG([cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles]) || am_rc=$? done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi + AS_UNSET([am_dirpart]) + AS_UNSET([am_filepart]) + AS_UNSET([am_mf]) + AS_UNSET([am_rc]) + rm -f conftest-deps.mk } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS @@ -458,18 +448,17 @@ # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # -# This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each '.P' file that we will -# need in order to bootstrap the dependency handling code. +# This code is only required when automatic dependency tracking is enabled. +# This creates each '.Po' and '.Plo' makefile fragment that we'll need in +# order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], - [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) -]) + [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -556,11 +545,11 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: -# -# +# +# AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -624,7 +613,7 @@ Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . +that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM @@ -633,7 +622,11 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi -fi]) +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. +]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further @@ -662,7 +655,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -673,7 +666,7 @@ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -683,7 +676,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -704,7 +697,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -712,49 +705,42 @@ # AM_MAKE_INCLUDE() # ----------------- -# Check to see how make treats includes. +# Check whether make has an 'include' directive that can support all +# the idioms we need for our automatic dependency tracking code. AC_DEFUN([AM_MAKE_INCLUDE], -[am_make=${MAKE-make} -cat > confinc << 'END' +[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) +cat > confinc.mk << 'END' am__doit: - @echo this is the am__doit target + @echo this is the am__doit target >confinc.out .PHONY: am__doit END -# If we don't find an include directive, just comment out the code. -AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= -_am_result=none -# First try GNU make style include. -echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac -# Now try BSD make style include. -if test "$am__include" = "#"; then - echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD - ;; - esac -fi -AC_SUBST([am__include]) -AC_SUBST([am__quote]) -AC_MSG_RESULT([$_am_result]) -rm -f confinc confmf -]) +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) + AS_CASE([$?:`cat confinc.out 2>/dev/null`], + ['0:this is the am__doit target'], + [AS_CASE([$s], + [BSD], [am__include='.include' am__quote='"'], + [am__include='include' am__quote=''])]) + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +AC_MSG_RESULT([${_am_result}]) +AC_SUBST([am__include])]) +AC_SUBST([am__quote])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -793,7 +779,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -822,7 +808,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -869,7 +855,245 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------- +# Adds support for distributing Python modules and packages. To +# install modules, copy them to $(pythondir), using the python_PYTHON +# automake variable. To install a package with the same name as the +# automake package, install to $(pkgpythondir), or use the +# pkgpython_PYTHON automake variable. +# +# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as +# locations to install python extension modules (shared libraries). +# Another macro is required to find the appropriate flags to compile +# extension modules. +# +# If your package is configured with a different prefix to python, +# users will have to add the install directory to the PYTHONPATH +# environment variable, or create a .pth file (see the python +# documentation for details). +# +# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will +# cause an error if the version of python installed on the system +# doesn't meet the requirement. MINIMUM-VERSION should consist of +# numbers and dots only. +AC_DEFUN([AM_PATH_PYTHON], + [ + dnl Find a Python interpreter. Python versions prior to 2.0 are not + dnl supported. (2.0 was released on October 16, 2000). + m4_define_default([_AM_PYTHON_INTERPRETER_LIST], +[python python2 python3 dnl + python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl + python3.2 python3.1 python3.0 dnl + python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl + python2.0]) + + AC_ARG_VAR([PYTHON], [the Python interpreter]) + + m4_if([$1],[],[ + dnl No version check is needed. + # Find any Python interpreter. + if test -z "$PYTHON"; then + AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) + fi + am_display_PYTHON=python + ], [ + dnl A version check is needed. + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + AC_MSG_CHECKING([whether $PYTHON version is >= $1]) + AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([Python interpreter is too old])]) + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + AC_CACHE_CHECK([for a Python interpreter with version >= $1], + [am_cv_pathless_PYTHON],[ + for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do + test "$am_cv_pathless_PYTHON" = none && break + AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) + done]) + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi + ]) + + if test "$PYTHON" = :; then + dnl Run any user-specified action, or abort. + m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) + else + + dnl Query Python for its version number. Getting [:3] seems to be + dnl the best way to do this; it's what "site.py" does in the standard + dnl library. + + AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], + [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) + AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) + + dnl Use the values of $prefix and $exec_prefix for the corresponding + dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made + dnl distinct variables so they can be overridden if need be. However, + dnl general consensus is that you shouldn't need this ability. + + AC_SUBST([PYTHON_PREFIX], ['${prefix}']) + AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) + + dnl At times (like when building shared libraries) you may want + dnl to know which OS platform Python thinks this is. + + AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], + [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) + AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + dnl Set up 4 directories: + + dnl pythondir -- where to install python scripts. This is the + dnl site-packages directory, not the python standard library + dnl directory like in previous automake betas. This behavior + dnl is more consistent with lispdir.m4 for example. + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON script directory], + [am_cv_python_pythondir], + [if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pythondir], [$am_cv_python_pythondir]) + + dnl pkgpythondir -- $PACKAGE directory under pythondir. Was + dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is + dnl more consistent with the rest of automake. + + AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) + + dnl pyexecdir -- directory for installing python extension modules + dnl (shared libraries) + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], + [am_cv_python_pyexecdir], + [if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) + + dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) + + AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) + + dnl Run any user-specified action. + $2 + fi + +]) + + +# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +# --------------------------------------------------------------------------- +# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. +# Run ACTION-IF-FALSE otherwise. +# This test uses sys.hexversion instead of the string equivalent (first +# word of sys.version), in order to cope with versions such as 2.2c1. +# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). +AC_DEFUN([AM_PYTHON_CHECK_VERSION], + [prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] +sys.exit(sys.hexversion < minverhex)" + AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -888,7 +1112,7 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -969,7 +1193,7 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2009-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1029,7 +1253,7 @@ _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1057,7 +1281,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1076,7 +1300,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1207,6 +1431,7 @@ AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([m4/ax_code_coverage.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) diff -Nru libseccomp-2.3.1/build-aux/ar-lib libseccomp-2.4.1/build-aux/ar-lib --- libseccomp-2.3.1/build-aux/ar-lib 2016-04-20 19:52:27.364295322 +0000 +++ libseccomp-2.4.1/build-aux/ar-lib 2019-04-17 21:02:40.432937962 +0000 @@ -4,7 +4,7 @@ me=ar-lib scriptversion=2012-03-01.08; # UTC -# Copyright (C) 2010-2013 Free Software Foundation, Inc. +# Copyright (C) 2010-2018 Free Software Foundation, Inc. # Written by Peter Rosin . # # This program is free software; you can redistribute it and/or modify @@ -18,7 +18,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a diff -Nru libseccomp-2.3.1/build-aux/compile libseccomp-2.4.1/build-aux/compile --- libseccomp-2.3.1/build-aux/compile 2016-04-20 19:52:27.365295322 +0000 +++ libseccomp-2.4.1/build-aux/compile 2019-04-17 21:02:40.432937962 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-10-14.11; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -255,7 +255,8 @@ echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -339,9 +340,9 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru libseccomp-2.3.1/build-aux/config.guess libseccomp-2.4.1/build-aux/config.guess --- libseccomp-2.3.1/build-aux/config.guess 2016-04-20 19:52:27.368295322 +0000 +++ libseccomp-2.4.1/build-aux/config.guess 2019-04-17 21:02:40.436271313 +0000 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2015-12-14' +timestamp='2018-03-08' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -27,7 +27,7 @@ # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to . @@ -39,7 +39,7 @@ Output the configuration name of the system \`$me' is run on. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -107,9 +107,9 @@ dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; + ,,) echo "int x;" > "$dummy.c" ; for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; @@ -132,14 +132,14 @@ UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_SYSTEM}" in +case "$UNAME_SYSTEM" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu - eval $set_cc_for_build - cat <<-EOF > $dummy.c + eval "$set_cc_for_build" + cat <<-EOF > "$dummy.c" #include #if defined(__UCLIBC__) LIBC=uclibc @@ -149,13 +149,20 @@ LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -169,27 +176,30 @@ # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - /sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ echo unknown)` - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; earmv*) - arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` - endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` - machine=${arch}${endian}-unknown + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; esac # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in - arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval "$set_cc_for_build" if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -205,10 +215,10 @@ ;; esac # Determine ABI tags. - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' - abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` ;; esac # The OS release @@ -216,42 +226,55 @@ # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in + case "$UNAME_VERSION" in Debian*) release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}${abi}" + echo "$machine-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" exit ;; *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" exit ;; *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" exit ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:Sortix:*:*) - echo ${UNAME_MACHINE}-unknown-sortix + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -268,63 +291,54 @@ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos + echo "$UNAME_MACHINE"-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos + echo "$UNAME_MACHINE"-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition @@ -336,7 +350,7 @@ echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} + echo arm-acorn-riscix"$UNAME_RELEASE" exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos @@ -363,38 +377,38 @@ sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} + echo i386-pc-auroraux"$UNAME_RELEASE" exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH="i386" + eval "$set_cc_for_build" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in @@ -403,25 +417,25 @@ ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" exit ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" ;; sun4) - echo sparc-sun-sunos${UNAME_RELEASE} + echo sparc-sun-sunos"$UNAME_RELEASE" ;; esac exit ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} + echo sparc-auspex-sunos"$UNAME_RELEASE" exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not @@ -432,44 +446,44 @@ # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} + echo m68k-milan-mint"$UNAME_RELEASE" exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} + echo m68k-hades-mint"$UNAME_RELEASE" exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} + echo m68k-unknown-mint"$UNAME_RELEASE" exit ;; m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} + echo m68k-apple-machten"$UNAME_RELEASE" exit ;; powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} + echo powerpc-apple-machten"$UNAME_RELEASE" exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} + echo mips-dec-ultrix"$UNAME_RELEASE" exit ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} + echo vax-dec-ultrix"$UNAME_RELEASE" exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} + echo clipper-intergraph-clix"$UNAME_RELEASE" exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { @@ -478,23 +492,23 @@ #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} + echo mips-mips-riscos"$UNAME_RELEASE" exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax @@ -520,17 +534,17 @@ AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] then - echo m88k-dg-dgux${UNAME_RELEASE} + echo m88k-dg-dgux"$UNAME_RELEASE" else - echo m88k-dg-dguxbcs${UNAME_RELEASE} + echo m88k-dg-dguxbcs"$UNAME_RELEASE" fi else - echo i586-dg-dgux${UNAME_RELEASE} + echo i586-dg-dgux"$UNAME_RELEASE" fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) @@ -547,7 +561,7 @@ echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id @@ -559,14 +573,14 @@ if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #include main() @@ -577,7 +591,7 @@ exit(0); } EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then echo "$SYSTEM_NAME" else @@ -591,7 +605,7 @@ exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc @@ -600,18 +614,18 @@ IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx @@ -626,28 +640,28 @@ echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + if [ "$HP_ARCH" = "" ]; then + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE #include @@ -680,13 +694,13 @@ exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ "$HP_ARCH" = hppa2.0w ] then - eval $set_cc_for_build + eval "$set_cc_for_build" # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -697,23 +711,23 @@ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" exit ;; ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" exit ;; 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #include int main () @@ -738,11 +752,11 @@ exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) @@ -751,7 +765,7 @@ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) @@ -759,9 +773,9 @@ exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk + echo "$UNAME_MACHINE"-unknown-osf1mk else - echo ${UNAME_MACHINE}-unknown-osf1 + echo "$UNAME_MACHINE"-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) @@ -786,127 +800,109 @@ echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" exit ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} + echo sparc-unknown-bsdi"$UNAME_RELEASE" exit ;; *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in + case "$UNAME_PROCESSOR" in amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin + echo "$UNAME_MACHINE"-pc-cygwin exit ;; *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 + echo "$UNAME_MACHINE"-pc-mingw64 exit ;; *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 + echo "$UNAME_MACHINE"-pc-mingw32 exit ;; *:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + echo "$UNAME_MACHINE"-pc-msys exit ;; i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 + echo "$UNAME_MACHINE"-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case "$UNAME_MACHINE" in x86) - echo i586-pc-interix${UNAME_RELEASE} + echo i586-pc-interix"$UNAME_RELEASE" exit ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} + echo x86_64-unknown-interix"$UNAME_RELEASE" exit ;; IA64) - echo ia64-unknown-interix${UNAME_RELEASE} + echo ia64-unknown-interix"$UNAME_RELEASE" exit ;; esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin + echo "$UNAME_MACHINE"-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" exit ;; i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix + echo "$UNAME_MACHINE"-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -919,64 +915,64 @@ EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arm*:Linux:*:*) - eval $set_cc_for_build + eval "$set_cc_for_build" if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; e2k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; k1om:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el @@ -990,75 +986,70 @@ #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" + test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-${LIBC} + echo or1k-unknown-linux-"$LIBC" exit ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} + echo sparc-unknown-linux-"$LIBC" exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} + echo hppa64-unknown-linux-"$LIBC" exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} + echo powerpc64-unknown-linux-"$LIBC" exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} + echo powerpc-unknown-linux-"$LIBC" exit ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} + echo powerpc64le-unknown-linux-"$LIBC" exit ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" exit ;; x86_64:Linux:*:*) - eval $set_cc_for_build - X86_64_ABI= - # If there is a compiler, see if it is configured for 32-bit objects. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_X32 >/dev/null - then - X86_64_ABI=x32 - fi - fi - echo ${UNAME_MACHINE}-pc-linux-${LIBC}${X86_64_ABI} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1072,34 +1063,34 @@ # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx + echo "$UNAME_MACHINE"-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop + echo "$UNAME_MACHINE"-unknown-stop exit ;; i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos + echo "$UNAME_MACHINE"-unknown-atheos exit ;; i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable + echo "$UNAME_MACHINE"-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} + echo i386-unknown-lynxos"$UNAME_RELEASE" exit ;; i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp + echo "$UNAME_MACHINE"-pc-msdosdjgpp exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" fi exit ;; i*86:*:5:[678]*) @@ -1109,12 +1100,12 @@ *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1124,9 +1115,9 @@ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv32 + echo "$UNAME_MACHINE"-pc-sysv32 fi exit ;; pc:*:*:*) @@ -1146,9 +1137,9 @@ exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) @@ -1168,9 +1159,9 @@ test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; @@ -1179,28 +1170,28 @@ test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} + echo m68k-unknown-lynxos"$UNAME_RELEASE" exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} + echo sparc-unknown-lynxos"$UNAME_RELEASE" exit ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} + echo rs6000-unknown-lynxos"$UNAME_RELEASE" exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} + echo powerpc-unknown-lynxos"$UNAME_RELEASE" exit ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} + echo mips-dde-sysv"$UNAME_RELEASE" exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 @@ -1211,7 +1202,7 @@ *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 + echo "$UNAME_MACHINE"-sni-sysv4 else echo ns32k-sni-sysv fi @@ -1231,23 +1222,23 @@ exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos + echo "$UNAME_MACHINE"-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} + echo m68k-apple-aux"$UNAME_RELEASE" exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv"$UNAME_RELEASE" else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv"$UNAME_RELEASE" fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. @@ -1266,46 +1257,56 @@ echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} + echo sx4-nec-superux"$UNAME_RELEASE" exit ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} + echo sx5-nec-superux"$UNAME_RELEASE" exit ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} + echo sx6-nec-superux"$UNAME_RELEASE" exit ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} + echo sx7-nec-superux"$UNAME_RELEASE" exit ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} + echo sx8-nec-superux"$UNAME_RELEASE" exit ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" exit ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} + echo powerpc-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build + eval "$set_cc_for_build" if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in i386) UNAME_PROCESSOR=x86_64 ;; powerpc) UNAME_PROCESSOR=powerpc64 ;; esac fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi fi elif test "$UNAME_PROCESSOR" = i386 ; then # Avoid executing cc on OS X 10.9, as it ships with a stub @@ -1316,27 +1317,33 @@ # that Apple uses in portable devices. UNAME_PROCESSOR=x86_64 fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" exit ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} + echo nse-tandem-nsk"$UNAME_RELEASE" exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux @@ -1345,18 +1352,18 @@ echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi - echo ${UNAME_MACHINE}-unknown-plan9 + echo "$UNAME_MACHINE"-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 @@ -1377,14 +1384,14 @@ echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux"$UNAME_RELEASE" exit ;; *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in + case "$UNAME_MACHINE" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; @@ -1393,37 +1400,48 @@ echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" exit ;; i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos + echo "$UNAME_MACHINE"-pc-rdos exit ;; i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros + echo "$UNAME_MACHINE"-pc-aros exit ;; x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx + echo "$UNAME_MACHINE"-unknown-esx exit ;; amd64:Isilon\ OneFS:*:*) echo x86_64-unknown-onefs exit ;; esac +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 < in order to provide the needed -information to handle your system. +If $0 has already been updated, send the following data and any +information you think might be pertinent to config-patches@gnu.org to +provide the necessary information to handle your system. config.guess timestamp = $timestamp @@ -1442,16 +1460,16 @@ /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" EOF exit 1 # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff -Nru libseccomp-2.3.1/build-aux/config.sub libseccomp-2.4.1/build-aux/config.sub --- libseccomp-2.3.1/build-aux/config.sub 2016-04-20 19:52:27.371295321 +0000 +++ libseccomp-2.4.1/build-aux/config.sub 2019-04-17 21:02:40.436271313 +0000 @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2015-12-14' +timestamp='2018-03-08' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -33,7 +33,7 @@ # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -57,7 +57,7 @@ Canonicalize a configuration name. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -67,7 +67,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -94,7 +94,7 @@ *local*) # First pass through any local machine types. - echo $1 + echo "$1" exit ;; * ) @@ -112,24 +112,24 @@ # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` + basic_machine=`echo "$1" | sed 's/-[^-]*$//'` + if [ "$basic_machine" != "$1" ] + then os=`echo "$1" | sed 's/.*-/-/'` else os=; fi ;; esac @@ -178,44 +178,44 @@ ;; -sco6) os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 @@ -227,10 +227,7 @@ os=-lynxos ;; -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` ;; -psos*) os=-psos @@ -258,12 +255,12 @@ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx | dvp \ + | d10v | d30v | dlx | dsp16xx \ | e2k | epiphany \ | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ - | i370 | i860 | i960 | ia64 \ + | i370 | i860 | i960 | ia16 | ia64 \ | ip2k | iq2000 \ | k1om \ | le32 | le64 \ @@ -299,8 +296,9 @@ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ + | pdp10 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ | pyramid \ | riscv32 | riscv64 \ | rl78 | rx \ @@ -314,7 +312,7 @@ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | visium \ - | we32k \ + | wasm32 \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown @@ -335,7 +333,7 @@ basic_machine=$basic_machine-unknown os=-none ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) ;; ms1) basic_machine=mt-unknown @@ -364,7 +362,7 @@ ;; # Object if more than one company name word. *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. @@ -387,7 +385,7 @@ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ + | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ | ip2k-* | iq2000-* \ | k1om-* \ | le32-* | le64-* \ @@ -428,6 +426,7 @@ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ | pyramid-* \ | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ @@ -444,6 +443,7 @@ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | visium-* \ + | wasm32-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -457,7 +457,7 @@ # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) - basic_machine=i386-unknown + basic_machine=i386-pc os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) @@ -491,7 +491,7 @@ basic_machine=x86_64-pc ;; amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl @@ -536,7 +536,7 @@ os=-linux ;; blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) @@ -544,13 +544,13 @@ os=-cnk ;; c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray @@ -639,10 +639,18 @@ basic_machine=rs6000-bull os=-bosx ;; - dpx2* | dpx2*-bull) + dpx2*) basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -732,9 +740,6 @@ hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; - hppa-next) - os=-nextstep3 - ;; hppaosf) basic_machine=hppa1.1-hp os=-osf @@ -747,26 +752,26 @@ basic_machine=i370-ibm ;; i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; - i386-vsta | vsta) + vsta) basic_machine=i386-unknown os=-vsta ;; @@ -785,19 +790,16 @@ os=-sysv ;; leon-*|leon[3-9]-*) - basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; - m88k-omron*) - basic_machine=m88k-omron - ;; magnum | m3230) basic_machine=mips-mips os=-sysv @@ -828,29 +830,11 @@ basic_machine=m68k-atari os=-mint ;; - mipsEE* | ee | ps2) - basic_machine=mips64r5900el-scei - case $os in - -linux*) - ;; - *) - os=-elf - ;; - esac - ;; - iop) - basic_machine=mipsel-scei - os=-irx - ;; - dvp) - basic_machine=dvp-scei - os=-elf - ;; mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` ;; mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k @@ -869,7 +853,7 @@ os=-msdos ;; ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i686-pc @@ -911,7 +895,7 @@ basic_machine=v70-nec os=-sysv ;; - next | m*-next ) + next | m*-next) basic_machine=m68k-next case $os in -nextstep* ) @@ -956,6 +940,12 @@ nsr-tandem) basic_machine=nsr-tandem ;; + nsv-tandem) + basic_machine=nsv-tandem + ;; + nsx-tandem) + basic_machine=nsx-tandem + ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf @@ -988,7 +978,7 @@ os=-linux ;; parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; pbd) @@ -1004,7 +994,7 @@ basic_machine=i386-pc ;; pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc @@ -1019,16 +1009,16 @@ basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould @@ -1038,23 +1028,23 @@ ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppcle | powerpclittle | ppc-le | powerpc-little) + ppcle | powerpclittle) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm @@ -1108,17 +1098,10 @@ sequent) basic_machine=i386-sequent ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; sh5el) basic_machine=sh5le-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) + simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; @@ -1137,7 +1120,7 @@ os=-sysv4 ;; strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun @@ -1259,6 +1242,9 @@ basic_machine=hppa1.1-winbond os=-proelf ;; + x64) + basic_machine=x86_64-pc + ;; xbox) basic_machine=i686-pc os=-mingw32 @@ -1267,20 +1253,12 @@ basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; none) basic_machine=none-none os=-none @@ -1309,10 +1287,6 @@ vax) basic_machine=vax-dec ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; pdp11) basic_machine=pdp11-dec ;; @@ -1322,9 +1296,6 @@ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; cydra) basic_machine=cydra-cydrome ;; @@ -1344,7 +1315,7 @@ # Make sure to match an already-canonicalized machine name. ;; *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; esac @@ -1352,10 +1323,10 @@ # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` ;; *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` ;; *) ;; @@ -1366,8 +1337,8 @@ if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases that might get confused + # with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux @@ -1378,18 +1349,19 @@ -solaris) os=-solaris2 ;; - -svr4*) - os=-sysv4 - ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; - # First accept the basic system types. + # es1800 is here to avoid being matched by es* (a different OS) + -es1800*) + os=-ose + ;; + # Now accept the basic system types. # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. + # Each alternative MUST end in a * to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ @@ -1399,25 +1371,26 @@ | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ + | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* | -hcos* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -irx* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -morphos* | -superux* | -rtmk* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ - | -onefs* | -tirtos*) + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \ + | -midnightbsd*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1434,12 +1407,12 @@ -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + -sim | -xray | -os68k* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) - os=`echo $os | sed -e 's|mac|macos|'` + os=`echo "$os" | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc @@ -1448,10 +1421,10 @@ os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition @@ -1462,12 +1435,6 @@ -wince*) os=-wince ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; -utek*) os=-bsd ;; @@ -1492,7 +1459,7 @@ -nova*) os=-rtmk-nova ;; - -ns2 ) + -ns2) os=-nextstep2 ;; -nsk*) @@ -1514,7 +1481,7 @@ -oss*) os=-sysv3 ;; - -svr4) + -svr4*) os=-sysv4 ;; -svr3) @@ -1529,32 +1496,38 @@ -ose*) os=-ose ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; - -aros*) - os=-aros - ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; + -pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $basic_machine in + arm*) + os=-eabi + ;; + *) + os=-elf + ;; + esac + ;; -nacl*) ;; + -ios) + ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 exit 1 ;; esac @@ -1644,12 +1617,12 @@ sparc-* | *-sun) os=-sunos4.1.1 ;; + pru-*) + os=-elf + ;; *-be) os=-beos ;; - *-haiku) - os=-haiku - ;; *-ibm) os=-aix ;; @@ -1689,7 +1662,7 @@ m88k-omron*) os=-luna ;; - *-next ) + *-next) os=-nextstep ;; *-sequent) @@ -1704,9 +1677,6 @@ i370-*) os=-mvs ;; - *-next) - os=-nextstep3 - ;; *-gould) os=-sysv ;; @@ -1816,15 +1786,15 @@ vendor=stratus ;; esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo $basic_machine$os +echo "$basic_machine$os" exit # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff -Nru libseccomp-2.3.1/build-aux/depcomp libseccomp-2.4.1/build-aux/depcomp --- libseccomp-2.3.1/build-aux/depcomp 2016-04-20 19:52:27.627295302 +0000 +++ libseccomp-2.4.1/build-aux/depcomp 2019-04-17 21:02:40.722939470 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -783,9 +783,9 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru libseccomp-2.3.1/build-aux/install-sh libseccomp-2.4.1/build-aux/install-sh --- libseccomp-2.3.1/build-aux/install-sh 2016-04-20 19:52:27.372295321 +0000 +++ libseccomp-2.4.1/build-aux/install-sh 2019-04-17 21:02:40.436271313 +0000 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2011-11-20.07; # UTC +scriptversion=2018-03-11.20; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -41,19 +41,15 @@ # This script is compatible with the BSD install script, but was written # from scratch. +tab=' ' nl=' ' -IFS=" "" $nl" +IFS=" $tab$nl" -# set DOITPROG to echo to test this script +# Set DOITPROG to "echo" to test this script. -# Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} -if test -z "$doit"; then - doit_exec=exec -else - doit_exec=$doit -fi +doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. @@ -68,17 +64,6 @@ rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} -posix_glob='?' -initialize_posix_glob=' - test "$posix_glob" != "?" || { - if (set -f) 2>/dev/null; then - posix_glob= - else - posix_glob=: - fi - } -' - posix_mkdir= # Desired mode of installed file. @@ -97,7 +82,7 @@ dst_arg= copy_on_change=false -no_target_directory= +is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE @@ -137,46 +122,57 @@ -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - case $mode in - *' '* | *' '* | *' -'* | *'*'* | *'?'* | *'['*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; -o) chowncmd="$chownprog $2" - shift;; + shift;; -s) stripcmd=$stripprog;; - -t) dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - shift;; + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; - -T) no_target_directory=true;; + -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; - --) shift - break;; + --) shift + break;; - -*) echo "$0: invalid option: $1" >&2 - exit 1;; + -*) echo "$0: invalid option: $1" >&2 + exit 1;; *) break;; esac shift done +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. @@ -208,6 +204,15 @@ fi if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 @@ -223,16 +228,16 @@ *[0-7]) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw='% 200' + u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw=,u+rw + u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac @@ -266,122 +271,113 @@ fi dst=$dst_arg - # If destination is a directory, append the input filename; won't work - # if double slashes aren't ignored. + # If destination is a directory, append the input filename. if test -d "$dst"; then - if test -n "$no_target_directory"; then - echo "$0: $dst_arg: Is a directory" >&2 - exit 1 + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 fi dstdir=$dst - dst=$dstdir/`basename "$src"` + dstbase=`basename "$src"` + case $dst in + */) dst=$dst$dstbase;; + *) dst=$dst/$dstbase;; + esac dstdir_status=0 else - # Prefer dirname, but fall back on a substitute if dirname fails. - dstdir=` - (dirname "$dst") 2>/dev/null || - expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$dst" : 'X\(//\)[^/]' \| \ - X"$dst" : 'X\(//\)$' \| \ - X"$dst" : 'X\(/\)' \| . 2>/dev/null || - echo X"$dst" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q' - ` - + dstdir=`dirname "$dst"` test -d "$dstdir" dstdir_status=$? fi fi + case $dstdir in + */) dstdirslash=$dstdir;; + *) dstdirslash=$dstdir/;; + esac + obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - - # With -d, create the new directory with the user-specified mode. - # Otherwise, rely on $mkdir_umask. - if test -n "$dir_arg"; then - mkdir_mode=-m$mode - else - mkdir_mode= - fi - - posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 - - if (umask $mkdir_umask && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - ls_ld_tmpdir=`ls -ld "$tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/d" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null - fi - trap '' 0;; - esac;; + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # Note that $RANDOM variable is not portable (e.g. dash); Use it + # here however when possible just to lower collision chance. + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # Because "mkdir -p" follows existing symlinks and we likely work + # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directory is successfully created first before we actually test + # 'mkdir -p' feature. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; esac if $posix_mkdir && ( - umask $mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else @@ -391,53 +387,51 @@ # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix='/';; - [-=\(\)!]*) prefix='./';; - *) prefix='';; + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; esac - eval "$initialize_posix_glob" - oIFS=$IFS IFS=/ - $posix_glob set -f + set -f set fnord $dstdir shift - $posix_glob set +f + set +f IFS=$oIFS prefixes= for d do - test X"$d" = X && continue + test X"$d" = X && continue - prefix=$prefix$d - if test -d "$prefix"; then - prefixes= - else - if $posix_mkdir; then - (umask=$mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break - # Don't fail if two instances are running concurrently. - test -d "$prefix" || exit 1 - else - case $prefix in - *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; - *) qprefix=$prefix;; - esac - prefixes="$prefixes '$qprefix'" - fi - fi - prefix=$prefix/ + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ done if test -n "$prefixes"; then - # Don't fail if two instances are running concurrently. - (umask $mkdir_umask && - eval "\$doit_exec \$mkdirprog $prefixes") || - test -d "$dstdir" || exit 1 - obsolete_mkdir_used=true + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true fi fi fi @@ -450,8 +444,8 @@ else # Make a couple of temp file names in the proper directory. - dsttmp=$dstdir/_inst.$$_ - rmtmp=$dstdir/_rm.$$_ + dsttmp=${dstdirslash}_inst.$$_ + rmtmp=${dstdirslash}_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 @@ -472,15 +466,12 @@ # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && - old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && - new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - - eval "$initialize_posix_glob" && - $posix_glob set -f && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && - $posix_glob set +f && - + set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then @@ -493,24 +484,24 @@ # to itself, or perhaps because mv is so ancient that it does not # support -f. { - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || - { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } - } || - { echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - } && + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 @@ -519,9 +510,9 @@ done # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru libseccomp-2.3.1/build-aux/ltmain.sh libseccomp-2.4.1/build-aux/ltmain.sh --- libseccomp-2.3.1/build-aux/ltmain.sh 2016-04-20 19:52:22.077295718 +0000 +++ libseccomp-2.4.1/build-aux/ltmain.sh 2019-04-17 21:02:35.519579077 +0000 @@ -1,12 +1,12 @@ #! /bin/sh ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in -## by inline-source v2014-01-03.01 +## by inline-source v2018-07-24.06 -# libtool (GNU libtool) 2.4.6 +# libtool (GNU libtool) 2.4.6.42-b88ce # Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996-2015 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -31,8 +31,8 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4.6 -package_revision=2.4.6 +VERSION=2.4.6.42-b88ce +package_revision=2.4.6.42 ## ------ ## @@ -64,34 +64,25 @@ # libraries, which are installed to $pkgauxdir. # Set a version string for this script. -scriptversion=2015-10-04.22; # UTC +scriptversion=2018-07-24.06; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 -# Copyright (C) 2004-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -# As a special exception to the GNU General Public License, if you distribute -# this file as part of a program or library that is built using GNU Libtool, -# you may include this file under the same distribution terms that you use -# for the rest of that program. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# This is free software. There is NO warranty; not even for +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Copyright (C) 2004-2018 Bootstrap Authors +# +# This file is dual licensed under the terms of the MIT license +# , and GPL version 3 or later +# . You must apply one of +# these licenses when using or redistributing this software or any of +# the files within it. See the URLs above, or the file `LICENSE` +# included in the Bootstrap distribution for the full license texts. -# Please report bugs or propose patches to gary@gnu.org. +# Please report bugs or propose patches to: +# ## ------ ## @@ -140,9 +131,6 @@ fi" done -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - # Make sure IFS has a sensible default sp=' ' nl=' @@ -159,6 +147,26 @@ fi +# func_unset VAR +# -------------- +# Portably unset VAR. +# In some shells, an 'unset VAR' statement leaves a non-zero return +# status if VAR is already unset, which might be problematic if the +# statement is used at the end of a function (thus poisoning its return +# value) or when 'set -e' is active (causing even a spurious abort of +# the script in this case). +func_unset () +{ + { eval $1=; (eval unset $1) >/dev/null 2>&1 && eval unset $1 || : ; } +} + + +# Make sure CDPATH doesn't cause `cd` commands to output the target dir. +func_unset CDPATH + +# Make sure ${,E,F}GREP behave sanely. +func_unset GREP_OPTIONS + ## ------------------------- ## ## Locate command utilities. ## @@ -259,7 +267,7 @@ rm -f conftest.in conftest.tmp conftest.nl conftest.out } - func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + func_path_progs "sed gsed" func_check_prog_sed "$PATH:/usr/xpg4/bin" rm -f conftest.sed SED=$func_path_progs_result } @@ -295,7 +303,7 @@ rm -f conftest.in conftest.tmp conftest.nl conftest.out } - func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + func_path_progs "grep ggrep" func_check_prog_grep "$PATH:/usr/xpg4/bin" GREP=$func_path_progs_result } @@ -580,16 +588,16 @@ { $debug_cmd - func_quote_for_eval "$2" - eval "$1+=\\ \$func_quote_for_eval_result" + func_quote_arg pretty "$2" + eval "$1+=\\ \$func_quote_arg_result" }' else func_append_quoted () { $debug_cmd - func_quote_for_eval "$2" - eval "$1=\$$1\\ \$func_quote_for_eval_result" + func_quote_arg pretty "$2" + eval "$1=\$$1\\ \$func_quote_arg_result" } fi @@ -1091,132 +1099,199 @@ } -# func_quote ARG -# -------------- -# Aesthetically quote one ARG, store the result into $func_quote_result. Note -# that we keep attention to performance here (so far O(N) complexity as long as -# func_append is O(1)). -func_quote () +# func_quote_portable EVAL ARG +# ---------------------------- +# Internal function to portably implement func_quote_arg. Note that we still +# keep attention to performance here so we as much as possible try to avoid +# calling sed binary (so far O(N) complexity as long as func_append is O(1)). +func_quote_portable () { $debug_cmd - func_quote_result=$1 + func_quote_portable_result=$2 - case $func_quote_result in - *[\\\`\"\$]*) - case $func_quote_result in - *[\[\*\?]*) - func_quote_result=`$ECHO "$func_quote_result" | $SED "$sed_quote_subst"` - return 0 - ;; - esac + # one-time-loop (easy break) + while true + do + if $1; then + func_quote_portable_result=`$ECHO "$2" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` + break + fi - func_quote_old_IFS=$IFS - for _G_char in '\' '`' '"' '$' - do - # STATE($1) PREV($2) SEPARATOR($3) - set start "" "" - func_quote_result=dummy"$_G_char$func_quote_result$_G_char"dummy - IFS=$_G_char - for _G_part in $func_quote_result - do - case $1 in - quote) - func_append func_quote_result "$3$2" - set quote "$_G_part" "\\$_G_char" - ;; - start) - set first "" "" - func_quote_result= - ;; - first) - set quote "$_G_part" "" + # Quote for eval. + case $func_quote_portable_result in + *[\\\`\"\$]*) + case $func_quote_portable_result in + *[\[\*\?]*) + func_quote_portable_result=`$ECHO "$func_quote_portable_result" \ + | $SED "$sed_quote_subst"` + break ;; - esac + esac + + func_quote_portable_old_IFS=$IFS + for _G_char in '\' '`' '"' '$' + do + # STATE($1) PREV($2) SEPARATOR($3) + set start "" "" + func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy + IFS=$_G_char + for _G_part in $func_quote_portable_result + do + case $1 in + quote) + func_append func_quote_portable_result "$3$2" + set quote "$_G_part" "\\$_G_char" + ;; + start) + set first "" "" + func_quote_portable_result= + ;; + first) + set quote "$_G_part" "" + ;; + esac + done done - IFS=$func_quote_old_IFS - done + IFS=$func_quote_portable_old_IFS + ;; + *) ;; + esac + break + done + + func_quote_portable_unquoted_result=$func_quote_portable_result + case $func_quote_portable_result in + # double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # many bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_portable_result=\"$func_quote_portable_result\" ;; - *) ;; esac } -# func_quote_for_eval ARG... -# -------------------------- -# Aesthetically quote ARGs to be evaled later. -# This function returns two values: -# i) func_quote_for_eval_result -# double-quoted, suitable for a subsequent eval -# ii) func_quote_for_eval_unquoted_result -# has all characters that are still active within double -# quotes backslashified. -func_quote_for_eval () -{ - $debug_cmd - - func_quote_for_eval_unquoted_result= - func_quote_for_eval_result= - while test 0 -lt $#; do - func_quote "$1" - _G_unquoted_arg=$func_quote_result - if test -n "$func_quote_for_eval_unquoted_result"; then - func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" - else - func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" - fi - - case $_G_unquoted_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and variable expansion - # for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_quoted_arg=\"$_G_unquoted_arg\" +# func_quotefast_eval ARG +# ----------------------- +# Quote one ARG (internal). This is equivalent to 'func_quote_arg eval ARG', +# but optimized for speed. Result is stored in $func_quotefast_eval. +if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then + printf -v _GL_test_printf_tilde %q '~' + if test '\~' = "$_GL_test_printf_tilde"; then + func_quotefast_eval () + { + printf -v func_quotefast_eval_result %q "$1" + } + else + # Broken older Bash implementations. Make those faster too if possible. + func_quotefast_eval () + { + case $1 in + '~'*) + func_quote_portable false "$1" + func_quotefast_eval_result=$func_quote_portable_result ;; *) - _G_quoted_arg=$_G_unquoted_arg - ;; + printf -v func_quotefast_eval_result %q "$1" + ;; esac + } + fi +else + func_quotefast_eval () + { + func_quote_portable false "$1" + func_quotefast_eval_result=$func_quote_portable_result + } +fi - if test -n "$func_quote_for_eval_result"; then - func_append func_quote_for_eval_result " $_G_quoted_arg" - else - func_append func_quote_for_eval_result "$_G_quoted_arg" - fi - shift - done -} - - -# func_quote_for_expand ARG -# ------------------------- -# Aesthetically quote ARG to be evaled later; same as above, -# but do not quote variable references. -func_quote_for_expand () -{ - $debug_cmd - case $1 in - *[\\\`\"]*) - _G_arg=`$ECHO "$1" | $SED \ - -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; - *) - _G_arg=$1 ;; +# func_quote_arg MODEs ARG +# ------------------------ +# Quote one ARG to be evaled later. MODEs argument may contain zero or more +# specifiers listed below separated by ',' character. This function returns two +# values: +# i) func_quote_arg_result +# double-quoted (when needed), suitable for a subsequent eval +# ii) func_quote_arg_unquoted_result +# has all characters that are still active within double +# quotes backslashified. Available only if 'unquoted' is specified. +# +# Available modes: +# ---------------- +# 'eval' (default) +# - escape shell special characters +# 'expand' +# - the same as 'eval'; but do not quote variable references +# 'pretty' +# - request aesthetic output, i.e. '"a b"' instead of 'a\ b'. This might +# be used later in func_quote to get output like: 'echo "a b"' instead +# of 'echo a\ b'. This is slower than default on some shells. +# 'unquoted' +# - produce also $func_quote_arg_unquoted_result which does not contain +# wrapping double-quotes. +# +# Examples for 'func_quote_arg pretty,unquoted string': +# +# string | *_result | *_unquoted_result +# ------------+-----------------------+------------------- +# " | \" | \" +# a b | "a b" | a b +# "a b" | "\"a b\"" | \"a b\" +# * | "*" | * +# z="${x-$y}" | "z=\"\${x-\$y}\"" | z=\"\${x-\$y}\" +# +# Examples for 'func_quote_arg pretty,unquoted,expand string': +# +# string | *_result | *_unquoted_result +# --------------+---------------------+-------------------- +# z="${x-$y}" | "z=\"${x-$y}\"" | z=\"${x-$y}\" +func_quote_arg () +{ + _G_quote_expand=false + case ,$1, in + *,expand,*) + _G_quote_expand=: + ;; esac - case $_G_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting and command substitution for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_arg=\"$_G_arg\" + case ,$1, in + *,pretty,*|*,expand,*|*,unquoted,*) + func_quote_portable $_G_quote_expand "$2" + func_quote_arg_result=$func_quote_portable_result + func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result + ;; + *) + # Faster quote-for-eval for some shells. + func_quotefast_eval "$2" + func_quote_arg_result=$func_quotefast_eval_result ;; esac +} + - func_quote_for_expand_result=$_G_arg +# func_quote MODEs ARGs... +# ------------------------ +# Quote all ARGs to be evaled later and join them into single command. See +# func_quote_arg's description for more info. +func_quote () +{ + $debug_cmd + _G_func_quote_mode=$1 ; shift + func_quote_result= + while test 0 -lt $#; do + func_quote_arg "$_G_func_quote_mode" "$1" + if test -n "$func_quote_result"; then + func_append func_quote_result " $func_quote_arg_result" + else + func_append func_quote_result "$func_quote_arg_result" + fi + shift + done } @@ -1262,8 +1337,8 @@ _G_cmd=$1 _G_fail_exp=${2-':'} - func_quote_for_expand "$_G_cmd" - eval "func_notquiet $func_quote_for_expand_result" + func_quote_arg pretty,expand "$_G_cmd" + eval "func_notquiet $func_quote_arg_result" $opt_dry_run || { eval "$_G_cmd" @@ -1288,8 +1363,8 @@ _G_fail_exp=${2-':'} $opt_quiet || { - func_quote_for_expand "$_G_cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$_G_cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || { @@ -1416,30 +1491,26 @@ # End: #! /bin/sh -# Set a version string for this script. -scriptversion=2014-01-07.03; # UTC - # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 -# Copyright (C) 2010-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This is free software. There is NO warranty; not even for +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Copyright (C) 2010-2018 Bootstrap Authors +# +# This file is dual licensed under the terms of the MIT license +# , and GPL version 3 or later +# . You must apply one of +# these licenses when using or redistributing this software or any of +# the files within it. See the URLs above, or the file `LICENSE` +# included in the Bootstrap distribution for the full license texts. -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Please report bugs or propose patches to: +# -# Please report bugs or propose patches to gary@gnu.org. +# Set a version string for this script. +scriptversion=2018-07-24.06; # UTC ## ------ ## @@ -1462,7 +1533,7 @@ # # In order for the '--version' option to work, you will need to have a # suitably formatted comment like the one at the top of this file -# starting with '# Written by ' and ending with '# warranty; '. +# starting with '# Written by ' and ending with '# Copyright'. # # For '-h' and '--help' to work, you will also need a one line # description of your script's purpose in a comment directly above the @@ -1474,7 +1545,7 @@ # to display verbose messages only when your user has specified # '--verbose'. # -# After sourcing this file, you can plug processing for additional +# After sourcing this file, you can plug in processing for additional # options by amending the variables from the 'Configuration' section # below, and following the instructions in the 'Option parsing' # section further down. @@ -1523,8 +1594,8 @@ ## ------------------------- ## # This section contains functions for adding, removing, and running hooks -# to the main code. A hook is just a named list of of function, that can -# be run in order later on. +# in the main code. A hook is just a list of function names that can be +# run in order later on. # func_hookable FUNC_NAME # ----------------------- @@ -1557,7 +1628,8 @@ # func_remove_hook FUNC_NAME HOOK_FUNC # ------------------------------------ -# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +# Remove HOOK_FUNC from the list of hook functions to be called by +# FUNC_NAME. func_remove_hook () { $debug_cmd @@ -1566,10 +1638,28 @@ } +# func_propagate_result FUNC_NAME_A FUNC_NAME_B +# --------------------------------------------- +# If the *_result variable of FUNC_NAME_A _is set_, assign its value to +# *_result variable of FUNC_NAME_B. +func_propagate_result () +{ + $debug_cmd + + func_propagate_result_result=: + if eval "test \"\${${1}_result+set}\" = set" + then + eval "${2}_result=\$${1}_result" + else + func_propagate_result_result=false + fi +} + + # func_run_hooks FUNC_NAME [ARG]... # --------------------------------- # Run all hook functions registered to FUNC_NAME. -# It is assumed that the list of hook functions contains nothing more +# It's assumed that the list of hook functions contains nothing more # than a whitespace-delimited list of legal shell function names, and # no effort is wasted trying to catch shell meta-characters or preserve # whitespace. @@ -1579,22 +1669,19 @@ case " $hookable_fns " in *" $1 "*) ;; - *) func_fatal_error "'$1' does not support hook funcions.n" ;; + *) func_fatal_error "'$1' does not support hook functions." ;; esac eval _G_hook_fns=\$$1_hooks; shift for _G_hook in $_G_hook_fns; do - eval $_G_hook '"$@"' - - # store returned options list back into positional - # parameters for next 'cmd' execution. - eval _G_hook_result=\$${_G_hook}_result - eval set dummy "$_G_hook_result"; shift + func_unset "${_G_hook}_result" + eval $_G_hook '${1+"$@"}' + func_propagate_result $_G_hook func_run_hooks + if $func_propagate_result_result; then + eval set dummy "$func_run_hooks_result"; shift + fi done - - func_quote_for_eval ${1+"$@"} - func_run_hooks_result=$func_quote_for_eval_result } @@ -1604,10 +1691,18 @@ ## --------------- ## # In order to add your own option parsing hooks, you must accept the -# full positional parameter list in your hook function, remove any -# options that you action, and then pass back the remaining unprocessed -# options in '_result', escaped suitably for -# 'eval'. Like this: +# full positional parameter list from your hook function. You may remove +# or edit any options that you action, and then pass back the remaining +# unprocessed options in '_result', escaped +# suitably for 'eval'. +# +# The '_result' variable is automatically unset +# before your hook gets called; for best performance, only set the +# *_result variable when necessary (i.e. don't call the 'func_quote' +# function unnecessarily because it can be an expensive operation on some +# machines). +# +# Like this: # # my_options_prep () # { @@ -1617,9 +1712,8 @@ # usage_message=$usage_message' # -s, --silent don'\''t print informational messages # ' -# -# func_quote_for_eval ${1+"$@"} -# my_options_prep_result=$func_quote_for_eval_result +# # No change in '$@' (ignored completely by this hook). Leave +# # my_options_prep_result variable intact. # } # func_add_hook func_options_prep my_options_prep # @@ -1628,25 +1722,36 @@ # { # $debug_cmd # -# # Note that for efficiency, we parse as many options as we can +# args_changed=false +# +# # Note that, for efficiency, we parse as many options as we can # # recognise in a loop before passing the remainder back to the # # caller on the first unrecognised argument we encounter. # while test $# -gt 0; do # opt=$1; shift # case $opt in -# --silent|-s) opt_silent=: ;; +# --silent|-s) opt_silent=: +# args_changed=: +# ;; # # Separate non-argument short options: # -s*) func_split_short_opt "$_G_opt" # set dummy "$func_split_short_opt_name" \ # "-$func_split_short_opt_arg" ${1+"$@"} # shift +# args_changed=: # ;; -# *) set dummy "$_G_opt" "$*"; shift; break ;; +# *) # Make sure the first unrecognised option "$_G_opt" +# # is added back to "$@" in case we need it later, +# # if $args_changed was set to 'true'. +# set dummy "$_G_opt" ${1+"$@"}; shift; break ;; # esac # done # -# func_quote_for_eval ${1+"$@"} -# my_silent_option_result=$func_quote_for_eval_result +# # Only call 'func_quote' here if we processed at least one argument. +# if $args_changed; then +# func_quote eval ${1+"$@"} +# my_silent_option_result=$func_quote_result +# fi # } # func_add_hook func_parse_options my_silent_option # @@ -1657,17 +1762,26 @@ # # $opt_silent && $opt_verbose && func_fatal_help "\ # '--silent' and '--verbose' options are mutually exclusive." -# -# func_quote_for_eval ${1+"$@"} -# my_option_validation_result=$func_quote_for_eval_result # } # func_add_hook func_validate_options my_option_validation # -# You'll alse need to manually amend $usage_message to reflect the extra +# You'll also need to manually amend $usage_message to reflect the extra # options you parse. It's preferable to append if you can, so that # multiple option parsing hooks can be added safely. +# func_options_finish [ARG]... +# ---------------------------- +# Finishing the option parse loop (call 'func_options' hooks ATM). +func_options_finish () +{ + $debug_cmd + + func_run_hooks func_options ${1+"$@"} + func_propagate_result func_run_hooks func_options_finish +} + + # func_options [ARG]... # --------------------- # All the functions called inside func_options are hookable. See the @@ -1677,17 +1791,27 @@ { $debug_cmd - func_options_prep ${1+"$@"} - eval func_parse_options \ - ${func_options_prep_result+"$func_options_prep_result"} - eval func_validate_options \ - ${func_parse_options_result+"$func_parse_options_result"} + _G_options_quoted=false - eval func_run_hooks func_options \ - ${func_validate_options_result+"$func_validate_options_result"} + for my_func in options_prep parse_options validate_options options_finish + do + func_unset func_${my_func}_result + func_unset func_run_hooks_result + eval func_$my_func '${1+"$@"}' + func_propagate_result func_$my_func func_options + if $func_propagate_result_result; then + eval set dummy "$func_options_result"; shift + _G_options_quoted=: + fi + done - # save modified positional parameters for caller - func_options_result=$func_run_hooks_result + $_G_options_quoted || { + # As we (func_options) are top-level options-parser function and + # nobody quoted "$@" for us yet, we need to do it explicitly for + # caller. + func_quote eval ${1+"$@"} + func_options_result=$func_quote_result + } } @@ -1696,9 +1820,8 @@ # All initialisations required before starting the option parse loop. # Note that when calling hook functions, we pass through the list of # positional parameters. If a hook function modifies that list, and -# needs to propogate that back to rest of this script, then the complete -# modified list must be put in 'func_run_hooks_result' before -# returning. +# needs to propagate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before returning. func_hookable func_options_prep func_options_prep () { @@ -1709,9 +1832,7 @@ opt_warning_types= func_run_hooks func_options_prep ${1+"$@"} - - # save modified positional parameters for caller - func_options_prep_result=$func_run_hooks_result + func_propagate_result func_run_hooks func_options_prep } @@ -1723,25 +1844,32 @@ { $debug_cmd - func_parse_options_result= - + _G_parse_options_requote=false # this just eases exit handling while test $# -gt 0; do # Defer to hook functions for initial option parsing, so they # get priority in the event of reusing an option name. func_run_hooks func_parse_options ${1+"$@"} - - # Adjust func_parse_options positional parameters to match - eval set dummy "$func_run_hooks_result"; shift + func_propagate_result func_run_hooks func_parse_options + if $func_propagate_result_result; then + eval set dummy "$func_parse_options_result"; shift + # Even though we may have changed "$@", we passed the "$@" array + # down into the hook and it quoted it for us (because we are in + # this if-branch). No need to quote it again. + _G_parse_options_requote=false + fi # Break out of the loop if we already parsed every option. test $# -gt 0 || break + # We expect that one of the options parsed in this function matches + # and thus we remove _G_opt from "$@" and need to re-quote. + _G_match_parse_options=: _G_opt=$1 shift case $_G_opt in --debug|-x) debug_cmd='set -x' - func_echo "enabling shell trace mode" + func_echo "enabling shell trace mode" >&2 $debug_cmd ;; @@ -1751,7 +1879,10 @@ ;; --warnings|--warning|-W) - test $# = 0 && func_missing_arg $_G_opt && break + if test $# = 0 && func_missing_arg $_G_opt; then + _G_parse_options_requote=: + break + fi case " $warning_categories $1" in *" $1 "*) # trailing space prevents matching last $1 above @@ -1804,15 +1935,24 @@ shift ;; - --) break ;; + --) _G_parse_options_requote=: ; break ;; -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift + _G_match_parse_options=false + break + ;; esac + + if $_G_match_parse_options; then + _G_parse_options_requote=: + fi done - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - func_parse_options_result=$func_quote_for_eval_result + if $_G_parse_options_requote; then + # save modified positional parameters for caller + func_quote eval ${1+"$@"} + func_parse_options_result=$func_quote_result + fi } @@ -1829,12 +1969,10 @@ test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" func_run_hooks func_validate_options ${1+"$@"} + func_propagate_result func_run_hooks func_validate_options # Bail if the options were screwed! $exit_cmd $EXIT_FAILURE - - # save modified positional parameters for caller - func_validate_options_result=$func_run_hooks_result } @@ -1890,8 +2028,8 @@ # func_split_equals STRING # ------------------------ -# Set func_split_equals_lhs and func_split_equals_rhs shell variables after -# splitting STRING at the '=' sign. +# Set func_split_equals_lhs and func_split_equals_rhs shell variables +# after splitting STRING at the '=' sign. test -z "$_G_HAVE_XSI_OPS" \ && (eval 'x=a/b/c; test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ @@ -1906,8 +2044,9 @@ func_split_equals_lhs=${1%%=*} func_split_equals_rhs=${1#*=} - test "x$func_split_equals_lhs" = "x$1" \ - && func_split_equals_rhs= + if test "x$func_split_equals_lhs" = "x$1"; then + func_split_equals_rhs= + fi }' else # ...otherwise fall back to using expr, which is often a shell builtin. @@ -1985,31 +2124,44 @@ # func_version # ------------ # Echo version message to standard output and exit. +# The version message is extracted from the calling file's header +# comments, with leading '# ' stripped: +# 1. First display the progname and version +# 2. Followed by the header comment line matching /^# Written by / +# 3. Then a blank line followed by the first following line matching +# /^# Copyright / +# 4. Immediately followed by any lines between the previous matches, +# except lines preceding the intervening completely blank line. +# For example, see the header comments of this file. func_version () { $debug_cmd printf '%s\n' "$progname $scriptversion" $SED -n ' - /(C)/!b go - :more - /\./!{ - N - s|\n# | | - b more - } - :go - /^# Written by /,/# warranty; / { - s|^# || - s|^# *$|| - s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| - p + /^# Written by /!b + s|^# ||; p; n + + :fwd2blnk + /./ { + n + b fwd2blnk } - /^# Written by / { - s|^# || - p + p; n + + :holdwrnt + s|^# || + s|^# *$|| + /^Copyright /!{ + /./H + n + b holdwrnt } - /^warranty; /q' < "$progpath" + + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + G + s|\(\n\)\n*|\1|g + p; q' < "$progpath" exit $? } @@ -2019,12 +2171,12 @@ # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'before-save-hook 'time-stamp) -# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-pattern: "30/scriptversion=%:y-%02m-%02d.%02H; # UTC" # time-stamp-time-zone: "UTC" # End: # Set a version string. -scriptversion='(GNU libtool) 2.4.6' +scriptversion='(GNU libtool) 2.4.6.42-b88ce' # func_echo ARG... @@ -2115,12 +2267,12 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname (GNU libtool) 2.4.6 + version: $progname (GNU libtool) 2.4.6.42-b88ce automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . -GNU libtool home page: . +GNU libtool home page: . General help using GNU software: ." exit 0 } @@ -2171,7 +2323,7 @@ # a configuration failure hint, and exit. func_fatal_configuration () { - func__fatal_error ${1+"$@"} \ + func_fatal_error ${1+"$@"} \ "See the $PACKAGE documentation for more information." \ "Fatal configuration error." } @@ -2317,6 +2469,8 @@ nonopt= preserve_args= + _G_rc_lt_options_prep=: + # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) @@ -2340,11 +2494,16 @@ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; + *) + _G_rc_lt_options_prep=false + ;; esac - # Pass back the list of options. - func_quote_for_eval ${1+"$@"} - libtool_options_prep_result=$func_quote_for_eval_result + if $_G_rc_lt_options_prep; then + # Pass back the list of options. + func_quote eval ${1+"$@"} + libtool_options_prep_result=$func_quote_result + fi } func_add_hook func_options_prep libtool_options_prep @@ -2356,9 +2515,12 @@ { $debug_cmd + _G_rc_lt_parse_options=false + # Perform our own loop to consume as many options as possible in # each iteration. while test $# -gt 0; do + _G_match_lt_parse_options=: _G_opt=$1 shift case $_G_opt in @@ -2433,15 +2595,20 @@ func_append preserve_args " $_G_opt" ;; - # An option not handled by this hook function: - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"} ; shift + _G_match_lt_parse_options=false + break + ;; esac + $_G_match_lt_parse_options && _G_rc_lt_parse_options=: done - - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - libtool_parse_options_result=$func_quote_for_eval_result + if $_G_rc_lt_parse_options; then + # save modified positional parameters for caller + func_quote eval ${1+"$@"} + libtool_parse_options_result=$func_quote_result + fi } func_add_hook func_parse_options libtool_parse_options @@ -2498,8 +2665,8 @@ } # Pass back the unparsed argument list - func_quote_for_eval ${1+"$@"} - libtool_validate_options_result=$func_quote_for_eval_result + func_quote eval ${1+"$@"} + libtool_validate_options_result=$func_quote_result } func_add_hook func_validate_options libtool_validate_options @@ -3465,8 +3632,8 @@ esac done - func_quote_for_eval "$libobj" - test "X$libobj" != "X$func_quote_for_eval_result" \ + func_quote_arg pretty "$libobj" + test "X$libobj" != "X$func_quote_arg_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" @@ -3539,8 +3706,8 @@ func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result - func_quote_for_eval "$srcfile" - qsrcfile=$func_quote_for_eval_result + func_quote_arg pretty "$srcfile" + qsrcfile=$func_quote_arg_result # Only build a PIC object if we are building libtool libraries. if test yes = "$build_libtool_libs"; then @@ -4143,8 +4310,8 @@ case $nonopt in *shtool*) :;; *) false;; esac then # Aesthetically quote it. - func_quote_for_eval "$nonopt" - install_prog="$func_quote_for_eval_result " + func_quote_arg pretty "$nonopt" + install_prog="$func_quote_arg_result " arg=$1 shift else @@ -4154,8 +4321,8 @@ # The real first argument should be the name of the installation program. # Aesthetically quote it. - func_quote_for_eval "$arg" - func_append install_prog "$func_quote_for_eval_result" + func_quote_arg pretty "$arg" + func_append install_prog "$func_quote_arg_result" install_shared_prog=$install_prog case " $install_prog " in *[\\\ /]cp\ *) install_cp=: ;; @@ -4212,12 +4379,12 @@ esac # Aesthetically quote the argument. - func_quote_for_eval "$arg" - func_append install_prog " $func_quote_for_eval_result" + func_quote_arg pretty "$arg" + func_append install_prog " $func_quote_arg_result" if test -n "$arg2"; then - func_quote_for_eval "$arg2" + func_quote_arg pretty "$arg2" fi - func_append install_shared_prog " $func_quote_for_eval_result" + func_append install_shared_prog " $func_quote_arg_result" done test -z "$install_prog" && \ @@ -4228,8 +4395,8 @@ if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else - func_quote_for_eval "$install_override_mode" - func_append install_shared_prog " -m $func_quote_for_eval_result" + func_quote_arg pretty "$install_override_mode" + func_append install_shared_prog " -m $func_quote_arg_result" fi fi @@ -4525,8 +4692,8 @@ relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_quiet || { - func_quote_for_expand "$relink_command" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$relink_command" + eval "func_echo $func_quote_arg_result" } if eval "$relink_command"; then : else @@ -5305,8 +5472,8 @@ if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" - func_quote "$ECHO" - qECHO=$func_quote_result + func_quote_arg pretty "$ECHO" + qECHO=$func_quote_arg_result $ECHO "\ # A function that is used when there is no print builtin or printf. @@ -5316,7 +5483,7 @@ \$1 _LTECHO_EOF' } - ECHO=\"$qECHO\" + ECHO=$qECHO fi # Very basic option parsing. These options are (a) specific to @@ -6659,9 +6826,9 @@ while test "$#" -gt 0; do arg=$1 shift - func_quote_for_eval "$arg" - qarg=$func_quote_for_eval_unquoted_result - func_append libtool_args " $func_quote_for_eval_result" + func_quote_arg pretty,unquoted "$arg" + qarg=$func_quote_arg_unquoted_result + func_append libtool_args " $func_quote_arg_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then @@ -7259,9 +7426,9 @@ save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $func_quote_for_eval_result" - func_append compiler_flags " $func_quote_for_eval_result" + func_quote_arg pretty "$flag" + func_append arg " $func_quote_arg_result" + func_append compiler_flags " $func_quote_arg_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" @@ -7275,10 +7442,10 @@ save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $wl$func_quote_for_eval_result" - func_append compiler_flags " $wl$func_quote_for_eval_result" - func_append linker_flags " $func_quote_for_eval_result" + func_quote_arg pretty "$flag" + func_append arg " $wl$func_quote_arg_result" + func_append compiler_flags " $wl$func_quote_arg_result" + func_append linker_flags " $func_quote_arg_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" @@ -7302,8 +7469,8 @@ # -msg_* for osf cc -msg_*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; # Flags to be passed through unchanged, with rationale: @@ -7328,8 +7495,8 @@ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ -specs=*|-fsanitize=*|-fuse-ld=*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" @@ -7350,15 +7517,15 @@ continue else # Otherwise treat like 'Some other compiler flag' below - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result fi ;; # Some other compiler flag. -* | +*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; *.$objext) @@ -7478,8 +7645,8 @@ *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; esac # arg @@ -9985,8 +10152,8 @@ for cmd in $concat_cmds; do IFS=$save_ifs $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? @@ -10079,8 +10246,8 @@ eval cmd=\"$cmd\" IFS=$save_ifs $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? @@ -10554,12 +10721,13 @@ elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + func_quote_arg pretty "$var_value" + relink_command="$var=$func_quote_arg_result; export $var; $relink_command" fi done - func_quote "(cd `pwd`; $relink_command)" - relink_command=$func_quote_result + func_quote eval cd "`pwd`" + func_quote_arg pretty,unquoted "($func_quote_result; $relink_command)" + relink_command=$func_quote_arg_unquoted_result fi # Only actually do things if not in dry run mode. @@ -10799,14 +10967,15 @@ elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + func_quote_arg pretty,unquoted "$var_value" + relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command" fi done # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - func_quote "$relink_command" - relink_command=$func_quote_result + func_quote eval cd "`pwd`" + relink_command="($func_quote_result; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + func_quote_arg pretty,unquoted "$relink_command" + relink_command=$func_quote_arg_unquoted_result if test yes = "$hardcode_automatic"; then relink_command= fi diff -Nru libseccomp-2.3.1/build-aux/missing libseccomp-2.4.1/build-aux/missing --- libseccomp-2.3.1/build-aux/missing 2016-04-20 19:52:27.374295321 +0000 +++ libseccomp-2.4.1/build-aux/missing 2019-04-17 21:02:40.436271313 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2013-10-28.13; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -101,9 +101,9 @@ exit $st fi -perl_URL=http://www.perl.org/ -flex_URL=http://flex.sourceforge.net/ -gnu_software_URL=http://www.gnu.org/software +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software program_details () { @@ -207,9 +207,9 @@ exit $st # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru libseccomp-2.3.1/CHANGELOG libseccomp-2.4.1/CHANGELOG --- libseccomp-2.3.1/CHANGELOG 2016-04-20 20:07:54.036225968 +0000 +++ libseccomp-2.4.1/CHANGELOG 2019-04-17 21:00:50.822367975 +0000 @@ -2,6 +2,43 @@ =============================================================================== https://github.com/seccomp/libseccomp +* Version 2.4.1 - April 17, 2019 +- Fix a BPF generation bug where the optimizer mistakenly identified duplicate + BPF code blocks + +* Version 2.4.0 - March 14, 2019 +- Update the syscall table for Linux v5.0-rc5 +- Added support for the SCMP_ACT_KILL_PROCESS action +- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute +- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument + comparison macros to help protect against unexpected sign extension +- Added support for the parisc and parisc64 architectures +- Added the ability to query and set the libseccomp API level via + seccomp_api_get(3) and seccomp_api_set(3) +- Return -EDOM on an endian mismatch when adding an architecture to a filter +- Renumber the pseudo syscall number for subpage_prot() so it no longer + conflicts with spu_run() +- Fix PFC generation when a syscall is prioritized, but no rule exists +- Numerous fixes to the seccomp-bpf filter generation code +- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 +- Numerous tests added to the included test suite, coverage now at ~92% +- Update our Travis CI configuration to use Ubuntu 16.04 +- Numerous documentation fixes and updates + +* Version 2.3.3 - January 10, 2018 +- Updated the syscall table for Linux v4.15-rc7 + +* Version 2.3.2 - February 27, 2017 +- Achieved full compliance with the CII Best Practices program +- Added Travis CI builds to the GitHub repository +- Added code coverage reporting with the "--enable-code-coverage" configure + flag and added Coveralls to the GitHub repository +- Updated the syscall tables to match Linux v4.10-rc6+ +- Support for building with Python v3.x +- Allow rules with the -1 syscall if the SCMP_FLTATR_API_TSKIP attribute is + set to true +- Several small documentation fixes + * Version 2.3.1 - April 20, 2016 - Fixed a problem with 32-bit x86 socket syscalls on some systems - Fixed problems with ipc syscalls on 32-bit x86 diff -Nru libseccomp-2.3.1/configure libseccomp-2.4.1/configure --- libseccomp-2.3.1/configure 2016-04-20 20:11:09.226211359 +0000 +++ libseccomp-2.4.1/configure 2019-04-17 21:02:39.702934165 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libseccomp 2.3.1. +# Generated by GNU Autoconf 2.69 for libseccomp 2.4.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='libseccomp' PACKAGE_TARNAME='libseccomp' -PACKAGE_VERSION='2.3.1' -PACKAGE_STRING='libseccomp 2.3.1' +PACKAGE_VERSION='2.4.1' +PACKAGE_STRING='libseccomp 2.4.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -633,11 +633,32 @@ am__EXEEXT_TRUE LTLIBOBJS LIBOBJS +CODE_COVERAGE_RULES +CODE_COVERAGE_LDFLAGS +CODE_COVERAGE_LIBS +CODE_COVERAGE_CXXFLAGS +CODE_COVERAGE_CFLAGS +CODE_COVERAGE_CPPFLAGS +GENHTML +LCOV +GCOV +CODE_COVERAGE_ENABLED +CODE_COVERAGE_ENABLED_FALSE +CODE_COVERAGE_ENABLED_TRUE COVERITY_FALSE COVERITY_TRUE have_coverity ENABLE_PYTHON_FALSE ENABLE_PYTHON_TRUE +pkgpyexecdir +pyexecdir +pkgpythondir +pythondir +PYTHON_PLATFORM +PYTHON_EXEC_PREFIX +PYTHON_PREFIX +PYTHON_VERSION +PYTHON have_cython VERSION_MICRO VERSION_MINOR @@ -683,7 +704,6 @@ AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE -am__quote am__include DEPDIR OBJEXT @@ -757,7 +777,8 @@ PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR -SHELL' +SHELL +am__quote' ac_subst_files='' ac_user_opts=' enable_option_checking @@ -772,6 +793,8 @@ with_sysroot enable_libtool_lock enable_python +with_gcov +enable_code_coverage ' ac_precious_vars='build_alias host_alias @@ -782,7 +805,8 @@ LIBS CPPFLAGS LT_SYS_LIBRARY_PATH -CPP' +CPP +PYTHON' # Initialize some variables set by options. @@ -1323,7 +1347,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libseccomp 2.3.1 to adapt to many kinds of systems. +\`configure' configures libseccomp 2.4.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1393,7 +1417,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libseccomp 2.3.1:";; + short | recursive ) echo "Configuration of libseccomp 2.4.1:";; esac cat <<\_ACEOF @@ -1413,6 +1437,7 @@ optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-python build the python bindings, requires cython + --enable-code-coverage Whether to enable code coverage support Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1425,6 +1450,7 @@ --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified). + --with-gcov=GCOV use given GCOV for coverage (GCOV=gcov). Some influential environment variables: CC C compiler command @@ -1437,6 +1463,7 @@ LT_SYS_LIBRARY_PATH User-defined run-time library search path. CPP C preprocessor + PYTHON the Python interpreter Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1504,7 +1531,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libseccomp configure 2.3.1 +libseccomp configure 2.4.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1782,7 +1809,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libseccomp $as_me 2.3.1, which was +It was created by libseccomp $as_me 2.4.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2166,7 +2193,7 @@ -am__api_version='1.14' +am__api_version='1.16' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -2338,8 +2365,8 @@ ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in @@ -2358,7 +2385,7 @@ $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -2652,7 +2679,7 @@ # Define the identity of the package. PACKAGE='libseccomp' - VERSION='2.3.1' + VERSION='2.4.1' cat >>confdefs.h <<_ACEOF @@ -2682,12 +2709,12 @@ # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: -# -# +# +# mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -2819,7 +2846,7 @@ Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . +that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM @@ -2830,6 +2857,7 @@ fi fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3681,45 +3709,45 @@ ac_config_commands="$ac_config_commands depfiles" - -am_make=${MAKE-make} -cat > confinc << 'END' +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +cat > confinc.mk << 'END' am__doit: - @echo this is the am__doit target + @echo this is the am__doit target >confinc.out .PHONY: am__doit END -# If we don't find an include directive, just comment out the code. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 -$as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= -_am_result=none -# First try GNU make style include. -echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac -# Now try BSD make style include. -if test "$am__include" = "#"; then - echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 + (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + case $?:`cat confinc.out 2>/dev/null` in #( + '0:this is the am__doit target') : + case $s in #( + BSD) : + am__include='.include' am__quote='"' ;; #( + *) : + am__include='include' am__quote='' ;; +esac ;; #( + *) : ;; - esac -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 -$as_echo "$_am_result" >&6; } -rm -f confinc confmf +esac + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +$as_echo "${_am_result}" >&6; } # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : @@ -4051,8 +4079,8 @@ -macro_version='2.4.6' -macro_revision='2.4.6' +macro_version='2.4.6.42-b88ce' +macro_revision='2.4.6.42' @@ -5714,13 +5742,29 @@ fi : ${AR=ar} -: ${AR_FLAGS=cru} +# Use ARFLAGS variable as AR's operation code to sync the variable naming with +# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have +# higher priority because thats what people were doing historically (setting +# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS +# variable obsoleted/removed. + +test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr} +lt_ar_flags=$AR_FLAGS + + + + + + +# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override +# by AR_FLAGS because that was never working and AR_FLAGS is about to die. + @@ -6169,7 +6213,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, + # Also find C++ and __fastcall symbols from MSVC++ or ICC, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ @@ -7438,8 +7482,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cru libconftest.a conftest.o" >&5 - $AR cru libconftest.a conftest.o 2>&5 + echo "$AR $AR_FLAGS libconftest.a conftest.o" >&5 + $AR $AR_FLAGS libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF @@ -8100,8 +8144,8 @@ ofile=libtool can_build_shared=yes -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). +# All known linkers require a '.a' archive for static linking (except MSVC and +# ICC, which need '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld @@ -9028,15 +9072,15 @@ case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time + # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) + # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC) with_gnu_ld=yes ;; openbsd* | bitrig*) @@ -9200,6 +9244,7 @@ emximp -o $lib $output_objdir/$libname.def' old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes + file_list_spec='@' ;; interix[3-9]*) @@ -9417,7 +9462,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no @@ -9684,12 +9729,12 @@ cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in - cl*) - # Native MSVC + cl* | icl*) + # Native MSVC or ICC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes @@ -9730,7 +9775,7 @@ fi' ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. @@ -10054,6 +10099,7 @@ emximp -o $lib $output_objdir/$libname.def' old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes + file_list_spec='@' ;; osf3*) @@ -10761,8 +10807,8 @@ dynamic_linker='Win32 ld.exe' ;; - *,cl*) - # Native MSVC + *,cl* | *,icl*) + # Native MSVC or ICC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' @@ -10818,7 +10864,7 @@ ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; @@ -10862,14 +10908,7 @@ *) objformat=elf ;; esac fi - # Handle Gentoo/FreeBSD as it was Linux - case $host_vendor in - gentoo) - version_type=linux ;; - *) - version_type=freebsd-$objformat ;; - esac - + version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' @@ -10881,12 +10920,6 @@ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; - linux) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - need_lib_prefix=no - need_version=no - ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in @@ -12010,30 +12043,41 @@ old_striplib= { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } +if test -z "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then + if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + case $host_os in + darwin*) + # FIXME - insert some real tests, host_os isn't really good enough striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + ;; + freebsd*) + if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - fi - ;; - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ;; - esac + ;; + esac + fi fi @@ -12263,6 +12307,213 @@ fi + + + + + + # Find any Python interpreter. + if test -z "$PYTHON"; then + for ac_prog in python python2 python3 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PYTHON+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PYTHON=$ac_cv_path_PYTHON +if test -n "$PYTHON"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +$as_echo "$PYTHON" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$PYTHON" && break +done +test -n "$PYTHON" || PYTHON=":" + + fi + am_display_PYTHON=python + + + if test "$PYTHON" = :; then + as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 + else + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 +$as_echo_n "checking for $am_display_PYTHON version... " >&6; } +if ${am_cv_python_version+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 +$as_echo "$am_cv_python_version" >&6; } + PYTHON_VERSION=$am_cv_python_version + + + + PYTHON_PREFIX='${prefix}' + + PYTHON_EXEC_PREFIX='${exec_prefix}' + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 +$as_echo_n "checking for $am_display_PYTHON platform... " >&6; } +if ${am_cv_python_platform+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 +$as_echo "$am_cv_python_platform" >&6; } + PYTHON_PLATFORM=$am_cv_python_platform + + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[:3] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 +$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } +if ${am_cv_python_pythondir+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 +$as_echo "$am_cv_python_pythondir" >&6; } + pythondir=$am_cv_python_pythondir + + + + pkgpythondir=\${pythondir}/$PACKAGE + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 +$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } +if ${am_cv_python_pyexecdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 +$as_echo "$am_cv_python_pyexecdir" >&6; } + pyexecdir=$am_cv_python_pyexecdir + + + + pkgpyexecdir=\${pyexecdir}/$PACKAGE + + + + fi + + + fi if test "$enable_python" = yes; then ENABLE_PYTHON_TRUE= @@ -12325,6 +12576,377 @@ fi + + + + # allow to override gcov location + +# Check whether --with-gcov was given. +if test "${with_gcov+set}" = set; then : + withval=$with_gcov; _AX_CODE_COVERAGE_GCOV_PROG_WITH=$with_gcov +else + _AX_CODE_COVERAGE_GCOV_PROG_WITH=gcov +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with code coverage support" >&5 +$as_echo_n "checking whether to build with code coverage support... " >&6; } + # Check whether --enable-code-coverage was given. +if test "${enable_code_coverage+set}" = set; then : + enableval=$enable_code_coverage; +else + enable_code_coverage=no +fi + + + if test x$enable_code_coverage = xyes; then + CODE_COVERAGE_ENABLED_TRUE= + CODE_COVERAGE_ENABLED_FALSE='#' +else + CODE_COVERAGE_ENABLED_TRUE='#' + CODE_COVERAGE_ENABLED_FALSE= +fi + + CODE_COVERAGE_ENABLED=$enable_code_coverage + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_code_coverage" >&5 +$as_echo "$enable_code_coverage" >&6; } + + if test "$enable_code_coverage" = "yes" ; then : + + # check for gcov + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH", so it can be a program name with args. +set dummy ${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_GCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$GCOV"; then + ac_cv_prog_GCOV="$GCOV" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_GCOV="${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +GCOV=$ac_cv_prog_GCOV +if test -n "$GCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCOV" >&5 +$as_echo "$GCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_GCOV"; then + ac_ct_GCOV=$GCOV + # Extract the first word of "$_AX_CODE_COVERAGE_GCOV_PROG_WITH", so it can be a program name with args. +set dummy $_AX_CODE_COVERAGE_GCOV_PROG_WITH; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_GCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_GCOV"; then + ac_cv_prog_ac_ct_GCOV="$ac_ct_GCOV" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_GCOV="$_AX_CODE_COVERAGE_GCOV_PROG_WITH" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_GCOV=$ac_cv_prog_ac_ct_GCOV +if test -n "$ac_ct_GCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_GCOV" >&5 +$as_echo "$ac_ct_GCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_GCOV" = x; then + GCOV=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + GCOV=$ac_ct_GCOV + fi +else + GCOV="$ac_cv_prog_GCOV" +fi + + if test "X$GCOV" = "X:"; then : + as_fn_error $? "gcov is needed to do coverage" "$LINENO" 5 +fi + + + if test "$GCC" = "no" ; then : + + as_fn_error $? "not compiling with gcc, which is required for gcov code coverage" "$LINENO" 5 + +fi + + # Extract the first word of "lcov", so it can be a program name with args. +set dummy lcov; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LCOV"; then + ac_cv_prog_LCOV="$LCOV" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LCOV="lcov" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LCOV=$ac_cv_prog_LCOV +if test -n "$LCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LCOV" >&5 +$as_echo "$LCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + # Extract the first word of "genhtml", so it can be a program name with args. +set dummy genhtml; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_GENHTML+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$GENHTML"; then + ac_cv_prog_GENHTML="$GENHTML" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_GENHTML="genhtml" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +GENHTML=$ac_cv_prog_GENHTML +if test -n "$GENHTML"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GENHTML" >&5 +$as_echo "$GENHTML" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + if test -z "$LCOV" ; then : + + as_fn_error $? "To enable code coverage reporting you must have lcov installed" "$LINENO" 5 + +fi + + if test -z "$GENHTML" ; then : + + as_fn_error $? "Could not find genhtml from the lcov package" "$LINENO" 5 + +fi + + CODE_COVERAGE_CPPFLAGS="-DNDEBUG" + CODE_COVERAGE_CFLAGS="-O0 -g -fprofile-arcs -ftest-coverage" + CODE_COVERAGE_CXXFLAGS="-O0 -g -fprofile-arcs -ftest-coverage" + CODE_COVERAGE_LIBS="-lgcov" + CODE_COVERAGE_LDFLAGS="$CODE_COVERAGE_LIBS" + + + + + + + + CODE_COVERAGE_RULES_CHECK=' + -$(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) -k check + $(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) code-coverage-capture +' + CODE_COVERAGE_RULES_CAPTURE=' + $(code_coverage_v_lcov_cap)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --capture --output-file "$(CODE_COVERAGE_OUTPUT_FILE).tmp" --test-name "$(call code_coverage_sanitize,$(PACKAGE_NAME)-$(PACKAGE_VERSION))" --no-checksum --compat-libtool $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_OPTIONS) + $(code_coverage_v_lcov_ign)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --remove "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "/tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN) --output-file "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_RMOPTS) + -@rm -f $(CODE_COVERAGE_OUTPUT_FILE).tmp + $(code_coverage_v_genhtml)LANG=C $(GENHTML) $(code_coverage_quiet) $(addprefix --prefix ,$(CODE_COVERAGE_DIRECTORY)) --output-directory "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" --title "$(PACKAGE_NAME)-$(PACKAGE_VERSION) Code Coverage" --legend --show-details "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_GENHTML_OPTIONS) + @echo "file://$(abs_builddir)/$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html" +' + CODE_COVERAGE_RULES_CLEAN=' +clean: code-coverage-clean +distclean: code-coverage-clean +code-coverage-clean: + -$(LCOV) --directory $(top_builddir) -z + -rm -rf $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_FILE).tmp $(CODE_COVERAGE_OUTPUT_DIRECTORY) + -find . \( -name "*.gcda" -o -name "*.gcno" -o -name "*.gcov" \) -delete +' + +else + + CODE_COVERAGE_RULES_CHECK=' + @echo "Need to reconfigure with --enable-code-coverage" +' + CODE_COVERAGE_RULES_CAPTURE="$CODE_COVERAGE_RULES_CHECK" + CODE_COVERAGE_RULES_CLEAN='' + +fi + +CODE_COVERAGE_RULES=' +# Code coverage +# +# Optional: +# - CODE_COVERAGE_DIRECTORY: Top-level directory for code coverage reporting. +# Multiple directories may be specified, separated by whitespace. +# (Default: $(top_builddir)) +# - CODE_COVERAGE_OUTPUT_FILE: Filename and path for the .info file generated +# by lcov for code coverage. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info) +# - CODE_COVERAGE_OUTPUT_DIRECTORY: Directory for generated code coverage +# reports to be created. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage) +# - CODE_COVERAGE_BRANCH_COVERAGE: Set to 1 to enforce branch coverage, +# set to 0 to disable it and leave empty to stay with the default. +# (Default: empty) +# - CODE_COVERAGE_LCOV_SHOPTS_DEFAULT: Extra options shared between both lcov +# instances. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE) +# - CODE_COVERAGE_LCOV_SHOPTS: Extra options to shared between both lcov +# instances. (Default: $CODE_COVERAGE_LCOV_SHOPTS_DEFAULT) +# - CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH: --gcov-tool pathtogcov +# - CODE_COVERAGE_LCOV_OPTIONS_DEFAULT: Extra options to pass to the +# collecting lcov instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH) +# - CODE_COVERAGE_LCOV_OPTIONS: Extra options to pass to the collecting lcov +# instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_DEFAULT) +# - CODE_COVERAGE_LCOV_RMOPTS_DEFAULT: Extra options to pass to the filtering +# lcov instance. (Default: empty) +# - CODE_COVERAGE_LCOV_RMOPTS: Extra options to pass to the filtering lcov +# instance. (Default: $CODE_COVERAGE_LCOV_RMOPTS_DEFAULT) +# - CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT: Extra options to pass to the +# genhtml instance. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE) +# - CODE_COVERAGE_GENHTML_OPTIONS: Extra options to pass to the genhtml +# instance. (Default: $CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT) +# - CODE_COVERAGE_IGNORE_PATTERN: Extra glob pattern of files to ignore +# +# The generated report will be titled using the $(PACKAGE_NAME) and +# $(PACKAGE_VERSION). In order to add the current git hash to the title, +# use the git-version-gen script, available online. + +# Optional variables +CODE_COVERAGE_DIRECTORY ?= $(top_builddir) +CODE_COVERAGE_OUTPUT_FILE ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info +CODE_COVERAGE_OUTPUT_DIRECTORY ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage +CODE_COVERAGE_BRANCH_COVERAGE ?= +CODE_COVERAGE_LCOV_SHOPTS_DEFAULT ?= $(if $(CODE_COVERAGE_BRANCH_COVERAGE),\ +--rc lcov_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +CODE_COVERAGE_LCOV_SHOPTS ?= $(CODE_COVERAGE_LCOV_SHOPTS_DEFAULT) +CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH ?= --gcov-tool "$(GCOV)" +CODE_COVERAGE_LCOV_OPTIONS_DEFAULT ?= $(CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH) +CODE_COVERAGE_LCOV_OPTIONS ?= $(CODE_COVERAGE_LCOV_OPTIONS_DEFAULT) +CODE_COVERAGE_LCOV_RMOPTS_DEFAULT ?= +CODE_COVERAGE_LCOV_RMOPTS ?= $(CODE_COVERAGE_LCOV_RMOPTS_DEFAULT) +CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=\ +$(if $(CODE_COVERAGE_BRANCH_COVERAGE),\ +--rc genhtml_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULTS) +CODE_COVERAGE_IGNORE_PATTERN ?= + +code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V)) +code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_lcov_cap_0 = @echo " LCOV --capture"\ + $(CODE_COVERAGE_OUTPUT_FILE); +code_coverage_v_lcov_ign = $(code_coverage_v_lcov_ign_$(V)) +code_coverage_v_lcov_ign_ = $(code_coverage_v_lcov_ign_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_lcov_ign_0 = @echo " LCOV --remove /tmp/*"\ + $(CODE_COVERAGE_IGNORE_PATTERN); +code_coverage_v_genhtml = $(code_coverage_v_genhtml_$(V)) +code_coverage_v_genhtml_ = $(code_coverage_v_genhtml_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_genhtml_0 = @echo " GEN " $(CODE_COVERAGE_OUTPUT_DIRECTORY); +code_coverage_quiet = $(code_coverage_quiet_$(V)) +code_coverage_quiet_ = $(code_coverage_quiet_$(AM_DEFAULT_VERBOSITY)) +code_coverage_quiet_0 = --quiet + +# sanitizes the test-name: replaces with underscores: dashes and dots +code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1))) + +# Use recursive makes in order to ignore errors during check +check-code-coverage:'"$CODE_COVERAGE_RULES_CHECK"' + +# Capture code coverage data +code-coverage-capture: code-coverage-capture-hook'"$CODE_COVERAGE_RULES_CAPTURE"' + +# Hook rule executed before code-coverage-capture, overridable by the user +code-coverage-capture-hook: + +'"$CODE_COVERAGE_RULES_CLEAN"' + +GITIGNOREFILES ?= +GITIGNOREFILES += $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) + +A''M_DISTCHECK_CONFIGURE_FLAGS ?= +A''M_DISTCHECK_CONFIGURE_FLAGS += --disable-code-coverage + +.PHONY: check-code-coverage code-coverage-capture code-coverage-capture-hook code-coverage-clean +' + + + + + ac_config_files="$ac_config_files libseccomp.pc include/seccomp.h" @@ -12472,6 +13094,10 @@ as_fn_error $? "conditional \"COVERITY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${CODE_COVERAGE_ENABLED_TRUE}" && test -z "${CODE_COVERAGE_ENABLED_FALSE}"; then + as_fn_error $? "conditional \"CODE_COVERAGE_ENABLED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -12869,7 +13495,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libseccomp $as_me 2.3.1, which was +This file was extended by libseccomp $as_me 2.4.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -12935,7 +13561,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libseccomp config.status 2.3.1 +libseccomp config.status 2.4.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -13054,7 +13680,7 @@ # # INIT-COMMANDS # -AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" +AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" # The HP-UX ksh and POSIX shell print the target directory to stdout @@ -13106,6 +13732,7 @@ DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +lt_ar_flags='`$ECHO "$lt_ar_flags" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' @@ -13234,7 +13861,6 @@ DLLTOOL \ sharedlib_from_linklib_cmd \ AR \ -AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ @@ -13958,29 +14584,35 @@ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + case $CONFIG_FILES in #( + *\'*) : + eval set x "$CONFIG_FILES" ;; #( + *) : + set x $CONFIG_FILES ;; #( + *) : + ;; +esac shift - for mf + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf do # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line + am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`$as_dirname -- "$mf" || -$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$mf" : 'X\(//\)[^/]' \| \ - X"$mf" : 'X\(//\)$' \| \ - X"$mf" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$mf" | + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`$as_dirname -- "$am_mf" || +$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$am_mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -13998,53 +14630,48 @@ q } s/.*/./; q'` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`$as_dirname -- "$file" || -$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$file" : 'X\(//\)[^/]' \| \ - X"$file" : 'X\(//\)$' \| \ - X"$file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ + am_filepart=`$as_basename -- "$am_mf" || +$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } - /^X\(\/\/\)$/{ + /^X\/\(\/\/\)$/{ s//\1/ q } - /^X\(\/\).*/{ + /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` - as_dir=$dirpart/$fdir; as_fn_mkdir_p - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + { echo "$as_me:$LINENO: cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles" >&5 + (cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } || am_rc=$? done + if test $am_rc -ne 0; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). +See \`config.log' for more details" "$LINENO" 5; } + fi + { am_dirpart=; unset am_dirpart;} + { am_filepart=; unset am_filepart;} + { am_mf=; unset am_mf;} + { am_rc=; unset am_rc;} + rm -f conftest-deps.mk } ;; "libtool":C) @@ -14206,8 +14833,11 @@ # The archiver. AR=$lt_AR +# Flags to create an archive (by configure). +lt_ar_flags=$lt_ar_flags + # Flags to create an archive. -AR_FLAGS=$lt_AR_FLAGS +AR_FLAGS=\${ARFLAGS-"\$lt_ar_flags"} # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec diff -Nru libseccomp-2.3.1/configure.ac libseccomp-2.4.1/configure.ac --- libseccomp-2.3.1/configure.ac 2016-04-20 20:08:22.393223845 +0000 +++ libseccomp-2.4.1/configure.ac 2019-04-17 21:02:07.566100381 +0000 @@ -19,7 +19,7 @@ dnl #### dnl libseccomp defines dnl #### -AC_INIT([libseccomp], [2.3.1]) +AC_INIT([libseccomp], [2.4.1]) dnl #### dnl autoconf configuration @@ -112,6 +112,7 @@ AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 16], [ AC_MSG_ERROR([python bindings require cython 0.16 or higher]) ]) + AM_PATH_PYTHON ]) AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) AC_DEFINE_UNQUOTED([ENABLE_PYTHON], @@ -125,6 +126,12 @@ AM_CONDITIONAL(COVERITY, test "$have_coverity" = yes) dnl #### +dnl code coverage checks +dnl -> https://www.gnu.org/software/autoconf-archive/ax_code_coverage.html +dnl #### +AX_CODE_COVERAGE + +dnl #### dnl version dependent files dnl #### AC_CONFIG_FILES([ diff -Nru libseccomp-2.3.1/CONTRIBUTING.md libseccomp-2.4.1/CONTRIBUTING.md --- libseccomp-2.3.1/CONTRIBUTING.md 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/CONTRIBUTING.md 2018-12-03 23:53:10.173975678 +0000 @@ -0,0 +1,134 @@ +How to Submit Patches to the libseccomp Project +=============================================================================== +https://github.com/seccomp/libseccomp + +This document is intended to act as a guide to help you contribute to the +libseccomp project. It is not perfect, and there will always be exceptions +to the rules described here, but by following the instructions below you +should have a much easier time getting your work merged with the upstream +project. + +## Test Your Code + +There are three possible tests you can run to verify your code. The first +test is used to check the formatting and coding style of your changes, you +can run the test with the following command: + + # make check-syntax + +... if there are any problems with your changes a diff/patch will be shown +which indicates the problems and how to fix them. + +The second possible test is used to ensure that the different internal syscall +tables are consistent and to test your changes against the automated test +suite. You can run the test with the following command: + + # make check + +... if there are any faults or errors they will be displayed; beware that the +tests can run for some time and produce a lot of output. + +The third possible test is used to validate libseccomp against a live, running +system using some simple regression tests. After ensuring that your system +supports seccomp filters you can run the live tests with the following +command: + + # make check-build + # (cd tests; ./regression -T live) + +... if there are any faults or errors they will be displayed. + +## Make Sure Your Code is Tested + +The libseccomp code includes a fairly extensive test suite and any submissions +which add functionality, or significantly change the existing code, should +include additional tests to verify the proper operation of the proposed +changes. + +Code coverage analysis tools have been integrated into the libseccomp code +base, and can be enabled via the "--enable-code-coverage" configure flag and +the "check-code-coverage" make target. Additional details on generating code +coverage information can be found in the .travis.yml file. + +## Generate the Patch(es) + +Depending on how you decided to work with the libseccomp code base and what +tools you are using there are different ways to generate your patch(es). +However, regardless of what tools you use, you should always generate your +patches using the "unified" diff/patch format and the patches should always +apply to the libseccomp source tree using the following command from the top +directory of the libseccomp sources: + + # patch -p1 < changes.patch + +If you are not using git, stacked git (stgit), or some other tool which can +generate patch files for you automatically, you may find the following command +helpful in generating patches, where "libseccomp.orig/" is the unmodified +source code directory and "libseccomp/" is the source code directory with your +changes: + + # diff -purN libseccomp.orig/ libseccomp/ + +When in doubt please generate your patch and try applying it to an unmodified +copy of the libseccomp sources; if it fails for you, it will fail for the rest +of us. + +## Explain Your Work + +At the top of every patch you should include a description of the problem you +are trying to solve, how you solved it, and why you chose the solution you +implemented. If you are submitting a bug fix, it is also incredibly helpful +if you can describe/include a reproducer for the problem in the description as +well as instructions on how to test for the bug and verify that it has been +fixed. + +## Sign Your Work + +The sign-off is a simple line at the end of the patch description, which +certifies that you wrote it or otherwise have the right to pass it on as an +open-source patch. The "Developer's Certificate of Origin" pledge is taken +from the Linux Kernel and the rules are pretty simple: + + Developer's Certificate of Origin 1.1 + + By making a contribution to this project, I certify that: + + (a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + + (b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + + (c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + + (d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. + +... then you just add a line to the bottom of your patch description, with +your real name, saying: + + Signed-off-by: Random J Developer + +## Email Your Patch(es) + +Finally, you will need to email your patches to the mailing list so they can +be reviewed and potentially merged into the main libseccomp repository. When +sending patches to the mailing list it is important to send your email in text +form, no HTML mail please, and ensure that your email client does not mangle +your patches. It should be possible to save your raw email to disk and apply +it directly to the libseccomp source code; if that fails then you likely have +a problem with your email client. When in doubt try a test first by sending +yourself an email with your patch and attempting to apply the emailed patch to +the libseccomp repository; if it fails for you, it will fail for the rest of +us trying to test your patch and include it in the main libseccomp repository. diff -Nru libseccomp-2.3.1/CREDITS libseccomp-2.4.1/CREDITS --- libseccomp-2.3.1/CREDITS 2016-02-25 19:25:40.362271219 +0000 +++ libseccomp-2.4.1/CREDITS 2019-03-12 22:11:03.926800190 +0000 @@ -1,5 +1,5 @@ libseccomp: Contributors -=============================================================================== +======================================================================== https://github.com/seccomp/libseccomp Andrew Jones @@ -9,14 +9,23 @@ Brian Cain Colin Walters Corey Bryant +David Drysdale Eduardo Otubo Eric Paris +Felix Abecassis Heiko Carstens +Helge Deller Jake Edge +James Cowgill Jan Engelhardt Jan Willeke +Jay Guo +Jiannan Guo Joe MacDonald +Justin Cormack Kees Cook +Kyle R. Conway +Luca Bruno Marcin Juszkiewicz Marcus Meissner Markos Chandras @@ -27,5 +36,11 @@ Paul Moore Serge Hallyn Thiago Marcos P. Santos +Tobias Klauser +Tom Hromatka +Tycho Andersen +Tyler Hicks +valoq Vicente Olivert Riera Vitaly Vi Shukela +Vladimir Rutsky diff -Nru libseccomp-2.3.1/debian/changelog libseccomp-2.4.1/debian/changelog --- libseccomp-2.3.1/debian/changelog 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/changelog 2019-05-03 20:09:03.000000000 +0000 @@ -1,3 +1,19 @@ +libseccomp (2.4.1-0ubuntu0.18.04.2) bionic-security; urgency=medium + + [ Marc Deslauriers ] + * Updated to new upstream 2.4.1 version to fix security issue. + - CVE-2019-9893 + * debian/patches/*: removed, all included in new version. + * debian/control: add valgrind to Build-Depends to get more unit tests. + * debian/libseccomp2.symbols: added new symbols. + * debian/docs: removed, new version doesn't have README file. + + [ Jamie Strandboge ] + * db-properly-reset-attribute-state.patch: db: properly reset the attribute + state in db_col_reset() + + -- Jamie Strandboge Fri, 03 May 2019 20:09:03 +0000 + libseccomp (2.3.1-2.1ubuntu4.1) bionic; urgency=medium * d/p/lp-1755250-add-the-statx-syscall.patch: add statx support (LP: #1755250) diff -Nru libseccomp-2.3.1/debian/control libseccomp-2.4.1/debian/control --- libseccomp-2.3.1/debian/control 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/control 2019-03-21 18:20:36.000000000 +0000 @@ -4,7 +4,7 @@ Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Kees Cook Uploaders: Luca Bruno -Build-Depends: debhelper (>= 9), dh-autoreconf, linux-libc-dev +Build-Depends: debhelper (>= 9), dh-autoreconf, linux-libc-dev, valgrind Standards-Version: 3.9.7 Homepage: https://github.com/seccomp/libseccomp Vcs-Git: https://anonscm.debian.org/git/collab-maint/libseccomp.git diff -Nru libseccomp-2.3.1/debian/docs libseccomp-2.4.1/debian/docs --- libseccomp-2.3.1/debian/docs 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/docs 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -README diff -Nru libseccomp-2.3.1/debian/libseccomp2.symbols libseccomp-2.4.1/debian/libseccomp2.symbols --- libseccomp-2.3.1/debian/libseccomp2.symbols 2018-06-21 08:34:54.000000000 +0000 +++ libseccomp-2.4.1/debian/libseccomp2.symbols 2019-03-21 18:20:48.000000000 +0000 @@ -1,5 +1,7 @@ libseccomp.so.2 libseccomp2 #MINVER# * Build-Depends-Package: libseccomp-dev + seccomp_api_get@Base 2.4.0 + seccomp_api_set@Base 2.4.0 seccomp_attr_get@Base 0.0.0~20120605 seccomp_attr_set@Base 0.0.0~20120605 seccomp_export_bpf@Base 0.0.0~20120605 diff -Nru libseccomp-2.3.1/debian/patches/28-parisc_support.patch libseccomp-2.4.1/debian/patches/28-parisc_support.patch --- libseccomp-2.3.1/debian/patches/28-parisc_support.patch 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/28-parisc_support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,982 +0,0 @@ -From c86e1f565537b28b73ebd63f0239b4a446925534 Mon Sep 17 00:00:00 2001 -From: Helge Deller -Date: Wed, 25 May 2016 16:53:39 +0200 -Subject: [PATCH] arch: Add parisc architecture support - -This patch (v4) adds support for the parisc and parisc64 architectures -to libseccomp. - -I didn't split up the patch, because it's pretty trivial. -Those parisc-specific files gets added: - src/arch-parisc-syscalls.c - src/arch-parisc.c - src/arch-parisc.h - src/arch-parisc64.c - -All other changes are trivial because they simply add parisc-specific -case statements in variouse switch statements. - -I did ran a "make check" on x86-64 and parisc and all testcases succeeded. -All live testcases succeed as well when running "./regression -T live". - -The patch applies cleanly to current libseccomp git head. - -Changes between v4 and v3 of this patch: -- Added parisc arch to arch-syscall-check.c and fixup syscall table as - needed -- Fixed copyright notices in parisc files as suggested by Mike Frysinger - -Changes between v3 and v2 of this patch: -- Stripped out patch which reports if a check was skipped because - valgrind isn't installed. -- Added tuxcall pseudo syscall for 19-sim-missing_syscalls testcase -- Added sysmips pseudo syscall for 29-sim-pseudo_syscall testcase - -Changes between v2 and v1 of this patch: -- Enabled seccomp mode 2 regression tests on parisc. Kernel support for - hppa was added in kernel 4.6-rc1 and backported into the kernel v4.5.2 - stable series. - -Signed-off-by: Helge Deller -[PM: corrected a number or errors from 'make check-syntax'] -Signed-off-by: Paul Moore ---- - include/seccomp.h.in | 6 + - src/Makefile.am | 2 + - src/arch-parisc-syscalls.c | 499 ++++++++++++++++++++++++++++++++++++++ - src/arch-parisc.c | 22 ++ - src/arch-parisc.h | 38 +++ - src/arch-parisc64.c | 22 ++ - src/arch-syscall-check.c | 11 + - src/arch-syscall-dump.c | 5 + - src/arch.c | 13 + - src/gen_pfc.c | 4 + - src/python/libseccomp.pxd | 2 + - src/python/seccomp.pyx | 8 + - tests/26-sim-arch_all_be_basic.c | 6 + - tests/26-sim-arch_all_be_basic.py | 2 + - tests/regression | 3 +- - tools/scmp_arch_detect.c | 6 + - tools/scmp_bpf_sim.c | 4 + - tools/util.c | 4 + - 18 files changed, 656 insertions(+), 1 deletion(-) - create mode 100644 src/arch-parisc-syscalls.c - create mode 100644 src/arch-parisc.c - create mode 100644 src/arch-parisc.h - create mode 100644 src/arch-parisc64.c - -Index: libseccomp/include/seccomp.h.in -=================================================================== ---- libseccomp.orig/include/seccomp.h.in 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/include/seccomp.h.in 2016-05-28 19:57:02.038592653 +0200 -@@ -185,6 +185,12 @@ - #define SCMP_ARCH_S390X AUDIT_ARCH_S390X - - /** -+ * The PA-RISC hppa architecture tokens -+ */ -+#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC -+#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64 -+ -+/** - * Convert a syscall name into the associated syscall number - * @param x the syscall name - */ -Index: libseccomp/src/Makefile.am -=================================================================== ---- libseccomp.orig/src/Makefile.am 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/Makefile.am 2016-05-28 19:57:02.038592653 +0200 -@@ -35,6 +35,8 @@ - arch-mips.h arch-mips.c arch-mips-syscalls.c \ - arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \ - arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \ -+ arch-parisc.h arch-parisc.c arch-parisc-syscalls.c \ -+ arch-parisc64.h arch-parisc64.c \ - arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \ - arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \ - arch-s390.h arch-s390.c arch-s390-syscalls.c \ -Index: libseccomp/src/arch-parisc-syscalls.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ libseccomp/src/arch-parisc-syscalls.c 2016-05-28 19:57:02.042592678 +0200 -@@ -0,0 +1,499 @@ -+/* -+ * Copyright (c) 2016 Helge Deller -+ * Author: Helge Deller -+ */ -+ -+#include -+ -+#include -+ -+#include "arch.h" -+#include "arch-parisc.h" -+ -+/* NOTE: based on Linux 4.5-rc4 */ -+const struct arch_syscall_def parisc_syscall_table[] = { \ -+ { "_llseek", 140 }, -+ { "_newselect", 142 }, -+ { "_sysctl", 149 }, -+ { "accept", 35 }, -+ { "accept4", 320 }, -+ { "access", 33 }, -+ { "acct", 51 }, -+ { "add_key", 264 }, -+ { "adjtimex", 124 }, -+ { "afs_syscall", 137 }, -+ { "alarm", 27 }, -+ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, -+ { "arm_sync_file_range", __PNR_arm_sync_file_range }, -+ { "arch_prctl", __PNR_arch_prctl }, -+ { "bdflush", 134 }, -+ { "bind", 22 }, -+ { "bpf", 341 }, -+ { "break", __PNR_break }, -+ { "breakpoint", __PNR_breakpoint }, -+ { "brk", 45 }, -+ { "cachectl", __PNR_cachectl }, -+ { "cacheflush", __PNR_cacheflush }, -+ { "capget", 106 }, -+ { "capset", 107 }, -+ { "chdir", 12 }, -+ { "chmod", 15 }, -+ { "chown", 180 }, -+ { "chown32", __PNR_chown32 }, -+ { "chroot", 61 }, -+ { "clock_adjtime", 324 }, -+ { "clock_getres", 257 }, -+ { "clock_gettime", 256 }, -+ { "clock_nanosleep", 258 }, -+ { "clock_settime", 255 }, -+ { "clone", 120 }, -+ { "close", 6 }, -+ { "connect", 31 }, -+ { "copy_file_range", 346 }, -+ { "creat", 8 }, -+ { "create_module", 127 }, -+ { "delete_module", 129 }, -+ { "dup", 41 }, -+ { "dup2", 63 }, -+ { "dup3", 312 }, -+ { "epoll_create", 224 }, -+ { "epoll_create1", 311 }, -+ { "epoll_ctl", 225 }, -+ { "epoll_ctl_old", __PNR_epoll_ctl_old }, -+ { "epoll_pwait", 297 }, -+ { "epoll_wait", 226 }, -+ { "epoll_wait_old", __PNR_epoll_wait_old }, -+ { "eventfd", 304 }, -+ { "eventfd2", 310 }, -+ { "execve", 11 }, -+ { "execveat", 342 }, -+ { "exit", 1 }, -+ { "exit_group", 222 }, -+ { "faccessat", 287 }, -+ { "fadvise64", __PNR_fadvise64 }, -+ { "fadvise64_64", 236 }, -+ { "fallocate", 305 }, -+ { "fanotify_init", 322 }, -+ { "fanotify_mark", 323 }, -+ { "fchdir", 133 }, -+ { "fchmod", 94 }, -+ { "fchmodat", 286 }, -+ { "fchown", 95 }, -+ { "fchown32", __PNR_fchown32 }, -+ { "fchownat", 278 }, -+ { "fcntl", 55 }, -+ { "fcntl64", 202 }, -+ { "fdatasync", 148 }, -+ { "fgetxattr", 243 }, -+ { "finit_module", 333 }, -+ { "flistxattr", 246 }, -+ { "flock", 143 }, -+ { "fork", 2 }, -+ { "fremovexattr", 249 }, -+ { "fsetxattr", 240 }, -+ { "fstat", 28 }, -+ { "fstat64", 112 }, -+ { "fstatat64", 280 }, -+ { "fstatfs", 100 }, -+ { "fstatfs64", 299 }, -+ { "fsync", 118 }, -+ { "ftime", __PNR_ftime }, -+ { "ftruncate", 93 }, -+ { "ftruncate64", 200 }, -+ { "futex", 210 }, -+ { "futimesat", 279 }, -+ { "get_kernel_syms", 130 }, -+ { "get_mempolicy", 261 }, -+ { "get_robust_list", 290 }, -+ { "get_thread_area", 214 }, -+ { "getcpu", 296 }, -+ { "getcwd", 110 }, -+ { "getdents", 141 }, -+ { "getdents64", 201 }, -+ { "getegid", 50 }, -+ { "getegid32", __PNR_getegid32 }, -+ { "geteuid", 49 }, -+ { "geteuid32", __PNR_geteuid32 }, -+ { "getgid", 47 }, -+ { "getgid32", __PNR_getgid32 }, -+ { "getgroups", 80 }, -+ { "getgroups32", __PNR_getgroups32 }, -+ { "getitimer", 105 }, -+ { "getpeername", 53 }, -+ { "getpgid", 132 }, -+ { "getpgrp", 65 }, -+ { "getpid", 20 }, -+ { "getpmsg", 196 }, -+ { "getppid", 64 }, -+ { "getpriority", 96 }, -+ { "getrandom", 339 }, -+ { "getresgid", 171 }, -+ { "getresgid32", __PNR_getresgid32 }, -+ { "getresuid", 165 }, -+ { "getresuid32", __PNR_getresuid32 }, -+ { "getrlimit", 76 }, -+ { "getrusage", 77 }, -+ { "getsid", 147 }, -+ { "getsockname", 44 }, -+ { "getsockopt", 182 }, -+ { "gettid", 206 }, -+ { "gettimeofday", 78 }, -+ { "getuid", 24 }, -+ { "getuid32", __PNR_getuid32 }, -+ { "getxattr", 241 }, -+ { "gtty", __PNR_gtty }, -+ { "idle", __PNR_idle }, -+ { "init_module", 128 }, -+ { "inotify_add_watch", 270 }, -+ { "inotify_init", 269 }, -+ { "inotify_init1", 314 }, -+ { "inotify_rm_watch", 271 }, -+ { "io_cancel", 219 }, -+ { "io_destroy", 216 }, -+ { "io_getevents", 217 }, -+ { "io_setup", 215 }, -+ { "io_submit", 218 }, -+ { "ioctl", 54 }, -+ { "ioperm", __PNR_ioperm }, -+ { "iopl", __PNR_iopl }, -+ { "ioprio_get", 268 }, -+ { "ioprio_set", 267 }, -+ { "ipc", __PNR_ipc }, -+ { "kcmp", 332 }, -+ { "kexec_file_load", __PNR_kexec_file_load }, -+ { "kexec_load", 300 }, -+ { "keyctl", 266 }, -+ { "kill", 37 }, -+ { "lchown", 16 }, -+ { "lchown32", __PNR_lchown32 }, -+ { "lgetxattr", 242 }, -+ { "link", 9 }, -+ { "linkat", 283 }, -+ { "listen", 32 }, -+ { "listxattr", 244 }, -+ { "llistxattr", 245 }, -+ { "lock", __PNR_lock }, -+ { "lookup_dcookie", 223 }, -+ { "lremovexattr", 248 }, -+ { "lseek", 19 }, -+ { "lsetxattr", 239 }, -+ { "lstat", 84 }, -+ { "lstat64", 198 }, -+ { "madvise", 119 }, -+ { "mbind", 260 }, -+ { "membarrier", 343 }, -+ { "memfd_create", 340 }, -+ { "migrate_pages", 272 }, -+ { "mincore", 72 }, -+ { "mkdir", 39 }, -+ { "mkdirat", 276 }, -+ { "mknod", 14 }, -+ { "mknodat", 277 }, -+ { "mlock", 150 }, -+ { "mlock2", 345 }, -+ { "mlockall", 152 }, -+ { "mmap", 90 }, -+ { "mmap2", 89 }, -+ { "modify_ldt", __PNR_modify_ldt }, -+ { "mount", 21 }, -+ { "move_pages", 295 }, -+ { "mprotect", 125 }, -+ { "mpx", __PNR_mpx }, -+ { "mq_getsetattr", 234 }, -+ { "mq_notify", 233 }, -+ { "mq_open", 229 }, -+ { "mq_timedreceive", 232 }, -+ { "mq_timedsend", 231 }, -+ { "mq_unlink", 230 }, -+ { "mremap", 163 }, -+ { "msgctl", 191 }, -+ { "msgget", 190 }, -+ { "msgrcv", 189 }, -+ { "msgsnd", 188 }, -+ { "msync", 144 }, -+ { "multiplexer", __PNR_multiplexer }, -+ { "munlock", 151 }, -+ { "munlockall", 153 }, -+ { "munmap", 91 }, -+ { "name_to_handle_at", 325 }, -+ { "nanosleep", 162 }, -+ { "newfstatat", __PNR_newfstatat }, -+ { "nfsservctl", 169 }, -+ { "nice", 34 }, -+ { "oldfstat", __PNR_oldfstat }, -+ { "oldlstat", __PNR_oldlstat }, -+ { "oldolduname", __PNR_oldolduname }, -+ { "oldstat", __PNR_oldstat }, -+ { "olduname", __PNR_olduname }, -+ { "oldwait4", __PNR_oldwait4 }, -+ { "open", 5 }, -+ { "open_by_handle_at", 326 }, -+ { "openat", 275 }, -+ { "pause", 29 }, -+ { "pciconfig_iobase", __PNR_pciconfig_iobase }, -+ { "pciconfig_read", __PNR_pciconfig_read }, -+ { "pciconfig_write", __PNR_pciconfig_write }, -+ { "perf_event_open", 318 }, -+ { "personality", 136 }, -+ { "pipe", 42 }, -+ { "pipe2", 313 }, -+ { "pivot_root", 67 }, -+ { "poll", 168 }, -+ { "ppoll", 274 }, -+ { "prctl", 172 }, -+ { "pread64", 108 }, -+ { "preadv", 315 }, -+ { "prlimit64", 321 }, -+ { "process_vm_readv", 330 }, -+ { "process_vm_writev", 331 }, -+ { "prof", __PNR_prof }, -+ { "profil", __PNR_profil }, -+ { "pselect6", 273 }, -+ { "ptrace", 26 }, -+ { "putpmsg", 197 }, -+ { "pwrite64", 109 }, -+ { "pwritev", 316 }, -+ { "query_module", 167 }, -+ { "quotactl", 131 }, -+ { "read", 3 }, -+ { "readahead", 207 }, -+ { "readdir", __PNR_readdir }, -+ { "readlink", 85 }, -+ { "readlinkat", 285 }, -+ { "readv", 145 }, -+ { "reboot", 88 }, -+ { "recv", 98 }, -+ { "recvfrom", 123 }, -+ { "recvmmsg", 319 }, -+ { "recvmsg", 184 }, -+ { "remap_file_pages", 227 }, -+ { "removexattr", 247 }, -+ { "rename", 38 }, -+ { "renameat", 282 }, -+ { "renameat2", 337 }, -+ { "request_key", 265 }, -+ { "restart_syscall", 0 }, -+ { "rmdir", 40 }, -+ { "rt_sigaction", 174 }, -+ { "rt_sigpending", 176 }, -+ { "rt_sigprocmask", 175 }, -+ { "rt_sigqueueinfo", 178 }, -+ { "rt_sigreturn", 173 }, -+ { "rt_sigsuspend", 179 }, -+ { "rt_sigtimedwait", 177 }, -+ { "rt_tgsigqueueinfo", 317 }, -+ { "rtas", __PNR_rtas }, -+ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, -+ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, -+ { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "sched_get_priority_max", 159 }, -+ { "sched_get_priority_min", 160 }, -+ { "sched_getaffinity", 212 }, -+ { "sched_getattr", 335 }, -+ { "sched_getparam", 155 }, -+ { "sched_getscheduler", 157 }, -+ { "sched_rr_get_interval", 161 }, -+ { "sched_setaffinity", 211 }, -+ { "sched_setattr", 334 }, -+ { "sched_setparam", 154 }, -+ { "sched_setscheduler", 156 }, -+ { "sched_yield", 158 }, -+ { "seccomp", 338 }, -+ { "security", __PNR_security }, -+ { "select", __PNR_select }, -+ { "semctl", 187 }, -+ { "semget", 186 }, -+ { "semop", 185 }, -+ { "semtimedop", 228 }, -+ { "send", 58 }, -+ { "sendfile", 122 }, -+ { "sendfile64", 209 }, -+ { "sendmmsg", 329 }, -+ { "sendmsg", 183 }, -+ { "sendto", 82 }, -+ { "set_mempolicy", 262 }, -+ { "set_robust_list", 289 }, -+ { "set_thread_area", 213 }, -+ { "set_tid_address", 237 }, -+ { "set_tls", __PNR_set_tls }, -+ { "setdomainname", 121 }, -+ { "setfsgid", 139 }, -+ { "setfsgid32", __PNR_setfsgid32 }, -+ { "setfsuid", 138 }, -+ { "setfsuid32", __PNR_setfsuid32 }, -+ { "setgid", 46 }, -+ { "setgid32", __PNR_setgid32 }, -+ { "setgroups", 81 }, -+ { "setgroups32", __PNR_setgroups32}, -+ { "sethostname", 74 }, -+ { "setitimer", 104 }, -+ { "setns", 328 }, -+ { "setpgid", 57 }, -+ { "setpriority", 97 }, -+ { "setregid", 71 }, -+ { "setregid32", __PNR_setregid32 }, -+ { "setresgid", 170 }, -+ { "setresgid32", __PNR_setresgid32 }, -+ { "setresuid", 164 }, -+ { "setresuid32", __PNR_setresuid32 }, -+ { "setreuid", 70 }, -+ { "setreuid32", __PNR_setreuid32 }, -+ { "setrlimit", 75 }, -+ { "setsid", 66 }, -+ { "setsockopt", 181 }, -+ { "settimeofday", 79 }, -+ { "setuid", 23 }, -+ { "setuid32", __PNR_setuid32 }, -+ { "setxattr", 238 }, -+ { "sgetmask", 68 }, -+ { "shmat", 192 }, -+ { "shmctl", 195 }, -+ { "shmdt", 193 }, -+ { "shmget", 194 }, -+ { "shutdown", 117 }, -+ { "sigaction", __PNR_sigaction }, -+ { "sigaltstack", 166 }, -+ { "signal", 48 }, -+ { "signalfd", 302 }, -+ { "signalfd4", 309 }, -+ { "sigpending", 73 }, -+ { "sigprocmask", 126 }, -+ { "sigreturn", __PNR_sigreturn }, -+ { "sigsuspend", __PNR_sigsuspend }, -+ { "socket", 17 }, -+ { "socketcall", __PNR_socketcall }, -+ { "socketpair", 56 }, -+ { "splice", 291 }, -+ { "spu_create", __PNR_spu_create }, -+ { "spu_run", __PNR_spu_run }, -+ { "ssetmask", 69 }, -+ { "stat", 18 }, -+ { "stat64", 101 }, -+ { "statfs", 99 }, -+ { "statfs64", 298 }, -+ { "stime", 25 }, -+ { "stty", __PNR_stty }, -+ { "subpage_prot", __PNR_subpage_prot }, -+ { "swapcontext", __PNR_swapcontext }, -+ { "swapoff", 115 }, -+ { "swapon", 87 }, -+ { "switch_endian", __PNR_switch_endian }, -+ { "symlink", 83 }, -+ { "symlinkat", 284 }, -+ { "sync", 36 }, -+ { "sync_file_range", 292 }, -+ { "sync_file_range2", __PNR_sync_file_range2 }, -+ { "syncfs", 327 }, -+ { "syscall", __PNR_syscall }, -+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext }, -+ { "sysfs", 135 }, -+ { "sysinfo", 116 }, -+ { "syslog", 103 }, -+ { "sysmips", __PNR_sysmips }, -+ { "tee", 293 }, -+ { "tgkill", 259 }, -+ { "time", 13 }, -+ { "timer_create", 250 }, -+ { "timer_delete", 254 }, -+ { "timer_getoverrun", 253 }, -+ { "timer_gettime", 252 }, -+ { "timer_settime", 251 }, -+ { "timerfd", 303 }, -+ { "timerfd_create", 306 }, -+ { "timerfd_gettime", 308 }, -+ { "timerfd_settime", 307 }, -+ { "times", 43 }, -+ { "tkill", 208 }, -+ { "truncate", 92 }, -+ { "truncate64", 199 }, -+ { "tuxcall", __PNR_tuxcall }, -+ { "ugetrlimit", __PNR_ugetrlimit }, -+ { "ulimit", __PNR_ulimit }, -+ { "umask", 60 }, -+ { "umount", __PNR_umount }, -+ { "umount2", 52 }, -+ { "uname", 59 }, -+ { "unlink", 10 }, -+ { "unlinkat", 281 }, -+ { "unshare", 288 }, -+ { "uselib", 86 }, -+ { "userfaultfd", 344 }, -+ { "usr26", __PNR_usr26 }, -+ { "usr32", __PNR_usr32 }, -+ { "ustat", 62 }, -+ { "utime", 30 }, -+ { "utimensat", 301 }, -+ { "utimes", 336 }, -+ { "vfork", 113 }, -+ { "vhangup", 111 }, -+ { "vm86", __PNR_vm86 }, -+ { "vm86old", __PNR_vm86old }, -+ { "vmsplice", 294 }, -+ { "vserver", 263 }, -+ { "wait4", 114 }, -+ { "waitid", 235 }, -+ { "waitpid", 7 }, -+ { "write", 4 }, -+ { "writev", 146 }, -+ { NULL, __NR_SCMP_ERROR }, -+}; -+ -+/** -+ * Resolve a syscall name to a number -+ * @param name the syscall name -+ * -+ * Resolve the given syscall name to the syscall number using the syscall table. -+ * Returns the syscall number on success, including negative pseudo syscall -+ * numbers; returns __NR_SCMP_ERROR on failure. -+ * -+ */ -+int parisc_syscall_resolve_name(const char *name) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = parisc_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].name != NULL; iter++) { -+ if (strcmp(name, table[iter].name) == 0) -+ return table[iter].num; -+ } -+ -+ return __NR_SCMP_ERROR; -+} -+ -+/** -+ * Resolve a syscall number to a name -+ * @param num the syscall number -+ * -+ * Resolve the given syscall number to the syscall name using the syscall table. -+ * Returns a pointer to the syscall name string on success, including pseudo -+ * syscall names; returns NULL on failure. -+ * -+ */ -+const char *parisc_syscall_resolve_num(int num) -+{ -+ unsigned int iter; -+ const struct arch_syscall_def *table = parisc_syscall_table; -+ -+ /* XXX - plenty of room for future improvement here */ -+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { -+ if (num == table[iter].num) -+ return table[iter].name; -+ } -+ -+ return NULL; -+} -+ -+/** -+ * Iterate through the syscall table and return the syscall name -+ * @param spot the offset into the syscall table -+ * -+ * Return the syscall name at position @spot or NULL on failure. This function -+ * should only ever be used internally by libseccomp. -+ * -+ */ -+const char *parisc_syscall_iterate_name(unsigned int spot) -+{ -+ /* XXX - no safety checks here */ -+ return parisc_syscall_table[spot].name; -+} -Index: libseccomp/src/arch-parisc.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ libseccomp/src/arch-parisc.c 2016-05-28 19:57:02.042592678 +0200 -@@ -0,0 +1,22 @@ -+/* -+ * Copyright (c) 2016 Helge Deller -+ * Author: Helge Deller -+ */ -+ -+#include -+#include -+#include -+ -+#include "arch.h" -+#include "arch-parisc.h" -+ -+const struct arch_def arch_def_parisc = { -+ .token = SCMP_ARCH_PARISC, -+ .token_bpf = AUDIT_ARCH_PARISC, -+ .size = ARCH_SIZE_32, -+ .endian = ARCH_ENDIAN_BIG, -+ .syscall_resolve_name = parisc_syscall_resolve_name, -+ .syscall_resolve_num = parisc_syscall_resolve_num, -+ .syscall_rewrite = NULL, -+ .rule_add = NULL, -+}; -Index: libseccomp/src/arch-parisc.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ libseccomp/src/arch-parisc.h 2016-05-28 19:57:02.042592678 +0200 -@@ -0,0 +1,38 @@ -+/** -+ * Enhanced Seccomp PARISC Specific Code -+ * -+ * Copyright (c) 2016 Helge Deller -+ * -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#ifndef _ARCH_PARISC_H -+#define _ARCH_PARISC_H -+ -+#include -+ -+#include "arch.h" -+#include "system.h" -+ -+extern const struct arch_def arch_def_parisc; -+extern const struct arch_def arch_def_parisc64; -+ -+int parisc_syscall_resolve_name(const char *name); -+const char *parisc_syscall_resolve_num(int num); -+ -+const char *parisc_syscall_iterate_name(unsigned int spot); -+ -+#endif -Index: libseccomp/src/arch-parisc64.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ libseccomp/src/arch-parisc64.c 2016-05-28 19:57:02.042592678 +0200 -@@ -0,0 +1,22 @@ -+/* -+ * Copyright (c) 2016 Helge Deller -+ * Author: Helge Deller -+*/ -+ -+#include -+#include -+#include -+ -+#include "arch.h" -+#include "arch-parisc.h" -+ -+const struct arch_def arch_def_parisc64 = { -+ .token = SCMP_ARCH_PARISC64, -+ .token_bpf = AUDIT_ARCH_PARISC64, -+ .size = ARCH_SIZE_64, -+ .endian = ARCH_ENDIAN_BIG, -+ .syscall_resolve_name = parisc_syscall_resolve_name, -+ .syscall_resolve_num = parisc_syscall_resolve_num, -+ .syscall_rewrite = NULL, -+ .rule_add = NULL, -+}; -Index: libseccomp/src/arch-syscall-check.c -=================================================================== ---- libseccomp.orig/src/arch-syscall-check.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/arch-syscall-check.c 2016-05-28 19:57:02.042592678 +0200 -@@ -33,6 +33,7 @@ - #include "arch-mips.h" - #include "arch-mips64.h" - #include "arch-mips64n32.h" -+#include "arch-parisc.h" - #include "arch-ppc.h" - #include "arch-ppc64.h" - #include "arch-s390.h" -@@ -71,6 +72,7 @@ - int i_mips = 0; - int i_mips64 = 0; - int i_mips64n32 = 0; -+ int i_parisc = 0; - int i_ppc = 0; - int i_ppc64 = 0; - int i_s390 = 0; -@@ -101,6 +103,8 @@ - mips64_syscall_iterate_name(i_mips64)); - syscall_check(str_miss, sys_name, "mips64n32", - mips64n32_syscall_iterate_name(i_mips64n32)); -+ syscall_check(str_miss, sys_name, "parisc", -+ parisc_syscall_iterate_name(i_parisc)); - syscall_check(str_miss, sys_name, "ppc", - ppc_syscall_iterate_name(i_ppc)); - syscall_check(str_miss, sys_name, "ppc64", -@@ -135,6 +139,8 @@ - i_mips64 = -1; - if (!mips64n32_syscall_iterate_name(++i_mips64n32)) - i_mips64n32 = -1; -+ if (!parisc_syscall_iterate_name(++i_parisc)) -+ i_parisc = -1; - if (!ppc_syscall_iterate_name(++i_ppc)) - i_ppc = -1; - if (!ppc64_syscall_iterate_name(++i_ppc64)) -@@ -146,6 +152,7 @@ - } while (i_x86_64 >= 0 && i_x32 >= 0 && - i_arm >= 0 && i_aarch64 >= 0 && - i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 && -+ i_parisc >= 0 && - i_ppc >= 0 && i_ppc64 >= 0 && - i_s390 >= 0 && i_s390x >= 0); - -@@ -190,6 +197,10 @@ - mips64n32_syscall_iterate_name(i_mips64n32)); - return 1; - } -+ if (i_parisc >= 0) { -+ printf("%s: ERROR, parisc has additional syscalls\n", -+ parisc_syscall_iterate_name(i_parisc)); -+ } - if (i_ppc >= 0) { - printf("%s: ERROR, ppc has additional syscalls\n", - ppc_syscall_iterate_name(i_ppc)); -Index: libseccomp/src/arch-syscall-dump.c -=================================================================== ---- libseccomp.orig/src/arch-syscall-dump.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/arch-syscall-dump.c 2016-05-28 19:57:02.042592678 +0200 -@@ -38,6 +38,7 @@ - #include "arch-mips64.h" - #include "arch-mips64n32.h" - #include "arch-aarch64.h" -+#include "arch-parisc.h" - #include "arch-ppc.h" - #include "arch-ppc64.h" - #include "arch-s390.h" -@@ -116,6 +117,10 @@ - case SCMP_ARCH_MIPSEL64N32: - sys_name = mips64n32_syscall_iterate_name(iter); - break; -+ case SCMP_ARCH_PARISC: -+ case SCMP_ARCH_PARISC64: -+ sys_name = parisc_syscall_iterate_name(iter); -+ break; - case SCMP_ARCH_PPC: - sys_name = ppc_syscall_iterate_name(iter); - break; -Index: libseccomp/src/arch.c -=================================================================== ---- libseccomp.orig/src/arch.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/arch.c 2016-05-28 19:57:02.042592678 +0200 -@@ -38,6 +38,7 @@ - #include "arch-mips.h" - #include "arch-mips64.h" - #include "arch-mips64n32.h" -+#include "arch-parisc.h" - #include "arch-ppc.h" - #include "arch-ppc64.h" - #include "arch-s390.h" -@@ -79,6 +80,10 @@ - #elif __MIPSEL__ - const struct arch_def *arch_def_native = &arch_def_mipsel64n32; - #endif /* _MIPS_SIM_NABI32 */ -+#elif __hppa64__ /* hppa64 must be checked before hppa */ -+const struct arch_def *arch_def_native = &arch_def_parisc64; -+#elif __hppa__ -+const struct arch_def *arch_def_native = &arch_def_parisc; - #elif __PPC64__ - #ifdef __BIG_ENDIAN__ - const struct arch_def *arch_def_native = &arch_def_ppc64; -@@ -139,6 +144,10 @@ - return &arch_def_mips64n32; - case SCMP_ARCH_MIPSEL64N32: - return &arch_def_mipsel64n32; -+ case SCMP_ARCH_PARISC: -+ return &arch_def_parisc; -+ case SCMP_ARCH_PARISC64: -+ return &arch_def_parisc64; - case SCMP_ARCH_PPC: - return &arch_def_ppc; - case SCMP_ARCH_PPC64: -@@ -185,6 +194,10 @@ - return &arch_def_mips64n32; - else if (strcmp(arch_name, "mipsel64n32") == 0) - return &arch_def_mipsel64n32; -+ else if (strcmp(arch_name, "parisc64") == 0) -+ return &arch_def_parisc64; -+ else if (strcmp(arch_name, "parisc") == 0) -+ return &arch_def_parisc; - else if (strcmp(arch_name, "ppc") == 0) - return &arch_def_ppc; - else if (strcmp(arch_name, "ppc64") == 0) -Index: libseccomp/src/gen_pfc.c -=================================================================== ---- libseccomp.orig/src/gen_pfc.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/gen_pfc.c 2016-05-28 19:57:02.042592678 +0200 -@@ -71,6 +71,10 @@ - return "mips64n32"; - case SCMP_ARCH_MIPSEL64N32: - return "mipsel64n32"; -+ case SCMP_ARCH_PARISC: -+ return "parisc"; -+ case SCMP_ARCH_PARISC64: -+ return "parisc64"; - case SCMP_ARCH_PPC64: - return "ppc64"; - case SCMP_ARCH_PPC64LE: -Index: libseccomp/src/python/libseccomp.pxd -=================================================================== ---- libseccomp.orig/src/python/libseccomp.pxd 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/python/libseccomp.pxd 2016-05-28 19:57:02.042592678 +0200 -@@ -43,6 +43,8 @@ - SCMP_ARCH_MIPSEL - SCMP_ARCH_MIPSEL64 - SCMP_ARCH_MIPSEL64N32 -+ SCMP_ARCH_PARISC -+ SCMP_ARCH_PARISC64 - SCMP_ARCH_PPC - SCMP_ARCH_PPC64 - SCMP_ARCH_PPC64LE -Index: libseccomp/src/python/seccomp.pyx -=================================================================== ---- libseccomp.orig/src/python/seccomp.pyx 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/src/python/seccomp.pyx 2016-05-28 19:57:02.042592678 +0200 -@@ -147,6 +147,8 @@ - MIPSEL - MIPS little endian O32 ABI - MIPSEL64 - MIPS little endian 64-bit ABI - MIPSEL64N32 - MIPS little endian N32 ABI -+ PARISC - 32-bit PA-RISC -+ PARISC64 - 64-bit PA-RISC - PPC64 - 64-bit PowerPC - PPC - 32-bit PowerPC - """ -@@ -165,6 +167,8 @@ - MIPSEL = libseccomp.SCMP_ARCH_MIPSEL - MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64 - MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32 -+ PARISC = libseccomp.SCMP_ARCH_PARISC -+ PARISC64 = libseccomp.SCMP_ARCH_PARISC64 - PPC = libseccomp.SCMP_ARCH_PPC - PPC64 = libseccomp.SCMP_ARCH_PPC64 - PPC64LE = libseccomp.SCMP_ARCH_PPC64LE -@@ -205,6 +209,10 @@ - self._token = libseccomp.SCMP_ARCH_MIPSEL64 - elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32: - self._token = libseccomp.SCMP_ARCH_MIPSEL64N32 -+ elif arch == libseccomp.SCMP_ARCH_PARISC: -+ self._token = libseccomp.SCMP_ARCH_PARISC -+ elif arch == libseccomp.SCMP_ARCH_PARISC64: -+ self._token = libseccomp.SCMP_ARCH_PARISC64 - elif arch == libseccomp.SCMP_ARCH_PPC: - self._token = libseccomp.SCMP_ARCH_PPC - elif arch == libseccomp.SCMP_ARCH_PPC64: -Index: libseccomp/tests/26-sim-arch_all_be_basic.c -=================================================================== ---- libseccomp.orig/tests/26-sim-arch_all_be_basic.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/tests/26-sim-arch_all_be_basic.c 2016-05-28 19:57:02.042592678 +0200 -@@ -52,6 +52,12 @@ - rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); - if (rc != 0) - goto out; -+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc")); -+ if (rc != 0) -+ goto out; -+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc64")); -+ if (rc != 0) -+ goto out; - rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc")); - if (rc != 0) - goto out; -Index: libseccomp/tests/26-sim-arch_all_be_basic.py -=================================================================== ---- libseccomp.orig/tests/26-sim-arch_all_be_basic.py 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/tests/26-sim-arch_all_be_basic.py 2016-05-28 19:57:02.046592702 +0200 -@@ -33,6 +33,8 @@ - f.add_arch(Arch("mips")) - f.add_arch(Arch("mips64")) - f.add_arch(Arch("mips64n32")) -+ f.add_arch(Arch("parisc")) -+ f.add_arch(Arch("parisc64")) - f.add_arch(Arch("ppc")) - f.add_arch(Arch("ppc64")) - f.add_arch(Arch("s390")) -Index: libseccomp/tests/regression -=================================================================== ---- libseccomp.orig/tests/regression 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/tests/regression 2016-05-28 19:57:02.046592702 +0200 -@@ -28,6 +28,7 @@ - ppc64le" - GLBL_ARCH_BE_SUPPORT=" \ - mips mips64 mips64n32 \ -+ parisc parisc64 \ - ppc ppc64 \ - s390 s390x" - -@@ -701,7 +702,7 @@ - - # setup the arch specific return values - case "$arch" in -- x86|x86_64|x32|arm|aarch64|ppc|ppc64|ppc64le|ppc|s390|s390x) -+ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x) - rc_kill=159 - rc_allow=160 - rc_trap=161 -Index: libseccomp/tools/scmp_arch_detect.c -=================================================================== ---- libseccomp.orig/tools/scmp_arch_detect.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/tools/scmp_arch_detect.c 2016-05-28 19:57:02.046592702 +0200 -@@ -99,6 +99,12 @@ - case SCMP_ARCH_MIPSEL64N32: - printf("mipsel64n32\n"); - break; -+ case SCMP_ARCH_PARISC: -+ printf("parisc\n"); -+ break; -+ case SCMP_ARCH_PARISC64: -+ printf("parisc64\n"); -+ break; - case SCMP_ARCH_PPC: - printf("ppc\n"); - break; -Index: libseccomp/tools/scmp_bpf_sim.c -=================================================================== ---- libseccomp.orig/tools/scmp_bpf_sim.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/tools/scmp_bpf_sim.c 2016-05-28 19:57:02.046592702 +0200 -@@ -265,6 +265,10 @@ - arch = AUDIT_ARCH_MIPS64N32; - else if (strcmp(optarg, "mipsel64n32") == 0) - arch = AUDIT_ARCH_MIPSEL64N32; -+ else if (strcmp(optarg, "parisc") == 0) -+ arch = AUDIT_ARCH_PARISC; -+ else if (strcmp(optarg, "parisc64") == 0) -+ arch = AUDIT_ARCH_PARISC64; - else if (strcmp(optarg, "ppc") == 0) - arch = AUDIT_ARCH_PPC; - else if (strcmp(optarg, "ppc64") == 0) -Index: libseccomp/tools/util.c -=================================================================== ---- libseccomp.orig/tools/util.c 2016-05-28 19:57:02.050592727 +0200 -+++ libseccomp/tools/util.c 2016-05-28 19:57:02.046592702 +0200 -@@ -62,6 +62,10 @@ - #elif __MIPSEL__ - #define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32 - #endif /* _MIPS_SIM_NABI32 */ -+#elif __hppa64__ -+#define ARCH_NATIVE AUDIT_ARCH_PARISC64 -+#elif __hppa__ -+#define ARCH_NATIVE AUDIT_ARCH_PARISC - #elif __PPC64__ - #ifdef __BIG_ENDIAN__ - #define ARCH_NATIVE AUDIT_ARCH_PPC64 diff -Nru libseccomp-2.3.1/debian/patches/add-log-action.patch libseccomp-2.4.1/debian/patches/add-log-action.patch --- libseccomp-2.3.1/debian/patches/add-log-action.patch 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/add-log-action.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,237 +0,0 @@ -Subject: Add action to allow but log a syscall - This is a minimal backport of a larger pull request to support one of the new - dynamic seccomp logging features that will be present in Linux kernel version - 4.14. Specifically, this backport only adds support for the SECCOMP_RET_LOG - action since the remainder of the pull request is still undergoing review and - some public symbols may change by the time the pull request is finalized. - . - This patch only adds one new libseccomp public symbol. The new symbol is the - SCMP_ACT_LOG macro which, by definition, must have the same value as the - SECCOMP_RET_LOG macro that has already been acked as part of the upstream - kernel. -Author: Tyler Hicks -Origin: other, https://github.com/seccomp/libseccomp/pull/92/commits/e7addf0247162ef4098a0e09c580db81105f8e13 -Origin: other, https://github.com/seccomp/libseccomp/pull/92/commits/fef1077d112de46b96d1347a11da45a14ab0e1d0 -Forwarded: https://github.com/seccomp/libseccomp/pull/92 -Bug-Ubuntu: https://launchpad.net/bugs/1567597 - -Index: libseccomp-2.3.1/src/system.c -=================================================================== ---- libseccomp-2.3.1.orig/src/system.c -+++ libseccomp-2.3.1/src/system.c -@@ -98,6 +98,23 @@ supported: - } - - /** -+ * Check to see if a seccomp action is supported -+ * @param action the seccomp action -+ * -+ * This function checks to see if a seccomp action is supported by the system. -+ * Returns one if the action is supported, zero otherwise. -+ * -+ */ -+int sys_chk_seccomp_action(uint32_t action) -+{ -+ if (sys_chk_seccomp_syscall() == 1 && -+ syscall(_nr_seccomp, SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) -+ return 1; -+ -+ return 0; -+} -+ -+/** - * Check to see if a seccomp() flag is supported - * @param flag the seccomp() flag - * -Index: libseccomp-2.3.1/src/system.h -=================================================================== ---- libseccomp-2.3.1.orig/src/system.h -+++ libseccomp-2.3.1/src/system.h -@@ -102,13 +102,21 @@ typedef struct sock_filter bpf_instr_raw - #ifndef SECCOMP_SET_MODE_FILTER - #define SECCOMP_SET_MODE_FILTER 1 - #endif -+#ifndef SECCOMP_GET_ACTION_AVAIL -+#define SECCOMP_GET_ACTION_AVAIL 2 -+#endif - - /* flags for the seccomp() syscall */ - #ifndef SECCOMP_FILTER_FLAG_TSYNC - #define SECCOMP_FILTER_FLAG_TSYNC 1 - #endif - -+#ifndef SECCOMP_RET_LOG -+#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */ -+#endif -+ - int sys_chk_seccomp_syscall(void); -+int sys_chk_seccomp_action(uint32_t action); - int sys_chk_seccomp_flag(int flag); - - int sys_filter_load(const struct db_filter_col *col); -Index: libseccomp-2.3.1/doc/man/man3/seccomp_init.3 -=================================================================== ---- libseccomp-2.3.1.orig/doc/man/man3/seccomp_init.3 -+++ libseccomp-2.3.1/doc/man/man3/seccomp_init.3 -@@ -79,6 +79,11 @@ can be retrieved using the - .B PTRACE_GETEVENTMSG - option. - .TP -+.B SCMP_ACT_LOG -+The seccomp filter will have no effect on the thread calling the syscall if it -+does not match any of the configured seccomp filter rules but the syscall will -+be logged. -+.TP - .B SCMP_ACT_ALLOW - The seccomp filter will have no effect on the thread calling the syscall if it - does not match any of the configured seccomp filter rules. -Index: libseccomp-2.3.1/doc/man/man3/seccomp_rule_add.3 -=================================================================== ---- libseccomp-2.3.1.orig/doc/man/man3/seccomp_rule_add.3 -+++ libseccomp-2.3.1/doc/man/man3/seccomp_rule_add.3 -@@ -126,6 +126,10 @@ can be retrieved using the - .B PTRACE_GETEVENTMSG - option. - .TP -+.B SCMP_ACT_LOG -+The seccomp filter will have no effect on the thread calling the syscall if it -+matches the filter rule but the syscall will be logged. -+.TP - .B SCMP_ACT_ALLOW - The seccomp filter will have no effect on the thread calling the syscall if it - does not match any of the configured seccomp filter rules. -Index: libseccomp-2.3.1/include/seccomp.h.in -=================================================================== ---- libseccomp-2.3.1.orig/include/seccomp.h.in -+++ libseccomp-2.3.1/include/seccomp.h.in -@@ -256,6 +256,10 @@ struct scmp_arg_cmp { - */ - #define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU)) - /** -+ * Allow the syscall to be executed after the action has been logged -+ */ -+#define SCMP_ACT_LOG 0x7ffc0000U -+/** - * Allow the syscall to be executed - */ - #define SCMP_ACT_ALLOW 0x7fff0000U -Index: libseccomp-2.3.1/src/db.c -=================================================================== ---- libseccomp-2.3.1.orig/src/db.c -+++ libseccomp-2.3.1/src/db.c -@@ -652,7 +652,10 @@ int db_action_valid(uint32_t action) - return 0; - else if (action == SCMP_ACT_TRACE(action & 0x0000ffff)) - return 0; -- else if (action == SCMP_ACT_ALLOW) -+ else if (action == SCMP_ACT_LOG) { -+ if (sys_chk_seccomp_action(action) == 1) -+ return 0; -+ } else if (action == SCMP_ACT_ALLOW) - return 0; - - return -EINVAL; -Index: libseccomp-2.3.1/src/gen_pfc.c -=================================================================== ---- libseccomp-2.3.1.orig/src/gen_pfc.c -+++ libseccomp-2.3.1/src/gen_pfc.c -@@ -129,6 +129,9 @@ static void _pfc_action(FILE *fds, uint3 - case SCMP_ACT_TRACE(0): - fprintf(fds, "action TRACE(%u);\n", (action & 0x0000ffff)); - break; -+ case SCMP_ACT_LOG: -+ fprintf(fds, "action LOG;\n"); -+ break; - case SCMP_ACT_ALLOW: - fprintf(fds, "action ALLOW;\n"); - break; -Index: libseccomp-2.3.1/src/python/libseccomp.pxd -=================================================================== ---- libseccomp-2.3.1.orig/src/python/libseccomp.pxd -+++ libseccomp-2.3.1/src/python/libseccomp.pxd -@@ -69,6 +69,7 @@ cdef extern from "seccomp.h": - cdef enum: - SCMP_ACT_KILL - SCMP_ACT_TRAP -+ SCMP_ACT_LOG - SCMP_ACT_ALLOW - unsigned int SCMP_ACT_ERRNO(int errno) - unsigned int SCMP_ACT_TRACE(int value) -Index: libseccomp-2.3.1/src/python/seccomp.pyx -=================================================================== ---- libseccomp-2.3.1.orig/src/python/seccomp.pyx -+++ libseccomp-2.3.1/src/python/seccomp.pyx -@@ -30,6 +30,7 @@ by application developers. - - Filter action values: - KILL - kill the process -+ LOG - allow the syscall to be executed after the action has been logged - ALLOW - allow the syscall to execute - TRAP - a SIGSYS signal will be thrown - ERRNO(x) - syscall will return (x) -@@ -77,6 +78,7 @@ cimport libseccomp - - KILL = libseccomp.SCMP_ACT_KILL - TRAP = libseccomp.SCMP_ACT_TRAP -+LOG = libseccomp.SCMP_ACT_LOG - ALLOW = libseccomp.SCMP_ACT_ALLOW - def ERRNO(int errno): - """The action ERRNO(x) means that the syscall will return (x). -@@ -493,7 +495,7 @@ cdef class SyscallFilter: - """ Add a new rule to filter. - - Arguments: -- action - the rule action: KILL, TRAP, ERRNO(), TRACE(), or ALLOW -+ action - the rule action: KILL, TRAP, ERRNO(), TRACE(), LOG, or ALLOW - syscall - the syscall name or number - args - variable number of Arg objects - -@@ -575,7 +577,7 @@ cdef class SyscallFilter: - """ Add a new rule to filter. - - Arguments: -- action - the rule action: KILL, TRAP, ERRNO(), TRACE(), or ALLOW -+ action - the rule action: KILL, TRAP, ERRNO(), TRACE(), LOG, or ALLOW - syscall - the syscall name or number - args - variable number of Arg objects - -Index: libseccomp-2.3.1/tools/bpf.h -=================================================================== ---- libseccomp-2.3.1.orig/tools/bpf.h -+++ libseccomp-2.3.1/tools/bpf.h -@@ -64,6 +64,7 @@ typedef struct sock_filter bpf_instr_raw - #define SECCOMP_RET_TRAP 0x00030000U - #define SECCOMP_RET_ERRNO 0x00050000U - #define SECCOMP_RET_TRACE 0x7ff00000U -+#define SECCOMP_RET_LOG 0x7ffc0000U - #define SECCOMP_RET_ALLOW 0x7fff0000U - - /* bpf command classes */ -Index: libseccomp-2.3.1/tools/scmp_bpf_disasm.c -=================================================================== ---- libseccomp-2.3.1.orig/tools/scmp_bpf_disasm.c -+++ libseccomp-2.3.1/tools/scmp_bpf_disasm.c -@@ -183,6 +183,9 @@ static void bpf_decode_action(uint32_t k - case SECCOMP_RET_TRACE: - printf("TRACE(%u)", data); - break; -+ case SECCOMP_RET_LOG: -+ printf("LOG"); -+ break; - case SECCOMP_RET_ALLOW: - printf("ALLOW"); - break; -Index: libseccomp-2.3.1/tools/scmp_bpf_sim.c -=================================================================== ---- libseccomp-2.3.1.orig/tools/scmp_bpf_sim.c -+++ libseccomp-2.3.1/tools/scmp_bpf_sim.c -@@ -128,6 +128,9 @@ static void end_action(uint32_t action, - case SECCOMP_RET_TRACE: - fprintf(stdout, "TRACE(%u)\n", data); - break; -+ case SECCOMP_RET_LOG: -+ fprintf(stdout, "LOG\n"); -+ break; - case SECCOMP_RET_ALLOW: - fprintf(stdout, "ALLOW\n"); - break; diff -Nru libseccomp-2.3.1/debian/patches/db-properly-reset-attribute-state.patch libseccomp-2.4.1/debian/patches/db-properly-reset-attribute-state.patch --- libseccomp-2.3.1/debian/patches/db-properly-reset-attribute-state.patch 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/db-properly-reset-attribute-state.patch 2019-05-03 20:09:03.000000000 +0000 @@ -0,0 +1,23 @@ +Origin: backport, 3570b5cf9acbd1711d417e08ec608eea7b83d416 +From 3570b5cf9acbd1711d417e08ec608eea7b83d416 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Tue, 30 Apr 2019 16:33:06 -0400 +Subject: [PATCH] db: properly reset the attribute state in db_col_reset() + +Signed-off-by: Paul Moore +--- + src/db.c | 2 ++ + 1 file changed, 2 insertions(+) + +Index: libseccomp-2.4.1/src/db.c +=================================================================== +--- libseccomp-2.4.1.orig/src/db.c ++++ libseccomp-2.4.1/src/db.c +@@ -1063,6 +1063,7 @@ int db_col_reset(struct db_filter_col *c + col->attr.nnp_enable = 1; + col->attr.tsync_enable = 0; + col->attr.api_tskip = 0; ++ col->attr.log_enable = 0; + + /* set the state */ + col->state = _DB_STA_VALID; diff -Nru libseccomp-2.3.1/debian/patches/lp-1755250-add-the-statx-syscall.patch libseccomp-2.4.1/debian/patches/lp-1755250-add-the-statx-syscall.patch --- libseccomp-2.3.1/debian/patches/lp-1755250-add-the-statx-syscall.patch 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/lp-1755250-add-the-statx-syscall.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,308 +0,0 @@ -From 4793ea990ea80ee26ed63e2a20723fdb417abf5b Mon Sep 17 00:00:00 2001 -From: Tobias Klauser -Date: Fri, 20 Oct 2017 09:39:40 +0200 -Subject: [PATCH] arch: add the statx syscall - -Fixes #88 - -Signed-off-by: Tobias Klauser -[PM: fixed the incorrect x32 definition] -Signed-off-by: Paul Moore - -Origin: upstream, https://github.com/seccomp/libseccomp/commit/4793ea990ea80ee26ed63e2a20723fdb417abf5b -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1755250 -Last-Update: 2019-02-10 - - ---- - src/arch-aarch64-syscalls.c | 3 ++- - src/arch-arm-syscalls.c | 3 ++- - src/arch-mips-syscalls.c | 3 ++- - src/arch-mips64-syscalls.c | 3 ++- - src/arch-mips64n32-syscalls.c | 3 ++- - src/arch-parisc-syscalls.c | 3 ++- - src/arch-ppc-syscalls.c | 3 ++- - src/arch-ppc64-syscalls.c | 3 ++- - src/arch-s390-syscalls.c | 3 ++- - src/arch-s390x-syscalls.c | 3 ++- - src/arch-x32-syscalls.c | 3 ++- - src/arch-x86-syscalls.c | 3 ++- - src/arch-x86_64-syscalls.c | 3 ++- - 13 files changed, 26 insertions(+), 13 deletions(-) - -diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c -index d907182..157aedc 100644 ---- a/src/arch-aarch64-syscalls.c -+++ b/src/arch-aarch64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-aarch64.h" - --/* NOTE: based on Linux 4.10-rc6+ */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -392,6 +392,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", 43 }, - { "statfs64", __PNR_statfs64 }, -+ { "statx", 291 }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c -index 6f40caa..43e2cc5 100644 ---- a/src/arch-arm-syscalls.c -+++ b/src/arch-arm-syscalls.c -@@ -37,7 +37,7 @@ - #define __SCMP_NR_BASE __SCMP_NR_OABI_SYSCALL_BASE - #endif - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def arm_syscall_table[] = { \ - /* NOTE: arm_sync_file_range() and sync_file_range2() share values */ - { "_llseek", (__SCMP_NR_BASE + 140) }, -@@ -404,6 +404,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "stat64", (__SCMP_NR_BASE + 195) }, - { "statfs", (__SCMP_NR_BASE + 99) }, - { "statfs64", (__SCMP_NR_BASE + 266) }, -+ { "statx", (__SCMP_NR_BASE + 397) }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c -index e53f565..a5264c8 100644 ---- a/src/arch-mips-syscalls.c -+++ b/src/arch-mips-syscalls.c -@@ -30,7 +30,7 @@ - /* O32 ABI */ - #define __SCMP_NR_BASE 4000 - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def mips_syscall_table[] = { \ - { "_llseek", (__SCMP_NR_BASE + 140) }, - { "_newselect", (__SCMP_NR_BASE + 142) }, -@@ -396,6 +396,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \ - { "stat64", (__SCMP_NR_BASE + 213) }, - { "statfs", (__SCMP_NR_BASE + 99) }, - { "statfs64", (__SCMP_NR_BASE + 255) }, -+ { "statx", (__SCMP_NR_BASE + 366) }, - { "stime", (__SCMP_NR_BASE + 25) }, - { "stty", (__SCMP_NR_BASE + 31) }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c -index 248acaf..bc16b1d 100644 ---- a/src/arch-mips64-syscalls.c -+++ b/src/arch-mips64-syscalls.c -@@ -30,7 +30,7 @@ - /* 64 ABI */ - #define __SCMP_NR_BASE 5000 - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def mips64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", (__SCMP_NR_BASE + 22) }, -@@ -396,6 +396,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", (__SCMP_NR_BASE + 134) }, - { "statfs64", __PNR_statfs64 }, -+ { "statx", (__SCMP_NR_BASE + 326) }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c -index 1525f8b..fa89bc2 100644 ---- a/src/arch-mips64n32-syscalls.c -+++ b/src/arch-mips64n32-syscalls.c -@@ -30,7 +30,7 @@ - /* N32 ABI */ - #define __SCMP_NR_BASE 6000 - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", (__SCMP_NR_BASE + 22) }, -@@ -396,6 +396,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", (__SCMP_NR_BASE + 134) }, - { "statfs64", (__SCMP_NR_BASE + 217) }, -+ { "statx", (__SCMP_NR_BASE + 330) }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c -index 153c112..7e9d9ab 100644 ---- a/src/arch-parisc-syscalls.c -+++ b/src/arch-parisc-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-parisc.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def parisc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -376,6 +376,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ - { "stat64", 101 }, - { "statfs", 99 }, - { "statfs64", 298 }, -+ { "statx", 349 }, - { "stime", 25 }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c -index c117da9..fe0cdfb 100644 ---- a/src/arch-ppc-syscalls.c -+++ b/src/arch-ppc-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc.h" - --/* NOTE: based on Linux 4.10-rc6+ */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def ppc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -393,6 +393,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \ - { "stat64", 195 }, - { "statfs", 99 }, - { "statfs64", 252 }, -+ { "statx", 383}, - { "stime", 25 }, - { "stty", 31 }, - { "subpage_prot", 310 }, -diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c -index bbd5876..dc09610 100644 ---- a/src/arch-ppc64-syscalls.c -+++ b/src/arch-ppc64-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc64.h" - --/* NOTE: based on Linux 4.10-rc6+ */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -393,6 +393,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", 99 }, - { "statfs64", 252 }, -+ { "statx", 383}, - { "stime", 25 }, - { "stty", 31 }, - { "subpage_prot", 310 }, -diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c -index 959b42f..8a6cecc 100644 ---- a/src/arch-s390-syscalls.c -+++ b/src/arch-s390-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-s390.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def s390_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -376,6 +376,7 @@ const struct arch_syscall_def s390_syscall_table[] = { \ - { "stat64", 195 }, - { "statfs", 99 }, - { "statfs64", 265 }, -+ { "statx", 379 }, - { "stime", 25 }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c -index f6a2759..728dfc4 100644 ---- a/src/arch-s390x-syscalls.c -+++ b/src/arch-s390x-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-s390x.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def s390x_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -376,6 +376,7 @@ const struct arch_syscall_def s390x_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", 99 }, - { "statfs64", 265 }, -+ { "statx", 379 }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c -index 64e180a..bb3e077 100644 ---- a/src/arch-x32-syscalls.c -+++ b/src/arch-x32-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x32.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def x32_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -392,6 +392,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", (X32_SYSCALL_BIT + 137) }, - { "statfs64", __PNR_statfs64 }, -+ { "statx", (X32_SYSCALL_BIT + 332) }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c -index 5443095..81a52a3 100644 ---- a/src/arch-x86-syscalls.c -+++ b/src/arch-x86-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x86.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def x86_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -392,6 +392,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \ - { "stat64", 195 }, - { "statfs", 99 }, - { "statfs64", 268 }, -+ { "statx", 383 }, - { "stime", 25 }, - { "stty", 31 }, - { "subpage_prot", __PNR_subpage_prot }, -diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c -index 6c389b8..1da2530 100644 ---- a/src/arch-x86_64-syscalls.c -+++ b/src/arch-x86_64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x86_64.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.14 */ - const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -392,6 +392,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "stat64", __PNR_stat64 }, - { "statfs", 137 }, - { "statfs64", __PNR_statfs64 }, -+ { "statx", 332 }, - { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "subpage_prot", __PNR_subpage_prot }, --- -2.17.1 - diff -Nru libseccomp-2.3.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch libseccomp-2.4.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch --- libseccomp-2.3.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,536 +0,0 @@ -From d9102f12fd39bd77151a1f630fcfc8c80f86c55c Mon Sep 17 00:00:00 2001 -From: Justin Cormack -Date: Mon, 26 Dec 2016 17:59:12 +0000 -Subject: [PATCH] arch: update syscalls for Linux 4.9 - -Add support for the following syscalls added in Linux v4.9: - -- preadv2 and pwritev2 -- pkey_mprotect, pkey_alloc, pkey_free - -Signed-off-by: Justin Cormack -[PM: update subject line, description, and some whitespace] -Signed-off-by: Paul Moore - -Origin: upstream, https://github.com/seccomp/libseccomp/commit/d9102f12fd39bd77151a1f630fcfc8c80f86c55c -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1815415 -Last-Update: 2019-02-10 - ---- - include/seccomp.h.in | 15 +++++++++++++++ - src/arch-aarch64-syscalls.c | 7 ++++++- - src/arch-arm-syscalls.c | 7 ++++++- - src/arch-mips-syscalls.c | 7 ++++++- - src/arch-mips64-syscalls.c | 7 ++++++- - src/arch-mips64n32-syscalls.c | 7 ++++++- - src/arch-parisc-syscalls.c | 7 ++++++- - src/arch-ppc-syscalls.c | 7 ++++++- - src/arch-ppc64-syscalls.c | 7 ++++++- - src/arch-s390-syscalls.c | 7 ++++++- - src/arch-s390x-syscalls.c | 7 ++++++- - src/arch-x32-syscalls.c | 5 +++++ - src/arch-x86-syscalls.c | 7 ++++++- - src/arch-x86_64-syscalls.c | 7 ++++++- - 14 files changed, 92 insertions(+), 12 deletions(-) - -diff --git a/include/seccomp.h.in b/include/seccomp.h.in -index 5b9057f..5fc687c 100644 ---- a/include/seccomp.h.in -+++ b/include/seccomp.h.in -@@ -1609,6 +1609,21 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); - #define __NR_userfaultfd __PNR_userfaultfd - #endif /* __NR_userfaultfd */ - -+#define __PNR_pkey_mprotect -10201 -+#ifndef __NR_pkey_mprotect -+#define __NR_pkey_mprotect __PNR_pkey_mprotect -+#endif /* __NR_pkey_mprotect */ -+ -+#define __PNR_pkey_alloc -10202 -+#ifndef __NR_pkey_alloc -+#define __NR_pkey_alloc __PNR_pkey_alloc -+#endif /* __NR_pkey_alloc */ -+ -+#define __PNR_pkey_free -10203 -+#ifndef __NR_pkey_free -+#define __NR_pkey_free __PNR_pkey_free -+#endif /* __NR_pkey_free */ -+ - #ifdef __cplusplus - } - #endif -diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c -index 357f290..6c04ad5 100644 ---- a/src/arch-aarch64-syscalls.c -+++ b/src/arch-aarch64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-aarch64.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -254,11 +254,15 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "pipe", __PNR_pipe }, - { "pipe2", 59 }, - { "pivot_root", 41 }, -+ { "pkey_alloc", __PNR_pkey_alloc }, -+ { "pkey_free", __PNR_pkey_free }, -+ { "pkey_mprotect", __PNR_pkey_mprotect }, - { "poll", __PNR_poll }, - { "ppoll", 73 }, - { "prctl", 167 }, - { "pread64", 67 }, - { "preadv", 69 }, -+ { "preadv2", 392 }, - { "prlimit64", 261 }, - { "process_vm_readv", 270 }, - { "process_vm_writev", 271 }, -@@ -269,6 +273,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "putpmsg", __PNR_putpmsg }, - { "pwrite64", 68 }, - { "pwritev", 70 }, -+ { "pwritev2", 393 }, - { "query_module", __PNR_query_module }, - { "quotactl", 60 }, - { "read", 63 }, -diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c -index d1349a1..e7e2d31 100644 ---- a/src/arch-arm-syscalls.c -+++ b/src/arch-arm-syscalls.c -@@ -37,7 +37,7 @@ - #define __SCMP_NR_BASE __SCMP_NR_OABI_SYSCALL_BASE - #endif - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def arm_syscall_table[] = { \ - /* NOTE: arm_sync_file_range() and sync_file_range2() share values */ - { "_llseek", (__SCMP_NR_BASE + 140) }, -@@ -266,11 +266,15 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "pipe", (__SCMP_NR_BASE + 42) }, - { "pipe2", (__SCMP_NR_BASE + 359) }, - { "pivot_root", (__SCMP_NR_BASE + 218) }, -+ { "pkey_alloc", (__SCMP_NR_BASE + 395) }, -+ { "pkey_free", (__SCMP_NR_BASE + 396) }, -+ { "pkey_mprotect", (__SCMP_NR_BASE + 394) }, - { "poll", (__SCMP_NR_BASE + 168) }, - { "ppoll", (__SCMP_NR_BASE + 336) }, - { "prctl", (__SCMP_NR_BASE + 172) }, - { "pread64", (__SCMP_NR_BASE + 180) }, - { "preadv", (__SCMP_NR_BASE + 361) }, -+ { "preadv2", (__SCMP_NR_BASE + 392) }, - { "prlimit64", (__SCMP_NR_BASE + 369) }, - { "process_vm_readv", (__SCMP_NR_BASE + 376) }, - { "process_vm_writev", (__SCMP_NR_BASE + 377) }, -@@ -281,6 +285,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "putpmsg", __PNR_putpmsg }, - { "pwrite64", (__SCMP_NR_BASE + 181) }, - { "pwritev", (__SCMP_NR_BASE + 362) }, -+ { "pwritev2", (__SCMP_NR_BASE + 393) }, - { "query_module", __PNR_query_module }, - { "quotactl", (__SCMP_NR_BASE + 131) }, - { "read", (__SCMP_NR_BASE + 3) }, -diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c -index 2cd86cd..dada5a9 100644 ---- a/src/arch-mips-syscalls.c -+++ b/src/arch-mips-syscalls.c -@@ -30,7 +30,7 @@ - /* O32 ABI */ - #define __SCMP_NR_BASE 4000 - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def mips_syscall_table[] = { \ - { "_llseek", (__SCMP_NR_BASE + 140) }, - { "_newselect", (__SCMP_NR_BASE + 142) }, -@@ -258,11 +258,15 @@ const struct arch_syscall_def mips_syscall_table[] = { \ - { "pipe", (__SCMP_NR_BASE + 42) }, - { "pipe2", (__SCMP_NR_BASE + 328) }, - { "pivot_root", (__SCMP_NR_BASE + 216) }, -+ { "pkey_alloc", (__SCMP_NR_BASE + 364) }, -+ { "pkey_free", (__SCMP_NR_BASE + 365) }, -+ { "pkey_mprotect", (__SCMP_NR_BASE + 363) }, - { "poll", (__SCMP_NR_BASE + 188) }, - { "ppoll", (__SCMP_NR_BASE + 302) }, - { "prctl", (__SCMP_NR_BASE + 192) }, - { "pread64", (__SCMP_NR_BASE + 200) }, - { "preadv", (__SCMP_NR_BASE + 330) }, -+ { "preadv2", (__SCMP_NR_BASE + 361) }, - { "prlimit64", (__SCMP_NR_BASE + 338) }, - { "process_vm_readv", (__SCMP_NR_BASE + 345) }, - { "process_vm_writev", (__SCMP_NR_BASE + 346) }, -@@ -273,6 +277,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \ - { "putpmsg", (__SCMP_NR_BASE + 209) }, - { "pwrite64", (__SCMP_NR_BASE + 201) }, - { "pwritev", (__SCMP_NR_BASE + 331) }, -+ { "pwritev2", (__SCMP_NR_BASE + 362) }, - { "query_module", (__SCMP_NR_BASE + 187) }, - { "quotactl", (__SCMP_NR_BASE + 131) }, - { "read", (__SCMP_NR_BASE + 3) }, -diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c -index 80db447..bbf8906 100644 ---- a/src/arch-mips64-syscalls.c -+++ b/src/arch-mips64-syscalls.c -@@ -30,7 +30,7 @@ - /* 64 ABI */ - #define __SCMP_NR_BASE 5000 - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def mips64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", (__SCMP_NR_BASE + 22) }, -@@ -258,11 +258,15 @@ const struct arch_syscall_def mips64_syscall_table[] = { \ - { "pipe", (__SCMP_NR_BASE + 21) }, - { "pipe2", (__SCMP_NR_BASE + 287) }, - { "pivot_root", (__SCMP_NR_BASE + 151) }, -+ { "pkey_alloc", (__SCMP_NR_BASE + 324) }, -+ { "pkey_free", (__SCMP_NR_BASE + 325) }, -+ { "pkey_mprotect", (__SCMP_NR_BASE + 323) }, - { "poll", (__SCMP_NR_BASE + 7) }, - { "ppoll", (__SCMP_NR_BASE + 261) }, - { "prctl", (__SCMP_NR_BASE + 153) }, - { "pread64", (__SCMP_NR_BASE + 16) }, - { "preadv", (__SCMP_NR_BASE + 289) }, -+ { "preadv2", (__SCMP_NR_BASE + 321) }, - { "prlimit64", (__SCMP_NR_BASE + 297) }, - { "process_vm_readv", (__SCMP_NR_BASE + 304) }, - { "process_vm_writev", (__SCMP_NR_BASE + 305) }, -@@ -273,6 +277,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \ - { "putpmsg", (__SCMP_NR_BASE + 175) }, - { "pwrite64", (__SCMP_NR_BASE + 17) }, - { "pwritev", (__SCMP_NR_BASE + 290) }, -+ { "pwritev2", (__SCMP_NR_BASE + 322) }, - { "query_module", (__SCMP_NR_BASE + 171) }, - { "quotactl", (__SCMP_NR_BASE + 172) }, - { "read", (__SCMP_NR_BASE + 0) }, -diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c -index 5cf03d2..3484882 100644 ---- a/src/arch-mips64n32-syscalls.c -+++ b/src/arch-mips64n32-syscalls.c -@@ -30,7 +30,7 @@ - /* N32 ABI */ - #define __SCMP_NR_BASE 6000 - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", (__SCMP_NR_BASE + 22) }, -@@ -258,11 +258,15 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "pipe", (__SCMP_NR_BASE + 21) }, - { "pipe2", (__SCMP_NR_BASE + 291) }, - { "pivot_root", (__SCMP_NR_BASE + 151) }, -+ { "pkey_alloc", (__SCMP_NR_BASE + 328) }, -+ { "pkey_free", (__SCMP_NR_BASE + 329) }, -+ { "pkey_mprotect", (__SCMP_NR_BASE + 327) }, - { "poll", (__SCMP_NR_BASE + 7) }, - { "ppoll", (__SCMP_NR_BASE + 265) }, - { "prctl", (__SCMP_NR_BASE + 153) }, - { "pread64", (__SCMP_NR_BASE + 16) }, - { "preadv", (__SCMP_NR_BASE + 293) }, -+ { "preadv2", (__SCMP_NR_BASE + 325) }, - { "prlimit64", (__SCMP_NR_BASE + 302) }, - { "process_vm_readv", (__SCMP_NR_BASE + 309) }, - { "process_vm_writev", (__SCMP_NR_BASE + 310) }, -@@ -273,6 +277,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "putpmsg", (__SCMP_NR_BASE + 175) }, - { "pwrite64", (__SCMP_NR_BASE + 17) }, - { "pwritev", (__SCMP_NR_BASE + 294) }, -+ { "pwritev2", (__SCMP_NR_BASE + 326) }, - { "query_module", (__SCMP_NR_BASE + 171) }, - { "quotactl", (__SCMP_NR_BASE + 172) }, - { "read", (__SCMP_NR_BASE + 0) }, -diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c -index ad50820..4690577 100644 ---- a/src/arch-parisc-syscalls.c -+++ b/src/arch-parisc-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-parisc.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def parisc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -238,11 +238,15 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ - { "pipe", 42 }, - { "pipe2", 313 }, - { "pivot_root", 67 }, -+ { "pkey_alloc", __PNR_pkey_alloc }, -+ { "pkey_free", __PNR_pkey_free }, -+ { "pkey_mprotect", __PNR_pkey_mprotect }, - { "poll", 168 }, - { "ppoll", 274 }, - { "prctl", 172 }, - { "pread64", 108 }, - { "preadv", 315 }, -+ { "preadv2", 347 }, - { "prlimit64", 321 }, - { "process_vm_readv", 330 }, - { "process_vm_writev", 331 }, -@@ -253,6 +257,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ - { "putpmsg", 197 }, - { "pwrite64", 109 }, - { "pwritev", 316 }, -+ { "pwritev2", 348 }, - { "query_module", 167 }, - { "quotactl", 131 }, - { "read", 3 }, -diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c -index 2bd8a36..26b4ff1 100644 ---- a/src/arch-ppc-syscalls.c -+++ b/src/arch-ppc-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def ppc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -255,11 +255,15 @@ const struct arch_syscall_def ppc_syscall_table[] = { \ - { "pipe", 42 }, - { "pipe2", 317 }, - { "pivot_root", 203 }, -+ { "pkey_alloc", __PNR_pkey_alloc }, -+ { "pkey_free", __PNR_pkey_free }, -+ { "pkey_mprotect", __PNR_pkey_mprotect }, - { "poll", 167 }, - { "ppoll", 281 }, - { "prctl", 171 }, - { "pread64", 179 }, - { "preadv", 320 }, -+ { "preadv2", 380 }, - { "prlimit64", 325 }, - { "process_vm_readv", 351 }, - { "process_vm_writev", 352 }, -@@ -270,6 +274,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \ - { "putpmsg", 188 }, - { "pwrite64", 180 }, - { "pwritev", 321 }, -+ { "pwritev2", 381 }, - { "query_module", 166 }, - { "quotactl", 131 }, - { "read", 3 }, -diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c -index 73621a1..3ebd086 100644 ---- a/src/arch-ppc64-syscalls.c -+++ b/src/arch-ppc64-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc64.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -255,11 +255,15 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "pipe", 42 }, - { "pipe2", 317 }, - { "pivot_root", 203 }, -+ { "pkey_alloc", __PNR_pkey_alloc }, -+ { "pkey_free", __PNR_pkey_free }, -+ { "pkey_mprotect", __PNR_pkey_mprotect }, - { "poll", 167 }, - { "ppoll", 281 }, - { "prctl", 171 }, - { "pread64", 179 }, - { "preadv", 320 }, -+ { "preadv2", 380 }, - { "prlimit64", 325 }, - { "process_vm_readv", 351 }, - { "process_vm_writev", 352 }, -@@ -270,6 +274,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "putpmsg", 188 }, - { "pwrite64", 180 }, - { "pwritev", 321 }, -+ { "pwritev2", 381 }, - { "query_module", 166 }, - { "quotactl", 131 }, - { "read", 3 }, -diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c -index a04673a..84253a6 100644 ---- a/src/arch-s390-syscalls.c -+++ b/src/arch-s390-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-s390.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def s390_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -238,11 +238,15 @@ const struct arch_syscall_def s390_syscall_table[] = { \ - { "pipe", 42 }, - { "pipe2", 325 }, - { "pivot_root", 217 }, -+ { "pkey_alloc", __PNR_pkey_alloc }, -+ { "pkey_free", __PNR_pkey_free }, -+ { "pkey_mprotect", __PNR_pkey_mprotect }, - { "poll", 168 }, - { "ppoll", 302 }, - { "prctl", 172 }, - { "pread64", 180 }, - { "preadv", 328 }, -+ { "preadv2", 376 }, - { "prlimit64", 334 }, - { "process_vm_readv", 340 }, - { "process_vm_writev", 341 }, -@@ -253,6 +257,7 @@ const struct arch_syscall_def s390_syscall_table[] = { \ - { "putpmsg", 189 }, - { "pwrite64", 181 }, - { "pwritev", 329 }, -+ { "pwritev2", 377 }, - { "query_module", 167 }, - { "quotactl", 131 }, - { "read", 3 }, -diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c -index 9825c63..cc9763d 100644 ---- a/src/arch-s390x-syscalls.c -+++ b/src/arch-s390x-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-s390x.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def s390x_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -238,11 +238,15 @@ const struct arch_syscall_def s390x_syscall_table[] = { \ - { "pipe", 42 }, - { "pipe2", 325 }, - { "pivot_root", 217 }, -+ { "pkey_alloc", __PNR_pkey_alloc }, -+ { "pkey_free", __PNR_pkey_free }, -+ { "pkey_mprotect", __PNR_pkey_mprotect }, - { "poll", 168 }, - { "ppoll", 302 }, - { "prctl", 172 }, - { "pread64", 180 }, - { "preadv", 328 }, -+ { "preadv2", 376 }, - { "prlimit64", 334 }, - { "process_vm_readv", 340 }, - { "process_vm_writev", 341 }, -@@ -253,6 +257,7 @@ const struct arch_syscall_def s390x_syscall_table[] = { \ - { "putpmsg", 189 }, - { "pwrite64", 181 }, - { "pwritev", 329 }, -+ { "pwritev2", 377 }, - { "query_module", 167 }, - { "quotactl", 131 }, - { "read", 3 }, -diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c -index 80dd38b..5b9970b 100644 ---- a/src/arch-x32-syscalls.c -+++ b/src/arch-x32-syscalls.c -@@ -254,11 +254,15 @@ const struct arch_syscall_def x32_syscall_table[] = { \ - { "pipe", (X32_SYSCALL_BIT + 22) }, - { "pipe2", (X32_SYSCALL_BIT + 293) }, - { "pivot_root", (X32_SYSCALL_BIT + 155) }, -+ { "pkey_alloc", (X32_SYSCALL_BIT + 330) }, -+ { "pkey_free", (X32_SYSCALL_BIT + 331) }, -+ { "pkey_mprotect", (X32_SYSCALL_BIT + 329) }, - { "poll", (X32_SYSCALL_BIT + 7) }, - { "ppoll", (X32_SYSCALL_BIT + 271) }, - { "prctl", (X32_SYSCALL_BIT + 157) }, - { "pread64", (X32_SYSCALL_BIT + 17) }, - { "preadv", (X32_SYSCALL_BIT + 534) }, -+ { "preadv2", (X32_SYSCALL_BIT + 546) }, - { "prlimit64", (X32_SYSCALL_BIT + 302) }, - { "process_vm_readv", (X32_SYSCALL_BIT + 539) }, - { "process_vm_writev", (X32_SYSCALL_BIT + 540) }, -@@ -269,6 +273,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \ - { "putpmsg", (X32_SYSCALL_BIT + 182) }, - { "pwrite64", (X32_SYSCALL_BIT + 18) }, - { "pwritev", (X32_SYSCALL_BIT + 535) }, -+ { "pwritev2", (X32_SYSCALL_BIT + 547) }, - { "query_module", __PNR_query_module }, - { "quotactl", (X32_SYSCALL_BIT + 179) }, - { "read", (X32_SYSCALL_BIT + 0) }, -diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c -index 58e0597..00684ac 100644 ---- a/src/arch-x86-syscalls.c -+++ b/src/arch-x86-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x86.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def x86_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -254,11 +254,15 @@ const struct arch_syscall_def x86_syscall_table[] = { \ - { "pipe", 42 }, - { "pipe2", 331 }, - { "pivot_root", 217 }, -+ { "pkey_alloc", 381 }, -+ { "pkey_free", 382 }, -+ { "pkey_mprotect", 380 }, - { "poll", 168 }, - { "ppoll", 309 }, - { "prctl", 172 }, - { "pread64", 180 }, - { "preadv", 333 }, -+ { "preadv2", 378 }, - { "prlimit64", 340 }, - { "process_vm_readv", 347 }, - { "process_vm_writev", 348 }, -@@ -269,6 +273,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \ - { "putpmsg", 189 }, - { "pwrite64", 181 }, - { "pwritev", 334 }, -+ { "pwritev2", 379 }, - { "query_module", 167 }, - { "quotactl", 131 }, - { "read", 3 }, -diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c -index 2dd9818..655cf5f 100644 ---- a/src/arch-x86_64-syscalls.c -+++ b/src/arch-x86_64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x86_64.h" - --/* NOTE: based on Linux 4.5-rc4 */ -+/* NOTE: based on Linux 4.9 */ - const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -254,11 +254,15 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "pipe", 22 }, - { "pipe2", 293 }, - { "pivot_root", 155 }, -+ { "pkey_alloc", 330 }, -+ { "pkey_free", 331 }, -+ { "pkey_mprotect", 329 }, - { "poll", 7 }, - { "ppoll", 271 }, - { "prctl", 157 }, - { "pread64", 17 }, - { "preadv", 295 }, -+ { "preadv2", 327 }, - { "prlimit64", 302 }, - { "process_vm_readv", 310 }, - { "process_vm_writev", 311 }, -@@ -269,6 +273,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "putpmsg", 182 }, - { "pwrite64", 18 }, - { "pwritev", 296 }, -+ { "pwritev2", 328 }, - { "query_module", 178 }, - { "quotactl", 179 }, - { "read", 0 }, --- -2.17.1 - diff -Nru libseccomp-2.3.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch libseccomp-2.4.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch --- libseccomp-2.3.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,499 +0,0 @@ -From c842c2f6c203ad9da37ca60219172aa0be68d26a Mon Sep 17 00:00:00 2001 -From: Paul Moore -Date: Wed, 10 Jan 2018 12:16:28 -0500 -Subject: [PATCH] arch: update the syscalls for Linux v4.15-rc7 - -Signed-off-by: Paul Moore - -Origin: upstream, https://github.com/seccomp/libseccomp/commit/c842c2f6c203ad9da37ca60219172aa0be68d26a -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1815415 -Last-Update: 2019-02-10 - ---- - include/seccomp.h.in | 19 +++++++++++++++++++ - src/arch-aarch64-syscalls.c | 5 ++++- - src/arch-arm-syscalls.c | 5 ++++- - src/arch-mips-syscalls.c | 5 ++++- - src/arch-mips64-syscalls.c | 5 ++++- - src/arch-mips64n32-syscalls.c | 5 ++++- - src/arch-parisc-syscalls.c | 5 ++++- - src/arch-ppc-syscalls.c | 5 ++++- - src/arch-ppc64-syscalls.c | 5 ++++- - src/arch-s390-syscalls.c | 5 ++++- - src/arch-s390x-syscalls.c | 5 ++++- - src/arch-x32-syscalls.c | 5 ++++- - src/arch-x86-syscalls.c | 7 +++++-- - src/arch-x86_64-syscalls.c | 5 ++++- - 14 files changed, 72 insertions(+), 14 deletions(-) - -diff --git a/include/seccomp.h.in b/include/seccomp.h.in -index 56ae73e..2a789d6 100644 ---- a/include/seccomp.h.in -+++ b/include/seccomp.h.in -@@ -1662,6 +1662,25 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); - #define __NR_pkey_free __PNR_pkey_free - #endif /* __NR_pkey_free */ - -+#define __PNR_get_tls -10204 -+#ifndef __NR_get_tls -+#ifdef __ARM_NR_get_tls -+#define __NR_get_tls __ARM_NR_get_tls -+#else -+#define __NR_get_tls __PNR_get_tls -+#endif -+#endif /* __NR_get_tls */ -+ -+#define __PNR_s390_guarded_storage -10205 -+#ifndef __NR_s390_guarded_storage -+#define __NR_s390_guarded_storage __PNR_s390_guarded_storage -+#endif /* __NR_s390_guarded_storage */ -+ -+#define __PNR_s390_sthyi -10206 -+#ifndef __NR_s390_sthyi -+#define __NR_s390_sthyi __PNR_s390_sthyi -+#endif /* __NR_s390_sthyi */ -+ - #ifdef __cplusplus - } - #endif -diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c -index 157aedc..406df70 100644 ---- a/src/arch-aarch64-syscalls.c -+++ b/src/arch-aarch64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-aarch64.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -122,6 +122,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "get_mempolicy", 236 }, - { "get_robust_list", 100 }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 168 }, - { "getcwd", 17 }, - { "getdents", __PNR_getdents }, -@@ -304,9 +305,11 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "rt_sigtimedwait", 137 }, - { "rt_tgsigqueueinfo", 240 }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", 125 }, - { "sched_get_priority_min", 126 }, - { "sched_getaffinity", 123 }, -diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c -index 43e2cc5..e3fdc55 100644 ---- a/src/arch-arm-syscalls.c -+++ b/src/arch-arm-syscalls.c -@@ -37,7 +37,7 @@ - #define __SCMP_NR_BASE __SCMP_NR_OABI_SYSCALL_BASE - #endif - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def arm_syscall_table[] = { \ - /* NOTE: arm_sync_file_range() and sync_file_range2() share values */ - { "_llseek", (__SCMP_NR_BASE + 140) }, -@@ -134,6 +134,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "get_mempolicy", (__SCMP_NR_BASE + 320) }, - { "get_robust_list", (__SCMP_NR_BASE + 339) }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 6)) }, - { "getcpu", (__SCMP_NR_BASE + 345) }, - { "getcwd", (__SCMP_NR_BASE + 183) }, - { "getdents", (__SCMP_NR_BASE + 141) }, -@@ -316,9 +317,11 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "rt_sigtimedwait", (__SCMP_NR_BASE + 177) }, - { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 363) }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", (__SCMP_NR_BASE + 159) }, - { "sched_get_priority_min", (__SCMP_NR_BASE + 160) }, - { "sched_getaffinity", (__SCMP_NR_BASE + 242) }, -diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c -index a5264c8..2dee53f 100644 ---- a/src/arch-mips-syscalls.c -+++ b/src/arch-mips-syscalls.c -@@ -30,7 +30,7 @@ - /* O32 ABI */ - #define __SCMP_NR_BASE 4000 - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def mips_syscall_table[] = { \ - { "_llseek", (__SCMP_NR_BASE + 140) }, - { "_newselect", (__SCMP_NR_BASE + 142) }, -@@ -126,6 +126,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \ - { "get_mempolicy", (__SCMP_NR_BASE + 269) }, - { "get_robust_list", (__SCMP_NR_BASE + 310) }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", (__SCMP_NR_BASE + 312) }, - { "getcwd", (__SCMP_NR_BASE + 203) }, - { "getdents", (__SCMP_NR_BASE + 141) }, -@@ -308,9 +309,11 @@ const struct arch_syscall_def mips_syscall_table[] = { \ - { "rt_sigtimedwait", (__SCMP_NR_BASE + 197) }, - { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 332) }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", (__SCMP_NR_BASE + 163) }, - { "sched_get_priority_min", (__SCMP_NR_BASE + 164) }, - { "sched_getaffinity", (__SCMP_NR_BASE + 240) }, -diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c -index bc16b1d..97c6874 100644 ---- a/src/arch-mips64-syscalls.c -+++ b/src/arch-mips64-syscalls.c -@@ -30,7 +30,7 @@ - /* 64 ABI */ - #define __SCMP_NR_BASE 5000 - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def mips64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", (__SCMP_NR_BASE + 22) }, -@@ -126,6 +126,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \ - { "get_mempolicy", (__SCMP_NR_BASE + 228) }, - { "get_robust_list", (__SCMP_NR_BASE + 269) }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", (__SCMP_NR_BASE + 271) }, - { "getcwd", (__SCMP_NR_BASE + 77) }, - { "getdents", (__SCMP_NR_BASE + 76) }, -@@ -308,9 +309,11 @@ const struct arch_syscall_def mips64_syscall_table[] = { \ - { "rt_sigtimedwait", (__SCMP_NR_BASE + 126) }, - { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 291) }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", (__SCMP_NR_BASE + 143) }, - { "sched_get_priority_min", (__SCMP_NR_BASE + 144) }, - { "sched_getaffinity", (__SCMP_NR_BASE + 196) }, -diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c -index fa89bc2..a22d643 100644 ---- a/src/arch-mips64n32-syscalls.c -+++ b/src/arch-mips64n32-syscalls.c -@@ -30,7 +30,7 @@ - /* N32 ABI */ - #define __SCMP_NR_BASE 6000 - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", (__SCMP_NR_BASE + 22) }, -@@ -126,6 +126,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "get_mempolicy", (__SCMP_NR_BASE + 232) }, - { "get_robust_list", (__SCMP_NR_BASE + 273) }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", (__SCMP_NR_BASE + 275) }, - { "getcwd", (__SCMP_NR_BASE + 77) }, - { "getdents", (__SCMP_NR_BASE + 76) }, -@@ -308,9 +309,11 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \ - { "rt_sigtimedwait", (__SCMP_NR_BASE + 126) }, - { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 295) }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", (__SCMP_NR_BASE + 143) }, - { "sched_get_priority_min", (__SCMP_NR_BASE + 144) }, - { "sched_getaffinity", (__SCMP_NR_BASE + 196) }, -diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c -index 7e9d9ab..e84b533 100644 ---- a/src/arch-parisc-syscalls.c -+++ b/src/arch-parisc-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-parisc.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def parisc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -106,6 +106,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ - { "get_mempolicy", 261 }, - { "get_robust_list", 290 }, - { "get_thread_area", 214 }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 296 }, - { "getcwd", 110 }, - { "getdents", 141 }, -@@ -288,9 +289,11 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ - { "rt_sigtimedwait", 177 }, - { "rt_tgsigqueueinfo", 317 }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", 159 }, - { "sched_get_priority_min", 160 }, - { "sched_getaffinity", 212 }, -diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c -index fe0cdfb..7ff7fca 100644 ---- a/src/arch-ppc-syscalls.c -+++ b/src/arch-ppc-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def ppc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -123,6 +123,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \ - { "get_mempolicy", 260 }, - { "get_robust_list", 299 }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 302 }, - { "getcwd", 182 }, - { "getdents", 141 }, -@@ -305,9 +306,11 @@ const struct arch_syscall_def ppc_syscall_table[] = { \ - { "rt_sigtimedwait", 176 }, - { "rt_tgsigqueueinfo", 322 }, - { "rtas", 255 }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", 159 }, - { "sched_get_priority_min", 160 }, - { "sched_getaffinity", 223 }, -diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c -index dc09610..ee094bc 100644 ---- a/src/arch-ppc64-syscalls.c -+++ b/src/arch-ppc64-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc64.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -123,6 +123,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "get_mempolicy", 260 }, - { "get_robust_list", 299 }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 302 }, - { "getcwd", 182 }, - { "getdents", 141 }, -@@ -305,9 +306,11 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "rt_sigtimedwait", 176 }, - { "rt_tgsigqueueinfo", 322 }, - { "rtas", 255 }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", 159 }, - { "sched_get_priority_min", 160 }, - { "sched_getaffinity", 223 }, -diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c -index 8a6cecc..6024eaf 100644 ---- a/src/arch-s390-syscalls.c -+++ b/src/arch-s390-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-s390.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def s390_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -106,6 +106,7 @@ const struct arch_syscall_def s390_syscall_table[] = { \ - { "get_mempolicy", 269 }, - { "get_robust_list", 305 }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 311 }, - { "getcwd", 183 }, - { "getdents", 141 }, -@@ -288,9 +289,11 @@ const struct arch_syscall_def s390_syscall_table[] = { \ - { "rt_sigtimedwait", 177 }, - { "rt_tgsigqueueinfo", 330 }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", 378 }, - { "s390_pci_mmio_read", 353 }, - { "s390_pci_mmio_write", 352 }, - { "s390_runtime_instr", 342 }, -+ { "s390_sthyi", 380 }, - { "sched_get_priority_max", 159 }, - { "sched_get_priority_min", 160 }, - { "sched_getaffinity", 240 }, -diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c -index 728dfc4..74d1e57 100644 ---- a/src/arch-s390x-syscalls.c -+++ b/src/arch-s390x-syscalls.c -@@ -10,7 +10,7 @@ - #include "arch.h" - #include "arch-s390x.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def s390x_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -106,6 +106,7 @@ const struct arch_syscall_def s390x_syscall_table[] = { \ - { "get_mempolicy", 269 }, - { "get_robust_list", 305 }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 311 }, - { "getcwd", 183 }, - { "getdents", 141 }, -@@ -288,9 +289,11 @@ const struct arch_syscall_def s390x_syscall_table[] = { \ - { "rt_sigtimedwait", 177 }, - { "rt_tgsigqueueinfo", 330 }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", 378 }, - { "s390_pci_mmio_read", 353 }, - { "s390_pci_mmio_write", 352 }, - { "s390_runtime_instr", 342 }, -+ { "s390_sthyi", 380 }, - { "sched_get_priority_max", 159 }, - { "sched_get_priority_min", 160 }, - { "sched_getaffinity", 240 }, -diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c -index bb3e077..8a6cd64 100644 ---- a/src/arch-x32-syscalls.c -+++ b/src/arch-x32-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x32.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def x32_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -122,6 +122,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \ - { "get_mempolicy", (X32_SYSCALL_BIT + 239) }, - { "get_robust_list", (X32_SYSCALL_BIT + 531) }, - { "get_thread_area", __PNR_get_thread_area }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", (X32_SYSCALL_BIT + 309) }, - { "getcwd", (X32_SYSCALL_BIT + 79) }, - { "getdents", (X32_SYSCALL_BIT + 78) }, -@@ -304,9 +305,11 @@ const struct arch_syscall_def x32_syscall_table[] = { \ - { "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) }, - { "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", (X32_SYSCALL_BIT + 146) }, - { "sched_get_priority_min", (X32_SYSCALL_BIT + 147) }, - { "sched_getaffinity", (X32_SYSCALL_BIT + 204) }, -diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c -index 81a52a3..abce705 100644 ---- a/src/arch-x86-syscalls.c -+++ b/src/arch-x86-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x86.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def x86_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -41,7 +41,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \ - { "alarm", 27 }, - { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, - { "arm_sync_file_range", __PNR_arm_sync_file_range }, -- { "arch_prctl", __PNR_arch_prctl }, -+ { "arch_prctl", 384 }, - { "bdflush", 134 }, - { "bind", 361 }, - { "bpf", 357 }, -@@ -122,6 +122,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \ - { "get_mempolicy", 275 }, - { "get_robust_list", 312 }, - { "get_thread_area", 244 }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 318 }, - { "getcwd", 183 }, - { "getdents", 141 }, -@@ -304,9 +305,11 @@ const struct arch_syscall_def x86_syscall_table[] = { \ - { "rt_sigtimedwait", 177 }, - { "rt_tgsigqueueinfo", 335 }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", 159 }, - { "sched_get_priority_min", 160 }, - { "sched_getaffinity", 242 }, -diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c -index 1da2530..203dafa 100644 ---- a/src/arch-x86_64-syscalls.c -+++ b/src/arch-x86_64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-x86_64.h" - --/* NOTE: based on Linux 4.14 */ -+/* NOTE: based on Linux 4.15-rc7 */ - const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -122,6 +122,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "get_mempolicy", 239 }, - { "get_robust_list", 274 }, - { "get_thread_area", 211 }, -+ { "get_tls", __PNR_get_tls }, - { "getcpu", 309 }, - { "getcwd", 79 }, - { "getdents", 78 }, -@@ -304,9 +305,11 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \ - { "rt_sigtimedwait", 128 }, - { "rt_tgsigqueueinfo", 297 }, - { "rtas", __PNR_rtas }, -+ { "s390_guarded_storage", __PNR_s390_guarded_storage }, - { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, - { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, - { "s390_runtime_instr", __PNR_s390_runtime_instr }, -+ { "s390_sthyi", __PNR_s390_sthyi }, - { "sched_get_priority_max", 146 }, - { "sched_get_priority_min", 147 }, - { "sched_getaffinity", 204 }, --- -2.17.1 - diff -Nru libseccomp-2.3.1/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch libseccomp-2.4.1/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch --- libseccomp-2.3.1/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,106 +0,0 @@ -From 116b3c1a2e1db53cc35b74f30c080f5265faa674 Mon Sep 17 00:00:00 2001 -From: Paul Moore -Date: Thu, 2 Feb 2017 18:30:44 -0500 -Subject: [PATCH] arch: update the syscall tables to 4.10-rc6+ - -Signed-off-by: Paul Moore - -Origin: upstream, https://github.com/seccomp/libseccomp/commit/116b3c1a2e1db53cc35b74f30c080f5265faa674 -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1815415 -Last-Update: 2019-02-10 - ---- - src/arch-aarch64-syscalls.c | 12 ++++++------ - src/arch-ppc-syscalls.c | 4 ++-- - src/arch-ppc64-syscalls.c | 4 ++-- - 3 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c -index 84f5d60..d907182 100644 ---- a/src/arch-aarch64-syscalls.c -+++ b/src/arch-aarch64-syscalls.c -@@ -26,7 +26,7 @@ - #include "arch.h" - #include "arch-aarch64.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.10-rc6+ */ - const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "_llseek", __PNR__llseek }, - { "_newselect", __PNR__newselect }, -@@ -254,15 +254,15 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "pipe", __PNR_pipe }, - { "pipe2", 59 }, - { "pivot_root", 41 }, -- { "pkey_alloc", __PNR_pkey_alloc }, -- { "pkey_free", __PNR_pkey_free }, -- { "pkey_mprotect", __PNR_pkey_mprotect }, -+ { "pkey_alloc", 289 }, -+ { "pkey_free", 290 }, -+ { "pkey_mprotect", 288 }, - { "poll", __PNR_poll }, - { "ppoll", 73 }, - { "prctl", 167 }, - { "pread64", 67 }, - { "preadv", 69 }, -- { "preadv2", 392 }, -+ { "preadv2", 286 }, - { "prlimit64", 261 }, - { "process_vm_readv", 270 }, - { "process_vm_writev", 271 }, -@@ -273,7 +273,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \ - { "putpmsg", __PNR_putpmsg }, - { "pwrite64", 68 }, - { "pwritev", 70 }, -- { "pwritev2", 393 }, -+ { "pwritev2", 287 }, - { "query_module", __PNR_query_module }, - { "quotactl", 60 }, - { "read", 63 }, -diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c -index 85570bd..c117da9 100644 ---- a/src/arch-ppc-syscalls.c -+++ b/src/arch-ppc-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.10-rc6+ */ - const struct arch_syscall_def ppc_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -177,7 +177,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \ - { "ioprio_set", 273 }, - { "ipc", 117 }, - { "kcmp", 354 }, -- { "kexec_file_load", __PNR_kexec_file_load }, -+ { "kexec_file_load", 382 }, - { "kexec_load", 268 }, - { "keyctl", 271 }, - { "kill", 37 }, -diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c -index 47cb56c..bbd5876 100644 ---- a/src/arch-ppc64-syscalls.c -+++ b/src/arch-ppc64-syscalls.c -@@ -27,7 +27,7 @@ - #include "arch.h" - #include "arch-ppc64.h" - --/* NOTE: based on Linux 4.9 */ -+/* NOTE: based on Linux 4.10-rc6+ */ - const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "_llseek", 140 }, - { "_newselect", 142 }, -@@ -177,7 +177,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \ - { "ioprio_set", 273 }, - { "ipc", 117 }, - { "kcmp", 354 }, -- { "kexec_file_load", __PNR_kexec_file_load }, -+ { "kexec_file_load", 382 }, - { "kexec_load", 268 }, - { "keyctl", 271 }, - { "kill", 37 }, --- -2.17.1 - diff -Nru libseccomp-2.3.1/debian/patches/series libseccomp-2.4.1/debian/patches/series --- libseccomp-2.3.1/debian/patches/series 2019-02-08 08:17:23.000000000 +0000 +++ libseccomp-2.4.1/debian/patches/series 2019-05-03 20:04:44.000000000 +0000 @@ -1,6 +1 @@ -28-parisc_support.patch -add-log-action.patch -lp-1815415-arch-update-syscalls-for-Linux-4.9.patch -lp-1815415-update-the-syscall-tables-to-4.10.patch -lp-1755250-add-the-statx-syscall.patch -lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch +db-properly-reset-attribute-state.patch diff -Nru libseccomp-2.3.1/doc/Makefile.am libseccomp-2.4.1/doc/Makefile.am --- libseccomp-2.3.1/doc/Makefile.am 2016-02-18 19:29:30.334085349 +0000 +++ libseccomp-2.4.1/doc/Makefile.am 2018-12-03 23:53:10.173975678 +0000 @@ -43,4 +43,6 @@ man/man3/seccomp_syscall_resolve_name_arch.3 \ man/man3/seccomp_syscall_resolve_name_rewrite.3 \ man/man3/seccomp_syscall_resolve_num_arch.3 \ - man/man3/seccomp_version.3 + man/man3/seccomp_version.3 \ + man/man3/seccomp_api_get.3 \ + man/man3/seccomp_api_set.3 diff -Nru libseccomp-2.3.1/doc/Makefile.in libseccomp-2.4.1/doc/Makefile.in --- libseccomp-2.3.1/doc/Makefile.in 2016-04-20 20:11:08.821211389 +0000 +++ libseccomp-2.4.1/doc/Makefile.in 2019-04-17 21:02:40.492938274 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,7 +32,17 @@ # along with this library; if not, see . # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -96,15 +106,14 @@ build_triplet = @build@ host_triplet = @host@ subdir = doc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(dist_man1_MANS) $(dist_man3_MANS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/configure.h CONFIG_CLEAN_FILES = @@ -161,6 +170,8 @@ NROFF = nroff MANS = $(dist_man1_MANS) $(dist_man3_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(dist_man1_MANS) $(dist_man3_MANS) \ + $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -176,6 +187,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -190,12 +207,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -222,6 +242,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -274,9 +299,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -312,7 +341,9 @@ man/man3/seccomp_syscall_resolve_name_arch.3 \ man/man3/seccomp_syscall_resolve_name_rewrite.3 \ man/man3/seccomp_syscall_resolve_num_arch.3 \ - man/man3/seccomp_version.3 + man/man3/seccomp_version.3 \ + man/man3/seccomp_api_get.3 \ + man/man3/seccomp_api_set.3 all: all-am @@ -329,14 +360,13 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -442,7 +472,10 @@ cscope cscopelist: -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -592,6 +625,8 @@ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 uninstall-man3 +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru libseccomp-2.3.1/doc/man/man1/scmp_sys_resolver.1 libseccomp-2.4.1/doc/man/man1/scmp_sys_resolver.1 --- libseccomp-2.3.1/doc/man/man1/scmp_sys_resolver.1 2015-02-06 22:50:01.420595066 +0000 +++ libseccomp-2.4.1/doc/man/man1/scmp_sys_resolver.1 2018-12-03 23:53:10.173975678 +0000 @@ -34,7 +34,9 @@ .B \-a \fIARCH The architecture to use for resolving the system call. Valid .I ARCH -values are "x86", "x86_64", "x32", and "arm". +values are "x86", "x86_64", "x32", "arm", "aarch64", "mips", "mipsel", "mips64", +"mipsel64", "mips64n32", "mipsel64n32", "parisc", "parisc64", "ppc", "ppc64", +"ppc64le", "s390" and "s390x". .TP .B \-t If necessary, translate the system call name to the proper system call number, diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_api_get.3 libseccomp-2.4.1/doc/man/man3/seccomp_api_get.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_api_get.3 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_api_get.3 2018-12-03 23:53:10.173975678 +0000 @@ -0,0 +1,101 @@ +.TH "seccomp_api_get" 3 "8 October 2017" "paul@paul-moore.com" "libseccomp Documentation" +.\" ////////////////////////////////////////////////////////////////////////// +.SH NAME +.\" ////////////////////////////////////////////////////////////////////////// +seccomp_api_get, seccomp_api_set \- Manage the libseccomp API level +.\" ////////////////////////////////////////////////////////////////////////// +.SH SYNOPSIS +.\" ////////////////////////////////////////////////////////////////////////// +.nf +.B #include +.sp +.BI "const unsigned int seccomp_api_get(" void ");" +.BI "int seccomp_api_set(unsigned int " level ");" +.sp +Link with \fI\-lseccomp\fP. +.fi +.\" ////////////////////////////////////////////////////////////////////////// +.SH DESCRIPTION +.\" ////////////////////////////////////////////////////////////////////////// +.P +The +.BR seccomp_api_get () +function returns an integer representing the functionality ("API level") +provided by the current running kernel. It is important to note that while +.BR seccomp_api_get () +can be called multiple times, the kernel is only probed the first time to see +what functionality is supported, all following calls to +.BR seccomp_api_get () +return a cached value. +.P +The +.BR seccomp_api_set () +function allows callers to force the API level to the provided value; however, +this is almost always a bad idea and use of this function is strongly +discouraged. +.P +The different API level values are described below: +.TP +.B 0 +Reserved value, not currently used. +.TP +.B 1 +Base level support. +.TP +.B 2 +The SCMP_FLTATR_CTL_TSYNC filter attribute is supported and libseccomp uses +the +.BR seccomp(2) +syscall to load the seccomp filter into the kernel. +.TP +.B 3 +The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are supported. +.\" ////////////////////////////////////////////////////////////////////////// +.SH RETURN VALUE +.\" ////////////////////////////////////////////////////////////////////////// +The +.BR seccomp_api_get () +function returns an integer representing the supported API level. The +.BR seccomp_api_set () +function returns zero on success, negative values on failure. +.\" ////////////////////////////////////////////////////////////////////////// +.SH EXAMPLES +.\" ////////////////////////////////////////////////////////////////////////// +.nf +#include + +int main(int argc, char *argv[]) +{ + unsigned int api; + + api = seccomp_api_get(); + switch (api) { + case 2: + /* ... */ + default: + /* ... */ + } + + return 0; + +err: + return \-1; +} +.fi +.\" ////////////////////////////////////////////////////////////////////////// +.SH NOTES +.\" ////////////////////////////////////////////////////////////////////////// +.P +While the seccomp filter can be generated independent of the kernel, kernel +support is required to load and enforce the seccomp filter generated by +libseccomp. +.P +The libseccomp project site, with more information and the source code +repository, can be found at https://github.com/seccomp/libseccomp. This tool, +as well as the libseccomp library, is currently under development, please +report any bugs at the project site or directly to the author. +.\" ////////////////////////////////////////////////////////////////////////// +.SH AUTHOR +.\" ////////////////////////////////////////////////////////////////////////// +Paul Moore +.\" ////////////////////////////////////////////////////////////////////////// diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_api_set.3 libseccomp-2.4.1/doc/man/man3/seccomp_api_set.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_api_set.3 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_api_set.3 2018-12-03 23:53:10.173975678 +0000 @@ -0,0 +1 @@ +.so man3/seccomp_api_get.3 diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_arch_add.3 libseccomp-2.4.1/doc/man/man3/seccomp_arch_add.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_arch_add.3 2015-02-06 22:50:01.420595066 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_arch_add.3 2018-12-03 23:53:10.177309028 +0000 @@ -128,4 +128,4 @@ .\" ////////////////////////////////////////////////////////////////////////// .BR seccomp_init (3), .BR seccomp_reset (3), -.BR seccom_merge (3) +.BR seccomp_merge (3) diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_attr_set.3 libseccomp-2.4.1/doc/man/man3/seccomp_attr_set.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_attr_set.3 2015-02-06 22:50:01.420595066 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_attr_set.3 2018-12-03 23:53:10.177309028 +0000 @@ -59,10 +59,11 @@ .TP .B SCMP_FLTATR_CTL_NNP A flag to specify if the NO_NEW_PRIVS functionality should be enabled before -loading the seccomp filter into the kernel. If set to off ( +loading the seccomp filter into the kernel. Setting this to off ( .I value -== 0) then loading the seccomp filter into the kernel will fail if CAP_SYS_ADMIN -is not set. Defaults to on ( +== 0) results in no action, meaning that loading the seccomp filter into the +kernel will fail if CAP_SYS_ADMIN is missing and NO_NEW_PRIVS has not been +externally set. Defaults to on ( .I value == 1). .TP @@ -76,6 +77,23 @@ error being returned. Defaults to off ( .I value == 0). +.TP +.B SCMP_FLTATR_API_TSKIP +A flag to specify if libseccomp should allow filter rules to be created for +the -1 syscall. The -1 syscall value can be used by tracer programs to skip +specific syscall invocations, see +.BR seccomp (2) +for more information. Defaults to off ( +.I value +== 0). +.TP +.B SCMP_FLTATR_CTL_LOG +A flag to specify if the kernel should log all filter actions taken except for +the +.BR SCMP_ACT_ALLOW +action. Defaults to off ( +.I value +== 0). .\" ////////////////////////////////////////////////////////////////////////// .SH RETURN VALUE .\" ////////////////////////////////////////////////////////////////////////// @@ -129,4 +147,5 @@ .\" ////////////////////////////////////////////////////////////////////////// .BR seccomp_init (3), .BR seccomp_reset (3), -.BR seccomp_load (3) +.BR seccomp_load (3), +.BR seccomp (2) diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_init.3 libseccomp-2.4.1/doc/man/man3/seccomp_init.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_init.3 2015-08-28 23:25:19.621512733 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_init.3 2018-12-03 23:53:10.177309028 +0000 @@ -52,6 +52,10 @@ that does not match any of the configured seccomp filter rules. The thread will not be able to catch the signal. .TP +.B SCMP_ACT_KILL_PROCESS +The entire process will be terminated by the kernel with SIGSYS when it calls a +syscall that does not match any of the configured seccomp filter rules. +.TP .B SCMP_ACT_TRAP The thread will be sent a SIGSYS signal when it calls a syscall that does not match any of the configured seccomp filter rules. It may catch this and change @@ -79,6 +83,11 @@ .B PTRACE_GETEVENTMSG option. .TP +.B SCMP_ACT_LOG +The seccomp filter will have no effect on the thread calling the syscall if it +does not match any of the configured seccomp filter rules but the syscall will +be logged. +.TP .B SCMP_ACT_ALLOW The seccomp filter will have no effect on the thread calling the syscall if it does not match any of the configured seccomp filter rules. diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_merge.3 libseccomp-2.4.1/doc/man/man3/seccomp_merge.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_merge.3 2015-02-06 22:50:01.420595066 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_merge.3 2018-12-03 23:53:10.177309028 +0000 @@ -27,9 +27,9 @@ .I dst and stores the resulting in the .I dst -filter. If successfull, the +filter. If successful, the .I src -seccomp filter is released and all internal memory assocated with the filter +seccomp filter is released and all internal memory associated with the filter is freed; there is no need to call .BR seccomp_release (3) on diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_rule_add.3 libseccomp-2.4.1/doc/man/man3/seccomp_rule_add.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_rule_add.3 2015-02-06 22:50:01.420595066 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_rule_add.3 2019-02-22 01:57:42.950652879 +0000 @@ -1,4 +1,4 @@ -.TH "seccomp_rule_add" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation" +.TH "seccomp_rule_add" 3 "17 February 2019" "paul@paul-moore.com" "libseccomp Documentation" .\" ////////////////////////////////////////////////////////////////////////// .SH NAME .\" ////////////////////////////////////////////////////////////////////////// @@ -22,6 +22,24 @@ .BI "struct scmp_arg_cmp SCMP_A4(enum scmp_compare " op ", " ... ");" .BI "struct scmp_arg_cmp SCMP_A5(enum scmp_compare " op ", " ... ");" .sp +.BI "struct scmp_arg_cmp SCMP_CMP64(unsigned int " arg "," +.BI " enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A0_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A1_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A2_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A3_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A4_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A5_64(enum scmp_compare " op ", " ... ");" +.sp +.BI "struct scmp_arg_cmp SCMP_CMP32(unsigned int " arg "," +.BI " enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A0_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A1_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A2_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A3_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A4_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A5_32(enum scmp_compare " op ", " ... ");" +.sp .BI "int seccomp_rule_add(scmp_filter_ctx " ctx ", uint32_t " action "," .BI " int " syscall ", unsigned int " arg_cnt ", " ... ");" .BI "int seccomp_rule_add_exact(scmp_filter_ctx " ctx ", uint32_t " action "," @@ -53,8 +71,8 @@ and .BR seccomp_rule_add_array () functions will make a "best effort" to add the rule as specified, but may alter -the rule slightly due to architecture specifics, e.g. socket and ipc functions -on x86. The +the rule slightly due to architecture specifics (e.g. internal rewriting of +multiplexed syscalls, like socket and ipc functions on x86). The .BR seccomp_rule_add_exact () and .BR seccomp_rule_add_exact_array () @@ -71,15 +89,36 @@ .BR seccomp_load (3). .P The +.BR SCMP_CMP (), +.BR SCMP_CMP64 (), +.BR SCMP_A{0-5} (), +and +.BR SCMP_A{0-5}_64 () +macros generate a scmp_arg_cmp structure for use with the above functions. The .BR SCMP_CMP () and +.BR SCMP_CMP64 () +macros allows the caller to specify an arbitrary argument along with the +comparison operator, 64-bit mask, and 64-bit datum values where the .BR SCMP_A{0-5} () -macros generate a scmp_arg_cmp structure for use with the above functions. The +and +.BR SCMP_A{0-5}_64 () +macros are specific to a certain argument. +.P +The +.BR SCMP_CMP32 () +and +.BR SCMP_A{0-5}_32 () +macros are similar to the variants above, but they take 32-bit mask and 32-bit +datum values. +.P +It is recommended that whenever possible developers avoid using the .BR SCMP_CMP () -macro allows the caller to specify an arbitrary argument along with the -comparison operator, mask, and datum values where the +and .BR SCMP_A{0-5} () -macros are specific to a certain argument. See the EXAMPLES section below. +macros and use the variants which are explicitly 32 or 64-bit. This should +help eliminate problems caused by an unwanted sign extension of negative datum +values. .P While it is possible to specify the .I syscall @@ -90,6 +129,14 @@ .BR SCMP_SYS () macro instead. See the EXAMPLES section below. .P +Starting with Linux v4.8, there may be a need to create a rule with a syscall +value of -1 to allow tracing programs to skip a syscall invocation; in order +to create a rule with a -1 syscall value it is necessary to first set the +.B SCMP_FLTATR_API_TSKIP +attribute. See +.BR seccomp_attr_set (3) +for more information. +.P The filter context .I ctx is the value returned by the call to @@ -100,18 +147,21 @@ values are as follows: .TP .B SCMP_ACT_KILL -The thread will be killed by the kernel when it calls a syscall that does not -match any of the configured seccomp filter rules. +The thread will be killed by the kernel when it calls a syscall that matches +the filter rule. +.TP +.B SCMP_ACT_KILL_PROCESS +The process will be killed by the kernel when it calls a syscall that matches +the filter rule. .TP .B SCMP_ACT_TRAP -The thread will throw a SIGSYS signal when it calls a syscall that does not -match any of the configured seccomp filter rules. +The thread will throw a SIGSYS signal when it calls a syscall that matches the +filter rule. .TP .B SCMP_ACT_ERRNO(uint16_t errno) The thread will receive a return value of .I errno -when it calls a syscall that does not match any of the configured seccomp filter -rules. +when it calls a syscall that matches the filter rule. .TP .B SCMP_ACT_TRACE(uint16_t msg_num) If the thread is being traced and the tracing process specified the @@ -126,9 +176,13 @@ .B PTRACE_GETEVENTMSG option. .TP +.B SCMP_ACT_LOG +The seccomp filter will have no effect on the thread calling the syscall if it +matches the filter rule but the syscall will be logged. +.TP .B SCMP_ACT_ALLOW The seccomp filter will have no effect on the thread calling the syscall if it -does not match any of the configured seccomp filter rules. +matches the filter rule. .P Valid comparison .I op @@ -219,6 +273,7 @@ #include #include #include +#include #define BUF_SIZE 256 @@ -244,6 +299,14 @@ if (rc < 0) goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0); + if (rc < 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0); + if (rc < 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 3, SCMP_A0(SCMP_CMP_EQ, fd), SCMP_A1(SCMP_CMP_EQ, (scmp_datum_t)buf), @@ -291,5 +354,7 @@ .\" ////////////////////////////////////////////////////////////////////////// .SH SEE ALSO .\" ////////////////////////////////////////////////////////////////////////// +.BR seccomp_syscall_resolve_name_rewrite (3), .BR seccomp_syscall_priority (3), -.BR seccomp_load (3) +.BR seccomp_load (3), +.BR seccomp_attr_set (3) diff -Nru libseccomp-2.3.1/doc/man/man3/seccomp_syscall_resolve_name.3 libseccomp-2.4.1/doc/man/man3/seccomp_syscall_resolve_name.3 --- libseccomp-2.3.1/doc/man/man3/seccomp_syscall_resolve_name.3 2015-02-06 22:50:01.420595066 +0000 +++ libseccomp-2.4.1/doc/man/man3/seccomp_syscall_resolve_name.3 2018-12-03 23:53:10.177309028 +0000 @@ -30,7 +30,12 @@ functions resolve the commonly used syscall name to the syscall number used by the kernel and the rest of the libseccomp API, with .BR seccomp_syscall_resolve_name_rewrite() -rewriting the syscall number for architectures that modify the syscall. The +rewriting the syscall number for architectures that modify the syscall. Syscall +rewriting typically happens in case of a multiplexed syscall, like +.BR socketcall (2) +or +.BR ipc (2) +on x86. .BR seccomp_syscall_resolve_num_arch() function resolves the syscall number used by the kernel to the commonly used syscall name. @@ -100,6 +105,15 @@ .SH NOTES .\" ////////////////////////////////////////////////////////////////////////// .P +In case of bare syscalls implemented on top of a multiplexed syscall, +.BR seccomp_syscall_resolve_name() +and +.BR seccomp_syscall_resolve_name_arch() +can be used to verify if a bare syscall is implemented for a specific +architecture, while +.BR seccomp_syscall_resolve_name_rewrite() +can be used to determine the underlying multiplexed syscall. +.P While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter generated by libseccomp. diff -Nru libseccomp-2.3.1/include/Makefile.in libseccomp-2.4.1/include/Makefile.in --- libseccomp-2.3.1/include/Makefile.in 2016-04-20 20:11:08.842211388 +0000 +++ libseccomp-2.4.1/include/Makefile.in 2019-04-17 21:02:40.509605027 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -33,7 +33,17 @@ # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -97,15 +107,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = include -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/seccomp.h.in $(include_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/configure.h CONFIG_CLEAN_FILES = seccomp.h @@ -177,6 +187,7 @@ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/seccomp.h.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -192,6 +203,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -206,12 +223,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -238,6 +258,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -290,9 +315,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -317,14 +346,13 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign include/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -417,7 +445,10 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -566,6 +597,8 @@ ps ps-am tags tags-am uninstall uninstall-am \ uninstall-includeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru libseccomp-2.3.1/include/seccomp.h libseccomp-2.4.1/include/seccomp.h --- libseccomp-2.3.1/include/seccomp.h 2016-04-20 20:11:11.437211194 +0000 +++ libseccomp-2.4.1/include/seccomp.h 2019-04-17 21:02:48.349645797 +0000 @@ -36,7 +36,7 @@ */ #define SCMP_VER_MAJOR 2 -#define SCMP_VER_MINOR 3 +#define SCMP_VER_MINOR 4 #define SCMP_VER_MICRO 1 struct scmp_version { @@ -63,6 +63,8 @@ SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */ SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */ SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */ + SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */ + SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */ _SCMP_FLTATR_MAX, }; @@ -185,49 +187,116 @@ #define SCMP_ARCH_S390X AUDIT_ARCH_S390X /** + * The PA-RISC hppa architecture tokens + */ +#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC +#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64 + +/** * Convert a syscall name into the associated syscall number * @param x the syscall name */ #define SCMP_SYS(x) (__NR_##x) +/* Helpers for the argument comparison macros, DO NOT USE directly */ +#define _SCMP_VA_NUM_ARGS(...) _SCMP_VA_NUM_ARGS_IMPL(__VA_ARGS__,2,1) +#define _SCMP_VA_NUM_ARGS_IMPL(_1,_2,N,...) N +#define _SCMP_MACRO_DISPATCHER(func, ...) \ + _SCMP_MACRO_DISPATCHER_IMPL1(func, _SCMP_VA_NUM_ARGS(__VA_ARGS__)) +#define _SCMP_MACRO_DISPATCHER_IMPL1(func, nargs) \ + _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) +#define _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) \ + func ## nargs +#define _SCMP_CMP32_1(x, y, z) \ + SCMP_CMP64(x, y, (uint32_t)(z)) +#define _SCMP_CMP32_2(x, y, z, q) \ + SCMP_CMP64(x, y, (uint32_t)(z), (uint32_t)(q)) + /** - * Specify an argument comparison struct for use in declaring rules + * Specify a 64-bit argument comparison struct for use in declaring rules * @param arg the argument number, starting at 0 * @param op the comparison operator, e.g. SCMP_CMP_* * @param datum_a dependent on comparison * @param datum_b dependent on comparison, optional */ -#define SCMP_CMP(...) ((struct scmp_arg_cmp){__VA_ARGS__}) +#define SCMP_CMP64(...) ((struct scmp_arg_cmp){__VA_ARGS__}) +#define SCMP_CMP SCMP_CMP64 + +/** + * Specify a 32-bit argument comparison struct for use in declaring rules + * @param arg the argument number, starting at 0 + * @param op the comparison operator, e.g. SCMP_CMP_* + * @param datum_a dependent on comparison (32-bits) + * @param datum_b dependent on comparison, optional (32-bits) + */ +#define SCMP_CMP32(x, y, ...) \ + _SCMP_MACRO_DISPATCHER(_SCMP_CMP32_, __VA_ARGS__)(x, y, __VA_ARGS__) + +/** + * Specify a 64-bit argument comparison struct for argument 0 + */ +#define SCMP_A0_64(...) SCMP_CMP64(0, __VA_ARGS__) +#define SCMP_A0 SCMP_A0_64 + +/** + * Specify a 32-bit argument comparison struct for argument 0 + */ +#define SCMP_A0_32(x, ...) SCMP_CMP32(0, x, __VA_ARGS__) /** - * Specify an argument comparison struct for argument 0 + * Specify a 64-bit argument comparison struct for argument 1 */ -#define SCMP_A0(...) SCMP_CMP(0, __VA_ARGS__) +#define SCMP_A1_64(...) SCMP_CMP64(1, __VA_ARGS__) +#define SCMP_A1 SCMP_A1_64 /** - * Specify an argument comparison struct for argument 1 + * Specify a 32-bit argument comparison struct for argument 1 */ -#define SCMP_A1(...) SCMP_CMP(1, __VA_ARGS__) +#define SCMP_A1_32(x, ...) SCMP_CMP32(1, x, __VA_ARGS__) /** - * Specify an argument comparison struct for argument 2 + * Specify a 64-bit argument comparison struct for argument 2 */ -#define SCMP_A2(...) SCMP_CMP(2, __VA_ARGS__) +#define SCMP_A2_64(...) SCMP_CMP64(2, __VA_ARGS__) +#define SCMP_A2 SCMP_A2_64 /** - * Specify an argument comparison struct for argument 3 + * Specify a 32-bit argument comparison struct for argument 2 */ -#define SCMP_A3(...) SCMP_CMP(3, __VA_ARGS__) +#define SCMP_A2_32(x, ...) SCMP_CMP32(2, x, __VA_ARGS__) /** - * Specify an argument comparison struct for argument 4 + * Specify a 64-bit argument comparison struct for argument 3 */ -#define SCMP_A4(...) SCMP_CMP(4, __VA_ARGS__) +#define SCMP_A3_64(...) SCMP_CMP64(3, __VA_ARGS__) +#define SCMP_A3 SCMP_A3_64 /** - * Specify an argument comparison struct for argument 5 + * Specify a 32-bit argument comparison struct for argument 3 */ -#define SCMP_A5(...) SCMP_CMP(5, __VA_ARGS__) +#define SCMP_A3_32(x, ...) SCMP_CMP32(3, x, __VA_ARGS__) + +/** + * Specify a 64-bit argument comparison struct for argument 4 + */ +#define SCMP_A4_64(...) SCMP_CMP64(4, __VA_ARGS__) +#define SCMP_A4 SCMP_A4_64 + +/** + * Specify a 32-bit argument comparison struct for argument 4 + */ +#define SCMP_A4_32(x, ...) SCMP_CMP32(4, x, __VA_ARGS__) + +/** + * Specify a 64-bit argument comparison struct for argument 5 + */ +#define SCMP_A5_64(...) SCMP_CMP64(5, __VA_ARGS__) +#define SCMP_A5 SCMP_A5_64 + +/** + * Specify a 32-bit argument comparison struct for argument 5 + */ +#define SCMP_A5_32(x, ...) SCMP_CMP32(5, x, __VA_ARGS__) /* * seccomp actions @@ -236,7 +305,15 @@ /** * Kill the process */ -#define SCMP_ACT_KILL 0x00000000U +#define SCMP_ACT_KILL_PROCESS 0x80000000U +/** + * Kill the thread + */ +#define SCMP_ACT_KILL_THREAD 0x00000000U +/** + * Kill the thread, defined for backward compatibility + */ +#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD /** * Throw a SIGSYS signal */ @@ -250,6 +327,10 @@ */ #define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU)) /** + * Allow the syscall to be executed after the action has been logged + */ +#define SCMP_ACT_LOG 0x7ffc0000U +/** * Allow the syscall to be executed */ #define SCMP_ACT_ALLOW 0x7fff0000U @@ -268,6 +349,39 @@ const struct scmp_version *seccomp_version(void); /** + * Query the library's level of API support + * + * This function returns an API level value indicating the current supported + * functionality. It is important to note that this level of support is + * determined at runtime and therefore can change based on the running kernel + * and system configuration (e.g. any previously loaded seccomp filters). This + * function can be called multiple times, but it only queries the system the + * first time it is called, the API level is cached and used in subsequent + * calls. + * + * The current API levels are described below: + * 0 : reserved + * 1 : base level + * 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute + * uses the seccomp(2) syscall instead of the prctl(2) syscall + * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute + * support for the SCMP_ACT_LOG action + * support for the SCMP_ACT_KILL_PROCESS action + * + */ +unsigned int seccomp_api_get(void); + +/** + * Set the library's level of API support + * + * This function forcibly sets the API level of the library at runtime. Valid + * API levels are discussed in the description of the seccomp_api_get() + * function. General use of this function is strongly discouraged. + * + */ +int seccomp_api_set(unsigned int level); + +/** * Initialize the filter state * @param def_action the default filter action * @@ -360,8 +474,8 @@ * Any new rules added after this function successfully returns will be added * to this architecture but existing rules will not be added to this * architecture. If the architecture token is SCMP_ARCH_NATIVE then the native - * architecture will be assumed. Returns zero on success, negative values on - * failure. + * architecture will be assumed. Returns zero on success, -EEXIST if + * specified architecture is already present, other negative values on failure. * */ int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token); @@ -1538,11 +1652,6 @@ #define __NR_spu_run __PNR_spu_run #endif /* __NR_spu_run */ -#define __PNR_subpage_prot -10189 -#ifndef __NR_subpage_prot -#define __NR_subpage_prot __PNR_subpage_prot -#endif /* __NR_subpage_prot */ - #define __PNR_swapcontext -10190 #ifndef __NR_swapcontext #define __NR_swapcontext __PNR_swapcontext @@ -1603,6 +1712,60 @@ #define __NR_userfaultfd __PNR_userfaultfd #endif /* __NR_userfaultfd */ +#define __PNR_pkey_mprotect -10201 +#ifndef __NR_pkey_mprotect +#define __NR_pkey_mprotect __PNR_pkey_mprotect +#endif /* __NR_pkey_mprotect */ + +#define __PNR_pkey_alloc -10202 +#ifndef __NR_pkey_alloc +#define __NR_pkey_alloc __PNR_pkey_alloc +#endif /* __NR_pkey_alloc */ + +#define __PNR_pkey_free -10203 +#ifndef __NR_pkey_free +#define __NR_pkey_free __PNR_pkey_free +#endif /* __NR_pkey_free */ + +#define __PNR_get_tls -10204 +#ifndef __NR_get_tls +#ifdef __ARM_NR_get_tls +#define __NR_get_tls __ARM_NR_get_tls +#else +#define __NR_get_tls __PNR_get_tls +#endif +#endif /* __NR_get_tls */ + +#define __PNR_s390_guarded_storage -10205 +#ifndef __NR_s390_guarded_storage +#define __NR_s390_guarded_storage __PNR_s390_guarded_storage +#endif /* __NR_s390_guarded_storage */ + +#define __PNR_s390_sthyi -10206 +#ifndef __NR_s390_sthyi +#define __NR_s390_sthyi __PNR_s390_sthyi +#endif /* __NR_s390_sthyi */ + +#define __PNR_subpage_prot -10207 +#ifndef __NR_subpage_prot +#define __NR_subpage_prot __PNR_subpage_prot +#endif /* __NR_subpage_prot */ + +#define __PNR_statx -10208 +#ifndef __NR_statx +#define __NR_statx __PNR_statx +#endif /* __NR_statx */ + +#define __PNR_io_pgetevents -10209 +#ifndef __NR_io_pgetevents +#define __NR_io_pgetevents __PNR_io_pgetevents +#endif /* __NR_io_pgetevents */ + +#define __PNR_rseq -10210 +#ifndef __NR_rseq +#define __NR_rseq __PNR_rseq +#endif /* __NR_rseq */ + #ifdef __cplusplus } #endif diff -Nru libseccomp-2.3.1/include/seccomp.h.in libseccomp-2.4.1/include/seccomp.h.in --- libseccomp-2.3.1/include/seccomp.h.in 2016-02-18 19:10:17.906171599 +0000 +++ libseccomp-2.4.1/include/seccomp.h.in 2019-04-16 16:19:06.644597099 +0000 @@ -63,6 +63,8 @@ SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */ SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */ SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */ + SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */ + SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */ _SCMP_FLTATR_MAX, }; @@ -185,49 +187,116 @@ #define SCMP_ARCH_S390X AUDIT_ARCH_S390X /** + * The PA-RISC hppa architecture tokens + */ +#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC +#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64 + +/** * Convert a syscall name into the associated syscall number * @param x the syscall name */ #define SCMP_SYS(x) (__NR_##x) +/* Helpers for the argument comparison macros, DO NOT USE directly */ +#define _SCMP_VA_NUM_ARGS(...) _SCMP_VA_NUM_ARGS_IMPL(__VA_ARGS__,2,1) +#define _SCMP_VA_NUM_ARGS_IMPL(_1,_2,N,...) N +#define _SCMP_MACRO_DISPATCHER(func, ...) \ + _SCMP_MACRO_DISPATCHER_IMPL1(func, _SCMP_VA_NUM_ARGS(__VA_ARGS__)) +#define _SCMP_MACRO_DISPATCHER_IMPL1(func, nargs) \ + _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) +#define _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) \ + func ## nargs +#define _SCMP_CMP32_1(x, y, z) \ + SCMP_CMP64(x, y, (uint32_t)(z)) +#define _SCMP_CMP32_2(x, y, z, q) \ + SCMP_CMP64(x, y, (uint32_t)(z), (uint32_t)(q)) + /** - * Specify an argument comparison struct for use in declaring rules + * Specify a 64-bit argument comparison struct for use in declaring rules * @param arg the argument number, starting at 0 * @param op the comparison operator, e.g. SCMP_CMP_* * @param datum_a dependent on comparison * @param datum_b dependent on comparison, optional */ -#define SCMP_CMP(...) ((struct scmp_arg_cmp){__VA_ARGS__}) +#define SCMP_CMP64(...) ((struct scmp_arg_cmp){__VA_ARGS__}) +#define SCMP_CMP SCMP_CMP64 + +/** + * Specify a 32-bit argument comparison struct for use in declaring rules + * @param arg the argument number, starting at 0 + * @param op the comparison operator, e.g. SCMP_CMP_* + * @param datum_a dependent on comparison (32-bits) + * @param datum_b dependent on comparison, optional (32-bits) + */ +#define SCMP_CMP32(x, y, ...) \ + _SCMP_MACRO_DISPATCHER(_SCMP_CMP32_, __VA_ARGS__)(x, y, __VA_ARGS__) + +/** + * Specify a 64-bit argument comparison struct for argument 0 + */ +#define SCMP_A0_64(...) SCMP_CMP64(0, __VA_ARGS__) +#define SCMP_A0 SCMP_A0_64 + +/** + * Specify a 32-bit argument comparison struct for argument 0 + */ +#define SCMP_A0_32(x, ...) SCMP_CMP32(0, x, __VA_ARGS__) /** - * Specify an argument comparison struct for argument 0 + * Specify a 64-bit argument comparison struct for argument 1 */ -#define SCMP_A0(...) SCMP_CMP(0, __VA_ARGS__) +#define SCMP_A1_64(...) SCMP_CMP64(1, __VA_ARGS__) +#define SCMP_A1 SCMP_A1_64 /** - * Specify an argument comparison struct for argument 1 + * Specify a 32-bit argument comparison struct for argument 1 */ -#define SCMP_A1(...) SCMP_CMP(1, __VA_ARGS__) +#define SCMP_A1_32(x, ...) SCMP_CMP32(1, x, __VA_ARGS__) /** - * Specify an argument comparison struct for argument 2 + * Specify a 64-bit argument comparison struct for argument 2 */ -#define SCMP_A2(...) SCMP_CMP(2, __VA_ARGS__) +#define SCMP_A2_64(...) SCMP_CMP64(2, __VA_ARGS__) +#define SCMP_A2 SCMP_A2_64 /** - * Specify an argument comparison struct for argument 3 + * Specify a 32-bit argument comparison struct for argument 2 */ -#define SCMP_A3(...) SCMP_CMP(3, __VA_ARGS__) +#define SCMP_A2_32(x, ...) SCMP_CMP32(2, x, __VA_ARGS__) /** - * Specify an argument comparison struct for argument 4 + * Specify a 64-bit argument comparison struct for argument 3 */ -#define SCMP_A4(...) SCMP_CMP(4, __VA_ARGS__) +#define SCMP_A3_64(...) SCMP_CMP64(3, __VA_ARGS__) +#define SCMP_A3 SCMP_A3_64 /** - * Specify an argument comparison struct for argument 5 + * Specify a 32-bit argument comparison struct for argument 3 */ -#define SCMP_A5(...) SCMP_CMP(5, __VA_ARGS__) +#define SCMP_A3_32(x, ...) SCMP_CMP32(3, x, __VA_ARGS__) + +/** + * Specify a 64-bit argument comparison struct for argument 4 + */ +#define SCMP_A4_64(...) SCMP_CMP64(4, __VA_ARGS__) +#define SCMP_A4 SCMP_A4_64 + +/** + * Specify a 32-bit argument comparison struct for argument 4 + */ +#define SCMP_A4_32(x, ...) SCMP_CMP32(4, x, __VA_ARGS__) + +/** + * Specify a 64-bit argument comparison struct for argument 5 + */ +#define SCMP_A5_64(...) SCMP_CMP64(5, __VA_ARGS__) +#define SCMP_A5 SCMP_A5_64 + +/** + * Specify a 32-bit argument comparison struct for argument 5 + */ +#define SCMP_A5_32(x, ...) SCMP_CMP32(5, x, __VA_ARGS__) /* * seccomp actions @@ -236,7 +305,15 @@ /** * Kill the process */ -#define SCMP_ACT_KILL 0x00000000U +#define SCMP_ACT_KILL_PROCESS 0x80000000U +/** + * Kill the thread + */ +#define SCMP_ACT_KILL_THREAD 0x00000000U +/** + * Kill the thread, defined for backward compatibility + */ +#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD /** * Throw a SIGSYS signal */ @@ -250,6 +327,10 @@ */ #define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU)) /** + * Allow the syscall to be executed after the action has been logged + */ +#define SCMP_ACT_LOG 0x7ffc0000U +/** * Allow the syscall to be executed */ #define SCMP_ACT_ALLOW 0x7fff0000U @@ -268,6 +349,39 @@ const struct scmp_version *seccomp_version(void); /** + * Query the library's level of API support + * + * This function returns an API level value indicating the current supported + * functionality. It is important to note that this level of support is + * determined at runtime and therefore can change based on the running kernel + * and system configuration (e.g. any previously loaded seccomp filters). This + * function can be called multiple times, but it only queries the system the + * first time it is called, the API level is cached and used in subsequent + * calls. + * + * The current API levels are described below: + * 0 : reserved + * 1 : base level + * 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute + * uses the seccomp(2) syscall instead of the prctl(2) syscall + * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute + * support for the SCMP_ACT_LOG action + * support for the SCMP_ACT_KILL_PROCESS action + * + */ +unsigned int seccomp_api_get(void); + +/** + * Set the library's level of API support + * + * This function forcibly sets the API level of the library at runtime. Valid + * API levels are discussed in the description of the seccomp_api_get() + * function. General use of this function is strongly discouraged. + * + */ +int seccomp_api_set(unsigned int level); + +/** * Initialize the filter state * @param def_action the default filter action * @@ -360,8 +474,8 @@ * Any new rules added after this function successfully returns will be added * to this architecture but existing rules will not be added to this * architecture. If the architecture token is SCMP_ARCH_NATIVE then the native - * architecture will be assumed. Returns zero on success, negative values on - * failure. + * architecture will be assumed. Returns zero on success, -EEXIST if + * specified architecture is already present, other negative values on failure. * */ int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token); @@ -1538,11 +1652,6 @@ #define __NR_spu_run __PNR_spu_run #endif /* __NR_spu_run */ -#define __PNR_subpage_prot -10189 -#ifndef __NR_subpage_prot -#define __NR_subpage_prot __PNR_subpage_prot -#endif /* __NR_subpage_prot */ - #define __PNR_swapcontext -10190 #ifndef __NR_swapcontext #define __NR_swapcontext __PNR_swapcontext @@ -1603,6 +1712,60 @@ #define __NR_userfaultfd __PNR_userfaultfd #endif /* __NR_userfaultfd */ +#define __PNR_pkey_mprotect -10201 +#ifndef __NR_pkey_mprotect +#define __NR_pkey_mprotect __PNR_pkey_mprotect +#endif /* __NR_pkey_mprotect */ + +#define __PNR_pkey_alloc -10202 +#ifndef __NR_pkey_alloc +#define __NR_pkey_alloc __PNR_pkey_alloc +#endif /* __NR_pkey_alloc */ + +#define __PNR_pkey_free -10203 +#ifndef __NR_pkey_free +#define __NR_pkey_free __PNR_pkey_free +#endif /* __NR_pkey_free */ + +#define __PNR_get_tls -10204 +#ifndef __NR_get_tls +#ifdef __ARM_NR_get_tls +#define __NR_get_tls __ARM_NR_get_tls +#else +#define __NR_get_tls __PNR_get_tls +#endif +#endif /* __NR_get_tls */ + +#define __PNR_s390_guarded_storage -10205 +#ifndef __NR_s390_guarded_storage +#define __NR_s390_guarded_storage __PNR_s390_guarded_storage +#endif /* __NR_s390_guarded_storage */ + +#define __PNR_s390_sthyi -10206 +#ifndef __NR_s390_sthyi +#define __NR_s390_sthyi __PNR_s390_sthyi +#endif /* __NR_s390_sthyi */ + +#define __PNR_subpage_prot -10207 +#ifndef __NR_subpage_prot +#define __NR_subpage_prot __PNR_subpage_prot +#endif /* __NR_subpage_prot */ + +#define __PNR_statx -10208 +#ifndef __NR_statx +#define __NR_statx __PNR_statx +#endif /* __NR_statx */ + +#define __PNR_io_pgetevents -10209 +#ifndef __NR_io_pgetevents +#define __NR_io_pgetevents __PNR_io_pgetevents +#endif /* __NR_io_pgetevents */ + +#define __PNR_rseq -10210 +#ifndef __NR_rseq +#define __NR_rseq __PNR_rseq +#endif /* __NR_rseq */ + #ifdef __cplusplus } #endif diff -Nru libseccomp-2.3.1/m4/ax_code_coverage.m4 libseccomp-2.4.1/m4/ax_code_coverage.m4 --- libseccomp-2.3.1/m4/ax_code_coverage.m4 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/m4/ax_code_coverage.m4 2018-12-03 23:53:10.177309028 +0000 @@ -0,0 +1,264 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_code_coverage.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CODE_COVERAGE() +# +# DESCRIPTION +# +# Defines CODE_COVERAGE_CPPFLAGS, CODE_COVERAGE_CFLAGS, +# CODE_COVERAGE_CXXFLAGS and CODE_COVERAGE_LIBS which should be included +# in the CPPFLAGS, CFLAGS CXXFLAGS and LIBS/LIBADD variables of every +# build target (program or library) which should be built with code +# coverage support. Also defines CODE_COVERAGE_RULES which should be +# substituted in your Makefile; and $enable_code_coverage which can be +# used in subsequent configure output. CODE_COVERAGE_ENABLED is defined +# and substituted, and corresponds to the value of the +# --enable-code-coverage option, which defaults to being disabled. +# +# Test also for gcov program and create GCOV variable that could be +# substituted. +# +# Note that all optimisation flags in CFLAGS must be disabled when code +# coverage is enabled. +# +# Usage example: +# +# configure.ac: +# +# AX_CODE_COVERAGE +# +# Makefile.am: +# +# @CODE_COVERAGE_RULES@ +# my_program_LIBS = ... $(CODE_COVERAGE_LIBS) ... +# my_program_CPPFLAGS = ... $(CODE_COVERAGE_CPPFLAGS) ... +# my_program_CFLAGS = ... $(CODE_COVERAGE_CFLAGS) ... +# my_program_CXXFLAGS = ... $(CODE_COVERAGE_CXXFLAGS) ... +# +# This results in a "check-code-coverage" rule being added to any +# Makefile.am which includes "@CODE_COVERAGE_RULES@" (assuming the module +# has been configured with --enable-code-coverage). Running `make +# check-code-coverage` in that directory will run the module's test suite +# (`make check`) and build a code coverage report detailing the code which +# was touched, then print the URI for the report. +# +# In earlier versions of this macro, CODE_COVERAGE_LDFLAGS was defined +# instead of CODE_COVERAGE_LIBS. They are both still defined, but use of +# CODE_COVERAGE_LIBS is preferred for clarity; CODE_COVERAGE_LDFLAGS is +# deprecated. They have the same value. +# +# This code was derived from Makefile.decl in GLib, originally licenced +# under LGPLv2.1+. +# +# LICENSE +# +# Copyright (c) 2012, 2016 Philip Withnall +# Copyright (c) 2012 Xan Lopez +# Copyright (c) 2012 Christian Persch +# Copyright (c) 2012 Paolo Borelli +# Copyright (c) 2012 Dan Winship +# Copyright (c) 2015 Bastien ROUCARIES +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or (at +# your option) any later version. +# +# This library is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +#serial 20 + +AC_DEFUN([AX_CODE_COVERAGE],[ + dnl Check for --enable-code-coverage + AC_REQUIRE([AC_PROG_SED]) + + # allow to override gcov location + AC_ARG_WITH([gcov], + [AS_HELP_STRING([--with-gcov[=GCOV]], [use given GCOV for coverage (GCOV=gcov).])], + [_AX_CODE_COVERAGE_GCOV_PROG_WITH=$with_gcov], + [_AX_CODE_COVERAGE_GCOV_PROG_WITH=gcov]) + + AC_MSG_CHECKING([whether to build with code coverage support]) + AC_ARG_ENABLE([code-coverage], + AS_HELP_STRING([--enable-code-coverage], + [Whether to enable code coverage support]),, + enable_code_coverage=no) + + AM_CONDITIONAL([CODE_COVERAGE_ENABLED], [test x$enable_code_coverage = xyes]) + AC_SUBST([CODE_COVERAGE_ENABLED], [$enable_code_coverage]) + AC_MSG_RESULT($enable_code_coverage) + + AS_IF([ test "$enable_code_coverage" = "yes" ], [ + # check for gcov + AC_CHECK_TOOL([GCOV], + [$_AX_CODE_COVERAGE_GCOV_PROG_WITH], + [:]) + AS_IF([test "X$GCOV" = "X:"], + [AC_MSG_ERROR([gcov is needed to do coverage])]) + AC_SUBST([GCOV]) + + dnl Check if gcc is being used + AS_IF([ test "$GCC" = "no" ], [ + AC_MSG_ERROR([not compiling with gcc, which is required for gcov code coverage]) + ]) + + AC_CHECK_PROG([LCOV], [lcov], [lcov]) + AC_CHECK_PROG([GENHTML], [genhtml], [genhtml]) + + AS_IF([ test -z "$LCOV" ], [ + AC_MSG_ERROR([To enable code coverage reporting you must have lcov installed]) + ]) + + AS_IF([ test -z "$GENHTML" ], [ + AC_MSG_ERROR([Could not find genhtml from the lcov package]) + ]) + + dnl Build the code coverage flags + dnl Define CODE_COVERAGE_LDFLAGS for backwards compatibility + CODE_COVERAGE_CPPFLAGS="-DNDEBUG" + CODE_COVERAGE_CFLAGS="-O0 -g -fprofile-arcs -ftest-coverage" + CODE_COVERAGE_CXXFLAGS="-O0 -g -fprofile-arcs -ftest-coverage" + CODE_COVERAGE_LIBS="-lgcov" + CODE_COVERAGE_LDFLAGS="$CODE_COVERAGE_LIBS" + + AC_SUBST([CODE_COVERAGE_CPPFLAGS]) + AC_SUBST([CODE_COVERAGE_CFLAGS]) + AC_SUBST([CODE_COVERAGE_CXXFLAGS]) + AC_SUBST([CODE_COVERAGE_LIBS]) + AC_SUBST([CODE_COVERAGE_LDFLAGS]) + + [CODE_COVERAGE_RULES_CHECK=' + -$(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) -k check + $(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) code-coverage-capture +'] + [CODE_COVERAGE_RULES_CAPTURE=' + $(code_coverage_v_lcov_cap)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --capture --output-file "$(CODE_COVERAGE_OUTPUT_FILE).tmp" --test-name "$(call code_coverage_sanitize,$(PACKAGE_NAME)-$(PACKAGE_VERSION))" --no-checksum --compat-libtool $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_OPTIONS) + $(code_coverage_v_lcov_ign)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --remove "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "/tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN) --output-file "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_RMOPTS) + -@rm -f $(CODE_COVERAGE_OUTPUT_FILE).tmp + $(code_coverage_v_genhtml)LANG=C $(GENHTML) $(code_coverage_quiet) $(addprefix --prefix ,$(CODE_COVERAGE_DIRECTORY)) --output-directory "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" --title "$(PACKAGE_NAME)-$(PACKAGE_VERSION) Code Coverage" --legend --show-details "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_GENHTML_OPTIONS) + @echo "file://$(abs_builddir)/$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html" +'] + [CODE_COVERAGE_RULES_CLEAN=' +clean: code-coverage-clean +distclean: code-coverage-clean +code-coverage-clean: + -$(LCOV) --directory $(top_builddir) -z + -rm -rf $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_FILE).tmp $(CODE_COVERAGE_OUTPUT_DIRECTORY) + -find . \( -name "*.gcda" -o -name "*.gcno" -o -name "*.gcov" \) -delete +'] + ], [ + [CODE_COVERAGE_RULES_CHECK=' + @echo "Need to reconfigure with --enable-code-coverage" +'] + CODE_COVERAGE_RULES_CAPTURE="$CODE_COVERAGE_RULES_CHECK" + CODE_COVERAGE_RULES_CLEAN='' + ]) + +[CODE_COVERAGE_RULES=' +# Code coverage +# +# Optional: +# - CODE_COVERAGE_DIRECTORY: Top-level directory for code coverage reporting. +# Multiple directories may be specified, separated by whitespace. +# (Default: $(top_builddir)) +# - CODE_COVERAGE_OUTPUT_FILE: Filename and path for the .info file generated +# by lcov for code coverage. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info) +# - CODE_COVERAGE_OUTPUT_DIRECTORY: Directory for generated code coverage +# reports to be created. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage) +# - CODE_COVERAGE_BRANCH_COVERAGE: Set to 1 to enforce branch coverage, +# set to 0 to disable it and leave empty to stay with the default. +# (Default: empty) +# - CODE_COVERAGE_LCOV_SHOPTS_DEFAULT: Extra options shared between both lcov +# instances. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE) +# - CODE_COVERAGE_LCOV_SHOPTS: Extra options to shared between both lcov +# instances. (Default: $CODE_COVERAGE_LCOV_SHOPTS_DEFAULT) +# - CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH: --gcov-tool pathtogcov +# - CODE_COVERAGE_LCOV_OPTIONS_DEFAULT: Extra options to pass to the +# collecting lcov instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH) +# - CODE_COVERAGE_LCOV_OPTIONS: Extra options to pass to the collecting lcov +# instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_DEFAULT) +# - CODE_COVERAGE_LCOV_RMOPTS_DEFAULT: Extra options to pass to the filtering +# lcov instance. (Default: empty) +# - CODE_COVERAGE_LCOV_RMOPTS: Extra options to pass to the filtering lcov +# instance. (Default: $CODE_COVERAGE_LCOV_RMOPTS_DEFAULT) +# - CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT: Extra options to pass to the +# genhtml instance. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE) +# - CODE_COVERAGE_GENHTML_OPTIONS: Extra options to pass to the genhtml +# instance. (Default: $CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT) +# - CODE_COVERAGE_IGNORE_PATTERN: Extra glob pattern of files to ignore +# +# The generated report will be titled using the $(PACKAGE_NAME) and +# $(PACKAGE_VERSION). In order to add the current git hash to the title, +# use the git-version-gen script, available online. + +# Optional variables +CODE_COVERAGE_DIRECTORY ?= $(top_builddir) +CODE_COVERAGE_OUTPUT_FILE ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info +CODE_COVERAGE_OUTPUT_DIRECTORY ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage +CODE_COVERAGE_BRANCH_COVERAGE ?= +CODE_COVERAGE_LCOV_SHOPTS_DEFAULT ?= $(if $(CODE_COVERAGE_BRANCH_COVERAGE),\ +--rc lcov_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +CODE_COVERAGE_LCOV_SHOPTS ?= $(CODE_COVERAGE_LCOV_SHOPTS_DEFAULT) +CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH ?= --gcov-tool "$(GCOV)" +CODE_COVERAGE_LCOV_OPTIONS_DEFAULT ?= $(CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH) +CODE_COVERAGE_LCOV_OPTIONS ?= $(CODE_COVERAGE_LCOV_OPTIONS_DEFAULT) +CODE_COVERAGE_LCOV_RMOPTS_DEFAULT ?= +CODE_COVERAGE_LCOV_RMOPTS ?= $(CODE_COVERAGE_LCOV_RMOPTS_DEFAULT) +CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=\ +$(if $(CODE_COVERAGE_BRANCH_COVERAGE),\ +--rc genhtml_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULTS) +CODE_COVERAGE_IGNORE_PATTERN ?= + +code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V)) +code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_lcov_cap_0 = @echo " LCOV --capture"\ + $(CODE_COVERAGE_OUTPUT_FILE); +code_coverage_v_lcov_ign = $(code_coverage_v_lcov_ign_$(V)) +code_coverage_v_lcov_ign_ = $(code_coverage_v_lcov_ign_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_lcov_ign_0 = @echo " LCOV --remove /tmp/*"\ + $(CODE_COVERAGE_IGNORE_PATTERN); +code_coverage_v_genhtml = $(code_coverage_v_genhtml_$(V)) +code_coverage_v_genhtml_ = $(code_coverage_v_genhtml_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_genhtml_0 = @echo " GEN " $(CODE_COVERAGE_OUTPUT_DIRECTORY); +code_coverage_quiet = $(code_coverage_quiet_$(V)) +code_coverage_quiet_ = $(code_coverage_quiet_$(AM_DEFAULT_VERBOSITY)) +code_coverage_quiet_0 = --quiet + +# sanitizes the test-name: replaces with underscores: dashes and dots +code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1))) + +# Use recursive makes in order to ignore errors during check +check-code-coverage:'"$CODE_COVERAGE_RULES_CHECK"' + +# Capture code coverage data +code-coverage-capture: code-coverage-capture-hook'"$CODE_COVERAGE_RULES_CAPTURE"' + +# Hook rule executed before code-coverage-capture, overridable by the user +code-coverage-capture-hook: + +'"$CODE_COVERAGE_RULES_CLEAN"' + +GITIGNOREFILES ?= +GITIGNOREFILES += $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) + +A''M_DISTCHECK_CONFIGURE_FLAGS ?= +A''M_DISTCHECK_CONFIGURE_FLAGS += --disable-code-coverage + +.PHONY: check-code-coverage code-coverage-capture code-coverage-capture-hook code-coverage-clean +'] + + AC_SUBST([CODE_COVERAGE_RULES]) + m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([CODE_COVERAGE_RULES])]) +]) diff -Nru libseccomp-2.3.1/m4/libtool.m4 libseccomp-2.4.1/m4/libtool.m4 --- libseccomp-2.3.1/m4/libtool.m4 2016-04-20 19:52:22.251295705 +0000 +++ libseccomp-2.4.1/m4/libtool.m4 2019-04-17 21:02:35.702913364 +0000 @@ -1,6 +1,6 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # -# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. +# Copyright (C) 1996-2001, 2003-2018 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -219,8 +219,8 @@ ofile=libtool can_build_shared=yes -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). +# All known linkers require a '.a' archive for static linking (except MSVC and +# ICC, which need '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld @@ -1042,8 +1042,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1493,9 +1493,22 @@ m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} _LT_DECL([], [AR], [1], [The archiver]) -_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) + +# Use ARFLAGS variable as AR's operation code to sync the variable naming with +# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have +# higher priority because thats what people were doing historically (setting +# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS +# variable obsoleted/removed. + +test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr} +lt_ar_flags=$AR_FLAGS +_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)]) + +# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override +# by AR_FLAGS because that was never working and AR_FLAGS is about to die. +_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}], + [Flags to create an archive]) AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [lt_cv_ar_at_file=no @@ -2207,26 +2220,35 @@ striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - AC_MSG_RESULT([yes]) +if test -z "$STRIP"; then + AC_MSG_RESULT([no]) else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then + if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) + else + case $host_os in + darwin*) + # FIXME - insert some real tests, host_os isn't really good enough striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) - else + ;; + freebsd*) + if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) AC_MSG_RESULT([no]) - fi - ;; - *) - AC_MSG_RESULT([no]) - ;; - esac + ;; + esac + fi fi _LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) _LT_DECL([], [striplib], [1]) @@ -2565,8 +2587,8 @@ dynamic_linker='Win32 ld.exe' ;; - *,cl*) - # Native MSVC + *,cl* | *,icl*) + # Native MSVC or ICC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' @@ -2622,7 +2644,7 @@ ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; @@ -2666,14 +2688,7 @@ *) objformat=elf ;; esac fi - # Handle Gentoo/FreeBSD as it was Linux - case $host_vendor in - gentoo) - version_type=linux ;; - *) - version_type=freebsd-$objformat ;; - esac - + version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' @@ -2685,12 +2700,6 @@ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; - linux) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - need_lib_prefix=no - need_version=no - ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in @@ -4023,7 +4032,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, + # Also find C++ and __fastcall symbols from MSVC++ or ICC, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ @@ -4932,7 +4941,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi ;; pw32*) @@ -4940,7 +4949,7 @@ ;; cygwin* | mingw* | cegcc*) case $cc_basename in - cl*) + cl* | icl*) _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' ;; *) @@ -4997,15 +5006,15 @@ case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time + # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) + # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC) with_gnu_ld=yes ;; openbsd* | bitrig*) @@ -5169,6 +5178,7 @@ emximp -o $lib $output_objdir/$libname.def' _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' ;; interix[[3-9]]*) @@ -5386,7 +5396,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no @@ -5569,12 +5579,12 @@ cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in - cl*) - # Native MSVC + cl* | icl*) + # Native MSVC or ICC _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes @@ -5615,7 +5625,7 @@ fi' ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. @@ -5874,6 +5884,7 @@ emximp -o $lib $output_objdir/$libname.def' _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' ;; osf3*) @@ -6644,8 +6655,8 @@ cygwin* | mingw* | pw32* | cegcc*) case $GXX,$cc_basename in - ,cl* | no,cl*) - # Native MSVC + ,cl* | no,cl* | ,icl* | no,icl*) + # Native MSVC or ICC # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' @@ -6743,6 +6754,7 @@ emximp -o $lib $output_objdir/$libname.def' _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' ;; dgux*) diff -Nru libseccomp-2.3.1/m4/lt~obsolete.m4 libseccomp-2.4.1/m4/lt~obsolete.m4 --- libseccomp-2.3.1/m4/lt~obsolete.m4 2016-04-20 19:52:22.291295702 +0000 +++ libseccomp-2.4.1/m4/lt~obsolete.m4 2019-04-17 21:02:35.739580221 +0000 @@ -1,6 +1,6 @@ # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software +# Copyright (C) 2004-2005, 2007, 2009, 2011-2018 Free Software # Foundation, Inc. # Written by Scott James Remnant, 2004. # diff -Nru libseccomp-2.3.1/m4/ltoptions.m4 libseccomp-2.4.1/m4/ltoptions.m4 --- libseccomp-2.3.1/m4/ltoptions.m4 2016-04-20 19:52:22.259295704 +0000 +++ libseccomp-2.4.1/m4/ltoptions.m4 2019-04-17 21:02:35.712913416 +0000 @@ -1,6 +1,6 @@ # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software +# Copyright (C) 2004-2005, 2007-2009, 2011-2018 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 # diff -Nru libseccomp-2.3.1/m4/ltsugar.m4 libseccomp-2.4.1/m4/ltsugar.m4 --- libseccomp-2.3.1/m4/ltsugar.m4 2016-04-20 19:52:22.268295703 +0000 +++ libseccomp-2.4.1/m4/ltsugar.m4 2019-04-17 21:02:35.719580118 +0000 @@ -1,6 +1,6 @@ # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # -# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software +# Copyright (C) 2004-2005, 2007-2008, 2011-2018 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 # diff -Nru libseccomp-2.3.1/m4/ltversion.m4 libseccomp-2.4.1/m4/ltversion.m4 --- libseccomp-2.3.1/m4/ltversion.m4 2016-04-20 19:52:22.279295703 +0000 +++ libseccomp-2.4.1/m4/ltversion.m4 2019-04-17 21:02:35.729580169 +0000 @@ -1,6 +1,6 @@ # ltversion.m4 -- version numbers -*- Autoconf -*- # -# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. +# Copyright (C) 2004, 2011-2018 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives @@ -9,15 +9,15 @@ # @configure_input@ -# serial 4179 ltversion.m4 +# serial 4221 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4.6]) -m4_define([LT_PACKAGE_REVISION], [2.4.6]) +m4_define([LT_PACKAGE_VERSION], [2.4.6.42-b88ce]) +m4_define([LT_PACKAGE_REVISION], [2.4.6.42]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4.6' -macro_revision='2.4.6' +[macro_version='2.4.6.42-b88ce' +macro_revision='2.4.6.42' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff -Nru libseccomp-2.3.1/Makefile.am libseccomp-2.4.1/Makefile.am --- libseccomp-2.3.1/Makefile.am 2016-02-26 19:48:23.837463269 +0000 +++ libseccomp-2.4.1/Makefile.am 2018-12-03 23:53:10.173975678 +0000 @@ -22,7 +22,9 @@ pkgconfdir = ${libdir}/pkgconfig pkgconf_DATA = libseccomp.pc -EXTRA_DIST = CHANGELOG CREDITS LICENSE README SUBMITTING_PATCHES +EXTRA_DIST = \ + CHANGELOG CREDITS LICENSE \ + README.md CONTRIBUTING.md RELEASE_PROCESS.md # support silent builds AM_MAKEFLAGS_0 = --quiet --no-print-directory @@ -30,6 +32,9 @@ AM_MAKEFLAGS_ = ${AM_MAKEFLAGS_0} AM_MAKEFLAGS = ${AM_MAKEFLAGS_@AM_V@} +# enable python during distcheck +AM_DISTCHECK_CONFIGURE_FLAGS = --enable-python + check-build: all ${MAKE} ${AM_MAKEFLAGS} -C src check-build ${MAKE} ${AM_MAKEFLAGS} -C tests check-build @@ -37,6 +42,20 @@ check-syntax: @./tools/check-syntax +if CODE_COVERAGE_ENABLED +check-code-coverage: check-build + ${MAKE} ${AM_MAKEFLAGS} -C tests check-code-coverage +endif + +if CODE_COVERAGE_ENABLED +test-code-coverage: check-build + ${MAKE} ${AM_MAKEFLAGS} -C src check-code-coverage + LIBSECCOMP_TSTCFG_TYPE=basic \ + ${MAKE} ${AM_MAKEFLAGS} check-code-coverage + LIBSECCOMP_TSTCFG_TYPE=bpf-sim \ + ${MAKE} ${AM_MAKEFLAGS} check-code-coverage +endif + if COVERITY coverity-build: clean cov-build --dir cov-int ${MAKE} ${AM_MAKEFLAGS} check-build @@ -56,5 +75,17 @@ ls -l libseccomp-coverity_$$rev.tar.gz endif +help: + @echo "libseccomp build system" + @echo " make targets:" + @echo " (none): build the library" + @echo " clean: remove all build artifacts" + @echo " check: run the automated regression tests" + @echo " check-build: build the library and all tests" + @echo " check-syntax: verify the code style" + @echo " distcheck: verify the build for distribution" + @echo " dist-gzip: build a release tarball" + @echo " coverity-tarball: build a tarball for use with Coverity (opt)" + clean-local: ${RM} -rf cov-int libseccomp-coverity_*.tar.gz diff -Nru libseccomp-2.3.1/Makefile.in libseccomp-2.4.1/Makefile.in --- libseccomp-2.3.1/Makefile.in 2016-04-20 20:11:08.800211391 +0000 +++ libseccomp-2.4.1/Makefile.in 2019-04-17 21:02:40.462938118 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -33,7 +33,17 @@ # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -97,25 +107,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = . -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) \ - $(srcdir)/configure.h.in $(srcdir)/libseccomp.pc.in README \ - build-aux/ar-lib build-aux/compile build-aux/config.guess \ - build-aux/config.sub build-aux/depcomp build-aux/install-sh \ - build-aux/missing build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/ar-lib $(top_srcdir)/build-aux/compile \ - $(top_srcdir)/build-aux/config.guess \ - $(top_srcdir)/build-aux/config.sub \ - $(top_srcdir)/build-aux/install-sh \ - $(top_srcdir)/build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -185,7 +185,7 @@ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - cscope distdir dist dist-all distcheck + cscope distdir distdir-am dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ $(LISP)configure.h.in # Read a list of newline-separated strings from the standard input, @@ -208,6 +208,16 @@ CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/configure.h.in \ + $(srcdir)/libseccomp.pc.in $(top_srcdir)/build-aux/ar-lib \ + $(top_srcdir)/build-aux/compile \ + $(top_srcdir)/build-aux/config.guess \ + $(top_srcdir)/build-aux/config.sub \ + $(top_srcdir)/build-aux/install-sh \ + $(top_srcdir)/build-aux/ltmain.sh \ + $(top_srcdir)/build-aux/missing build-aux/ar-lib \ + build-aux/compile build-aux/config.guess build-aux/config.sub \ + build-aux/install-sh build-aux/ltmain.sh build-aux/missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -264,6 +274,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -278,12 +294,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -310,6 +329,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -362,9 +386,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -377,13 +405,19 @@ SUBDIRS = include src tools tests doc pkgconfdir = ${libdir}/pkgconfig pkgconf_DATA = libseccomp.pc -EXTRA_DIST = CHANGELOG CREDITS LICENSE README SUBMITTING_PATCHES +EXTRA_DIST = \ + CHANGELOG CREDITS LICENSE \ + README.md CONTRIBUTING.md RELEASE_PROCESS.md + # support silent builds AM_MAKEFLAGS_0 = --quiet --no-print-directory AM_MAKEFLAGS_1 = AM_MAKEFLAGS_ = ${AM_MAKEFLAGS_0} AM_MAKEFLAGS = ${AM_MAKEFLAGS_@AM_V@} + +# enable python during distcheck +AM_DISTCHECK_CONFIGURE_FLAGS = --enable-python all: configure.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -403,15 +437,14 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -576,7 +609,10 @@ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -641,7 +677,7 @@ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -657,17 +693,17 @@ $(am__post_remove_distdir) dist-tarZ: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -685,7 +721,7 @@ distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -695,23 +731,23 @@ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=.. --prefix="$$dc_install_base" \ + --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -892,6 +928,8 @@ ps ps-am tags tags-am uninstall uninstall-am \ uninstall-pkgconfDATA +.PRECIOUS: Makefile + check-build: all ${MAKE} ${AM_MAKEFLAGS} -C src check-build @@ -900,6 +938,16 @@ check-syntax: @./tools/check-syntax +@CODE_COVERAGE_ENABLED_TRUE@check-code-coverage: check-build +@CODE_COVERAGE_ENABLED_TRUE@ ${MAKE} ${AM_MAKEFLAGS} -C tests check-code-coverage + +@CODE_COVERAGE_ENABLED_TRUE@test-code-coverage: check-build +@CODE_COVERAGE_ENABLED_TRUE@ ${MAKE} ${AM_MAKEFLAGS} -C src check-code-coverage +@CODE_COVERAGE_ENABLED_TRUE@ LIBSECCOMP_TSTCFG_TYPE=basic \ +@CODE_COVERAGE_ENABLED_TRUE@ ${MAKE} ${AM_MAKEFLAGS} check-code-coverage +@CODE_COVERAGE_ENABLED_TRUE@ LIBSECCOMP_TSTCFG_TYPE=bpf-sim \ +@CODE_COVERAGE_ENABLED_TRUE@ ${MAKE} ${AM_MAKEFLAGS} check-code-coverage + @COVERITY_TRUE@coverity-build: clean @COVERITY_TRUE@ cov-build --dir cov-int ${MAKE} ${AM_MAKEFLAGS} check-build @@ -915,6 +963,18 @@ @COVERITY_TRUE@ echo " HEAD revision: $$rev_full"; \ @COVERITY_TRUE@ ls -l libseccomp-coverity_$$rev.tar.gz +help: + @echo "libseccomp build system" + @echo " make targets:" + @echo " (none): build the library" + @echo " clean: remove all build artifacts" + @echo " check: run the automated regression tests" + @echo " check-build: build the library and all tests" + @echo " check-syntax: verify the code style" + @echo " distcheck: verify the build for distribution" + @echo " dist-gzip: build a release tarball" + @echo " coverity-tarball: build a tarball for use with Coverity (opt)" + clean-local: ${RM} -rf cov-int libseccomp-coverity_*.tar.gz diff -Nru libseccomp-2.3.1/README libseccomp-2.4.1/README --- libseccomp-2.3.1/README 2015-08-13 01:12:39.830522758 +0000 +++ libseccomp-2.4.1/README 1970-01-01 00:00:00.000000000 +0000 @@ -1,65 +0,0 @@ -libseccomp: An Enhanced Seccomp (mode 2) Helper Library -=============================================================================== -https://github.com/seccomp/libseccomp - -The libseccomp library provides an easy to use, platform independent, interface -to the Linux Kernel's syscall filtering mechanism. The libseccomp API is -designed to abstract away the underlying BPF based syscall filter language and -present a more conventional function-call based filtering interface that should -be familiar to, and easily adopted by, application developers. - -* Online Resources - -The library source repository currently lives on GitHub at the following URL: - - -> https://github.com/seccomp/libseccomp - -The project mailing list is currently hosted on Google Groups at the URL below, -please note that a Google account is not required to subscribe to the mailing -list. - - -> https://groups.google.com/forum/#!forum/libseccomp - -> https://groups.google.com/forum/#!forum/libseccomp/join - -* Documentation - -The "doc/" directory contains all of the currently available documentation, -mostly in the form of manpages. The top level directory also contains a README -file (this file) as well as the LICENSE, CREDITS, SUBMITTING_PATCHES, and -CHANGELOG files. - -Those who are interested in contributing to the the project are encouraged to -read the SUBMITTING_PATCHES in the top level directory. - -* Building and Installing the Library - -If you are building the libseccomp library from an official release tarball, -you should follow the familiar three step process used by most autotools based -applications: - - # ./configure - # make [V=0|1] - # make install - -However, if you are building the library from sources retrieved from the source -repository you may need to run the autogen.sh script before running configure. -In both cases, running "./configure -h" will display a list of build-time -configuration options. - -* Testing the Library - -There are a number of tests located in the "tests/" directory and a make target -which can be used to help automate their execution. If you want to run the -standard regression tests you can execute the following after building the -library: - - # make check - -Be warned that the test run can take a while to run and produces a lot of -output. - -* Other Useful Tools - -The "tools/" directory includes a number of tools which may be helpful in the -development of the library, or applications using the library. Not all of -these tools are installed by default. diff -Nru libseccomp-2.3.1/README.md libseccomp-2.4.1/README.md --- libseccomp-2.3.1/README.md 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/README.md 2018-12-03 23:53:10.173975678 +0000 @@ -0,0 +1,113 @@ +![Enhanced Seccomp Helper Library](https://github.com/seccomp/libseccomp-artwork/blob/master/logo/libseccomp-color_text.png) +=============================================================================== +https://github.com/seccomp/libseccomp + +[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/608/badge)](https://bestpractices.coreinfrastructure.org/projects/608) +[![Build Status](https://img.shields.io/travis/seccomp/libseccomp/master.svg)](https://travis-ci.org/seccomp/libseccomp) +[![Coverage Status](https://img.shields.io/coveralls/github/seccomp/libseccomp/master.svg)](https://coveralls.io/github/seccomp/libseccomp?branch=master) + +The libseccomp library provides an easy to use, platform independent, interface +to the Linux Kernel's syscall filtering mechanism. The libseccomp API is +designed to abstract away the underlying BPF based syscall filter language and +present a more conventional function-call based filtering interface that should +be familiar to, and easily adopted by, application developers. + +## Online Resources + +The library source repository currently lives on GitHub at the following URL: + +* https://github.com/seccomp/libseccomp + +The Go language bindings repository currently lives on GitHub at the following +URL: + +* https://github.com/seccomp/libseccomp-golang + +The project mailing list is currently hosted on Google Groups at the URL below, +please note that a Google account is not required to subscribe to the mailing +list. + +* https://groups.google.com/forum/#!forum/libseccomp +* https://groups.google.com/forum/#!forum/libseccomp/join + +## Supported Architectures + +The libseccomp library currently supports the architectures listed below: + +* 32-bit x86 (x86) +* 64-bit x86 (x86_64) +* 64-bit x86 x32 ABI (x32) +* 32-bit ARM EABI (arm) +* 64-bit ARM (aarch64) +* 32-bit MIPS (mips) +* 32-bit MIPS little endian (mipsel) +* 64-bit MIPS (mips64) +* 64-bit MIPS little endian (mipsel64) +* 64-bit MIPS n32 ABI (mips64n32) +* 64-bit MIPS n32 ABI little endian (mipsel64n32) +* 32-bit PA-RISC (parisc) +* 64-bit PA-RISC (parisc64) +* 32-bit PowerPC (ppc) +* 64-bit PowerPC (ppc64) +* 64-bit PowerPC little endian (ppc64le) +* 32-bit s390 (s390) +* 64-bit s390x (s390x) + +## Documentation + +The "doc/" directory contains all of the currently available documentation, +mostly in the form of manpages. The top level directory also contains a README +file (this file) as well as the LICENSE, CREDITS, CONTRIBUTING, and +CHANGELOG files. + +Those who are interested in contributing to the the project are encouraged to +read the CONTRIBUTING in the top level directory. + +## Building and Installing the Library + +If you are building the libseccomp library from an official release tarball, +you should follow the familiar three step process used by most autotools based +applications: + + # ./configure + # make [V=0|1] + # make install + +However, if you are building the library from sources retrieved from the source +repository you may need to run the autogen.sh script before running configure. +In both cases, running "./configure -h" will display a list of build-time +configuration options. + +## Testing the Library + +There are a number of tests located in the "tests/" directory and a make target +which can be used to help automate their execution. If you want to run the +standard regression tests you can execute the following after building the +library: + + # make check + +These tests can be safely run on any Linux system, even those where the kernel +does not support seccomp-bpf (seccomp mode 2). However, be warned that the +test run can take a while to run and produces a lot of output. + +The generated seccomp-bpf filters can be tested on a live system using the +"live" tests; they can be executed using the following commands: + + # make check-build + # (cd tests; ./regression -T live) + +These tests will fail if the running Linux Kernel does not provide the +necessary support. + +## Developer Tools + +The "tools/" directory includes a number of tools which may be helpful in the +development of the library, or applications using the library. Not all of +these tools are installed by default. + +## Bug and Vulnerability Reporting + +Problems with the libseccomp library can be reported using the GitHub issue +tracking system or the mailing list. Those who wish to privately report +potential vulnerabilities can send mail to paul@paul-moore.com. diff -Nru libseccomp-2.3.1/RELEASE_PROCESS.md libseccomp-2.4.1/RELEASE_PROCESS.md --- libseccomp-2.3.1/RELEASE_PROCESS.md 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/RELEASE_PROCESS.md 2018-12-03 23:53:10.173975678 +0000 @@ -0,0 +1,97 @@ +The libseccomp Release Process +=============================================================================== +https://github.com/seccomp/libseccomp + +This is the process that should be followed when creating a new libseccomp +release. + +#### 1. Verify that all issues assigned to the release milestone have been resolved + + * https://github.com/seccomp/libseccomp/milestones + +#### 2. Verify that the syntax/style meets the guidelines + + # make check-syntax + +#### 3. Verify that the bundled test suite runs without error + + # ./autogen.sh + # ./configure --enable-python + # make check + # (cd tests; ./regression -T live) + +#### 4. Verify that the packaging is correct + + # make distcheck + +#### 5. Verify that there are no outstanding defects from Coverity + + # make coverity-tarball + + + ... or ... + + # git push -f coverity-scan + + +#### 6. Perform any distribution test builds + + * Fedora Rawhide + * Red Hat Enterprise Linux + * etc. + +#### 7. If any problems were found up to this point that resulted in code changes, restart the process + +#### 8. Update the CREDITS file with any new contributors + + # ./doc/credits_updater > CREDITS + + ... the results can be sanity checked with the following git command: + + # git log --pretty=format:"%aN <%aE>" | sort -u + +#### 9. Update the CHANGELOG file with significant changes since the last release + +#### 10. If this is a new major/minor release, create new 'release-X.Y' branch + + # stg branch -c "release-X.Y" + + ... or ... + + # git branch "release-X.Y" + +#### 11. Update the version number in configure.ac AC_INIT(...) macro + +#### 12. Tag the release in the repository with a signed tag + + # git tag -s -m "version X.Y.Z" vX.Y.Z + # git push --tags + +#### 13. Build final release tarball + + # make clean + # ./autogen.sh + # make dist-gzip + +#### 14. Verify the release tarball in a separate directory + + + # ./configure --enable-python + # make check + # (cd tests; ./regression -T live) + +#### 15. Generate a checksum for the release tarball + + # sha256sum > libseccomp-X.Y.Z.tar.gz.SHA256SUM + +#### 16. GPG sign the release tarball and checksum using the maintainer's key + + # gpg --armor --detach-sign libseccomp-X.Y.Z.tar.gz + # gpg --clearsign libseccomp-X.Y.Z.tar.gz.SHA256SUM + +#### 17. Create a new GitHub release using the associated tag; added the relevant section from the CHANGELOG file, and upload the following files + + * libseccomp-X.Y.Z.tar.gz + * libseccomp-X.Y.Z.tar.gz.asc + * libseccomp-X.Y.Z.tar.gz.SHA256SUM + * libseccomp-X.Y.Z.tar.gz.SHA256SUM.asc diff -Nru libseccomp-2.3.1/src/api.c libseccomp-2.4.1/src/api.c --- libseccomp-2.3.1/src/api.c 2016-02-18 19:13:30.296157200 +0000 +++ libseccomp-2.4.1/src/api.c 2019-04-16 16:19:06.654597151 +0000 @@ -44,6 +44,8 @@ .micro = SCMP_VER_MICRO, }; +unsigned int seccomp_api_level = 0; + /** * Validate a filter context * @param ctx the filter context @@ -65,13 +67,52 @@ * syscall appears valid, negative values on failure. * */ -static int _syscall_valid(int syscall) +static int _syscall_valid(const struct db_filter_col *col, int syscall) { + /* syscall -1 is used by tracers to skip the syscall */ + if (col->attr.api_tskip && syscall == -1) + return 0; if (syscall <= -1 && syscall >= -99) return -EINVAL; return 0; } +/** + * Update the API level + * + * This function performs a series of tests to determine what functionality is + * supported given the current running environment (kernel, etc.). It is + * important to note that this function only does meaningful checks the first + * time it is run, the resulting API level is cached after this first run and + * used for all subsequent calls. The API level value is returned. + * + */ +static unsigned int _seccomp_api_update(void) +{ + unsigned int level = 1; + + /* if seccomp_api_level > 0 then it's already been set, we're done */ + if (seccomp_api_level >= 1) + return seccomp_api_level; + + /* NOTE: level 1 is the base level, start checking at 2 */ + + /* level 2 */ + if (sys_chk_seccomp_syscall() && + sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC) == 1) + level = 2; + + /* level 3 */ + if (level == 2 && + sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_LOG) == 1 && + sys_chk_seccomp_action(SCMP_ACT_LOG) == 1) + level = 3; + + /* update the stored api level and return */ + seccomp_api_level = level; + return seccomp_api_level; +} + /* NOTE - function header comment in include/seccomp.h */ API const struct scmp_version *seccomp_version(void) { @@ -79,6 +120,46 @@ } /* NOTE - function header comment in include/seccomp.h */ +API unsigned int seccomp_api_get(void) +{ + /* update the api level, if needed */ + return _seccomp_api_update(); +} + +/* NOTE - function header comment in include/seccomp.h */ +API int seccomp_api_set(unsigned int level) +{ + switch (level) { + case 1: + sys_set_seccomp_syscall(false); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC, false); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_LOG, false); + sys_set_seccomp_action(SCMP_ACT_LOG, false); + sys_set_seccomp_action(SCMP_ACT_KILL_PROCESS, false); + break; + case 2: + sys_set_seccomp_syscall(true); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC, true); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_LOG, false); + sys_set_seccomp_action(SCMP_ACT_LOG, false); + sys_set_seccomp_action(SCMP_ACT_KILL_PROCESS, false); + break; + case 3: + sys_set_seccomp_syscall(true); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC, true); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_LOG, true); + sys_set_seccomp_action(SCMP_ACT_LOG, true); + sys_set_seccomp_action(SCMP_ACT_KILL_PROCESS, true); + break; + default: + return -EINVAL; + } + + seccomp_api_level = level; + return 0; +} + +/* NOTE - function header comment in include/seccomp.h */ API scmp_filter_ctx seccomp_init(uint32_t def_action) { if (db_action_valid(def_action) < 0) @@ -168,14 +249,12 @@ if (arch_token == 0) arch_token = arch_def_native->token; - if (arch_valid(arch_token)) + arch = arch_def_lookup(arch_token); + if (arch == NULL) return -EINVAL; if (db_col_arch_exist(col, arch_token)) return -EEXIST; - arch = arch_def_lookup(arch_token); - if (arch == NULL) - return -EFAULT; return db_col_db_new(col, arch); } @@ -311,7 +390,7 @@ { struct db_filter_col *col = (struct db_filter_col *)ctx; - if (db_col_valid(col) || _syscall_valid(syscall)) + if (db_col_valid(col) || _syscall_valid(col, syscall)) return -EINVAL; return db_col_syscall_priority(col, syscall, priority); @@ -331,7 +410,7 @@ if (arg_cnt > 0 && arg_array == NULL) return -EINVAL; - if (db_col_valid(col) || _syscall_valid(syscall)) + if (db_col_valid(col) || _syscall_valid(col, syscall)) return -EINVAL; rc = db_action_valid(action); @@ -380,7 +459,7 @@ if (arg_cnt > 0 && arg_array == NULL) return -EINVAL; - if (db_col_valid(col) || _syscall_valid(syscall)) + if (db_col_valid(col) || _syscall_valid(col, syscall)) return -EINVAL; rc = db_action_valid(action); diff -Nru libseccomp-2.3.1/src/arch-aarch64.h libseccomp-2.4.1/src/arch-aarch64.h --- libseccomp-2.3.1/src/arch-aarch64.h 2016-02-11 18:32:39.774670411 +0000 +++ libseccomp-2.4.1/src/arch-aarch64.h 2019-04-16 16:19:07.074599338 +0000 @@ -32,5 +32,6 @@ int aarch64_syscall_resolve_name(const char *name); const char *aarch64_syscall_resolve_num(int num); -const char *aarch64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *aarch64_syscall_iterate(unsigned int spot); + #endif diff -Nru libseccomp-2.3.1/src/arch-aarch64-syscalls.c libseccomp-2.4.1/src/arch-aarch64-syscalls.c --- libseccomp-2.3.1/src/arch-aarch64-syscalls.c 2016-02-19 16:05:36.999890615 +0000 +++ libseccomp-2.4.1/src/arch-aarch64-syscalls.c 2019-04-16 16:19:06.677930606 +0000 @@ -26,7 +26,7 @@ #include "arch.h" #include "arch-aarch64.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def aarch64_syscall_table[] = { \ { "_llseek", __PNR__llseek }, { "_newselect", __PNR__newselect }, @@ -122,6 +122,7 @@ { "get_mempolicy", 236 }, { "get_robust_list", 100 }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", 168 }, { "getcwd", 17 }, { "getdents", __PNR_getdents }, @@ -167,6 +168,7 @@ { "io_cancel", 3 }, { "io_destroy", 1 }, { "io_getevents", 4 }, + { "io_pgetevents", 292 }, { "io_setup", 0 }, { "io_submit", 2 }, { "ioctl", 29 }, @@ -176,7 +178,7 @@ { "ioprio_set", 30 }, { "ipc", __PNR_ipc }, { "kcmp", 272 }, - { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_file_load", 294 }, { "kexec_load", 104 }, { "keyctl", 219 }, { "kill", 129 }, @@ -254,11 +256,15 @@ { "pipe", __PNR_pipe }, { "pipe2", 59 }, { "pivot_root", 41 }, + { "pkey_alloc", 289 }, + { "pkey_free", 290 }, + { "pkey_mprotect", 288 }, { "poll", __PNR_poll }, { "ppoll", 73 }, { "prctl", 167 }, { "pread64", 67 }, { "preadv", 69 }, + { "preadv2", 286 }, { "prlimit64", 261 }, { "process_vm_readv", 270 }, { "process_vm_writev", 271 }, @@ -269,6 +275,7 @@ { "putpmsg", __PNR_putpmsg }, { "pwrite64", 68 }, { "pwritev", 70 }, + { "pwritev2", 287 }, { "query_module", __PNR_query_module }, { "quotactl", 60 }, { "read", 63 }, @@ -290,6 +297,7 @@ { "request_key", 218 }, { "restart_syscall", 128 }, { "rmdir", __PNR_rmdir }, + { "rseq", 293 }, { "rt_sigaction", 134 }, { "rt_sigpending", 136 }, { "rt_sigprocmask", 135 }, @@ -299,9 +307,11 @@ { "rt_sigtimedwait", 137 }, { "rt_tgsigqueueinfo", 240 }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", 125 }, { "sched_get_priority_min", 126 }, { "sched_getaffinity", 123 }, @@ -387,6 +397,7 @@ { "stat64", __PNR_stat64 }, { "statfs", 43 }, { "statfs64", __PNR_statfs64 }, + { "statx", 291 }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -502,15 +513,15 @@ /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *aarch64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *aarch64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return aarch64_syscall_table[spot].name; + return &aarch64_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-arm.h libseccomp-2.4.1/src/arch-arm.h --- libseccomp-2.3.1/src/arch-arm.h 2016-02-11 18:32:39.775670411 +0000 +++ libseccomp-2.4.1/src/arch-arm.h 2019-04-16 16:19:07.084599389 +0000 @@ -32,6 +32,6 @@ int arm_syscall_resolve_name(const char *name); const char *arm_syscall_resolve_num(int num); -const char *arm_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *arm_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-arm-syscalls.c libseccomp-2.4.1/src/arch-arm-syscalls.c --- libseccomp-2.3.1/src/arch-arm-syscalls.c 2016-02-19 16:05:36.999890615 +0000 +++ libseccomp-2.4.1/src/arch-arm-syscalls.c 2019-04-16 16:19:06.701264061 +0000 @@ -37,7 +37,7 @@ #define __SCMP_NR_BASE __SCMP_NR_OABI_SYSCALL_BASE #endif -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def arm_syscall_table[] = { \ /* NOTE: arm_sync_file_range() and sync_file_range2() share values */ { "_llseek", (__SCMP_NR_BASE + 140) }, @@ -134,6 +134,7 @@ { "get_mempolicy", (__SCMP_NR_BASE + 320) }, { "get_robust_list", (__SCMP_NR_BASE + 339) }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 6)) }, { "getcpu", (__SCMP_NR_BASE + 345) }, { "getcwd", (__SCMP_NR_BASE + 183) }, { "getdents", (__SCMP_NR_BASE + 141) }, @@ -179,6 +180,7 @@ { "io_cancel", (__SCMP_NR_BASE + 247) }, { "io_destroy", (__SCMP_NR_BASE + 244) }, { "io_getevents", (__SCMP_NR_BASE + 245) }, + { "io_pgetevents", (__SCMP_NR_BASE + 399) }, { "io_setup", (__SCMP_NR_BASE + 243) }, { "io_submit", (__SCMP_NR_BASE + 246) }, { "ioctl", (__SCMP_NR_BASE + 54) }, @@ -266,11 +268,15 @@ { "pipe", (__SCMP_NR_BASE + 42) }, { "pipe2", (__SCMP_NR_BASE + 359) }, { "pivot_root", (__SCMP_NR_BASE + 218) }, + { "pkey_alloc", (__SCMP_NR_BASE + 395) }, + { "pkey_free", (__SCMP_NR_BASE + 396) }, + { "pkey_mprotect", (__SCMP_NR_BASE + 394) }, { "poll", (__SCMP_NR_BASE + 168) }, { "ppoll", (__SCMP_NR_BASE + 336) }, { "prctl", (__SCMP_NR_BASE + 172) }, { "pread64", (__SCMP_NR_BASE + 180) }, { "preadv", (__SCMP_NR_BASE + 361) }, + { "preadv2", (__SCMP_NR_BASE + 392) }, { "prlimit64", (__SCMP_NR_BASE + 369) }, { "process_vm_readv", (__SCMP_NR_BASE + 376) }, { "process_vm_writev", (__SCMP_NR_BASE + 377) }, @@ -281,6 +287,7 @@ { "putpmsg", __PNR_putpmsg }, { "pwrite64", (__SCMP_NR_BASE + 181) }, { "pwritev", (__SCMP_NR_BASE + 362) }, + { "pwritev2", (__SCMP_NR_BASE + 393) }, { "query_module", __PNR_query_module }, { "quotactl", (__SCMP_NR_BASE + 131) }, { "read", (__SCMP_NR_BASE + 3) }, @@ -302,6 +309,7 @@ { "request_key", (__SCMP_NR_BASE + 310) }, { "restart_syscall", (__SCMP_NR_BASE + 0) }, { "rmdir", (__SCMP_NR_BASE + 40) }, + { "rseq", (__SCMP_NR_BASE + 398) }, { "rt_sigaction", (__SCMP_NR_BASE + 174) }, { "rt_sigpending", (__SCMP_NR_BASE + 176) }, { "rt_sigprocmask", (__SCMP_NR_BASE + 175) }, @@ -311,9 +319,11 @@ { "rt_sigtimedwait", (__SCMP_NR_BASE + 177) }, { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 363) }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", (__SCMP_NR_BASE + 159) }, { "sched_get_priority_min", (__SCMP_NR_BASE + 160) }, { "sched_getaffinity", (__SCMP_NR_BASE + 242) }, @@ -399,6 +409,7 @@ { "stat64", (__SCMP_NR_BASE + 195) }, { "statfs", (__SCMP_NR_BASE + 99) }, { "statfs64", (__SCMP_NR_BASE + 266) }, + { "statx", (__SCMP_NR_BASE + 397) }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -513,15 +524,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *arm_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *arm_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return arm_syscall_table[spot].name; + return &arm_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch.c libseccomp-2.4.1/src/arch.c --- libseccomp-2.3.1/src/arch.c 2016-02-11 18:32:37.551670577 +0000 +++ libseccomp-2.4.1/src/arch.c 2019-04-16 16:19:06.714597464 +0000 @@ -1,7 +1,7 @@ /** * Enhanced Seccomp Architecture/Machine Specific Code * - * Copyright (c) 2012 Red Hat + * Copyright (c) 2012,2018 Red Hat * Author: Paul Moore */ @@ -38,6 +38,7 @@ #include "arch-mips.h" #include "arch-mips64.h" #include "arch-mips64n32.h" +#include "arch-parisc.h" #include "arch-ppc.h" #include "arch-ppc64.h" #include "arch-s390.h" @@ -45,8 +46,6 @@ #include "db.h" #include "system.h" -#define default_arg_count_max 6 - #define default_arg_offset(x) (offsetof(struct seccomp_data, args[x])) #if __i386__ @@ -79,6 +78,10 @@ #elif __MIPSEL__ const struct arch_def *arch_def_native = &arch_def_mipsel64n32; #endif /* _MIPS_SIM_NABI32 */ +#elif __hppa64__ /* hppa64 must be checked before hppa */ +const struct arch_def *arch_def_native = &arch_def_parisc64; +#elif __hppa__ +const struct arch_def *arch_def_native = &arch_def_parisc; #elif __PPC64__ #ifdef __BIG_ENDIAN__ const struct arch_def *arch_def_native = &arch_def_ppc64; @@ -139,6 +142,10 @@ return &arch_def_mips64n32; case SCMP_ARCH_MIPSEL64N32: return &arch_def_mipsel64n32; + case SCMP_ARCH_PARISC: + return &arch_def_parisc; + case SCMP_ARCH_PARISC64: + return &arch_def_parisc64; case SCMP_ARCH_PPC: return &arch_def_ppc; case SCMP_ARCH_PPC64: @@ -185,6 +192,10 @@ return &arch_def_mips64n32; else if (strcmp(arch_name, "mipsel64n32") == 0) return &arch_def_mipsel64n32; + else if (strcmp(arch_name, "parisc64") == 0) + return &arch_def_parisc64; + else if (strcmp(arch_name, "parisc") == 0) + return &arch_def_parisc; else if (strcmp(arch_name, "ppc") == 0) return &arch_def_ppc; else if (strcmp(arch_name, "ppc64") == 0) @@ -200,19 +211,6 @@ } /** - * Determine the maximum number of syscall arguments - * @param arch the architecture definition - * - * Determine the maximum number of syscall arguments for the given architecture. - * Returns the number of arguments on success, negative values on failure. - * - */ -int arch_arg_count_max(const struct arch_def *arch) -{ - return (arch_valid(arch->token) == 0 ? default_arg_count_max : -EDOM); -} - -/** * Determine the argument offset for the lower 32 bits * @param arch the architecture definition * @param arg the argument number @@ -332,6 +330,10 @@ int sc_num; const char *sc_name; + /* special handling for syscall -1 */ + if (*syscall == -1) + return 0; + if (arch->token != arch_def_native->token) { sc_name = arch_syscall_resolve_num(arch_def_native, *syscall); if (sc_name == NULL) @@ -362,10 +364,10 @@ { int sys = *syscall; - if (sys >= 0) { + if (sys >= -1) { /* we shouldn't be here - no rewrite needed */ return 0; - } else if (sys < 0 && sys > -100) { + } else if (sys < -1 && sys > -100) { /* reserved values */ return -EINVAL; } else if (sys <= -100 && sys > -10000) { @@ -382,13 +384,8 @@ /** * Add a new rule to the specified filter - * @param col the filter collection * @param db the seccomp filter db - * @param strict the strict flag - * @param action the filter action - * @param syscall the syscall number - * @param chain_len the number of argument filters in the argument filter chain - * @param chain the argument filter chain + * @param strict the rule * * This function adds a new argument/comparison/value to the seccomp filter for * a syscall; multiple arguments can be specified and they will be chained @@ -398,76 +395,44 @@ * function needs to adjust the rule due to architecture specifics. Returns * zero on success, negative values on failure. * + * It is important to note that in the case of failure the db may be corrupted, + * the caller must use the transaction mechanism if the db integrity is + * important. + * */ -int arch_filter_rule_add(struct db_filter_col *col, struct db_filter *db, - bool strict, uint32_t action, int syscall, - unsigned int chain_len, struct db_api_arg *chain) -{ - int rc; - size_t chain_size = sizeof(*chain) * chain_len; - struct db_api_rule_list *rule, *rule_tail; +int arch_filter_rule_add(struct db_filter *db, + const struct db_api_rule_list *rule) +{ + int rc = 0; + int syscall; + struct db_api_rule_list *rule_dup = NULL; - /* ensure we aren't using any reserved syscall values */ - if (syscall < 0 && syscall > -100) - return -EINVAL; + /* create our own rule that we can munge */ + rule_dup = db_rule_dup(rule); + if (rule_dup == NULL) + return -ENOMEM; /* translate the syscall */ - rc = arch_syscall_translate(db->arch, &syscall); + rc = arch_syscall_translate(db->arch, &rule_dup->syscall); if (rc < 0) - return rc; - - /* copy of the chain for each filter in the collection */ - rule = malloc(sizeof(*rule)); - if (rule == NULL) - return -ENOMEM; - rule->args = malloc(chain_size); - if (rule->args == NULL) { - free(rule); - return -ENOMEM; - } - rule->action = action; - rule->syscall = syscall; - rule->args_cnt = chain_len; - memcpy(rule->args, chain, chain_size); - rule->prev = NULL; - rule->next = NULL; + goto rule_add_return; + syscall = rule_dup->syscall; /* add the new rule to the existing filter */ - if (db->arch->rule_add == NULL) { - /* negative syscalls require a db->arch->rule_add() function */ - if (syscall < 0 && strict) { + if (syscall == -1 || db->arch->rule_add == NULL) { + /* syscalls < -1 require a db->arch->rule_add() function */ + if (syscall < -1 && rule_dup->strict) { rc = -EDOM; - goto rule_add_failure; - } - rc = db_rule_add(db, rule); - } else - rc = (db->arch->rule_add)(col, db, strict, rule); - if (rc == 0) { - /* insert the chain to the end of the filter's rule list */ - rule_tail = rule; - while (rule_tail->next) - rule_tail = rule_tail->next; - if (db->rules != NULL) { - rule->prev = db->rules->prev; - rule_tail->next = db->rules; - db->rules->prev->next = rule; - db->rules->prev = rule_tail; - } else { - rule->prev = rule_tail; - rule_tail->next = rule; - db->rules = rule; + goto rule_add_return; } + rc = db_rule_add(db, rule_dup); } else - goto rule_add_failure; - - return 0; + rc = (db->arch->rule_add)(db, rule_dup); -rule_add_failure: - do { - rule_tail = rule; - rule = rule->next; - free(rule_tail->args); - free(rule_tail); - } while (rule); +rule_add_return: + /* NOTE: another reminder that we don't do any db error recovery here, + * use the transaction mechanism as previously mentioned */ + if (rule_dup != NULL) + free(rule_dup); return rc; } diff -Nru libseccomp-2.3.1/src/arch.h libseccomp-2.4.1/src/arch.h --- libseccomp-2.3.1/src/arch.h 2016-02-19 19:24:11.025998940 +0000 +++ libseccomp-2.4.1/src/arch.h 2019-04-16 16:19:07.094599442 +0000 @@ -53,27 +53,13 @@ int (*syscall_resolve_name)(const char *name); const char *(*syscall_resolve_num)(int num); int (*syscall_rewrite)(int *syscall); - int (*rule_add)(struct db_filter_col *col, struct db_filter *db, - bool strict, struct db_api_rule_list *rule); + int (*rule_add)(struct db_filter *db, struct db_api_rule_list *rule); }; /* arch_def for the current architecture */ extern const struct arch_def *arch_def_native; -/* NOTE: Syscall mappings can be found by running the following commands - * on the specific architecture's include file: - * # gcc -E -dM | grep '__NR_' - * where in many cases is /usr/include/asm/unistd.h, however, - * depending on the architecture you may need to use a different header. - * Further, you can automatically format this list for use as a struct - * initializer with the following command: - * # gcc -E -dM | grep '__NR_' | \ - * sed -e 's/#define[ \t]\+__NR_//' | sort | \ - * sed -e 's/\([^ \t]\+\)\([ \t]\+\)\([0-9]\+\)/\t{ \"\1\", \3 },/' - * Finally, when creating a table/array of this structure, the final - * sentinel entry should be "{ NULL, __NR_SCMP_ERROR }"; see the existing - * tables as an example. - */ +/* syscall name/num mapping */ struct arch_syscall_def { const char *name; unsigned int num; @@ -90,8 +76,6 @@ const struct arch_def *arch_def_lookup(uint32_t token); const struct arch_def *arch_def_lookup_name(const char *arch_name); -int arch_arg_count_max(const struct arch_def *arch); - int arch_arg_offset_lo(const struct arch_def *arch, unsigned int arg); int arch_arg_offset_hi(const struct arch_def *arch, unsigned int arg); int arch_arg_offset(const struct arch_def *arch, unsigned int arg); @@ -102,8 +86,7 @@ int arch_syscall_translate(const struct arch_def *arch, int *syscall); int arch_syscall_rewrite(const struct arch_def *arch, int *syscall); -int arch_filter_rule_add(struct db_filter_col *col, struct db_filter *db, - bool strict, uint32_t action, int syscall, - unsigned int chain_len, struct db_api_arg *chain); +int arch_filter_rule_add(struct db_filter *db, + const struct db_api_rule_list *rule); #endif diff -Nru libseccomp-2.3.1/src/arch-mips64.h libseccomp-2.4.1/src/arch-mips64.h --- libseccomp-2.3.1/src/arch-mips64.h 2016-02-11 18:32:39.775670411 +0000 +++ libseccomp-2.4.1/src/arch-mips64.h 2019-04-16 16:19:07.101266143 +0000 @@ -34,6 +34,6 @@ int mips64_syscall_resolve_name(const char *name); const char *mips64_syscall_resolve_num(int num); -const char *mips64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *mips64_syscall_iterate(unsigned int spot); #endif \ No newline at end of file diff -Nru libseccomp-2.3.1/src/arch-mips64n32.h libseccomp-2.4.1/src/arch-mips64n32.h --- libseccomp-2.3.1/src/arch-mips64n32.h 2016-02-11 18:32:39.775670411 +0000 +++ libseccomp-2.4.1/src/arch-mips64n32.h 2019-04-16 16:19:07.107932845 +0000 @@ -34,6 +34,6 @@ int mips64n32_syscall_resolve_name(const char *name); const char *mips64n32_syscall_resolve_num(int num); -const char *mips64n32_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *mips64n32_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-mips64n32-syscalls.c libseccomp-2.4.1/src/arch-mips64n32-syscalls.c --- libseccomp-2.3.1/src/arch-mips64n32-syscalls.c 2016-02-19 16:05:36.999890615 +0000 +++ libseccomp-2.4.1/src/arch-mips64n32-syscalls.c 2019-04-16 16:19:06.744597620 +0000 @@ -30,7 +30,7 @@ /* N32 ABI */ #define __SCMP_NR_BASE 6000 -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def mips64n32_syscall_table[] = { \ { "_llseek", __PNR__llseek }, { "_newselect", (__SCMP_NR_BASE + 22) }, @@ -126,6 +126,7 @@ { "get_mempolicy", (__SCMP_NR_BASE + 232) }, { "get_robust_list", (__SCMP_NR_BASE + 273) }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", (__SCMP_NR_BASE + 275) }, { "getcwd", (__SCMP_NR_BASE + 77) }, { "getdents", (__SCMP_NR_BASE + 76) }, @@ -171,6 +172,7 @@ { "io_cancel", (__SCMP_NR_BASE + 204) }, { "io_destroy", (__SCMP_NR_BASE + 201) }, { "io_getevents", (__SCMP_NR_BASE + 202) }, + { "io_pgetevents", (__SCMP_NR_BASE + 332) }, { "io_setup", (__SCMP_NR_BASE + 200) }, { "io_submit", (__SCMP_NR_BASE + 203) }, { "ioctl", (__SCMP_NR_BASE + 15) }, @@ -258,11 +260,15 @@ { "pipe", (__SCMP_NR_BASE + 21) }, { "pipe2", (__SCMP_NR_BASE + 291) }, { "pivot_root", (__SCMP_NR_BASE + 151) }, + { "pkey_alloc", (__SCMP_NR_BASE + 328) }, + { "pkey_free", (__SCMP_NR_BASE + 329) }, + { "pkey_mprotect", (__SCMP_NR_BASE + 327) }, { "poll", (__SCMP_NR_BASE + 7) }, { "ppoll", (__SCMP_NR_BASE + 265) }, { "prctl", (__SCMP_NR_BASE + 153) }, { "pread64", (__SCMP_NR_BASE + 16) }, { "preadv", (__SCMP_NR_BASE + 293) }, + { "preadv2", (__SCMP_NR_BASE + 325) }, { "prlimit64", (__SCMP_NR_BASE + 302) }, { "process_vm_readv", (__SCMP_NR_BASE + 309) }, { "process_vm_writev", (__SCMP_NR_BASE + 310) }, @@ -273,6 +279,7 @@ { "putpmsg", (__SCMP_NR_BASE + 175) }, { "pwrite64", (__SCMP_NR_BASE + 17) }, { "pwritev", (__SCMP_NR_BASE + 294) }, + { "pwritev2", (__SCMP_NR_BASE + 326) }, { "query_module", (__SCMP_NR_BASE + 171) }, { "quotactl", (__SCMP_NR_BASE + 172) }, { "read", (__SCMP_NR_BASE + 0) }, @@ -294,6 +301,7 @@ { "request_key", (__SCMP_NR_BASE + 244) }, { "restart_syscall", (__SCMP_NR_BASE + 214) }, { "rmdir", (__SCMP_NR_BASE + 82) }, + { "rseq", (__SCMP_NR_BASE + 331) }, { "rt_sigaction", (__SCMP_NR_BASE + 13) }, { "rt_sigpending", (__SCMP_NR_BASE + 125) }, { "rt_sigprocmask", (__SCMP_NR_BASE + 14) }, @@ -303,9 +311,11 @@ { "rt_sigtimedwait", (__SCMP_NR_BASE + 126) }, { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 295) }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", (__SCMP_NR_BASE + 143) }, { "sched_get_priority_min", (__SCMP_NR_BASE + 144) }, { "sched_getaffinity", (__SCMP_NR_BASE + 196) }, @@ -391,6 +401,7 @@ { "stat64", __PNR_stat64 }, { "statfs", (__SCMP_NR_BASE + 134) }, { "statfs64", (__SCMP_NR_BASE + 217) }, + { "statx", (__SCMP_NR_BASE + 330) }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -505,15 +516,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *mips64n32_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *mips64n32_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return mips64n32_syscall_table[spot].name; + return &mips64n32_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-mips64-syscalls.c libseccomp-2.4.1/src/arch-mips64-syscalls.c --- libseccomp-2.3.1/src/arch-mips64-syscalls.c 2016-02-19 16:05:36.999890615 +0000 +++ libseccomp-2.4.1/src/arch-mips64-syscalls.c 2019-04-16 16:19:06.761264373 +0000 @@ -30,7 +30,7 @@ /* 64 ABI */ #define __SCMP_NR_BASE 5000 -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def mips64_syscall_table[] = { \ { "_llseek", __PNR__llseek }, { "_newselect", (__SCMP_NR_BASE + 22) }, @@ -126,6 +126,7 @@ { "get_mempolicy", (__SCMP_NR_BASE + 228) }, { "get_robust_list", (__SCMP_NR_BASE + 269) }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", (__SCMP_NR_BASE + 271) }, { "getcwd", (__SCMP_NR_BASE + 77) }, { "getdents", (__SCMP_NR_BASE + 76) }, @@ -171,6 +172,7 @@ { "io_cancel", (__SCMP_NR_BASE + 204) }, { "io_destroy", (__SCMP_NR_BASE + 201) }, { "io_getevents", (__SCMP_NR_BASE + 202) }, + { "io_pgetevents", (__SCMP_NR_BASE + 328) }, { "io_setup", (__SCMP_NR_BASE + 200) }, { "io_submit", (__SCMP_NR_BASE + 203) }, { "ioctl", (__SCMP_NR_BASE + 15) }, @@ -258,11 +260,15 @@ { "pipe", (__SCMP_NR_BASE + 21) }, { "pipe2", (__SCMP_NR_BASE + 287) }, { "pivot_root", (__SCMP_NR_BASE + 151) }, + { "pkey_alloc", (__SCMP_NR_BASE + 324) }, + { "pkey_free", (__SCMP_NR_BASE + 325) }, + { "pkey_mprotect", (__SCMP_NR_BASE + 323) }, { "poll", (__SCMP_NR_BASE + 7) }, { "ppoll", (__SCMP_NR_BASE + 261) }, { "prctl", (__SCMP_NR_BASE + 153) }, { "pread64", (__SCMP_NR_BASE + 16) }, { "preadv", (__SCMP_NR_BASE + 289) }, + { "preadv2", (__SCMP_NR_BASE + 321) }, { "prlimit64", (__SCMP_NR_BASE + 297) }, { "process_vm_readv", (__SCMP_NR_BASE + 304) }, { "process_vm_writev", (__SCMP_NR_BASE + 305) }, @@ -273,6 +279,7 @@ { "putpmsg", (__SCMP_NR_BASE + 175) }, { "pwrite64", (__SCMP_NR_BASE + 17) }, { "pwritev", (__SCMP_NR_BASE + 290) }, + { "pwritev2", (__SCMP_NR_BASE + 322) }, { "query_module", (__SCMP_NR_BASE + 171) }, { "quotactl", (__SCMP_NR_BASE + 172) }, { "read", (__SCMP_NR_BASE + 0) }, @@ -294,6 +301,7 @@ { "request_key", (__SCMP_NR_BASE + 240) }, { "restart_syscall", (__SCMP_NR_BASE + 213) }, { "rmdir", (__SCMP_NR_BASE + 82) }, + { "rseq", (__SCMP_NR_BASE + 327) }, { "rt_sigaction", (__SCMP_NR_BASE + 13) }, { "rt_sigpending", (__SCMP_NR_BASE + 125) }, { "rt_sigprocmask", (__SCMP_NR_BASE + 14) }, @@ -303,9 +311,11 @@ { "rt_sigtimedwait", (__SCMP_NR_BASE + 126) }, { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 291) }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", (__SCMP_NR_BASE + 143) }, { "sched_get_priority_min", (__SCMP_NR_BASE + 144) }, { "sched_getaffinity", (__SCMP_NR_BASE + 196) }, @@ -391,6 +401,7 @@ { "stat64", __PNR_stat64 }, { "statfs", (__SCMP_NR_BASE + 134) }, { "statfs64", __PNR_statfs64 }, + { "statx", (__SCMP_NR_BASE + 326) }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -505,15 +516,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *mips64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *mips64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return mips64_syscall_table[spot].name; + return &mips64_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-mips.h libseccomp-2.4.1/src/arch-mips.h --- libseccomp-2.3.1/src/arch-mips.h 2016-02-11 18:32:39.775670411 +0000 +++ libseccomp-2.4.1/src/arch-mips.h 2019-04-16 16:19:07.114599546 +0000 @@ -34,6 +34,6 @@ int mips_syscall_resolve_name(const char *name); const char *mips_syscall_resolve_num(int num); -const char *mips_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *mips_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-mips-syscalls.c libseccomp-2.4.1/src/arch-mips-syscalls.c --- libseccomp-2.3.1/src/arch-mips-syscalls.c 2016-02-19 16:05:36.999890615 +0000 +++ libseccomp-2.4.1/src/arch-mips-syscalls.c 2019-04-16 16:19:06.781264477 +0000 @@ -30,7 +30,7 @@ /* O32 ABI */ #define __SCMP_NR_BASE 4000 -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def mips_syscall_table[] = { \ { "_llseek", (__SCMP_NR_BASE + 140) }, { "_newselect", (__SCMP_NR_BASE + 142) }, @@ -126,6 +126,7 @@ { "get_mempolicy", (__SCMP_NR_BASE + 269) }, { "get_robust_list", (__SCMP_NR_BASE + 310) }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", (__SCMP_NR_BASE + 312) }, { "getcwd", (__SCMP_NR_BASE + 203) }, { "getdents", (__SCMP_NR_BASE + 141) }, @@ -171,6 +172,7 @@ { "io_cancel", (__SCMP_NR_BASE + 245) }, { "io_destroy", (__SCMP_NR_BASE + 242) }, { "io_getevents", (__SCMP_NR_BASE + 243) }, + { "io_pgetevents", (__SCMP_NR_BASE + 368) }, { "io_setup", (__SCMP_NR_BASE + 241) }, { "io_submit", (__SCMP_NR_BASE + 244) }, { "ioctl", (__SCMP_NR_BASE + 54) }, @@ -258,11 +260,15 @@ { "pipe", (__SCMP_NR_BASE + 42) }, { "pipe2", (__SCMP_NR_BASE + 328) }, { "pivot_root", (__SCMP_NR_BASE + 216) }, + { "pkey_alloc", (__SCMP_NR_BASE + 364) }, + { "pkey_free", (__SCMP_NR_BASE + 365) }, + { "pkey_mprotect", (__SCMP_NR_BASE + 363) }, { "poll", (__SCMP_NR_BASE + 188) }, { "ppoll", (__SCMP_NR_BASE + 302) }, { "prctl", (__SCMP_NR_BASE + 192) }, { "pread64", (__SCMP_NR_BASE + 200) }, { "preadv", (__SCMP_NR_BASE + 330) }, + { "preadv2", (__SCMP_NR_BASE + 361) }, { "prlimit64", (__SCMP_NR_BASE + 338) }, { "process_vm_readv", (__SCMP_NR_BASE + 345) }, { "process_vm_writev", (__SCMP_NR_BASE + 346) }, @@ -273,6 +279,7 @@ { "putpmsg", (__SCMP_NR_BASE + 209) }, { "pwrite64", (__SCMP_NR_BASE + 201) }, { "pwritev", (__SCMP_NR_BASE + 331) }, + { "pwritev2", (__SCMP_NR_BASE + 362) }, { "query_module", (__SCMP_NR_BASE + 187) }, { "quotactl", (__SCMP_NR_BASE + 131) }, { "read", (__SCMP_NR_BASE + 3) }, @@ -294,6 +301,7 @@ { "request_key", (__SCMP_NR_BASE + 281) }, { "restart_syscall", (__SCMP_NR_BASE + 253) }, { "rmdir", (__SCMP_NR_BASE + 40) }, + { "rseq", (__SCMP_NR_BASE + 367) }, { "rt_sigaction", (__SCMP_NR_BASE + 194) }, { "rt_sigpending", (__SCMP_NR_BASE + 196) }, { "rt_sigprocmask", (__SCMP_NR_BASE + 195) }, @@ -303,9 +311,11 @@ { "rt_sigtimedwait", (__SCMP_NR_BASE + 197) }, { "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 332) }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", (__SCMP_NR_BASE + 163) }, { "sched_get_priority_min", (__SCMP_NR_BASE + 164) }, { "sched_getaffinity", (__SCMP_NR_BASE + 240) }, @@ -391,6 +401,7 @@ { "stat64", (__SCMP_NR_BASE + 213) }, { "statfs", (__SCMP_NR_BASE + 99) }, { "statfs64", (__SCMP_NR_BASE + 255) }, + { "statx", (__SCMP_NR_BASE + 366) }, { "stime", (__SCMP_NR_BASE + 25) }, { "stty", (__SCMP_NR_BASE + 31) }, { "subpage_prot", __PNR_subpage_prot }, @@ -505,15 +516,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *mips_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *mips_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return mips_syscall_table[spot].name; + return &mips_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-parisc64.c libseccomp-2.4.1/src/arch-parisc64.c --- libseccomp-2.3.1/src/arch-parisc64.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/src/arch-parisc64.c 2019-04-16 16:19:06.797931230 +0000 @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2016 Helge Deller + * Author: Helge Deller +*/ + +#include +#include +#include + +#include "arch.h" +#include "arch-parisc.h" + +const struct arch_def arch_def_parisc64 = { + .token = SCMP_ARCH_PARISC64, + .token_bpf = AUDIT_ARCH_PARISC64, + .size = ARCH_SIZE_64, + .endian = ARCH_ENDIAN_BIG, + .syscall_resolve_name = parisc_syscall_resolve_name, + .syscall_resolve_num = parisc_syscall_resolve_num, + .syscall_rewrite = NULL, + .rule_add = NULL, +}; diff -Nru libseccomp-2.3.1/src/arch-parisc.c libseccomp-2.4.1/src/arch-parisc.c --- libseccomp-2.3.1/src/arch-parisc.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/src/arch-parisc.c 2019-04-16 16:19:06.811264633 +0000 @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2016 Helge Deller + * Author: Helge Deller + */ + +#include +#include +#include + +#include "arch.h" +#include "arch-parisc.h" + +const struct arch_def arch_def_parisc = { + .token = SCMP_ARCH_PARISC, + .token_bpf = AUDIT_ARCH_PARISC, + .size = ARCH_SIZE_32, + .endian = ARCH_ENDIAN_BIG, + .syscall_resolve_name = parisc_syscall_resolve_name, + .syscall_resolve_num = parisc_syscall_resolve_num, + .syscall_rewrite = NULL, + .rule_add = NULL, +}; diff -Nru libseccomp-2.3.1/src/arch-parisc.h libseccomp-2.4.1/src/arch-parisc.h --- libseccomp-2.3.1/src/arch-parisc.h 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/src/arch-parisc.h 2019-04-16 16:19:07.124599598 +0000 @@ -0,0 +1,38 @@ +/** + * Enhanced Seccomp PARISC Specific Code + * + * Copyright (c) 2016 Helge Deller + * + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_PARISC_H +#define _ARCH_PARISC_H + +#include + +#include "arch.h" +#include "system.h" + +extern const struct arch_def arch_def_parisc; +extern const struct arch_def arch_def_parisc64; + +int parisc_syscall_resolve_name(const char *name); +const char *parisc_syscall_resolve_num(int num); + +const struct arch_syscall_def *parisc_syscall_iterate(unsigned int spot); + +#endif diff -Nru libseccomp-2.3.1/src/arch-parisc-syscalls.c libseccomp-2.4.1/src/arch-parisc-syscalls.c --- libseccomp-2.3.1/src/arch-parisc-syscalls.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/src/arch-parisc-syscalls.c 2019-04-16 16:19:06.821264686 +0000 @@ -0,0 +1,510 @@ +/* + * Copyright (c) 2016 Helge Deller + * Author: Helge Deller + */ + +#include + +#include + +#include "arch.h" +#include "arch-parisc.h" + +/* NOTE: based on Linux 4.15-rc7 */ +const struct arch_syscall_def parisc_syscall_table[] = { \ + { "_llseek", 140 }, + { "_newselect", 142 }, + { "_sysctl", 149 }, + { "accept", 35 }, + { "accept4", 320 }, + { "access", 33 }, + { "acct", 51 }, + { "add_key", 264 }, + { "adjtimex", 124 }, + { "afs_syscall", 137 }, + { "alarm", 27 }, + { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, + { "arm_sync_file_range", __PNR_arm_sync_file_range }, + { "arch_prctl", __PNR_arch_prctl }, + { "bdflush", 134 }, + { "bind", 22 }, + { "bpf", 341 }, + { "break", __PNR_break }, + { "breakpoint", __PNR_breakpoint }, + { "brk", 45 }, + { "cachectl", __PNR_cachectl }, + { "cacheflush", __PNR_cacheflush }, + { "capget", 106 }, + { "capset", 107 }, + { "chdir", 12 }, + { "chmod", 15 }, + { "chown", 180 }, + { "chown32", __PNR_chown32 }, + { "chroot", 61 }, + { "clock_adjtime", 324 }, + { "clock_getres", 257 }, + { "clock_gettime", 256 }, + { "clock_nanosleep", 258 }, + { "clock_settime", 255 }, + { "clone", 120 }, + { "close", 6 }, + { "connect", 31 }, + { "copy_file_range", 346 }, + { "creat", 8 }, + { "create_module", 127 }, + { "delete_module", 129 }, + { "dup", 41 }, + { "dup2", 63 }, + { "dup3", 312 }, + { "epoll_create", 224 }, + { "epoll_create1", 311 }, + { "epoll_ctl", 225 }, + { "epoll_ctl_old", __PNR_epoll_ctl_old }, + { "epoll_pwait", 297 }, + { "epoll_wait", 226 }, + { "epoll_wait_old", __PNR_epoll_wait_old }, + { "eventfd", 304 }, + { "eventfd2", 310 }, + { "execve", 11 }, + { "execveat", 342 }, + { "exit", 1 }, + { "exit_group", 222 }, + { "faccessat", 287 }, + { "fadvise64", __PNR_fadvise64 }, + { "fadvise64_64", 236 }, + { "fallocate", 305 }, + { "fanotify_init", 322 }, + { "fanotify_mark", 323 }, + { "fchdir", 133 }, + { "fchmod", 94 }, + { "fchmodat", 286 }, + { "fchown", 95 }, + { "fchown32", __PNR_fchown32 }, + { "fchownat", 278 }, + { "fcntl", 55 }, + { "fcntl64", 202 }, + { "fdatasync", 148 }, + { "fgetxattr", 243 }, + { "finit_module", 333 }, + { "flistxattr", 246 }, + { "flock", 143 }, + { "fork", 2 }, + { "fremovexattr", 249 }, + { "fsetxattr", 240 }, + { "fstat", 28 }, + { "fstat64", 112 }, + { "fstatat64", 280 }, + { "fstatfs", 100 }, + { "fstatfs64", 299 }, + { "fsync", 118 }, + { "ftime", __PNR_ftime }, + { "ftruncate", 93 }, + { "ftruncate64", 200 }, + { "futex", 210 }, + { "futimesat", 279 }, + { "get_kernel_syms", 130 }, + { "get_mempolicy", 261 }, + { "get_robust_list", 290 }, + { "get_thread_area", 214 }, + { "get_tls", __PNR_get_tls }, + { "getcpu", 296 }, + { "getcwd", 110 }, + { "getdents", 141 }, + { "getdents64", 201 }, + { "getegid", 50 }, + { "getegid32", __PNR_getegid32 }, + { "geteuid", 49 }, + { "geteuid32", __PNR_geteuid32 }, + { "getgid", 47 }, + { "getgid32", __PNR_getgid32 }, + { "getgroups", 80 }, + { "getgroups32", __PNR_getgroups32 }, + { "getitimer", 105 }, + { "getpeername", 53 }, + { "getpgid", 132 }, + { "getpgrp", 65 }, + { "getpid", 20 }, + { "getpmsg", 196 }, + { "getppid", 64 }, + { "getpriority", 96 }, + { "getrandom", 339 }, + { "getresgid", 171 }, + { "getresgid32", __PNR_getresgid32 }, + { "getresuid", 165 }, + { "getresuid32", __PNR_getresuid32 }, + { "getrlimit", 76 }, + { "getrusage", 77 }, + { "getsid", 147 }, + { "getsockname", 44 }, + { "getsockopt", 182 }, + { "gettid", 206 }, + { "gettimeofday", 78 }, + { "getuid", 24 }, + { "getuid32", __PNR_getuid32 }, + { "getxattr", 241 }, + { "gtty", __PNR_gtty }, + { "idle", __PNR_idle }, + { "init_module", 128 }, + { "inotify_add_watch", 270 }, + { "inotify_init", 269 }, + { "inotify_init1", 314 }, + { "inotify_rm_watch", 271 }, + { "io_cancel", 219 }, + { "io_destroy", 216 }, + { "io_getevents", 217 }, + { "io_pgetevents", __PNR_io_pgetevents }, + { "io_setup", 215 }, + { "io_submit", 218 }, + { "ioctl", 54 }, + { "ioperm", __PNR_ioperm }, + { "iopl", __PNR_iopl }, + { "ioprio_get", 268 }, + { "ioprio_set", 267 }, + { "ipc", __PNR_ipc }, + { "kcmp", 332 }, + { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_load", 300 }, + { "keyctl", 266 }, + { "kill", 37 }, + { "lchown", 16 }, + { "lchown32", __PNR_lchown32 }, + { "lgetxattr", 242 }, + { "link", 9 }, + { "linkat", 283 }, + { "listen", 32 }, + { "listxattr", 244 }, + { "llistxattr", 245 }, + { "lock", __PNR_lock }, + { "lookup_dcookie", 223 }, + { "lremovexattr", 248 }, + { "lseek", 19 }, + { "lsetxattr", 239 }, + { "lstat", 84 }, + { "lstat64", 198 }, + { "madvise", 119 }, + { "mbind", 260 }, + { "membarrier", 343 }, + { "memfd_create", 340 }, + { "migrate_pages", 272 }, + { "mincore", 72 }, + { "mkdir", 39 }, + { "mkdirat", 276 }, + { "mknod", 14 }, + { "mknodat", 277 }, + { "mlock", 150 }, + { "mlock2", 345 }, + { "mlockall", 152 }, + { "mmap", 90 }, + { "mmap2", 89 }, + { "modify_ldt", __PNR_modify_ldt }, + { "mount", 21 }, + { "move_pages", 295 }, + { "mprotect", 125 }, + { "mpx", __PNR_mpx }, + { "mq_getsetattr", 234 }, + { "mq_notify", 233 }, + { "mq_open", 229 }, + { "mq_timedreceive", 232 }, + { "mq_timedsend", 231 }, + { "mq_unlink", 230 }, + { "mremap", 163 }, + { "msgctl", 191 }, + { "msgget", 190 }, + { "msgrcv", 189 }, + { "msgsnd", 188 }, + { "msync", 144 }, + { "multiplexer", __PNR_multiplexer }, + { "munlock", 151 }, + { "munlockall", 153 }, + { "munmap", 91 }, + { "name_to_handle_at", 325 }, + { "nanosleep", 162 }, + { "newfstatat", __PNR_newfstatat }, + { "nfsservctl", 169 }, + { "nice", 34 }, + { "oldfstat", __PNR_oldfstat }, + { "oldlstat", __PNR_oldlstat }, + { "oldolduname", __PNR_oldolduname }, + { "oldstat", __PNR_oldstat }, + { "olduname", __PNR_olduname }, + { "oldwait4", __PNR_oldwait4 }, + { "open", 5 }, + { "open_by_handle_at", 326 }, + { "openat", 275 }, + { "pause", 29 }, + { "pciconfig_iobase", __PNR_pciconfig_iobase }, + { "pciconfig_read", __PNR_pciconfig_read }, + { "pciconfig_write", __PNR_pciconfig_write }, + { "perf_event_open", 318 }, + { "personality", 136 }, + { "pipe", 42 }, + { "pipe2", 313 }, + { "pivot_root", 67 }, + { "pkey_alloc", __PNR_pkey_alloc }, + { "pkey_free", __PNR_pkey_free }, + { "pkey_mprotect", __PNR_pkey_mprotect }, + { "poll", 168 }, + { "ppoll", 274 }, + { "prctl", 172 }, + { "pread64", 108 }, + { "preadv", 315 }, + { "preadv2", 347 }, + { "prlimit64", 321 }, + { "process_vm_readv", 330 }, + { "process_vm_writev", 331 }, + { "prof", __PNR_prof }, + { "profil", __PNR_profil }, + { "pselect6", 273 }, + { "ptrace", 26 }, + { "putpmsg", 197 }, + { "pwrite64", 109 }, + { "pwritev", 316 }, + { "pwritev2", 348 }, + { "query_module", 167 }, + { "quotactl", 131 }, + { "read", 3 }, + { "readahead", 207 }, + { "readdir", __PNR_readdir }, + { "readlink", 85 }, + { "readlinkat", 285 }, + { "readv", 145 }, + { "reboot", 88 }, + { "recv", 98 }, + { "recvfrom", 123 }, + { "recvmmsg", 319 }, + { "recvmsg", 184 }, + { "remap_file_pages", 227 }, + { "removexattr", 247 }, + { "rename", 38 }, + { "renameat", 282 }, + { "renameat2", 337 }, + { "request_key", 265 }, + { "restart_syscall", 0 }, + { "rmdir", 40 }, + { "rseq", __PNR_rseq }, + { "rt_sigaction", 174 }, + { "rt_sigpending", 176 }, + { "rt_sigprocmask", 175 }, + { "rt_sigqueueinfo", 178 }, + { "rt_sigreturn", 173 }, + { "rt_sigsuspend", 179 }, + { "rt_sigtimedwait", 177 }, + { "rt_tgsigqueueinfo", 317 }, + { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, + { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, + { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, + { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, + { "sched_get_priority_max", 159 }, + { "sched_get_priority_min", 160 }, + { "sched_getaffinity", 212 }, + { "sched_getattr", 335 }, + { "sched_getparam", 155 }, + { "sched_getscheduler", 157 }, + { "sched_rr_get_interval", 161 }, + { "sched_setaffinity", 211 }, + { "sched_setattr", 334 }, + { "sched_setparam", 154 }, + { "sched_setscheduler", 156 }, + { "sched_yield", 158 }, + { "seccomp", 338 }, + { "security", __PNR_security }, + { "select", __PNR_select }, + { "semctl", 187 }, + { "semget", 186 }, + { "semop", 185 }, + { "semtimedop", 228 }, + { "send", 58 }, + { "sendfile", 122 }, + { "sendfile64", 209 }, + { "sendmmsg", 329 }, + { "sendmsg", 183 }, + { "sendto", 82 }, + { "set_mempolicy", 262 }, + { "set_robust_list", 289 }, + { "set_thread_area", 213 }, + { "set_tid_address", 237 }, + { "set_tls", __PNR_set_tls }, + { "setdomainname", 121 }, + { "setfsgid", 139 }, + { "setfsgid32", __PNR_setfsgid32 }, + { "setfsuid", 138 }, + { "setfsuid32", __PNR_setfsuid32 }, + { "setgid", 46 }, + { "setgid32", __PNR_setgid32 }, + { "setgroups", 81 }, + { "setgroups32", __PNR_setgroups32}, + { "sethostname", 74 }, + { "setitimer", 104 }, + { "setns", 328 }, + { "setpgid", 57 }, + { "setpriority", 97 }, + { "setregid", 71 }, + { "setregid32", __PNR_setregid32 }, + { "setresgid", 170 }, + { "setresgid32", __PNR_setresgid32 }, + { "setresuid", 164 }, + { "setresuid32", __PNR_setresuid32 }, + { "setreuid", 70 }, + { "setreuid32", __PNR_setreuid32 }, + { "setrlimit", 75 }, + { "setsid", 66 }, + { "setsockopt", 181 }, + { "settimeofday", 79 }, + { "setuid", 23 }, + { "setuid32", __PNR_setuid32 }, + { "setxattr", 238 }, + { "sgetmask", 68 }, + { "shmat", 192 }, + { "shmctl", 195 }, + { "shmdt", 193 }, + { "shmget", 194 }, + { "shutdown", 117 }, + { "sigaction", __PNR_sigaction }, + { "sigaltstack", 166 }, + { "signal", 48 }, + { "signalfd", 302 }, + { "signalfd4", 309 }, + { "sigpending", 73 }, + { "sigprocmask", 126 }, + { "sigreturn", __PNR_sigreturn }, + { "sigsuspend", __PNR_sigsuspend }, + { "socket", 17 }, + { "socketcall", __PNR_socketcall }, + { "socketpair", 56 }, + { "splice", 291 }, + { "spu_create", __PNR_spu_create }, + { "spu_run", __PNR_spu_run }, + { "ssetmask", 69 }, + { "stat", 18 }, + { "stat64", 101 }, + { "statfs", 99 }, + { "statfs64", 298 }, + { "statx", 349 }, + { "stime", 25 }, + { "stty", __PNR_stty }, + { "subpage_prot", __PNR_subpage_prot }, + { "swapcontext", __PNR_swapcontext }, + { "swapoff", 115 }, + { "swapon", 87 }, + { "switch_endian", __PNR_switch_endian }, + { "symlink", 83 }, + { "symlinkat", 284 }, + { "sync", 36 }, + { "sync_file_range", 292 }, + { "sync_file_range2", __PNR_sync_file_range2 }, + { "syncfs", 327 }, + { "syscall", __PNR_syscall }, + { "sys_debug_setcontext", __PNR_sys_debug_setcontext }, + { "sysfs", 135 }, + { "sysinfo", 116 }, + { "syslog", 103 }, + { "sysmips", __PNR_sysmips }, + { "tee", 293 }, + { "tgkill", 259 }, + { "time", 13 }, + { "timer_create", 250 }, + { "timer_delete", 254 }, + { "timer_getoverrun", 253 }, + { "timer_gettime", 252 }, + { "timer_settime", 251 }, + { "timerfd", 303 }, + { "timerfd_create", 306 }, + { "timerfd_gettime", 308 }, + { "timerfd_settime", 307 }, + { "times", 43 }, + { "tkill", 208 }, + { "truncate", 92 }, + { "truncate64", 199 }, + { "tuxcall", __PNR_tuxcall }, + { "ugetrlimit", __PNR_ugetrlimit }, + { "ulimit", __PNR_ulimit }, + { "umask", 60 }, + { "umount", __PNR_umount }, + { "umount2", 52 }, + { "uname", 59 }, + { "unlink", 10 }, + { "unlinkat", 281 }, + { "unshare", 288 }, + { "uselib", 86 }, + { "userfaultfd", 344 }, + { "usr26", __PNR_usr26 }, + { "usr32", __PNR_usr32 }, + { "ustat", 62 }, + { "utime", 30 }, + { "utimensat", 301 }, + { "utimes", 336 }, + { "vfork", 113 }, + { "vhangup", 111 }, + { "vm86", __PNR_vm86 }, + { "vm86old", __PNR_vm86old }, + { "vmsplice", 294 }, + { "vserver", 263 }, + { "wait4", 114 }, + { "waitid", 235 }, + { "waitpid", 7 }, + { "write", 4 }, + { "writev", 146 }, + { NULL, __NR_SCMP_ERROR }, +}; + +/** + * Resolve a syscall name to a number + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number using the syscall table. + * Returns the syscall number on success, including negative pseudo syscall + * numbers; returns __NR_SCMP_ERROR on failure. + * + */ +int parisc_syscall_resolve_name(const char *name) +{ + unsigned int iter; + const struct arch_syscall_def *table = parisc_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].name != NULL; iter++) { + if (strcmp(name, table[iter].name) == 0) + return table[iter].num; + } + + return __NR_SCMP_ERROR; +} + +/** + * Resolve a syscall number to a name + * @param num the syscall number + * + * Resolve the given syscall number to the syscall name using the syscall table. + * Returns a pointer to the syscall name string on success, including pseudo + * syscall names; returns NULL on failure. + * + */ +const char *parisc_syscall_resolve_num(int num) +{ + unsigned int iter; + const struct arch_syscall_def *table = parisc_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { + if (num == table[iter].num) + return table[iter].name; + } + + return NULL; +} + +/** + * Iterate through the syscall table and return the syscall mapping + * @param spot the offset into the syscall table + * + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. + * + */ +const struct arch_syscall_def *parisc_syscall_iterate(unsigned int spot) +{ + /* XXX - no safety checks here */ + return &parisc_syscall_table[spot]; +} diff -Nru libseccomp-2.3.1/src/arch-ppc64.h libseccomp-2.4.1/src/arch-ppc64.h --- libseccomp-2.3.1/src/arch-ppc64.h 2016-02-11 18:32:39.776670411 +0000 +++ libseccomp-2.4.1/src/arch-ppc64.h 2019-04-16 16:19:07.134599650 +0000 @@ -34,6 +34,6 @@ int ppc64_syscall_resolve_name(const char *name); const char *ppc64_syscall_resolve_num(int num); -const char *ppc64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *ppc64_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-ppc64-syscalls.c libseccomp-2.4.1/src/arch-ppc64-syscalls.c --- libseccomp-2.3.1/src/arch-ppc64-syscalls.c 2016-02-19 16:07:13.721883376 +0000 +++ libseccomp-2.4.1/src/arch-ppc64-syscalls.c 2019-04-16 16:19:06.841264789 +0000 @@ -27,7 +27,7 @@ #include "arch.h" #include "arch-ppc64.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def ppc64_syscall_table[] = { \ { "_llseek", 140 }, { "_newselect", 142 }, @@ -123,6 +123,7 @@ { "get_mempolicy", 260 }, { "get_robust_list", 299 }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", 302 }, { "getcwd", 182 }, { "getdents", 141 }, @@ -168,6 +169,7 @@ { "io_cancel", 231 }, { "io_destroy", 228 }, { "io_getevents", 229 }, + { "io_pgetevents", 388 }, { "io_setup", 227 }, { "io_submit", 230 }, { "ioctl", 54 }, @@ -177,7 +179,7 @@ { "ioprio_set", 273 }, { "ipc", 117 }, { "kcmp", 354 }, - { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_file_load", 382 }, { "kexec_load", 268 }, { "keyctl", 271 }, { "kill", 37 }, @@ -255,11 +257,15 @@ { "pipe", 42 }, { "pipe2", 317 }, { "pivot_root", 203 }, + { "pkey_alloc", 384 }, + { "pkey_free", 385 }, + { "pkey_mprotect", 386 }, { "poll", 167 }, { "ppoll", 281 }, { "prctl", 171 }, { "pread64", 179 }, { "preadv", 320 }, + { "preadv2", 380 }, { "prlimit64", 325 }, { "process_vm_readv", 351 }, { "process_vm_writev", 352 }, @@ -270,6 +276,7 @@ { "putpmsg", 188 }, { "pwrite64", 180 }, { "pwritev", 321 }, + { "pwritev2", 381 }, { "query_module", 166 }, { "quotactl", 131 }, { "read", 3 }, @@ -291,6 +298,7 @@ { "request_key", 270 }, { "restart_syscall", 0 }, { "rmdir", 40 }, + { "rseq", 387 }, { "rt_sigaction", 173 }, { "rt_sigpending", 175 }, { "rt_sigprocmask", 174 }, @@ -300,9 +308,11 @@ { "rt_sigtimedwait", 176 }, { "rt_tgsigqueueinfo", 322 }, { "rtas", 255 }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", 159 }, { "sched_get_priority_min", 160 }, { "sched_getaffinity", 223 }, @@ -388,6 +398,7 @@ { "stat64", __PNR_stat64 }, { "statfs", 99 }, { "statfs64", 252 }, + { "statx", 383}, { "stime", 25 }, { "stty", 31 }, { "subpage_prot", 310 }, @@ -502,15 +513,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *ppc64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *ppc64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return ppc64_syscall_table[spot].name; + return &ppc64_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-ppc.h libseccomp-2.4.1/src/arch-ppc.h --- libseccomp-2.3.1/src/arch-ppc.h 2016-02-11 18:32:39.775670411 +0000 +++ libseccomp-2.4.1/src/arch-ppc.h 2019-04-16 16:19:07.147933053 +0000 @@ -33,6 +33,6 @@ int ppc_syscall_resolve_name(const char *name); const char *ppc_syscall_resolve_num(int num); -const char *ppc_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *ppc_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-ppc-syscalls.c libseccomp-2.4.1/src/arch-ppc-syscalls.c --- libseccomp-2.3.1/src/arch-ppc-syscalls.c 2016-02-19 16:05:36.999890615 +0000 +++ libseccomp-2.4.1/src/arch-ppc-syscalls.c 2019-04-16 16:19:06.857931543 +0000 @@ -27,7 +27,7 @@ #include "arch.h" #include "arch-ppc.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def ppc_syscall_table[] = { \ { "_llseek", 140 }, { "_newselect", 142 }, @@ -123,6 +123,7 @@ { "get_mempolicy", 260 }, { "get_robust_list", 299 }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", 302 }, { "getcwd", 182 }, { "getdents", 141 }, @@ -168,6 +169,7 @@ { "io_cancel", 231 }, { "io_destroy", 228 }, { "io_getevents", 229 }, + { "io_pgetevents", 388 }, { "io_setup", 227 }, { "io_submit", 230 }, { "ioctl", 54 }, @@ -177,7 +179,7 @@ { "ioprio_set", 273 }, { "ipc", 117 }, { "kcmp", 354 }, - { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_file_load", 382 }, { "kexec_load", 268 }, { "keyctl", 271 }, { "kill", 37 }, @@ -255,11 +257,15 @@ { "pipe", 42 }, { "pipe2", 317 }, { "pivot_root", 203 }, + { "pkey_alloc", 384 }, + { "pkey_free", 385 }, + { "pkey_mprotect", 386 }, { "poll", 167 }, { "ppoll", 281 }, { "prctl", 171 }, { "pread64", 179 }, { "preadv", 320 }, + { "preadv2", 380 }, { "prlimit64", 325 }, { "process_vm_readv", 351 }, { "process_vm_writev", 352 }, @@ -270,6 +276,7 @@ { "putpmsg", 188 }, { "pwrite64", 180 }, { "pwritev", 321 }, + { "pwritev2", 381 }, { "query_module", 166 }, { "quotactl", 131 }, { "read", 3 }, @@ -291,6 +298,7 @@ { "request_key", 270 }, { "restart_syscall", 0 }, { "rmdir", 40 }, + { "rseq", 387 }, { "rt_sigaction", 173 }, { "rt_sigpending", 175 }, { "rt_sigprocmask", 174 }, @@ -300,9 +308,11 @@ { "rt_sigtimedwait", 176 }, { "rt_tgsigqueueinfo", 322 }, { "rtas", 255 }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", 159 }, { "sched_get_priority_min", 160 }, { "sched_getaffinity", 223 }, @@ -388,6 +398,7 @@ { "stat64", 195 }, { "statfs", 99 }, { "statfs64", 252 }, + { "statx", 383}, { "stime", 25 }, { "stty", 31 }, { "subpage_prot", 310 }, @@ -502,15 +513,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *ppc_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *ppc_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return ppc_syscall_table[spot].name; + return &ppc_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-s390.c libseccomp-2.4.1/src/arch-s390.c --- libseccomp-2.3.1/src/arch-s390.c 2016-04-20 17:49:44.634846367 +0000 +++ libseccomp-2.4.1/src/arch-s390.c 2019-04-16 16:19:06.867931595 +0000 @@ -34,7 +34,7 @@ * no related syscall, or __NR_SCMP_ERROR otherwise. * */ -int _s390_sock_demux(int socketcall) +static int _s390_sock_demux(int socketcall) { switch (socketcall) { case -101: @@ -110,7 +110,7 @@ * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise. * */ -int _s390_sock_mux(int syscall) +static int _s390_sock_mux(int syscall) { switch (syscall) { case 337: @@ -194,47 +194,53 @@ /** * add a new rule to the s390 seccomp filter - * @param col the filter collection * @param db the seccomp filter db - * @param strict the strict flag * @param rule the filter rule * * This function adds a new syscall filter to the seccomp filter db, making any * necessary adjustments for the s390 ABI. Returns zero on success, negative * values on failure. * + * It is important to note that in the case of failure the db may be corrupted, + * the caller must use the transaction mechanism if the db integrity is + * important. + * */ -int s390_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict, - struct db_api_rule_list *rule) +int s390_rule_add(struct db_filter *db, struct db_api_rule_list *rule) { - int rc; + int rc = 0; unsigned int iter; - size_t args_size; int sys = rule->syscall; int sys_a, sys_b; - struct db_api_rule_list *rule_a, *rule_b; + struct db_api_rule_list *rule_a, *rule_b, *rule_dup = NULL; if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) { /* (-100 to -120) : multiplexed socket syscalls (359 to 373) : direct socket syscalls, Linux 4.3+ */ /* strict check for the multiplexed socket syscalls */ - for (iter = 0; iter < rule->args_cnt; iter++) { - if ((rule->args[iter].valid != 0) && (strict)) - return -EINVAL; + for (iter = 0; iter < ARG_COUNT_MAX; iter++) { + if ((rule->args[iter].valid != 0) && (rule->strict)) { + rc = -EINVAL; + goto add_return; + } } /* determine both the muxed and direct syscall numbers */ if (sys > 0) { sys_a = _s390_sock_mux(sys); - if (sys_a == __NR_SCMP_ERROR) - return __NR_SCMP_ERROR; + if (sys_a == __NR_SCMP_ERROR) { + rc = __NR_SCMP_ERROR; + goto add_return; + } sys_b = sys; } else { sys_a = sys; sys_b = _s390_sock_demux(sys); - if (sys_b == __NR_SCMP_ERROR) - return __NR_SCMP_ERROR; + if (sys_b == __NR_SCMP_ERROR) { + rc = __NR_SCMP_ERROR; + goto add_return; + } } /* use rule_a for the multiplexed syscall and use rule_b for @@ -249,19 +255,12 @@ } else { /* need two rules, dup the first and link together */ rule_a = rule; - rule_b = malloc(sizeof(*rule_b)); - if (rule_b == NULL) - return -ENOMEM; - args_size = sizeof(*rule_b->args) * rule_a->args_cnt; - rule_b->args = malloc(args_size); - if (rule_b->args == NULL) { - free(rule_b); - return -ENOMEM; + rule_dup = db_rule_dup(rule_a); + rule_b = rule_dup; + if (rule_b == NULL) { + rc = -ENOMEM; + goto add_return; } - rule_b->action = rule_a->action; - rule_b->syscall = rule_a->syscall; - rule_b->args_cnt = rule_a->args_cnt; - memcpy(rule_b->args, rule_a->args, args_size); rule_b->prev = rule_a; rule_b->next = NULL; rule_a->next = rule_b; @@ -281,26 +280,24 @@ if (rule_b != NULL) rule_b->syscall = sys_b; - /* add the rules as a single transaction */ - rc = db_col_transaction_start(col); - if (rc < 0) - return rc; + /* we should be protected by a transaction checkpoint */ if (rule_a != NULL) { rc = db_rule_add(db, rule_a); if (rc < 0) - goto fail_transaction; + goto add_return; } if (rule_b != NULL) { rc = db_rule_add(db, rule_b); if (rc < 0) - goto fail_transaction; + goto add_return; } - db_col_transaction_commit(col); } else if (sys <= -200 && sys >= -224) { /* multiplexed ipc syscalls */ for (iter = 0; iter < ARG_COUNT_MAX; iter++) { - if ((rule->args[iter].valid != 0) && (strict)) - return -EINVAL; + if ((rule->args[iter].valid != 0) && (rule->strict)) { + rc = -EINVAL; + goto add_return; + } } rule->args[0].arg = 0; rule->args[0].op = SCMP_CMP_EQ; @@ -311,18 +308,19 @@ rc = db_rule_add(db, rule); if (rc < 0) - return rc; + goto add_return; } else if (sys >= 0) { /* normal syscall processing */ rc = db_rule_add(db, rule); if (rc < 0) - return rc; - } else if (strict) - return -EDOM; - - return 0; + goto add_return; + } else if (rule->strict) { + rc = -EDOM; + goto add_return; + } -fail_transaction: - db_col_transaction_abort(col); +add_return: + if (rule_dup != NULL) + free(rule_dup); return rc; } diff -Nru libseccomp-2.3.1/src/arch-s390.h libseccomp-2.4.1/src/arch-s390.h --- libseccomp-2.3.1/src/arch-s390.h 2016-04-20 17:49:04.574849365 +0000 +++ libseccomp-2.4.1/src/arch-s390.h 2019-04-16 16:19:07.161266455 +0000 @@ -20,11 +20,10 @@ int s390_syscall_resolve_name(const char *name); const char *s390_syscall_resolve_num(int num); -const char *s390_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *s390_syscall_iterate(unsigned int spot); int s390_syscall_rewrite(int *syscall); -int s390_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict, - struct db_api_rule_list *rule); +int s390_rule_add(struct db_filter *db, struct db_api_rule_list *rule); #endif diff -Nru libseccomp-2.3.1/src/arch-s390-syscalls.c libseccomp-2.4.1/src/arch-s390-syscalls.c --- libseccomp-2.3.1/src/arch-s390-syscalls.c 2016-04-20 17:49:04.574849365 +0000 +++ libseccomp-2.4.1/src/arch-s390-syscalls.c 2019-04-16 16:19:06.877931647 +0000 @@ -10,7 +10,7 @@ #include "arch.h" #include "arch-s390.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def s390_syscall_table[] = { \ { "_llseek", 140 }, { "_newselect", 142 }, @@ -106,6 +106,7 @@ { "get_mempolicy", 269 }, { "get_robust_list", 305 }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", 311 }, { "getcwd", 183 }, { "getdents", 141 }, @@ -151,6 +152,7 @@ { "io_cancel", 247 }, { "io_destroy", 244 }, { "io_getevents", 245 }, + { "io_pgetevents", 382 }, { "io_setup", 243 }, { "io_submit", 246 }, { "ioctl", 54 }, @@ -160,7 +162,7 @@ { "ioprio_set", 282 }, { "ipc", 117 }, { "kcmp", 343 }, - { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_file_load", 381 }, { "kexec_load", 277 }, { "keyctl", 280 }, { "kill", 37 }, @@ -238,11 +240,15 @@ { "pipe", 42 }, { "pipe2", 325 }, { "pivot_root", 217 }, + { "pkey_alloc", __PNR_pkey_alloc }, + { "pkey_free", __PNR_pkey_free }, + { "pkey_mprotect", __PNR_pkey_mprotect }, { "poll", 168 }, { "ppoll", 302 }, { "prctl", 172 }, { "pread64", 180 }, { "preadv", 328 }, + { "preadv2", 376 }, { "prlimit64", 334 }, { "process_vm_readv", 340 }, { "process_vm_writev", 341 }, @@ -253,6 +259,7 @@ { "putpmsg", 189 }, { "pwrite64", 181 }, { "pwritev", 329 }, + { "pwritev2", 377 }, { "query_module", 167 }, { "quotactl", 131 }, { "read", 3 }, @@ -274,6 +281,7 @@ { "request_key", 279 }, { "restart_syscall", 7 }, { "rmdir", 40 }, + { "rseq", 383 }, { "rt_sigaction", 174 }, { "rt_sigpending", 176 }, { "rt_sigprocmask", 175 }, @@ -283,9 +291,11 @@ { "rt_sigtimedwait", 177 }, { "rt_tgsigqueueinfo", 330 }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", 378 }, { "s390_pci_mmio_read", 353 }, { "s390_pci_mmio_write", 352 }, { "s390_runtime_instr", 342 }, + { "s390_sthyi", 380 }, { "sched_get_priority_max", 159 }, { "sched_get_priority_min", 160 }, { "sched_getaffinity", 240 }, @@ -371,6 +381,7 @@ { "stat64", 195 }, { "statfs", 99 }, { "statfs64", 265 }, + { "statx", 379 }, { "stime", 25 }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -567,16 +578,17 @@ return NULL; } + /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *s390_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *s390_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return s390_syscall_table[spot].name; + return &s390_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-s390x.c libseccomp-2.4.1/src/arch-s390x.c --- libseccomp-2.3.1/src/arch-s390x.c 2016-04-20 17:49:44.634846367 +0000 +++ libseccomp-2.4.1/src/arch-s390x.c 2019-04-16 16:19:06.887931699 +0000 @@ -34,7 +34,7 @@ * no related syscall, or __NR_SCMP_ERROR otherwise. * */ -int _s390x_sock_demux(int socketcall) +static int _s390x_sock_demux(int socketcall) { switch (socketcall) { case -101: @@ -110,7 +110,7 @@ * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise. * */ -int _s390x_sock_mux(int syscall) +static int _s390x_sock_mux(int syscall) { switch (syscall) { case 337: @@ -194,47 +194,53 @@ /** * add a new rule to the s390x seccomp filter - * @param col the filter collection * @param db the seccomp filter db - * @param strict the strict flag * @param rule the filter rule * * This function adds a new syscall filter to the seccomp filter db, making any * necessary adjustments for the s390x ABI. Returns zero on success, negative * values on failure. * + * It is important to note that in the case of failure the db may be corrupted, + * the caller must use the transaction mechanism if the db integrity is + * important. + * */ -int s390x_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict, - struct db_api_rule_list *rule) +int s390x_rule_add(struct db_filter *db, struct db_api_rule_list *rule) { - int rc; + int rc = 0; unsigned int iter; - size_t args_size; int sys = rule->syscall; int sys_a, sys_b; - struct db_api_rule_list *rule_a, *rule_b; + struct db_api_rule_list *rule_a, *rule_b, *rule_dup = NULL; if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) { /* (-100 to -120) : multiplexed socket syscalls (359 to 373) : direct socket syscalls, Linux 4.3+ */ /* strict check for the multiplexed socket syscalls */ - for (iter = 0; iter < rule->args_cnt; iter++) { - if ((rule->args[iter].valid != 0) && (strict)) - return -EINVAL; + for (iter = 0; iter < ARG_COUNT_MAX; iter++) { + if ((rule->args[iter].valid != 0) && (rule->strict)) { + rc = -EINVAL; + goto add_return; + } } /* determine both the muxed and direct syscall numbers */ if (sys > 0) { sys_a = _s390x_sock_mux(sys); - if (sys_a == __NR_SCMP_ERROR) - return __NR_SCMP_ERROR; + if (sys_a == __NR_SCMP_ERROR) { + rc = __NR_SCMP_ERROR; + goto add_return; + } sys_b = sys; } else { sys_a = sys; sys_b = _s390x_sock_demux(sys); - if (sys_b == __NR_SCMP_ERROR) - return __NR_SCMP_ERROR; + if (sys_b == __NR_SCMP_ERROR) { + rc = __NR_SCMP_ERROR; + goto add_return; + } } /* use rule_a for the multiplexed syscall and use rule_b for @@ -249,19 +255,12 @@ } else { /* need two rules, dup the first and link together */ rule_a = rule; - rule_b = malloc(sizeof(*rule_b)); - if (rule_b == NULL) - return -ENOMEM; - args_size = sizeof(*rule_b->args) * rule_a->args_cnt; - rule_b->args = malloc(args_size); - if (rule_b->args == NULL) { - free(rule_b); - return -ENOMEM; + rule_dup = db_rule_dup(rule_a); + rule_b = rule_dup; + if (rule_b == NULL) { + rc = -ENOMEM; + goto add_return; } - rule_b->action = rule_a->action; - rule_b->syscall = rule_a->syscall; - rule_b->args_cnt = rule_a->args_cnt; - memcpy(rule_b->args, rule_a->args, args_size); rule_b->prev = rule_a; rule_b->next = NULL; rule_a->next = rule_b; @@ -281,26 +280,24 @@ if (rule_b != NULL) rule_b->syscall = sys_b; - /* add the rules as a single transaction */ - rc = db_col_transaction_start(col); - if (rc < 0) - return rc; + /* we should be protected by a transaction checkpoint */ if (rule_a != NULL) { rc = db_rule_add(db, rule_a); if (rc < 0) - goto fail_transaction; + goto add_return; } if (rule_b != NULL) { rc = db_rule_add(db, rule_b); if (rc < 0) - goto fail_transaction; + goto add_return; } - db_col_transaction_commit(col); } else if (sys <= -200 && sys >= -224) { /* multiplexed ipc syscalls */ for (iter = 0; iter < ARG_COUNT_MAX; iter++) { - if ((rule->args[iter].valid != 0) && (strict)) - return -EINVAL; + if ((rule->args[iter].valid != 0) && (rule->strict)) { + rc = -EINVAL; + goto add_return; + } } rule->args[0].arg = 0; rule->args[0].op = SCMP_CMP_EQ; @@ -311,18 +308,19 @@ rc = db_rule_add(db, rule); if (rc < 0) - return rc; + goto add_return; } else if (sys >= 0) { /* normal syscall processing */ rc = db_rule_add(db, rule); if (rc < 0) - return rc; - } else if (strict) - return -EDOM; - - return 0; + goto add_return; + } else if (rule->strict) { + rc = -EDOM; + goto add_return; + } -fail_transaction: - db_col_transaction_abort(col); +add_return: + if (rule_dup != NULL) + free(rule_dup); return rc; } diff -Nru libseccomp-2.3.1/src/arch-s390x.h libseccomp-2.4.1/src/arch-s390x.h --- libseccomp-2.3.1/src/arch-s390x.h 2016-04-20 17:49:04.575849365 +0000 +++ libseccomp-2.4.1/src/arch-s390x.h 2019-04-16 16:19:07.171266507 +0000 @@ -23,11 +23,10 @@ int s390x_syscall_resolve_name(const char *name); const char *s390x_syscall_resolve_num(int num); -const char *s390x_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *s390x_syscall_iterate(unsigned int spot); int s390x_syscall_rewrite(int *syscall); -int s390x_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict, - struct db_api_rule_list *rule); +int s390x_rule_add(struct db_filter *db, struct db_api_rule_list *rule); #endif diff -Nru libseccomp-2.3.1/src/arch-s390x-syscalls.c libseccomp-2.4.1/src/arch-s390x-syscalls.c --- libseccomp-2.3.1/src/arch-s390x-syscalls.c 2016-04-20 17:49:04.574849365 +0000 +++ libseccomp-2.4.1/src/arch-s390x-syscalls.c 2019-04-16 16:19:06.897931751 +0000 @@ -10,7 +10,7 @@ #include "arch.h" #include "arch-s390x.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def s390x_syscall_table[] = { \ { "_llseek", __PNR__llseek }, { "_newselect", __PNR__newselect }, @@ -106,6 +106,7 @@ { "get_mempolicy", 269 }, { "get_robust_list", 305 }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", 311 }, { "getcwd", 183 }, { "getdents", 141 }, @@ -151,6 +152,7 @@ { "io_cancel", 247 }, { "io_destroy", 244 }, { "io_getevents", 245 }, + { "io_pgetevents", 382 }, { "io_setup", 243 }, { "io_submit", 246 }, { "ioctl", 54 }, @@ -160,7 +162,7 @@ { "ioprio_set", 282 }, { "ipc", 117 }, { "kcmp", 343 }, - { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_file_load", 381 }, { "kexec_load", 277 }, { "keyctl", 280 }, { "kill", 37 }, @@ -238,11 +240,15 @@ { "pipe", 42 }, { "pipe2", 325 }, { "pivot_root", 217 }, + { "pkey_alloc", __PNR_pkey_alloc }, + { "pkey_free", __PNR_pkey_free }, + { "pkey_mprotect", __PNR_pkey_mprotect }, { "poll", 168 }, { "ppoll", 302 }, { "prctl", 172 }, { "pread64", 180 }, { "preadv", 328 }, + { "preadv2", 376 }, { "prlimit64", 334 }, { "process_vm_readv", 340 }, { "process_vm_writev", 341 }, @@ -253,6 +259,7 @@ { "putpmsg", 189 }, { "pwrite64", 181 }, { "pwritev", 329 }, + { "pwritev2", 377 }, { "query_module", 167 }, { "quotactl", 131 }, { "read", 3 }, @@ -274,6 +281,7 @@ { "request_key", 279 }, { "restart_syscall", 7 }, { "rmdir", 40 }, + { "rseq", 383 }, { "rt_sigaction", 174 }, { "rt_sigpending", 176 }, { "rt_sigprocmask", 175 }, @@ -283,9 +291,11 @@ { "rt_sigtimedwait", 177 }, { "rt_tgsigqueueinfo", 330 }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", 378 }, { "s390_pci_mmio_read", 353 }, { "s390_pci_mmio_write", 352 }, { "s390_runtime_instr", 342 }, + { "s390_sthyi", 380 }, { "sched_get_priority_max", 159 }, { "sched_get_priority_min", 160 }, { "sched_getaffinity", 240 }, @@ -371,6 +381,7 @@ { "stat64", __PNR_stat64 }, { "statfs", 99 }, { "statfs64", 265 }, + { "statx", 379 }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -569,15 +580,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *s390x_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *s390x_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return s390x_syscall_table[spot].name; + return &s390x_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-syscall-check.c libseccomp-2.4.1/src/arch-syscall-check.c --- libseccomp-2.3.1/src/arch-syscall-check.c 2016-02-11 18:32:37.544670578 +0000 +++ libseccomp-2.4.1/src/arch-syscall-check.c 2019-04-16 16:19:06.907931803 +0000 @@ -33,6 +33,7 @@ #include "arch-mips.h" #include "arch-mips64.h" #include "arch-mips64n32.h" +#include "arch-parisc.h" #include "arch-ppc.h" #include "arch-ppc64.h" #include "arch-s390.h" @@ -49,9 +50,9 @@ * */ void syscall_check(char *str_miss, const char *syscall, - const char *arch_name, const char *arch_sys) + const char *arch_name, const struct arch_syscall_def *sys) { - if (strcmp(syscall, arch_sys)) { + if (strcmp(syscall, sys->name)) { if (str_miss[0] != '\0') strcat(str_miss, ","); strcat(str_miss, arch_name); @@ -71,44 +72,49 @@ int i_mips = 0; int i_mips64 = 0; int i_mips64n32 = 0; + int i_parisc = 0; int i_ppc = 0; int i_ppc64 = 0; int i_s390 = 0; int i_s390x = 0; - const char *sys_name; char str_miss[256]; + const char *sys_name; + const struct arch_syscall_def *sys; do { str_miss[0] = '\0'; - sys_name = x86_syscall_iterate_name(i_x86); - if (sys_name == NULL) { + sys = x86_syscall_iterate(i_x86); + if (sys == NULL || sys->name == NULL) { printf("FAULT\n"); return 1; } + sys_name = sys->name; /* check each arch using x86 as the reference */ syscall_check(str_miss, sys_name, "x86_64", - x86_64_syscall_iterate_name(i_x86_64)); + x86_64_syscall_iterate(i_x86_64)); syscall_check(str_miss, sys_name, "x32", - x32_syscall_iterate_name(i_x32)); + x32_syscall_iterate(i_x32)); syscall_check(str_miss, sys_name, "arm", - arm_syscall_iterate_name(i_arm)); + arm_syscall_iterate(i_arm)); syscall_check(str_miss, sys_name, "aarch64", - aarch64_syscall_iterate_name(i_aarch64)); + aarch64_syscall_iterate(i_aarch64)); syscall_check(str_miss, sys_name, "mips", - mips_syscall_iterate_name(i_mips)); + mips_syscall_iterate(i_mips)); syscall_check(str_miss, sys_name, "mips64", - mips64_syscall_iterate_name(i_mips64)); + mips64_syscall_iterate(i_mips64)); syscall_check(str_miss, sys_name, "mips64n32", - mips64n32_syscall_iterate_name(i_mips64n32)); + mips64n32_syscall_iterate(i_mips64n32)); + syscall_check(str_miss, sys_name, "parisc", + parisc_syscall_iterate(i_parisc)); syscall_check(str_miss, sys_name, "ppc", - ppc_syscall_iterate_name(i_ppc)); + ppc_syscall_iterate(i_ppc)); syscall_check(str_miss, sys_name, "ppc64", - ppc64_syscall_iterate_name(i_ppc64)); + ppc64_syscall_iterate(i_ppc64)); syscall_check(str_miss, sys_name, "s390", - s390_syscall_iterate_name(i_s390)); + s390_syscall_iterate(i_s390)); syscall_check(str_miss, sys_name, "s390x", - s390x_syscall_iterate_name(i_s390x)); + s390x_syscall_iterate(i_s390x)); /* output the results */ printf("%s: ", sys_name); @@ -119,94 +125,91 @@ printf("OK\n"); /* next */ - if (x86_syscall_iterate_name(i_x86 + 1)) + if (x86_syscall_iterate(i_x86 + 1)->name) i_x86++; - if (!x86_64_syscall_iterate_name(++i_x86_64)) + if (!x86_64_syscall_iterate(++i_x86_64)->name) i_x86_64 = -1; - if (!x32_syscall_iterate_name(++i_x32)) + if (!x32_syscall_iterate(++i_x32)->name) i_x32 = -1; - if (!arm_syscall_iterate_name(++i_arm)) + if (!arm_syscall_iterate(++i_arm)->name) i_arm = -1; - if (!aarch64_syscall_iterate_name(++i_aarch64)) + if (!aarch64_syscall_iterate(++i_aarch64)->name) i_aarch64 = -1; - if (!mips_syscall_iterate_name(++i_mips)) + if (!mips_syscall_iterate(++i_mips)->name) i_mips = -1; - if (!mips64_syscall_iterate_name(++i_mips64)) + if (!mips64_syscall_iterate(++i_mips64)->name) i_mips64 = -1; - if (!mips64n32_syscall_iterate_name(++i_mips64n32)) + if (!mips64n32_syscall_iterate(++i_mips64n32)->name) i_mips64n32 = -1; - if (!ppc_syscall_iterate_name(++i_ppc)) + if (!parisc_syscall_iterate(++i_parisc)->name) + i_parisc = -1; + if (!ppc_syscall_iterate(++i_ppc)->name) i_ppc = -1; - if (!ppc64_syscall_iterate_name(++i_ppc64)) + if (!ppc64_syscall_iterate(++i_ppc64)->name) i_ppc64 = -1; - if (!s390_syscall_iterate_name(++i_s390)) + if (!s390_syscall_iterate(++i_s390)->name) i_s390 = -1; - if (!s390x_syscall_iterate_name(++i_s390x)) + if (!s390x_syscall_iterate(++i_s390x)->name) i_s390x = -1; } while (i_x86_64 >= 0 && i_x32 >= 0 && i_arm >= 0 && i_aarch64 >= 0 && i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 && + i_parisc >= 0 && i_ppc >= 0 && i_ppc64 >= 0 && i_s390 >= 0 && i_s390x >= 0); /* check for any leftovers */ - sys_name = x86_syscall_iterate_name(i_x86 + 1); - if (sys_name) { - printf("%s: ERROR, x86 has additional syscalls\n", sys_name); + sys = x86_syscall_iterate(i_x86 + 1); + if (sys->name) { + printf("ERROR, x86 has additional syscalls\n"); return 1; } if (i_x86_64 >= 0) { - printf("%s: ERROR, x86_64 has additional syscalls\n", - x86_64_syscall_iterate_name(i_x86_64)); + printf("ERROR, x86_64 has additional syscalls\n"); return 1; } if (i_x32 >= 0) { - printf("%s: ERROR, x32 has additional syscalls\n", - x32_syscall_iterate_name(i_x32)); + printf("ERROR, x32 has additional syscalls\n"); return 1; } if (i_arm >= 0) { - printf("%s: ERROR, arm has additional syscalls\n", - arm_syscall_iterate_name(i_arm)); + printf("ERROR, arm has additional syscalls\n"); return 1; } if (i_aarch64 >= 0) { - printf("%s: ERROR, aarch64 has additional syscalls\n", - aarch64_syscall_iterate_name(i_aarch64)); + printf("ERROR, aarch64 has additional syscalls\n"); return 1; } if (i_mips >= 0) { - printf("%s: ERROR, mips has additional syscalls\n", - mips_syscall_iterate_name(i_mips)); + printf("ERROR, mips has additional syscalls\n"); return 1; } if (i_mips64 >= 0) { - printf("%s: ERROR, mips64 has additional syscalls\n", - mips64_syscall_iterate_name(i_mips64)); + printf("ERROR, mips64 has additional syscalls\n"); return 1; } if (i_mips64n32 >= 0) { - printf("%s: ERROR, mips64n32 has additional syscalls\n", - mips64n32_syscall_iterate_name(i_mips64n32)); + printf("ERROR, mips64n32 has additional syscalls\n"); + return 1; + } + if (i_parisc >= 0) { + printf("ERROR, parisc has additional syscalls\n"); return 1; } if (i_ppc >= 0) { - printf("%s: ERROR, ppc has additional syscalls\n", - ppc_syscall_iterate_name(i_ppc)); + printf("ERROR, ppc has additional syscalls\n"); + return 1; } if (i_ppc64 >= 0) { - printf("%s: ERROR, ppc64 has additional syscalls\n", - ppc64_syscall_iterate_name(i_ppc64)); + printf("ERROR, ppc64 has additional syscalls\n"); return 1; } if (i_s390 >= 0) { - printf("%s: ERROR, s390 has additional syscalls\n", - s390_syscall_iterate_name(i_s390)); + printf("ERROR, s390 has additional syscalls\n"); return 1; } if (i_s390x >= 0) { - printf("%s: ERROR, s390x has additional syscalls\n", - s390x_syscall_iterate_name(i_s390x)); + printf("ERROR, s390x has additional syscalls\n"); return 1; } diff -Nru libseccomp-2.3.1/src/arch-syscall-dump.c libseccomp-2.4.1/src/arch-syscall-dump.c --- libseccomp-2.3.1/src/arch-syscall-dump.c 2016-02-11 18:32:37.545670578 +0000 +++ libseccomp-2.4.1/src/arch-syscall-dump.c 2019-04-16 16:19:06.917931855 +0000 @@ -38,6 +38,7 @@ #include "arch-mips64.h" #include "arch-mips64n32.h" #include "arch-aarch64.h" +#include "arch-parisc.h" #include "arch-ppc.h" #include "arch-ppc64.h" #include "arch-s390.h" @@ -65,8 +66,7 @@ const struct arch_def *arch = arch_def_native; int offset = 0; int iter; - int sys_num; - const char *sys_name; + const struct arch_syscall_def *sys; /* parse the command line */ while ((opt = getopt(argc, argv, "a:o:h")) > 0) { @@ -90,61 +90,66 @@ do { switch (arch->token) { case SCMP_ARCH_X86: - sys_name = x86_syscall_iterate_name(iter); + sys = x86_syscall_iterate(iter); break; case SCMP_ARCH_X86_64: - sys_name = x86_64_syscall_iterate_name(iter); + sys = x86_64_syscall_iterate(iter); break; case SCMP_ARCH_X32: - sys_name = x32_syscall_iterate_name(iter); + sys = x32_syscall_iterate(iter); break; case SCMP_ARCH_ARM: - sys_name = arm_syscall_iterate_name(iter); + sys = arm_syscall_iterate(iter); break; case SCMP_ARCH_AARCH64: - sys_name = aarch64_syscall_iterate_name(iter); + sys = aarch64_syscall_iterate(iter); break; case SCMP_ARCH_MIPS: case SCMP_ARCH_MIPSEL: - sys_name = mips_syscall_iterate_name(iter); + sys = mips_syscall_iterate(iter); break; case SCMP_ARCH_MIPS64: case SCMP_ARCH_MIPSEL64: - sys_name = mips64_syscall_iterate_name(iter); + sys = mips64_syscall_iterate(iter); break; case SCMP_ARCH_MIPS64N32: case SCMP_ARCH_MIPSEL64N32: - sys_name = mips64n32_syscall_iterate_name(iter); + sys = mips64n32_syscall_iterate(iter); + break; + case SCMP_ARCH_PARISC: + case SCMP_ARCH_PARISC64: + sys = parisc_syscall_iterate(iter); break; case SCMP_ARCH_PPC: - sys_name = ppc_syscall_iterate_name(iter); + sys = ppc_syscall_iterate(iter); break; case SCMP_ARCH_PPC64: case SCMP_ARCH_PPC64LE: - sys_name = ppc64_syscall_iterate_name(iter); + sys = ppc64_syscall_iterate(iter); break; case SCMP_ARCH_S390: - sys_name = s390_syscall_iterate_name(iter); + sys = s390_syscall_iterate(iter); break; case SCMP_ARCH_S390X: - sys_name = s390x_syscall_iterate_name(iter); + sys = s390x_syscall_iterate(iter); break; default: /* invalid arch */ exit_usage(argv[0]); } - if (sys_name != NULL) { - sys_num = arch_syscall_resolve_name(arch, sys_name); + if (sys->name != NULL) { + int sys_num = sys->num; + if (offset > 0 && sys_num > 0) sys_num -= offset; /* output the results */ - printf("%s\t%d\n", sys_name, sys_num); + printf("%s\t%d\n", sys->name, sys_num); /* next */ iter++; } - } while (sys_name != NULL); + } while (sys->name != NULL); return 0; } diff -Nru libseccomp-2.3.1/src/arch-syscall-validate libseccomp-2.4.1/src/arch-syscall-validate --- libseccomp-2.3.1/src/arch-syscall-validate 2016-02-19 16:04:24.309896055 +0000 +++ libseccomp-2.4.1/src/arch-syscall-validate 2019-03-04 19:55:30.863308999 +0000 @@ -84,7 +84,7 @@ [[ -z $1 ]] && return [[ -n $2 ]] && offset_str="-o $2" - $LIB_SYS_DUMP -a $1 $offset_str | sed -e '/[^\t]\+\t-[0-9]\+/d' + $LIB_SYS_DUMP -a $1 $offset_str | sed -e '/[^\t]\+\t-[0-9]\+/d' | sort } # @@ -166,22 +166,13 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_arm() { - # NOTE: arm_sync_file_range() and sync_file_range2() share values - gcc -E -dM -D__ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ - grep "^#define __\(ARM_\)*NR_" | \ - grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ - grep -v "^#define __NR_SYSCALL_BASE" | \ - grep -v "^#define __ARM_NR_BASE" | \ - sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_SYSCALL_BASE[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/;s/#define[ \t]\+__ARM_NR_\([^ \t]\+\)[ \t]\+(__ARM_NR_BASE[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t983040 + \2/' | \ - while read line; do \ - if echo "$line" | grep -q "+"; then \ - echo "$line" | awk '{ print $1"\t"$2+$4 }'; \ - else \ - echo "$line"; \ - fi; \ - done | \ - sed -e '/#define __NR_sync_file_range2[ \t]\+__NR_arm_sync_file_range/d' | \ - sort + cat $1/arch/arm/tools/syscall.tbl | grep -v "^#" | \ + sed -ne "/[0-9]\+[ \t]\+\(common\|eabi\)/p" | \ + awk '{ print $3"\t"$1 }' | sort | (cat -; \ + (cat $1/arch/arm/include/uapi/asm/unistd.h | \ + grep "^#define __ARM_NR_" | grep -v "^#define __ARM_NR_BASE" | \ + sed -e 's/#define __ARM_NR_\([a-z0-9_]*\)[ \t]\+(__ARM_NR_BASE+\(.*\))/\1 983040 + \2/' | \ + awk '{ print $1"\t"$2+$4 }')) | sort } # @@ -203,7 +194,10 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_aarch64() { - gcc -E -dM -I$1/include/uapi -D__BITS_PER_LONG=64 $1/include/uapi/asm-generic/unistd.h | \ + gcc -E -dM -I$1/include/uapi \ + -D__BITS_PER_LONG=64 -D__ARCH_WANT_RENAMEAT \ + -D__ARCH_WANT_NEW_STAT \ + $1/include/uapi/asm-generic/unistd.h | \ grep "^#define __NR_" | \ sed -e '/__NR_syscalls/d' | \ sed -e '/__NR_arch_specific_syscall/d' | \ @@ -242,11 +236,14 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_mips() { + pushd $1 2>&1 > /dev/null + make ARCH=mips archheaders + popd 2>&1 > /dev/null # _MIPS_SIM values: # _MIPS_SIM_ABI32 == 1 # _MIPS_SIM_NABI32 == 2 # _MIPS_SIM_ABI64 == 3 - gcc -E -dM -I$1/arch/mips/include/uapi -D_MIPS_SIM=1 $1/arch/mips/include/uapi/asm/unistd.h | \ + gcc -E -dM -I$1/arch/mips/include/uapi -I$1/arch/mips/include/generated/uapi -D_MIPS_SIM=1 $1/arch/mips/include/uapi/asm/unistd.h | \ grep "^#define __NR_" | \ grep -v "^#define __NR_O32_" | \ grep -v "^#define __NR_N32_" | \ @@ -276,11 +273,14 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_mips64() { + pushd $1 2>&1 > /dev/null + make ARCH=mips archheaders + popd 2>&1 > /dev/null # _MIPS_SIM values: # _MIPS_SIM_ABI32 == 1 # _MIPS_SIM_NABI32 == 2 # _MIPS_SIM_ABI64 == 3 - gcc -E -dM -I$1/arch/mips/include/uapi -D_MIPS_SIM=3 $1/arch/mips/include/uapi/asm/unistd.h | \ + gcc -E -dM -I$1/arch/mips/include/uapi -I$1/arch/mips/include/generated/uapi -D_MIPS_SIM=3 $1/arch/mips/include/uapi/asm/unistd.h | \ grep "^#define __NR_" | \ grep -v "^#define __NR_O32_" | \ grep -v "^#define __NR_N32_" | \ @@ -310,11 +310,14 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_mips64n32() { + pushd $1 2>&1 > /dev/null + make ARCH=mips archheaders + popd 2>&1 > /dev/null # _MIPS_SIM values: # _MIPS_SIM_ABI32 == 1 # _MIPS_SIM_NABI32 == 2 # _MIPS_SIM_ABI64 == 3 - gcc -E -dM -I$1/arch/mips/include/uapi -D_MIPS_SIM=2 $1/arch/mips/include/uapi/asm/unistd.h | \ + gcc -E -dM -I$1/arch/mips/include/uapi -I$1/arch/mips/include/generated/uapi -D_MIPS_SIM=2 $1/arch/mips/include/uapi/asm/unistd.h | \ grep "^#define __NR_" | \ grep -v "^#define __NR_O32_" | \ grep -v "^#define __NR_N32_" | \ @@ -344,10 +347,13 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_ppc() { - gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \ - grep "^#define __NR_" | \ - sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/' | \ - sort + cat $1/arch/powerpc/kernel/syscalls/syscall.tbl | grep -v "^#" | \ + sed -ne "/[0-9]\+[ \t]\+\(common\|nospu\|32\)/p" | \ + awk '{ print $3"\t"$1 }' | sort | (cat -; \ + (cat $1/arch/powerpc/include/uapi/asm/unistd.h | \ + grep "^#define __PPC_NR_" | grep -v "^#define __PPC_NR_BASE" | \ + sed -e 's/#define _PPC_NR_\([a-z0-9_]*\)[ \t]\+(__PPC_NR_BASE+\(.*\))/\1 983040 + \2/' | \ + awk '{ print $1"\t"$2+$4 }')) | sort } # @@ -368,10 +374,13 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_ppc64() { - gcc -E -dM -D__powerpc64__ $1/arch/powerpc/include/uapi/asm/unistd.h | \ - grep "^#define __NR_" | \ - sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/' | \ - sort + cat $1/arch/powerpc/kernel/syscalls/syscall.tbl | grep -v "^#" | \ + sed -ne "/[0-9]\+[ \t]\+\(common\|nospu\|64\)/p" | \ + awk '{ print $3"\t"$1 }' | sort | (cat -; \ + (cat $1/arch/powerpc/include/uapi/asm/unistd.h | \ + grep "^#define __PPC_NR_" | grep -v "^#define __PPC_NR_BASE" | \ + sed -e 's/#define _PPC_NR_\([a-z0-9_]*\)[ \t]\+(__PPC_NR_BASE+\(.*\))/\1 983040 + \2/' | \ + awk '{ print $1"\t"$2+$4 }')) | sort } # @@ -392,16 +401,13 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_s390() { - gcc -E -dM $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \ - sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_timer_create[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t254 + \2/' | \ - while read line; do \ - if echo "$line" | grep -q "+"; then \ - echo "$line" | awk '{ print $1"\t"$2+$4 }'; \ - else \ - echo "$line"; \ - fi; \ - done | \ - sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort + cat $1/arch/s390/kernel/syscalls/syscall.tbl | grep -v "^#" | \ + sed -ne "/[0-9]\+[ \t]\+\(common\|32\)/p" | \ + awk '{ print $3"\t"$1 }' | sort | (cat -; \ + (cat $1/arch/s390/include/uapi/asm/unistd.h | \ + grep "^#define __PPC_NR_" | grep -v "^#define __PPC_NR_BASE" | \ + sed -e 's/#define _PPC_NR_\([a-z0-9_]*\)[ \t]\+(__PPC_NR_BASE+\(.*\))/\1 983040 + \2/' | \ + awk '{ print $1"\t"$2+$4 }')) | sort } # @@ -422,16 +428,13 @@ # Dump the architecture's syscall table to stdout. # function dump_sys_s390x() { - gcc -E -dM -D __s390x__ $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \ - sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_timer_create[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t254 + \2/' | \ - while read line; do \ - if echo "$line" | grep -q "+"; then \ - echo "$line" | awk '{ print $1"\t"$2+$4 }'; \ - else \ - echo "$line"; \ - fi; \ - done | \ - sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort + cat $1/arch/s390/kernel/syscalls/syscall.tbl | grep -v "^#" | \ + sed -ne "/[0-9]\+[ \t]\+\(common\|64\)/p" | \ + awk '{ print $3"\t"$1 }' | sort | (cat -; \ + (cat $1/arch/s390/include/uapi/asm/unistd.h | \ + grep "^#define __PPC_NR_" | grep -v "^#define __PPC_NR_BASE" | \ + sed -e 's/#define _PPC_NR_\([a-z0-9_]*\)[ \t]\+(__PPC_NR_BASE+\(.*\))/\1 983040 + \2/' | \ + awk '{ print $1"\t"$2+$4 }')) | sort } # diff -Nru libseccomp-2.3.1/src/arch-x32.h libseccomp-2.4.1/src/arch-x32.h --- libseccomp-2.3.1/src/arch-x32.h 2016-02-11 18:32:39.776670411 +0000 +++ libseccomp-2.4.1/src/arch-x32.h 2019-04-16 16:19:07.181266560 +0000 @@ -34,6 +34,6 @@ int x32_syscall_resolve_name(const char *name); const char *x32_syscall_resolve_num(int num); -const char *x32_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *x32_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-x32-syscalls.c libseccomp-2.4.1/src/arch-x32-syscalls.c --- libseccomp-2.3.1/src/arch-x32-syscalls.c 2016-02-19 16:05:37.000890615 +0000 +++ libseccomp-2.4.1/src/arch-x32-syscalls.c 2019-04-16 16:19:06.937931960 +0000 @@ -26,7 +26,7 @@ #include "arch.h" #include "arch-x32.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def x32_syscall_table[] = { \ { "_llseek", __PNR__llseek }, { "_newselect", __PNR__newselect }, @@ -122,6 +122,7 @@ { "get_mempolicy", (X32_SYSCALL_BIT + 239) }, { "get_robust_list", (X32_SYSCALL_BIT + 531) }, { "get_thread_area", __PNR_get_thread_area }, + { "get_tls", __PNR_get_tls }, { "getcpu", (X32_SYSCALL_BIT + 309) }, { "getcwd", (X32_SYSCALL_BIT + 79) }, { "getdents", (X32_SYSCALL_BIT + 78) }, @@ -167,6 +168,7 @@ { "io_cancel", (X32_SYSCALL_BIT + 210) }, { "io_destroy", (X32_SYSCALL_BIT + 207) }, { "io_getevents", (X32_SYSCALL_BIT + 208) }, + { "io_pgetevents", (X32_SYSCALL_BIT + 333) }, { "io_setup", (X32_SYSCALL_BIT + 543) }, { "io_submit", (X32_SYSCALL_BIT + 544) }, { "ioctl", (X32_SYSCALL_BIT + 514) }, @@ -254,11 +256,15 @@ { "pipe", (X32_SYSCALL_BIT + 22) }, { "pipe2", (X32_SYSCALL_BIT + 293) }, { "pivot_root", (X32_SYSCALL_BIT + 155) }, + { "pkey_alloc", (X32_SYSCALL_BIT + 330) }, + { "pkey_free", (X32_SYSCALL_BIT + 331) }, + { "pkey_mprotect", (X32_SYSCALL_BIT + 329) }, { "poll", (X32_SYSCALL_BIT + 7) }, { "ppoll", (X32_SYSCALL_BIT + 271) }, { "prctl", (X32_SYSCALL_BIT + 157) }, { "pread64", (X32_SYSCALL_BIT + 17) }, { "preadv", (X32_SYSCALL_BIT + 534) }, + { "preadv2", (X32_SYSCALL_BIT + 546) }, { "prlimit64", (X32_SYSCALL_BIT + 302) }, { "process_vm_readv", (X32_SYSCALL_BIT + 539) }, { "process_vm_writev", (X32_SYSCALL_BIT + 540) }, @@ -269,6 +275,7 @@ { "putpmsg", (X32_SYSCALL_BIT + 182) }, { "pwrite64", (X32_SYSCALL_BIT + 18) }, { "pwritev", (X32_SYSCALL_BIT + 535) }, + { "pwritev2", (X32_SYSCALL_BIT + 547) }, { "query_module", __PNR_query_module }, { "quotactl", (X32_SYSCALL_BIT + 179) }, { "read", (X32_SYSCALL_BIT + 0) }, @@ -290,6 +297,7 @@ { "request_key", (X32_SYSCALL_BIT + 249) }, { "restart_syscall", (X32_SYSCALL_BIT + 219) }, { "rmdir", (X32_SYSCALL_BIT + 84) }, + { "rseq", (X32_SYSCALL_BIT + 334) }, { "rt_sigaction", (X32_SYSCALL_BIT + 512) }, { "rt_sigpending", (X32_SYSCALL_BIT + 522) }, { "rt_sigprocmask", (X32_SYSCALL_BIT + 14) }, @@ -299,9 +307,11 @@ { "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) }, { "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", (X32_SYSCALL_BIT + 146) }, { "sched_get_priority_min", (X32_SYSCALL_BIT + 147) }, { "sched_getaffinity", (X32_SYSCALL_BIT + 204) }, @@ -387,6 +397,7 @@ { "stat64", __PNR_stat64 }, { "statfs", (X32_SYSCALL_BIT + 137) }, { "statfs64", __PNR_statfs64 }, + { "statx", (X32_SYSCALL_BIT + 332) }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -501,15 +512,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *x32_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *x32_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return x32_syscall_table[spot].name; + return &x32_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-x86_64.h libseccomp-2.4.1/src/arch-x86_64.h --- libseccomp-2.3.1/src/arch-x86_64.h 2016-02-11 18:32:39.776670411 +0000 +++ libseccomp-2.4.1/src/arch-x86_64.h 2019-04-16 16:19:07.194599962 +0000 @@ -32,6 +32,6 @@ int x86_64_syscall_resolve_name(const char *name); const char *x86_64_syscall_resolve_num(int num); -const char *x86_64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *x86_64_syscall_iterate(unsigned int spot); #endif diff -Nru libseccomp-2.3.1/src/arch-x86_64-syscalls.c libseccomp-2.4.1/src/arch-x86_64-syscalls.c --- libseccomp-2.3.1/src/arch-x86_64-syscalls.c 2016-02-19 16:05:37.000890615 +0000 +++ libseccomp-2.4.1/src/arch-x86_64-syscalls.c 2019-04-16 16:19:06.957932064 +0000 @@ -26,7 +26,7 @@ #include "arch.h" #include "arch-x86_64.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def x86_64_syscall_table[] = { \ { "_llseek", __PNR__llseek }, { "_newselect", __PNR__newselect }, @@ -122,6 +122,7 @@ { "get_mempolicy", 239 }, { "get_robust_list", 274 }, { "get_thread_area", 211 }, + { "get_tls", __PNR_get_tls }, { "getcpu", 309 }, { "getcwd", 79 }, { "getdents", 78 }, @@ -167,6 +168,7 @@ { "io_cancel", 210 }, { "io_destroy", 207 }, { "io_getevents", 208 }, + { "io_pgetevents", 333 }, { "io_setup", 206 }, { "io_submit", 209 }, { "ioctl", 16 }, @@ -254,11 +256,15 @@ { "pipe", 22 }, { "pipe2", 293 }, { "pivot_root", 155 }, + { "pkey_alloc", 330 }, + { "pkey_free", 331 }, + { "pkey_mprotect", 329 }, { "poll", 7 }, { "ppoll", 271 }, { "prctl", 157 }, { "pread64", 17 }, { "preadv", 295 }, + { "preadv2", 327 }, { "prlimit64", 302 }, { "process_vm_readv", 310 }, { "process_vm_writev", 311 }, @@ -269,6 +275,7 @@ { "putpmsg", 182 }, { "pwrite64", 18 }, { "pwritev", 296 }, + { "pwritev2", 328 }, { "query_module", 178 }, { "quotactl", 179 }, { "read", 0 }, @@ -290,6 +297,7 @@ { "request_key", 249 }, { "restart_syscall", 219 }, { "rmdir", 84 }, + { "rseq", 334 }, { "rt_sigaction", 13 }, { "rt_sigpending", 127 }, { "rt_sigprocmask", 14 }, @@ -299,9 +307,11 @@ { "rt_sigtimedwait", 128 }, { "rt_tgsigqueueinfo", 297 }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", 146 }, { "sched_get_priority_min", 147 }, { "sched_getaffinity", 204 }, @@ -387,6 +397,7 @@ { "stat64", __PNR_stat64 }, { "statfs", 137 }, { "statfs64", __PNR_statfs64 }, + { "statx", 332 }, { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "subpage_prot", __PNR_subpage_prot }, @@ -501,16 +512,16 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *x86_64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *x86_64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return x86_64_syscall_table[spot].name; + return &x86_64_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/arch-x86.c libseccomp-2.4.1/src/arch-x86.c --- libseccomp-2.3.1/src/arch-x86.c 2016-04-20 17:49:44.634846367 +0000 +++ libseccomp-2.4.1/src/arch-x86.c 2019-04-16 16:19:06.971265467 +0000 @@ -50,7 +50,7 @@ * no related syscall, or __NR_SCMP_ERROR otherwise. * */ -int _x86_sock_demux(int socketcall) +static int _x86_sock_demux(int socketcall) { switch (socketcall) { case -101: @@ -126,7 +126,7 @@ * there is no related pseudo syscall, or __NR_SCMP_ERROR otherwise. * */ -int _x86_sock_mux(int syscall) +static int _x86_sock_mux(int syscall) { switch (syscall) { case 337: @@ -210,47 +210,53 @@ /** * add a new rule to the x86 seccomp filter - * @param col the filter collection * @param db the seccomp filter db - * @param strict the strict flag * @param rule the filter rule * * This function adds a new syscall filter to the seccomp filter db, making any * necessary adjustments for the x86 ABI. Returns zero on success, negative * values on failure. * + * It is important to note that in the case of failure the db may be corrupted, + * the caller must use the transaction mechanism if the db integrity is + * important. + * */ -int x86_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict, - struct db_api_rule_list *rule) +int x86_rule_add(struct db_filter *db, struct db_api_rule_list *rule) { - int rc; + int rc = 0; unsigned int iter; - size_t args_size; int sys = rule->syscall; int sys_a, sys_b; - struct db_api_rule_list *rule_a, *rule_b; + struct db_api_rule_list *rule_a, *rule_b, *rule_dup = NULL; if ((sys <= -100 && sys >= -120) || (sys >= 359 && sys <= 373)) { /* (-100 to -120) : multiplexed socket syscalls (359 to 373) : direct socket syscalls, Linux 4.3+ */ /* strict check for the multiplexed socket syscalls */ - for (iter = 0; iter < rule->args_cnt; iter++) { - if ((rule->args[iter].valid != 0) && (strict)) - return -EINVAL; + for (iter = 0; iter < ARG_COUNT_MAX; iter++) { + if ((rule->args[iter].valid != 0) && (rule->strict)) { + rc = -EINVAL; + goto add_return; + } } /* determine both the muxed and direct syscall numbers */ if (sys > 0) { sys_a = _x86_sock_mux(sys); - if (sys_a == __NR_SCMP_ERROR) - return __NR_SCMP_ERROR; + if (sys_a == __NR_SCMP_ERROR) { + rc = __NR_SCMP_ERROR; + goto add_return; + } sys_b = sys; } else { sys_a = sys; sys_b = _x86_sock_demux(sys); - if (sys_b == __NR_SCMP_ERROR) - return __NR_SCMP_ERROR; + if (sys_b == __NR_SCMP_ERROR) { + rc = __NR_SCMP_ERROR; + goto add_return; + } } /* use rule_a for the multiplexed syscall and use rule_b for @@ -265,19 +271,10 @@ } else { /* need two rules, dup the first and link together */ rule_a = rule; - rule_b = malloc(sizeof(*rule_b)); + rule_dup = db_rule_dup(rule_a); + rule_b = rule_dup; if (rule_b == NULL) - return -ENOMEM; - args_size = sizeof(*rule_b->args) * rule_a->args_cnt; - rule_b->args = malloc(args_size); - if (rule_b->args == NULL) { - free(rule_b); - return -ENOMEM; - } - rule_b->action = rule_a->action; - rule_b->syscall = rule_a->syscall; - rule_b->args_cnt = rule_a->args_cnt; - memcpy(rule_b->args, rule_a->args, args_size); + goto add_return; rule_b->prev = rule_a; rule_b->next = NULL; rule_a->next = rule_b; @@ -297,26 +294,24 @@ if (rule_b != NULL) rule_b->syscall = sys_b; - /* add the rules as a single transaction */ - rc = db_col_transaction_start(col); - if (rc < 0) - return rc; + /* we should be protected by a transaction checkpoint */ if (rule_a != NULL) { rc = db_rule_add(db, rule_a); if (rc < 0) - goto fail_transaction; + goto add_return; } if (rule_b != NULL) { rc = db_rule_add(db, rule_b); if (rc < 0) - goto fail_transaction; + goto add_return; } - db_col_transaction_commit(col); } else if (sys <= -200 && sys >= -224) { /* multiplexed ipc syscalls */ for (iter = 0; iter < ARG_COUNT_MAX; iter++) { - if ((rule->args[iter].valid != 0) && (strict)) - return -EINVAL; + if ((rule->args[iter].valid != 0) && (rule->strict)) { + rc = -EINVAL; + goto add_return; + } } rule->args[0].arg = 0; rule->args[0].op = SCMP_CMP_EQ; @@ -327,18 +322,19 @@ rc = db_rule_add(db, rule); if (rc < 0) - return rc; + goto add_return; } else if (sys >= 0) { /* normal syscall processing */ rc = db_rule_add(db, rule); if (rc < 0) - return rc; - } else if (strict) - return -EDOM; - - return 0; + goto add_return; + } else if (rule->strict) { + rc = -EDOM; + goto add_return; + } -fail_transaction: - db_col_transaction_abort(col); +add_return: + if (rule_dup != NULL) + free(rule_dup); return rc; } diff -Nru libseccomp-2.3.1/src/arch-x86.h libseccomp-2.4.1/src/arch-x86.h --- libseccomp-2.3.1/src/arch-x86.h 2016-02-11 18:32:39.776670411 +0000 +++ libseccomp-2.4.1/src/arch-x86.h 2019-04-16 16:19:07.207933365 +0000 @@ -33,11 +33,10 @@ int x86_syscall_resolve_name(const char *name); const char *x86_syscall_resolve_num(int num); -const char *x86_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *x86_syscall_iterate(unsigned int spot); int x86_syscall_rewrite(int *syscall); -int x86_rule_add(struct db_filter_col *col, struct db_filter *db, bool strict, - struct db_api_rule_list *rule); +int x86_rule_add(struct db_filter *db, struct db_api_rule_list *rule); #endif diff -Nru libseccomp-2.3.1/src/arch-x86-syscalls.c libseccomp-2.4.1/src/arch-x86-syscalls.c --- libseccomp-2.3.1/src/arch-x86-syscalls.c 2016-04-10 21:33:50.342181903 +0000 +++ libseccomp-2.4.1/src/arch-x86-syscalls.c 2019-04-16 16:19:06.984598869 +0000 @@ -26,7 +26,7 @@ #include "arch.h" #include "arch-x86.h" -/* NOTE: based on Linux 4.5-rc4 */ +/* NOTE: based on Linux 4.15-rc7 */ const struct arch_syscall_def x86_syscall_table[] = { \ { "_llseek", 140 }, { "_newselect", 142 }, @@ -41,7 +41,7 @@ { "alarm", 27 }, { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, { "arm_sync_file_range", __PNR_arm_sync_file_range }, - { "arch_prctl", __PNR_arch_prctl }, + { "arch_prctl", 384 }, { "bdflush", 134 }, { "bind", 361 }, { "bpf", 357 }, @@ -122,6 +122,7 @@ { "get_mempolicy", 275 }, { "get_robust_list", 312 }, { "get_thread_area", 244 }, + { "get_tls", __PNR_get_tls }, { "getcpu", 318 }, { "getcwd", 183 }, { "getdents", 141 }, @@ -167,6 +168,7 @@ { "io_cancel", 249 }, { "io_destroy", 246 }, { "io_getevents", 247 }, + { "io_pgetevents", 385 }, { "io_setup", 245 }, { "io_submit", 248 }, { "ioctl", 54 }, @@ -254,11 +256,15 @@ { "pipe", 42 }, { "pipe2", 331 }, { "pivot_root", 217 }, + { "pkey_alloc", 381 }, + { "pkey_free", 382 }, + { "pkey_mprotect", 380 }, { "poll", 168 }, { "ppoll", 309 }, { "prctl", 172 }, { "pread64", 180 }, { "preadv", 333 }, + { "preadv2", 378 }, { "prlimit64", 340 }, { "process_vm_readv", 347 }, { "process_vm_writev", 348 }, @@ -269,6 +275,7 @@ { "putpmsg", 189 }, { "pwrite64", 181 }, { "pwritev", 334 }, + { "pwritev2", 379 }, { "query_module", 167 }, { "quotactl", 131 }, { "read", 3 }, @@ -290,6 +297,7 @@ { "request_key", 287 }, { "restart_syscall", 0 }, { "rmdir", 40 }, + { "rseq", 386 }, { "rt_sigaction", 174 }, { "rt_sigpending", 176 }, { "rt_sigprocmask", 175 }, @@ -299,9 +307,11 @@ { "rt_sigtimedwait", 177 }, { "rt_tgsigqueueinfo", 335 }, { "rtas", __PNR_rtas }, + { "s390_guarded_storage", __PNR_s390_guarded_storage }, { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, { "s390_runtime_instr", __PNR_s390_runtime_instr }, + { "s390_sthyi", __PNR_s390_sthyi }, { "sched_get_priority_max", 159 }, { "sched_get_priority_min", 160 }, { "sched_getaffinity", 242 }, @@ -387,6 +397,7 @@ { "stat64", 195 }, { "statfs", 99 }, { "statfs64", 268 }, + { "statx", 383 }, { "stime", 25 }, { "stty", 31 }, { "subpage_prot", __PNR_subpage_prot }, @@ -585,15 +596,15 @@ } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *x86_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *x86_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return x86_syscall_table[spot].name; + return &x86_syscall_table[spot]; } diff -Nru libseccomp-2.3.1/src/db.c libseccomp-2.4.1/src/db.c --- libseccomp-2.3.1/src/db.c 2016-02-22 22:43:28.747435551 +0000 +++ libseccomp-2.4.1/src/db.c 2019-04-16 16:19:07.007932324 +0000 @@ -1,7 +1,8 @@ /** * Enhanced Seccomp Filter DB * - * Copyright (c) 2012,2016 Red Hat + * Copyright (c) 2012,2016,2018 Red Hat + * Copyright (c) 2019 Cisco Systems, Inc. * Author: Paul Moore */ @@ -31,6 +32,7 @@ #include "arch.h" #include "db.h" #include "system.h" +#include "helper.h" /* state values */ #define _DB_STA_VALID 0xA1B2C3D4 @@ -43,53 +45,300 @@ #define _DB_PRI_MASK_USER 0x00FF0000 #define _DB_PRI_USER(x) (((x) << 16) & _DB_PRI_MASK_USER) -/* private structure for tracking the state of the sub-tree "pruning" */ -struct db_prune_state { - bool prefix_exist; - bool prefix_new; - bool matched; +/* prove information about the sub-tree check results */ +struct db_iter_state { +#define _DB_IST_NONE 0x00000000 +#define _DB_IST_MATCH 0x00000001 +#define _DB_IST_MATCH_ONCE 0x00000002 +#define _DB_IST_X_FINISHED 0x00000010 +#define _DB_IST_N_FINISHED 0x00000020 +#define _DB_IST_X_PREFIX 0x00000100 +#define _DB_IST_N_PREFIX 0x00000200 +#define _DB_IST_M_MATCHSET (_DB_IST_MATCH|_DB_IST_MATCH_ONCE) +#define _DB_IST_M_REDUNDANT (_DB_IST_MATCH| \ + _DB_IST_X_FINISHED| \ + _DB_IST_N_PREFIX) + unsigned int flags; + uint32_t action; + struct db_sys_list *sx; }; -static unsigned int _db_tree_free(struct db_arg_chain_tree *tree); +static unsigned int _db_node_put(struct db_arg_chain_tree **node); /** - * Do not call this function directly, use _db_tree_free() instead + * Define the syscall argument priority for nodes on the same level of the tree + * @param a tree node + * + * Prioritize the syscall argument value, taking into account hi/lo words. + * Should only ever really be called by _db_chain_{lt,eq}(). Returns an + * arbitrary value indicating priority. + * */ -static unsigned int __db_tree_free(struct db_arg_chain_tree *tree) +static unsigned int __db_chain_arg_priority(const struct db_arg_chain_tree *a) { - int cnt; + return (a->arg << 1) + (a->arg_h_flg ? 1 : 0); +} - if (tree == NULL || --(tree->refcnt) > 0) +/** + * Define the "op" priority for nodes on the same level of the tree + * @param op the argument operator + * + * Prioritize the syscall argument comparison operator. Should only ever + * really be called by _db_chain_{lt,eq}(). Returns an arbitrary value + * indicating priority. + * + */ +static unsigned int __db_chain_op_priority(enum scmp_compare op) +{ + /* the distinction between LT/LT and GT/GE is mostly to make the + * ordering as repeatable as possible regardless of the order in which + * the rules are added */ + switch (op) { + case SCMP_CMP_MASKED_EQ: + case SCMP_CMP_EQ: + case SCMP_CMP_NE: + return 3; + case SCMP_CMP_LE: + case SCMP_CMP_LT: + return 2; + case SCMP_CMP_GE: + case SCMP_CMP_GT: + return 1; + default: return 0; + } +} + +/** + * Determine if node "a" is less than node "b" + * @param a tree node + * @param b tree node + * + * The logic is best explained by looking at the comparison code in the + * function. + * + */ +static bool _db_chain_lt(const struct db_arg_chain_tree *a, + const struct db_arg_chain_tree *b) +{ + unsigned int a_arg, b_arg; + unsigned int a_op, b_op; + + a_arg = __db_chain_arg_priority(a); + b_arg = __db_chain_arg_priority(b); + if (a_arg < b_arg) + return true; + else if (a_arg > b_arg) + return false; + + a_op = __db_chain_op_priority(a->op_orig); + b_op = __db_chain_op_priority(b->op_orig); + if (a_op < b_op) + return true; + else if (a_op > b_op) + return false; - /* we assume the caller has ensured that 'tree->lvl_prv == NULL' */ - cnt = __db_tree_free(tree->lvl_nxt); - cnt += _db_tree_free(tree->nxt_t); - cnt += _db_tree_free(tree->nxt_f); + /* NOTE: at this point the arg and op priorities are equal */ - free(tree); - return cnt + 1; + switch (a->op_orig) { + case SCMP_CMP_LE: + case SCMP_CMP_LT: + /* in order to ensure proper ordering for LT/LE comparisons we + * need to invert the argument value so smaller values come + * first */ + if (a->datum > b->datum) + return true; + break; + default: + if (a->datum < b->datum) + return true; + break; + } + + return false; +} + +/** + * Determine if two nodes have equal argument datum values + * @param a tree node + * @param b tree node + * + * In order to return true the nodes must have the same datum and mask for the + * same argument. + * + */ +static bool _db_chain_eq(const struct db_arg_chain_tree *a, + const struct db_arg_chain_tree *b) +{ + unsigned int a_arg, b_arg; + + a_arg = __db_chain_arg_priority(a); + b_arg = __db_chain_arg_priority(b); + + return ((a_arg == b_arg) && (a->op == b->op) && + (a->datum == b->datum) && (a->mask == b->mask)); +} + +/** + * Determine if a given tree node is a leaf node + * @param iter the node to test + * + * A leaf node is a node with no other nodes beneath it. + * + */ +static bool _db_chain_leaf(const struct db_arg_chain_tree *iter) +{ + return (iter->nxt_t == NULL && iter->nxt_f == NULL); +} + +/** + * Determine if a given tree node is a zombie node + * @param iter the node to test + * + * A zombie node is a leaf node that also has no true or false actions. + * + */ +static bool _db_chain_zombie(const struct db_arg_chain_tree *iter) +{ + return (_db_chain_leaf(iter) && + !(iter->act_t_flg) && !(iter->act_f_flg)); +} + +/** + * Get a node reference + * @param node pointer to a node + * + * This function gets a reference to an individual node. Returns a pointer + * to the node. + * + */ +static struct db_arg_chain_tree *_db_node_get(struct db_arg_chain_tree *node) +{ + if (node != NULL) + node->refcnt++; + return node; +} + +/** + * Garbage collect a level of the tree + * @param node tree node + * + * Check the entire level on which @node resides, if there is no other part of + * the tree which points to a node on this level, remove the entire level. + * Returns the number of nodes removed. + * + */ +static unsigned int _db_level_clean(struct db_arg_chain_tree *node) +{ + int cnt = 0; + unsigned int links; + struct db_arg_chain_tree *n = node; + struct db_arg_chain_tree *start; + + while (n->lvl_prv) + n = n->lvl_prv; + start = n; + + while (n != NULL) { + links = 0; + if (n->lvl_prv) + links++; + if (n->lvl_nxt) + links++; + + if (n->refcnt > links) + return cnt; + + n = n->lvl_nxt; + } + + n = start; + while (n != NULL) + cnt += _db_node_put(&n); + + return cnt; } /** * Free a syscall filter argument chain tree * @param tree the argument chain list * - * This function frees a tree and returns the number of nodes freed. + * This function drops a reference to the tree pointed to by @tree and garbage + * collects the top level. Returns the number of nodes removed. * */ -static unsigned int _db_tree_free(struct db_arg_chain_tree *tree) +static unsigned int _db_tree_put(struct db_arg_chain_tree **tree) { - struct db_arg_chain_tree *iter; + unsigned int cnt; - if (tree == NULL) + cnt = _db_node_put(tree); + if (*tree) + cnt += _db_level_clean(*tree); + + return cnt; +} + +/** + * Release a node reference + * @param node pointer to a node + * + * This function drops a reference to an individual node, unless this is the + * last reference in which the entire sub-tree is affected. Returns the number + * of nodes freed. + * + */ +static unsigned int _db_node_put(struct db_arg_chain_tree **node) +{ + unsigned int cnt = 0; + struct db_arg_chain_tree *n = *node; + struct db_arg_chain_tree *lvl_p, *lvl_n, *nxt_t, *nxt_f; + + if (n == NULL) return 0; - iter = tree; - while (iter->lvl_prv != NULL) - iter = iter->lvl_prv; + if (--(n->refcnt) == 0) { + lvl_p = n->lvl_prv; + lvl_n = n->lvl_nxt; + nxt_t = n->nxt_t; + nxt_f = n->nxt_f; + + /* split the current level */ + /* NOTE: we still hold a ref for both lvl_p and lvl_n */ + if (lvl_p) + lvl_p->lvl_nxt = NULL; + if (lvl_n) + lvl_n->lvl_prv = NULL; + + /* drop refcnts on the current level */ + if (lvl_p) + cnt += _db_node_put(&lvl_p); + if (lvl_n) + cnt += _db_node_put(&lvl_n); + + /* re-link current level if it still exists */ + if (lvl_p) + lvl_p->lvl_nxt = _db_node_get(lvl_n); + if (lvl_n) + lvl_n->lvl_prv = _db_node_get(lvl_p); + + /* update caller's pointer */ + if (lvl_p) + *node = lvl_p; + else if (lvl_n) + *node = lvl_n; + else + *node = NULL; - return __db_tree_free(iter); + /* drop the next level(s) */ + cnt += _db_tree_put(&nxt_t); + cnt += _db_tree_put(&nxt_f); + + /* cleanup and accounting */ + free(n); + cnt++; + } + + return cnt; } /** @@ -97,8 +346,8 @@ * @param tree the pointer to the tree * @param node the node to remove * - * This function searches the tree looking for the node and removes it once - * found. Returns the number of nodes freed. + * This function searches the tree looking for the node and removes it as well + * as any sub-trees beneath it. Returns the number of nodes freed. * */ static unsigned int _db_tree_remove(struct db_arg_chain_tree **tree, @@ -115,32 +364,43 @@ c_iter = c_iter->lvl_prv; do { - if (c_iter == node || db_chain_zombie(c_iter)) { - /* remove from the tree */ - if (c_iter == *tree) { - if (c_iter->lvl_prv != NULL) - *tree = c_iter->lvl_prv; - else - *tree = c_iter->lvl_nxt; - } - if (c_iter->lvl_prv != NULL) - c_iter->lvl_prv->lvl_nxt = c_iter->lvl_nxt; - if (c_iter->lvl_nxt != NULL) - c_iter->lvl_nxt->lvl_prv = c_iter->lvl_prv; - - /* free and return */ - c_iter->lvl_prv = NULL; - c_iter->lvl_nxt = NULL; - cnt += _db_tree_free(c_iter); - return cnt; - } + /* current node? */ + if (c_iter == node) + goto remove; - /* check the true/false sub-trees */ + /* check the sub-trees */ cnt += _db_tree_remove(&(c_iter->nxt_t), node); cnt += _db_tree_remove(&(c_iter->nxt_f), node); + /* check for empty/zombie nodes */ + if (_db_chain_zombie(c_iter)) + goto remove; + + /* next node on this level */ c_iter = c_iter->lvl_nxt; - } while (c_iter != NULL); + } while (c_iter != NULL && cnt == 0); + + return cnt; + +remove: + /* reset the tree pointer if needed */ + if (c_iter == *tree) { + if (c_iter->lvl_prv != NULL) + *tree = c_iter->lvl_prv; + else + *tree = c_iter->lvl_nxt; + } + + /* remove the node from the current level */ + if (c_iter->lvl_prv) + c_iter->lvl_prv->lvl_nxt = c_iter->lvl_nxt; + if (c_iter->lvl_nxt) + c_iter->lvl_nxt->lvl_prv = c_iter->lvl_prv; + c_iter->lvl_prv = NULL; + c_iter->lvl_nxt = NULL; + + /* free the node and any sub-trees */ + cnt += _db_node_put(&c_iter); return cnt; } @@ -188,162 +448,370 @@ /** * Checks for a sub-tree match in an existing tree and prunes the tree - * @param prev the head of the existing tree or sub-tree - * @param existing the starting point into the existing tree + * @param existing pointer to the existing tree * @param new pointer to the new tree - * @param state pointer to the pruning state + * @param state pointer to a state structure * - * This function searches the existing and new trees trying to prune each to - * eliminate redundancy. Returns the number of nodes removed from the tree on - * success, zero if no changes were made, and negative values if the new tree - * should be discarded. + * This function searches the existing tree trying to prune it based on the + * new tree. Returns the number of nodes removed from the tree on success, + * zero if no changes were made. * */ -static int _db_tree_sub_prune(struct db_arg_chain_tree **prev, - struct db_arg_chain_tree *existing, - struct db_arg_chain_tree *new, - struct db_prune_state *state) +static int _db_tree_prune(struct db_arg_chain_tree **existing, + struct db_arg_chain_tree *new, + struct db_iter_state *state) { - int rc = 0; - int rc_tmp; - struct db_arg_chain_tree *ec_iter; - struct db_arg_chain_tree *ec_iter_tmp; - struct db_arg_chain_tree *c_iter; - struct db_prune_state state_new; - - if (!state || !existing || !new) - return 0; + int cnt = 0; + struct db_iter_state state_nxt; + struct db_iter_state state_new = *state; + struct db_arg_chain_tree *x_iter_next; + struct db_arg_chain_tree *x_iter = *existing; + struct db_arg_chain_tree *n_iter = new; + + /* check if either tree is finished */ + if (n_iter == NULL || x_iter == NULL) + goto prune_return; + + /* bail out if we have a broken match */ + if ((state->flags & _DB_IST_M_MATCHSET) == _DB_IST_MATCH_ONCE) + goto prune_return; + + /* get to the start of the existing level */ + while (x_iter->lvl_prv) + x_iter = x_iter->lvl_prv; + + /* NOTE: a few comments on the code below ... + * 1) we need to take a reference before we go down a level in case + * we end up dropping the sub-tree (see the _db_node_get() calls) + * 2) since the new tree really only has one branch, we can only ever + * match on one branch in the existing tree, if we "hit" then we + * can bail on the other branches */ - ec_iter = existing; - c_iter = new; do { - if (db_chain_eq(ec_iter, c_iter)) { - /* equal */ + /* store this now in case we remove x_iter */ + x_iter_next = x_iter->lvl_nxt; + + /* compare the two nodes */ + if (_db_chain_eq(x_iter, n_iter)) { + /* we have a match */ + state_new.flags |= _DB_IST_M_MATCHSET; + + /* check if either tree is finished */ + if (_db_chain_leaf(n_iter)) + state_new.flags |= _DB_IST_N_FINISHED; + if (_db_chain_leaf(x_iter)) + state_new.flags |= _DB_IST_X_FINISHED; + + /* don't remove nodes if we have more actions/levels */ + if ((x_iter->act_t_flg || x_iter->nxt_t) && + !(n_iter->act_t_flg || n_iter->nxt_t)) + goto prune_return; + if ((x_iter->act_f_flg || x_iter->nxt_f) && + !(n_iter->act_f_flg || n_iter->nxt_f)) + goto prune_return; + + /* if finished, compare actions */ + if ((state_new.flags & _DB_IST_N_FINISHED) && + (state_new.flags & _DB_IST_X_FINISHED)) { + if (n_iter->act_t_flg != x_iter->act_t_flg) + goto prune_return; + if (n_iter->act_t != x_iter->act_t) + goto prune_return; + + if (n_iter->act_f_flg != x_iter->act_f_flg) + goto prune_return; + if (n_iter->act_f != x_iter->act_f) + goto prune_return; + } + + /* check next level */ + if (n_iter->nxt_t) { + _db_node_get(x_iter); + state_nxt = *state; + state_nxt.flags |= _DB_IST_M_MATCHSET; + cnt += _db_tree_prune(&x_iter->nxt_t, + n_iter->nxt_t, + &state_nxt); + cnt += _db_node_put(&x_iter); + if (state_nxt.flags & _DB_IST_MATCH) { + state_new.flags |= state_nxt.flags; + /* don't return yet, we need to check + * the current node */ + } + if (x_iter == NULL) + goto prune_next_node; + } + if (n_iter->nxt_f) { + _db_node_get(x_iter); + state_nxt = *state; + state_nxt.flags |= _DB_IST_M_MATCHSET; + cnt += _db_tree_prune(&x_iter->nxt_f, + n_iter->nxt_f, + &state_nxt); + cnt += _db_node_put(&x_iter); + if (state_nxt.flags & _DB_IST_MATCH) { + state_new.flags |= state_nxt.flags; + /* don't return yet, we need to check + * the current node */ + } + if (x_iter == NULL) + goto prune_next_node; + } - if (db_chain_leaf(c_iter)) { - /* leaf */ - if (db_chain_eq_result(ec_iter, c_iter)) { - /* identical results */ - if (prev != NULL) - return _db_tree_remove(prev, - ec_iter); - else - return -1; + /* remove the node? */ + if (!_db_tree_act_check(x_iter, state_new.action) && + (state_new.flags & _DB_IST_MATCH) && + (state_new.flags & _DB_IST_N_FINISHED) && + (state_new.flags & _DB_IST_X_PREFIX)) { + /* yes - the new tree is "shorter" */ + cnt += _db_tree_remove(&state->sx->chains, + x_iter); + if (state->sx->chains == NULL) + goto prune_return; + } else if (!_db_tree_act_check(x_iter, state_new.action) + && (state_new.flags & _DB_IST_MATCH) && + (state_new.flags & _DB_IST_X_FINISHED) && + (state_new.flags & _DB_IST_N_PREFIX)) { + /* no - the new tree is "longer" */ + goto prune_return; + } + } else if (_db_chain_lt(x_iter, n_iter)) { + /* bail if we have a prefix on the new tree */ + if (state->flags & _DB_IST_N_PREFIX) + goto prune_return; + + /* check the next level in the existing tree */ + if (x_iter->nxt_t) { + _db_node_get(x_iter); + state_nxt = *state; + state_nxt.flags &= ~_DB_IST_MATCH; + state_nxt.flags |= _DB_IST_X_PREFIX; + cnt += _db_tree_prune(&x_iter->nxt_t, n_iter, + &state_nxt); + cnt += _db_node_put(&x_iter); + if (state_nxt.flags & _DB_IST_MATCH) { + state_new.flags |= state_nxt.flags; + goto prune_return; + } + if (x_iter == NULL) + goto prune_next_node; + } + if (x_iter->nxt_f) { + _db_node_get(x_iter); + state_nxt = *state; + state_nxt.flags &= ~_DB_IST_MATCH; + state_nxt.flags |= _DB_IST_X_PREFIX; + cnt += _db_tree_prune(&x_iter->nxt_f, n_iter, + &state_nxt); + cnt += _db_node_put(&x_iter); + if (state_nxt.flags & _DB_IST_MATCH) { + state_new.flags |= state_nxt.flags; + goto prune_return; + } + if (x_iter == NULL) + goto prune_next_node; + } + } else { + /* bail if we have a prefix on the existing tree */ + if (state->flags & _DB_IST_X_PREFIX) + goto prune_return; + + /* check the next level in the new tree */ + if (n_iter->nxt_t) { + _db_node_get(x_iter); + state_nxt = *state; + state_nxt.flags &= ~_DB_IST_MATCH; + state_nxt.flags |= _DB_IST_N_PREFIX; + cnt += _db_tree_prune(&x_iter, n_iter->nxt_t, + &state_nxt); + cnt += _db_node_put(&x_iter); + if (state_nxt.flags & _DB_IST_MATCH) { + state_new.flags |= state_nxt.flags; + goto prune_return; + } + if (x_iter == NULL) + goto prune_next_node; + } + if (n_iter->nxt_f) { + _db_node_get(x_iter); + state_nxt = *state; + state_nxt.flags &= ~_DB_IST_MATCH; + state_nxt.flags |= _DB_IST_N_PREFIX; + cnt += _db_tree_prune(&x_iter, n_iter->nxt_f, + &state_nxt); + cnt += _db_node_put(&x_iter); + if (state_nxt.flags & _DB_IST_MATCH) { + state_new.flags |= state_nxt.flags; + goto prune_return; } - if (c_iter->act_t_flg && ec_iter->nxt_t) { - /* new is shorter (true) */ - if (prev == NULL) - return -1; - rc += _db_tree_remove(&(ec_iter->nxt_t), - ec_iter->nxt_t); - ec_iter->act_t = c_iter->act_t; - ec_iter->act_t_flg = true; + if (x_iter == NULL) + goto prune_next_node; + } + } + +prune_next_node: + /* check next node on this level */ + x_iter = x_iter_next; + } while (x_iter); + + // if we are falling through, we clearly didn't match on anything + state_new.flags &= ~_DB_IST_MATCH; + +prune_return: + /* no more nodes on this level, return to the level above */ + if (state_new.flags & _DB_IST_MATCH) + state->flags |= state_new.flags; + else + state->flags &= ~_DB_IST_MATCH; + return cnt; +} + +/** + * Add a new tree into an existing tree + * @param existing pointer to the existing tree + * @param new pointer to the new tree + * @param state pointer to a state structure + * + * This function adds the new tree into the existing tree, fetching additional + * references as necessary. Returns zero on success, negative values on + * failure. + * + */ +static int _db_tree_add(struct db_arg_chain_tree **existing, + struct db_arg_chain_tree *new, + struct db_iter_state *state) +{ + int rc; + struct db_arg_chain_tree *x_iter = *existing; + struct db_arg_chain_tree *n_iter = new; + + do { + if (_db_chain_eq(x_iter, n_iter)) { + if (n_iter->act_t_flg) { + if (!x_iter->act_t_flg) { + /* new node has a true action */ + + /* do the actions match? */ + rc = _db_tree_act_check(x_iter->nxt_t, + n_iter->act_t); + if (rc != 0) + return rc; + + /* update with the new action */ + rc = _db_node_put(&x_iter->nxt_t); + x_iter->nxt_t = NULL; + x_iter->act_t = n_iter->act_t; + x_iter->act_t_flg = true; + state->sx->node_cnt -= rc; + } else if (n_iter->act_t != x_iter->act_t) { + /* if we are dealing with a 64-bit + * comparison, we need to adjust our + * action based on the full 64-bit + * value to ensure we handle GT/GE + * comparisons correctly */ + if (n_iter->arg_h_flg && + (n_iter->datum_full > + x_iter->datum_full)) + x_iter->act_t = n_iter->act_t; + if (_db_chain_leaf(x_iter) || + _db_chain_leaf(n_iter)) + return -EEXIST; } - if (c_iter->act_f_flg && ec_iter->nxt_f) { - /* new is shorter (false) */ - if (prev == NULL) - return -1; - rc += _db_tree_remove(&(ec_iter->nxt_f), - ec_iter->nxt_f); - ec_iter->act_f = c_iter->act_f; - ec_iter->act_f_flg = true; + } + if (n_iter->act_f_flg) { + if (!x_iter->act_f_flg) { + /* new node has a false action */ + + /* do the actions match? */ + rc = _db_tree_act_check(x_iter->nxt_f, + n_iter->act_f); + if (rc != 0) + return rc; + + /* update with the new action */ + rc = _db_node_put(&x_iter->nxt_f); + x_iter->nxt_f = NULL; + x_iter->act_f = n_iter->act_f; + x_iter->act_f_flg = true; + state->sx->node_cnt -= rc; + } else if (n_iter->act_f != x_iter->act_f) { + /* if we are dealing with a 64-bit + * comparison, we need to adjust our + * action based on the full 64-bit + * value to ensure we handle LT/LE + * comparisons correctly */ + if (n_iter->arg_h_flg && + (n_iter->datum_full < + x_iter->datum_full)) + x_iter->act_t = n_iter->act_t; + if (_db_chain_leaf(x_iter) || + _db_chain_leaf(n_iter)) + return -EEXIST; } + } - return rc; + if (n_iter->nxt_t) { + if (x_iter->nxt_t) { + /* compare the next level */ + rc = _db_tree_add(&x_iter->nxt_t, + n_iter->nxt_t, + state); + if (rc != 0) + return rc; + } else if (!x_iter->act_t_flg) { + /* add a new sub-tree */ + x_iter->nxt_t = _db_node_get(n_iter->nxt_t); + } else + /* done - existing tree is "shorter" */ + return 0; + } + if (n_iter->nxt_f) { + if (x_iter->nxt_f) { + /* compare the next level */ + rc = _db_tree_add(&x_iter->nxt_f, + n_iter->nxt_f, + state); + if (rc != 0) + return rc; + } else if (!x_iter->act_f_flg) { + /* add a new sub-tree */ + x_iter->nxt_f = _db_node_get(n_iter->nxt_f); + } else + /* done - existing tree is "shorter" */ + return 0; } - if (c_iter->nxt_t && ec_iter->act_t_flg) - /* existing is shorter (true) */ - return -1; - if (c_iter->nxt_f && ec_iter->act_f_flg) - /* existing is shorter (false) */ - return -1; - - if (c_iter->nxt_t) { - state_new = *state; - state_new.matched = true; - rc_tmp = _db_tree_sub_prune((prev ? - &ec_iter : NULL), - ec_iter->nxt_t, - c_iter->nxt_t, - &state_new); - rc += (rc_tmp > 0 ? rc_tmp : 0); - if (state->prefix_new && rc_tmp < 0) - return (rc > 0 ? rc : rc_tmp); - } - if (c_iter->nxt_f) { - state_new = *state; - state_new.matched = true; - rc_tmp = _db_tree_sub_prune((prev ? - &ec_iter : NULL), - ec_iter->nxt_f, - c_iter->nxt_f, - &state_new); - rc += (rc_tmp > 0 ? rc_tmp : 0); - if (state->prefix_new && rc_tmp < 0) - return (rc > 0 ? rc : rc_tmp); - } - } else if (db_chain_lt(ec_iter, c_iter)) { - /* less than */ - if (state->matched || state->prefix_new) - goto next; - state_new = *state; - state_new.prefix_exist = true; - - if (ec_iter->nxt_t) { - rc_tmp = _db_tree_sub_prune((prev ? - &ec_iter : NULL), - ec_iter->nxt_t, - c_iter, - &state_new); - rc += (rc_tmp > 0 ? rc_tmp : 0); - } - if (ec_iter->nxt_f) { - rc_tmp = _db_tree_sub_prune((prev ? - &ec_iter : NULL), - ec_iter->nxt_f, - c_iter, - &state_new); - rc += (rc_tmp > 0 ? rc_tmp : 0); - } - } else if (db_chain_gt(ec_iter, c_iter)) { - /* greater than */ - if (state->matched || state->prefix_exist) - goto next; - state_new = *state; - state_new.prefix_new = true; - - if (c_iter->nxt_t) { - rc_tmp = _db_tree_sub_prune(NULL, - ec_iter, - c_iter->nxt_t, - &state_new); - rc += (rc_tmp > 0 ? rc_tmp : 0); - if (rc_tmp < 0) - return (rc > 0 ? rc : rc_tmp); - } - if (c_iter->nxt_f) { - rc_tmp = _db_tree_sub_prune(NULL, - ec_iter, - c_iter->nxt_f, - &state_new); - rc += (rc_tmp > 0 ? rc_tmp : 0); - if (rc_tmp < 0) - return (rc > 0 ? rc : rc_tmp); + return 0; + } else if (!_db_chain_lt(x_iter, n_iter)) { + /* try to move along the current level */ + if (x_iter->lvl_nxt == NULL) { + /* add to the end of this level */ + n_iter->lvl_prv = _db_node_get(x_iter); + x_iter->lvl_nxt = _db_node_get(n_iter); + return 0; + } else + /* next */ + x_iter = x_iter->lvl_nxt; + } else { + /* add before the existing node on this level*/ + if (x_iter->lvl_prv != NULL) { + x_iter->lvl_prv->lvl_nxt = _db_node_get(n_iter); + n_iter->lvl_prv = x_iter->lvl_prv; + x_iter->lvl_prv = _db_node_get(n_iter); + n_iter->lvl_nxt = x_iter; + } else { + x_iter->lvl_prv = _db_node_get(n_iter); + n_iter->lvl_nxt = _db_node_get(x_iter); } + if (*existing == x_iter) { + *existing = _db_node_get(n_iter); + _db_node_put(&x_iter); + } + return 0; } + } while (x_iter); -next: - /* re-check current node and advance to the next node */ - if (db_chain_zombie(ec_iter)) { - ec_iter_tmp = ec_iter->lvl_nxt; - rc += _db_tree_remove(prev, ec_iter); - ec_iter = ec_iter_tmp; - } else - ec_iter = ec_iter->lvl_nxt; - } while (ec_iter); - - return rc; + return 0; } /** @@ -367,7 +835,7 @@ s_iter = db->syscalls; while (s_iter != NULL) { db->syscalls = s_iter->next; - _db_tree_free(s_iter->chains); + _db_tree_put(&s_iter->chains); free(s_iter); s_iter = db->syscalls; } @@ -381,7 +849,6 @@ r_iter = db->rules; while (r_iter != NULL) { db->rules = r_iter->next; - free(r_iter->args); free(r_iter); r_iter = db->rules; } @@ -401,15 +868,12 @@ { struct db_filter *db; - db = malloc(sizeof(*db)); + db = zmalloc(sizeof(*db)); if (db == NULL) return NULL; - /* clear the buffer for the first time and set the arch */ - memset(db, 0, sizeof(*db)); + /* set the arch and reset the DB to a known state */ db->arch = arch; - - /* reset the DB to a known state */ _db_reset(db); return db; @@ -492,10 +956,9 @@ } /* no existing syscall entry - create a phantom entry */ - s_new = malloc(sizeof(*s_new)); + s_new = zmalloc(sizeof(*s_new)); if (s_new == NULL) return -ENOMEM; - memset(s_new, 0, sizeof(*s_new)); s_new->num = syscall; s_new->priority = sys_pri; s_new->valid = false; @@ -513,6 +976,57 @@ } /** + * Create a new rule + * @param strict the strict value + * @param action the rule's action + * @param syscall the syscall number + * @param chain the syscall argument filter + * + * This function creates a new rule structure based on the given arguments. + * Returns a pointer to the new rule on success, NULL on failure. + * + */ +static struct db_api_rule_list *_db_rule_new(bool strict, + uint32_t action, int syscall, + struct db_api_arg *chain) +{ + struct db_api_rule_list *rule; + + rule = zmalloc(sizeof(*rule)); + if (rule == NULL) + return NULL; + rule->action = action; + rule->syscall = syscall; + rule->strict = strict; + memcpy(rule->args, chain, sizeof(*chain) * ARG_COUNT_MAX); + + return rule; +} + +/** + * Duplicate an existing filter rule + * @param src the rule to duplicate + * + * This function makes an exact copy of the given rule, but does not add it + * to any lists. Returns a pointer to the new rule on success, NULL on + * failure. + * + */ +struct db_api_rule_list *db_rule_dup(const struct db_api_rule_list *src) +{ + struct db_api_rule_list *dest; + + dest = malloc(sizeof(*dest)); + if (dest == NULL) + return NULL; + memcpy(dest, src, sizeof(*dest)); + dest->prev = NULL; + dest->next = NULL; + + return dest; +} + +/** * Free and reset the seccomp filter collection * @param col the seccomp filter collection * @param def_action the default filter action @@ -548,6 +1062,7 @@ col->attr.act_badarch = SCMP_ACT_KILL; col->attr.nnp_enable = 1; col->attr.tsync_enable = 0; + col->attr.api_tskip = 0; /* set the state */ col->state = _DB_STA_VALID; @@ -586,13 +1101,10 @@ { struct db_filter_col *col; - col = malloc(sizeof(*col)); + col = zmalloc(sizeof(*col)); if (col == NULL) return NULL; - /* clear the buffer for the first time */ - memset(col, 0, sizeof(*col)); - /* reset the DB to a known state */ if (db_col_reset(col, def_action) < 0) goto init_failure; @@ -643,18 +1155,8 @@ */ int db_action_valid(uint32_t action) { - if (action == SCMP_ACT_KILL) - return 0; - else if (action == SCMP_ACT_TRAP) - return 0; - else if ((action == SCMP_ACT_ERRNO(action & 0x0000ffff)) && - ((action & 0x0000ffff) < MAX_ERRNO)) + if (sys_chk_seccomp_action(action) == 1) return 0; - else if (action == SCMP_ACT_TRACE(action & 0x0000ffff)) - return 0; - else if (action == SCMP_ACT_ALLOW) - return 0; - return -EINVAL; } @@ -690,7 +1192,7 @@ /* verify that the endianess is a match */ if (col_dst->endian != col_src->endian) - return -EEXIST; + return -EDOM; /* make sure we don't have any arch/filter collisions */ for (iter_a = 0; iter_a < col_dst->filter_cnt; iter_a++) { @@ -772,6 +1274,12 @@ case SCMP_FLTATR_CTL_TSYNC: *value = col->attr.tsync_enable; break; + case SCMP_FLTATR_API_TSKIP: + *value = col->attr.api_tskip; + break; + case SCMP_FLTATR_CTL_LOG: + *value = col->attr.log_enable; + break; default: rc = -EEXIST; break; @@ -819,6 +1327,20 @@ /* unsupported */ rc = -EOPNOTSUPP; break; + case SCMP_FLTATR_API_TSKIP: + col->attr.api_tskip = (value ? 1 : 0); + break; + case SCMP_FLTATR_CTL_LOG: + rc = sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_LOG); + if (rc == 1) { + /* supported */ + rc = 0; + col->attr.log_enable = (value ? 1 : 0); + } else if (rc == 0) { + /* unsupported */ + rc = -EOPNOTSUPP; + } + break; default: rc = -EEXIST; break; @@ -867,7 +1389,7 @@ struct db_filter **dbs; if (col->endian != 0 && col->endian != db->arch->endian) - return -EEXIST; + return -EDOM; if (db_col_arch_exist(col, db->arch->token)) return -EEXIST; @@ -978,37 +1500,32 @@ /** * Generate a new filter rule for a 64 bit system * @param arch the architecture definition - * @param action the filter action - * @param syscall the syscall number - * @param chain argument filter chain + * @param rule the new filter rule * * This function generates a new syscall filter for a 64 bit system. Returns * zero on success, negative values on failure. * */ static struct db_sys_list *_db_rule_gen_64(const struct arch_def *arch, - uint32_t action, - unsigned int syscall, - struct db_api_arg *chain) + const struct db_api_rule_list *rule) { unsigned int iter; - int chain_len_max; struct db_sys_list *s_new; - struct db_arg_chain_tree *c_iter_hi = NULL, *c_iter_lo = NULL; - struct db_arg_chain_tree *c_prev_hi = NULL, *c_prev_lo = NULL; - bool tf_flag; + const struct db_api_arg *chain = rule->args; + struct db_arg_chain_tree *c_iter[3] = { NULL, NULL, NULL }; + struct db_arg_chain_tree *c_prev[3] = { NULL, NULL, NULL }; + enum scmp_compare op_prev = _SCMP_CMP_MIN; + unsigned int arg; + scmp_datum_t mask; + scmp_datum_t datum; - s_new = malloc(sizeof(*s_new)); + s_new = zmalloc(sizeof(*s_new)); if (s_new == NULL) return NULL; - memset(s_new, 0, sizeof(*s_new)); - s_new->num = syscall; + s_new->num = rule->syscall; s_new->valid = true; /* run through the argument chain */ - chain_len_max = arch_arg_count_max(arch); - if (chain_len_max < 0) - goto gen_64_failure; - for (iter = 0; iter < chain_len_max; iter++) { + for (iter = 0; iter < ARG_COUNT_MAX; iter++) { if (chain[iter].valid == 0) continue; @@ -1019,98 +1536,320 @@ !_db_arg_cmp_need_lo(&chain[iter])) continue; - c_iter_hi = malloc(sizeof(*c_iter_hi)); - if (c_iter_hi == NULL) + c_iter[0] = zmalloc(sizeof(*c_iter[0])); + if (c_iter[0] == NULL) goto gen_64_failure; - memset(c_iter_hi, 0, sizeof(*c_iter_hi)); - c_iter_hi->refcnt = 1; - c_iter_lo = malloc(sizeof(*c_iter_lo)); - if (c_iter_lo == NULL) { - free(c_iter_hi); + c_iter[1] = zmalloc(sizeof(*c_iter[1])); + if (c_iter[1] == NULL) { + free(c_iter[0]); goto gen_64_failure; } - memset(c_iter_lo, 0, sizeof(*c_iter_lo)); - c_iter_lo->refcnt = 1; + c_iter[2] = NULL; - /* link this level to the previous level */ - if (c_prev_lo != NULL) { - if (!tf_flag) { - c_prev_lo->nxt_f = c_iter_hi; - c_prev_hi->nxt_f = c_iter_hi; - c_iter_hi->refcnt++; - } else - c_prev_lo->nxt_t = c_iter_hi; - } else - s_new->chains = c_iter_hi; - s_new->node_cnt += 2; + arg = chain[iter].arg; + mask = chain[iter].mask; + datum = chain[iter].datum; + + /* NOTE: with the idea that a picture is worth a thousand + * words, i'm presenting the following diagrams which + * show how we should compare 64-bit syscall arguments + * using 32-bit comparisons. + * + * in the diagrams below "A(x)" is the syscall argument + * being evaluated and "R(x)" is the syscall argument + * value specified in the libseccomp rule. the "ACCEPT" + * verdict indicates a rule match and processing should + * continue on to the rest of the rule, or the final rule + * action should be triggered. the "REJECT" verdict + * indicates that the rule does not match and processing + * should continue to the next rule or the default + * action. + * + * SCMP_CMP_GT: + * +------------------+ + * +--| Ah(x) > Rh(x) |------+ + * | +------------------+ | + * FALSE TRUE A + * | | C + * +-----------+ +----> C + * v +----> E + * +------------------+ | P + * +--| Ah(x) == Rh(x) |--+ | T + * R | +------------------+ | | + * E FALSE TRUE | + * J <----+ | | + * E <----+ +------------+ | + * C FALSE v | + * T | +------------------+ | + * +--| Al(x) > Rl(x) |------+ + * +------------------+ + * + * SCMP_CMP_GE: + * +------------------+ + * +--| Ah(x) > Rh(x) |------+ + * | +------------------+ | + * FALSE TRUE A + * | | C + * +-----------+ +----> C + * v +----> E + * +------------------+ | P + * +--| Ah(x) == Rh(x) |--+ | T + * R | +------------------+ | | + * E FALSE TRUE | + * J <----+ | | + * E <----+ +------------+ | + * C FALSE v | + * T | +------------------+ | + * +--| Al(x) >= Rl(x) |------+ + * +------------------+ + * + * SCMP_CMP_LT: + * +------------------+ + * +--| Ah(x) > Rh(x) |------+ + * | +------------------+ | + * FALSE TRUE R + * | | E + * +-----------+ +----> J + * v +----> E + * +------------------+ | C + * +--| Ah(x) == Rh(x) |--+ | T + * A | +------------------+ | | + * C FALSE TRUE | + * C <----+ | | + * E <----+ +------------+ | + * P FALSE v | + * T | +------------------+ | + * +--| Al(x) >= Rl(x) |------+ + * +------------------+ + * + * SCMP_CMP_LE: + * +------------------+ + * +--| Ah(x) > Rh(x) |------+ + * | +------------------+ | + * FALSE TRUE R + * | | E + * +-----------+ +----> J + * v +----> E + * +------------------+ | C + * +--| Ah(x) == Rh(x) |--+ | T + * A | +------------------+ | | + * C FALSE TRUE | + * C <----+ | | + * E <----+ +------------+ | + * P FALSE v | + * T | +------------------+ | + * +--| Al(x) > Rl(x) |------+ + * +------------------+ + * + * SCMP_CMP_EQ: + * +------------------+ + * +--| Ah(x) == Rh(x) |--+ + * R | +------------------+ | A + * E FALSE TRUE C + * J <----+ | C + * E <----+ +------------+ +----> E + * C FALSE v | P + * T | +------------------+ | T + * +--| Al(x) == Rl(x) |------+ + * +------------------+ + * + * SCMP_CMP_NE: + * +------------------+ + * +--| Ah(x) == Rh(x) |--+ + * A | +------------------+ | R + * C FALSE TRUE E + * C <----+ | J + * E <----+ +------------+ +----> E + * P FALSE v | C + * T | +------------------+ | T + * +--| Al(x) == Rl(x) |------+ + * +------------------+ + * + */ - /* set the arg, op, and datum fields */ - c_iter_hi->arg = chain[iter].arg; - c_iter_lo->arg = chain[iter].arg; - c_iter_hi->arg_offset = arch_arg_offset_hi(arch, - c_iter_hi->arg); - c_iter_lo->arg_offset = arch_arg_offset_lo(arch, - c_iter_lo->arg); + /* setup the level */ switch (chain[iter].op) { case SCMP_CMP_GT: - c_iter_hi->op = SCMP_CMP_GE; - c_iter_lo->op = SCMP_CMP_GT; - tf_flag = true; - break; - case SCMP_CMP_NE: - c_iter_hi->op = SCMP_CMP_EQ; - c_iter_lo->op = SCMP_CMP_EQ; - tf_flag = false; - break; + case SCMP_CMP_GE: + case SCMP_CMP_LE: case SCMP_CMP_LT: - c_iter_hi->op = SCMP_CMP_GE; - c_iter_lo->op = SCMP_CMP_GE; - tf_flag = false; + c_iter[2] = zmalloc(sizeof(*c_iter[2])); + if (c_iter[2] == NULL) { + free(c_iter[0]); + free(c_iter[1]); + goto gen_64_failure; + } + + c_iter[0]->arg = arg; + c_iter[1]->arg = arg; + c_iter[2]->arg = arg; + c_iter[0]->arg_h_flg = true; + c_iter[1]->arg_h_flg = true; + c_iter[2]->arg_h_flg = false; + c_iter[0]->arg_offset = arch_arg_offset_hi(arch, arg); + c_iter[1]->arg_offset = arch_arg_offset_hi(arch, arg); + c_iter[2]->arg_offset = arch_arg_offset_lo(arch, arg); + + c_iter[0]->mask = D64_HI(mask); + c_iter[1]->mask = D64_HI(mask); + c_iter[2]->mask = D64_LO(mask); + c_iter[0]->datum = D64_HI(datum); + c_iter[1]->datum = D64_HI(datum); + c_iter[2]->datum = D64_LO(datum); + c_iter[0]->datum_full = datum; + c_iter[1]->datum_full = datum; + c_iter[2]->datum_full = datum; + + _db_node_mask_fixup(c_iter[0]); + _db_node_mask_fixup(c_iter[1]); + _db_node_mask_fixup(c_iter[2]); + + c_iter[0]->op = SCMP_CMP_GT; + c_iter[1]->op = SCMP_CMP_EQ; + switch (chain[iter].op) { + case SCMP_CMP_GT: + case SCMP_CMP_LE: + c_iter[2]->op = SCMP_CMP_GT; + break; + case SCMP_CMP_GE: + case SCMP_CMP_LT: + c_iter[2]->op = SCMP_CMP_GE; + break; + default: + /* we should never get here */ + goto gen_64_failure; + } + c_iter[0]->op_orig = chain[iter].op; + c_iter[1]->op_orig = chain[iter].op; + c_iter[2]->op_orig = chain[iter].op; + + c_iter[0]->nxt_f = _db_node_get(c_iter[1]); + c_iter[1]->nxt_t = _db_node_get(c_iter[2]); break; - case SCMP_CMP_LE: - c_iter_hi->op = SCMP_CMP_GE; - c_iter_lo->op = SCMP_CMP_GT; - tf_flag = false; + case SCMP_CMP_EQ: + case SCMP_CMP_MASKED_EQ: + case SCMP_CMP_NE: + c_iter[0]->arg = arg; + c_iter[1]->arg = arg; + c_iter[0]->arg_h_flg = true; + c_iter[1]->arg_h_flg = false; + c_iter[0]->arg_offset = arch_arg_offset_hi(arch, arg); + c_iter[1]->arg_offset = arch_arg_offset_lo(arch, arg); + + c_iter[0]->mask = D64_HI(mask); + c_iter[1]->mask = D64_LO(mask); + c_iter[0]->datum = D64_HI(datum); + c_iter[1]->datum = D64_LO(datum); + c_iter[0]->datum_full = datum; + c_iter[1]->datum_full = datum; + + _db_node_mask_fixup(c_iter[0]); + _db_node_mask_fixup(c_iter[1]); + + switch (chain[iter].op) { + case SCMP_CMP_MASKED_EQ: + c_iter[0]->op = SCMP_CMP_MASKED_EQ; + c_iter[1]->op = SCMP_CMP_MASKED_EQ; + break; + default: + c_iter[0]->op = SCMP_CMP_EQ; + c_iter[1]->op = SCMP_CMP_EQ; + } + c_iter[0]->op_orig = chain[iter].op; + c_iter[1]->op_orig = chain[iter].op; + + c_iter[0]->nxt_t = _db_node_get(c_iter[1]); break; default: - c_iter_hi->op = chain[iter].op; - c_iter_lo->op = chain[iter].op; - tf_flag = true; + /* we should never get here */ + goto gen_64_failure; } - c_iter_hi->mask = D64_HI(chain[iter].mask); - c_iter_lo->mask = D64_LO(chain[iter].mask); - c_iter_hi->datum = D64_HI(chain[iter].datum); - c_iter_lo->datum = D64_LO(chain[iter].datum); - /* fixup the mask/datum */ - _db_node_mask_fixup(c_iter_hi); - _db_node_mask_fixup(c_iter_lo); + /* link this level to the previous level */ + if (c_prev[0] != NULL) { + switch (op_prev) { + case SCMP_CMP_GT: + case SCMP_CMP_GE: + c_prev[0]->nxt_t = _db_node_get(c_iter[0]); + c_prev[2]->nxt_t = _db_node_get(c_iter[0]); + break; + case SCMP_CMP_EQ: + case SCMP_CMP_MASKED_EQ: + c_prev[1]->nxt_t = _db_node_get(c_iter[0]); + break; + case SCMP_CMP_LE: + case SCMP_CMP_LT: + c_prev[1]->nxt_f = _db_node_get(c_iter[0]); + c_prev[2]->nxt_f = _db_node_get(c_iter[0]); + break; + case SCMP_CMP_NE: + c_prev[0]->nxt_f = _db_node_get(c_iter[0]); + c_prev[1]->nxt_f = _db_node_get(c_iter[0]); + break; + default: + /* we should never get here */ + goto gen_64_failure; + } + } else + s_new->chains = _db_node_get(c_iter[0]); - /* link the hi and lo chain nodes */ - c_iter_hi->nxt_t = c_iter_lo; + /* update the node count */ + switch (chain[iter].op) { + case SCMP_CMP_NE: + case SCMP_CMP_EQ: + case SCMP_CMP_MASKED_EQ: + s_new->node_cnt += 2; + break; + default: + s_new->node_cnt += 3; + } - c_prev_hi = c_iter_hi; - c_prev_lo = c_iter_lo; - } - if (c_iter_lo != NULL) { - /* set the leaf node */ - if (!tf_flag) { - c_iter_lo->act_f_flg = true; - c_iter_lo->act_f = action; - c_iter_hi->act_f_flg = true; - c_iter_hi->act_f = action; - } else { - c_iter_lo->act_t_flg = true; - c_iter_lo->act_t = action; + /* keep pointers to this level */ + c_prev[0] = c_iter[0]; + c_prev[1] = c_iter[1]; + c_prev[2] = c_iter[2]; + op_prev = chain[iter].op; + } + if (c_iter[0] != NULL) { + /* set the actions on the last layer */ + switch (op_prev) { + case SCMP_CMP_GT: + case SCMP_CMP_GE: + c_iter[0]->act_t_flg = true; + c_iter[0]->act_t = rule->action; + c_iter[2]->act_t_flg = true; + c_iter[2]->act_t = rule->action; + break; + case SCMP_CMP_LE: + case SCMP_CMP_LT: + c_iter[1]->act_f_flg = true; + c_iter[1]->act_f = rule->action; + c_iter[2]->act_f_flg = true; + c_iter[2]->act_f = rule->action; + break; + case SCMP_CMP_EQ: + case SCMP_CMP_MASKED_EQ: + c_iter[1]->act_t_flg = true; + c_iter[1]->act_t = rule->action; + break; + case SCMP_CMP_NE: + c_iter[0]->act_f_flg = true; + c_iter[0]->act_f = rule->action; + c_iter[1]->act_f_flg = true; + c_iter[1]->act_f = rule->action; + break; + default: + /* we should never get here */ + goto gen_64_failure; } } else - s_new->action = action; + s_new->action = rule->action; return s_new; gen_64_failure: /* free the new chain and its syscall struct */ - _db_tree_free(s_new->chains); + _db_tree_put(&s_new->chains); free(s_new); return NULL; } @@ -1118,36 +1857,28 @@ /** * Generate a new filter rule for a 32 bit system * @param arch the architecture definition - * @param action the filter action - * @param syscall the syscall number - * @param chain argument filter chain + * @param rule the new filter rule * * This function generates a new syscall filter for a 32 bit system. Returns * zero on success, negative values on failure. * */ static struct db_sys_list *_db_rule_gen_32(const struct arch_def *arch, - uint32_t action, - unsigned int syscall, - struct db_api_arg *chain) + const struct db_api_rule_list *rule) { unsigned int iter; - int chain_len_max; struct db_sys_list *s_new; + const struct db_api_arg *chain = rule->args; struct db_arg_chain_tree *c_iter = NULL, *c_prev = NULL; bool tf_flag; - s_new = malloc(sizeof(*s_new)); + s_new = zmalloc(sizeof(*s_new)); if (s_new == NULL) return NULL; - memset(s_new, 0, sizeof(*s_new)); - s_new->num = syscall; + s_new->num = rule->syscall; s_new->valid = true; /* run through the argument chain */ - chain_len_max = arch_arg_count_max(arch); - if (chain_len_max < 0) - goto gen_32_failure; - for (iter = 0; iter < chain_len_max; iter++) { + for (iter = 0; iter < ARG_COUNT_MAX; iter++) { if (chain[iter].valid == 0) continue; @@ -1155,26 +1886,27 @@ if (!_db_arg_cmp_need_lo(&chain[iter])) continue; - c_iter = malloc(sizeof(*c_iter)); + c_iter = zmalloc(sizeof(*c_iter)); if (c_iter == NULL) goto gen_32_failure; - memset(c_iter, 0, sizeof(*c_iter)); - c_iter->refcnt = 1; c_iter->arg = chain[iter].arg; + c_iter->arg_h_flg = false; c_iter->arg_offset = arch_arg_offset(arch, c_iter->arg); c_iter->op = chain[iter].op; + c_iter->op_orig = chain[iter].op; /* implicitly strips off the upper 32 bit */ c_iter->mask = chain[iter].mask; c_iter->datum = chain[iter].datum; + c_iter->datum_full = chain[iter].datum; /* link in the new node and update the chain */ if (c_prev != NULL) { if (tf_flag) - c_prev->nxt_t = c_iter; + c_prev->nxt_t = _db_node_get(c_iter); else - c_prev->nxt_f = c_iter; + c_prev->nxt_f = _db_node_get(c_iter); } else - s_new->chains = c_iter; + s_new->chains = _db_node_get(c_iter); s_new->node_cnt++; /* rewrite the op to reduce the op/datum combos */ @@ -1204,19 +1936,19 @@ /* set the leaf node */ if (tf_flag) { c_iter->act_t_flg = true; - c_iter->act_t = action; + c_iter->act_t = rule->action; } else { c_iter->act_f_flg = true; - c_iter->act_f = action; + c_iter->act_f = rule->action; } } else - s_new->action = action; + s_new->action = rule->action; return s_new; gen_32_failure: /* free the new chain and its syscall struct */ - _db_tree_free(s_new->chains); + _db_tree_put(&s_new->chains); free(s_new); return NULL; } @@ -1232,20 +1964,17 @@ * shortest chain, or most inclusive filter match, will be entered into the * filter DB. Returns zero on success, negative values on failure. * + * It is important to note that in the case of failure the db may be corrupted, + * the caller must use the transaction mechanism if the db integrity is + * important. + * */ int db_rule_add(struct db_filter *db, const struct db_api_rule_list *rule) { int rc = -ENOMEM; - int syscall = rule->syscall; - uint32_t action = rule->action; - struct db_api_arg *chain = rule->args; struct db_sys_list *s_new, *s_iter, *s_prev = NULL; - struct db_arg_chain_tree *c_iter = NULL, *c_prev = NULL; - struct db_arg_chain_tree *ec_iter; - struct db_prune_state state; + struct db_iter_state state; bool rm_flag = false; - unsigned int new_chain_cnt = 0; - unsigned int n_cnt; assert(db != NULL); @@ -1253,34 +1982,23 @@ * worry about failure once we get to the point where we start updating * the filter db */ if (db->arch->size == ARCH_SIZE_64) - s_new = _db_rule_gen_64(db->arch, action, syscall, chain); + s_new = _db_rule_gen_64(db->arch, rule); else if (db->arch->size == ARCH_SIZE_32) - s_new = _db_rule_gen_32(db->arch, action, syscall, chain); + s_new = _db_rule_gen_32(db->arch, rule); else return -EFAULT; if (s_new == NULL) return -ENOMEM; - new_chain_cnt = s_new->node_cnt; - - /* no more failures allowed after this point that would result in the - * stored filter being in an inconsistent state */ /* find a matching syscall/chain or insert a new one */ s_iter = db->syscalls; - while (s_iter != NULL && s_iter->num < syscall) { + while (s_iter != NULL && s_iter->num < rule->syscall) { s_prev = s_iter; s_iter = s_iter->next; } -add_reset: - s_new->node_cnt = new_chain_cnt; s_new->priority = _DB_PRI_MASK_CHAIN - s_new->node_cnt; - c_prev = NULL; - c_iter = s_new->chains; - if (s_iter != NULL) - ec_iter = s_iter->chains; - else - ec_iter = NULL; - if (s_iter == NULL || s_iter->num != syscall) { +add_reset: + if (s_iter == NULL || s_iter->num != rule->syscall) { /* new syscall, add before s_iter */ if (s_prev != NULL) { s_new->next = s_prev->next; @@ -1305,184 +2023,59 @@ free(s_new); rc = 0; goto add_priority_update; - } else + } else { /* syscall exists without any chains - existing filter * is at least as large as the new entry so cleanup and * exit */ + _db_tree_put(&s_new->chains); + free(s_new); goto add_free_ok; + } } else if (s_iter->chains != NULL && s_new->chains == NULL) { /* syscall exists with chains but the new filter has no chains * so we need to clear the existing chains and exit */ - _db_tree_free(s_iter->chains); + _db_tree_put(&s_iter->chains); s_iter->chains = NULL; s_iter->node_cnt = 0; - s_iter->action = action; + s_iter->action = rule->action; + + /* cleanup the new tree and return */ + _db_tree_put(&s_new->chains); + free(s_new); goto add_free_ok; } - /* check for sub-tree matches */ + /* prune any sub-trees that are no longer required */ memset(&state, 0, sizeof(state)); - rc = _db_tree_sub_prune(&(s_iter->chains), ec_iter, c_iter, &state); + state.sx = s_iter; + state.action = rule->action; + rc = _db_tree_prune(&s_iter->chains, s_new->chains, &state); if (rc > 0) { + /* we pruned at least some of the existing tree */ rm_flag = true; s_iter->node_cnt -= rc; - goto add_reset; - } else if (rc < 0) + if (s_iter->chains == NULL) + /* we pruned the entire tree */ + goto add_reset; + } else if ((state.flags & _DB_IST_M_REDUNDANT) == _DB_IST_M_REDUNDANT) { + /* the existing tree is "shorter", drop the new one */ + _db_tree_put(&s_new->chains); + free(s_new); goto add_free_ok; + } - /* syscall exists and has at least one existing chain - start at the - * top and walk the two chains */ - do { - /* insert the new rule into the existing tree */ - if (db_chain_eq(c_iter, ec_iter)) { - /* found a matching node on this chain level */ - if (db_chain_action(c_iter) && - db_chain_action(ec_iter)) { - /* both are "action" nodes */ - if (c_iter->act_t_flg && ec_iter->act_t_flg) { - if (ec_iter->act_t != action) - goto add_free_exist; - } else if (c_iter->act_t_flg) { - ec_iter->act_t_flg = true; - ec_iter->act_t = action; - } - if (c_iter->act_f_flg && ec_iter->act_f_flg) { - if (ec_iter->act_f != action) - goto add_free_exist; - } else if (c_iter->act_f_flg) { - ec_iter->act_f_flg = true; - ec_iter->act_f = action; - } - if (ec_iter->act_t_flg == ec_iter->act_f_flg && - ec_iter->act_t == ec_iter->act_f) { - n_cnt = _db_tree_remove( - &(s_iter->chains), - ec_iter); - s_iter->node_cnt -= n_cnt; - goto add_free_ok; - } - } else if (db_chain_action(c_iter)) { - /* new is shorter */ - if (c_iter->act_t_flg) { - rc = _db_tree_act_check(ec_iter->nxt_t, - action); - if (rc < 0) - goto add_free; - n_cnt = _db_tree_free(ec_iter->nxt_t); - ec_iter->nxt_t = NULL; - ec_iter->act_t_flg = true; - ec_iter->act_t = action; - } else { - rc = _db_tree_act_check(ec_iter->nxt_f, - action); - if (rc < 0) - goto add_free; - n_cnt = _db_tree_free(ec_iter->nxt_f); - ec_iter->nxt_f = NULL; - ec_iter->act_f_flg = true; - ec_iter->act_f = action; - } - s_iter->node_cnt -= n_cnt; - } - if (c_iter->nxt_t != NULL) { - if (ec_iter->nxt_t != NULL) { - /* jump to the next level */ - c_prev = c_iter; - c_iter = c_iter->nxt_t; - ec_iter = ec_iter->nxt_t; - s_new->node_cnt--; - } else if (ec_iter->act_t_flg) { - /* existing is shorter */ - if (ec_iter->act_t == action) - goto add_free_ok; - goto add_free_exist; - } else { - /* add a new branch */ - c_prev = c_iter; - ec_iter->nxt_t = c_iter->nxt_t; - s_iter->node_cnt += - (s_new->node_cnt - 1); - goto add_free_match; - } - } else if (c_iter->nxt_f != NULL) { - if (ec_iter->nxt_f != NULL) { - /* jump to the next level */ - c_prev = c_iter; - c_iter = c_iter->nxt_f; - ec_iter = ec_iter->nxt_f; - s_new->node_cnt--; - } else if (ec_iter->act_f_flg) { - /* existing is shorter */ - if (ec_iter->act_f == action) - goto add_free_ok; - goto add_free_exist; - } else { - /* add a new branch */ - c_prev = c_iter; - ec_iter->nxt_f = c_iter->nxt_f; - s_iter->node_cnt += - (s_new->node_cnt - 1); - goto add_free_match; - } - } else - goto add_free_ok; - } else { - /* need to check other nodes on this level */ - if (db_chain_lt(c_iter, ec_iter)) { - if (ec_iter->lvl_prv == NULL) { - /* add to the start of the level */ - ec_iter->lvl_prv = c_iter; - c_iter->lvl_nxt = ec_iter; - if (ec_iter == s_iter->chains) - s_iter->chains = c_iter; - s_iter->node_cnt += s_new->node_cnt; - goto add_free_match; - } else - ec_iter = ec_iter->lvl_prv; - } else { - if (ec_iter->lvl_nxt == NULL) { - /* add to the end of the level */ - ec_iter->lvl_nxt = c_iter; - c_iter->lvl_prv = ec_iter; - s_iter->node_cnt += s_new->node_cnt; - goto add_free_match; - } else if (db_chain_lt(c_iter, - ec_iter->lvl_nxt)) { - /* add new chain in between */ - c_iter->lvl_nxt = ec_iter->lvl_nxt; - ec_iter->lvl_nxt->lvl_prv = c_iter; - ec_iter->lvl_nxt = c_iter; - c_iter->lvl_prv = ec_iter; - s_iter->node_cnt += s_new->node_cnt; - goto add_free_match; - } else - ec_iter = ec_iter->lvl_nxt; - } - } - } while ((c_iter != NULL) && (ec_iter != NULL)); - - /* we should never be here! */ - return -EFAULT; + /* add the new rule to the existing filter and cleanup */ + memset(&state, 0, sizeof(state)); + state.sx = s_iter; + rc = _db_tree_add(&s_iter->chains, s_new->chains, &state); + if (rc < 0) + goto add_failure; + s_iter->node_cnt += s_new->node_cnt; + s_iter->node_cnt -= _db_tree_put(&s_new->chains); + free(s_new); -add_free_exist: - rc = -EEXIST; - goto add_free; add_free_ok: rc = 0; -add_free: - /* free the new chain and its syscall struct */ - _db_tree_free(s_new->chains); - free(s_new); - goto add_priority_update; -add_free_match: - /* free the matching portion of new chain */ - if (c_prev != NULL) { - c_prev->nxt_t = NULL; - c_prev->nxt_f = NULL; - _db_tree_free(s_new->chains); - } - free(s_new); - rc = 0; add_priority_update: /* update the priority */ if (s_iter != NULL) { @@ -1490,6 +2083,13 @@ s_iter->priority |= (_DB_PRI_MASK_CHAIN - s_iter->node_cnt); } return rc; + +add_failure: + /* NOTE: another reminder that we don't do any db error recovery here, + * use the transaction mechanism as previously mentioned */ + _db_tree_put(&s_new->chains); + free(s_new); + return rc; } /** @@ -1520,9 +2120,10 @@ if (rc_tmp < 0) goto priority_failure; - /* if this is a pseudo syscall (syscall < 0) then we need to - * rewrite the syscall for some arch specific reason */ - if (sc_tmp < 0) { + /* if this is a pseudo syscall then we need to rewrite the + * syscall for some arch specific reason, don't forget the + * special handling for syscall -1 */ + if (sc_tmp < -1) { /* we set this as a strict op - we don't really care * since priorities are a "best effort" thing - as we * want to catch the -EDOM error and bail on this @@ -1568,27 +2169,26 @@ { int rc = 0, rc_tmp; unsigned int iter; - unsigned int chain_len; unsigned int arg_num; size_t chain_size; struct db_api_arg *chain = NULL; struct scmp_arg_cmp arg_data; + struct db_api_rule_list *rule, *rule_tmp; + struct db_filter *db; /* collect the arguments for the filter rule */ - chain_len = ARG_COUNT_MAX; - chain_size = sizeof(*chain) * chain_len; - chain = malloc(chain_size); + chain_size = sizeof(*chain) * ARG_COUNT_MAX; + chain = zmalloc(chain_size); if (chain == NULL) return -ENOMEM; - memset(chain, 0, chain_size); for (iter = 0; iter < arg_cnt; iter++) { arg_data = arg_array[iter]; arg_num = arg_data.arg; - if (arg_num < chain_len && chain[arg_num].valid == 0) { + if (arg_num < ARG_COUNT_MAX && chain[arg_num].valid == 0) { chain[arg_num].valid = 1; chain[arg_num].arg = arg_num; chain[arg_num].op = arg_data.op; - /* XXX - we should check datum/mask size against the + /* TODO: we should check datum/mask size against the * arch definition, e.g. 64 bit datum on x86 */ switch (chain[arg_num].op) { case SCMP_CMP_NE: @@ -1614,14 +2214,55 @@ } } + /* create a checkpoint */ + rc = db_col_transaction_start(col); + if (rc != 0) + goto add_return; + + /* add the rule to the different filters in the collection */ for (iter = 0; iter < col->filter_cnt; iter++) { - rc_tmp = arch_filter_rule_add(col, col->filters[iter], strict, - action, syscall, - chain_len, chain); - if (rc == 0 && rc_tmp < 0) + + /* TODO: consolidate with db_col_transaction_start() */ + + db = col->filters[iter]; + + /* create the rule */ + rule = _db_rule_new(strict, action, syscall, chain); + if (rule == NULL) { + rc_tmp = -ENOMEM; + goto add_arch_fail; + } + + /* add the rule */ + rc_tmp = arch_filter_rule_add(db, rule); + if (rc_tmp == 0) { + /* insert the chain to the end of the rule list */ + rule_tmp = rule; + while (rule_tmp->next) + rule_tmp = rule_tmp->next; + if (db->rules != NULL) { + rule->prev = db->rules->prev; + rule_tmp->next = db->rules; + db->rules->prev->next = rule; + db->rules->prev = rule_tmp; + } else { + rule->prev = rule_tmp; + rule_tmp->next = rule; + db->rules = rule; + } + } else + free(rule); +add_arch_fail: + if (rc_tmp != 0 && rc == 0) rc = rc_tmp; } + /* commit the transaction or abort */ + if (rc == 0) + db_col_transaction_commit(col); + else + db_col_transaction_abort(col); + add_return: if (chain != NULL) free(chain); @@ -1638,17 +2279,17 @@ */ int db_col_transaction_start(struct db_filter_col *col) { + int rc; unsigned int iter; - size_t args_size; struct db_filter_snap *snap; struct db_filter *filter_o, *filter_s; - struct db_api_rule_list *rule_o, *rule_s; + struct db_api_rule_list *rule_o, *rule_s = NULL, *rule_tmp; /* allocate the snapshot */ - snap = malloc(sizeof(*snap)); + snap = zmalloc(sizeof(*snap)); if (snap == NULL) return -ENOMEM; - snap->filters = malloc(sizeof(struct db_filter *) * col->filter_cnt); + snap->filters = zmalloc(sizeof(struct db_filter *) * col->filter_cnt); if (snap->filters == NULL) { free(snap); return -ENOMEM; @@ -1672,34 +2313,34 @@ if (rule_o == NULL) continue; do { - /* copy the rule */ - rule_s = malloc(sizeof(*rule_s)); + + /* TODO: consolidate with db_col_rule_add() */ + + /* duplicate the rule */ + rule_s = db_rule_dup(rule_o); if (rule_s == NULL) goto trans_start_failure; - args_size = sizeof(*rule_s->args) * rule_o->args_cnt; - rule_s->args = malloc(args_size); - if (rule_s->args == NULL) { - free(rule_s); + + /* add the rule */ + rc = arch_filter_rule_add(filter_s, rule_s); + if (rc != 0) goto trans_start_failure; - } - rule_s->action = rule_o->action; - rule_s->syscall = rule_o->syscall; - rule_s->args_cnt = rule_o->args_cnt; - memcpy(rule_s->args, rule_o->args, args_size); + + /* insert the chain to the end of the rule list */ + rule_tmp = rule_s; + while (rule_tmp->next) + rule_tmp = rule_tmp->next; if (filter_s->rules != NULL) { rule_s->prev = filter_s->rules->prev; - rule_s->next = filter_s->rules; + rule_tmp->next = filter_s->rules; filter_s->rules->prev->next = rule_s; - filter_s->rules->prev = rule_s; + filter_s->rules->prev = rule_tmp; } else { - rule_s->prev = rule_s; - rule_s->next = rule_s; + rule_s->prev = rule_tmp; + rule_tmp->next = rule_s; filter_s->rules = rule_s; } - - /* insert the rule into the filter */ - if (db_rule_add(filter_s, rule_o) != 0) - goto trans_start_failure; + rule_s = NULL; /* next rule */ rule_o = rule_o->next; @@ -1713,6 +2354,8 @@ return 0; trans_start_failure: + if (rule_s != NULL) + free(rule_s); _db_snap_release(snap); return -ENOMEM; } diff -Nru libseccomp-2.3.1/src/db.h libseccomp-2.4.1/src/db.h --- libseccomp-2.3.1/src/db.h 2016-02-11 18:32:39.777670411 +0000 +++ libseccomp-2.4.1/src/db.h 2019-04-16 16:19:07.221266768 +0000 @@ -43,8 +43,8 @@ struct db_api_rule_list { uint32_t action; int syscall; - struct db_api_arg *args; - unsigned int args_cnt; + bool strict; + struct db_api_arg args[ARG_COUNT_MAX]; struct db_api_rule_list *prev, *next; }; @@ -52,14 +52,18 @@ struct db_arg_chain_tree { /* argument number (a0 = 0, a1 = 1, etc.) */ unsigned int arg; + /* true to indicate this is the high 32-bit word of a 64-bit value */ + bool arg_h_flg; /* argument bpf offset */ unsigned int arg_offset; /* comparison operator */ enum scmp_compare op; + enum scmp_compare op_orig; /* syscall argument value */ uint32_t mask; uint32_t datum; + scmp_datum_t datum_full; /* actions */ bool act_t_flg; @@ -77,36 +81,6 @@ unsigned int refcnt; }; #define ARG_MASK_MAX ((uint32_t)-1) -#define db_chain_lt(x,y) \ - (((x)->arg < (y)->arg) || \ - (((x)->arg == (y)->arg) && \ - (((x)->op < (y)->op) || (((x)->mask & (y)->mask) == (y)->mask)))) -#define db_chain_eq(x,y) \ - (((x)->arg == (y)->arg) && \ - ((x)->op == (y)->op) && ((x)->datum == (y)->datum) && \ - ((x)->mask == (y)->mask)) -#define db_chain_gt(x,y) \ - (((x)->arg > (y)->arg) || \ - (((x)->arg == (y)->arg) && \ - (((x)->op > (y)->op) || (((x)->mask & (y)->mask) != (y)->mask)))) -#define db_chain_action(x) \ - (((x)->act_t_flg) || ((x)->act_f_flg)) -#define db_chain_zombie(x) \ - ((x)->nxt_t == NULL && !((x)->act_t_flg) && \ - (x)->nxt_f == NULL && !((x)->act_f_flg)) -#define db_chain_leaf(x) \ - ((x)->nxt_t == NULL && (x)->nxt_f == NULL) -#define db_chain_eq_result(x,y) \ - ((((x)->nxt_t != NULL && (y)->nxt_t != NULL) || \ - ((x)->nxt_t == NULL && (y)->nxt_t == NULL)) && \ - (((x)->nxt_f != NULL && (y)->nxt_f != NULL) || \ - ((x)->nxt_f == NULL && (y)->nxt_f == NULL)) && \ - ((x)->act_t_flg == (y)->act_t_flg) && \ - ((x)->act_f_flg == (y)->act_f_flg) && \ - (((x)->act_t_flg && (x)->act_t == (y)->act_t) || \ - (!((x)->act_t_flg))) && \ - (((x)->act_f_flg && (x)->act_f == (y)->act_f) || \ - (!((x)->act_f_flg)))) struct db_sys_list { /* native syscall number */ @@ -138,6 +112,10 @@ uint32_t nnp_enable; /* SECCOMP_FILTER_FLAG_TSYNC related attributes */ uint32_t tsync_enable; + /* allow rules with a -1 syscall value */ + uint32_t api_tskip; + /* SECCOMP_FILTER_FLAG_LOG related attributes */ + uint32_t log_enable; }; struct db_filter { @@ -189,6 +167,8 @@ int db_action_valid(uint32_t action); +struct db_api_rule_list *db_rule_dup(const struct db_api_rule_list *src); + struct db_filter_col *db_col_init(uint32_t def_action); int db_col_reset(struct db_filter_col *col, uint32_t def_action); void db_col_release(struct db_filter_col *col); diff -Nru libseccomp-2.3.1/src/gen_bpf.c libseccomp-2.4.1/src/gen_bpf.c --- libseccomp-2.3.1/src/gen_bpf.c 2016-02-11 18:32:37.559670577 +0000 +++ libseccomp-2.4.1/src/gen_bpf.c 2019-04-17 00:07:33.166235362 +0000 @@ -39,6 +39,7 @@ #include "db.h" #include "hash.h" #include "system.h" +#include "helper.h" /* allocation increments */ #define AINC_BLK 2 @@ -202,7 +203,7 @@ * Convert the endianess of the supplied value and return it to the caller. * */ -uint16_t _htot16(const struct arch_def *arch, uint16_t val) +static uint16_t _htot16(const struct arch_def *arch, uint16_t val) { if (arch->endian == ARCH_ENDIAN_LITTLE) return htole16(val); @@ -218,7 +219,7 @@ * Convert the endianess of the supplied value and return it to the caller. * */ -uint32_t _htot32(const struct arch_def *arch, uint32_t val) +static uint32_t _htot32(const struct arch_def *arch, uint32_t val) { if (arch->endian == ARCH_ENDIAN_LITTLE) return htole32(val); @@ -314,11 +315,9 @@ { struct bpf_blk *blk; - blk = malloc(sizeof(*blk)); + blk = zmalloc(sizeof(*blk)); if (blk == NULL) return NULL; - - memset(blk, 0, sizeof(*blk)); blk->flag_unique = true; blk->acc_start = _ACC_STATE_UNDEF; blk->acc_end = _ACC_STATE_UNDEF; @@ -477,9 +476,6 @@ goto bpf_append_blk_failure; } switch (blk->blks[iter].k.type) { - case TGT_NONE: - i_iter->k = 0; - break; case TGT_K: i_iter->k = blk->blks[iter].k.tgt.imm_k; break; @@ -560,7 +556,7 @@ static int _hsh_add(struct bpf_state *state, struct bpf_blk **blk_p, unsigned int found) { - uint64_t h_val; + uint64_t h_val, h_val_tmp[3]; struct bpf_hash_bkt *h_new, *h_iter, *h_prev = NULL; struct bpf_blk *blk = *blk_p; struct bpf_blk *b_iter; @@ -568,13 +564,15 @@ if (blk->flag_hash) return 0; - h_new = malloc(sizeof(*h_new)); + h_new = zmalloc(sizeof(*h_new)); if (h_new == NULL) return -ENOMEM; - memset(h_new, 0, sizeof(*h_new)); /* generate the hash */ - h_val = jhash(blk->blks, _BLK_MSZE(blk), 0); + h_val_tmp[0] = hash(blk->blks, _BLK_MSZE(blk)); + h_val_tmp[1] = hash(&blk->acc_start, sizeof(blk->acc_start)); + h_val_tmp[2] = hash(&blk->acc_end, sizeof(blk->acc_end)); + h_val = hash(h_val_tmp, sizeof(h_val_tmp)); blk->hash = h_val; blk->flag_hash = true; blk->node = NULL; @@ -589,7 +587,11 @@ if ((h_iter->blk->hash == h_val) && (_BLK_MSZE(h_iter->blk) == _BLK_MSZE(blk)) && (memcmp(h_iter->blk->blks, blk->blks, - _BLK_MSZE(blk)) == 0)) { + _BLK_MSZE(blk)) == 0) && + _ACC_CMP_EQ(h_iter->blk->acc_start, + blk->acc_start) && + _ACC_CMP_EQ(h_iter->blk->acc_end, + blk->acc_end)) { /* duplicate block */ free(h_new); @@ -859,6 +861,13 @@ goto node_failure; } + /* set the accumulator state at the end of the block */ + /* NOTE: the accumulator end state is very critical when we are + * assembling the final state; we assume that however we leave + * this instruction block the accumulator state is represented + * by blk->acc_end, it must be kept correct */ + blk->acc_end = *a_state; + /* check the accumulator against the datum */ switch (node->op) { case SCMP_CMP_MASKED_EQ: @@ -903,7 +912,6 @@ goto node_failure; blk->node = node; - blk->acc_end = *a_state; return blk; node_failure: @@ -958,7 +966,7 @@ case TGT_PTR_DB: node = (struct db_arg_chain_tree *)i_iter->jt.tgt.db; b_new = _gen_bpf_chain(state, sys, node, - nxt_jump, &blk->acc_start); + nxt_jump, &blk->acc_end); if (b_new == NULL) return NULL; i_iter->jt = _BPF_JMP_HSH(b_new->hash); @@ -984,7 +992,7 @@ case TGT_PTR_DB: node = (struct db_arg_chain_tree *)i_iter->jf.tgt.db; b_new = _gen_bpf_chain(state, sys, node, - nxt_jump, &blk->acc_start); + nxt_jump, &blk->acc_end); if (b_new == NULL) return NULL; i_iter->jf = _BPF_JMP_HSH(b_new->hash); @@ -1353,13 +1361,32 @@ /* filter out x32 */ _BPF_INSTR(instr, _BPF_OP(state->arch, BPF_JMP + BPF_JGE), - _BPF_JMP_HSH(state->bad_arch_hsh), + _BPF_JMP_NO, _BPF_JMP_NO, _BPF_K(state->arch, X32_SYSCALL_BIT)); if (b_head != NULL) instr.jf = _BPF_JMP_HSH(b_head->hash); else instr.jf = _BPF_JMP_HSH(state->def_hsh); + b_new = _blk_append(state, b_new, &instr); + if (b_new == NULL) + goto arch_failure; + /* NOTE: starting with Linux v4.8 the seccomp filters + * are processed both when the syscall is + * initially executed as well as after any + * tracing processes finish so we need to make + * sure we don't trap the -1 syscall which + * tracers can use to skip the syscall, see + * seccomp(2) for more information */ + _BPF_INSTR(instr, + _BPF_OP(state->arch, BPF_JMP + BPF_JEQ), + _BPF_JMP_NO, + _BPF_JMP_HSH(state->bad_arch_hsh), + _BPF_K(state->arch, -1)); + if (b_head != NULL) + instr.jt = _BPF_JMP_HSH(b_head->hash); + else + instr.jt = _BPF_JMP_HSH(state->def_hsh); blk_cnt++; } else if (state->arch->token == SCMP_ARCH_X32) { /* filter out x86_64 */ @@ -1928,23 +1955,22 @@ { int rc; struct bpf_state state; + struct bpf_program *prgm; memset(&state, 0, sizeof(state)); state.attr = &col->attr; - state.bpf = malloc(sizeof(*(state.bpf))); - if (state.bpf == NULL) + prgm = zmalloc(sizeof(*(prgm))); + if (prgm == NULL) return NULL; - memset(state.bpf, 0, sizeof(*(state.bpf))); + state.bpf = prgm; rc = _gen_bpf_build_bpf(&state, col); - if (rc < 0) - goto bpf_generate_end; + if (rc == 0) + state.bpf = NULL; + _state_release(&state); -bpf_generate_end: - if (rc < 0) - _state_release(&state); - return state.bpf; + return prgm; } /** diff -Nru libseccomp-2.3.1/src/gen_pfc.c libseccomp-2.4.1/src/gen_pfc.c --- libseccomp-2.3.1/src/gen_pfc.c 2016-02-11 18:32:37.560670577 +0000 +++ libseccomp-2.4.1/src/gen_pfc.c 2019-04-16 16:19:07.044599182 +0000 @@ -34,6 +34,8 @@ #include "arch.h" #include "db.h" #include "gen_pfc.h" +#include "helper.h" +#include "system.h" struct pfc_sys_list { struct db_sys_list *sys; @@ -71,6 +73,10 @@ return "mips64n32"; case SCMP_ARCH_MIPSEL64N32: return "mipsel64n32"; + case SCMP_ARCH_PARISC: + return "parisc"; + case SCMP_ARCH_PARISC64: + return "parisc64"; case SCMP_ARCH_PPC64: return "ppc64"; case SCMP_ARCH_PPC64LE: @@ -112,8 +118,11 @@ */ static void _pfc_action(FILE *fds, uint32_t action) { - switch (action & 0xffff0000) { - case SCMP_ACT_KILL: + switch (action & SECCOMP_RET_ACTION_FULL) { + case SCMP_ACT_KILL_PROCESS: + fprintf(fds, "action KILL_PROCESS;\n"); + break; + case SCMP_ACT_KILL_THREAD: fprintf(fds, "action KILL;\n"); break; case SCMP_ACT_TRAP: @@ -125,6 +134,9 @@ case SCMP_ACT_TRACE(0): fprintf(fds, "action TRACE(%u);\n", (action & 0x0000ffff)); break; + case SCMP_ACT_LOG: + fprintf(fds, "action LOG;\n"); + break; case SCMP_ACT_ALLOW: fprintf(fds, "action ALLOW;\n"); break; @@ -235,10 +247,10 @@ const char *sys_name = arch_syscall_resolve_num(arch, sys_num); _indent(fds, 1); - fprintf(fds, "# filter for syscall \"%s\" (%d) [priority: %d]\n", + fprintf(fds, "# filter for syscall \"%s\" (%u) [priority: %d]\n", (sys_name ? sys_name : "UNKNOWN"), sys_num, sys->priority); _indent(fds, 1); - fprintf(fds, "if ($syscall == %d)\n", sys_num); + fprintf(fds, "if ($syscall == %u)\n", sys_num); if (sys->chains == NULL) { _indent(fds, 2); _pfc_action(fds, sys->action); @@ -266,12 +278,11 @@ /* sort the syscall list */ db_list_foreach(s_iter, db->syscalls) { - p_new = malloc(sizeof(*p_new)); + p_new = zmalloc(sizeof(*p_new)); if (p_new == NULL) { rc = -ENOMEM; goto arch_return; } - memset(p_new, 0, sizeof(*p_new)); p_new->sys = s_iter; p_prev = NULL; @@ -297,8 +308,10 @@ fprintf(fds, "if ($arch == %u)\n", db->arch->token_bpf); p_iter = p_head; while (p_iter != NULL) { - if (!p_iter->sys->valid) + if (!p_iter->sys->valid) { + p_iter = p_iter->next; continue; + } _gen_pfc_syscall(db->arch, p_iter->sys, fds); p_iter = p_iter->next; } diff -Nru libseccomp-2.3.1/src/hash.c libseccomp-2.4.1/src/hash.c --- libseccomp-2.3.1/src/hash.c 2016-02-11 18:32:37.562670577 +0000 +++ libseccomp-2.4.1/src/hash.c 2019-04-16 16:19:07.051265883 +0000 @@ -1,674 +1,90 @@ /** * Seccomp Library hash code * - * Release under the Public Domain - * Author: Bob Jenkins */ /* - * lookup3.c, by Bob Jenkins, May 2006, Public Domain. + * This code is based on MurmurHash3.cpp from Austin Appleby and is placed in + * the public domain. * - * These are functions for producing 32-bit hashes for hash table lookup. - * jhash_word(), jhash_le(), jhash_be(), mix(), and final() are externally useful - * functions. Routines to test the hash are included if SELF_TEST is defined. - * You can use this free for any purpose. It's in the public domain. It has - * no warranty. + * https://github.com/aappleby/smhasher * - * You probably want to use jhash_le(). jhash_le() and jhash_be() hash byte - * arrays. jhash_le() is is faster than jhash_be() on little-endian machines. - * Intel and AMD are little-endian machines. - * - * If you want to find a hash of, say, exactly 7 integers, do - * a = i1; b = i2; c = i3; - * mix(a,b,c); - * a += i4; b += i5; c += i6; - * mix(a,b,c); - * a += i7; - * final(a,b,c); - * - * then use c as the hash value. If you have a variable length array of - * 4-byte integers to hash, use jhash_word(). If you have a byte array (like - * a character string), use jhash_le(). If you have several byte arrays, or - * a mix of things, see the comments above jhash_le(). - * - * Why is this so big? I read 12 bytes at a time into 3 4-byte integers, then - * mix those integers. This is fast (you can do a lot more thorough mixing - * with 12*3 instructions on 3 integers than you can with 3 instructions on 1 - * byte), but shoehorning those bytes into integers efficiently is messy. */ -#include +#include +#include -#include "arch.h" #include "hash.h" -#define hashsize(n) ((uint32_t)1<<(n)) -#define hashmask(n) (hashsize(n)-1) -#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) - -/** - * Mix 3 32-bit values reversibly - * @param a 32-bit value - * @param b 32-bit value - * @param c 32-bit value - * - * This is reversible, so any information in (a,b,c) before mix() is still - * in (a,b,c) after mix(). - * - * If four pairs of (a,b,c) inputs are run through mix(), or through mix() in - * reverse, there are at least 32 bits of the output that are sometimes the - * same for one pair and different for another pair. - * - * This was tested for: - * - pairs that differed by one bit, by two bits, in any combination of top - * bits of (a,b,c), or in any combination of bottom bits of (a,b,c). - * - "differ" is defined as +, -, ^, or ~^. For + and -, I transformed the - * output delta to a Gray code (a^(a>>1)) so a string of 1's (as is commonly - * produced by subtraction) look like a single 1-bit difference. - * - the base values were pseudorandom, all zero but one bit set, or all zero - * plus a counter that starts at zero. - * - * Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that - * satisfy this are - * 4 6 8 16 19 4 - * 9 15 3 18 27 15 - * 14 9 3 7 17 3 - * - * Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing for "differ" - * defined as + with a one-bit base and a two-bit delta. I used - * http://burtleburtle.net/bob/hash/avalanche.html to choose the operations, - * constants, and arrangements of the variables. - * - * This does not achieve avalanche. There are input bits of (a,b,c) that fail - * to affect some output bits of (a,b,c), especially of a. The most thoroughly - * mixed value is c, but it doesn't really even achieve avalanche in c. - * - * This allows some parallelism. Read-after-writes are good at doubling the - * number of bits affected, so the goal of mixing pulls in the opposite - * direction as the goal of parallelism. I did what I could. Rotates seem to - * cost as much as shifts on every machine I could lay my hands on, and rotates - * are much kinder to the top and bottom bits, so I used rotates. - * - */ -#define mix(a,b,c) \ - { \ - a -= c; a ^= rot(c, 4); c += b; \ - b -= a; b ^= rot(a, 6); a += c; \ - c -= b; c ^= rot(b, 8); b += a; \ - a -= c; a ^= rot(c,16); c += b; \ - b -= a; b ^= rot(a,19); a += c; \ - c -= b; c ^= rot(b, 4); b += a; \ - } - -/** - * Final mixing of 3 32-bit values (a,b,c) into c - * @param a 32-bit value - * @param b 32-bit value - * @param c 32-bit value - * - * Pairs of (a,b,c) values differing in only a few bits will usually produce - * values of c that look totally different. This was tested for: - * - pairs that differed by one bit, by two bits, in any combination of top - * bits of (a,b,c), or in any combination of bottom bits of (a,b,c). - * - "differ" is defined as +, -, ^, or ~^. For + and -, I transformed the - * output delta to a Gray code (a^(a>>1)) so a string of 1's (as is commonly - * produced by subtraction) look like a single 1-bit difference. - * - the base values were pseudorandom, all zero but one bit set, or all zero - * plus a counter that starts at zero. - * - * These constants passed: - * 14 11 25 16 4 14 24 - * 12 14 25 16 4 14 24 - * and these came close: - * 4 8 15 26 3 22 24 - * 10 8 15 26 3 22 24 - * 11 8 15 26 3 22 24 - * - */ -#define final(a,b,c) \ - { \ - c ^= b; c -= rot(b,14); \ - a ^= c; a -= rot(c,11); \ - b ^= a; b -= rot(a,25); \ - c ^= b; c -= rot(b,16); \ - a ^= c; a -= rot(c,4); \ - b ^= a; b -= rot(a,14); \ - c ^= b; c -= rot(b,24); \ - } - -/** - * Hash an array of 32-bit values - * @param k the key, an array of uint32_t values - * @param length the number of array elements - * @param initval the previous hash, or an arbitrary value - * - * This works on all machines. To be useful, it requires: - * - that the key be an array of uint32_t's, and - * - that the length be the number of uint32_t's in the key - * - * The function jhash_word() is identical to jhash_le() on little-endian - * machines, and identical to jhash_be() on big-endian machines, except that - * the length has to be measured in uint32_ts rather than in bytes. jhash_le() - * is more complicated than jhash_word() only because jhash_le() has to dance - * around fitting the key bytes into registers. - * - */ -static uint32_t jhash_word(const uint32_t *k, size_t length, uint32_t initval) +static inline uint32_t getblock32(const uint32_t *p, int i) { - uint32_t a, b, c; - - /* set up the internal state */ - a = b = c = 0xdeadbeef + (((uint32_t)length) << 2) + initval; - - /* handle most of the key */ - while (length > 3) { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a, b, c); - length -= 3; - k += 3; - } - - /* handle the last 3 uint32_t's */ - switch(length) { - case 3 : - c += k[2]; - case 2 : - b += k[1]; - case 1 : - a += k[0]; - final(a, b, c); - case 0: - /* nothing left to add */ - break; - } - - return c; + return p[i]; } -/** - * Hash a variable-length key into a 32-bit value - * @param key the key (the unaligned variable-length array of bytes) - * @param length the length of the key, counting by bytes - * @param initval can be any 4-byte value - * - * Returns a 32-bit value. Every bit of the key affects every bit of the - * return value. Two keys differing by one or two bits will have totally - * different hash values. - * - * The best hash table sizes are powers of 2. There is no need to do mod a - * prime (mod is sooo slow!). If you need less than 32 bits, use a bitmask. - * For example, if you need only 10 bits, do: - * h = (h & hashmask(10)); - * In which case, the hash table should have hashsize(10) elements. - * - * If you are hashing n strings (uint8_t **)k, do it like this: - * for (i=0, h=0; iendian == ARCH_ENDIAN_LITTLE) && - ((u.i & 0x3) == 0)) { - /* read 32-bit chunks */ - const uint32_t *k = (const uint32_t *)key; - - while (length > 12) { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a, b, c); - length -= 12; - k += 3; - } - - /* "k[2]&0xffffff" actually reads beyond the end of the string, - * but then masks off the part it's not allowed to read. - * Because the string is aligned, the masked-off tail is in the - * same word as the rest of the string. Every machine with - * memory protection I've seen does it on word boundaries, so - * is OK with this. But VALGRIND will still catch it and - * complain. The masking trick does make the hash noticably - * faster for short strings (like English words). */ -#ifndef VALGRIND - - switch(length) { - case 12: - c += k[2]; - b += k[1]; - a += k[0]; - break; - case 11: - c += k[2] & 0xffffff; - b += k[1]; - a += k[0]; - break; - case 10: - c += k[2] & 0xffff; - b += k[1]; - a += k[0]; - break; - case 9 : - c += k[2] & 0xff; - b += k[1]; - a += k[0]; - break; - case 8 : - b += k[1]; - a += k[0]; - break; - case 7 : - b += k[1] & 0xffffff; - a += k[0]; - break; - case 6 : - b += k[1] & 0xffff; - a += k[0]; - break; - case 5 : - b += k[1] & 0xff; - a += k[0]; - break; - case 4 : - a += k[0]; - break; - case 3 : - a += k[0] & 0xffffff; - break; - case 2 : - a += k[0] & 0xffff; - break; - case 1 : - a += k[0] & 0xff; - break; - case 0 : - /* zero length strings require no mixing */ - return c; - } - -#else /* make valgrind happy */ - - k8 = (const uint8_t *)k; - switch(length) { - case 12: - c += k[2]; - b += k[1]; - a += k[0]; - break; - case 11: - c += ((uint32_t)k8[10]) << 16; - case 10: - c += ((uint32_t)k8[9]) << 8; - case 9 : - c += k8[8]; - case 8 : - b += k[1]; - a += k[0]; - break; - case 7 : - b += ((uint32_t)k8[6]) << 16; - case 6 : - b += ((uint32_t)k8[5]) << 8; - case 5 : - b += k8[4]; - case 4 : - a += k[0]; - break; - case 3 : - a += ((uint32_t)k8[2]) << 16; - case 2 : - a += ((uint32_t)k8[1]) << 8; - case 1 : - a += k8[0]; - break; - case 0 : - return c; - } - -#endif /* !valgrind */ - - } else if ((arch_def_native->endian == ARCH_ENDIAN_LITTLE) && - ((u.i & 0x1) == 0)) { - /* read 16-bit chunks */ - const uint16_t *k = (const uint16_t *)key; - const uint8_t *k8; - - while (length > 12) { - a += k[0] + (((uint32_t)k[1]) << 16); - b += k[2] + (((uint32_t)k[3]) << 16); - c += k[4] + (((uint32_t)k[5]) << 16); - mix(a, b, c); - length -= 12; - k += 6; - } - - k8 = (const uint8_t *)k; - switch(length) { - case 12: - c += k[4] + (((uint32_t)k[5]) << 16); - b += k[2] + (((uint32_t)k[3]) << 16); - a += k[0] + (((uint32_t)k[1]) << 16); - break; - case 11: - c += ((uint32_t)k8[10]) << 16; - case 10: - c += k[4]; - b += k[2] + (((uint32_t)k[3]) << 16); - a += k[0] + (((uint32_t)k[1]) << 16); - break; - case 9 : - c += k8[8]; - case 8 : - b += k[2] + (((uint32_t)k[3]) << 16); - a += k[0] + (((uint32_t)k[1]) << 16); - break; - case 7 : - b += ((uint32_t)k8[6]) << 16; - case 6 : - b += k[2]; - a += k[0] + (((uint32_t)k[1]) << 16); - break; - case 5 : - b += k8[4]; - case 4 : - a += k[0] + (((uint32_t)k[1]) << 16); - break; - case 3 : - a += ((uint32_t)k8[2]) << 16; - case 2 : - a += k[0]; - break; - case 1 : - a += k8[0]; - break; - case 0 : - /* zero length requires no mixing */ - return c; - } - - } else { - /* need to read the key one byte at a time */ - const uint8_t *k = (const uint8_t *)key; - - while (length > 12) { - a += k[0]; - a += ((uint32_t)k[1]) << 8; - a += ((uint32_t)k[2]) << 16; - a += ((uint32_t)k[3]) << 24; - b += k[4]; - b += ((uint32_t)k[5]) << 8; - b += ((uint32_t)k[6]) << 16; - b += ((uint32_t)k[7]) << 24; - c += k[8]; - c += ((uint32_t)k[9]) << 8; - c += ((uint32_t)k[10]) << 16; - c += ((uint32_t)k[11]) << 24; - mix(a, b, c); - length -= 12; - k += 12; - } - - switch(length) { - case 12: - c += ((uint32_t)k[11]) << 24; - case 11: - c += ((uint32_t)k[10]) << 16; - case 10: - c += ((uint32_t)k[9]) << 8; - case 9 : - c += k[8]; - case 8 : - b += ((uint32_t)k[7]) << 24; - case 7 : - b += ((uint32_t)k[6]) << 16; - case 6 : - b += ((uint32_t)k[5]) << 8; - case 5 : - b += k[4]; - case 4 : - a += ((uint32_t)k[3]) << 24; - case 3 : - a += ((uint32_t)k[2]) << 16; - case 2 : - a += ((uint32_t)k[1]) << 8; - case 1 : - a += k[0]; - break; - case 0 : - return c; - } - } - - final(a, b, c); - return c; + return (x << r) | (x >> (32 - r)); } -/** - * Hash a variable-length key into a 32-bit value - * @param key the key (the unaligned variable-length array of bytes) - * @param length the length of the key, counting by bytes - * @param initval can be any 4-byte value - * - * This is the same as jhash_word() on big-endian machines. It is different - * from jhash_le() on all machines. jhash_be() takes advantage of big-endian - * byte ordering. - * - */ -static uint32_t jhash_be( const void *key, size_t length, uint32_t initval) +static inline uint32_t fmix32(uint32_t h) { - uint32_t a, b, c; - union { - const void *ptr; - size_t i; - } u; /* to cast key to (size_t) happily */ - - /* set up the internal state */ - a = b = c = 0xdeadbeef + ((uint32_t)length) + initval; - - u.ptr = key; - if ((arch_def_native->endian == ARCH_ENDIAN_BIG) && - ((u.i & 0x3) == 0)) { - /* read 32-bit chunks */ - const uint32_t *k = (const uint32_t *)key; - - while (length > 12) { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a, b, c); - length -= 12; - k += 3; - } - - /* "k[2]<<8" actually reads beyond the end of the string, but - * then shifts out the part it's not allowed to read. Because - * the string is aligned, the illegal read is in the same word - * as the rest of the string. Every machine with memory - * protection I've seen does it on word boundaries, so is OK - * with this. But VALGRIND will still catch it and complain. - * The masking trick does make the hash noticably faster for - * short strings (like English words). */ -#ifndef VALGRIND - - switch(length) { - case 12: - c += k[2]; - b += k[1]; - a += k[0]; - break; - case 11: - c += k[2] & 0xffffff00; - b += k[1]; - a += k[0]; - break; - case 10: - c += k[2] & 0xffff0000; - b += k[1]; - a += k[0]; - break; - case 9 : - c += k[2] & 0xff000000; - b += k[1]; - a += k[0]; - break; - case 8 : - b += k[1]; - a += k[0]; - break; - case 7 : - b += k[1] & 0xffffff00; - a += k[0]; - break; - case 6 : - b += k[1] & 0xffff0000; - a += k[0]; - break; - case 5 : - b += k[1] & 0xff000000; - a += k[0]; - break; - case 4 : - a += k[0]; - break; - case 3 : - a += k[0] & 0xffffff00; - break; - case 2 : - a += k[0] & 0xffff0000; - break; - case 1 : - a += k[0] & 0xff000000; - break; - case 0 : - /* zero length strings require no mixing */ - return c; - } - -#else /* make valgrind happy */ - - k8 = (const uint8_t *)k; - switch(length) { - case 12: - c += k[2]; - b += k[1]; - a += k[0]; - break; - case 11: - c += ((uint32_t)k8[10]) << 8; - case 10: - c += ((uint32_t)k8[9]) << 16; - case 9 : - c += ((uint32_t)k8[8]) << 24; - case 8 : - b += k[1]; - a += k[0]; - break; - case 7 : - b += ((uint32_t)k8[6]) << 8; - case 6 : - b += ((uint32_t)k8[5]) << 16; - case 5 : - b += ((uint32_t)k8[4]) << 24; - case 4 : - a += k[0]; - break; - case 3 : - a += ((uint32_t)k8[2]) << 8; - case 2 : - a += ((uint32_t)k8[1]) << 16; - case 1 : - a += ((uint32_t)k8[0]) << 24; - break; - case 0 : - return c; - } - -#endif /* !VALGRIND */ - - } else { - /* need to read the key one byte at a time */ - const uint8_t *k = (const uint8_t *)key; - - while (length > 12) { - a += ((uint32_t)k[0]) << 24; - a += ((uint32_t)k[1]) << 16; - a += ((uint32_t)k[2]) << 8; - a += ((uint32_t)k[3]); - b += ((uint32_t)k[4]) << 24; - b += ((uint32_t)k[5]) << 16; - b += ((uint32_t)k[6]) << 8; - b += ((uint32_t)k[7]); - c += ((uint32_t)k[8]) << 24; - c += ((uint32_t)k[9]) << 16; - c += ((uint32_t)k[10]) << 8; - c += ((uint32_t)k[11]); - mix(a, b, c); - length -= 12; - k += 12; - } - - switch(length) { - case 12: - c += k[11]; - case 11: - c += ((uint32_t)k[10]) << 8; - case 10: - c += ((uint32_t)k[9]) << 16; - case 9 : - c += ((uint32_t)k[8]) << 24; - case 8 : - b += k[7]; - case 7 : - b += ((uint32_t)k[6]) << 8; - case 6 : - b += ((uint32_t)k[5]) << 16; - case 5 : - b += ((uint32_t)k[4]) << 24; - case 4 : - a += k[3]; - case 3 : - a += ((uint32_t)k[2]) << 8; - case 2 : - a += ((uint32_t)k[1]) << 16; - case 1 : - a += ((uint32_t)k[0]) << 24; - break; - case 0 : - return c; - } - } + h ^= h >> 16; + h *= 0x85ebca6b; + h ^= h >> 13; + h *= 0xc2b2ae35; + h ^= h >> 16; - final(a, b, c); - return c; + return h; } -/** - * Hash a variable-length key into a 32-bit value - * @param key the key (the unaligned variable-length array of bytes) - * @param length the length of the key, counting by bytes - * @param initval can be any 4-byte value - * - * A small wrapper function that selects the proper hash function based on the - * native machine's byte-ordering. - * - */ -uint32_t jhash(const void *key, size_t length, uint32_t initval) +/* NOTE: this is an implementation of MurmurHash3_x86_32 */ +uint32_t hash(const void *key, size_t length) { - if (length % sizeof(uint32_t) == 0) - return jhash_word(key, (length / sizeof(uint32_t)), initval); - else if (arch_def_native->endian == ARCH_ENDIAN_BIG) - return jhash_be(key, length, initval); - else - return jhash_le(key, length, initval); + const uint8_t *data = (const uint8_t *)key; + const uint32_t *blocks; + const uint8_t *tail; + const int nblocks = length / 4; + const uint32_t c1 = 0xcc9e2d51; + const uint32_t c2 = 0x1b873593; + uint32_t k1; + uint32_t k2 = 0; + int i; + + /* NOTE: we always force a seed of 0 */ + uint32_t h1 = 0; + + /* body */ + blocks = (const uint32_t *)(data + nblocks * 4); + for(i = -nblocks; i; i++) { + k1 = getblock32(blocks, i); + + k1 *= c1; + k1 = rotl32(k1, 15); + k1 *= c2; + + h1 ^= k1; + h1 = rotl32(h1, 13); + h1 = h1 * 5 + 0xe6546b64; + } + + /* tail */ + tail = (const uint8_t *)(data + nblocks * 4); + switch(length & 3) { + case 3: + k2 ^= tail[2] << 16; + case 2: + k2 ^= tail[1] << 8; + case 1: + k2 ^= tail[0]; + k2 *= c1; + k2 = rotl32(k2, 15); + k2 *= c2; + h1 ^= k2; + }; + + /* finalization */ + h1 ^= length; + h1 = fmix32(h1); + + return h1; } diff -Nru libseccomp-2.3.1/src/hash.h libseccomp-2.4.1/src/hash.h --- libseccomp-2.3.1/src/hash.h 2016-02-11 18:32:39.778670411 +0000 +++ libseccomp-2.4.1/src/hash.h 2019-04-16 16:19:07.247933573 +0000 @@ -1,18 +1,8 @@ /** - * The "lookup3.c" Hash Implementation from Bob Jenkins + * Seccomp Library hash code * - * Original Author: Bob Jenkins - * Source: http://burtleburtle.net/bob/c/lookup3.c - */ - -/* - * Original License: + * See hash.c for information on the implementation. * - * These are functions for producing 32-bit hashes for hash table lookup. - * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() - * are externally useful functions. Routines to test the hash are included - * if SELF_TEST is defined. You can use this free for any purpose. It's in - * the public domain. It has no warranty. */ #ifndef _HASH_H @@ -20,7 +10,7 @@ #include -uint32_t jhash(const void *key, size_t length, uint32_t initval); +uint32_t hash(const void *key, size_t length); #endif diff -Nru libseccomp-2.3.1/src/helper.c libseccomp-2.4.1/src/helper.c --- libseccomp-2.3.1/src/helper.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/src/helper.c 2019-04-16 16:19:07.057932584 +0000 @@ -0,0 +1,49 @@ +/** + * Helper functions for libseccomp + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include "helper.h" + +/** + * Allocate memory + * @param size the size of the buffer to allocate + * + * This function allocates a buffer of the given size, initializes it to zero, + * and returns a pointer to buffer on success. NULL is returned on failure. + * + */ +void *zmalloc(size_t size) +{ + void *ptr; + + /* NOTE: unlike malloc() zero size allocations always return NULL */ + if (size == 0) + return NULL; + + ptr = malloc(size); + if (!ptr) + return NULL; + memset(ptr, 0, size); + + return ptr; +} diff -Nru libseccomp-2.3.1/src/helper.h libseccomp-2.4.1/src/helper.h --- libseccomp-2.3.1/src/helper.h 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/src/helper.h 2019-04-16 16:19:07.257933625 +0000 @@ -0,0 +1,27 @@ +/** + * Helper functions for libseccomp + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _FILTER_HELPER_H +#define _FILTER_HELPER_H + +void *zmalloc(size_t size); + +#endif diff -Nru libseccomp-2.3.1/src/Makefile.am libseccomp-2.4.1/src/Makefile.am --- libseccomp-2.3.1/src/Makefile.am 2016-02-26 19:38:52.943505996 +0000 +++ libseccomp-2.4.1/src/Makefile.am 2018-12-03 23:53:10.180642380 +0000 @@ -16,13 +16,17 @@ # along with this library; if not, see . # +@CODE_COVERAGE_RULES@ + +CODE_COVERAGE_IGNORE_PATTERN = /usr/include/bits/* */arch-syscall-check.c + SUBDIRS = . if ENABLE_PYTHON SUBDIRS += python endif SOURCES_ALL = \ - api.c system.h system.c \ + api.c system.h system.c helper.h helper.c \ gen_pfc.h gen_pfc.c gen_bpf.h gen_bpf.c \ hash.h hash.c \ db.h db.c \ @@ -35,6 +39,7 @@ arch-mips.h arch-mips.c arch-mips-syscalls.c \ arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \ arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \ + arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \ arch-s390.h arch-s390.c arch-s390-syscalls.c \ @@ -51,11 +56,15 @@ arch_syscall_dump_SOURCES = arch-syscall-dump.c ${SOURCES_ALL} arch_syscall_check_SOURCES = arch-syscall-check.c ${SOURCES_ALL} +arch_syscall_check_CFLAGS = ${CODE_COVERAGE_CFLAGS} +arch_syscall_check_LDFLAGS = ${CODE_COVERAGE_LDFLAGS} libseccomp_la_SOURCES = ${SOURCES_ALL} -libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} -I${top_builddir}/include -libseccomp_la_CFLAGS = ${AM_CFLAGS} ${CFLAGS} -fPIC -DPIC -fvisibility=hidden -libseccomp_la_LDFLAGS = ${AM_LDFLAGS} ${LDFLAGS} \ +libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} ${CODE_COVERAGE_CPPFLAGS} \ + -I${top_builddir}/include +libseccomp_la_CFLAGS = ${AM_CFLAGS} ${CODE_COVERAGE_CFLAGS} ${CFLAGS} \ + -fPIC -DPIC -fvisibility=hidden +libseccomp_la_LDFLAGS = ${AM_LDFLAGS} ${CODE_COVERAGE_LDFLAGS} ${LDFLAGS} \ -version-number ${VERSION_MAJOR}:${VERSION_MINOR}:${VERSION_MICRO} check-build: diff -Nru libseccomp-2.3.1/src/Makefile.in libseccomp-2.4.1/src/Makefile.in --- libseccomp-2.3.1/src/Makefile.in 2016-04-20 20:11:08.920211382 +0000 +++ libseccomp-2.4.1/src/Makefile.in 2019-04-17 21:02:40.632939002 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -33,7 +33,17 @@ # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -101,15 +111,14 @@ check_PROGRAMS = arch-syscall-check$(EXEEXT) \ arch-syscall-dump$(EXEEXT) subdir = src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/configure.h CONFIG_CLEAN_FILES = @@ -145,10 +154,10 @@ LTLIBRARIES = $(lib_LTLIBRARIES) libseccomp_la_LIBADD = am__objects_1 = libseccomp_la-api.lo libseccomp_la-system.lo \ - libseccomp_la-gen_pfc.lo libseccomp_la-gen_bpf.lo \ - libseccomp_la-hash.lo libseccomp_la-db.lo \ - libseccomp_la-arch.lo libseccomp_la-arch-x86.lo \ - libseccomp_la-arch-x86-syscalls.lo \ + libseccomp_la-helper.lo libseccomp_la-gen_pfc.lo \ + libseccomp_la-gen_bpf.lo libseccomp_la-hash.lo \ + libseccomp_la-db.lo libseccomp_la-arch.lo \ + libseccomp_la-arch-x86.lo libseccomp_la-arch-x86-syscalls.lo \ libseccomp_la-arch-x86_64.lo \ libseccomp_la-arch-x86_64-syscalls.lo \ libseccomp_la-arch-x32.lo libseccomp_la-arch-x32-syscalls.lo \ @@ -160,6 +169,8 @@ libseccomp_la-arch-mips64-syscalls.lo \ libseccomp_la-arch-mips64n32.lo \ libseccomp_la-arch-mips64n32-syscalls.lo \ + libseccomp_la-arch-parisc.lo libseccomp_la-arch-parisc64.lo \ + libseccomp_la-arch-parisc-syscalls.lo \ libseccomp_la-arch-ppc.lo libseccomp_la-arch-ppc-syscalls.lo \ libseccomp_la-arch-ppc64.lo \ libseccomp_la-arch-ppc64-syscalls.lo \ @@ -175,26 +186,68 @@ libseccomp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libseccomp_la_CFLAGS) \ $(CFLAGS) $(libseccomp_la_LDFLAGS) $(LDFLAGS) -o $@ -am__objects_2 = api.$(OBJEXT) system.$(OBJEXT) gen_pfc.$(OBJEXT) \ - gen_bpf.$(OBJEXT) hash.$(OBJEXT) db.$(OBJEXT) arch.$(OBJEXT) \ - arch-x86.$(OBJEXT) arch-x86-syscalls.$(OBJEXT) \ - arch-x86_64.$(OBJEXT) arch-x86_64-syscalls.$(OBJEXT) \ - arch-x32.$(OBJEXT) arch-x32-syscalls.$(OBJEXT) \ - arch-arm.$(OBJEXT) arch-arm-syscalls.$(OBJEXT) \ - arch-aarch64.$(OBJEXT) arch-aarch64-syscalls.$(OBJEXT) \ - arch-mips.$(OBJEXT) arch-mips-syscalls.$(OBJEXT) \ - arch-mips64.$(OBJEXT) arch-mips64-syscalls.$(OBJEXT) \ - arch-mips64n32.$(OBJEXT) arch-mips64n32-syscalls.$(OBJEXT) \ +am__objects_2 = arch_syscall_check-api.$(OBJEXT) \ + arch_syscall_check-system.$(OBJEXT) \ + arch_syscall_check-helper.$(OBJEXT) \ + arch_syscall_check-gen_pfc.$(OBJEXT) \ + arch_syscall_check-gen_bpf.$(OBJEXT) \ + arch_syscall_check-hash.$(OBJEXT) \ + arch_syscall_check-db.$(OBJEXT) \ + arch_syscall_check-arch.$(OBJEXT) \ + arch_syscall_check-arch-x86.$(OBJEXT) \ + arch_syscall_check-arch-x86-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-x86_64.$(OBJEXT) \ + arch_syscall_check-arch-x86_64-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-x32.$(OBJEXT) \ + arch_syscall_check-arch-x32-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-arm.$(OBJEXT) \ + arch_syscall_check-arch-arm-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-aarch64.$(OBJEXT) \ + arch_syscall_check-arch-aarch64-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-mips.$(OBJEXT) \ + arch_syscall_check-arch-mips-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-mips64.$(OBJEXT) \ + arch_syscall_check-arch-mips64-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-mips64n32.$(OBJEXT) \ + arch_syscall_check-arch-mips64n32-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-parisc.$(OBJEXT) \ + arch_syscall_check-arch-parisc64.$(OBJEXT) \ + arch_syscall_check-arch-parisc-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-ppc.$(OBJEXT) \ + arch_syscall_check-arch-ppc-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-ppc64.$(OBJEXT) \ + arch_syscall_check-arch-ppc64-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-s390.$(OBJEXT) \ + arch_syscall_check-arch-s390-syscalls.$(OBJEXT) \ + arch_syscall_check-arch-s390x.$(OBJEXT) \ + arch_syscall_check-arch-s390x-syscalls.$(OBJEXT) +am_arch_syscall_check_OBJECTS = \ + arch_syscall_check-arch-syscall-check.$(OBJEXT) \ + $(am__objects_2) +arch_syscall_check_OBJECTS = $(am_arch_syscall_check_OBJECTS) +arch_syscall_check_LDADD = $(LDADD) +arch_syscall_check_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(arch_syscall_check_CFLAGS) $(CFLAGS) \ + $(arch_syscall_check_LDFLAGS) $(LDFLAGS) -o $@ +am__objects_3 = api.$(OBJEXT) system.$(OBJEXT) helper.$(OBJEXT) \ + gen_pfc.$(OBJEXT) gen_bpf.$(OBJEXT) hash.$(OBJEXT) \ + db.$(OBJEXT) arch.$(OBJEXT) arch-x86.$(OBJEXT) \ + arch-x86-syscalls.$(OBJEXT) arch-x86_64.$(OBJEXT) \ + arch-x86_64-syscalls.$(OBJEXT) arch-x32.$(OBJEXT) \ + arch-x32-syscalls.$(OBJEXT) arch-arm.$(OBJEXT) \ + arch-arm-syscalls.$(OBJEXT) arch-aarch64.$(OBJEXT) \ + arch-aarch64-syscalls.$(OBJEXT) arch-mips.$(OBJEXT) \ + arch-mips-syscalls.$(OBJEXT) arch-mips64.$(OBJEXT) \ + arch-mips64-syscalls.$(OBJEXT) arch-mips64n32.$(OBJEXT) \ + arch-mips64n32-syscalls.$(OBJEXT) arch-parisc.$(OBJEXT) \ + arch-parisc64.$(OBJEXT) arch-parisc-syscalls.$(OBJEXT) \ arch-ppc.$(OBJEXT) arch-ppc-syscalls.$(OBJEXT) \ arch-ppc64.$(OBJEXT) arch-ppc64-syscalls.$(OBJEXT) \ arch-s390.$(OBJEXT) arch-s390-syscalls.$(OBJEXT) \ arch-s390x.$(OBJEXT) arch-s390x-syscalls.$(OBJEXT) -am_arch_syscall_check_OBJECTS = arch-syscall-check.$(OBJEXT) \ - $(am__objects_2) -arch_syscall_check_OBJECTS = $(am_arch_syscall_check_OBJECTS) -arch_syscall_check_LDADD = $(LDADD) am_arch_syscall_dump_OBJECTS = arch-syscall-dump.$(OBJEXT) \ - $(am__objects_2) + $(am__objects_3) arch_syscall_dump_OBJECTS = $(am_arch_syscall_dump_OBJECTS) arch_syscall_dump_LDADD = $(LDADD) AM_V_P = $(am__v_P_@AM_V@) @@ -211,7 +264,97 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/api.Po \ + ./$(DEPDIR)/arch-aarch64-syscalls.Po \ + ./$(DEPDIR)/arch-aarch64.Po ./$(DEPDIR)/arch-arm-syscalls.Po \ + ./$(DEPDIR)/arch-arm.Po ./$(DEPDIR)/arch-mips-syscalls.Po \ + ./$(DEPDIR)/arch-mips.Po ./$(DEPDIR)/arch-mips64-syscalls.Po \ + ./$(DEPDIR)/arch-mips64.Po \ + ./$(DEPDIR)/arch-mips64n32-syscalls.Po \ + ./$(DEPDIR)/arch-mips64n32.Po \ + ./$(DEPDIR)/arch-parisc-syscalls.Po ./$(DEPDIR)/arch-parisc.Po \ + ./$(DEPDIR)/arch-parisc64.Po ./$(DEPDIR)/arch-ppc-syscalls.Po \ + ./$(DEPDIR)/arch-ppc.Po ./$(DEPDIR)/arch-ppc64-syscalls.Po \ + ./$(DEPDIR)/arch-ppc64.Po ./$(DEPDIR)/arch-s390-syscalls.Po \ + ./$(DEPDIR)/arch-s390.Po ./$(DEPDIR)/arch-s390x-syscalls.Po \ + ./$(DEPDIR)/arch-s390x.Po ./$(DEPDIR)/arch-syscall-dump.Po \ + ./$(DEPDIR)/arch-x32-syscalls.Po ./$(DEPDIR)/arch-x32.Po \ + ./$(DEPDIR)/arch-x86-syscalls.Po ./$(DEPDIR)/arch-x86.Po \ + ./$(DEPDIR)/arch-x86_64-syscalls.Po ./$(DEPDIR)/arch-x86_64.Po \ + ./$(DEPDIR)/arch.Po ./$(DEPDIR)/arch_syscall_check-api.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-aarch64.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-arm.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-mips.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-mips64.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-mips64n32.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-parisc.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-parisc64.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-ppc.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-ppc64.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-s390.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-s390x.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-syscall-check.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-x32.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-x86.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Po \ + ./$(DEPDIR)/arch_syscall_check-arch-x86_64.Po \ + ./$(DEPDIR)/arch_syscall_check-arch.Po \ + ./$(DEPDIR)/arch_syscall_check-db.Po \ + ./$(DEPDIR)/arch_syscall_check-gen_bpf.Po \ + ./$(DEPDIR)/arch_syscall_check-gen_pfc.Po \ + ./$(DEPDIR)/arch_syscall_check-hash.Po \ + ./$(DEPDIR)/arch_syscall_check-helper.Po \ + ./$(DEPDIR)/arch_syscall_check-system.Po ./$(DEPDIR)/db.Po \ + ./$(DEPDIR)/gen_bpf.Po ./$(DEPDIR)/gen_pfc.Po \ + ./$(DEPDIR)/hash.Po ./$(DEPDIR)/helper.Po \ + ./$(DEPDIR)/libseccomp_la-api.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-aarch64-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-aarch64.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-arm-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-arm.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-mips-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-mips.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-mips64-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-mips64.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-mips64n32-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-mips64n32.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-parisc.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-parisc64.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-ppc.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-ppc64.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-s390.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-s390x.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-x32-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-x32.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-x86-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-x86.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-x86_64-syscalls.Plo \ + ./$(DEPDIR)/libseccomp_la-arch-x86_64.Plo \ + ./$(DEPDIR)/libseccomp_la-arch.Plo \ + ./$(DEPDIR)/libseccomp_la-db.Plo \ + ./$(DEPDIR)/libseccomp_la-gen_bpf.Plo \ + ./$(DEPDIR)/libseccomp_la-gen_pfc.Plo \ + ./$(DEPDIR)/libseccomp_la-hash.Plo \ + ./$(DEPDIR)/libseccomp_la-helper.Plo \ + ./$(DEPDIR)/libseccomp_la-system.Plo ./$(DEPDIR)/system.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -255,7 +398,7 @@ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir + distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -298,6 +441,8 @@ fi; \ } DIST_SUBDIRS = . python +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -338,6 +483,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -352,12 +503,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -384,6 +538,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -436,9 +595,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -447,9 +610,10 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +CODE_COVERAGE_IGNORE_PATTERN = /usr/include/bits/* */arch-syscall-check.c SUBDIRS = . $(am__append_1) SOURCES_ALL = \ - api.c system.h system.c \ + api.c system.h system.c helper.h helper.c \ gen_pfc.h gen_pfc.c gen_bpf.h gen_bpf.c \ hash.h hash.c \ db.h db.c \ @@ -462,6 +626,7 @@ arch-mips.h arch-mips.c arch-mips-syscalls.c \ arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \ arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \ + arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \ arch-s390.h arch-s390.c arch-s390-syscalls.c \ @@ -471,10 +636,16 @@ lib_LTLIBRARIES = libseccomp.la arch_syscall_dump_SOURCES = arch-syscall-dump.c ${SOURCES_ALL} arch_syscall_check_SOURCES = arch-syscall-check.c ${SOURCES_ALL} +arch_syscall_check_CFLAGS = ${CODE_COVERAGE_CFLAGS} +arch_syscall_check_LDFLAGS = ${CODE_COVERAGE_LDFLAGS} libseccomp_la_SOURCES = ${SOURCES_ALL} -libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} -I${top_builddir}/include -libseccomp_la_CFLAGS = ${AM_CFLAGS} ${CFLAGS} -fPIC -DPIC -fvisibility=hidden -libseccomp_la_LDFLAGS = ${AM_LDFLAGS} ${LDFLAGS} \ +libseccomp_la_CPPFLAGS = ${AM_CPPFLAGS} ${CODE_COVERAGE_CPPFLAGS} \ + -I${top_builddir}/include + +libseccomp_la_CFLAGS = ${AM_CFLAGS} ${CODE_COVERAGE_CFLAGS} ${CFLAGS} \ + -fPIC -DPIC -fvisibility=hidden + +libseccomp_la_LDFLAGS = ${AM_LDFLAGS} ${CODE_COVERAGE_LDFLAGS} ${LDFLAGS} \ -version-number ${VERSION_MAJOR}:${VERSION_MINOR}:${VERSION_MICRO} all: all-recursive @@ -493,14 +664,13 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -512,6 +682,15 @@ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ @@ -550,18 +729,9 @@ libseccomp.la: $(libseccomp_la_OBJECTS) $(libseccomp_la_DEPENDENCIES) $(EXTRA_libseccomp_la_DEPENDENCIES) $(AM_V_CCLD)$(libseccomp_la_LINK) -rpath $(libdir) $(libseccomp_la_OBJECTS) $(libseccomp_la_LIBADD) $(LIBS) -clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list - arch-syscall-check$(EXEEXT): $(arch_syscall_check_OBJECTS) $(arch_syscall_check_DEPENDENCIES) $(EXTRA_arch_syscall_check_DEPENDENCIES) @rm -f arch-syscall-check$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(arch_syscall_check_OBJECTS) $(arch_syscall_check_LDADD) $(LIBS) + $(AM_V_CCLD)$(arch_syscall_check_LINK) $(arch_syscall_check_OBJECTS) $(arch_syscall_check_LDADD) $(LIBS) arch-syscall-dump$(EXEEXT): $(arch_syscall_dump_OBJECTS) $(arch_syscall_dump_DEPENDENCIES) $(EXTRA_arch_syscall_dump_DEPENDENCIES) @rm -f arch-syscall-dump$(EXEEXT) @@ -573,70 +743,119 @@ distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-aarch64-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-aarch64.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-arm-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-arm.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64n32-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64n32.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc64-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc64.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390x-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390x.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-syscall-check.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-syscall-dump.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x32-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x32.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86_64-syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86_64.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_bpf.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_pfc.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-api.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-aarch64-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-aarch64.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-arm-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-arm.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64n32-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64n32.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc64.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390x.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x32-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x32.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86_64-syscalls.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86_64.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-db.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-gen_bpf.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-gen_pfc.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-hash.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-system.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-aarch64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-aarch64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-arm-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-arm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64n32-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-mips64n32.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-parisc-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-parisc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-parisc64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-ppc64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390x-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-s390x.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-syscall-dump.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x32-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x32.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86_64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch-x86_64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-api.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-aarch64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-arm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-mips.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-mips64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-mips64n32.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-parisc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-parisc64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-ppc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-ppc64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-s390.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-s390x.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-syscall-check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-x32.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-x86.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch-x86_64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-arch.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-db.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-gen_bpf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-gen_pfc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-hash.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-helper.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arch_syscall_check-system.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_bpf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_pfc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-api.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-aarch64-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-aarch64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-arm-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-arm.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64n32-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-mips64n32.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-parisc.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-parisc64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-ppc64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-s390x.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x32-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x32.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86_64-syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch-x86_64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-arch.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-db.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-gen_bpf.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-gen_pfc.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-hash.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-helper.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libseccomp_la-system.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -676,6 +895,13 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-system.lo `test -f 'system.c' || echo '$(srcdir)/'`system.c +libseccomp_la-helper.lo: helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-helper.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-helper.Tpo -c -o libseccomp_la-helper.lo `test -f 'helper.c' || echo '$(srcdir)/'`helper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-helper.Tpo $(DEPDIR)/libseccomp_la-helper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='helper.c' object='libseccomp_la-helper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-helper.lo `test -f 'helper.c' || echo '$(srcdir)/'`helper.c + libseccomp_la-gen_pfc.lo: gen_pfc.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-gen_pfc.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-gen_pfc.Tpo -c -o libseccomp_la-gen_pfc.lo `test -f 'gen_pfc.c' || echo '$(srcdir)/'`gen_pfc.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-gen_pfc.Tpo $(DEPDIR)/libseccomp_la-gen_pfc.Plo @@ -823,6 +1049,27 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-mips64n32-syscalls.lo `test -f 'arch-mips64n32-syscalls.c' || echo '$(srcdir)/'`arch-mips64n32-syscalls.c +libseccomp_la-arch-parisc.lo: arch-parisc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-parisc.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-parisc.Tpo -c -o libseccomp_la-arch-parisc.lo `test -f 'arch-parisc.c' || echo '$(srcdir)/'`arch-parisc.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-parisc.Tpo $(DEPDIR)/libseccomp_la-arch-parisc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc.c' object='libseccomp_la-arch-parisc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-parisc.lo `test -f 'arch-parisc.c' || echo '$(srcdir)/'`arch-parisc.c + +libseccomp_la-arch-parisc64.lo: arch-parisc64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-parisc64.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-parisc64.Tpo -c -o libseccomp_la-arch-parisc64.lo `test -f 'arch-parisc64.c' || echo '$(srcdir)/'`arch-parisc64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-parisc64.Tpo $(DEPDIR)/libseccomp_la-arch-parisc64.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc64.c' object='libseccomp_la-arch-parisc64.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-parisc64.lo `test -f 'arch-parisc64.c' || echo '$(srcdir)/'`arch-parisc64.c + +libseccomp_la-arch-parisc-syscalls.lo: arch-parisc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-parisc-syscalls.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Tpo -c -o libseccomp_la-arch-parisc-syscalls.lo `test -f 'arch-parisc-syscalls.c' || echo '$(srcdir)/'`arch-parisc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Tpo $(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc-syscalls.c' object='libseccomp_la-arch-parisc-syscalls.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-parisc-syscalls.lo `test -f 'arch-parisc-syscalls.c' || echo '$(srcdir)/'`arch-parisc-syscalls.c + libseccomp_la-arch-ppc.lo: arch-ppc.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -MT libseccomp_la-arch-ppc.lo -MD -MP -MF $(DEPDIR)/libseccomp_la-arch-ppc.Tpo -c -o libseccomp_la-arch-ppc.lo `test -f 'arch-ppc.c' || echo '$(srcdir)/'`arch-ppc.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libseccomp_la-arch-ppc.Tpo $(DEPDIR)/libseccomp_la-arch-ppc.Plo @@ -879,6 +1126,510 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libseccomp_la_CPPFLAGS) $(CPPFLAGS) $(libseccomp_la_CFLAGS) $(CFLAGS) -c -o libseccomp_la-arch-s390x-syscalls.lo `test -f 'arch-s390x-syscalls.c' || echo '$(srcdir)/'`arch-s390x-syscalls.c +arch_syscall_check-arch-syscall-check.o: arch-syscall-check.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-syscall-check.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-syscall-check.Tpo -c -o arch_syscall_check-arch-syscall-check.o `test -f 'arch-syscall-check.c' || echo '$(srcdir)/'`arch-syscall-check.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-syscall-check.Tpo $(DEPDIR)/arch_syscall_check-arch-syscall-check.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-syscall-check.c' object='arch_syscall_check-arch-syscall-check.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-syscall-check.o `test -f 'arch-syscall-check.c' || echo '$(srcdir)/'`arch-syscall-check.c + +arch_syscall_check-arch-syscall-check.obj: arch-syscall-check.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-syscall-check.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-syscall-check.Tpo -c -o arch_syscall_check-arch-syscall-check.obj `if test -f 'arch-syscall-check.c'; then $(CYGPATH_W) 'arch-syscall-check.c'; else $(CYGPATH_W) '$(srcdir)/arch-syscall-check.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-syscall-check.Tpo $(DEPDIR)/arch_syscall_check-arch-syscall-check.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-syscall-check.c' object='arch_syscall_check-arch-syscall-check.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-syscall-check.obj `if test -f 'arch-syscall-check.c'; then $(CYGPATH_W) 'arch-syscall-check.c'; else $(CYGPATH_W) '$(srcdir)/arch-syscall-check.c'; fi` + +arch_syscall_check-api.o: api.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-api.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-api.Tpo -c -o arch_syscall_check-api.o `test -f 'api.c' || echo '$(srcdir)/'`api.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-api.Tpo $(DEPDIR)/arch_syscall_check-api.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api.c' object='arch_syscall_check-api.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-api.o `test -f 'api.c' || echo '$(srcdir)/'`api.c + +arch_syscall_check-api.obj: api.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-api.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-api.Tpo -c -o arch_syscall_check-api.obj `if test -f 'api.c'; then $(CYGPATH_W) 'api.c'; else $(CYGPATH_W) '$(srcdir)/api.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-api.Tpo $(DEPDIR)/arch_syscall_check-api.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api.c' object='arch_syscall_check-api.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-api.obj `if test -f 'api.c'; then $(CYGPATH_W) 'api.c'; else $(CYGPATH_W) '$(srcdir)/api.c'; fi` + +arch_syscall_check-system.o: system.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-system.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-system.Tpo -c -o arch_syscall_check-system.o `test -f 'system.c' || echo '$(srcdir)/'`system.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-system.Tpo $(DEPDIR)/arch_syscall_check-system.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='system.c' object='arch_syscall_check-system.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-system.o `test -f 'system.c' || echo '$(srcdir)/'`system.c + +arch_syscall_check-system.obj: system.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-system.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-system.Tpo -c -o arch_syscall_check-system.obj `if test -f 'system.c'; then $(CYGPATH_W) 'system.c'; else $(CYGPATH_W) '$(srcdir)/system.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-system.Tpo $(DEPDIR)/arch_syscall_check-system.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='system.c' object='arch_syscall_check-system.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-system.obj `if test -f 'system.c'; then $(CYGPATH_W) 'system.c'; else $(CYGPATH_W) '$(srcdir)/system.c'; fi` + +arch_syscall_check-helper.o: helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-helper.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-helper.Tpo -c -o arch_syscall_check-helper.o `test -f 'helper.c' || echo '$(srcdir)/'`helper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-helper.Tpo $(DEPDIR)/arch_syscall_check-helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='helper.c' object='arch_syscall_check-helper.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-helper.o `test -f 'helper.c' || echo '$(srcdir)/'`helper.c + +arch_syscall_check-helper.obj: helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-helper.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-helper.Tpo -c -o arch_syscall_check-helper.obj `if test -f 'helper.c'; then $(CYGPATH_W) 'helper.c'; else $(CYGPATH_W) '$(srcdir)/helper.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-helper.Tpo $(DEPDIR)/arch_syscall_check-helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='helper.c' object='arch_syscall_check-helper.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-helper.obj `if test -f 'helper.c'; then $(CYGPATH_W) 'helper.c'; else $(CYGPATH_W) '$(srcdir)/helper.c'; fi` + +arch_syscall_check-gen_pfc.o: gen_pfc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-gen_pfc.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-gen_pfc.Tpo -c -o arch_syscall_check-gen_pfc.o `test -f 'gen_pfc.c' || echo '$(srcdir)/'`gen_pfc.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-gen_pfc.Tpo $(DEPDIR)/arch_syscall_check-gen_pfc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gen_pfc.c' object='arch_syscall_check-gen_pfc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-gen_pfc.o `test -f 'gen_pfc.c' || echo '$(srcdir)/'`gen_pfc.c + +arch_syscall_check-gen_pfc.obj: gen_pfc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-gen_pfc.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-gen_pfc.Tpo -c -o arch_syscall_check-gen_pfc.obj `if test -f 'gen_pfc.c'; then $(CYGPATH_W) 'gen_pfc.c'; else $(CYGPATH_W) '$(srcdir)/gen_pfc.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-gen_pfc.Tpo $(DEPDIR)/arch_syscall_check-gen_pfc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gen_pfc.c' object='arch_syscall_check-gen_pfc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-gen_pfc.obj `if test -f 'gen_pfc.c'; then $(CYGPATH_W) 'gen_pfc.c'; else $(CYGPATH_W) '$(srcdir)/gen_pfc.c'; fi` + +arch_syscall_check-gen_bpf.o: gen_bpf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-gen_bpf.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-gen_bpf.Tpo -c -o arch_syscall_check-gen_bpf.o `test -f 'gen_bpf.c' || echo '$(srcdir)/'`gen_bpf.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-gen_bpf.Tpo $(DEPDIR)/arch_syscall_check-gen_bpf.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gen_bpf.c' object='arch_syscall_check-gen_bpf.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-gen_bpf.o `test -f 'gen_bpf.c' || echo '$(srcdir)/'`gen_bpf.c + +arch_syscall_check-gen_bpf.obj: gen_bpf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-gen_bpf.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-gen_bpf.Tpo -c -o arch_syscall_check-gen_bpf.obj `if test -f 'gen_bpf.c'; then $(CYGPATH_W) 'gen_bpf.c'; else $(CYGPATH_W) '$(srcdir)/gen_bpf.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-gen_bpf.Tpo $(DEPDIR)/arch_syscall_check-gen_bpf.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gen_bpf.c' object='arch_syscall_check-gen_bpf.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-gen_bpf.obj `if test -f 'gen_bpf.c'; then $(CYGPATH_W) 'gen_bpf.c'; else $(CYGPATH_W) '$(srcdir)/gen_bpf.c'; fi` + +arch_syscall_check-hash.o: hash.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-hash.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-hash.Tpo -c -o arch_syscall_check-hash.o `test -f 'hash.c' || echo '$(srcdir)/'`hash.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-hash.Tpo $(DEPDIR)/arch_syscall_check-hash.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hash.c' object='arch_syscall_check-hash.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-hash.o `test -f 'hash.c' || echo '$(srcdir)/'`hash.c + +arch_syscall_check-hash.obj: hash.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-hash.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-hash.Tpo -c -o arch_syscall_check-hash.obj `if test -f 'hash.c'; then $(CYGPATH_W) 'hash.c'; else $(CYGPATH_W) '$(srcdir)/hash.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-hash.Tpo $(DEPDIR)/arch_syscall_check-hash.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hash.c' object='arch_syscall_check-hash.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-hash.obj `if test -f 'hash.c'; then $(CYGPATH_W) 'hash.c'; else $(CYGPATH_W) '$(srcdir)/hash.c'; fi` + +arch_syscall_check-db.o: db.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-db.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-db.Tpo -c -o arch_syscall_check-db.o `test -f 'db.c' || echo '$(srcdir)/'`db.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-db.Tpo $(DEPDIR)/arch_syscall_check-db.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='db.c' object='arch_syscall_check-db.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-db.o `test -f 'db.c' || echo '$(srcdir)/'`db.c + +arch_syscall_check-db.obj: db.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-db.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-db.Tpo -c -o arch_syscall_check-db.obj `if test -f 'db.c'; then $(CYGPATH_W) 'db.c'; else $(CYGPATH_W) '$(srcdir)/db.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-db.Tpo $(DEPDIR)/arch_syscall_check-db.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='db.c' object='arch_syscall_check-db.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-db.obj `if test -f 'db.c'; then $(CYGPATH_W) 'db.c'; else $(CYGPATH_W) '$(srcdir)/db.c'; fi` + +arch_syscall_check-arch.o: arch.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch.Tpo -c -o arch_syscall_check-arch.o `test -f 'arch.c' || echo '$(srcdir)/'`arch.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch.Tpo $(DEPDIR)/arch_syscall_check-arch.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch.c' object='arch_syscall_check-arch.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch.o `test -f 'arch.c' || echo '$(srcdir)/'`arch.c + +arch_syscall_check-arch.obj: arch.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch.Tpo -c -o arch_syscall_check-arch.obj `if test -f 'arch.c'; then $(CYGPATH_W) 'arch.c'; else $(CYGPATH_W) '$(srcdir)/arch.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch.Tpo $(DEPDIR)/arch_syscall_check-arch.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch.c' object='arch_syscall_check-arch.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch.obj `if test -f 'arch.c'; then $(CYGPATH_W) 'arch.c'; else $(CYGPATH_W) '$(srcdir)/arch.c'; fi` + +arch_syscall_check-arch-x86.o: arch-x86.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86.Tpo -c -o arch_syscall_check-arch-x86.o `test -f 'arch-x86.c' || echo '$(srcdir)/'`arch-x86.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86.Tpo $(DEPDIR)/arch_syscall_check-arch-x86.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86.c' object='arch_syscall_check-arch-x86.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86.o `test -f 'arch-x86.c' || echo '$(srcdir)/'`arch-x86.c + +arch_syscall_check-arch-x86.obj: arch-x86.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86.Tpo -c -o arch_syscall_check-arch-x86.obj `if test -f 'arch-x86.c'; then $(CYGPATH_W) 'arch-x86.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86.Tpo $(DEPDIR)/arch_syscall_check-arch-x86.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86.c' object='arch_syscall_check-arch-x86.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86.obj `if test -f 'arch-x86.c'; then $(CYGPATH_W) 'arch-x86.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86.c'; fi` + +arch_syscall_check-arch-x86-syscalls.o: arch-x86-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Tpo -c -o arch_syscall_check-arch-x86-syscalls.o `test -f 'arch-x86-syscalls.c' || echo '$(srcdir)/'`arch-x86-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86-syscalls.c' object='arch_syscall_check-arch-x86-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86-syscalls.o `test -f 'arch-x86-syscalls.c' || echo '$(srcdir)/'`arch-x86-syscalls.c + +arch_syscall_check-arch-x86-syscalls.obj: arch-x86-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Tpo -c -o arch_syscall_check-arch-x86-syscalls.obj `if test -f 'arch-x86-syscalls.c'; then $(CYGPATH_W) 'arch-x86-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86-syscalls.c' object='arch_syscall_check-arch-x86-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86-syscalls.obj `if test -f 'arch-x86-syscalls.c'; then $(CYGPATH_W) 'arch-x86-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86-syscalls.c'; fi` + +arch_syscall_check-arch-x86_64.o: arch-x86_64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86_64.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86_64.Tpo -c -o arch_syscall_check-arch-x86_64.o `test -f 'arch-x86_64.c' || echo '$(srcdir)/'`arch-x86_64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86_64.Tpo $(DEPDIR)/arch_syscall_check-arch-x86_64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86_64.c' object='arch_syscall_check-arch-x86_64.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86_64.o `test -f 'arch-x86_64.c' || echo '$(srcdir)/'`arch-x86_64.c + +arch_syscall_check-arch-x86_64.obj: arch-x86_64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86_64.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86_64.Tpo -c -o arch_syscall_check-arch-x86_64.obj `if test -f 'arch-x86_64.c'; then $(CYGPATH_W) 'arch-x86_64.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86_64.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86_64.Tpo $(DEPDIR)/arch_syscall_check-arch-x86_64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86_64.c' object='arch_syscall_check-arch-x86_64.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86_64.obj `if test -f 'arch-x86_64.c'; then $(CYGPATH_W) 'arch-x86_64.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86_64.c'; fi` + +arch_syscall_check-arch-x86_64-syscalls.o: arch-x86_64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86_64-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Tpo -c -o arch_syscall_check-arch-x86_64-syscalls.o `test -f 'arch-x86_64-syscalls.c' || echo '$(srcdir)/'`arch-x86_64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86_64-syscalls.c' object='arch_syscall_check-arch-x86_64-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86_64-syscalls.o `test -f 'arch-x86_64-syscalls.c' || echo '$(srcdir)/'`arch-x86_64-syscalls.c + +arch_syscall_check-arch-x86_64-syscalls.obj: arch-x86_64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x86_64-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Tpo -c -o arch_syscall_check-arch-x86_64-syscalls.obj `if test -f 'arch-x86_64-syscalls.c'; then $(CYGPATH_W) 'arch-x86_64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86_64-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x86_64-syscalls.c' object='arch_syscall_check-arch-x86_64-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x86_64-syscalls.obj `if test -f 'arch-x86_64-syscalls.c'; then $(CYGPATH_W) 'arch-x86_64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-x86_64-syscalls.c'; fi` + +arch_syscall_check-arch-x32.o: arch-x32.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x32.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x32.Tpo -c -o arch_syscall_check-arch-x32.o `test -f 'arch-x32.c' || echo '$(srcdir)/'`arch-x32.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x32.Tpo $(DEPDIR)/arch_syscall_check-arch-x32.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x32.c' object='arch_syscall_check-arch-x32.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x32.o `test -f 'arch-x32.c' || echo '$(srcdir)/'`arch-x32.c + +arch_syscall_check-arch-x32.obj: arch-x32.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x32.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x32.Tpo -c -o arch_syscall_check-arch-x32.obj `if test -f 'arch-x32.c'; then $(CYGPATH_W) 'arch-x32.c'; else $(CYGPATH_W) '$(srcdir)/arch-x32.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x32.Tpo $(DEPDIR)/arch_syscall_check-arch-x32.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x32.c' object='arch_syscall_check-arch-x32.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x32.obj `if test -f 'arch-x32.c'; then $(CYGPATH_W) 'arch-x32.c'; else $(CYGPATH_W) '$(srcdir)/arch-x32.c'; fi` + +arch_syscall_check-arch-x32-syscalls.o: arch-x32-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x32-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Tpo -c -o arch_syscall_check-arch-x32-syscalls.o `test -f 'arch-x32-syscalls.c' || echo '$(srcdir)/'`arch-x32-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x32-syscalls.c' object='arch_syscall_check-arch-x32-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x32-syscalls.o `test -f 'arch-x32-syscalls.c' || echo '$(srcdir)/'`arch-x32-syscalls.c + +arch_syscall_check-arch-x32-syscalls.obj: arch-x32-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-x32-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Tpo -c -o arch_syscall_check-arch-x32-syscalls.obj `if test -f 'arch-x32-syscalls.c'; then $(CYGPATH_W) 'arch-x32-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-x32-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-x32-syscalls.c' object='arch_syscall_check-arch-x32-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-x32-syscalls.obj `if test -f 'arch-x32-syscalls.c'; then $(CYGPATH_W) 'arch-x32-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-x32-syscalls.c'; fi` + +arch_syscall_check-arch-arm.o: arch-arm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-arm.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-arm.Tpo -c -o arch_syscall_check-arch-arm.o `test -f 'arch-arm.c' || echo '$(srcdir)/'`arch-arm.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-arm.Tpo $(DEPDIR)/arch_syscall_check-arch-arm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-arm.c' object='arch_syscall_check-arch-arm.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-arm.o `test -f 'arch-arm.c' || echo '$(srcdir)/'`arch-arm.c + +arch_syscall_check-arch-arm.obj: arch-arm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-arm.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-arm.Tpo -c -o arch_syscall_check-arch-arm.obj `if test -f 'arch-arm.c'; then $(CYGPATH_W) 'arch-arm.c'; else $(CYGPATH_W) '$(srcdir)/arch-arm.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-arm.Tpo $(DEPDIR)/arch_syscall_check-arch-arm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-arm.c' object='arch_syscall_check-arch-arm.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-arm.obj `if test -f 'arch-arm.c'; then $(CYGPATH_W) 'arch-arm.c'; else $(CYGPATH_W) '$(srcdir)/arch-arm.c'; fi` + +arch_syscall_check-arch-arm-syscalls.o: arch-arm-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-arm-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Tpo -c -o arch_syscall_check-arch-arm-syscalls.o `test -f 'arch-arm-syscalls.c' || echo '$(srcdir)/'`arch-arm-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-arm-syscalls.c' object='arch_syscall_check-arch-arm-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-arm-syscalls.o `test -f 'arch-arm-syscalls.c' || echo '$(srcdir)/'`arch-arm-syscalls.c + +arch_syscall_check-arch-arm-syscalls.obj: arch-arm-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-arm-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Tpo -c -o arch_syscall_check-arch-arm-syscalls.obj `if test -f 'arch-arm-syscalls.c'; then $(CYGPATH_W) 'arch-arm-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-arm-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-arm-syscalls.c' object='arch_syscall_check-arch-arm-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-arm-syscalls.obj `if test -f 'arch-arm-syscalls.c'; then $(CYGPATH_W) 'arch-arm-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-arm-syscalls.c'; fi` + +arch_syscall_check-arch-aarch64.o: arch-aarch64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-aarch64.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-aarch64.Tpo -c -o arch_syscall_check-arch-aarch64.o `test -f 'arch-aarch64.c' || echo '$(srcdir)/'`arch-aarch64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-aarch64.Tpo $(DEPDIR)/arch_syscall_check-arch-aarch64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-aarch64.c' object='arch_syscall_check-arch-aarch64.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-aarch64.o `test -f 'arch-aarch64.c' || echo '$(srcdir)/'`arch-aarch64.c + +arch_syscall_check-arch-aarch64.obj: arch-aarch64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-aarch64.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-aarch64.Tpo -c -o arch_syscall_check-arch-aarch64.obj `if test -f 'arch-aarch64.c'; then $(CYGPATH_W) 'arch-aarch64.c'; else $(CYGPATH_W) '$(srcdir)/arch-aarch64.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-aarch64.Tpo $(DEPDIR)/arch_syscall_check-arch-aarch64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-aarch64.c' object='arch_syscall_check-arch-aarch64.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-aarch64.obj `if test -f 'arch-aarch64.c'; then $(CYGPATH_W) 'arch-aarch64.c'; else $(CYGPATH_W) '$(srcdir)/arch-aarch64.c'; fi` + +arch_syscall_check-arch-aarch64-syscalls.o: arch-aarch64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-aarch64-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Tpo -c -o arch_syscall_check-arch-aarch64-syscalls.o `test -f 'arch-aarch64-syscalls.c' || echo '$(srcdir)/'`arch-aarch64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-aarch64-syscalls.c' object='arch_syscall_check-arch-aarch64-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-aarch64-syscalls.o `test -f 'arch-aarch64-syscalls.c' || echo '$(srcdir)/'`arch-aarch64-syscalls.c + +arch_syscall_check-arch-aarch64-syscalls.obj: arch-aarch64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-aarch64-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Tpo -c -o arch_syscall_check-arch-aarch64-syscalls.obj `if test -f 'arch-aarch64-syscalls.c'; then $(CYGPATH_W) 'arch-aarch64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-aarch64-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-aarch64-syscalls.c' object='arch_syscall_check-arch-aarch64-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-aarch64-syscalls.obj `if test -f 'arch-aarch64-syscalls.c'; then $(CYGPATH_W) 'arch-aarch64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-aarch64-syscalls.c'; fi` + +arch_syscall_check-arch-mips.o: arch-mips.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips.Tpo -c -o arch_syscall_check-arch-mips.o `test -f 'arch-mips.c' || echo '$(srcdir)/'`arch-mips.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips.Tpo $(DEPDIR)/arch_syscall_check-arch-mips.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips.c' object='arch_syscall_check-arch-mips.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips.o `test -f 'arch-mips.c' || echo '$(srcdir)/'`arch-mips.c + +arch_syscall_check-arch-mips.obj: arch-mips.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips.Tpo -c -o arch_syscall_check-arch-mips.obj `if test -f 'arch-mips.c'; then $(CYGPATH_W) 'arch-mips.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips.Tpo $(DEPDIR)/arch_syscall_check-arch-mips.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips.c' object='arch_syscall_check-arch-mips.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips.obj `if test -f 'arch-mips.c'; then $(CYGPATH_W) 'arch-mips.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips.c'; fi` + +arch_syscall_check-arch-mips-syscalls.o: arch-mips-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Tpo -c -o arch_syscall_check-arch-mips-syscalls.o `test -f 'arch-mips-syscalls.c' || echo '$(srcdir)/'`arch-mips-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips-syscalls.c' object='arch_syscall_check-arch-mips-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips-syscalls.o `test -f 'arch-mips-syscalls.c' || echo '$(srcdir)/'`arch-mips-syscalls.c + +arch_syscall_check-arch-mips-syscalls.obj: arch-mips-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Tpo -c -o arch_syscall_check-arch-mips-syscalls.obj `if test -f 'arch-mips-syscalls.c'; then $(CYGPATH_W) 'arch-mips-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips-syscalls.c' object='arch_syscall_check-arch-mips-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips-syscalls.obj `if test -f 'arch-mips-syscalls.c'; then $(CYGPATH_W) 'arch-mips-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips-syscalls.c'; fi` + +arch_syscall_check-arch-mips64.o: arch-mips64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64.Tpo -c -o arch_syscall_check-arch-mips64.o `test -f 'arch-mips64.c' || echo '$(srcdir)/'`arch-mips64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64.c' object='arch_syscall_check-arch-mips64.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64.o `test -f 'arch-mips64.c' || echo '$(srcdir)/'`arch-mips64.c + +arch_syscall_check-arch-mips64.obj: arch-mips64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64.Tpo -c -o arch_syscall_check-arch-mips64.obj `if test -f 'arch-mips64.c'; then $(CYGPATH_W) 'arch-mips64.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64.c' object='arch_syscall_check-arch-mips64.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64.obj `if test -f 'arch-mips64.c'; then $(CYGPATH_W) 'arch-mips64.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64.c'; fi` + +arch_syscall_check-arch-mips64-syscalls.o: arch-mips64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Tpo -c -o arch_syscall_check-arch-mips64-syscalls.o `test -f 'arch-mips64-syscalls.c' || echo '$(srcdir)/'`arch-mips64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64-syscalls.c' object='arch_syscall_check-arch-mips64-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64-syscalls.o `test -f 'arch-mips64-syscalls.c' || echo '$(srcdir)/'`arch-mips64-syscalls.c + +arch_syscall_check-arch-mips64-syscalls.obj: arch-mips64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Tpo -c -o arch_syscall_check-arch-mips64-syscalls.obj `if test -f 'arch-mips64-syscalls.c'; then $(CYGPATH_W) 'arch-mips64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64-syscalls.c' object='arch_syscall_check-arch-mips64-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64-syscalls.obj `if test -f 'arch-mips64-syscalls.c'; then $(CYGPATH_W) 'arch-mips64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64-syscalls.c'; fi` + +arch_syscall_check-arch-mips64n32.o: arch-mips64n32.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64n32.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64n32.Tpo -c -o arch_syscall_check-arch-mips64n32.o `test -f 'arch-mips64n32.c' || echo '$(srcdir)/'`arch-mips64n32.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64n32.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64n32.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64n32.c' object='arch_syscall_check-arch-mips64n32.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64n32.o `test -f 'arch-mips64n32.c' || echo '$(srcdir)/'`arch-mips64n32.c + +arch_syscall_check-arch-mips64n32.obj: arch-mips64n32.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64n32.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64n32.Tpo -c -o arch_syscall_check-arch-mips64n32.obj `if test -f 'arch-mips64n32.c'; then $(CYGPATH_W) 'arch-mips64n32.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64n32.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64n32.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64n32.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64n32.c' object='arch_syscall_check-arch-mips64n32.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64n32.obj `if test -f 'arch-mips64n32.c'; then $(CYGPATH_W) 'arch-mips64n32.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64n32.c'; fi` + +arch_syscall_check-arch-mips64n32-syscalls.o: arch-mips64n32-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64n32-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Tpo -c -o arch_syscall_check-arch-mips64n32-syscalls.o `test -f 'arch-mips64n32-syscalls.c' || echo '$(srcdir)/'`arch-mips64n32-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64n32-syscalls.c' object='arch_syscall_check-arch-mips64n32-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64n32-syscalls.o `test -f 'arch-mips64n32-syscalls.c' || echo '$(srcdir)/'`arch-mips64n32-syscalls.c + +arch_syscall_check-arch-mips64n32-syscalls.obj: arch-mips64n32-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-mips64n32-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Tpo -c -o arch_syscall_check-arch-mips64n32-syscalls.obj `if test -f 'arch-mips64n32-syscalls.c'; then $(CYGPATH_W) 'arch-mips64n32-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64n32-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-mips64n32-syscalls.c' object='arch_syscall_check-arch-mips64n32-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-mips64n32-syscalls.obj `if test -f 'arch-mips64n32-syscalls.c'; then $(CYGPATH_W) 'arch-mips64n32-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-mips64n32-syscalls.c'; fi` + +arch_syscall_check-arch-parisc.o: arch-parisc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-parisc.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-parisc.Tpo -c -o arch_syscall_check-arch-parisc.o `test -f 'arch-parisc.c' || echo '$(srcdir)/'`arch-parisc.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-parisc.Tpo $(DEPDIR)/arch_syscall_check-arch-parisc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc.c' object='arch_syscall_check-arch-parisc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-parisc.o `test -f 'arch-parisc.c' || echo '$(srcdir)/'`arch-parisc.c + +arch_syscall_check-arch-parisc.obj: arch-parisc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-parisc.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-parisc.Tpo -c -o arch_syscall_check-arch-parisc.obj `if test -f 'arch-parisc.c'; then $(CYGPATH_W) 'arch-parisc.c'; else $(CYGPATH_W) '$(srcdir)/arch-parisc.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-parisc.Tpo $(DEPDIR)/arch_syscall_check-arch-parisc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc.c' object='arch_syscall_check-arch-parisc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-parisc.obj `if test -f 'arch-parisc.c'; then $(CYGPATH_W) 'arch-parisc.c'; else $(CYGPATH_W) '$(srcdir)/arch-parisc.c'; fi` + +arch_syscall_check-arch-parisc64.o: arch-parisc64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-parisc64.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-parisc64.Tpo -c -o arch_syscall_check-arch-parisc64.o `test -f 'arch-parisc64.c' || echo '$(srcdir)/'`arch-parisc64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-parisc64.Tpo $(DEPDIR)/arch_syscall_check-arch-parisc64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc64.c' object='arch_syscall_check-arch-parisc64.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-parisc64.o `test -f 'arch-parisc64.c' || echo '$(srcdir)/'`arch-parisc64.c + +arch_syscall_check-arch-parisc64.obj: arch-parisc64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-parisc64.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-parisc64.Tpo -c -o arch_syscall_check-arch-parisc64.obj `if test -f 'arch-parisc64.c'; then $(CYGPATH_W) 'arch-parisc64.c'; else $(CYGPATH_W) '$(srcdir)/arch-parisc64.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-parisc64.Tpo $(DEPDIR)/arch_syscall_check-arch-parisc64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc64.c' object='arch_syscall_check-arch-parisc64.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-parisc64.obj `if test -f 'arch-parisc64.c'; then $(CYGPATH_W) 'arch-parisc64.c'; else $(CYGPATH_W) '$(srcdir)/arch-parisc64.c'; fi` + +arch_syscall_check-arch-parisc-syscalls.o: arch-parisc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-parisc-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Tpo -c -o arch_syscall_check-arch-parisc-syscalls.o `test -f 'arch-parisc-syscalls.c' || echo '$(srcdir)/'`arch-parisc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc-syscalls.c' object='arch_syscall_check-arch-parisc-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-parisc-syscalls.o `test -f 'arch-parisc-syscalls.c' || echo '$(srcdir)/'`arch-parisc-syscalls.c + +arch_syscall_check-arch-parisc-syscalls.obj: arch-parisc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-parisc-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Tpo -c -o arch_syscall_check-arch-parisc-syscalls.obj `if test -f 'arch-parisc-syscalls.c'; then $(CYGPATH_W) 'arch-parisc-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-parisc-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-parisc-syscalls.c' object='arch_syscall_check-arch-parisc-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-parisc-syscalls.obj `if test -f 'arch-parisc-syscalls.c'; then $(CYGPATH_W) 'arch-parisc-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-parisc-syscalls.c'; fi` + +arch_syscall_check-arch-ppc.o: arch-ppc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc.Tpo -c -o arch_syscall_check-arch-ppc.o `test -f 'arch-ppc.c' || echo '$(srcdir)/'`arch-ppc.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc.c' object='arch_syscall_check-arch-ppc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc.o `test -f 'arch-ppc.c' || echo '$(srcdir)/'`arch-ppc.c + +arch_syscall_check-arch-ppc.obj: arch-ppc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc.Tpo -c -o arch_syscall_check-arch-ppc.obj `if test -f 'arch-ppc.c'; then $(CYGPATH_W) 'arch-ppc.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc.c' object='arch_syscall_check-arch-ppc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc.obj `if test -f 'arch-ppc.c'; then $(CYGPATH_W) 'arch-ppc.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc.c'; fi` + +arch_syscall_check-arch-ppc-syscalls.o: arch-ppc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Tpo -c -o arch_syscall_check-arch-ppc-syscalls.o `test -f 'arch-ppc-syscalls.c' || echo '$(srcdir)/'`arch-ppc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc-syscalls.c' object='arch_syscall_check-arch-ppc-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc-syscalls.o `test -f 'arch-ppc-syscalls.c' || echo '$(srcdir)/'`arch-ppc-syscalls.c + +arch_syscall_check-arch-ppc-syscalls.obj: arch-ppc-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Tpo -c -o arch_syscall_check-arch-ppc-syscalls.obj `if test -f 'arch-ppc-syscalls.c'; then $(CYGPATH_W) 'arch-ppc-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc-syscalls.c' object='arch_syscall_check-arch-ppc-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc-syscalls.obj `if test -f 'arch-ppc-syscalls.c'; then $(CYGPATH_W) 'arch-ppc-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc-syscalls.c'; fi` + +arch_syscall_check-arch-ppc64.o: arch-ppc64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc64.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc64.Tpo -c -o arch_syscall_check-arch-ppc64.o `test -f 'arch-ppc64.c' || echo '$(srcdir)/'`arch-ppc64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc64.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc64.c' object='arch_syscall_check-arch-ppc64.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc64.o `test -f 'arch-ppc64.c' || echo '$(srcdir)/'`arch-ppc64.c + +arch_syscall_check-arch-ppc64.obj: arch-ppc64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc64.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc64.Tpo -c -o arch_syscall_check-arch-ppc64.obj `if test -f 'arch-ppc64.c'; then $(CYGPATH_W) 'arch-ppc64.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc64.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc64.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc64.c' object='arch_syscall_check-arch-ppc64.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc64.obj `if test -f 'arch-ppc64.c'; then $(CYGPATH_W) 'arch-ppc64.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc64.c'; fi` + +arch_syscall_check-arch-ppc64-syscalls.o: arch-ppc64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc64-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Tpo -c -o arch_syscall_check-arch-ppc64-syscalls.o `test -f 'arch-ppc64-syscalls.c' || echo '$(srcdir)/'`arch-ppc64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc64-syscalls.c' object='arch_syscall_check-arch-ppc64-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc64-syscalls.o `test -f 'arch-ppc64-syscalls.c' || echo '$(srcdir)/'`arch-ppc64-syscalls.c + +arch_syscall_check-arch-ppc64-syscalls.obj: arch-ppc64-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-ppc64-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Tpo -c -o arch_syscall_check-arch-ppc64-syscalls.obj `if test -f 'arch-ppc64-syscalls.c'; then $(CYGPATH_W) 'arch-ppc64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc64-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-ppc64-syscalls.c' object='arch_syscall_check-arch-ppc64-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-ppc64-syscalls.obj `if test -f 'arch-ppc64-syscalls.c'; then $(CYGPATH_W) 'arch-ppc64-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-ppc64-syscalls.c'; fi` + +arch_syscall_check-arch-s390.o: arch-s390.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390.Tpo -c -o arch_syscall_check-arch-s390.o `test -f 'arch-s390.c' || echo '$(srcdir)/'`arch-s390.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390.Tpo $(DEPDIR)/arch_syscall_check-arch-s390.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390.c' object='arch_syscall_check-arch-s390.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390.o `test -f 'arch-s390.c' || echo '$(srcdir)/'`arch-s390.c + +arch_syscall_check-arch-s390.obj: arch-s390.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390.Tpo -c -o arch_syscall_check-arch-s390.obj `if test -f 'arch-s390.c'; then $(CYGPATH_W) 'arch-s390.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390.Tpo $(DEPDIR)/arch_syscall_check-arch-s390.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390.c' object='arch_syscall_check-arch-s390.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390.obj `if test -f 'arch-s390.c'; then $(CYGPATH_W) 'arch-s390.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390.c'; fi` + +arch_syscall_check-arch-s390-syscalls.o: arch-s390-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Tpo -c -o arch_syscall_check-arch-s390-syscalls.o `test -f 'arch-s390-syscalls.c' || echo '$(srcdir)/'`arch-s390-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390-syscalls.c' object='arch_syscall_check-arch-s390-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390-syscalls.o `test -f 'arch-s390-syscalls.c' || echo '$(srcdir)/'`arch-s390-syscalls.c + +arch_syscall_check-arch-s390-syscalls.obj: arch-s390-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Tpo -c -o arch_syscall_check-arch-s390-syscalls.obj `if test -f 'arch-s390-syscalls.c'; then $(CYGPATH_W) 'arch-s390-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390-syscalls.c' object='arch_syscall_check-arch-s390-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390-syscalls.obj `if test -f 'arch-s390-syscalls.c'; then $(CYGPATH_W) 'arch-s390-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390-syscalls.c'; fi` + +arch_syscall_check-arch-s390x.o: arch-s390x.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390x.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390x.Tpo -c -o arch_syscall_check-arch-s390x.o `test -f 'arch-s390x.c' || echo '$(srcdir)/'`arch-s390x.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390x.Tpo $(DEPDIR)/arch_syscall_check-arch-s390x.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390x.c' object='arch_syscall_check-arch-s390x.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390x.o `test -f 'arch-s390x.c' || echo '$(srcdir)/'`arch-s390x.c + +arch_syscall_check-arch-s390x.obj: arch-s390x.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390x.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390x.Tpo -c -o arch_syscall_check-arch-s390x.obj `if test -f 'arch-s390x.c'; then $(CYGPATH_W) 'arch-s390x.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390x.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390x.Tpo $(DEPDIR)/arch_syscall_check-arch-s390x.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390x.c' object='arch_syscall_check-arch-s390x.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390x.obj `if test -f 'arch-s390x.c'; then $(CYGPATH_W) 'arch-s390x.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390x.c'; fi` + +arch_syscall_check-arch-s390x-syscalls.o: arch-s390x-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390x-syscalls.o -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Tpo -c -o arch_syscall_check-arch-s390x-syscalls.o `test -f 'arch-s390x-syscalls.c' || echo '$(srcdir)/'`arch-s390x-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390x-syscalls.c' object='arch_syscall_check-arch-s390x-syscalls.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390x-syscalls.o `test -f 'arch-s390x-syscalls.c' || echo '$(srcdir)/'`arch-s390x-syscalls.c + +arch_syscall_check-arch-s390x-syscalls.obj: arch-s390x-syscalls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -MT arch_syscall_check-arch-s390x-syscalls.obj -MD -MP -MF $(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Tpo -c -o arch_syscall_check-arch-s390x-syscalls.obj `if test -f 'arch-s390x-syscalls.c'; then $(CYGPATH_W) 'arch-s390x-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390x-syscalls.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Tpo $(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='arch-s390x-syscalls.c' object='arch_syscall_check-arch-s390x-syscalls.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(arch_syscall_check_CFLAGS) $(CFLAGS) -c -o arch_syscall_check-arch-s390x-syscalls.obj `if test -f 'arch-s390x-syscalls.c'; then $(CYGPATH_W) 'arch-s390x-syscalls.c'; else $(CYGPATH_W) '$(srcdir)/arch-s390x-syscalls.c'; fi` + mostlyclean-libtool: -rm -f *.lo @@ -1077,7 +1828,10 @@ test "$$failed" -eq 0; \ else :; fi -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1178,7 +1932,113 @@ clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/api.Po + -rm -f ./$(DEPDIR)/arch-aarch64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-aarch64.Po + -rm -f ./$(DEPDIR)/arch-arm-syscalls.Po + -rm -f ./$(DEPDIR)/arch-arm.Po + -rm -f ./$(DEPDIR)/arch-mips-syscalls.Po + -rm -f ./$(DEPDIR)/arch-mips.Po + -rm -f ./$(DEPDIR)/arch-mips64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-mips64.Po + -rm -f ./$(DEPDIR)/arch-mips64n32-syscalls.Po + -rm -f ./$(DEPDIR)/arch-mips64n32.Po + -rm -f ./$(DEPDIR)/arch-parisc-syscalls.Po + -rm -f ./$(DEPDIR)/arch-parisc.Po + -rm -f ./$(DEPDIR)/arch-parisc64.Po + -rm -f ./$(DEPDIR)/arch-ppc-syscalls.Po + -rm -f ./$(DEPDIR)/arch-ppc.Po + -rm -f ./$(DEPDIR)/arch-ppc64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-ppc64.Po + -rm -f ./$(DEPDIR)/arch-s390-syscalls.Po + -rm -f ./$(DEPDIR)/arch-s390.Po + -rm -f ./$(DEPDIR)/arch-s390x-syscalls.Po + -rm -f ./$(DEPDIR)/arch-s390x.Po + -rm -f ./$(DEPDIR)/arch-syscall-dump.Po + -rm -f ./$(DEPDIR)/arch-x32-syscalls.Po + -rm -f ./$(DEPDIR)/arch-x32.Po + -rm -f ./$(DEPDIR)/arch-x86-syscalls.Po + -rm -f ./$(DEPDIR)/arch-x86.Po + -rm -f ./$(DEPDIR)/arch-x86_64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-x86_64.Po + -rm -f ./$(DEPDIR)/arch.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-api.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-aarch64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-arm.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64n32.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-parisc.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-parisc64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390x.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-syscall-check.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x32.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86_64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-db.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-gen_bpf.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-gen_pfc.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-hash.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-helper.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-system.Po + -rm -f ./$(DEPDIR)/db.Po + -rm -f ./$(DEPDIR)/gen_bpf.Po + -rm -f ./$(DEPDIR)/gen_pfc.Po + -rm -f ./$(DEPDIR)/hash.Po + -rm -f ./$(DEPDIR)/helper.Po + -rm -f ./$(DEPDIR)/libseccomp_la-api.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-aarch64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-aarch64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-arm-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-arm.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64n32-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64n32.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-parisc.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-parisc64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390x.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x32-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x32.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86_64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86_64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-db.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-gen_bpf.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-gen_pfc.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-hash.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-helper.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-system.Plo + -rm -f ./$(DEPDIR)/system.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1224,7 +2084,113 @@ installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/api.Po + -rm -f ./$(DEPDIR)/arch-aarch64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-aarch64.Po + -rm -f ./$(DEPDIR)/arch-arm-syscalls.Po + -rm -f ./$(DEPDIR)/arch-arm.Po + -rm -f ./$(DEPDIR)/arch-mips-syscalls.Po + -rm -f ./$(DEPDIR)/arch-mips.Po + -rm -f ./$(DEPDIR)/arch-mips64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-mips64.Po + -rm -f ./$(DEPDIR)/arch-mips64n32-syscalls.Po + -rm -f ./$(DEPDIR)/arch-mips64n32.Po + -rm -f ./$(DEPDIR)/arch-parisc-syscalls.Po + -rm -f ./$(DEPDIR)/arch-parisc.Po + -rm -f ./$(DEPDIR)/arch-parisc64.Po + -rm -f ./$(DEPDIR)/arch-ppc-syscalls.Po + -rm -f ./$(DEPDIR)/arch-ppc.Po + -rm -f ./$(DEPDIR)/arch-ppc64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-ppc64.Po + -rm -f ./$(DEPDIR)/arch-s390-syscalls.Po + -rm -f ./$(DEPDIR)/arch-s390.Po + -rm -f ./$(DEPDIR)/arch-s390x-syscalls.Po + -rm -f ./$(DEPDIR)/arch-s390x.Po + -rm -f ./$(DEPDIR)/arch-syscall-dump.Po + -rm -f ./$(DEPDIR)/arch-x32-syscalls.Po + -rm -f ./$(DEPDIR)/arch-x32.Po + -rm -f ./$(DEPDIR)/arch-x86-syscalls.Po + -rm -f ./$(DEPDIR)/arch-x86.Po + -rm -f ./$(DEPDIR)/arch-x86_64-syscalls.Po + -rm -f ./$(DEPDIR)/arch-x86_64.Po + -rm -f ./$(DEPDIR)/arch.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-api.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-aarch64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-aarch64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-arm-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-arm.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64n32-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-mips64n32.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-parisc-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-parisc.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-parisc64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-ppc64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390x-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-s390x.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-syscall-check.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x32-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x32.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86_64-syscalls.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch-x86_64.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-arch.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-db.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-gen_bpf.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-gen_pfc.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-hash.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-helper.Po + -rm -f ./$(DEPDIR)/arch_syscall_check-system.Po + -rm -f ./$(DEPDIR)/db.Po + -rm -f ./$(DEPDIR)/gen_bpf.Po + -rm -f ./$(DEPDIR)/gen_pfc.Po + -rm -f ./$(DEPDIR)/hash.Po + -rm -f ./$(DEPDIR)/helper.Po + -rm -f ./$(DEPDIR)/libseccomp_la-api.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-aarch64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-aarch64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-arm-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-arm.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64n32-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-mips64n32.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-parisc-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-parisc.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-parisc64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-ppc64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390x-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-s390x.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x32-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x32.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86_64-syscalls.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch-x86_64.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-arch.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-db.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-gen_bpf.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-gen_pfc.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-hash.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-helper.Plo + -rm -f ./$(DEPDIR)/libseccomp_la-system.Plo + -rm -f ./$(DEPDIR)/system.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1245,22 +2211,26 @@ .MAKE: $(am__recursive_targets) check-am install-am install-strip -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-TESTS check-am clean clean-checkPROGRAMS clean-generic \ - clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-libLTLIBRARIES +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--depfiles check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ + clean-libtool cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile + +@CODE_COVERAGE_RULES@ check-build: ${MAKE} ${AM_MAKEFLAGS} ${check_PROGRAMS} diff -Nru libseccomp-2.3.1/src/python/libseccomp.pxd libseccomp-2.4.1/src/python/libseccomp.pxd --- libseccomp-2.3.1/src/python/libseccomp.pxd 2016-02-22 22:40:55.777446999 +0000 +++ libseccomp-2.4.1/src/python/libseccomp.pxd 2018-12-03 23:53:10.190642432 +0000 @@ -43,6 +43,8 @@ SCMP_ARCH_MIPSEL SCMP_ARCH_MIPSEL64 SCMP_ARCH_MIPSEL64N32 + SCMP_ARCH_PARISC + SCMP_ARCH_PARISC64 SCMP_ARCH_PPC SCMP_ARCH_PPC64 SCMP_ARCH_PPC64LE @@ -54,6 +56,8 @@ SCMP_FLTATR_ACT_BADARCH SCMP_FLTATR_CTL_NNP SCMP_FLTATR_CTL_TSYNC + SCMP_FLTATR_API_TSKIP + SCMP_FLTATR_CTL_LOG cdef enum scmp_compare: SCMP_CMP_NE @@ -65,8 +69,10 @@ SCMP_CMP_MASKED_EQ cdef enum: + SCMP_ACT_KILL_PROCESS SCMP_ACT_KILL SCMP_ACT_TRAP + SCMP_ACT_LOG SCMP_ACT_ALLOW unsigned int SCMP_ACT_ERRNO(int errno) unsigned int SCMP_ACT_TRACE(int value) @@ -81,6 +87,9 @@ scmp_version *seccomp_version() + unsigned int seccomp_api_get() + int seccomp_api_set(unsigned int level) + scmp_filter_ctx seccomp_init(uint32_t def_action) int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action) void seccomp_release(scmp_filter_ctx ctx) diff -Nru libseccomp-2.3.1/src/python/Makefile.am libseccomp-2.4.1/src/python/Makefile.am --- libseccomp-2.3.1/src/python/Makefile.am 2016-02-26 19:48:23.837463269 +0000 +++ libseccomp-2.4.1/src/python/Makefile.am 2018-12-03 23:53:10.190642432 +0000 @@ -16,14 +16,12 @@ # along with this library; if not, see . # -PYTHON = /usr/bin/env python - PY_DISTUTILS = \ VERSION_RELEASE="@PACKAGE_VERSION@" \ CPPFLAGS="-I\${top_srcdir}/include ${AM_CPPFLAGS} ${CPPFLAGS}" \ CFLAGS="${AM_CFLAGS} ${CFLAGS}" \ LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}" \ - ${PYTHON} ./setup.py + ${PYTHON} ${srcdir}/setup.py # support silent builds PY_BUILD_0 = @echo " PYTHON " $@; ${PY_DISTUTILS} -q build @@ -38,10 +36,17 @@ all-local: build build: ../libseccomp.la libseccomp.pxd seccomp.pyx setup.py + [ ${srcdir} == ${builddir} ] || cp ${srcdir}/seccomp.pyx ${builddir} ${PY_BUILD} && touch build install-exec-local: build - ${PY_INSTALL} --prefix=${DESTDIR}/${prefix} + ${PY_INSTALL} --install-lib=${DESTDIR}/${pkgpythondir} \ + --record=${DESTDIR}/${pkgpythondir}/install_files.txt + +uninstall-local: + cat ${DESTDIR}/${pkgpythondir}/install_files.txt | xargs ${RM} -f + ${RM} -f ${DESTDIR}/${pkgpythondir}/install_files.txt clean-local: + [ ${srcdir} == ${builddir} ] || ${RM} -f ${builddir}/seccomp.pyx ${RM} -rf seccomp.c build diff -Nru libseccomp-2.3.1/src/python/Makefile.in libseccomp-2.4.1/src/python/Makefile.in --- libseccomp-2.3.1/src/python/Makefile.in 2016-04-20 20:11:08.939211381 +0000 +++ libseccomp-2.4.1/src/python/Makefile.in 2019-04-17 21:02:40.649605755 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,7 +32,17 @@ # along with this library; if not, see . # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -96,14 +106,14 @@ build_triplet = @build@ host_triplet = @host@ subdir = src/python -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/configure.h CONFIG_CLEAN_FILES = @@ -128,6 +138,7 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -143,6 +154,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -157,12 +174,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -189,6 +209,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -241,9 +266,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -252,13 +281,12 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -PYTHON = /usr/bin/env python PY_DISTUTILS = \ VERSION_RELEASE="@PACKAGE_VERSION@" \ CPPFLAGS="-I\${top_srcdir}/include ${AM_CPPFLAGS} ${CPPFLAGS}" \ CFLAGS="${AM_CFLAGS} ${CFLAGS}" \ LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}" \ - ${PYTHON} ./setup.py + ${PYTHON} ${srcdir}/setup.py # support silent builds @@ -283,14 +311,13 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/python/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/python/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -314,7 +341,10 @@ cscope cscopelist: -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -442,7 +472,7 @@ ps-am: -uninstall-am: +uninstall-am: uninstall-local .MAKE: install-am install-strip @@ -457,18 +487,27 @@ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags-am uninstall uninstall-am + tags-am uninstall uninstall-am uninstall-local + +.PRECIOUS: Makefile all-local: build build: ../libseccomp.la libseccomp.pxd seccomp.pyx setup.py + [ ${srcdir} == ${builddir} ] || cp ${srcdir}/seccomp.pyx ${builddir} ${PY_BUILD} && touch build install-exec-local: build - ${PY_INSTALL} --prefix=${DESTDIR}/${prefix} + ${PY_INSTALL} --install-lib=${DESTDIR}/${pkgpythondir} \ + --record=${DESTDIR}/${pkgpythondir}/install_files.txt + +uninstall-local: + cat ${DESTDIR}/${pkgpythondir}/install_files.txt | xargs ${RM} -f + ${RM} -f ${DESTDIR}/${pkgpythondir}/install_files.txt clean-local: + [ ${srcdir} == ${builddir} ] || ${RM} -f ${builddir}/seccomp.pyx ${RM} -rf seccomp.c build # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru libseccomp-2.3.1/src/python/seccomp.pyx libseccomp-2.4.1/src/python/seccomp.pyx --- libseccomp-2.3.1/src/python/seccomp.pyx 2016-02-22 22:40:55.777446999 +0000 +++ libseccomp-2.4.1/src/python/seccomp.pyx 2018-12-03 23:53:10.190642432 +0000 @@ -1,7 +1,7 @@ # # Seccomp Library Python Bindings # -# Copyright (c) 2012,2013 Red Hat +# Copyright (c) 2012,2013,2017 Red Hat # Author: Paul Moore # @@ -29,7 +29,9 @@ by application developers. Filter action values: - KILL - kill the process + KILL_PROCESS - kill the process + KILL - kill the thread + LOG - allow the syscall to be executed after the action has been logged ALLOW - allow the syscall to execute TRAP - a SIGSYS signal will be thrown ERRNO(x) - syscall will return (x) @@ -45,7 +47,7 @@ EQ - arg == datum_a GT - arg > datum_a GE - arg >= datum_a - MASKED_EQ - (arg & datum_b) == datum_a + MASKED_EQ - (arg & datum_a) == datum_b Example: @@ -68,15 +70,35 @@ f.load() """ __author__ = 'Paul Moore ' -__date__ = "7 January 2013" +__date__ = "3 February 2017" +from cpython.version cimport PY_MAJOR_VERSION from libc.stdint cimport uint32_t import errno cimport libseccomp +def c_str(string): + """ Convert a Python string to a C string. + + Arguments: + string - the Python string + + Description: + Convert the Python string into a form usable by C taking into consideration + the Python major version, e.g. Python 2.x or Python 3.x. + See http://docs.cython.org/en/latest/src/tutorial/strings.html for more + information. + """ + if PY_MAJOR_VERSION < 3: + return string + else: + return bytes(string, "ascii") + +KILL_PROCESS = libseccomp.SCMP_ACT_KILL_PROCESS KILL = libseccomp.SCMP_ACT_KILL TRAP = libseccomp.SCMP_ACT_TRAP +LOG = libseccomp.SCMP_ACT_LOG ALLOW = libseccomp.SCMP_ACT_ALLOW def ERRNO(int errno): """The action ERRNO(x) means that the syscall will return (x). @@ -121,7 +143,8 @@ cdef char *ret_str if isinstance(syscall, basestring): - return libseccomp.seccomp_syscall_resolve_name_rewrite(arch, syscall) + return libseccomp.seccomp_syscall_resolve_name_rewrite(arch, + c_str(syscall)) elif isinstance(syscall, int): ret_str = libseccomp.seccomp_syscall_resolve_num_arch(arch, syscall) if ret_str is NULL: @@ -131,6 +154,35 @@ else: raise TypeError("Syscall must either be an int or str type") +def get_api(): + """ Query the level of API support + + Description: + Returns the API level value indicating the current supported + functionality. + """ + level = libseccomp.seccomp_api_get() + if level < 0: + raise RuntimeError(str.format("Library error (errno = {0})", level)) + + return level + +def set_api(unsigned int level): + """ Set the level of API support + + Arguments: + level - the API level + + Description: + This function forcibly sets the API level at runtime. General use + of this function is strongly discouraged. + """ + rc = libseccomp.seccomp_api_set(level) + if rc == -errno.EINVAL: + raise ValueError("Invalid level") + elif rc != 0: + raise RuntimeError(str.format("Library error (errno = {0})", rc)) + cdef class Arch: """ Python object representing the SyscallFilter architecture values. @@ -147,6 +199,8 @@ MIPSEL - MIPS little endian O32 ABI MIPSEL64 - MIPS little endian 64-bit ABI MIPSEL64N32 - MIPS little endian N32 ABI + PARISC - 32-bit PA-RISC + PARISC64 - 64-bit PA-RISC PPC64 - 64-bit PowerPC PPC - 32-bit PowerPC """ @@ -165,6 +219,8 @@ MIPSEL = libseccomp.SCMP_ARCH_MIPSEL MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64 MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32 + PARISC = libseccomp.SCMP_ARCH_PARISC + PARISC64 = libseccomp.SCMP_ARCH_PARISC64 PPC = libseccomp.SCMP_ARCH_PPC PPC64 = libseccomp.SCMP_ARCH_PPC64 PPC64LE = libseccomp.SCMP_ARCH_PPC64LE @@ -205,6 +261,10 @@ self._token = libseccomp.SCMP_ARCH_MIPSEL64 elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32: self._token = libseccomp.SCMP_ARCH_MIPSEL64N32 + elif arch == libseccomp.SCMP_ARCH_PARISC: + self._token = libseccomp.SCMP_ARCH_PARISC + elif arch == libseccomp.SCMP_ARCH_PARISC64: + self._token = libseccomp.SCMP_ARCH_PARISC64 elif arch == libseccomp.SCMP_ARCH_PPC: self._token = libseccomp.SCMP_ARCH_PPC elif arch == libseccomp.SCMP_ARCH_PPC64: @@ -218,7 +278,7 @@ else: self._token = 0; elif isinstance(arch, basestring): - self._token = libseccomp.seccomp_arch_resolve_name(arch) + self._token = libseccomp.seccomp_arch_resolve_name(c_str(arch)) else: raise TypeError("Architecture must be an int or str type") if self._token == 0: @@ -246,6 +306,8 @@ ACT_BADARCH = libseccomp.SCMP_FLTATR_ACT_BADARCH CTL_NNP = libseccomp.SCMP_FLTATR_CTL_NNP CTL_TSYNC = libseccomp.SCMP_FLTATR_CTL_TSYNC + API_TSKIP = libseccomp.SCMP_FLTATR_API_TSKIP + CTL_LOG = libseccomp.SCMP_FLTATR_CTL_LOG cdef class Arg: """ Python object representing a SyscallFilter syscall argument. @@ -485,7 +547,8 @@ """ Add a new rule to filter. Arguments: - action - the rule action: KILL, TRAP, ERRNO(), TRACE(), or ALLOW + action - the rule action: KILL_PROCESS, KILL, TRAP, ERRNO(), TRACE(), + LOG, or ALLOW syscall - the syscall name or number args - variable number of Arg objects @@ -567,7 +630,8 @@ """ Add a new rule to filter. Arguments: - action - the rule action: KILL, TRAP, ERRNO(), TRACE(), or ALLOW + action - the rule action: KILL_PROCESS, KILL, TRAP, ERRNO(), TRACE(), + LOG, or ALLOW syscall - the syscall name or number args - variable number of Arg objects diff -Nru libseccomp-2.3.1/src/system.c libseccomp-2.4.1/src/system.c --- libseccomp-2.3.1/src/system.c 2016-02-26 18:02:27.728938976 +0000 +++ libseccomp-2.4.1/src/system.c 2019-04-16 16:19:07.067932636 +0000 @@ -40,6 +40,10 @@ static int _nr_seccomp = -1; static int _support_seccomp_syscall = -1; +static int _support_seccomp_flag_tsync = -1; +static int _support_seccomp_flag_log = -1; +static int _support_seccomp_action_log = -1; +static int _support_seccomp_kill_process = -1; /** * Check to see if the seccomp() syscall is supported @@ -98,25 +102,152 @@ } /** + * Force the seccomp() syscall support setting + * @param enable the intended support state + * + * This function overrides the current seccomp() syscall support setting; this + * is very much a "use at your own risk" function. + * + */ +void sys_set_seccomp_syscall(bool enable) +{ + _support_seccomp_syscall = (enable ? 1 : 0); +} + +/** + * Check to see if a seccomp action is supported + * @param action the seccomp action + * + * This function checks to see if a seccomp action is supported by the system. + * Return one if the action is supported, zero otherwise. + * + */ +int sys_chk_seccomp_action(uint32_t action) +{ + if (action == SCMP_ACT_KILL_PROCESS) { + if (_support_seccomp_kill_process < 0) { + if (sys_chk_seccomp_syscall() == 1 && + syscall(_nr_seccomp, SECCOMP_GET_ACTION_AVAIL, 0, + &action) == 0) + _support_seccomp_kill_process = 1; + else + _support_seccomp_kill_process = 0; + } + + return _support_seccomp_kill_process; + } else if (action == SCMP_ACT_KILL_THREAD) { + return 1; + } else if (action == SCMP_ACT_TRAP) { + return 1; + } else if ((action == SCMP_ACT_ERRNO(action & 0x0000ffff)) && + ((action & 0x0000ffff) < MAX_ERRNO)) { + return 1; + } else if (action == SCMP_ACT_TRACE(action & 0x0000ffff)) { + return 1; + } else if (action == SCMP_ACT_LOG) { + if (_support_seccomp_action_log < 0) { + if (sys_chk_seccomp_syscall() == 1 && + syscall(_nr_seccomp, SECCOMP_GET_ACTION_AVAIL, 0, + &action) == 0) + _support_seccomp_action_log = 1; + else + _support_seccomp_action_log = 0; + } + + return _support_seccomp_action_log; + } else if (action == SCMP_ACT_ALLOW) { + return 1; + } + + return 0; +} + +/** + * Force a seccomp action support setting + * @param action the seccomp action + * @param enable the intended support state + * + * This function overrides the current seccomp action support setting; this + * is very much a "use at your own risk" function. + */ +void sys_set_seccomp_action(uint32_t action, bool enable) +{ + if (action == SCMP_ACT_LOG) + _support_seccomp_action_log = (enable ? 1 : 0); + else if (action == SCMP_ACT_KILL_PROCESS) + _support_seccomp_kill_process = (enable ? 1 : 0); +} + +/** + * Check to see if a seccomp() flag is supported by the kernel + * @param flag the seccomp() flag + * + * This function checks to see if a seccomp() flag is supported by the kernel. + * Return one if the flag is supported, zero otherwise. + * + */ +static int _sys_chk_seccomp_flag_kernel(int flag) +{ + /* this is an invalid seccomp(2) call because the last argument + * is NULL, but depending on the errno value of EFAULT we can + * guess if the filter flag is supported or not */ + if (sys_chk_seccomp_syscall() == 1 && + syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flag, NULL) == -1 && + errno == EFAULT) + return 1; + + return 0; +} + +/** * Check to see if a seccomp() flag is supported * @param flag the seccomp() flag * * This function checks to see if a seccomp() flag is supported by the system. - * If the flag is supported one is returned, zero if unsupported, negative - * values on error. + * Return one if the syscall is supported, zero if unsupported, negative values + * on error. * */ int sys_chk_seccomp_flag(int flag) { switch (flag) { case SECCOMP_FILTER_FLAG_TSYNC: - return sys_chk_seccomp_syscall(); + if (_support_seccomp_flag_tsync < 0) + _support_seccomp_flag_tsync = _sys_chk_seccomp_flag_kernel(flag); + + return _support_seccomp_flag_tsync; + case SECCOMP_FILTER_FLAG_LOG: + if (_support_seccomp_flag_log < 0) + _support_seccomp_flag_log = _sys_chk_seccomp_flag_kernel(flag); + + return _support_seccomp_flag_log; } return -EOPNOTSUPP; } /** + * Force a seccomp() syscall flag support setting + * @param flag the seccomp() flag + * @param enable the intended support state + * + * This function overrides the current seccomp() syscall support setting for a + * given flag; this is very much a "use at your own risk" function. + * + */ +void sys_set_seccomp_flag(int flag, bool enable) +{ + switch (flag) { + case SECCOMP_FILTER_FLAG_TSYNC: + _support_seccomp_flag_tsync = (enable ? 1 : 0); + break; + case SECCOMP_FILTER_FLAG_LOG: + _support_seccomp_flag_log = (enable ? 1 : 0); + break; + } +} + +/** * Loads the filter into the kernel * @param col the filter collection * @@ -146,7 +277,9 @@ if (sys_chk_seccomp_syscall() == 1) { int flgs = 0; if (col->attr.tsync_enable) - flgs = SECCOMP_FILTER_FLAG_TSYNC; + flgs |= SECCOMP_FILTER_FLAG_TSYNC; + if (col->attr.log_enable) + flgs |= SECCOMP_FILTER_FLAG_LOG; rc = syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flgs, prgm); if (rc > 0 && col->attr.tsync_enable) /* always return -ESRCH if we fail to sync threads */ diff -Nru libseccomp-2.3.1/src/system.h libseccomp-2.4.1/src/system.h --- libseccomp-2.3.1/src/system.h 2016-02-24 17:40:35.184963098 +0000 +++ libseccomp-2.4.1/src/system.h 2019-04-16 16:19:07.267933677 +0000 @@ -55,13 +55,17 @@ * The ordering ensures that a min_t() over composed return values always * selects the least permissive choice. */ -#define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ +#define SECCOMP_RET_KILL_PROCESS 0x80000000U /* kill the process immediately */ +#define SECCOMP_RET_KILL_THREAD 0x00000000U /* kill the thread immediately */ +#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD /* default to killing the thread */ #define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ #define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ #define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ +#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */ #define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ /* Masks for the return value sections. */ +#define SECCOMP_RET_ACTION_FULL 0xffff0000U #define SECCOMP_RET_ACTION 0x7fff0000U #define SECCOMP_RET_DATA 0x0000ffffU @@ -102,14 +106,40 @@ #ifndef SECCOMP_SET_MODE_FILTER #define SECCOMP_SET_MODE_FILTER 1 #endif +#ifndef SECCOMP_GET_ACTION_AVAIL +#define SECCOMP_GET_ACTION_AVAIL 2 +#endif /* flags for the seccomp() syscall */ #ifndef SECCOMP_FILTER_FLAG_TSYNC -#define SECCOMP_FILTER_FLAG_TSYNC 1 +#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) +#endif +#ifndef SECCOMP_FILTER_FLAG_LOG +#define SECCOMP_FILTER_FLAG_LOG (1UL << 1) +#endif + +/* SECCOMP_RET_ACTION_FULL was added in kernel v4.14. It may not be + * defined on older kernels + */ +#ifndef SECCOMP_RET_ACTION_FULL +#define SECCOMP_RET_ACTION_FULL 0xffff0000U +#endif + +/* SECCOMP_RET_LOG was added in kernel v4.14. It may not be defined on + * older kernels. + */ +#ifndef SECCOMP_RET_LOG +#define SECCOMP_RET_LOG 0x7fc00000U #endif int sys_chk_seccomp_syscall(void); +void sys_set_seccomp_syscall(bool enable); + +int sys_chk_seccomp_action(uint32_t action); +void sys_set_seccomp_action(uint32_t action, bool enable); + int sys_chk_seccomp_flag(int flag); +void sys_set_seccomp_flag(int flag, bool enable); int sys_filter_load(const struct db_filter_col *col); diff -Nru libseccomp-2.3.1/SUBMITTING_PATCHES libseccomp-2.4.1/SUBMITTING_PATCHES --- libseccomp-2.3.1/SUBMITTING_PATCHES 2015-02-06 22:50:01.419595066 +0000 +++ libseccomp-2.4.1/SUBMITTING_PATCHES 1970-01-01 00:00:00.000000000 +0000 @@ -1,123 +0,0 @@ -How to Submit Patches to the libseccomp Project -=============================================================================== -https://github.com/seccomp/libseccomp - -This document is intended to act as a guide to help you contribute to the -libseccomp project. It is not perfect, and there will always be exceptions -to the rules described here, but by following the instructions below you -should have a much easier time getting your work merged with the upstream -project. - -* Test Your Code - -There are three possible tests you can run to verify your code. The first -test is used to check the formatting and coding style of your changes, you -can run the test with the following command: - - # make check-syntax - -... if there are any problems with your changes a diff/patch will be shown -which indicates the problems and how to fix them. - -The second possible test is used to ensure that the different internal syscall -tables are consistent and to test your changes against the automated test -suite. You can run the test with the following command: - - # make check - -... if there are any faults or errors they will be displayed; beware that the -tests can run for some time and produce a lot of output. - -The third possible test is used to validate libseccomp against a live, running -system using some simple regression tests. After ensuring that your system -supports seccomp filters you can run the live tests with the following -command: - - # make check-build - # cd tests - # ./regression -T live - -... if there are any faults or errors they will be displayed. - -* Generate the Patch(es) - -Depending on how you decided to work with the libseccomp code base and what -tools you are using there are different ways to generate your patch(es). -However, regardless of what tools you use, you should always generate your -patches using the "unified" diff/patch format and the patches should always -apply to the libseccomp source tree using the following command from the top -directory of the libseccomp sources: - - # patch -p1 < changes.patch - -If you are not using git, stacked git (stgit), or some other tool which can -generate patch files for you automatically, you may find the following command -helpful in generating patches, where "libseccomp.orig/" is the unmodified -source code directory and "libseccomp/" is the source code directory with your -changes: - - # diff -purN libseccomp.orig/ libseccomp/ - -When in doubt please generate your patch and try applying it to an unmodified -copy of the libseccomp sources; if it fails for you, it will fail for the rest -of us. - -* Explain Your Work - -At the top of every patch you should include a description of the problem you -are trying to solve, how you solved it, and why you chose the solution you -implemented. If you are submitting a bug fix, it is also incredibly helpful -if you can describe/include a reproducer for the problem in the description as -well as instructions on how to test for the bug and verify that it has been -fixed. - -* Sign Your Work - -The sign-off is a simple line at the end of the patch description, which -certifies that you wrote it or otherwise have the right to pass it on as an -open-source patch. The "Developer's Certificate of Origin" pledge is taken -from the Linux Kernel and the rules are pretty simple: - - Developer's Certificate of Origin 1.1 - - By making a contribution to this project, I certify that: - - (a) The contribution was created in whole or in part by me and I - have the right to submit it under the open source license - indicated in the file; or - - (b) The contribution is based upon previous work that, to the best - of my knowledge, is covered under an appropriate open source - license and I have the right under that license to submit that - work with modifications, whether created in whole or in part - by me, under the same open source license (unless I am - permitted to submit under a different license), as indicated - in the file; or - - (c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified - it. - - (d) I understand and agree that this project and the contribution - are public and that a record of the contribution (including all - personal information I submit with it, including my sign-off) is - maintained indefinitely and may be redistributed consistent with - this project or the open source license(s) involved. - -... then you just add a line to the bottom of your patch description, with -your real name, saying: - - Signed-off-by: Random J Developer - -* Email Your Patch(es) - -Finally, you will need to email your patches to the mailing list so they can -be reviewed and potentially merged into the main libseccomp repository. When -sending patches to the mailing list it is important to send your email in text -form, no HTML mail please, and ensure that your email client does not mangle -your patches. It should be possible to save your raw email to disk and apply -it directly to the libseccomp source code; if that fails then you likely have -a problem with your email client. When in doubt try a test first by sending -yourself an email with your patch and attempting to apply the emailed patch to -the libseccomp repository; if it fails for you, it will fail for the rest of -us trying to test your patch and include it in the main libseccomp repository. diff -Nru libseccomp-2.3.1/tests/01-sim-allow.tests libseccomp-2.4.1/tests/01-sim-allow.tests --- libseccomp-2.3.1/tests/01-sim-allow.tests 2016-02-11 18:36:42.607652237 +0000 +++ libseccomp-2.4.1/tests/01-sim-allow.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,8 +7,8 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -01-sim-allow all 0-350 N N N N N N ALLOW +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +01-sim-allow all,-x32 0-350 N N N N N N ALLOW test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/05-sim-long_jumps.tests libseccomp-2.4.1/tests/05-sim-long_jumps.tests --- libseccomp-2.3.1/tests/05-sim-long_jumps.tests 2016-02-11 18:36:42.617652236 +0000 +++ libseccomp-2.4.1/tests/05-sim-long_jumps.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,24 +7,24 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -05-sim-long_jumps all 1 1 2 3 4 5 6 ALLOW -05-sim-long_jumps all 2 N N N N N N KILL -05-sim-long_jumps all 999 N N N N N N KILL -05-sim-long_jumps x86 1000 0-5 0x856B008 0x7FFFFFFE N N N ALLOW -05-sim-long_jumps x86_64 1000 0-5 0x856B008 0x7FFFFFFFFFFFFFFE N N N ALLOW -05-sim-long_jumps x86 1000 95-99 0x856B008 0x7FFFFFFE N N N ALLOW -05-sim-long_jumps x86_64 1000 95-99 0x856B008 0x7FFFFFFFFFFFFFFE N N N ALLOW -05-sim-long_jumps x86 1000 100 0x856B008 0x7FFFFFFE N N N KILL -05-sim-long_jumps x86_64 1000 100 0x856B008 0x7FFFFFFFFFFFFFFE N N N KILL -05-sim-long_jumps all 1001 N N N N N N KILL -05-sim-long_jumps all 99 1 N N N N N KILL -05-sim-long_jumps all 100-105 1 N N N N N ALLOW -05-sim-long_jumps all 195-199 1 N N N N N ALLOW -05-sim-long_jumps all 200 1 N N N N N KILL -05-sim-long_jumps all 3 N N N N N N KILL -05-sim-long_jumps all 4 1 2 3 4 5 6 ALLOW -05-sim-long_jumps all 5 N N N N N N KILL +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +05-sim-long_jumps all,-x32 1 1 2 3 4 5 6 ALLOW +05-sim-long_jumps all,-x32 2 N N N N N N KILL +05-sim-long_jumps all,-x32 999 N N N N N N KILL +05-sim-long_jumps x86 1000 0-5 0x856B008 0x7FFFFFFE N N N ALLOW +05-sim-long_jumps x86_64 1000 0-5 0x856B008 0x7FFFFFFFFFFFFFFE N N N ALLOW +05-sim-long_jumps x86 1000 95-99 0x856B008 0x7FFFFFFE N N N ALLOW +05-sim-long_jumps x86_64 1000 95-99 0x856B008 0x7FFFFFFFFFFFFFFE N N N ALLOW +05-sim-long_jumps x86 1000 100 0x856B008 0x7FFFFFFE N N N KILL +05-sim-long_jumps x86_64 1000 100 0x856B008 0x7FFFFFFFFFFFFFFE N N N KILL +05-sim-long_jumps all,-x32 1001 N N N N N N KILL +05-sim-long_jumps all,-x32 99 1 N N N N N KILL +05-sim-long_jumps all,-x32 100-105 1 N N N N N ALLOW +05-sim-long_jumps all,-x32 195-199 1 N N N N N ALLOW +05-sim-long_jumps all,-x32 200 1 N N N N N KILL +05-sim-long_jumps all,-x32 3 N N N N N N KILL +05-sim-long_jumps all,-x32 4 1 2 3 4 5 6 ALLOW +05-sim-long_jumps all,-x32 5 N N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/06-sim-actions.c libseccomp-2.4.1/tests/06-sim-actions.c --- libseccomp-2.3.1/tests/06-sim-actions.c 2016-02-11 18:36:42.617652236 +0000 +++ libseccomp-2.4.1/tests/06-sim-actions.c 2019-04-16 16:19:07.324600639 +0000 @@ -36,6 +36,10 @@ if (rc < 0) goto out; + rc = seccomp_api_set(3); + if (rc != 0) + return EOPNOTSUPP; + ctx = seccomp_init(SCMP_ACT_KILL); if (ctx == NULL) return ENOMEM; @@ -44,6 +48,10 @@ if (rc != 0) goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_LOG, SCMP_SYS(rt_sigreturn), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(write), 0); if (rc != 0) goto out; @@ -56,6 +64,10 @@ if (rc != 0) goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS, SCMP_SYS(stat), 0); + if (rc != 0) + goto out; + rc = util_filter_output(&opts, ctx); if (rc) goto out; diff -Nru libseccomp-2.3.1/tests/06-sim-actions.py libseccomp-2.4.1/tests/06-sim-actions.py --- libseccomp-2.3.1/tests/06-sim-actions.py 2016-02-11 18:36:42.618652236 +0000 +++ libseccomp-2.4.1/tests/06-sim-actions.py 2018-12-03 23:53:10.197309134 +0000 @@ -30,11 +30,15 @@ from seccomp import * def test(args): + set_api(3) + f = SyscallFilter(KILL) f.add_rule(ALLOW, "read") + f.add_rule(LOG, "rt_sigreturn") f.add_rule(ERRNO(errno.EPERM), "write") f.add_rule(TRAP, "close") f.add_rule(TRACE(1234), "open") + f.add_rule(KILL_PROCESS, "stat") return f args = util.get_opt() diff -Nru libseccomp-2.3.1/tests/06-sim-actions.tests libseccomp-2.4.1/tests/06-sim-actions.tests --- libseccomp-2.3.1/tests/06-sim-actions.tests 2016-02-11 18:36:42.618652236 +0000 +++ libseccomp-2.4.1/tests/06-sim-actions.tests 2019-03-04 19:55:30.873309051 +0000 @@ -7,14 +7,19 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -06-sim-actions all read 4 0x856B008 80 N N N ALLOW -06-sim-actions all write 1 0x856B008 N N N N ERRNO(1) -06-sim-actions all close 4 N N N N N TRAP -06-sim-actions all,-aarch64 open 0x856B008 4 N N N N TRACE(1234) -06-sim-actions x86 0-2 N N N N N N KILL -06-sim-actions x86 7-350 N N N N N N KILL -06-sim-actions x86_64 4-350 N N N N N N KILL +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +06-sim-actions all read 4 0x856B008 80 N N N ALLOW +06-sim-actions all write 1 0x856B008 N N N N ERRNO(1) +06-sim-actions all close 4 N N N N N TRAP +06-sim-actions all,-aarch64 open 0x856B008 4 N N N N TRACE(1234) +06-sim-actions all stat N N N N N N KILL_PROCESS +06-sim-actions all rt_sigreturn N N N N N N LOG +06-sim-actions x86 0-2 N N N N N N KILL +06-sim-actions x86 7-105 N N N N N N KILL +06-sim-actions x86 107-172 N N N N N N KILL +06-sim-actions x86 174-350 N N N N N N KILL +06-sim-actions x86_64 5-14 N N N N N N KILL +06-sim-actions x86_64 16-350 N N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/08-sim-subtree_checks.c libseccomp-2.4.1/tests/08-sim-subtree_checks.c --- libseccomp-2.3.1/tests/08-sim-subtree_checks.c 2016-02-11 18:36:42.623652236 +0000 +++ libseccomp-2.4.1/tests/08-sim-subtree_checks.c 2019-04-16 16:19:07.344600743 +0000 @@ -155,12 +155,12 @@ goto out; rc = seccomp_rule_add_exact(ctx, SCMP_ACT_TRAP, 1007, 2, - SCMP_A2(SCMP_CMP_EQ, 1), + SCMP_A2(SCMP_CMP_EQ, 2), SCMP_A3(SCMP_CMP_EQ, 3)); if (rc != 0) goto out; rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 2, - SCMP_A2(SCMP_CMP_EQ, 1), + SCMP_A2(SCMP_CMP_EQ, 2), SCMP_A3(SCMP_CMP_NE, 3)); if (rc != 0) goto out; diff -Nru libseccomp-2.3.1/tests/08-sim-subtree_checks.py libseccomp-2.4.1/tests/08-sim-subtree_checks.py --- libseccomp-2.3.1/tests/08-sim-subtree_checks.py 2016-02-11 18:36:42.624652236 +0000 +++ libseccomp-2.4.1/tests/08-sim-subtree_checks.py 2018-12-03 23:53:10.197309134 +0000 @@ -105,10 +105,10 @@ Arg(1, NE, 1)) f.add_rule_exactly(TRAP, 1007, - Arg(2, EQ, 1), + Arg(2, EQ, 2), Arg(3, EQ, 3)) f.add_rule_exactly(ALLOW, 1007, - Arg(2, EQ, 1), + Arg(2, EQ, 2), Arg(3, NE, 3)) f.add_rule_exactly(ALLOW, 1007, Arg(3, NE, 3)) diff -Nru libseccomp-2.3.1/tests/08-sim-subtree_checks.tests libseccomp-2.4.1/tests/08-sim-subtree_checks.tests --- libseccomp-2.3.1/tests/08-sim-subtree_checks.tests 2016-02-11 18:36:42.625652235 +0000 +++ libseccomp-2.4.1/tests/08-sim-subtree_checks.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,33 +7,33 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -08-sim-subtree_checks all 1000 0-10 1 N N N N ALLOW -08-sim-subtree_checks all 1000 0-10 0 N N N N KILL -08-sim-subtree_checks all 1001 0-10 1 N N N N ALLOW -08-sim-subtree_checks all 1001 0-10 0 N N N N KILL -08-sim-subtree_checks all 1002 0-5 1 2 0-5 N N ALLOW -08-sim-subtree_checks all 1002 0-5 2 1 0-5 N N KILL -08-sim-subtree_checks all 1003 0-5 1 2 0-5 N N ALLOW -08-sim-subtree_checks all 1003 0-5 2 1 0-5 N N KILL -08-sim-subtree_checks all 1004 0 11 5-10 10 10 1-5 ALLOW -08-sim-subtree_checks all 1004 0 1 2 0-5 N N ALLOW -08-sim-subtree_checks all 1004 1-5 1 2 0-5 N N ALLOW -08-sim-subtree_checks all 1004 1-5 1 2 30-35 N N ALLOW -08-sim-subtree_checks all 1004 1-5 2 1 30-35 N N KILL -08-sim-subtree_checks all 1005 0 11 5-10 10 10 1-5 ALLOW -08-sim-subtree_checks all 1005 0 1 2 0-5 N N ALLOW -08-sim-subtree_checks all 1005 1-5 1 2 0-5 N N ALLOW -08-sim-subtree_checks all 1005 1-5 1 2 30-35 N N ALLOW -08-sim-subtree_checks all 1005 1-5 2 1 30-35 N N KILL -08-sim-subtree_checks all 1006 0-10 1 2 N N N ALLOW -08-sim-subtree_checks all 1006 0-10 1 3 N N N KILL -08-sim-subtree_checks all 1006 10 2-100 2 N N N ALLOW -08-sim-subtree_checks all 1007 0 0 1 3 N N TRAP -08-sim-subtree_checks all 1007 1 1 1 0-2 1 1 ALLOW -08-sim-subtree_checks all 1007 1 1 2 0-2 1 1 ALLOW -08-sim-subtree_checks all 1007 1 1 2 4-6 1 1 ALLOW -08-sim-subtree_checks all 1007 1 1 0 3 1 1 KILL +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +08-sim-subtree_checks all,-x32 1000 0-10 1 N N N N ALLOW +08-sim-subtree_checks all,-x32 1000 0-10 0 N N N N KILL +08-sim-subtree_checks all,-x32 1001 0-10 1 N N N N ALLOW +08-sim-subtree_checks all,-x32 1001 0-10 0 N N N N KILL +08-sim-subtree_checks all,-x32 1002 0-5 1 2 0-5 N N ALLOW +08-sim-subtree_checks all,-x32 1002 0-5 2 1 0-5 N N KILL +08-sim-subtree_checks all,-x32 1003 0-5 1 2 0-5 N N ALLOW +08-sim-subtree_checks all,-x32 1003 0-5 2 1 0-5 N N KILL +08-sim-subtree_checks all,-x32 1004 0 11 5-10 10 10 1-5 ALLOW +08-sim-subtree_checks all,-x32 1004 0 1 2 0-5 N N ALLOW +08-sim-subtree_checks all,-x32 1004 1-5 1 2 0-5 N N ALLOW +08-sim-subtree_checks all,-x32 1004 1-5 1 2 30-35 N N ALLOW +08-sim-subtree_checks all,-x32 1004 1-5 2 1 30-35 N N KILL +08-sim-subtree_checks all,-x32 1005 0 11 5-10 10 10 1-5 ALLOW +08-sim-subtree_checks all,-x32 1005 0 1 2 0-5 N N ALLOW +08-sim-subtree_checks all,-x32 1005 1-5 1 2 0-5 N N ALLOW +08-sim-subtree_checks all,-x32 1005 1-5 1 2 30-35 N N ALLOW +08-sim-subtree_checks all,-x32 1005 1-5 2 1 30-35 N N KILL +08-sim-subtree_checks all,-x32 1006 0-10 1 2 N N N ALLOW +08-sim-subtree_checks all,-x32 1006 0-10 1 3 N N N KILL +08-sim-subtree_checks all,-x32 1006 10 2-100 2 N N N ALLOW +08-sim-subtree_checks all,-x32 1007 0 0 2 3 N N TRAP +08-sim-subtree_checks all,-x32 1007 1 1 1 0-2 1 1 ALLOW +08-sim-subtree_checks all,-x32 1007 1 1 2 0-2 1 1 ALLOW +08-sim-subtree_checks all,-x32 1007 1 1 2 4-6 1 1 ALLOW +08-sim-subtree_checks all,-x32 1007 1 1 0 3 1 1 KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/09-sim-syscall_priority_pre.tests libseccomp-2.4.1/tests/09-sim-syscall_priority_pre.tests --- libseccomp-2.3.1/tests/09-sim-syscall_priority_pre.tests 2016-02-11 18:36:42.627652235 +0000 +++ libseccomp-2.4.1/tests/09-sim-syscall_priority_pre.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,13 +7,13 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -09-sim-syscall_priority_pre all 999 N N N N N N KILL -09-sim-syscall_priority_pre all 1000-1002 0 1 N N N N ALLOW -09-sim-syscall_priority_pre all 1000 0 2 N N N N KILL -09-sim-syscall_priority_pre all 1001-1002 0 2 N N N N ALLOW -09-sim-syscall_priority_pre all 1000-1001 1 1 N N N N KILL -09-sim-syscall_priority_pre all 1003 N N N N N N KILL +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +09-sim-syscall_priority_pre all,-x32 999 N N N N N N KILL +09-sim-syscall_priority_pre all,-x32 1000-1002 0 1 N N N N ALLOW +09-sim-syscall_priority_pre all,-x32 1000 0 2 N N N N KILL +09-sim-syscall_priority_pre all,-x32 1001-1002 0 2 N N N N ALLOW +09-sim-syscall_priority_pre all,-x32 1000-1001 1 1 N N N N KILL +09-sim-syscall_priority_pre all,-x32 1003 N N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/10-sim-syscall_priority_post.tests libseccomp-2.4.1/tests/10-sim-syscall_priority_post.tests --- libseccomp-2.3.1/tests/10-sim-syscall_priority_post.tests 2016-02-11 18:36:42.629652235 +0000 +++ libseccomp-2.4.1/tests/10-sim-syscall_priority_post.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,13 +7,13 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -10-sim-syscall_priority_post all 999 N N N N N N KILL -10-sim-syscall_priority_post all 1000-1002 0 1 N N N N ALLOW -10-sim-syscall_priority_post all 1000 0 2 N N N N KILL -10-sim-syscall_priority_post all 1001-1002 0 2 N N N N ALLOW -10-sim-syscall_priority_post all 1000-1001 1 1 N N N N KILL -10-sim-syscall_priority_post all 1003 N N N N N N KILL +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +10-sim-syscall_priority_post all,-x32 999 N N N N N N KILL +10-sim-syscall_priority_post all,-x32 1000-1002 0 1 N N N N ALLOW +10-sim-syscall_priority_post all,-x32 1000 0 2 N N N N KILL +10-sim-syscall_priority_post all,-x32 1001-1002 0 2 N N N N ALLOW +10-sim-syscall_priority_post all,-x32 1000-1001 1 1 N N N N KILL +10-sim-syscall_priority_post all,-x32 1003 N N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/11-basic-basic_errors.c libseccomp-2.4.1/tests/11-basic-basic_errors.c --- libseccomp-2.3.1/tests/11-basic-basic_errors.c 2016-02-11 18:36:42.631652235 +0000 +++ libseccomp-2.4.1/tests/11-basic-basic_errors.c 2019-04-16 16:19:07.371267549 +0000 @@ -28,6 +28,7 @@ { int rc; scmp_filter_ctx ctx; + uint32_t attr; /* seccomp_init errors */ ctx = seccomp_init(SCMP_ACT_ALLOW + 1); @@ -172,5 +173,16 @@ seccomp_release(ctx); ctx = NULL; + /* seccomp_attr_* errors */ + ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) + return -1; + rc = seccomp_attr_get(ctx, 1000, &attr); + if (rc != -EEXIST) + return -1; + rc = seccomp_attr_set(ctx, 1000, 1); + if (rc != -EEXIST) + return -1; + return 0; } diff -Nru libseccomp-2.3.1/tests/12-sim-basic_masked_ops.tests libseccomp-2.4.1/tests/12-sim-basic_masked_ops.tests --- libseccomp-2.3.1/tests/12-sim-basic_masked_ops.tests 2016-02-11 18:36:42.635652235 +0000 +++ libseccomp-2.4.1/tests/12-sim-basic_masked_ops.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,35 +7,35 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -12-sim-basic_masked_ops all 1000 0 1 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x01 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x02-0x0A 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x101 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 11 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x0B 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x0C-0x6E 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x1000B 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 111 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x6F 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x70-0x100 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x102-0x200 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x10002-0x1000A 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x1000C-0x1006E 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x1006F 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 1000 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x3E8 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x2FF 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x300-0x3FF 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x400 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x402-0x4FF 2 N N N KILL -12-sim-basic_masked_ops all 1000 0 0x10300-0x103FF 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x00000000F00003E8 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x00000000800003E8 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x00000001800003E8 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x00000001000003E8 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0x0000000F000003E8 2 N N N ALLOW -12-sim-basic_masked_ops all 1000 0 0xFFFFFFFFFFFF03E8 2 N N N ALLOW +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +12-sim-basic_masked_ops all,-x32 1000 0 1 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x01 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x02-0x0A 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x101 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 11 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x0B 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x0C-0x6E 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x1000B 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 111 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x6F 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x70-0x100 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x102-0x200 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x10002-0x1000A 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x1000C-0x1006E 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x1006F 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 1000 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x3E8 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x2FF 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x300-0x3FF 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x400 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x402-0x4FF 2 N N N KILL +12-sim-basic_masked_ops all,-x32 1000 0 0x10300-0x103FF 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x00000000F00003E8 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x00000000800003E8 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x00000001800003E8 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x00000001000003E8 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0x0000000F000003E8 2 N N N ALLOW +12-sim-basic_masked_ops all,-x32 1000 0 0xFFFFFFFFFFFF03E8 2 N N N ALLOW test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/13-basic-attrs.c libseccomp-2.4.1/tests/13-basic-attrs.c --- libseccomp-2.3.1/tests/13-basic-attrs.c 2016-02-11 18:36:42.636652235 +0000 +++ libseccomp-2.4.1/tests/13-basic-attrs.c 2019-04-16 16:19:07.387934302 +0000 @@ -32,6 +32,10 @@ uint32_t val = (uint32_t)(-1); scmp_filter_ctx ctx = NULL; + rc = seccomp_api_set(3); + if (rc != 0) + return EOPNOTSUPP; + ctx = seccomp_init(SCMP_ACT_ALLOW); if (ctx == NULL) return ENOMEM; @@ -70,6 +74,39 @@ rc = -1; goto out; } + + rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); + if (rc != 0 && rc != -EOPNOTSUPP) + goto out; + rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_TSYNC, &val); + if (rc != 0) + goto out; + if (val != 1) { + rc = -1; + goto out; + } + + rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_TSKIP, 1); + if (rc != 0) + goto out; + rc = seccomp_attr_get(ctx, SCMP_FLTATR_API_TSKIP, &val); + if (rc != 0) + goto out; + if (val != 1) { + rc = -1; + goto out; + } + + rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1); + if (rc != 0) + goto out; + rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_LOG, &val); + if (rc != 0) + goto out; + if (val != 1) { + rc = -1; + goto out; + } rc = 0; out: diff -Nru libseccomp-2.3.1/tests/13-basic-attrs.py libseccomp-2.4.1/tests/13-basic-attrs.py --- libseccomp-2.3.1/tests/13-basic-attrs.py 2016-02-11 18:36:42.637652235 +0000 +++ libseccomp-2.4.1/tests/13-basic-attrs.py 2018-12-03 23:53:10.197309134 +0000 @@ -29,6 +29,8 @@ from seccomp import * def test(): + set_api(3) + f = SyscallFilter(ALLOW) if f.get_attr(Attr.ACT_DEFAULT) != ALLOW: raise RuntimeError("Failed getting Attr.ACT_DEFAULT") @@ -42,6 +44,14 @@ f.set_attr(Attr.CTL_NNP, 0) if f.get_attr(Attr.CTL_NNP) != 0: raise RuntimeError("Failed getting Attr.CTL_NNP") + if f.get_attr(Attr.CTL_TSYNC) != 0: + raise RuntimeError("Failed getting Attr.CTL_TSYNC") + f.set_attr(Attr.API_TSKIP, 0) + if f.get_attr(Attr.API_TSKIP) != 0: + raise RuntimeError("Failed getting Attr.API_TSKIP") + f.set_attr(Attr.CTL_LOG, 1) + if f.get_attr(Attr.CTL_LOG) != 1: + raise RuntimeError("Failed getting Attr.CTL_LOG") test() diff -Nru libseccomp-2.3.1/tests/15-basic-resolver.c libseccomp-2.4.1/tests/15-basic-resolver.c --- libseccomp-2.3.1/tests/15-basic-resolver.c 2016-04-19 15:27:43.817798464 +0000 +++ libseccomp-2.4.1/tests/15-basic-resolver.c 2019-04-16 16:19:07.404601056 +0000 @@ -25,8 +25,34 @@ #include +unsigned int arch_list[] = { + SCMP_ARCH_NATIVE, + SCMP_ARCH_X86, + SCMP_ARCH_X86_64, + SCMP_ARCH_X32, + SCMP_ARCH_ARM, + SCMP_ARCH_AARCH64, + SCMP_ARCH_MIPS, + SCMP_ARCH_MIPS64, + SCMP_ARCH_MIPS64N32, + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPSEL64, + SCMP_ARCH_MIPSEL64N32, + SCMP_ARCH_PPC, + SCMP_ARCH_PPC64, + SCMP_ARCH_PPC64LE, + SCMP_ARCH_S390, + SCMP_ARCH_S390X, + SCMP_ARCH_PARISC, + SCMP_ARCH_PARISC64, + -1 +}; + int main(int argc, char *argv[]) { + int rc; + int iter = 0; + unsigned int arch; char *name = NULL; if (seccomp_syscall_resolve_name("open") != __NR_open) @@ -36,31 +62,63 @@ if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) goto fail; - if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE, - "open") != __NR_open) - goto fail; - if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE, - "read") != __NR_read) - goto fail; - if (seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE, - "INVALID") != __NR_SCMP_ERROR) - goto fail; - - name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, __NR_open); - if (name == NULL || strcmp(name, "open") != 0) - goto fail; - free(name); - - name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, __NR_read); - if (name == NULL || strcmp(name, "read") != 0) + rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); + if (rc != __NR_openat) goto fail; - free(name); - name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, - __NR_SCMP_ERROR); - if (name != NULL) - goto fail; - free(name); + while ((arch = arch_list[iter++]) != -1) { + int nr_open; + int nr_read; + int nr_socket; + int nr_shmctl; + + if (seccomp_syscall_resolve_name_arch(arch, + "INVALID") != __NR_SCMP_ERROR) + goto fail; + name = seccomp_syscall_resolve_num_arch(arch, __NR_SCMP_ERROR); + if (name != NULL) + goto fail; + + nr_open = seccomp_syscall_resolve_name_arch(arch, "open"); + if (nr_open == __NR_SCMP_ERROR) + goto fail; + nr_read = seccomp_syscall_resolve_name_arch(arch, "read"); + if (nr_read == __NR_SCMP_ERROR) + goto fail; + nr_socket = seccomp_syscall_resolve_name_rewrite(arch, "socket"); + if (nr_socket == __NR_SCMP_ERROR) + goto fail; + nr_shmctl = seccomp_syscall_resolve_name_rewrite(arch, "shmctl"); + if (nr_shmctl == __NR_SCMP_ERROR) + goto fail; + + name = seccomp_syscall_resolve_num_arch(arch, nr_open); + if (name == NULL || strcmp(name, "open") != 0) + goto fail; + free(name); + name = NULL; + + name = seccomp_syscall_resolve_num_arch(arch, nr_read); + if (name == NULL || strcmp(name, "read") != 0) + goto fail; + free(name); + name = NULL; + + name = seccomp_syscall_resolve_num_arch(arch, nr_socket); + if (name == NULL || + (strcmp(name, "socket") != 0 && + strcmp(name, "socketcall") != 0)) + goto fail; + free(name); + name = NULL; + + name = seccomp_syscall_resolve_num_arch(arch, nr_shmctl); + if (name == NULL || + (strcmp(name, "shmctl") != 0 && strcmp(name, "ipc") != 0)) + goto fail; + free(name); + name = NULL; + } return 0; diff -Nru libseccomp-2.3.1/tests/15-basic-resolver.py libseccomp-2.4.1/tests/15-basic-resolver.py --- libseccomp-2.3.1/tests/15-basic-resolver.py 2016-04-19 15:27:43.818798464 +0000 +++ libseccomp-2.4.1/tests/15-basic-resolver.py 2018-12-03 23:53:10.200642485 +0000 @@ -41,11 +41,11 @@ sys_num = resolve_syscall(Arch(), "open") sys_name = resolve_syscall(Arch(), sys_num) - if (sys_name != "open"): + if (sys_name != b"open"): raise RuntimeError("Test failure") sys_num = resolve_syscall(Arch(), "read") sys_name = resolve_syscall(Arch(), sys_num) - if (sys_name != "read"): + if (sys_name != b"read"): raise RuntimeError("Test failure") test() diff -Nru libseccomp-2.3.1/tests/16-sim-arch_basic.c libseccomp-2.4.1/tests/16-sim-arch_basic.c --- libseccomp-2.3.1/tests/16-sim-arch_basic.c 2016-02-11 18:36:42.642652234 +0000 +++ libseccomp-2.4.1/tests/16-sim-arch_basic.c 2019-04-16 16:19:07.411267757 +0000 @@ -40,6 +40,21 @@ if (ctx == NULL) return ENOMEM; + /* NOTE: not strictly necessary since we get the native arch by default + * but it serves as a good sanity check for the code and boosts + * our code coverage numbers */ + rc = seccomp_arch_exist(ctx, seccomp_arch_native()); + if (rc != 0) + goto out; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + /* NOTE: more sanity/coverage tests (see above) */ + rc = seccomp_arch_add(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); if (rc != 0) goto out; @@ -107,6 +122,35 @@ if (rc) goto out; + /* not strictly necessary, but let's exercise the code paths */ + rc = seccomp_arch_remove(ctx, SCMP_ARCH_X86); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_X32); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_ARM); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_AARCH64); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_MIPSEL); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_MIPSEL64); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_MIPSEL64N32); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE); + if (rc != 0) + goto out; + out: seccomp_release(ctx); return (rc < 0 ? -rc : rc); diff -Nru libseccomp-2.3.1/tests/16-sim-arch_basic.py libseccomp-2.4.1/tests/16-sim-arch_basic.py --- libseccomp-2.3.1/tests/16-sim-arch_basic.py 2016-02-11 18:36:42.643652234 +0000 +++ libseccomp-2.4.1/tests/16-sim-arch_basic.py 2018-12-03 23:53:10.200642485 +0000 @@ -30,6 +30,10 @@ def test(args): f = SyscallFilter(KILL) + # NOTE: some of these arch functions are not strictly necessary, but are + # here for test sanity/coverage + f.remove_arch(Arch()) + f.add_arch(Arch()) f.remove_arch(Arch()) f.add_arch(Arch("x86")) f.add_arch(Arch("x86_64")) diff -Nru libseccomp-2.3.1/tests/18-sim-basic_whitelist.c libseccomp-2.4.1/tests/18-sim-basic_whitelist.c --- libseccomp-2.3.1/tests/18-sim-basic_whitelist.c 2016-02-11 18:36:42.648652234 +0000 +++ libseccomp-2.4.1/tests/18-sim-basic_whitelist.c 2019-04-16 16:19:07.431267861 +0000 @@ -36,31 +36,31 @@ if (rc < 0) goto out; - ctx = seccomp_init(SCMP_ACT_ALLOW); + ctx = seccomp_init(SCMP_ACT_KILL); if (ctx == NULL) return ENOMEM; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(read), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, STDOUT_FILENO)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, STDERR_FILENO)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(close), 0); + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0); if (rc != 0) goto out; rc = seccomp_rule_add_exact(ctx, - SCMP_ACT_KILL, SCMP_SYS(rt_sigreturn), 0); + SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0); if (rc != 0) goto out; diff -Nru libseccomp-2.3.1/tests/18-sim-basic_whitelist.py libseccomp-2.4.1/tests/18-sim-basic_whitelist.py --- libseccomp-2.3.1/tests/18-sim-basic_whitelist.py 2016-02-11 18:36:42.648652234 +0000 +++ libseccomp-2.4.1/tests/18-sim-basic_whitelist.py 2018-12-03 23:53:10.200642485 +0000 @@ -29,12 +29,12 @@ from seccomp import * def test(args): - f = SyscallFilter(ALLOW) - f.add_rule_exactly(KILL, "read", Arg(0, EQ, sys.stdin.fileno())) - f.add_rule_exactly(KILL, "write", Arg(0, EQ, sys.stdout.fileno())) - f.add_rule_exactly(KILL, "write", Arg(0, EQ, sys.stderr.fileno())) - f.add_rule_exactly(KILL, "close") - f.add_rule_exactly(KILL, "rt_sigreturn") + f = SyscallFilter(KILL) + f.add_rule_exactly(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) + f.add_rule_exactly(ALLOW, "close") + f.add_rule_exactly(ALLOW, "rt_sigreturn") return f args = util.get_opt() diff -Nru libseccomp-2.3.1/tests/18-sim-basic_whitelist.tests libseccomp-2.4.1/tests/18-sim-basic_whitelist.tests --- libseccomp-2.3.1/tests/18-sim-basic_whitelist.tests 2016-02-11 18:36:42.649652234 +0000 +++ libseccomp-2.4.1/tests/18-sim-basic_whitelist.tests 2018-12-03 23:53:10.200642485 +0000 @@ -8,18 +8,18 @@ test type: bpf-sim # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -18-sim-basic_whitelist all read 0 0x856B008 10 N N N KILL -18-sim-basic_whitelist all read 1-10 0x856B008 10 N N N ALLOW -18-sim-basic_whitelist all write 1-2 0x856B008 10 N N N KILL -18-sim-basic_whitelist all write 3-10 0x856B008 10 N N N ALLOW -18-sim-basic_whitelist all close N N N N N N KILL -18-sim-basic_whitelist all rt_sigreturn N N N N N N KILL -18-sim-basic_whitelist all open 0x856B008 4 N N N N ALLOW -18-sim-basic_whitelist x86 0-2 N N N N N N ALLOW -18-sim-basic_whitelist x86 7-172 N N N N N N ALLOW -18-sim-basic_whitelist x86 174-350 N N N N N N ALLOW -18-sim-basic_whitelist x86_64 4-14 N N N N N N ALLOW -18-sim-basic_whitelist x86_64 16-350 N N N N N N ALLOW +18-sim-basic_whitelist all read 0 0x856B008 10 N N N ALLOW +18-sim-basic_whitelist all read 1-10 0x856B008 10 N N N KILL +18-sim-basic_whitelist all write 1-2 0x856B008 10 N N N ALLOW +18-sim-basic_whitelist all write 3-10 0x856B008 10 N N N KILL +18-sim-basic_whitelist all close N N N N N N ALLOW +18-sim-basic_whitelist all rt_sigreturn N N N N N N ALLOW +18-sim-basic_whitelist all open 0x856B008 4 N N N N KILL +18-sim-basic_whitelist x86 0-2 N N N N N N KILL +18-sim-basic_whitelist x86 7-172 N N N N N N KILL +18-sim-basic_whitelist x86 174-350 N N N N N N KILL +18-sim-basic_whitelist x86_64 4-14 N N N N N N KILL +18-sim-basic_whitelist x86_64 16-350 N N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/20-live-basic_die.py libseccomp-2.4.1/tests/20-live-basic_die.py --- libseccomp-2.3.1/tests/20-live-basic_die.py 2016-02-11 18:36:42.652652233 +0000 +++ libseccomp-2.4.1/tests/20-live-basic_die.py 2018-12-03 23:53:10.200642485 +0000 @@ -33,6 +33,7 @@ if action == TRAP: util.install_trap() f = SyscallFilter(action) + f.add_rule(ALLOW, "getpid") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "sigreturn") f.add_rule(ALLOW, "exit_group") diff -Nru libseccomp-2.3.1/tests/20-live-basic_die.tests libseccomp-2.4.1/tests/20-live-basic_die.tests --- libseccomp-2.3.1/tests/20-live-basic_die.tests 2016-02-11 18:36:42.652652233 +0000 +++ libseccomp-2.4.1/tests/20-live-basic_die.tests 2018-12-03 23:53:10.200642485 +0000 @@ -7,7 +7,7 @@ test type: live -# Testname Result -20-live-basic_die KILL -20-live-basic_die TRAP -20-live-basic_die ERRNO +# Testname API Result +20-live-basic_die 1 KILL +20-live-basic_die 1 TRAP +20-live-basic_die 1 ERRNO diff -Nru libseccomp-2.3.1/tests/21-live-basic_allow.py libseccomp-2.4.1/tests/21-live-basic_allow.py --- libseccomp-2.3.1/tests/21-live-basic_allow.py 2016-02-11 18:36:42.654652233 +0000 +++ libseccomp-2.4.1/tests/21-live-basic_allow.py 2018-12-03 23:53:10.200642485 +0000 @@ -47,9 +47,11 @@ f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "sigreturn") + f.add_rule(ALLOW, "sigaltstack") f.add_rule(ALLOW, "brk") f.add_rule(ALLOW, "exit_group") f.load() + try: util.write_file("/dev/null") except OSError as ex: diff -Nru libseccomp-2.3.1/tests/21-live-basic_allow.tests libseccomp-2.4.1/tests/21-live-basic_allow.tests --- libseccomp-2.3.1/tests/21-live-basic_allow.tests 2016-02-11 18:36:42.654652233 +0000 +++ libseccomp-2.4.1/tests/21-live-basic_allow.tests 2018-12-03 23:53:10.200642485 +0000 @@ -7,5 +7,5 @@ test type: live -# Testname Result -21-live-basic_allow ALLOW +# Testname API Result +21-live-basic_allow 1 ALLOW diff -Nru libseccomp-2.3.1/tests/24-live-arg_allow.py libseccomp-2.4.1/tests/24-live-arg_allow.py --- libseccomp-2.3.1/tests/24-live-arg_allow.py 2016-02-11 18:36:42.662652233 +0000 +++ libseccomp-2.4.1/tests/24-live-arg_allow.py 2018-12-03 23:53:10.203975835 +0000 @@ -35,7 +35,7 @@ quit(1) util.install_trap() - fd = os.open("/dev/null", os.O_WRONLY|os.O_CREAT, 0600) + fd = os.open("/dev/null", os.O_WRONLY|os.O_CREAT) f = SyscallFilter(TRAP) # NOTE: additional syscalls required for python @@ -43,12 +43,13 @@ f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") + f.add_rule(ALLOW, "sigaltstack") f.add_rule(ALLOW, "exit_group") f.add_rule(ALLOW, "brk") f.load() try: - if not os.write(fd, "testing") == len("testing"): + if not os.write(fd, b"testing") == len("testing"): raise IOError("failed to write the full test string") quit(160) except OSError as ex: diff -Nru libseccomp-2.3.1/tests/24-live-arg_allow.tests libseccomp-2.4.1/tests/24-live-arg_allow.tests --- libseccomp-2.3.1/tests/24-live-arg_allow.tests 2016-02-11 18:36:42.662652233 +0000 +++ libseccomp-2.4.1/tests/24-live-arg_allow.tests 2018-12-03 23:53:10.203975835 +0000 @@ -7,5 +7,5 @@ test type: live -# Testname Result -24-live-arg_allow ALLOW +# Testname API Result +24-live-arg_allow 1 ALLOW diff -Nru libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.tests libseccomp-2.4.1/tests/25-sim-multilevel_chains_adv.tests --- libseccomp-2.3.1/tests/25-sim-multilevel_chains_adv.tests 2016-02-11 18:36:42.663652233 +0000 +++ libseccomp-2.4.1/tests/25-sim-multilevel_chains_adv.tests 2019-03-04 23:18:55.208791517 +0000 @@ -8,16 +8,16 @@ test type: bpf-sim # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -25-sim-multilevel_chains_adv all 0-9 N N N N N N KILL -25-sim-multilevel_chains_adv all 10 0x0000000b 0x00000000 N N N N ALLOW +25-sim-multilevel_chains_adv all,-x32 0-9 N N N N N N KILL +25-sim-multilevel_chains_adv all,-x32 10 0x0000000b 0x00000000 N N N N ALLOW 25-sim-multilevel_chains_adv x86_64 10 0x10000000b 0x00000000 N N N N KILL 25-sim-multilevel_chains_adv x86_64 10 0x0000000b 0x10000000c N N N N ALLOW -25-sim-multilevel_chains_adv all 11-19 N N N N N N KILL -25-sim-multilevel_chains_adv all 20 0x00000015 0x00000000 0x00000017 N N N ALLOW -25-sim-multilevel_chains_adv all 20 0x00000015 0x00000016 0x00000017 N N N KILL +25-sim-multilevel_chains_adv all,-x32 11-19 N N N N N N KILL +25-sim-multilevel_chains_adv all,-x32 20 0x00000015 0x00000000 0x00000017 N N N ALLOW +25-sim-multilevel_chains_adv all,-x32 20 0x00000015 0x00000016 0x00000017 N N N KILL 25-sim-multilevel_chains_adv x86_64 20 0x100000015 0x00000000 0x00000017 N N N KILL 25-sim-multilevel_chains_adv x86_64 20 0x00000015 0x00000000 0x100000017 N N N KILL -25-sim-multilevel_chains_adv all 21-30 N N N N N N KILL +25-sim-multilevel_chains_adv all,-x32 21-30 N N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.c libseccomp-2.4.1/tests/26-sim-arch_all_be_basic.c --- libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.c 2016-02-11 18:36:42.664652233 +0000 +++ libseccomp-2.4.1/tests/26-sim-arch_all_be_basic.c 2019-04-16 16:19:07.501268225 +0000 @@ -52,6 +52,12 @@ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); if (rc != 0) goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc")); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc64")); + if (rc != 0) + goto out; rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc")); if (rc != 0) goto out; diff -Nru libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.py libseccomp-2.4.1/tests/26-sim-arch_all_be_basic.py --- libseccomp-2.3.1/tests/26-sim-arch_all_be_basic.py 2016-02-11 18:36:42.664652233 +0000 +++ libseccomp-2.4.1/tests/26-sim-arch_all_be_basic.py 2018-12-03 23:53:10.203975835 +0000 @@ -33,6 +33,8 @@ f.add_arch(Arch("mips")) f.add_arch(Arch("mips64")) f.add_arch(Arch("mips64n32")) + f.add_arch(Arch("parisc")) + f.add_arch(Arch("parisc64")) f.add_arch(Arch("ppc")) f.add_arch(Arch("ppc64")) f.add_arch(Arch("s390")) diff -Nru libseccomp-2.3.1/tests/27-sim-bpf_blk_state.tests libseccomp-2.4.1/tests/27-sim-bpf_blk_state.tests --- libseccomp-2.3.1/tests/27-sim-bpf_blk_state.tests 2016-02-11 18:36:42.666652232 +0000 +++ libseccomp-2.4.1/tests/27-sim-bpf_blk_state.tests 2019-03-04 23:18:55.208791517 +0000 @@ -7,11 +7,11 @@ test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -27-sim-bpf_blk_state all 1000 0-2 N N N N N ALLOW -27-sim-bpf_blk_state all 1000 3-9 N N N N N KILL -27-sim-bpf_blk_state all 1000 10 N N N N N ALLOW -27-sim-bpf_blk_state all 1000 11-32 N N N N N KILL +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +27-sim-bpf_blk_state all,-x32 1000 0-2 N N N N N ALLOW +27-sim-bpf_blk_state all,-x32 1000 3-9 N N N N N KILL +27-sim-bpf_blk_state all,-x32 1000 10 N N N N N ALLOW +27-sim-bpf_blk_state all,-x32 1000 11-32 N N N N N KILL test type: bpf-sim-fuzz diff -Nru libseccomp-2.3.1/tests/32-live-tsync_allow.py libseccomp-2.4.1/tests/32-live-tsync_allow.py --- libseccomp-2.3.1/tests/32-live-tsync_allow.py 2016-02-22 22:44:01.726433083 +0000 +++ libseccomp-2.4.1/tests/32-live-tsync_allow.py 2018-12-03 23:53:10.203975835 +0000 @@ -48,6 +48,7 @@ f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "sigreturn") + f.add_rule(ALLOW, "sigaltstack") f.add_rule(ALLOW, "brk") f.add_rule(ALLOW, "exit_group") f.load() diff -Nru libseccomp-2.3.1/tests/32-live-tsync_allow.tests libseccomp-2.4.1/tests/32-live-tsync_allow.tests --- libseccomp-2.3.1/tests/32-live-tsync_allow.tests 2016-02-22 22:44:01.726433083 +0000 +++ libseccomp-2.4.1/tests/32-live-tsync_allow.tests 2018-12-03 23:53:10.203975835 +0000 @@ -7,5 +7,5 @@ test type: live -# Testname Result -32-live-tsync_allow ALLOW +# Testname API Result +32-live-tsync_allow 2 ALLOW diff -Nru libseccomp-2.3.1/tests/34-sim-basic_blacklist.c libseccomp-2.4.1/tests/34-sim-basic_blacklist.c --- libseccomp-2.3.1/tests/34-sim-basic_blacklist.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/34-sim-basic_blacklist.c 2019-04-16 16:19:07.571268590 +0000 @@ -0,0 +1,74 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2013 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 1, + SCMP_A0(SCMP_CMP_EQ, STDOUT_FILENO)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 1, + SCMP_A0(SCMP_CMP_EQ, STDERR_FILENO)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(close), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, + SCMP_ACT_KILL, SCMP_SYS(rt_sigreturn), 0); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/34-sim-basic_blacklist.py libseccomp-2.4.1/tests/34-sim-basic_blacklist.py --- libseccomp-2.3.1/tests/34-sim-basic_blacklist.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/34-sim-basic_blacklist.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2013 Red Hat +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(ALLOW) + f.add_rule_exactly(KILL, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule_exactly(KILL, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule_exactly(KILL, "write", Arg(0, EQ, sys.stderr.fileno())) + f.add_rule_exactly(KILL, "close") + f.add_rule_exactly(KILL, "rt_sigreturn") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/34-sim-basic_blacklist.tests libseccomp-2.4.1/tests/34-sim-basic_blacklist.tests --- libseccomp-2.3.1/tests/34-sim-basic_blacklist.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/34-sim-basic_blacklist.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,32 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2013 Red Hat +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +34-sim-basic_blacklist all read 0 0x856B008 10 N N N KILL +34-sim-basic_blacklist all read 1-10 0x856B008 10 N N N ALLOW +34-sim-basic_blacklist all write 1-2 0x856B008 10 N N N KILL +34-sim-basic_blacklist all write 3-10 0x856B008 10 N N N ALLOW +34-sim-basic_blacklist all close N N N N N N KILL +34-sim-basic_blacklist all rt_sigreturn N N N N N N KILL +34-sim-basic_blacklist all open 0x856B008 4 N N N N ALLOW +34-sim-basic_blacklist x86 0-2 N N N N N N ALLOW +34-sim-basic_blacklist x86 7-172 N N N N N N ALLOW +34-sim-basic_blacklist x86 174-350 N N N N N N ALLOW +34-sim-basic_blacklist x86_64 4-14 N N N N N N ALLOW +34-sim-basic_blacklist x86_64 16-350 N N N N N N ALLOW + +test type: bpf-sim-fuzz + +# Testname StressCount +34-sim-basic_blacklist 50 + +test type: bpf-valgrind + +# Testname +34-sim-basic_blacklist diff -Nru libseccomp-2.3.1/tests/35-sim-negative_one.c libseccomp-2.4.1/tests/35-sim-negative_one.c --- libseccomp-2.3.1/tests/35-sim-negative_one.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/35-sim-negative_one.c 2019-04-16 16:19:07.577935291 +0000 @@ -0,0 +1,73 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + + rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_TSKIP, 1); + if (rc != 0) + goto out; + + rc = seccomp_syscall_priority(ctx, -1, 100); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, -1, 0); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/35-sim-negative_one.py libseccomp-2.4.1/tests/35-sim-negative_one.py --- libseccomp-2.3.1/tests/35-sim-negative_one.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/35-sim-negative_one.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,46 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.remove_arch(Arch()) + f.add_arch(Arch("x86")) + f.add_arch(Arch("x86_64")) + f.set_attr(Attr.API_TSKIP, 1) + f.syscall_priority(-1, 100) + f.add_rule(ALLOW, -1) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/35-sim-negative_one.tests libseccomp-2.4.1/tests/35-sim-negative_one.tests --- libseccomp-2.3.1/tests/35-sim-negative_one.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/35-sim-negative_one.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,18 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +35-sim-negative_one +x86 -1 N N N N N N ALLOW +35-sim-negative_one +x86_64 -1 N N N N N N ALLOW +35-sim-negative_one +x32 -1 N N N N N N ALLOW + +test type: bpf-valgrind + +# Testname +35-sim-negative_one diff -Nru libseccomp-2.3.1/tests/36-sim-ipc_syscalls.c libseccomp-2.4.1/tests/36-sim-ipc_syscalls.c --- libseccomp-2.3.1/tests/36-sim-ipc_syscalls.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/36-sim-ipc_syscalls.c 2019-04-16 16:19:07.587935343 +0000 @@ -0,0 +1,112 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X32); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semop), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semtimedop), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semget), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semctl), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgsnd), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgrcv), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgget), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgctl), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmat), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmdt), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmget), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmctl), 0); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/36-sim-ipc_syscalls.py libseccomp-2.4.1/tests/36-sim-ipc_syscalls.py --- libseccomp-2.3.1/tests/36-sim-ipc_syscalls.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/36-sim-ipc_syscalls.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.remove_arch(Arch()) + f.add_arch(Arch("x86")) + f.add_arch(Arch("x86_64")) + f.add_arch(Arch("x32")) + f.add_rule(ALLOW, "semop") + f.add_rule(ALLOW, "semtimedop") + f.add_rule(ALLOW, "semget") + f.add_rule(ALLOW, "semctl") + f.add_rule(ALLOW, "msgsnd") + f.add_rule(ALLOW, "msgrcv") + f.add_rule(ALLOW, "msgget") + f.add_rule(ALLOW, "msgctl") + f.add_rule(ALLOW, "shmat") + f.add_rule(ALLOW, "shmdt") + f.add_rule(ALLOW, "shmget") + f.add_rule(ALLOW, "shmctl") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/36-sim-ipc_syscalls.tests libseccomp-2.4.1/tests/36-sim-ipc_syscalls.tests --- libseccomp-2.3.1/tests/36-sim-ipc_syscalls.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/36-sim-ipc_syscalls.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,39 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +36-sim-ipc_syscalls +x86 ipc 1 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 2 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 3 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 4 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 11 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 12 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 13 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 14 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 21 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 22 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 23 N N N N N ALLOW +36-sim-ipc_syscalls +x86 ipc 24 N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 semop N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 semget N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 semctl N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 semtimedop N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 msgsnd N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 msgrcv N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 msgget N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 msgctl N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 shmat N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 shmdt N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 shmget N N N N N N ALLOW +36-sim-ipc_syscalls +x86_64 shmctl N N N N N N ALLOW + +test type: bpf-valgrind + +# Testname +36-sim-ipc_syscalls diff -Nru libseccomp-2.3.1/tests/37-sim-ipc_syscalls_be.c libseccomp-2.4.1/tests/37-sim-ipc_syscalls_be.c --- libseccomp-2.3.1/tests/37-sim-ipc_syscalls_be.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/37-sim-ipc_syscalls_be.c 2019-04-16 16:19:07.594602044 +0000 @@ -0,0 +1,109 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_S390); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_S390X); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semop), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semtimedop), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semget), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(semctl), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgsnd), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgrcv), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgget), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(msgctl), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmat), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmdt), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmget), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmctl), 0); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/37-sim-ipc_syscalls_be.py libseccomp-2.4.1/tests/37-sim-ipc_syscalls_be.py --- libseccomp-2.3.1/tests/37-sim-ipc_syscalls_be.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/37-sim-ipc_syscalls_be.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,55 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.remove_arch(Arch()) + f.add_arch(Arch("s390")) + f.add_arch(Arch("s390x")) + f.add_rule(ALLOW, "semop") + f.add_rule(ALLOW, "semtimedop") + f.add_rule(ALLOW, "semget") + f.add_rule(ALLOW, "semctl") + f.add_rule(ALLOW, "msgsnd") + f.add_rule(ALLOW, "msgrcv") + f.add_rule(ALLOW, "msgget") + f.add_rule(ALLOW, "msgctl") + f.add_rule(ALLOW, "shmat") + f.add_rule(ALLOW, "shmdt") + f.add_rule(ALLOW, "shmget") + f.add_rule(ALLOW, "shmctl") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/37-sim-ipc_syscalls_be.tests libseccomp-2.4.1/tests/37-sim-ipc_syscalls_be.tests --- libseccomp-2.3.1/tests/37-sim-ipc_syscalls_be.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/37-sim-ipc_syscalls_be.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,27 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +37-sim-ipc_syscalls_be +s390,+s390x ipc 1 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 2 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 3 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 4 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 11 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 12 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 13 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 14 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 21 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 22 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 23 N N N N N ALLOW +37-sim-ipc_syscalls_be +s390,+s390x ipc 24 N N N N N ALLOW + +test type: bpf-valgrind + +# Testname +37-sim-ipc_syscalls_be diff -Nru libseccomp-2.3.1/tests/38-basic-pfc_coverage.c libseccomp-2.4.1/tests/38-basic-pfc_coverage.c --- libseccomp-2.3.1/tests/38-basic-pfc_coverage.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/38-basic-pfc_coverage.c 2019-04-16 16:19:07.604602096 +0000 @@ -0,0 +1,104 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + int fd; + scmp_filter_ctx ctx = NULL; + + /* stdout */ + fd = 1; + + rc = seccomp_api_set(3); + if (rc != 0) + return EOPNOTSUPP; + + ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) { + rc = ENOMEM; + goto out; + } + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc < 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc < 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + if (rc < 0) + goto out; + + /* NOTE: the syscalls and their arguments have been picked to achieve + * the highest possible code coverage, this is not a useful + * real world filter configuration */ + + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(open), 0); + if (rc < 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(read), 4, + SCMP_A0(SCMP_CMP_EQ, 0), + SCMP_A1(SCMP_CMP_GE, 1), + SCMP_A2(SCMP_CMP_GT, 2), + SCMP_A3(SCMP_CMP_MASKED_EQ, 0x0f, 3)); + if (rc < 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_TRAP, SCMP_SYS(write), 3, + SCMP_A0(SCMP_CMP_NE, 0), + SCMP_A1(SCMP_CMP_LE, 1), + SCMP_A2(SCMP_CMP_LT, 2)); + if (rc < 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(1), SCMP_SYS(close), 0); + if (rc < 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_TRACE(1), SCMP_SYS(exit), 0); + if (rc < 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS, SCMP_SYS(fstat), 0); + if (rc < 0) + goto out; + + /* verify the prioritized, but no-rule, syscall */ + rc = seccomp_syscall_priority(ctx, SCMP_SYS(poll), 255); + if (rc < 0) + goto out; + + rc = seccomp_export_pfc(ctx, fd); + if (rc < 0) + goto out; + +out: + seccomp_release(ctx); + close(fd); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/38-basic-pfc_coverage.pfc libseccomp-2.4.1/tests/38-basic-pfc_coverage.pfc --- libseccomp-2.3.1/tests/38-basic-pfc_coverage.pfc 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/38-basic-pfc_coverage.pfc 2019-03-14 13:51:36.762838657 +0000 @@ -0,0 +1,134 @@ +# +# pseudo filter code start +# +# filter for arch x86_64 (3221225534) +if ($arch == 3221225534) + # filter for syscall "exit" (60) [priority: 65535] + if ($syscall == 60) + action TRACE(1); + # filter for syscall "fstat" (5) [priority: 65535] + if ($syscall == 5) + action KILL_PROCESS; + # filter for syscall "close" (3) [priority: 65535] + if ($syscall == 3) + action ERRNO(1); + # filter for syscall "open" (2) [priority: 65535] + if ($syscall == 2) + action KILL; + # filter for syscall "write" (1) [priority: 65527] + if ($syscall == 1) + if ($a0.hi32 == 0) + if ($a0.lo32 == 0) + else + if ($a1.hi32 > 0) + else + if ($a1.hi32 == 0) + if ($a1.lo32 > 1) + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + else + if ($a1.hi32 > 0) + else + if ($a1.hi32 == 0) + if ($a1.lo32 > 1) + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + # filter for syscall "read" (0) [priority: 65525] + if ($syscall == 0) + if ($a0.hi32 == 0) + if ($a0.lo32 == 0) + if ($a1.hi32 > 0) + if ($a2.hi32 > 0) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + else + if ($a2.hi32 == 0) + if ($a2.lo32 > 2) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + else + if ($a1.hi32 == 0) + if ($a1.lo32 >= 1) + if ($a2.hi32 > 0) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + else + if ($a2.hi32 == 0) + if ($a2.lo32 > 2) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + # default action + action ALLOW; +# filter for arch x86 (1073741827) +if ($arch == 1073741827) + # filter for syscall "fstat" (108) [priority: 65535] + if ($syscall == 108) + action KILL_PROCESS; + # filter for syscall "close" (6) [priority: 65535] + if ($syscall == 6) + action ERRNO(1); + # filter for syscall "open" (5) [priority: 65535] + if ($syscall == 5) + action KILL; + # filter for syscall "exit" (1) [priority: 65535] + if ($syscall == 1) + action TRACE(1); + # filter for syscall "write" (4) [priority: 65532] + if ($syscall == 4) + if ($a0 == 0) + else + if ($a1 > 1) + else + if ($a2 >= 2) + else + action TRAP; + # filter for syscall "read" (3) [priority: 65531] + if ($syscall == 3) + if ($a0 == 0) + if ($a1 >= 1) + if ($a2 > 2) + if ($a3 & 0x0000000f == 3) + action KILL; + # default action + action ALLOW; +# invalid architecture action +action KILL; +# +# pseudo filter code end +# diff -Nru libseccomp-2.3.1/tests/38-basic-pfc_coverage.sh libseccomp-2.4.1/tests/38-basic-pfc_coverage.sh --- libseccomp-2.3.1/tests/38-basic-pfc_coverage.sh 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/38-basic-pfc_coverage.sh 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,46 @@ +#!/bin/bash + +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +#### +# functions + +# +# Dependency check +# +# Arguments: +# 1 Dependency to check for +# +function check_deps() { + [[ -z "$1" ]] && return + which "$1" >& /dev/null + return $? +} + +# +# Dependency verification +# +# Arguments: +# 1 Dependency to check for +# +function verify_deps() { + [[ -z "$1" ]] && return + if ! check_deps "$1"; then + echo "error: install \"$1\" and include it in your \$PATH" + exit 1 + fi +} + +#### +# functions + +verify_deps diff + +# compare output to the known good output, fail if different +./38-basic-pfc_coverage | \ + diff -q ${srcdir:=.}/38-basic-pfc_coverage.pfc - > /dev/null diff -Nru libseccomp-2.3.1/tests/38-basic-pfc_coverage.tests libseccomp-2.4.1/tests/38-basic-pfc_coverage.tests --- libseccomp-2.3.1/tests/38-basic-pfc_coverage.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/38-basic-pfc_coverage.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,11 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: basic + +# Test command +38-basic-pfc_coverage.sh diff -Nru libseccomp-2.3.1/tests/39-basic-api_level.c libseccomp-2.4.1/tests/39-basic-api_level.c --- libseccomp-2.3.1/tests/39-basic-api_level.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/39-basic-api_level.c 2019-04-16 16:19:07.611268798 +0000 @@ -0,0 +1,67 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +int main(int argc, char *argv[]) +{ + int rc; + unsigned int api; + + api = seccomp_api_get(); + if (api < 1) + return -1; + + rc = seccomp_api_set(1); + if (rc != 0) + return -2; + api = seccomp_api_get(); + if (api != 1) + return -3; + + rc = seccomp_api_set(2); + if (rc != 0) + return -4; + api = seccomp_api_get(); + if (api != 2) + return -5; + + rc = seccomp_api_set(3); + if (rc != 0) + return -6; + api = seccomp_api_get(); + if (api != 3) + return -7; + + /* Attempt to set a high, invalid API level */ + rc = seccomp_api_set(1024); + if (rc != -EINVAL) + return -8; + /* Ensure that the previously set API level didn't change */ + api = seccomp_api_get(); + if (api != 3) + return -9; + + return 0; +} diff -Nru libseccomp-2.3.1/tests/39-basic-api_level.py libseccomp-2.4.1/tests/39-basic-api_level.py --- libseccomp-2.3.1/tests/39-basic-api_level.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/39-basic-api_level.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,68 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2016 Red Hat +# Copyright (c) 2017 Canonical Ltd. +# Authors: Paul Moore +# Tyler Hicks +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(): + api = get_api() + if (api < 1): + raise RuntimeError("Failed getting initial API level") + + set_api(1) + api = get_api() + if api != 1: + raise RuntimeError("Failed getting API level 1") + + set_api(2) + api = get_api() + if api != 2: + raise RuntimeError("Failed getting API level 2") + + set_api(3) + api = get_api() + if api != 3: + raise RuntimeError("Failed getting API level 3") + + # Attempt to set a high, invalid API level + try: + set_api(1024) + except ValueError: + pass + else: + raise RuntimeError("Missing failure when setting invalid API level") + # Ensure that the previously set API level didn't change + api = get_api() + if api != 3: + raise RuntimeError("Failed getting old API level after setting an invalid API level") + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/39-basic-api_level.tests libseccomp-2.4.1/tests/39-basic-api_level.tests --- libseccomp-2.3.1/tests/39-basic-api_level.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/39-basic-api_level.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,11 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: basic + +# Test command +39-basic-api_level diff -Nru libseccomp-2.3.1/tests/40-sim-log.c libseccomp-2.4.1/tests/40-sim-log.c --- libseccomp-2.3.1/tests/40-sim-log.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/40-sim-log.c 2019-04-16 16:19:07.621268850 +0000 @@ -0,0 +1,59 @@ +/** + * Seccomp Library test program + * + * Originally 01-sim-allow.c but updated to use SCMP_ACT_LOG. + * + * Copyright (c) 2012 Red Hat + * Author: Paul Moore + * + * Copyright (c) 2017 Canonical Ltd. + * Author: Tyler Hicks + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + rc = seccomp_api_set(3); + if (rc != 0) + return EOPNOTSUPP; + + ctx = seccomp_init(SCMP_ACT_LOG); + if (ctx == NULL) + return ENOMEM; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/40-sim-log.py libseccomp-2.4.1/tests/40-sim-log.py --- libseccomp-2.3.1/tests/40-sim-log.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/40-sim-log.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,47 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Originally 01-sim-allow.py but updated to use LOG. +# +# Copyright (c) 2012 Red Hat +# Author: Paul Moore +# +# Copyright (c) 2017 Canonical Ltd. +# Author: Tyler Hicks +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + set_api(3) + + f = SyscallFilter(LOG) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/40-sim-log.tests libseccomp-2.4.1/tests/40-sim-log.tests --- libseccomp-2.3.1/tests/40-sim-log.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/40-sim-log.tests 2019-03-04 23:18:55.208791517 +0000 @@ -0,0 +1,21 @@ +# +# libseccomp regression test automation data +# +# Copyright Canonical Ltd. 2017 +# Author: Tyler Hicks +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +40-sim-log all,-x32 0-350 N N N N N N LOG + +test type: bpf-sim-fuzz + +# Testname StressCount +40-sim-log 50 + +test type: bpf-valgrind + +# Testname +40-sim-log diff -Nru libseccomp-2.3.1/tests/41-sim-syscall_priority_arch.c libseccomp-2.4.1/tests/41-sim-syscall_priority_arch.c --- libseccomp-2.3.1/tests/41-sim-syscall_priority_arch.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/41-sim-syscall_priority_arch.c 2019-04-16 16:19:07.627935552 +0000 @@ -0,0 +1,63 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + + rc = seccomp_syscall_priority(ctx, SCMP_SYS(socket), 128); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/41-sim-syscall_priority_arch.py libseccomp-2.4.1/tests/41-sim-syscall_priority_arch.py --- libseccomp-2.3.1/tests/41-sim-syscall_priority_arch.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/41-sim-syscall_priority_arch.py 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,44 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.remove_arch(Arch()) + f.add_arch(Arch("x86")) + f.syscall_priority("socket", 128) + f.add_rule_exactly(ALLOW, "socket") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/41-sim-syscall_priority_arch.tests libseccomp-2.4.1/tests/41-sim-syscall_priority_arch.tests --- libseccomp-2.3.1/tests/41-sim-syscall_priority_arch.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/41-sim-syscall_priority_arch.tests 2018-12-03 23:53:10.207309186 +0000 @@ -0,0 +1,19 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +41-sim-syscall_priority_arch +x86 102 1 N N N N N ALLOW +41-sim-syscall_priority_arch +x86 102 18 N N N N N KILL +41-sim-syscall_priority_arch +x86 359 N N N N N N ALLOW +41-sim-syscall_priority_arch +x86 364 N N N N N N KILL + +test type: bpf-valgrind + +# Testname +41-sim-syscall_priority_arch diff -Nru libseccomp-2.3.1/tests/42-sim-adv_chains.c libseccomp-2.4.1/tests/42-sim-adv_chains.c --- libseccomp-2.3.1/tests/42-sim-adv_chains.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/42-sim-adv_chains.c 2019-04-16 16:19:07.637935603 +0000 @@ -0,0 +1,198 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2017 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1001, 2, + SCMP_A0(SCMP_CMP_EQ, 1), + SCMP_A1(SCMP_CMP_EQ, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1001, 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1002, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_TRAP, 1002, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != -EEXIST) { + rc = EEXIST; + goto out; + } + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1003, 1, + SCMP_A0(SCMP_CMP_NE, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_TRAP, 1003, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_TRAP, 1004, 1, + SCMP_A0(SCMP_CMP_NE, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 1, + SCMP_A0(SCMP_CMP_NE, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 2, + SCMP_A0(SCMP_CMP_EQ, 1), + SCMP_A1(SCMP_CMP_EQ, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 2, + SCMP_A0(SCMP_CMP_EQ, 1), + SCMP_A1(SCMP_CMP_EQ, 2)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 2, + SCMP_A0(SCMP_CMP_NE, 1), + SCMP_A1(SCMP_CMP_NE, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 3, + SCMP_A0(SCMP_CMP_NE, 1), + SCMP_A1(SCMP_CMP_NE, 2), + SCMP_A2(SCMP_CMP_NE, 3)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1009, 2, + SCMP_A0(SCMP_CMP_EQ, 1), + SCMP_A1(SCMP_CMP_NE, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1009, 1, + SCMP_A0(SCMP_CMP_NE, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1010, 2, + SCMP_A0(SCMP_CMP_NE, 1), + SCMP_A1(SCMP_CMP_EQ, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1010, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1011, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1011, 2, + SCMP_A0(SCMP_CMP_NE, 1), + SCMP_A2(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1012, 1, + SCMP_A0(SCMP_CMP_MASKED_EQ, 0x0000, 1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1013, 2, + SCMP_A0(SCMP_CMP_NE, 1), + SCMP_A1(SCMP_CMP_NE, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1013, 2, + SCMP_A0(SCMP_CMP_LT, 1), + SCMP_A1(SCMP_CMP_NE, 2)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1014, 2, + SCMP_A3(SCMP_CMP_GE, 1), + SCMP_A4(SCMP_CMP_GE, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1014, 2, + SCMP_A0(SCMP_CMP_NE, 1), + SCMP_A1(SCMP_CMP_NE, 2)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1015, 2, + SCMP_A0(SCMP_CMP_EQ, 4), + SCMP_A1(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1015, 2, + SCMP_A0(SCMP_CMP_EQ, 4), + SCMP_A1(SCMP_CMP_NE, 1)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/42-sim-adv_chains.py libseccomp-2.4.1/tests/42-sim-adv_chains.py --- libseccomp-2.3.1/tests/42-sim-adv_chains.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/42-sim-adv_chains.py 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,128 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + + f.add_rule_exactly(ALLOW, 1001, + Arg(0, EQ, 1), + Arg(1, EQ, 2)) + f.add_rule_exactly(ALLOW, 1001) + + f.add_rule_exactly(ALLOW, 1002, + Arg(0, EQ, 1)) + f.add_rule_exactly(ALLOW, 1002, + Arg(0, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1003, + Arg(0, NE, 1)) + f.add_rule_exactly(TRAP, 1003, + Arg(0, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1004, + Arg(0, EQ, 1)) + f.add_rule_exactly(TRAP, 1004, + Arg(0, NE, 1)) + + f.add_rule_exactly(ALLOW, 1005, + Arg(0, EQ, 1)) + f.add_rule_exactly(ALLOW, 1005, + Arg(0, NE, 1)) + + f.add_rule_exactly(ALLOW, 1006, + Arg(0, EQ, 1), + Arg(1, EQ, 2)) + f.add_rule_exactly(ALLOW, 1006, + Arg(0, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1007, + Arg(0, EQ, 1)) + f.add_rule_exactly(ALLOW, 1007, + Arg(0, EQ, 1), + Arg(1, EQ, 2)) + + f.add_rule_exactly(ALLOW, 1008, + Arg(0, NE, 1), + Arg(1, NE, 2)) + f.add_rule_exactly(ALLOW, 1008, + Arg(0, NE, 1), + Arg(1, NE, 2), + Arg(2, NE, 3)) + + f.add_rule_exactly(ALLOW, 1009, + Arg(0, EQ, 1), + Arg(1, NE, 2)) + f.add_rule_exactly(ALLOW, 1009, + Arg(0, NE, 1)) + + f.add_rule_exactly(ALLOW, 1010, + Arg(0, NE, 1), + Arg(1, EQ, 2)) + f.add_rule_exactly(ALLOW, 1010, + Arg(0, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1011, + Arg(0, EQ, 1)) + f.add_rule_exactly(ALLOW, 1011, + Arg(0, NE, 1), + Arg(2, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1012, + Arg(0, MASKED_EQ, 0x0000, 1)) + + f.add_rule_exactly(ALLOW, 1013, + Arg(0, NE, 1), + Arg(2, NE, 2)) + f.add_rule_exactly(ALLOW, 1013, + Arg(0, LT, 1), + Arg(2, NE, 2)) + + f.add_rule_exactly(ALLOW, 1014, + Arg(3, GE, 1), + Arg(4, GE, 2)) + f.add_rule_exactly(ALLOW, 1014, + Arg(0, NE, 1), + Arg(1, NE, 2)) + + f.add_rule_exactly(ALLOW, 1015, + Arg(0, EQ, 4), + Arg(1, EQ, 1)) + f.add_rule_exactly(ALLOW, 1015, + Arg(0, EQ, 4), + Arg(1, NE, 1)) + + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/42-sim-adv_chains.tests libseccomp-2.4.1/tests/42-sim-adv_chains.tests --- libseccomp-2.3.1/tests/42-sim-adv_chains.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/42-sim-adv_chains.tests 2019-03-04 23:18:55.208791517 +0000 @@ -0,0 +1,54 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2017 Red Hat +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +42-sim-adv_chains all,-x32 1000 N N N N N N KILL +42-sim-adv_chains all,-x32 1001 N N N N N N ALLOW +42-sim-adv_chains all,-x32 1002 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1003 N N N N N N ALLOW +42-sim-adv_chains all,-x32 1003 1 N N N N N TRAP +42-sim-adv_chains all,-x32 1003 2 N N N N N ALLOW +42-sim-adv_chains all,-x32 1004 N N N N N N TRAP +42-sim-adv_chains all,-x32 1004 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1004 2 N N N N N TRAP +42-sim-adv_chains all,-x32 1005 N N N N N N ALLOW +42-sim-adv_chains all,-x32 1005 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1005 2 N N N N N ALLOW +42-sim-adv_chains all,-x32 1006 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1007 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1008 2 3 N N N N ALLOW +42-sim-adv_chains all,-x32 1008 2 3 3 N N N ALLOW +42-sim-adv_chains all,-x32 1008 2 3 4 N N N ALLOW +42-sim-adv_chains all,-x32 1009 N N N N N N ALLOW +42-sim-adv_chains all,-x32 1009 2 N N N N N ALLOW +42-sim-adv_chains all,-x32 1009 1 3 N N N N ALLOW +42-sim-adv_chains all,-x32 1010 N N N N N N KILL +42-sim-adv_chains all,-x32 1010 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1010 2 2 N N N N ALLOW +42-sim-adv_chains all,-x32 1011 1 N N N N N ALLOW +42-sim-adv_chains all,-x32 1011 2 4 1 N N N ALLOW +42-sim-adv_chains all,-x32 1012 8 N N N N N ALLOW +42-sim-adv_chains all,-x32 1013 2 3 N N N N ALLOW +42-sim-adv_chains all,-x32 1013 0 4 N N N N ALLOW +42-sim-adv_chains all,-x32 1014 0 0 2 3 N N ALLOW +42-sim-adv_chains all,-x32 1014 2 3 1 2 N N ALLOW +42-sim-adv_chains all,-x32 1015 1 N N N N N KILL +42-sim-adv_chains all,-x32 1015 4 N N N N N ALLOW +42-sim-adv_chains all,-x32 1015 4 1 N N N N ALLOW +42-sim-adv_chains all,-x32 1015 4 2 N N N N ALLOW + +test type: bpf-sim-fuzz + +# Testname StressCount +42-sim-adv_chains 50 + +test type: bpf-valgrind + +# Testname +42-sim-adv_chains diff -Nru libseccomp-2.3.1/tests/43-sim-a2_order.c libseccomp-2.4.1/tests/43-sim-a2_order.c --- libseccomp-2.3.1/tests/43-sim-a2_order.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/43-sim-a2_order.c 2019-04-16 16:19:07.644602305 +0000 @@ -0,0 +1,132 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Author: Tom Hromatka + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + /* note - a "hole" was intentionally left between 64 and 128. + * reads of this size should fall through to the default action - + * SCMP_ACT_KILL in this test's case. + */ + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_LE, 64)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(5), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 128)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(6), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 256)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(7), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 512)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(8), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 1024)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(9), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 2048)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(10), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 4096)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(11), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 8192)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(12), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 16384)); + if (rc != 0) + goto out; + + /* note - a "hole" was intentionally left between 16384 and 32768. + * writes of this size should fall through to the default action - + * SCMP_ACT_KILL in this test's case. + */ + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_GE, 32768)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(5), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 128)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(6), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 256)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(7), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 512)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(8), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 1024)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(9), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 2048)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(10), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 4096)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(11), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 8192)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(12), SCMP_SYS(write), 1, + SCMP_A2(SCMP_CMP_LT, 16384)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/43-sim-a2_order.py libseccomp-2.4.1/tests/43-sim-a2_order.py --- libseccomp-2.3.1/tests/43-sim-a2_order.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/43-sim-a2_order.py 2019-03-14 13:51:38.442846684 +0000 @@ -0,0 +1,62 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import errno +import sys + +import util + +from seccomp import * + +def test(args): + set_api(3) + + f = SyscallFilter(KILL) + f.add_rule(ALLOW, "read", Arg(2, LE, 64)) + f.add_rule(ERRNO(5), "read", Arg(2, GT, 128)) + f.add_rule(ERRNO(6), "read", Arg(2, GT, 256)) + f.add_rule(ERRNO(7), "read", Arg(2, GT, 512)) + f.add_rule(ERRNO(8), "read", Arg(2, GT, 1024)) + f.add_rule(ERRNO(9), "read", Arg(2, GT, 2048)) + f.add_rule(ERRNO(10), "read", Arg(2, GT, 4096)) + f.add_rule(ERRNO(11), "read", Arg(2, GT, 8192)) + f.add_rule(ERRNO(12), "read", Arg(2, GT, 16384)) + f.add_rule(ALLOW, "write", Arg(2, GE, 32768)) + f.add_rule(ERRNO(5), "write", Arg(2, LT, 128)) + f.add_rule(ERRNO(6), "write", Arg(2, LT, 256)) + f.add_rule(ERRNO(7), "write", Arg(2, LT, 512)) + f.add_rule(ERRNO(8), "write", Arg(2, LT, 1024)) + f.add_rule(ERRNO(9), "write", Arg(2, LT, 2048)) + f.add_rule(ERRNO(10), "write", Arg(2, LT, 4096)) + f.add_rule(ERRNO(11), "write", Arg(2, LT, 8192)) + f.add_rule(ERRNO(12), "write", Arg(2, LT, 16384)) + + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/43-sim-a2_order.tests libseccomp-2.4.1/tests/43-sim-a2_order.tests --- libseccomp-2.3.1/tests/43-sim-a2_order.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/43-sim-a2_order.tests 2019-03-14 13:51:38.442846684 +0000 @@ -0,0 +1,55 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +43-sim-a2_order all read 4 0x856B008 30 N N N ALLOW +43-sim-a2_order all read 4 0x856B008 64 N N N ALLOW +43-sim-a2_order all read 4 0x856B008 65 N N N KILL +43-sim-a2_order all read 4 0x856B008 128 N N N KILL +43-sim-a2_order all read 4 0x856B008 129 N N N ERRNO(5) +43-sim-a2_order all read 4 0x856B008 250 N N N ERRNO(5) +43-sim-a2_order all read 4 0x856B008 256 N N N ERRNO(5) +43-sim-a2_order all read 4 0x856B008 257 N N N ERRNO(6) +43-sim-a2_order all read 4 0x856B008 512 N N N ERRNO(6) +43-sim-a2_order all read 4 0x856B008 513 N N N ERRNO(7) +43-sim-a2_order all read 4 0x856B008 1024 N N N ERRNO(7) +43-sim-a2_order all read 4 0x856B008 1025 N N N ERRNO(8) +43-sim-a2_order all read 4 0x856B008 2048 N N N ERRNO(8) +43-sim-a2_order all read 4 0x856B008 2049 N N N ERRNO(9) +43-sim-a2_order all read 4 0x856B008 4096 N N N ERRNO(9) +43-sim-a2_order all read 4 0x856B008 4097 N N N ERRNO(10) +43-sim-a2_order all read 4 0x856B008 8192 N N N ERRNO(10) +43-sim-a2_order all read 4 0x856B008 8193 N N N ERRNO(11) +43-sim-a2_order all read 4 0x856B008 16384 N N N ERRNO(11) +43-sim-a2_order all read 4 0x856B008 16385 N N N ERRNO(12) +43-sim-a2_order all write 4 0x856B008 65 N N N ERRNO(5) +43-sim-a2_order all write 4 0x856B008 128 N N N ERRNO(6) +43-sim-a2_order all write 4 0x856B008 129 N N N ERRNO(6) +43-sim-a2_order all write 4 0x856B008 250 N N N ERRNO(6) +43-sim-a2_order all write 4 0x856B008 256 N N N ERRNO(7) +43-sim-a2_order all write 4 0x856B008 257 N N N ERRNO(7) +43-sim-a2_order all write 4 0x856B008 512 N N N ERRNO(8) +43-sim-a2_order all write 4 0x856B008 513 N N N ERRNO(8) +43-sim-a2_order all write 4 0x856B008 1024 N N N ERRNO(9) +43-sim-a2_order all write 4 0x856B008 1025 N N N ERRNO(9) +43-sim-a2_order all write 4 0x856B008 2048 N N N ERRNO(10) +43-sim-a2_order all write 4 0x856B008 2049 N N N ERRNO(10) +43-sim-a2_order all write 4 0x856B008 4096 N N N ERRNO(11) +43-sim-a2_order all write 4 0x856B008 4097 N N N ERRNO(11) +43-sim-a2_order all write 4 0x856B008 8192 N N N ERRNO(12) +43-sim-a2_order all write 4 0x856B008 8193 N N N ERRNO(12) +43-sim-a2_order all write 4 0x856B008 16384 N N N KILL +43-sim-a2_order all write 4 0x856B008 16385 N N N KILL +43-sim-a2_order all write 4 0x856B008 32768 N N N ALLOW + +# Testname StressCount +test type: bpf-valgrind + +# Testname +43-sim-a2_order diff -Nru libseccomp-2.3.1/tests/44-live-a2_order.c libseccomp-2.4.1/tests/44-live-a2_order.c --- libseccomp-2.3.1/tests/44-live-a2_order.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/44-live-a2_order.c 2019-04-16 16:19:07.654602357 +0000 @@ -0,0 +1,178 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Author: Tom Hromatka + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "util.h" + +#define DEFAULT_ACTION_ERRNO 100 +#define DEFAULT_ACTION SCMP_ACT_ERRNO(DEFAULT_ACTION_ERRNO) + +struct size_and_rc { + int size; + int expected_rc; +}; + +static const struct size_and_rc test_cases[] = { + {1, 1}, + {10, 10}, + {50, 50}, + {100, -DEFAULT_ACTION_ERRNO}, + {200, -5}, + {256, -5}, + {257, -6}, + {400, -6}, + {800, -7}, + {1600, -8}, + {3200, -9}, + {4095, -9}, + {4096, -9}, + {4097, -10}, + {8000, -10}, + {8192, -10}, + {16383, -11}, + {16384, -11}, + {16385, -12}, + {35000, -12}, +}; + +static int do_read(int sz, int expected_rc) +{ + char *buf = NULL; + int rc = -1000, zero_fd = -1; + + zero_fd = open("/dev/zero", O_RDONLY); + if (zero_fd <= 0) + goto error; + + buf = malloc(sz); + if (buf == NULL) + goto error; + + rc = read(zero_fd, buf, sz); + if(rc < 0) { + if (expected_rc == -errno) + rc = 0; + } else { + if (rc == expected_rc) + rc = 0; + } + +error: + if (zero_fd >= 0) + close(zero_fd); + if (buf) + free(buf); + return rc; +} + +int main(int argc, char *argv[]) +{ + int rc, i; + scmp_filter_ctx ctx = NULL; + + ctx = seccomp_init(DEFAULT_ACTION); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_LE, 64)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(5), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 128)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(6), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 256)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(7), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 512)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(8), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 1024)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(9), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 2048)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(10), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 4096)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(11), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 8192)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(12), SCMP_SYS(read), 1, + SCMP_A2(SCMP_CMP_GT, 16384)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0); + if (rc != 0) + goto out; + + rc = seccomp_load(ctx); + if (rc != 0) + goto out; + + for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { + rc = do_read(test_cases[i].size, + test_cases[i].expected_rc); + if (rc < 0) + goto out; + } + + rc = 160; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/44-live-a2_order.py libseccomp-2.4.1/tests/44-live-a2_order.py --- libseccomp-2.3.1/tests/44-live-a2_order.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/44-live-a2_order.py 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,107 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import os +import sys + +import util + +from seccomp import * + +DEFAULT_ACTION_ERRNO = 100 +DEFAULT_ACTION = ERRNO(DEFAULT_ACTION_ERRNO) + +test_cases = [ + {'sz': 1, 'exp_rc': 1}, + {'sz': 10, 'exp_rc': 10}, + {'sz': 50, 'exp_rc': 50}, + {'sz': 100, 'exp_rc': -DEFAULT_ACTION_ERRNO}, + {'sz': 200, 'exp_rc': -5}, + {'sz': 256, 'exp_rc': -5}, + {'sz': 257, 'exp_rc': -6}, + {'sz': 400, 'exp_rc': -6}, + {'sz': 800, 'exp_rc': -7}, + {'sz': 1600, 'exp_rc': -8}, + {'sz': 3200, 'exp_rc': -9}, + {'sz': 4095, 'exp_rc': -9}, + {'sz': 4096, 'exp_rc': -9}, + {'sz': 4097, 'exp_rc': -10}, + {'sz': 8000, 'exp_rc': -10}, + {'sz': 8192, 'exp_rc': -10}, + {'sz': 16383, 'exp_rc': -11}, + {'sz': 16384, 'exp_rc': -11}, + {'sz': 16385, 'exp_rc': -12}, + {'sz': 35000, 'exp_rc': -12}, +] + +def do_read(): + fd = os.open("/dev/zero", os.O_RDONLY) + for x in test_cases: + try: + os.read(fd, x['sz']) + if x['exp_rc'] < 0: + os.close(fd) + raise IOError("Erroneously read %d bytes. Expected rc = %d" % + (x['sz'], x['exp_rc'])) + except OSError as ex: + if -ex.errno != x['exp_rc']: + os.close(fd) + raise IOError("Expected errno %d but os.read(%d bytes) caused errno %d" % + (-x['exp_rc'], x['sz'], ex.errno)) + os.close(fd) + +def test(): + f = SyscallFilter(DEFAULT_ACTION) + f.add_rule(ALLOW, "read", Arg(2, LE, 64)) + f.add_rule(ERRNO(5), "read", Arg(2, GT, 128)) + f.add_rule(ERRNO(6), "read", Arg(2, GT, 256)) + f.add_rule(ERRNO(7), "read", Arg(2, GT, 512)) + f.add_rule(ERRNO(8), "read", Arg(2, GT, 1024)) + f.add_rule(ERRNO(9), "read", Arg(2, GT, 2048)) + f.add_rule(ERRNO(10), "read", Arg(2, GT, 4096)) + f.add_rule(ERRNO(11), "read", Arg(2, GT, 8192)) + f.add_rule(ERRNO(12), "read", Arg(2, GT, 16384)) + # NOTE: additional syscalls required for python + f.add_rule(ALLOW, "close") + f.add_rule(ALLOW, "rt_sigaction") + f.add_rule(ALLOW, "rt_sigreturn") + f.add_rule(ALLOW, "sigaltstack") + f.add_rule(ALLOW, "exit_group") + f.add_rule(ALLOW, "exit") + f.add_rule(ALLOW, "brk") + f.add_rule(ALLOW, "open") + f.add_rule(ALLOW, "openat") + f.add_rule(ALLOW, "stat") + f.add_rule(ALLOW, "write") + f.load() + + do_read() + + # all reads behaved as expected + quit(160) + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/44-live-a2_order.tests libseccomp-2.4.1/tests/44-live-a2_order.tests --- libseccomp-2.3.1/tests/44-live-a2_order.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/44-live-a2_order.tests 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,11 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +test type: live + +# Testname API Result +44-live-a2_order 1 ALLOW diff -Nru libseccomp-2.3.1/tests/45-sim-chain_code_coverage.c libseccomp-2.4.1/tests/45-sim-chain_code_coverage.c --- libseccomp-2.3.1/tests/45-sim-chain_code_coverage.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/45-sim-chain_code_coverage.c 2019-04-16 16:19:07.664602409 +0000 @@ -0,0 +1,108 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Author: Tom Hromatka + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + /* the syscall and argument numbers are all fake to make the test + * simpler */ + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 1, + SCMP_A0(SCMP_CMP_GE, 1)); + if (rc != 0) + goto out; + + /* db_chain_lt() path #1 - due to "A1" > "A0" */ + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 1, + SCMP_A1(SCMP_CMP_GE, 2)); + if (rc != 0) + goto out; + + /* db_chain_lt() path #2 - due to "GT" > "GE" */ + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 1, + SCMP_A0(SCMP_CMP_GT, 3)); + if (rc != 0) + goto out; + + /* db_chain_lt() path #3 - due to the second mask (0xff) being greater + * than the first (0xf) */ + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, 0xf, 4)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, 0xff, 5)); + if (rc != 0) + goto out; + + /* db_chain_lt() path #4 - due to datum (6) > previous datum (5) */ + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, 0xff, 6)); + if (rc != 0) + goto out; + + /* attempt to hit some of the lvl_prv and lvl_nxt code in db.c */ + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 5, + SCMP_A0(SCMP_CMP_NE, 7), + SCMP_A1(SCMP_CMP_LT, 8), + SCMP_A2(SCMP_CMP_EQ, 9), + SCMP_A3(SCMP_CMP_GE, 10), + SCMP_A4(SCMP_CMP_GT, 11), + SCMP_A5(SCMP_CMP_MASKED_EQ, 0xffff, 12)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1008, 5, + SCMP_A0(SCMP_CMP_NE, 7), + SCMP_A1(SCMP_CMP_LT, 8), + SCMP_A2(SCMP_CMP_EQ, 9), + SCMP_A3(SCMP_CMP_GE, 10), + SCMP_A4(SCMP_CMP_GT, 11), + SCMP_A5(SCMP_CMP_MASKED_EQ, 0xffff, 13)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/45-sim-chain_code_coverage.py libseccomp-2.4.1/tests/45-sim-chain_code_coverage.py --- libseccomp-2.3.1/tests/45-sim-chain_code_coverage.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/45-sim-chain_code_coverage.py 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # the syscall and argument numbers are all fake to make the test simpler + f.add_rule_exactly(ALLOW, 1008, Arg(0, GE, 1)) + f.add_rule_exactly(ALLOW, 1008, Arg(1, GE, 2)) + f.add_rule_exactly(ALLOW, 1008, Arg(0, GT, 3)) + f.add_rule_exactly(ALLOW, 1008, Arg(2, MASKED_EQ, 0xf, 4)) + f.add_rule_exactly(ALLOW, 1008, Arg(2, MASKED_EQ, 0xff, 5)) + f.add_rule_exactly(ALLOW, 1008, Arg(2, MASKED_EQ, 0xff, 6)) + + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/45-sim-chain_code_coverage.tests libseccomp-2.4.1/tests/45-sim-chain_code_coverage.tests --- libseccomp-2.3.1/tests/45-sim-chain_code_coverage.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/45-sim-chain_code_coverage.tests 2019-03-04 23:18:55.208791517 +0000 @@ -0,0 +1,16 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +45-sim-chain_code_coverage all,-x32 1008 1 1 1 1 1 1 ALLOW +45-sim-chain_code_coverage all,-x32 1008 1 2 1 1 1 1 ALLOW +45-sim-chain_code_coverage all,-x32 1008 4 1 1 1 1 1 ALLOW +45-sim-chain_code_coverage all,-x32 1008 1 1 0x14 1 1 1 ALLOW +45-sim-chain_code_coverage all,-x32 1008 4 1 0x15 1 1 1 ALLOW +45-sim-chain_code_coverage all,-x32 1008 4 1 0x106 1 1 1 ALLOW diff -Nru libseccomp-2.3.1/tests/46-sim-kill_process.c libseccomp-2.4.1/tests/46-sim-kill_process.c --- libseccomp-2.3.1/tests/46-sim-kill_process.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/46-sim-kill_process.c 2019-04-16 16:19:07.674602461 +0000 @@ -0,0 +1,78 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Author: Tom Hromatka + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + rc = seccomp_api_set(3); + if (rc != 0) + return -rc; + + ctx = seccomp_init(SCMP_ACT_KILL_PROCESS); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(5), SCMP_SYS(write), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_THREAD, SCMP_SYS(open), 0); + if (rc != 0) + goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(6), SCMP_SYS(close), 1, + SCMP_A0(SCMP_CMP_GT, 100)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/46-sim-kill_process.py libseccomp-2.4.1/tests/46-sim-kill_process.py --- libseccomp-2.3.1/tests/46-sim-kill_process.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/46-sim-kill_process.py 2019-03-04 19:55:30.873309051 +0000 @@ -0,0 +1,47 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + set_api(3) + f = SyscallFilter(KILL_PROCESS) + f.remove_arch(Arch()) + f.add_arch(Arch("x86_64")) + f.add_rule_exactly(ALLOW, "read") + f.add_rule_exactly(ERRNO(5), "write") + f.add_rule_exactly(KILL, "open") + f.add_rule_exactly(ERRNO(6), "close", Arg(0, GT, 100)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/46-sim-kill_process.tests libseccomp-2.4.1/tests/46-sim-kill_process.tests --- libseccomp-2.3.1/tests/46-sim-kill_process.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/46-sim-kill_process.tests 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,16 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +46-sim-kill_process +x86_64 0 N N N N N N ALLOW +46-sim-kill_process +x86_64 1 N N N N N N ERRNO(5) +46-sim-kill_process +x86_64 2 N N N N N N KILL +46-sim-kill_process +x86_64 3 100 N N N N N KILL_PROCESS +46-sim-kill_process +x86_64 3 101 N N N N N ERRNO(6) +46-sim-kill_process +x86_64 4 N N N N N N KILL_PROCESS diff -Nru libseccomp-2.3.1/tests/47-live-kill_process.c libseccomp-2.4.1/tests/47-live-kill_process.c --- libseccomp-2.3.1/tests/47-live-kill_process.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/47-live-kill_process.c 2019-04-16 16:19:07.681269162 +0000 @@ -0,0 +1,102 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Author: Tom Hromatka + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include + +#include "util.h" + + +static const unsigned int whitelist[] = { + SCMP_SYS(clone), + SCMP_SYS(exit), + SCMP_SYS(exit_group), + SCMP_SYS(futex), + SCMP_SYS(madvise), + SCMP_SYS(mmap), + SCMP_SYS(mprotect), + SCMP_SYS(munmap), + SCMP_SYS(nanosleep), + SCMP_SYS(set_robust_list), +}; + +/** + * Child thread created via pthread_create() + * + * This thread will call a disallowed syscall. It should + * cause the entire program to die (and not just this + * thread.) + */ +void *child_start(void *param) +{ + int fd; + + /* make a disallowed syscall */ + fd = open("/dev/null", O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); + /* we should never get here. seccomp should kill the entire + * process when open() is called. */ + if (fd >= 0) + close(fd); + + return NULL; +} + +int main(int argc, char *argv[]) +{ + int rc, i; + scmp_filter_ctx ctx = NULL; + pthread_t child_thread; + + ctx = seccomp_init(SCMP_ACT_KILL_PROCESS); + if (ctx == NULL) + return ENOMEM; + + for (i = 0; i < sizeof(whitelist) / sizeof(whitelist[0]); i++) { + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, whitelist[i], 0); + if (rc != 0) + goto out; + } + + rc = seccomp_load(ctx); + if (rc != 0) + goto out; + + rc = pthread_create(&child_thread, NULL, child_start, NULL); + if (rc != 0) + goto out; + + /* sleep for a bit to ensure that the child thread has time to run */ + sleep(1); + + /* we should never get here! */ + rc = -EACCES; + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/47-live-kill_process.py libseccomp-2.4.1/tests/47-live-kill_process.py --- libseccomp-2.3.1/tests/47-live-kill_process.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/47-live-kill_process.py 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,68 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import os +import sys +import threading +import time + +import util + +from seccomp import * + +def child_start(param): + param = 1 + + try: + fd = os.open("/dev/null", os.O_WRONLY) + except IOError as ex: + param = ex.errno + quit(ex.errno) + +def test(): + f = SyscallFilter(KILL_PROCESS) + f.add_rule(ALLOW, "clone") + f.add_rule(ALLOW, "exit") + f.add_rule(ALLOW, "exit_group") + f.add_rule(ALLOW, "futex") + f.add_rule(ALLOW, "madvise") + f.add_rule(ALLOW, "mmap") + f.add_rule(ALLOW, "mprotect") + f.add_rule(ALLOW, "munmap") + f.add_rule(ALLOW, "nanosleep") + f.add_rule(ALLOW, "set_robust_list") + f.load() + + param = 0 + threading.Thread(target = child_start, args = (param, )) + thread.start() + + time.sleep(1) + + quit(-errno.EACCES) + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/47-live-kill_process.tests libseccomp-2.4.1/tests/47-live-kill_process.tests --- libseccomp-2.3.1/tests/47-live-kill_process.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/47-live-kill_process.tests 2018-12-03 23:53:10.210642538 +0000 @@ -0,0 +1,11 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +test type: live + +# Testname API Result +47-live-kill_process 3 KILL_PROCESS diff -Nru libseccomp-2.3.1/tests/48-sim-32b_args.c libseccomp-2.4.1/tests/48-sim-32b_args.c --- libseccomp-2.3.1/tests/48-sim-32b_args.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/48-sim-32b_args.c 2019-04-16 16:19:07.691269215 +0000 @@ -0,0 +1,84 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2019 Cisco Systems, Inc. + * Author: Paul Moore + * Additions: Michael Weiser + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + struct args { + uint32_t action; + int syscall; + struct scmp_arg_cmp cmp; + } *a, f[] = { + {SCMP_ACT_ALLOW, 2000, SCMP_A0(SCMP_CMP_EQ, -1)}, + {SCMP_ACT_ALLOW, 2064, SCMP_A0_64(SCMP_CMP_EQ, -1)}, + {SCMP_ACT_ALLOW, 2032, SCMP_A0_32(SCMP_CMP_EQ, -1)}, + {0}, + }; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 1, + SCMP_A0(SCMP_CMP_EQ, -1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1064, 1, + SCMP_A0_64(SCMP_CMP_EQ, -1)); + if (rc != 0) + goto out; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1032, 1, + SCMP_A0_32(SCMP_CMP_EQ, -1)); + if (rc != 0) + goto out; + + for (a = f; a->syscall != 0; a++) { + rc = seccomp_rule_add_exact(ctx, a->action, a->syscall, 1, + a->cmp); + if (rc != 0) + goto out; + } + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/48-sim-32b_args.py libseccomp-2.4.1/tests/48-sim-32b_args.py --- libseccomp-2.3.1/tests/48-sim-32b_args.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/48-sim-32b_args.py 2019-03-04 19:55:30.873309051 +0000 @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2019 Cisco Systems, Inc. +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # NOTE: this test is different from the native/c test as the bindings don't + # allow negative numbers (which is a good thing here) + f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 0xffffffffffffffff)) + f.add_rule_exactly(ALLOW, 1064, Arg(0, EQ, 0xffffffffffffffff)) + f.add_rule_exactly(ALLOW, 1032, Arg(0, EQ, 0xffffffff)) + # here we do not have static initializers to test but need to keep + # behaviour in sync with the native test + f.add_rule_exactly(ALLOW, 2000, Arg(0, EQ, 0xffffffffffffffff)) + f.add_rule_exactly(ALLOW, 2064, Arg(0, EQ, 0xffffffffffffffff)) + f.add_rule_exactly(ALLOW, 2032, Arg(0, EQ, 0xffffffff)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/48-sim-32b_args.tests libseccomp-2.4.1/tests/48-sim-32b_args.tests --- libseccomp-2.3.1/tests/48-sim-32b_args.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/48-sim-32b_args.tests 2019-03-04 23:18:55.208791517 +0000 @@ -0,0 +1,38 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2019 Cisco Systems, Inc. +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +48-sim-32b_args all_64 1000 0x0 N N N N N KILL +48-sim-32b_args all_64 1000 0xffffffff N N N N N KILL +48-sim-32b_args all_64 1000 0xffffffffffffffff N N N N N ALLOW +48-sim-32b_args all_64 1032 0x0 N N N N N KILL +48-sim-32b_args all_64 1032 0xffffffff N N N N N ALLOW +48-sim-32b_args all_64 1032 0xffffffffffffffff N N N N N KILL +48-sim-32b_args all_64 1064 0x0 N N N N N KILL +48-sim-32b_args all_64 1064 0xffffffff N N N N N KILL +48-sim-32b_args all_64 1064 0xffffffffffffffff N N N N N ALLOW +48-sim-32b_args all_64 2000 0x0 N N N N N KILL +48-sim-32b_args all_64 2000 0xffffffff N N N N N KILL +48-sim-32b_args all_64 2000 0xffffffffffffffff N N N N N ALLOW +48-sim-32b_args all_64 2032 0x0 N N N N N KILL +48-sim-32b_args all_64 2032 0xffffffff N N N N N ALLOW +48-sim-32b_args all_64 2032 0xffffffffffffffff N N N N N KILL +48-sim-32b_args all_64 2064 0x0 N N N N N KILL +48-sim-32b_args all_64 2064 0xffffffff N N N N N KILL +48-sim-32b_args all_64 2064 0xffffffffffffffff N N N N N ALLOW + +test type: bpf-sim-fuzz + +# Testname StressCount +48-sim-32b_args 50 + +test type: bpf-valgrind + +# Testname +48-sim-32b_args diff -Nru libseccomp-2.3.1/tests/49-sim-64b_comparisons.c libseccomp-2.4.1/tests/49-sim-64b_comparisons.c --- libseccomp-2.3.1/tests/49-sim-64b_comparisons.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/49-sim-64b_comparisons.c 2019-04-16 16:19:07.694602565 +0000 @@ -0,0 +1,56 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2019 Cisco Systems, Inc. + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + return ENOMEM; + + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 1, + SCMP_A0(SCMP_CMP_LT, 0x123456789abcUL)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/49-sim-64b_comparisons.py libseccomp-2.4.1/tests/49-sim-64b_comparisons.py --- libseccomp-2.3.1/tests/49-sim-64b_comparisons.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/49-sim-64b_comparisons.py 2019-03-14 13:51:37.609509369 +0000 @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2019 Cisco Systems, Inc. +# Author: Paul Moore +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import errno +import sys + +import util + +from seccomp import * + +def test(args): + set_api(3) + + f = SyscallFilter(KILL) + f.add_rule_exactly(ALLOW, 1000, Arg(0, LT, 0x123456789abc)) + + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/49-sim-64b_comparisons.tests libseccomp-2.4.1/tests/49-sim-64b_comparisons.tests --- libseccomp-2.3.1/tests/49-sim-64b_comparisons.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/49-sim-64b_comparisons.tests 2019-03-14 13:51:37.609509369 +0000 @@ -0,0 +1,25 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2019 Cisco Systems, Inc. +# Author: Paul Moore +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +49-sim-64b_comparisons all_64 1000 0x000000000000 N N N N N ALLOW +49-sim-64b_comparisons all_64 1000 0x123000000000 N N N N N ALLOW +49-sim-64b_comparisons all_64 1000 0x1230f0000000 N N N N N ALLOW +49-sim-64b_comparisons all_64 1000 0x123400000000 N N N N N ALLOW +49-sim-64b_comparisons all_64 1000 0x123450000000 N N N N N ALLOW +49-sim-64b_comparisons all_64 1000 0x123460000000 N N N N N KILL +49-sim-64b_comparisons all_64 1000 0x1234f0000000 N N N N N KILL +49-sim-64b_comparisons all_64 1000 0x123500000000 N N N N N KILL +49-sim-64b_comparisons all_64 1000 0x1235f0000000 N N N N N KILL +49-sim-64b_comparisons all_64 1000 0x123600000000 N N N N N KILL + +test type: bpf-valgrind + +# Testname +49-sim-64b_comparisons diff -Nru libseccomp-2.3.1/tests/50-sim-hash_collision.c libseccomp-2.4.1/tests/50-sim-hash_collision.c --- libseccomp-2.3.1/tests/50-sim-hash_collision.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/50-sim-hash_collision.c 2019-04-17 00:07:39.782935153 +0000 @@ -0,0 +1,98 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. + * Author: Tom Hromatka + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include + +#include + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + rc = seccomp_api_set(1); + if (rc != 0) + return -rc; + + ctx = seccomp_init(SCMP_ACT_ERRNO(100)); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + + /* libseccomp utilizes a hash table to manage BPF blocks. It + * currently employs MurmurHash3 where the key is the hashed values + * of the BPF instruction blocks, the accumulator start, and the + * accumulator end. Changes to the hash algorithm will likely affect + * this test. + */ + + /* The following rules were derived from an issue reported by Tor: + * https://github.com/seccomp/libseccomp/issues/148 + * + * In the steps below, syscall 1001 is configured similarly to how + * Tor configured socket. The fairly complex rules below led to + * a hash collision with rt_sigaction (syscall 1000) in this test. + */ + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, 1001, 3, + SCMP_A0(SCMP_CMP_EQ, 1), + SCMP_A1(SCMP_CMP_MASKED_EQ, 0xf, 2), + SCMP_A2(SCMP_CMP_EQ, 3)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, 1001, 2, + SCMP_A0(SCMP_CMP_EQ, 1), + SCMP_A1(SCMP_CMP_MASKED_EQ, 0xf, 1)); + if (rc != 0) + goto out; + + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, 1000, 1, + SCMP_A0(SCMP_CMP_EQ, 2)); + if (rc != 0) + goto out; + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, 1000, 1, + SCMP_A0(SCMP_CMP_EQ, 1)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff -Nru libseccomp-2.3.1/tests/50-sim-hash_collision.py libseccomp-2.4.1/tests/50-sim-hash_collision.py --- libseccomp-2.3.1/tests/50-sim-hash_collision.py 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/50-sim-hash_collision.py 2019-04-17 00:07:39.782935153 +0000 @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see . +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + set_api(1) + f = SyscallFilter(ERRNO(100)) + f.remove_arch(Arch()) + f.add_arch(Arch("x86_64")) + + # libseccomp utilizes a hash table to manage BPF blocks. It currently + # employs MurmurHash3 where the key is the hashed values of the BPF + # instruction blocks, the accumulator start, and the accumulator end. + # Changes to the hash algorithm will likely affect this test. + + # The following rules were derived from an issue reported by Tor: + # https://github.com/seccomp/libseccomp/issues/148 + # + # In the steps below, syscall 1001 is configured similarly to how + # Tor configured socket. The fairly complex rules below led to + # a hash collision with rt_sigaction (syscall 1000) in this test. + + f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 1), Arg(1, MASKED_EQ, 0xf, 2), + Arg(2, EQ, 3)) + f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 1), Arg(1, MASKED_EQ, 0xf, 1)) + f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 2)) + f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 1)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff -Nru libseccomp-2.3.1/tests/50-sim-hash_collision.tests libseccomp-2.4.1/tests/50-sim-hash_collision.tests --- libseccomp-2.3.1/tests/50-sim-hash_collision.tests 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tests/50-sim-hash_collision.tests 2019-04-17 20:39:54.385897572 +0000 @@ -0,0 +1,18 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. +# Author: Tom Hromatka +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +50-sim-hash_collision x86_64 1000 1 N N N N N ALLOW +50-sim-hash_collision x86_64 1000 2 N N N N N ALLOW +50-sim-hash_collision x86_64 1000 3 N N N N N ERRNO(100) +50-sim-hash_collision x86_64 1001 1 2 3 N N N ALLOW +50-sim-hash_collision x86_64 1001 1 1 N N N N ALLOW +50-sim-hash_collision x86_64 1001 2 N N N N N ERRNO(100) +50-sim-hash_collision x86_64 1001 1 3 N N N N ERRNO(100) +50-sim-hash_collision x86_64 1001 1 2 4 N N N ERRNO(100) diff -Nru libseccomp-2.3.1/tests/Makefile.am libseccomp-2.4.1/tests/Makefile.am --- libseccomp-2.3.1/tests/Makefile.am 2016-04-20 17:49:04.575849365 +0000 +++ libseccomp-2.4.1/tests/Makefile.am 2019-04-17 00:07:39.782935153 +0000 @@ -16,8 +16,19 @@ # along with this library; if not, see . # -AM_LDFLAGS = -static -LDADD = util.la ../src/libseccomp.la +@CODE_COVERAGE_RULES@ + +CODE_COVERAGE_IGNORE_PATTERN = /usr/include/bits/* */arch-syscall-check.c + +if CODE_COVERAGE_ENABLED +DBG_STATIC = +else +DBG_STATIC = -static +endif + +AM_LDFLAGS = ${DBG_STATIC} -lpthread + +LDADD = util.la ../src/libseccomp.la ${CODE_COVERAGE_LIBS} check_LTLIBRARIES = util.la util_la_SOURCES = util.c util.h @@ -61,7 +72,24 @@ 30-sim-socket_syscalls \ 31-basic-version_check \ 32-live-tsync_allow \ - 33-sim-socket_syscalls_be + 33-sim-socket_syscalls_be \ + 34-sim-basic_blacklist \ + 35-sim-negative_one \ + 36-sim-ipc_syscalls \ + 37-sim-ipc_syscalls_be \ + 38-basic-pfc_coverage \ + 39-basic-api_level \ + 40-sim-log \ + 41-sim-syscall_priority_arch \ + 42-sim-adv_chains \ + 43-sim-a2_order \ + 44-live-a2_order \ + 45-sim-chain_code_coverage \ + 46-sim-kill_process \ + 47-live-kill_process \ + 48-sim-32b_args \ + 49-sim-64b_comparisons \ + 50-sim-hash_collision EXTRA_DIST_TESTPYTHON = \ util.py \ @@ -97,7 +125,23 @@ 30-sim-socket_syscalls.py \ 31-basic-version_check.py \ 32-live-tsync_allow.py \ - 33-sim-socket_syscalls_be.py + 33-sim-socket_syscalls_be.py \ + 34-sim-basic_blacklist.py \ + 35-sim-negative_one.py \ + 36-sim-ipc_syscalls.py \ + 37-sim-ipc_syscalls_be.py \ + 39-basic-api_level.py \ + 40-sim-log.py \ + 41-sim-syscall_priority_arch.py \ + 42-sim-adv_chains.py \ + 43-sim-a2_order.py \ + 44-live-a2_order.py \ + 45-sim-chain_code_coverage.py \ + 46-sim-kill_process.py \ + 47-live-kill_process.py \ + 48-sim-32b_args.py \ + 49-sim-64b_comparisons.py \ + 50-sim-hash_collision.py EXTRA_DIST_TESTCFGS = \ 01-sim-allow.tests \ @@ -132,9 +176,29 @@ 30-sim-socket_syscalls.tests \ 31-basic-version_check.tests \ 32-live-tsync_allow.tests \ - 33-sim-socket_syscalls_be.tests + 33-sim-socket_syscalls_be.tests \ + 34-sim-basic_blacklist.tests \ + 35-sim-negative_one.tests \ + 36-sim-ipc_syscalls.tests \ + 37-sim-ipc_syscalls_be.tests \ + 38-basic-pfc_coverage.tests \ + 39-basic-api_level.tests \ + 40-sim-log.tests \ + 41-sim-syscall_priority_arch.tests \ + 42-sim-adv_chains.tests \ + 43-sim-a2_order.tests \ + 44-live-a2_order.tests \ + 45-sim-chain_code_coverage.tests \ + 46-sim-kill_process.tests \ + 47-live-kill_process.tests \ + 48-sim-32b_args.tests \ + 49-sim-64b_comparisons.tests \ + 50-sim-hash_collision.tests + +EXTRA_DIST_TESTSCRIPTS = \ + 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc -EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen +EXTRA_DIST_TESTTOOLS = regression testdiff testgen EXTRA_DIST_TESTVALGRIND = valgrind_test.supp @@ -142,6 +206,7 @@ ${EXTRA_DIST_TESTCFGS} \ ${EXTRA_DIST_TESTPYTHON} \ ${EXTRA_DIST_TESTSCRIPTS} \ + ${EXTRA_DIST_TESTTOOLS} \ ${EXTRA_DIST_TESTVALGRIND} nodist_00_test_SOURCES = 00-test.c diff -Nru libseccomp-2.3.1/tests/Makefile.in libseccomp-2.4.1/tests/Makefile.in --- libseccomp-2.3.1/tests/Makefile.in 2016-04-20 20:11:08.994211376 +0000 +++ libseccomp-2.4.1/tests/Makefile.in 2019-04-17 21:02:40.709606068 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,7 +32,17 @@ # along with this library; if not, see . # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -116,18 +126,26 @@ 27-sim-bpf_blk_state$(EXEEXT) 28-sim-arch_x86$(EXEEXT) \ 29-sim-pseudo_syscall$(EXEEXT) 30-sim-socket_syscalls$(EXEEXT) \ 31-basic-version_check$(EXEEXT) 32-live-tsync_allow$(EXEEXT) \ - 33-sim-socket_syscalls_be$(EXEEXT) + 33-sim-socket_syscalls_be$(EXEEXT) \ + 34-sim-basic_blacklist$(EXEEXT) 35-sim-negative_one$(EXEEXT) \ + 36-sim-ipc_syscalls$(EXEEXT) 37-sim-ipc_syscalls_be$(EXEEXT) \ + 38-basic-pfc_coverage$(EXEEXT) 39-basic-api_level$(EXEEXT) \ + 40-sim-log$(EXEEXT) 41-sim-syscall_priority_arch$(EXEEXT) \ + 42-sim-adv_chains$(EXEEXT) 43-sim-a2_order$(EXEEXT) \ + 44-live-a2_order$(EXEEXT) 45-sim-chain_code_coverage$(EXEEXT) \ + 46-sim-kill_process$(EXEEXT) 47-live-kill_process$(EXEEXT) \ + 48-sim-32b_args$(EXEEXT) 49-sim-64b_comparisons$(EXEEXT) \ + 50-sim-hash_collision$(EXEEXT) EXTRA_PROGRAMS = 00-test$(EXEEXT) subdir = tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/configure.h CONFIG_CLEAN_FILES = @@ -145,147 +163,266 @@ nodist_00_test_OBJECTS = 00-test.$(OBJEXT) 00_test_OBJECTS = $(nodist_00_test_OBJECTS) 00_test_LDADD = $(LDADD) -00_test_DEPENDENCIES = util.la ../src/libseccomp.la +am__DEPENDENCIES_1 = +00_test_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 01_sim_allow_SOURCES = 01-sim-allow.c 01_sim_allow_OBJECTS = 01-sim-allow.$(OBJEXT) 01_sim_allow_LDADD = $(LDADD) -01_sim_allow_DEPENDENCIES = util.la ../src/libseccomp.la +01_sim_allow_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 02_sim_basic_SOURCES = 02-sim-basic.c 02_sim_basic_OBJECTS = 02-sim-basic.$(OBJEXT) 02_sim_basic_LDADD = $(LDADD) -02_sim_basic_DEPENDENCIES = util.la ../src/libseccomp.la +02_sim_basic_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 03_sim_basic_chains_SOURCES = 03-sim-basic_chains.c 03_sim_basic_chains_OBJECTS = 03-sim-basic_chains.$(OBJEXT) 03_sim_basic_chains_LDADD = $(LDADD) -03_sim_basic_chains_DEPENDENCIES = util.la ../src/libseccomp.la +03_sim_basic_chains_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 04_sim_multilevel_chains_SOURCES = 04-sim-multilevel_chains.c 04_sim_multilevel_chains_OBJECTS = 04-sim-multilevel_chains.$(OBJEXT) 04_sim_multilevel_chains_LDADD = $(LDADD) -04_sim_multilevel_chains_DEPENDENCIES = util.la ../src/libseccomp.la +04_sim_multilevel_chains_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 05_sim_long_jumps_SOURCES = 05-sim-long_jumps.c 05_sim_long_jumps_OBJECTS = 05-sim-long_jumps.$(OBJEXT) 05_sim_long_jumps_LDADD = $(LDADD) -05_sim_long_jumps_DEPENDENCIES = util.la ../src/libseccomp.la +05_sim_long_jumps_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 06_sim_actions_SOURCES = 06-sim-actions.c 06_sim_actions_OBJECTS = 06-sim-actions.$(OBJEXT) 06_sim_actions_LDADD = $(LDADD) -06_sim_actions_DEPENDENCIES = util.la ../src/libseccomp.la +06_sim_actions_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 07_sim_db_bug_looping_SOURCES = 07-sim-db_bug_looping.c 07_sim_db_bug_looping_OBJECTS = 07-sim-db_bug_looping.$(OBJEXT) 07_sim_db_bug_looping_LDADD = $(LDADD) -07_sim_db_bug_looping_DEPENDENCIES = util.la ../src/libseccomp.la +07_sim_db_bug_looping_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 08_sim_subtree_checks_SOURCES = 08-sim-subtree_checks.c 08_sim_subtree_checks_OBJECTS = 08-sim-subtree_checks.$(OBJEXT) 08_sim_subtree_checks_LDADD = $(LDADD) -08_sim_subtree_checks_DEPENDENCIES = util.la ../src/libseccomp.la +08_sim_subtree_checks_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 09_sim_syscall_priority_pre_SOURCES = 09-sim-syscall_priority_pre.c 09_sim_syscall_priority_pre_OBJECTS = \ 09-sim-syscall_priority_pre.$(OBJEXT) 09_sim_syscall_priority_pre_LDADD = $(LDADD) 09_sim_syscall_priority_pre_DEPENDENCIES = util.la \ - ../src/libseccomp.la + ../src/libseccomp.la $(am__DEPENDENCIES_1) 10_sim_syscall_priority_post_SOURCES = 10-sim-syscall_priority_post.c 10_sim_syscall_priority_post_OBJECTS = \ 10-sim-syscall_priority_post.$(OBJEXT) 10_sim_syscall_priority_post_LDADD = $(LDADD) 10_sim_syscall_priority_post_DEPENDENCIES = util.la \ - ../src/libseccomp.la + ../src/libseccomp.la $(am__DEPENDENCIES_1) 11_basic_basic_errors_SOURCES = 11-basic-basic_errors.c 11_basic_basic_errors_OBJECTS = 11-basic-basic_errors.$(OBJEXT) 11_basic_basic_errors_LDADD = $(LDADD) -11_basic_basic_errors_DEPENDENCIES = util.la ../src/libseccomp.la +11_basic_basic_errors_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 12_sim_basic_masked_ops_SOURCES = 12-sim-basic_masked_ops.c 12_sim_basic_masked_ops_OBJECTS = 12-sim-basic_masked_ops.$(OBJEXT) 12_sim_basic_masked_ops_LDADD = $(LDADD) -12_sim_basic_masked_ops_DEPENDENCIES = util.la ../src/libseccomp.la +12_sim_basic_masked_ops_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 13_basic_attrs_SOURCES = 13-basic-attrs.c 13_basic_attrs_OBJECTS = 13-basic-attrs.$(OBJEXT) 13_basic_attrs_LDADD = $(LDADD) -13_basic_attrs_DEPENDENCIES = util.la ../src/libseccomp.la +13_basic_attrs_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 14_sim_reset_SOURCES = 14-sim-reset.c 14_sim_reset_OBJECTS = 14-sim-reset.$(OBJEXT) 14_sim_reset_LDADD = $(LDADD) -14_sim_reset_DEPENDENCIES = util.la ../src/libseccomp.la +14_sim_reset_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 15_basic_resolver_SOURCES = 15-basic-resolver.c 15_basic_resolver_OBJECTS = 15-basic-resolver.$(OBJEXT) 15_basic_resolver_LDADD = $(LDADD) -15_basic_resolver_DEPENDENCIES = util.la ../src/libseccomp.la +15_basic_resolver_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 16_sim_arch_basic_SOURCES = 16-sim-arch_basic.c 16_sim_arch_basic_OBJECTS = 16-sim-arch_basic.$(OBJEXT) 16_sim_arch_basic_LDADD = $(LDADD) -16_sim_arch_basic_DEPENDENCIES = util.la ../src/libseccomp.la +16_sim_arch_basic_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 17_sim_arch_merge_SOURCES = 17-sim-arch_merge.c 17_sim_arch_merge_OBJECTS = 17-sim-arch_merge.$(OBJEXT) 17_sim_arch_merge_LDADD = $(LDADD) -17_sim_arch_merge_DEPENDENCIES = util.la ../src/libseccomp.la +17_sim_arch_merge_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 18_sim_basic_whitelist_SOURCES = 18-sim-basic_whitelist.c 18_sim_basic_whitelist_OBJECTS = 18-sim-basic_whitelist.$(OBJEXT) 18_sim_basic_whitelist_LDADD = $(LDADD) -18_sim_basic_whitelist_DEPENDENCIES = util.la ../src/libseccomp.la +18_sim_basic_whitelist_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 19_sim_missing_syscalls_SOURCES = 19-sim-missing_syscalls.c 19_sim_missing_syscalls_OBJECTS = 19-sim-missing_syscalls.$(OBJEXT) 19_sim_missing_syscalls_LDADD = $(LDADD) -19_sim_missing_syscalls_DEPENDENCIES = util.la ../src/libseccomp.la +19_sim_missing_syscalls_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 20_live_basic_die_SOURCES = 20-live-basic_die.c 20_live_basic_die_OBJECTS = 20-live-basic_die.$(OBJEXT) 20_live_basic_die_LDADD = $(LDADD) -20_live_basic_die_DEPENDENCIES = util.la ../src/libseccomp.la +20_live_basic_die_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 21_live_basic_allow_SOURCES = 21-live-basic_allow.c 21_live_basic_allow_OBJECTS = 21-live-basic_allow.$(OBJEXT) 21_live_basic_allow_LDADD = $(LDADD) -21_live_basic_allow_DEPENDENCIES = util.la ../src/libseccomp.la +21_live_basic_allow_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 22_sim_basic_chains_array_SOURCES = 22-sim-basic_chains_array.c 22_sim_basic_chains_array_OBJECTS = \ 22-sim-basic_chains_array.$(OBJEXT) 22_sim_basic_chains_array_LDADD = $(LDADD) -22_sim_basic_chains_array_DEPENDENCIES = util.la ../src/libseccomp.la +22_sim_basic_chains_array_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 23_sim_arch_all_le_basic_SOURCES = 23-sim-arch_all_le_basic.c 23_sim_arch_all_le_basic_OBJECTS = 23-sim-arch_all_le_basic.$(OBJEXT) 23_sim_arch_all_le_basic_LDADD = $(LDADD) -23_sim_arch_all_le_basic_DEPENDENCIES = util.la ../src/libseccomp.la +23_sim_arch_all_le_basic_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 24_live_arg_allow_SOURCES = 24-live-arg_allow.c 24_live_arg_allow_OBJECTS = 24-live-arg_allow.$(OBJEXT) 24_live_arg_allow_LDADD = $(LDADD) -24_live_arg_allow_DEPENDENCIES = util.la ../src/libseccomp.la +24_live_arg_allow_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 25_sim_multilevel_chains_adv_SOURCES = 25-sim-multilevel_chains_adv.c 25_sim_multilevel_chains_adv_OBJECTS = \ 25-sim-multilevel_chains_adv.$(OBJEXT) 25_sim_multilevel_chains_adv_LDADD = $(LDADD) 25_sim_multilevel_chains_adv_DEPENDENCIES = util.la \ - ../src/libseccomp.la + ../src/libseccomp.la $(am__DEPENDENCIES_1) 26_sim_arch_all_be_basic_SOURCES = 26-sim-arch_all_be_basic.c 26_sim_arch_all_be_basic_OBJECTS = 26-sim-arch_all_be_basic.$(OBJEXT) 26_sim_arch_all_be_basic_LDADD = $(LDADD) -26_sim_arch_all_be_basic_DEPENDENCIES = util.la ../src/libseccomp.la +26_sim_arch_all_be_basic_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 27_sim_bpf_blk_state_SOURCES = 27-sim-bpf_blk_state.c 27_sim_bpf_blk_state_OBJECTS = 27-sim-bpf_blk_state.$(OBJEXT) 27_sim_bpf_blk_state_LDADD = $(LDADD) -27_sim_bpf_blk_state_DEPENDENCIES = util.la ../src/libseccomp.la +27_sim_bpf_blk_state_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 28_sim_arch_x86_SOURCES = 28-sim-arch_x86.c 28_sim_arch_x86_OBJECTS = 28-sim-arch_x86.$(OBJEXT) 28_sim_arch_x86_LDADD = $(LDADD) -28_sim_arch_x86_DEPENDENCIES = util.la ../src/libseccomp.la +28_sim_arch_x86_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 29_sim_pseudo_syscall_SOURCES = 29-sim-pseudo_syscall.c 29_sim_pseudo_syscall_OBJECTS = 29-sim-pseudo_syscall.$(OBJEXT) 29_sim_pseudo_syscall_LDADD = $(LDADD) -29_sim_pseudo_syscall_DEPENDENCIES = util.la ../src/libseccomp.la +29_sim_pseudo_syscall_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 30_sim_socket_syscalls_SOURCES = 30-sim-socket_syscalls.c 30_sim_socket_syscalls_OBJECTS = 30-sim-socket_syscalls.$(OBJEXT) 30_sim_socket_syscalls_LDADD = $(LDADD) -30_sim_socket_syscalls_DEPENDENCIES = util.la ../src/libseccomp.la +30_sim_socket_syscalls_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 31_basic_version_check_SOURCES = 31-basic-version_check.c 31_basic_version_check_OBJECTS = 31-basic-version_check.$(OBJEXT) 31_basic_version_check_LDADD = $(LDADD) -31_basic_version_check_DEPENDENCIES = util.la ../src/libseccomp.la +31_basic_version_check_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 32_live_tsync_allow_SOURCES = 32-live-tsync_allow.c 32_live_tsync_allow_OBJECTS = 32-live-tsync_allow.$(OBJEXT) 32_live_tsync_allow_LDADD = $(LDADD) -32_live_tsync_allow_DEPENDENCIES = util.la ../src/libseccomp.la +32_live_tsync_allow_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) 33_sim_socket_syscalls_be_SOURCES = 33-sim-socket_syscalls_be.c 33_sim_socket_syscalls_be_OBJECTS = \ 33-sim-socket_syscalls_be.$(OBJEXT) 33_sim_socket_syscalls_be_LDADD = $(LDADD) -33_sim_socket_syscalls_be_DEPENDENCIES = util.la ../src/libseccomp.la +33_sim_socket_syscalls_be_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +34_sim_basic_blacklist_SOURCES = 34-sim-basic_blacklist.c +34_sim_basic_blacklist_OBJECTS = 34-sim-basic_blacklist.$(OBJEXT) +34_sim_basic_blacklist_LDADD = $(LDADD) +34_sim_basic_blacklist_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +35_sim_negative_one_SOURCES = 35-sim-negative_one.c +35_sim_negative_one_OBJECTS = 35-sim-negative_one.$(OBJEXT) +35_sim_negative_one_LDADD = $(LDADD) +35_sim_negative_one_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +36_sim_ipc_syscalls_SOURCES = 36-sim-ipc_syscalls.c +36_sim_ipc_syscalls_OBJECTS = 36-sim-ipc_syscalls.$(OBJEXT) +36_sim_ipc_syscalls_LDADD = $(LDADD) +36_sim_ipc_syscalls_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +37_sim_ipc_syscalls_be_SOURCES = 37-sim-ipc_syscalls_be.c +37_sim_ipc_syscalls_be_OBJECTS = 37-sim-ipc_syscalls_be.$(OBJEXT) +37_sim_ipc_syscalls_be_LDADD = $(LDADD) +37_sim_ipc_syscalls_be_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +38_basic_pfc_coverage_SOURCES = 38-basic-pfc_coverage.c +38_basic_pfc_coverage_OBJECTS = 38-basic-pfc_coverage.$(OBJEXT) +38_basic_pfc_coverage_LDADD = $(LDADD) +38_basic_pfc_coverage_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +39_basic_api_level_SOURCES = 39-basic-api_level.c +39_basic_api_level_OBJECTS = 39-basic-api_level.$(OBJEXT) +39_basic_api_level_LDADD = $(LDADD) +39_basic_api_level_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +40_sim_log_SOURCES = 40-sim-log.c +40_sim_log_OBJECTS = 40-sim-log.$(OBJEXT) +40_sim_log_LDADD = $(LDADD) +40_sim_log_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +41_sim_syscall_priority_arch_SOURCES = 41-sim-syscall_priority_arch.c +41_sim_syscall_priority_arch_OBJECTS = \ + 41-sim-syscall_priority_arch.$(OBJEXT) +41_sim_syscall_priority_arch_LDADD = $(LDADD) +41_sim_syscall_priority_arch_DEPENDENCIES = util.la \ + ../src/libseccomp.la $(am__DEPENDENCIES_1) +42_sim_adv_chains_SOURCES = 42-sim-adv_chains.c +42_sim_adv_chains_OBJECTS = 42-sim-adv_chains.$(OBJEXT) +42_sim_adv_chains_LDADD = $(LDADD) +42_sim_adv_chains_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +43_sim_a2_order_SOURCES = 43-sim-a2_order.c +43_sim_a2_order_OBJECTS = 43-sim-a2_order.$(OBJEXT) +43_sim_a2_order_LDADD = $(LDADD) +43_sim_a2_order_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +44_live_a2_order_SOURCES = 44-live-a2_order.c +44_live_a2_order_OBJECTS = 44-live-a2_order.$(OBJEXT) +44_live_a2_order_LDADD = $(LDADD) +44_live_a2_order_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +45_sim_chain_code_coverage_SOURCES = 45-sim-chain_code_coverage.c +45_sim_chain_code_coverage_OBJECTS = \ + 45-sim-chain_code_coverage.$(OBJEXT) +45_sim_chain_code_coverage_LDADD = $(LDADD) +45_sim_chain_code_coverage_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +46_sim_kill_process_SOURCES = 46-sim-kill_process.c +46_sim_kill_process_OBJECTS = 46-sim-kill_process.$(OBJEXT) +46_sim_kill_process_LDADD = $(LDADD) +46_sim_kill_process_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +47_live_kill_process_SOURCES = 47-live-kill_process.c +47_live_kill_process_OBJECTS = 47-live-kill_process.$(OBJEXT) +47_live_kill_process_LDADD = $(LDADD) +47_live_kill_process_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +48_sim_32b_args_SOURCES = 48-sim-32b_args.c +48_sim_32b_args_OBJECTS = 48-sim-32b_args.$(OBJEXT) +48_sim_32b_args_LDADD = $(LDADD) +48_sim_32b_args_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +49_sim_64b_comparisons_SOURCES = 49-sim-64b_comparisons.c +49_sim_64b_comparisons_OBJECTS = 49-sim-64b_comparisons.$(OBJEXT) +49_sim_64b_comparisons_LDADD = $(LDADD) +49_sim_64b_comparisons_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) +50_sim_hash_collision_SOURCES = 50-sim-hash_collision.c +50_sim_hash_collision_OBJECTS = 50-sim-hash_collision.$(OBJEXT) +50_sim_hash_collision_LDADD = $(LDADD) +50_sim_hash_collision_DEPENDENCIES = util.la ../src/libseccomp.la \ + $(am__DEPENDENCIES_1) miniseq_SOURCES = miniseq.c miniseq_OBJECTS = miniseq.$(OBJEXT) miniseq_DEPENDENCIES = @@ -303,7 +440,54 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/00-test.Po \ + ./$(DEPDIR)/01-sim-allow.Po ./$(DEPDIR)/02-sim-basic.Po \ + ./$(DEPDIR)/03-sim-basic_chains.Po \ + ./$(DEPDIR)/04-sim-multilevel_chains.Po \ + ./$(DEPDIR)/05-sim-long_jumps.Po ./$(DEPDIR)/06-sim-actions.Po \ + ./$(DEPDIR)/07-sim-db_bug_looping.Po \ + ./$(DEPDIR)/08-sim-subtree_checks.Po \ + ./$(DEPDIR)/09-sim-syscall_priority_pre.Po \ + ./$(DEPDIR)/10-sim-syscall_priority_post.Po \ + ./$(DEPDIR)/11-basic-basic_errors.Po \ + ./$(DEPDIR)/12-sim-basic_masked_ops.Po \ + ./$(DEPDIR)/13-basic-attrs.Po ./$(DEPDIR)/14-sim-reset.Po \ + ./$(DEPDIR)/15-basic-resolver.Po \ + ./$(DEPDIR)/16-sim-arch_basic.Po \ + ./$(DEPDIR)/17-sim-arch_merge.Po \ + ./$(DEPDIR)/18-sim-basic_whitelist.Po \ + ./$(DEPDIR)/19-sim-missing_syscalls.Po \ + ./$(DEPDIR)/20-live-basic_die.Po \ + ./$(DEPDIR)/21-live-basic_allow.Po \ + ./$(DEPDIR)/22-sim-basic_chains_array.Po \ + ./$(DEPDIR)/23-sim-arch_all_le_basic.Po \ + ./$(DEPDIR)/24-live-arg_allow.Po \ + ./$(DEPDIR)/25-sim-multilevel_chains_adv.Po \ + ./$(DEPDIR)/26-sim-arch_all_be_basic.Po \ + ./$(DEPDIR)/27-sim-bpf_blk_state.Po \ + ./$(DEPDIR)/28-sim-arch_x86.Po \ + ./$(DEPDIR)/29-sim-pseudo_syscall.Po \ + ./$(DEPDIR)/30-sim-socket_syscalls.Po \ + ./$(DEPDIR)/31-basic-version_check.Po \ + ./$(DEPDIR)/32-live-tsync_allow.Po \ + ./$(DEPDIR)/33-sim-socket_syscalls_be.Po \ + ./$(DEPDIR)/34-sim-basic_blacklist.Po \ + ./$(DEPDIR)/35-sim-negative_one.Po \ + ./$(DEPDIR)/36-sim-ipc_syscalls.Po \ + ./$(DEPDIR)/37-sim-ipc_syscalls_be.Po \ + ./$(DEPDIR)/38-basic-pfc_coverage.Po \ + ./$(DEPDIR)/39-basic-api_level.Po ./$(DEPDIR)/40-sim-log.Po \ + ./$(DEPDIR)/41-sim-syscall_priority_arch.Po \ + ./$(DEPDIR)/42-sim-adv_chains.Po \ + ./$(DEPDIR)/43-sim-a2_order.Po ./$(DEPDIR)/44-live-a2_order.Po \ + ./$(DEPDIR)/45-sim-chain_code_coverage.Po \ + ./$(DEPDIR)/46-sim-kill_process.Po \ + ./$(DEPDIR)/47-live-kill_process.Po \ + ./$(DEPDIR)/48-sim-32b_args.Po \ + ./$(DEPDIR)/49-sim-64b_comparisons.Po \ + ./$(DEPDIR)/50-sim-hash_collision.Po ./$(DEPDIR)/miniseq.Po \ + ./$(DEPDIR)/util.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -338,7 +522,15 @@ 26-sim-arch_all_be_basic.c 27-sim-bpf_blk_state.c \ 28-sim-arch_x86.c 29-sim-pseudo_syscall.c \ 30-sim-socket_syscalls.c 31-basic-version_check.c \ - 32-live-tsync_allow.c 33-sim-socket_syscalls_be.c miniseq.c + 32-live-tsync_allow.c 33-sim-socket_syscalls_be.c \ + 34-sim-basic_blacklist.c 35-sim-negative_one.c \ + 36-sim-ipc_syscalls.c 37-sim-ipc_syscalls_be.c \ + 38-basic-pfc_coverage.c 39-basic-api_level.c 40-sim-log.c \ + 41-sim-syscall_priority_arch.c 42-sim-adv_chains.c \ + 43-sim-a2_order.c 44-live-a2_order.c \ + 45-sim-chain_code_coverage.c 46-sim-kill_process.c \ + 47-live-kill_process.c 48-sim-32b_args.c \ + 49-sim-64b_comparisons.c 50-sim-hash_collision.c miniseq.c DIST_SOURCES = $(util_la_SOURCES) 01-sim-allow.c 02-sim-basic.c \ 03-sim-basic_chains.c 04-sim-multilevel_chains.c \ 05-sim-long_jumps.c 06-sim-actions.c 07-sim-db_bug_looping.c \ @@ -353,7 +545,15 @@ 26-sim-arch_all_be_basic.c 27-sim-bpf_blk_state.c \ 28-sim-arch_x86.c 29-sim-pseudo_syscall.c \ 30-sim-socket_syscalls.c 31-basic-version_check.c \ - 32-live-tsync_allow.c 33-sim-socket_syscalls_be.c miniseq.c + 32-live-tsync_allow.c 33-sim-socket_syscalls_be.c \ + 34-sim-basic_blacklist.c 35-sim-negative_one.c \ + 36-sim-ipc_syscalls.c 37-sim-ipc_syscalls_be.c \ + 38-basic-pfc_coverage.c 39-basic-api_level.c 40-sim-log.c \ + 41-sim-syscall_priority_arch.c 42-sim-adv_chains.c \ + 43-sim-a2_order.c 44-live-a2_order.c \ + 45-sim-chain_code_coverage.c 46-sim-kill_process.c \ + 47-live-kill_process.c 48-sim-32b_args.c \ + 49-sim-64b_comparisons.c 50-sim-hash_collision.c miniseq.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -400,13 +600,15 @@ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_CFLAGS = @AM_CFLAGS@ AM_CPPFLAGS = @AM_CPPFLAGS@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AM_LDFLAGS = -static +AM_LDFLAGS = ${DBG_STATIC} -lpthread AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -415,6 +617,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -429,12 +637,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -461,6 +672,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -513,9 +729,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -524,7 +744,10 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -LDADD = util.la ../src/libseccomp.la +CODE_COVERAGE_IGNORE_PATTERN = /usr/include/bits/* */arch-syscall-check.c +@CODE_COVERAGE_ENABLED_FALSE@DBG_STATIC = -static +@CODE_COVERAGE_ENABLED_TRUE@DBG_STATIC = +LDADD = util.la ../src/libseccomp.la ${CODE_COVERAGE_LIBS} check_LTLIBRARIES = util.la util_la_SOURCES = util.c util.h util_la_LDFLAGS = -module @@ -564,7 +787,23 @@ 30-sim-socket_syscalls.py \ 31-basic-version_check.py \ 32-live-tsync_allow.py \ - 33-sim-socket_syscalls_be.py + 33-sim-socket_syscalls_be.py \ + 34-sim-basic_blacklist.py \ + 35-sim-negative_one.py \ + 36-sim-ipc_syscalls.py \ + 37-sim-ipc_syscalls_be.py \ + 39-basic-api_level.py \ + 40-sim-log.py \ + 41-sim-syscall_priority_arch.py \ + 42-sim-adv_chains.py \ + 43-sim-a2_order.py \ + 44-live-a2_order.py \ + 45-sim-chain_code_coverage.py \ + 46-sim-kill_process.py \ + 47-live-kill_process.py \ + 48-sim-32b_args.py \ + 49-sim-64b_comparisons.py \ + 50-sim-hash_collision.py EXTRA_DIST_TESTCFGS = \ 01-sim-allow.tests \ @@ -599,14 +838,35 @@ 30-sim-socket_syscalls.tests \ 31-basic-version_check.tests \ 32-live-tsync_allow.tests \ - 33-sim-socket_syscalls_be.tests + 33-sim-socket_syscalls_be.tests \ + 34-sim-basic_blacklist.tests \ + 35-sim-negative_one.tests \ + 36-sim-ipc_syscalls.tests \ + 37-sim-ipc_syscalls_be.tests \ + 38-basic-pfc_coverage.tests \ + 39-basic-api_level.tests \ + 40-sim-log.tests \ + 41-sim-syscall_priority_arch.tests \ + 42-sim-adv_chains.tests \ + 43-sim-a2_order.tests \ + 44-live-a2_order.tests \ + 45-sim-chain_code_coverage.tests \ + 46-sim-kill_process.tests \ + 47-live-kill_process.tests \ + 48-sim-32b_args.tests \ + 49-sim-64b_comparisons.tests \ + 50-sim-hash_collision.tests + +EXTRA_DIST_TESTSCRIPTS = \ + 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc -EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen +EXTRA_DIST_TESTTOOLS = regression testdiff testgen EXTRA_DIST_TESTVALGRIND = valgrind_test.supp EXTRA_DIST = \ ${EXTRA_DIST_TESTCFGS} \ ${EXTRA_DIST_TESTPYTHON} \ ${EXTRA_DIST_TESTSCRIPTS} \ + ${EXTRA_DIST_TESTTOOLS} \ ${EXTRA_DIST_TESTVALGRIND} nodist_00_test_SOURCES = 00-test.c @@ -626,14 +886,13 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -645,6 +904,15 @@ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + clean-checkLTLIBRARIES: -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) @list='$(check_LTLIBRARIES)'; \ @@ -659,15 +927,6 @@ util.la: $(util_la_OBJECTS) $(util_la_DEPENDENCIES) $(EXTRA_util_la_DEPENDENCIES) $(AM_V_CCLD)$(util_la_LINK) $(util_la_OBJECTS) $(util_la_LIBADD) $(LIBS) -clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list - 00-test$(EXEEXT): $(00_test_OBJECTS) $(00_test_DEPENDENCIES) $(EXTRA_00_test_DEPENDENCIES) @rm -f 00-test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(00_test_OBJECTS) $(00_test_LDADD) $(LIBS) @@ -804,6 +1063,74 @@ @rm -f 33-sim-socket_syscalls_be$(EXEEXT) $(AM_V_CCLD)$(LINK) $(33_sim_socket_syscalls_be_OBJECTS) $(33_sim_socket_syscalls_be_LDADD) $(LIBS) +34-sim-basic_blacklist$(EXEEXT): $(34_sim_basic_blacklist_OBJECTS) $(34_sim_basic_blacklist_DEPENDENCIES) $(EXTRA_34_sim_basic_blacklist_DEPENDENCIES) + @rm -f 34-sim-basic_blacklist$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(34_sim_basic_blacklist_OBJECTS) $(34_sim_basic_blacklist_LDADD) $(LIBS) + +35-sim-negative_one$(EXEEXT): $(35_sim_negative_one_OBJECTS) $(35_sim_negative_one_DEPENDENCIES) $(EXTRA_35_sim_negative_one_DEPENDENCIES) + @rm -f 35-sim-negative_one$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(35_sim_negative_one_OBJECTS) $(35_sim_negative_one_LDADD) $(LIBS) + +36-sim-ipc_syscalls$(EXEEXT): $(36_sim_ipc_syscalls_OBJECTS) $(36_sim_ipc_syscalls_DEPENDENCIES) $(EXTRA_36_sim_ipc_syscalls_DEPENDENCIES) + @rm -f 36-sim-ipc_syscalls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(36_sim_ipc_syscalls_OBJECTS) $(36_sim_ipc_syscalls_LDADD) $(LIBS) + +37-sim-ipc_syscalls_be$(EXEEXT): $(37_sim_ipc_syscalls_be_OBJECTS) $(37_sim_ipc_syscalls_be_DEPENDENCIES) $(EXTRA_37_sim_ipc_syscalls_be_DEPENDENCIES) + @rm -f 37-sim-ipc_syscalls_be$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(37_sim_ipc_syscalls_be_OBJECTS) $(37_sim_ipc_syscalls_be_LDADD) $(LIBS) + +38-basic-pfc_coverage$(EXEEXT): $(38_basic_pfc_coverage_OBJECTS) $(38_basic_pfc_coverage_DEPENDENCIES) $(EXTRA_38_basic_pfc_coverage_DEPENDENCIES) + @rm -f 38-basic-pfc_coverage$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(38_basic_pfc_coverage_OBJECTS) $(38_basic_pfc_coverage_LDADD) $(LIBS) + +39-basic-api_level$(EXEEXT): $(39_basic_api_level_OBJECTS) $(39_basic_api_level_DEPENDENCIES) $(EXTRA_39_basic_api_level_DEPENDENCIES) + @rm -f 39-basic-api_level$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(39_basic_api_level_OBJECTS) $(39_basic_api_level_LDADD) $(LIBS) + +40-sim-log$(EXEEXT): $(40_sim_log_OBJECTS) $(40_sim_log_DEPENDENCIES) $(EXTRA_40_sim_log_DEPENDENCIES) + @rm -f 40-sim-log$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(40_sim_log_OBJECTS) $(40_sim_log_LDADD) $(LIBS) + +41-sim-syscall_priority_arch$(EXEEXT): $(41_sim_syscall_priority_arch_OBJECTS) $(41_sim_syscall_priority_arch_DEPENDENCIES) $(EXTRA_41_sim_syscall_priority_arch_DEPENDENCIES) + @rm -f 41-sim-syscall_priority_arch$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(41_sim_syscall_priority_arch_OBJECTS) $(41_sim_syscall_priority_arch_LDADD) $(LIBS) + +42-sim-adv_chains$(EXEEXT): $(42_sim_adv_chains_OBJECTS) $(42_sim_adv_chains_DEPENDENCIES) $(EXTRA_42_sim_adv_chains_DEPENDENCIES) + @rm -f 42-sim-adv_chains$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(42_sim_adv_chains_OBJECTS) $(42_sim_adv_chains_LDADD) $(LIBS) + +43-sim-a2_order$(EXEEXT): $(43_sim_a2_order_OBJECTS) $(43_sim_a2_order_DEPENDENCIES) $(EXTRA_43_sim_a2_order_DEPENDENCIES) + @rm -f 43-sim-a2_order$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(43_sim_a2_order_OBJECTS) $(43_sim_a2_order_LDADD) $(LIBS) + +44-live-a2_order$(EXEEXT): $(44_live_a2_order_OBJECTS) $(44_live_a2_order_DEPENDENCIES) $(EXTRA_44_live_a2_order_DEPENDENCIES) + @rm -f 44-live-a2_order$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(44_live_a2_order_OBJECTS) $(44_live_a2_order_LDADD) $(LIBS) + +45-sim-chain_code_coverage$(EXEEXT): $(45_sim_chain_code_coverage_OBJECTS) $(45_sim_chain_code_coverage_DEPENDENCIES) $(EXTRA_45_sim_chain_code_coverage_DEPENDENCIES) + @rm -f 45-sim-chain_code_coverage$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(45_sim_chain_code_coverage_OBJECTS) $(45_sim_chain_code_coverage_LDADD) $(LIBS) + +46-sim-kill_process$(EXEEXT): $(46_sim_kill_process_OBJECTS) $(46_sim_kill_process_DEPENDENCIES) $(EXTRA_46_sim_kill_process_DEPENDENCIES) + @rm -f 46-sim-kill_process$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(46_sim_kill_process_OBJECTS) $(46_sim_kill_process_LDADD) $(LIBS) + +47-live-kill_process$(EXEEXT): $(47_live_kill_process_OBJECTS) $(47_live_kill_process_DEPENDENCIES) $(EXTRA_47_live_kill_process_DEPENDENCIES) + @rm -f 47-live-kill_process$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(47_live_kill_process_OBJECTS) $(47_live_kill_process_LDADD) $(LIBS) + +48-sim-32b_args$(EXEEXT): $(48_sim_32b_args_OBJECTS) $(48_sim_32b_args_DEPENDENCIES) $(EXTRA_48_sim_32b_args_DEPENDENCIES) + @rm -f 48-sim-32b_args$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(48_sim_32b_args_OBJECTS) $(48_sim_32b_args_LDADD) $(LIBS) + +49-sim-64b_comparisons$(EXEEXT): $(49_sim_64b_comparisons_OBJECTS) $(49_sim_64b_comparisons_DEPENDENCIES) $(EXTRA_49_sim_64b_comparisons_DEPENDENCIES) + @rm -f 49-sim-64b_comparisons$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(49_sim_64b_comparisons_OBJECTS) $(49_sim_64b_comparisons_LDADD) $(LIBS) + +50-sim-hash_collision$(EXEEXT): $(50_sim_hash_collision_OBJECTS) $(50_sim_hash_collision_DEPENDENCIES) $(EXTRA_50_sim_hash_collision_DEPENDENCIES) + @rm -f 50-sim-hash_collision$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(50_sim_hash_collision_OBJECTS) $(50_sim_hash_collision_LDADD) $(LIBS) + miniseq$(EXEEXT): $(miniseq_OBJECTS) $(miniseq_DEPENDENCIES) $(EXTRA_miniseq_DEPENDENCIES) @rm -f miniseq$(EXEEXT) $(AM_V_CCLD)$(LINK) $(miniseq_OBJECTS) $(miniseq_LDADD) $(LIBS) @@ -814,42 +1141,65 @@ distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/00-test.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/01-sim-allow.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/02-sim-basic.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/03-sim-basic_chains.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/04-sim-multilevel_chains.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/05-sim-long_jumps.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/06-sim-actions.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/07-sim-db_bug_looping.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/08-sim-subtree_checks.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/09-sim-syscall_priority_pre.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/10-sim-syscall_priority_post.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/11-basic-basic_errors.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/12-sim-basic_masked_ops.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/13-basic-attrs.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/14-sim-reset.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/15-basic-resolver.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/16-sim-arch_basic.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/17-sim-arch_merge.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/18-sim-basic_whitelist.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/19-sim-missing_syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/20-live-basic_die.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/21-live-basic_allow.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/22-sim-basic_chains_array.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/23-sim-arch_all_le_basic.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/24-live-arg_allow.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/25-sim-multilevel_chains_adv.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/26-sim-arch_all_be_basic.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/27-sim-bpf_blk_state.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/28-sim-arch_x86.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/29-sim-pseudo_syscall.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/30-sim-socket_syscalls.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/31-basic-version_check.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/32-live-tsync_allow.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/33-sim-socket_syscalls_be.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/miniseq.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/00-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/01-sim-allow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/02-sim-basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/03-sim-basic_chains.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/04-sim-multilevel_chains.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/05-sim-long_jumps.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/06-sim-actions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/07-sim-db_bug_looping.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/08-sim-subtree_checks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/09-sim-syscall_priority_pre.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/10-sim-syscall_priority_post.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/11-basic-basic_errors.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/12-sim-basic_masked_ops.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/13-basic-attrs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/14-sim-reset.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/15-basic-resolver.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/16-sim-arch_basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/17-sim-arch_merge.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/18-sim-basic_whitelist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/19-sim-missing_syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/20-live-basic_die.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/21-live-basic_allow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/22-sim-basic_chains_array.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/23-sim-arch_all_le_basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/24-live-arg_allow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/25-sim-multilevel_chains_adv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/26-sim-arch_all_be_basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/27-sim-bpf_blk_state.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/28-sim-arch_x86.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/29-sim-pseudo_syscall.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/30-sim-socket_syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/31-basic-version_check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/32-live-tsync_allow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/33-sim-socket_syscalls_be.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/34-sim-basic_blacklist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/35-sim-negative_one.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/36-sim-ipc_syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/37-sim-ipc_syscalls_be.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/38-basic-pfc_coverage.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/39-basic-api_level.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/40-sim-log.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/41-sim-syscall_priority_arch.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/42-sim-adv_chains.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/43-sim-a2_order.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/44-live-a2_order.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/45-sim-chain_code_coverage.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/46-sim-kill_process.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/47-live-kill_process.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/48-sim-32b_args.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/49-sim-64b_comparisons.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/50-sim-hash_collision.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/miniseq.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -1026,7 +1376,10 @@ test "$$failed" -eq 0; \ else :; fi -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1057,7 +1410,7 @@ fi; \ done check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) $(check_LTLIBRARIES) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_LTLIBRARIES) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile @@ -1098,7 +1451,59 @@ clean-libtool clean-local mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/00-test.Po + -rm -f ./$(DEPDIR)/01-sim-allow.Po + -rm -f ./$(DEPDIR)/02-sim-basic.Po + -rm -f ./$(DEPDIR)/03-sim-basic_chains.Po + -rm -f ./$(DEPDIR)/04-sim-multilevel_chains.Po + -rm -f ./$(DEPDIR)/05-sim-long_jumps.Po + -rm -f ./$(DEPDIR)/06-sim-actions.Po + -rm -f ./$(DEPDIR)/07-sim-db_bug_looping.Po + -rm -f ./$(DEPDIR)/08-sim-subtree_checks.Po + -rm -f ./$(DEPDIR)/09-sim-syscall_priority_pre.Po + -rm -f ./$(DEPDIR)/10-sim-syscall_priority_post.Po + -rm -f ./$(DEPDIR)/11-basic-basic_errors.Po + -rm -f ./$(DEPDIR)/12-sim-basic_masked_ops.Po + -rm -f ./$(DEPDIR)/13-basic-attrs.Po + -rm -f ./$(DEPDIR)/14-sim-reset.Po + -rm -f ./$(DEPDIR)/15-basic-resolver.Po + -rm -f ./$(DEPDIR)/16-sim-arch_basic.Po + -rm -f ./$(DEPDIR)/17-sim-arch_merge.Po + -rm -f ./$(DEPDIR)/18-sim-basic_whitelist.Po + -rm -f ./$(DEPDIR)/19-sim-missing_syscalls.Po + -rm -f ./$(DEPDIR)/20-live-basic_die.Po + -rm -f ./$(DEPDIR)/21-live-basic_allow.Po + -rm -f ./$(DEPDIR)/22-sim-basic_chains_array.Po + -rm -f ./$(DEPDIR)/23-sim-arch_all_le_basic.Po + -rm -f ./$(DEPDIR)/24-live-arg_allow.Po + -rm -f ./$(DEPDIR)/25-sim-multilevel_chains_adv.Po + -rm -f ./$(DEPDIR)/26-sim-arch_all_be_basic.Po + -rm -f ./$(DEPDIR)/27-sim-bpf_blk_state.Po + -rm -f ./$(DEPDIR)/28-sim-arch_x86.Po + -rm -f ./$(DEPDIR)/29-sim-pseudo_syscall.Po + -rm -f ./$(DEPDIR)/30-sim-socket_syscalls.Po + -rm -f ./$(DEPDIR)/31-basic-version_check.Po + -rm -f ./$(DEPDIR)/32-live-tsync_allow.Po + -rm -f ./$(DEPDIR)/33-sim-socket_syscalls_be.Po + -rm -f ./$(DEPDIR)/34-sim-basic_blacklist.Po + -rm -f ./$(DEPDIR)/35-sim-negative_one.Po + -rm -f ./$(DEPDIR)/36-sim-ipc_syscalls.Po + -rm -f ./$(DEPDIR)/37-sim-ipc_syscalls_be.Po + -rm -f ./$(DEPDIR)/38-basic-pfc_coverage.Po + -rm -f ./$(DEPDIR)/39-basic-api_level.Po + -rm -f ./$(DEPDIR)/40-sim-log.Po + -rm -f ./$(DEPDIR)/41-sim-syscall_priority_arch.Po + -rm -f ./$(DEPDIR)/42-sim-adv_chains.Po + -rm -f ./$(DEPDIR)/43-sim-a2_order.Po + -rm -f ./$(DEPDIR)/44-live-a2_order.Po + -rm -f ./$(DEPDIR)/45-sim-chain_code_coverage.Po + -rm -f ./$(DEPDIR)/46-sim-kill_process.Po + -rm -f ./$(DEPDIR)/47-live-kill_process.Po + -rm -f ./$(DEPDIR)/48-sim-32b_args.Po + -rm -f ./$(DEPDIR)/49-sim-64b_comparisons.Po + -rm -f ./$(DEPDIR)/50-sim-hash_collision.Po + -rm -f ./$(DEPDIR)/miniseq.Po + -rm -f ./$(DEPDIR)/util.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1144,7 +1549,59 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/00-test.Po + -rm -f ./$(DEPDIR)/01-sim-allow.Po + -rm -f ./$(DEPDIR)/02-sim-basic.Po + -rm -f ./$(DEPDIR)/03-sim-basic_chains.Po + -rm -f ./$(DEPDIR)/04-sim-multilevel_chains.Po + -rm -f ./$(DEPDIR)/05-sim-long_jumps.Po + -rm -f ./$(DEPDIR)/06-sim-actions.Po + -rm -f ./$(DEPDIR)/07-sim-db_bug_looping.Po + -rm -f ./$(DEPDIR)/08-sim-subtree_checks.Po + -rm -f ./$(DEPDIR)/09-sim-syscall_priority_pre.Po + -rm -f ./$(DEPDIR)/10-sim-syscall_priority_post.Po + -rm -f ./$(DEPDIR)/11-basic-basic_errors.Po + -rm -f ./$(DEPDIR)/12-sim-basic_masked_ops.Po + -rm -f ./$(DEPDIR)/13-basic-attrs.Po + -rm -f ./$(DEPDIR)/14-sim-reset.Po + -rm -f ./$(DEPDIR)/15-basic-resolver.Po + -rm -f ./$(DEPDIR)/16-sim-arch_basic.Po + -rm -f ./$(DEPDIR)/17-sim-arch_merge.Po + -rm -f ./$(DEPDIR)/18-sim-basic_whitelist.Po + -rm -f ./$(DEPDIR)/19-sim-missing_syscalls.Po + -rm -f ./$(DEPDIR)/20-live-basic_die.Po + -rm -f ./$(DEPDIR)/21-live-basic_allow.Po + -rm -f ./$(DEPDIR)/22-sim-basic_chains_array.Po + -rm -f ./$(DEPDIR)/23-sim-arch_all_le_basic.Po + -rm -f ./$(DEPDIR)/24-live-arg_allow.Po + -rm -f ./$(DEPDIR)/25-sim-multilevel_chains_adv.Po + -rm -f ./$(DEPDIR)/26-sim-arch_all_be_basic.Po + -rm -f ./$(DEPDIR)/27-sim-bpf_blk_state.Po + -rm -f ./$(DEPDIR)/28-sim-arch_x86.Po + -rm -f ./$(DEPDIR)/29-sim-pseudo_syscall.Po + -rm -f ./$(DEPDIR)/30-sim-socket_syscalls.Po + -rm -f ./$(DEPDIR)/31-basic-version_check.Po + -rm -f ./$(DEPDIR)/32-live-tsync_allow.Po + -rm -f ./$(DEPDIR)/33-sim-socket_syscalls_be.Po + -rm -f ./$(DEPDIR)/34-sim-basic_blacklist.Po + -rm -f ./$(DEPDIR)/35-sim-negative_one.Po + -rm -f ./$(DEPDIR)/36-sim-ipc_syscalls.Po + -rm -f ./$(DEPDIR)/37-sim-ipc_syscalls_be.Po + -rm -f ./$(DEPDIR)/38-basic-pfc_coverage.Po + -rm -f ./$(DEPDIR)/39-basic-api_level.Po + -rm -f ./$(DEPDIR)/40-sim-log.Po + -rm -f ./$(DEPDIR)/41-sim-syscall_priority_arch.Po + -rm -f ./$(DEPDIR)/42-sim-adv_chains.Po + -rm -f ./$(DEPDIR)/43-sim-a2_order.Po + -rm -f ./$(DEPDIR)/44-live-a2_order.Po + -rm -f ./$(DEPDIR)/45-sim-chain_code_coverage.Po + -rm -f ./$(DEPDIR)/46-sim-kill_process.Po + -rm -f ./$(DEPDIR)/47-live-kill_process.Po + -rm -f ./$(DEPDIR)/48-sim-32b_args.Po + -rm -f ./$(DEPDIR)/49-sim-64b_comparisons.Po + -rm -f ./$(DEPDIR)/50-sim-hash_collision.Po + -rm -f ./$(DEPDIR)/miniseq.Po + -rm -f ./$(DEPDIR)/util.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1165,10 +1622,10 @@ .MAKE: check-am install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \ - clean-libtool clean-local cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ + check-am clean clean-checkLTLIBRARIES clean-checkPROGRAMS \ + clean-generic clean-libtool clean-local cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ @@ -1180,6 +1637,10 @@ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + + +@CODE_COVERAGE_RULES@ check-build: ${MAKE} ${AM_MAKEFLAGS} ${check_PROGRAMS} diff -Nru libseccomp-2.3.1/tests/miniseq.c libseccomp-2.4.1/tests/miniseq.c --- libseccomp-2.3.1/tests/miniseq.c 2016-02-25 18:46:53.948445334 +0000 +++ libseccomp-2.4.1/tests/miniseq.c 2019-04-16 16:19:07.714602669 +0000 @@ -50,8 +50,9 @@ if (get_number(argv[1], &first) || get_number(argv[2], &last)) return 1; - for (cur = first; cur <= last; cur++) - printf("%" PRIu64 "\n", cur); + for (cur = first; cur != last; cur++) + printf("%" PRId64 "\n", cur); + printf("%" PRId64 "\n", cur); return 0; } diff -Nru libseccomp-2.3.1/tests/regression libseccomp-2.4.1/tests/regression --- libseccomp-2.3.1/tests/regression 2016-04-20 20:08:22.393223845 +0000 +++ libseccomp-2.4.1/tests/regression 2019-04-17 20:36:33.114878171 +0000 @@ -28,12 +28,30 @@ ppc64le" GLBL_ARCH_BE_SUPPORT=" \ mips mips64 mips64n32 \ + parisc parisc64 \ ppc ppc64 \ s390 s390x" +GLBL_ARCH_32B_SUPPORT=" \ + x86 x32 \ + arm \ + mips mipsel mips64n32 mipsel64n32 \ + parisc \ + ppc \ + s390" + +GLBL_ARCH_64B_SUPPORT=" \ + x86_64 \ + aarch64 \ + mips64 \ + parisc64 \ + ppc64 \ + s390x" + GLBL_SYS_ARCH="../tools/scmp_arch_detect" GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver" GLBL_SYS_SIM="../tools/scmp_bpf_sim" +GLBL_SYS_API="../tools/scmp_api_level" #### # functions @@ -82,6 +100,7 @@ -s SINGLE_TEST specifies individual test number to be run -t [TEMP_DIR] specifies directory to create temporary files in -T [TEST_TYPE] only run tests matching the specified type + can also be set via LIBSECCOMP_TSTCFG_TYPE env variable -v specifies that verbose output be provided EOF } @@ -213,7 +232,12 @@ if [[ $mode == "python" ]]; then cmd="PYTHONPATH=$PYTHONPATH" cmd="$cmd:$(cd $(pwd)/../src/python/build/lib.*; pwd)" - cmd="$cmd /usr/bin/env python $2.py $3" + # check and adjust if we are doing a VPATH build + if [[ -e "./$2.py" ]]; then + cmd="$cmd /usr/bin/env python $2.py $3" + else + cmd="$cmd /usr/bin/env python ${srcdir}/$2.py $3" + fi else cmd="$2 $3" fi @@ -279,6 +303,10 @@ local testname=${line[0]} local stress_count=${line[1]} + # check for stress count configuration via environment variables + [[ -n $LIBSECCOMP_TSTCFG_STRESSCNT ]] && \ + stress_count=$LIBSECCOMP_TSTCFG_STRESSCNT + for i in $(get_seq 1 $stress_count); do local sys=$(generate_random_data) local -a arg=($(generate_random_data) $(generate_random_data) \ @@ -407,6 +435,26 @@ # add all of the big endian architectures simarch_tmp+=" $GLBL_ARCH_BE_SUPPORT" ;; + all_32) + # add the native arch only if it is 32-bit + if echo "$GLBL_ARCH_32B_SUPPORT" | grep -qw "$arch"; then + simarch_tmp+=" $arch" + fi + ;; + +all_32) + # add all of the 32-bit architectures + simarch_tmp+=" $GLBL_ARCH_32B_SUPPORT" + ;; + all_64) + # add the native arch only if it is 64-bit + if echo "$GLBL_ARCH_64B_SUPPORT" | grep -qw "$arch"; then + simarch_tmp+=" $arch" + fi + ;; + +all_64) + # add all of the 64-bit architectures + simarch_tmp+=" $GLBL_ARCH_64B_SUPPORT" + ;; +*) # add the architecture specified simarch_tmp+=" ${arch_i:1}" @@ -436,8 +484,8 @@ # do we have any architectures remaining in the list? if [[ $simarch_list == "" ]]; then - print_result $(generate_test_num "$1" $2 1) "INFO" \ - "Test skipped due to architecture difference" + print_result $(generate_test_num "$1" $2 1) "SKIPPED" \ + "(architecture difference)" stats_skipped=$(($stats_skipped+1)) return fi @@ -470,7 +518,7 @@ # get low and high syscall values and convert them to numbers low_syscall=$(get_range $LOW "${line[2]}") - if [[ ! $low_syscall =~ ^[0-9]+$ ]]; then + if [[ ! $low_syscall =~ ^\-?[0-9]+$ ]]; then low_syscall=$($GLBL_SYS_RESOLVER -a $simarch -t \ $low_syscall) if [[ $? -ne 0 ]]; then @@ -481,7 +529,7 @@ fi fi high_syscall=$(get_range $HIGH "${line[2]}") - if [[ ! $high_syscall =~ ^[0-9]+$ ]]; then + if [[ ! $high_syscall =~ ^\-?[0-9]+$ ]]; then high_syscall=$($GLBL_SYS_RESOLVER -a $simarch -t \ $high_syscall) if [[ $? -ne 0 ]]; then @@ -599,12 +647,27 @@ # function run_test_basic() { local rc + local cmd + + # if the test is a script, only run it in native/c mode + if [[ $mode != "c" && "$2" == *.sh ]]; then + print_result "$1" "SKIPPED" "(only valid in native/c mode)" + stats_skipped=$(($stats_skipped+1)) + return + fi # print out the input test data to the log file print_data "$1" "$2" + # check and adjust if we are doing a VPATH build + if [[ -x "./$2" ]]; then + cmd="./$2" + else + cmd="${srcdir}/$2" + fi + # run the command - run_test_command "$1" "./$2" "" "" "" + run_test_command "$1" "$cmd" "" "" "" rc=$? if [[ $rc -ne 0 ]]; then print_result $1 "FAILURE" "$2 rc=$rc" @@ -631,6 +694,7 @@ # we only support the native/c test mode here if [[ $mode != "c" ]]; then + print_result "$1" "SKIPPED" "(only valid in native/c mode)" stats_skipped=$(($stats_skipped+1)) return fi @@ -682,12 +746,23 @@ # function run_test_live() { local rc + local api local line=($2) # parse the test line line_cmd=${line[0]} - line_act=${line[1]} - line_test="$line_cmd $line_act" + line_api=${line[1]} + line_act=${line[2]} + line_test="$line_cmd $line_api $line_act" + + # check the api level + api=$($GLBL_SYS_API) + if [[ $api -lt $line_api ]]; then + # runtime api level is too low + print_result "$1" "SKIPPED" "(api level)" + stats_skipped=$(($stats_skipped+1)) + return + fi # print out the input test data to the log file print_data "$1" "$2" @@ -701,19 +776,23 @@ # setup the arch specific return values case "$arch" in - x86|x86_64|x32|arm|aarch64|ppc|ppc64|ppc64le|ppc|s390|s390x) + x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x) + rc_kill_process=159 rc_kill=159 rc_allow=160 rc_trap=161 rc_trace=162 rc_errno=163 + rc_log=164 ;; mips|mipsel|mips64|mips64n32|mipsel64|mipsel64n32) + rc_kill_process=140 rc_kill=140 rc_allow=160 rc_trap=161 rc_trace=162 rc_errno=163 + rc_log=164 ;; *) print_result $testnumstr "ERROR" "arch $arch not supported" @@ -723,7 +802,10 @@ esac # verify the results - if [[ $line_act == "KILL" && $rc -eq $rc_kill ]]; then + if [[ $line_act == "KILL_PROCESS" && $rc -eq $rc_kill_process ]]; then + print_result $1 "SUCCESS" "" + stats_success=$(($stats_success+1)) + elif [[ $line_act == "KILL" && $rc -eq $rc_kill ]]; then print_result $1 "SUCCESS" "" stats_success=$(($stats_success+1)) elif [[ $line_act == "ALLOW" && $rc -eq $rc_allow ]]; then @@ -738,6 +820,9 @@ elif [[ $line_act == "ERRNO" && $rc -eq $rc_errno ]]; then print_result $1 "SUCCESS" "" stats_success=$(($stats_success+1)) + elif [[ $line_act == "LOG" && $rc -eq $rc_log ]]; then + print_result $1 "SUCCESS" "" + stats_success=$(($stats_success+1)) else print_result $1 "FAILURE" "$line_test rc=$rc" stats_failure=$(($stats_failure+1)) @@ -772,6 +857,8 @@ if check_deps valgrind; then run_test_bpf_valgrind "$testnumstr" "$3" else + print_result $testnumstr "SKIPPED" \ + "(valgrind not installed)" stats_skipped=$(($stats_skipped+1)) fi elif [[ "$4" == "live" ]]; then @@ -779,6 +866,8 @@ if [[ -n $type ]]; then run_test_live "$testnumstr" "$3" else + print_result $testnumstr "SKIPPED" \ + "(must specify live tests)" stats_skipped=$(($stats_skipped+1)) fi else @@ -961,6 +1050,9 @@ single_list=() fi +# check for configuration via environment variables +[[ -z $type && -n $LIBSECCOMP_TSTCFG_TYPE ]] && type=$LIBSECCOMP_TSTCFG_TYPE + # open log file for append (default to stdout) if [[ -n $logfile ]]; then logfd=3 diff -Nru libseccomp-2.3.1/tests/util.c libseccomp-2.4.1/tests/util.c --- libseccomp-2.3.1/tests/util.c 2016-02-11 18:36:42.706652229 +0000 +++ libseccomp-2.4.1/tests/util.c 2019-04-16 16:19:07.721269371 +0000 @@ -168,6 +168,8 @@ if (strcasecmp(action, "KILL") == 0) return SCMP_ACT_KILL; + if (strcasecmp(action, "KILL_PROCESS") == 0) + return SCMP_ACT_KILL_PROCESS; else if (strcasecmp(action, "TRAP") == 0) return SCMP_ACT_TRAP; else if (strcasecmp(action, "ERRNO") == 0) @@ -176,6 +178,8 @@ return -1; /* not yet supported */ else if (strcasecmp(action, "ALLOW") == 0) return SCMP_ACT_ALLOW; + else if (strcasecmp(action, "LOG") == 0) + return SCMP_ACT_LOG; return -1; } diff -Nru libseccomp-2.3.1/tests/util.py libseccomp-2.4.1/tests/util.py --- libseccomp-2.3.1/tests/util.py 2016-02-11 18:36:42.708652229 +0000 +++ libseccomp-2.4.1/tests/util.py 2018-12-03 23:53:10.213975888 +0000 @@ -100,8 +100,8 @@ Description: Open the specified file, write a string to the file, and close the file. """ - fd = os.open(path, os.O_WRONLY|os.O_CREAT, 0600) - if not os.write(fd, "testing") == len("testing"): + fd = os.open(str(path), os.O_WRONLY|os.O_CREAT) + if not os.write(fd, b"testing") == len("testing"): raise IOError("failed to write the full test string in write_file()") os.close(fd) diff -Nru libseccomp-2.3.1/tools/bpf.h libseccomp-2.4.1/tools/bpf.h --- libseccomp-2.3.1/tools/bpf.h 2016-02-11 18:37:06.639650438 +0000 +++ libseccomp-2.4.1/tools/bpf.h 2019-04-16 16:19:07.791269735 +0000 @@ -56,14 +56,18 @@ typedef struct sock_filter bpf_instr_raw; /* seccomp return masks */ +#define SECCOMP_RET_ACTION_FULL 0xffff0000U #define SECCOMP_RET_ACTION 0x7fff0000U #define SECCOMP_RET_DATA 0x0000ffffU /* seccomp action values */ -#define SECCOMP_RET_KILL 0x00000000U +#define SECCOMP_RET_KILL_PROCESS 0x80000000U +#define SECCOMP_RET_KILL_THREAD 0x00000000U +#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD #define SECCOMP_RET_TRAP 0x00030000U #define SECCOMP_RET_ERRNO 0x00050000U #define SECCOMP_RET_TRACE 0x7ff00000U +#define SECCOMP_RET_LOG 0x7ffc0000U #define SECCOMP_RET_ALLOW 0x7fff0000U /* bpf command classes */ @@ -101,6 +105,9 @@ #define BPF_LSH 0x60 #define BPF_RSH 0x70 #define BPF_NEG 0x80 +#define BPF_MOD 0x90 +#define BPF_XOR 0xa0 + /* BPF_JMP */ #define BPF_JA 0x00 #define BPF_JEQ 0x10 diff -Nru libseccomp-2.3.1/tools/Makefile.am libseccomp-2.4.1/tools/Makefile.am --- libseccomp-2.3.1/tools/Makefile.am 2016-02-26 19:39:32.584503029 +0000 +++ libseccomp-2.4.1/tools/Makefile.am 2018-12-03 23:53:10.217309239 +0000 @@ -27,12 +27,14 @@ noinst_PROGRAMS = \ scmp_arch_detect \ scmp_bpf_disasm \ - scmp_bpf_sim + scmp_bpf_sim \ + scmp_api_level EXTRA_DIST = check-syntax scmp_app_inspector scmp_bpf_disasm_SOURCES = scmp_bpf_disasm.c bpf.h util.h scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h +scmp_api_level_SOURCES = scmp_api_level.c scmp_sys_resolver_LDADD = ../src/libseccomp.la scmp_sys_resolver_LDFLAGS = -static @@ -40,3 +42,5 @@ scmp_arch_detect_LDFLAGS = -static scmp_bpf_disasm_LDADD = util.la scmp_bpf_sim_LDADD = util.la +scmp_api_level_LDADD = ../src/libseccomp.la +scmp_api_level_LDFLAGS = -static diff -Nru libseccomp-2.3.1/tools/Makefile.in libseccomp-2.4.1/tools/Makefile.in --- libseccomp-2.3.1/tools/Makefile.in 2016-04-20 20:11:09.026211374 +0000 +++ libseccomp-2.4.1/tools/Makefile.in 2019-04-17 21:02:40.739606223 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -34,7 +34,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -99,21 +109,22 @@ host_triplet = @host@ bin_PROGRAMS = scmp_sys_resolver$(EXEEXT) noinst_PROGRAMS = scmp_arch_detect$(EXEEXT) scmp_bpf_disasm$(EXEEXT) \ - scmp_bpf_sim$(EXEEXT) + scmp_bpf_sim$(EXEEXT) scmp_api_level$(EXEEXT) subdir = tools -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/configure.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) LTLIBRARIES = $(noinst_LTLIBRARIES) util_la_LIBADD = am_util_la_OBJECTS = util.lo @@ -125,8 +136,13 @@ util_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(util_la_LDFLAGS) $(LDFLAGS) -o $@ -am__installdirs = "$(DESTDIR)$(bindir)" -PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +am_scmp_api_level_OBJECTS = scmp_api_level.$(OBJEXT) +scmp_api_level_OBJECTS = $(am_scmp_api_level_OBJECTS) +scmp_api_level_DEPENDENCIES = ../src/libseccomp.la +scmp_api_level_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(scmp_api_level_LDFLAGS) $(LDFLAGS) -o \ + $@ scmp_arch_detect_SOURCES = scmp_arch_detect.c scmp_arch_detect_OBJECTS = scmp_arch_detect.$(OBJEXT) scmp_arch_detect_DEPENDENCIES = ../src/libseccomp.la @@ -161,7 +177,11 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/scmp_api_level.Po \ + ./$(DEPDIR)/scmp_arch_detect.Po ./$(DEPDIR)/scmp_bpf_disasm.Po \ + ./$(DEPDIR)/scmp_bpf_sim.Po ./$(DEPDIR)/scmp_sys_resolver.Po \ + ./$(DEPDIR)/util.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -181,12 +201,12 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(util_la_SOURCES) scmp_arch_detect.c \ - $(scmp_bpf_disasm_SOURCES) $(scmp_bpf_sim_SOURCES) \ - scmp_sys_resolver.c -DIST_SOURCES = $(util_la_SOURCES) scmp_arch_detect.c \ - $(scmp_bpf_disasm_SOURCES) $(scmp_bpf_sim_SOURCES) \ - scmp_sys_resolver.c +SOURCES = $(util_la_SOURCES) $(scmp_api_level_SOURCES) \ + scmp_arch_detect.c $(scmp_bpf_disasm_SOURCES) \ + $(scmp_bpf_sim_SOURCES) scmp_sys_resolver.c +DIST_SOURCES = $(util_la_SOURCES) $(scmp_api_level_SOURCES) \ + scmp_arch_detect.c $(scmp_bpf_disasm_SOURCES) \ + $(scmp_bpf_sim_SOURCES) scmp_sys_resolver.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -211,6 +231,8 @@ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -226,6 +248,12 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -240,12 +268,15 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ @@ -272,6 +303,11 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -324,9 +360,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -341,12 +381,15 @@ EXTRA_DIST = check-syntax scmp_app_inspector scmp_bpf_disasm_SOURCES = scmp_bpf_disasm.c bpf.h util.h scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h +scmp_api_level_SOURCES = scmp_api_level.c scmp_sys_resolver_LDADD = ../src/libseccomp.la scmp_sys_resolver_LDFLAGS = -static scmp_arch_detect_LDADD = ../src/libseccomp.la scmp_arch_detect_LDFLAGS = -static scmp_bpf_disasm_LDADD = util.la scmp_bpf_sim_LDADD = util.la +scmp_api_level_LDADD = ../src/libseccomp.la +scmp_api_level_LDFLAGS = -static all: all-am .SUFFIXES: @@ -363,14 +406,13 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tools/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign tools/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -381,20 +423,6 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -util.la: $(util_la_OBJECTS) $(util_la_DEPENDENCIES) $(EXTRA_util_la_DEPENDENCIES) - $(AM_V_CCLD)$(util_la_LINK) $(util_la_OBJECTS) $(util_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ @@ -454,6 +482,24 @@ echo " rm -f" $$list; \ rm -f $$list +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +util.la: $(util_la_OBJECTS) $(util_la_DEPENDENCIES) $(EXTRA_util_la_DEPENDENCIES) + $(AM_V_CCLD)$(util_la_LINK) $(util_la_OBJECTS) $(util_la_LIBADD) $(LIBS) + +scmp_api_level$(EXEEXT): $(scmp_api_level_OBJECTS) $(scmp_api_level_DEPENDENCIES) $(EXTRA_scmp_api_level_DEPENDENCIES) + @rm -f scmp_api_level$(EXEEXT) + $(AM_V_CCLD)$(scmp_api_level_LINK) $(scmp_api_level_OBJECTS) $(scmp_api_level_LDADD) $(LIBS) + scmp_arch_detect$(EXEEXT): $(scmp_arch_detect_OBJECTS) $(scmp_arch_detect_DEPENDENCIES) $(EXTRA_scmp_arch_detect_DEPENDENCIES) @rm -f scmp_arch_detect$(EXEEXT) $(AM_V_CCLD)$(scmp_arch_detect_LINK) $(scmp_arch_detect_OBJECTS) $(scmp_arch_detect_LDADD) $(LIBS) @@ -476,11 +522,18 @@ distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_arch_detect.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_bpf_disasm.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_bpf_sim.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_sys_resolver.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_api_level.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_arch_detect.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_bpf_disasm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_bpf_sim.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scmp_sys_resolver.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -564,7 +617,10 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -596,7 +652,7 @@ done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -637,7 +693,12 @@ clean-noinstLTLIBRARIES clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/scmp_api_level.Po + -rm -f ./$(DEPDIR)/scmp_arch_detect.Po + -rm -f ./$(DEPDIR)/scmp_bpf_disasm.Po + -rm -f ./$(DEPDIR)/scmp_bpf_sim.Po + -rm -f ./$(DEPDIR)/scmp_sys_resolver.Po + -rm -f ./$(DEPDIR)/util.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -683,7 +744,12 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/scmp_api_level.Po + -rm -f ./$(DEPDIR)/scmp_arch_detect.Po + -rm -f ./$(DEPDIR)/scmp_bpf_disasm.Po + -rm -f ./$(DEPDIR)/scmp_bpf_sim.Po + -rm -f ./$(DEPDIR)/scmp_sys_resolver.Po + -rm -f ./$(DEPDIR)/util.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -704,7 +770,7 @@ .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ clean-binPROGRAMS clean-generic clean-libtool \ clean-noinstLTLIBRARIES clean-noinstPROGRAMS cscopelist-am \ ctags ctags-am distclean distclean-compile distclean-generic \ @@ -719,6 +785,8 @@ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru libseccomp-2.3.1/tools/scmp_api_level.c libseccomp-2.4.1/tools/scmp_api_level.c --- libseccomp-2.3.1/tools/scmp_api_level.c 1970-01-01 00:00:00.000000000 +0000 +++ libseccomp-2.4.1/tools/scmp_api_level.c 2019-04-16 16:19:07.737936124 +0000 @@ -0,0 +1,39 @@ +/** + * API Level Detector + * + * Copyright (c) 2018 Paul Moore + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include + +/** + * main + */ +int main(int argc, char *argv[]) +{ + unsigned int level; + + level = seccomp_api_get(); + printf("%d\n", level); + + return 0; +} diff -Nru libseccomp-2.3.1/tools/scmp_arch_detect.c libseccomp-2.4.1/tools/scmp_arch_detect.c --- libseccomp-2.3.1/tools/scmp_arch_detect.c 2016-02-11 18:37:06.644650438 +0000 +++ libseccomp-2.4.1/tools/scmp_arch_detect.c 2019-04-16 16:19:07.744602825 +0000 @@ -99,6 +99,12 @@ case SCMP_ARCH_MIPSEL64N32: printf("mipsel64n32\n"); break; + case SCMP_ARCH_PARISC: + printf("parisc\n"); + break; + case SCMP_ARCH_PARISC64: + printf("parisc64\n"); + break; case SCMP_ARCH_PPC: printf("ppc\n"); break; diff -Nru libseccomp-2.3.1/tools/scmp_bpf_disasm.c libseccomp-2.4.1/tools/scmp_bpf_disasm.c --- libseccomp-2.3.1/tools/scmp_bpf_disasm.c 2016-02-11 18:37:06.649650437 +0000 +++ libseccomp-2.4.1/tools/scmp_bpf_disasm.c 2019-04-16 16:19:07.757936228 +0000 @@ -131,6 +131,12 @@ case BPF_ALU+BPF_NEG+BPF_K: case BPF_ALU+BPF_NEG+BPF_X: return "neg"; + case BPF_ALU+BPF_MOD+BPF_K: + case BPF_ALU+BPF_MOD+BPF_X: + return "mod"; + case BPF_ALU+BPF_XOR+BPF_K: + case BPF_ALU+BPF_XOR+BPF_X: + return "xor"; case BPF_JMP+BPF_JA+BPF_K: case BPF_JMP+BPF_JA+BPF_X: return "jmp"; @@ -167,11 +173,14 @@ */ static void bpf_decode_action(uint32_t k) { - uint32_t act = k & SECCOMP_RET_ACTION; + uint32_t act = k & SECCOMP_RET_ACTION_FULL; uint32_t data = k & SECCOMP_RET_DATA; switch (act) { - case SECCOMP_RET_KILL: + case SECCOMP_RET_KILL_PROCESS: + printf("KILL_PROCESS"); + break; + case SECCOMP_RET_KILL_THREAD: printf("KILL"); break; case SECCOMP_RET_TRAP: @@ -183,6 +192,9 @@ case SECCOMP_RET_TRACE: printf("TRACE(%u)", data); break; + case SECCOMP_RET_LOG: + printf("LOG"); + break; case SECCOMP_RET_ALLOW: printf("ALLOW"); break; diff -Nru libseccomp-2.3.1/tools/scmp_bpf_sim.c libseccomp-2.4.1/tools/scmp_bpf_sim.c --- libseccomp-2.3.1/tools/scmp_bpf_sim.c 2016-02-11 18:37:06.653650437 +0000 +++ libseccomp-2.4.1/tools/scmp_bpf_sim.c 2019-04-16 16:19:07.767936280 +0000 @@ -112,11 +112,14 @@ */ static void end_action(uint32_t action, unsigned int line) { - uint32_t act = action & SECCOMP_RET_ACTION; + uint32_t act = action & SECCOMP_RET_ACTION_FULL; uint32_t data = action & SECCOMP_RET_DATA; switch (act) { - case SECCOMP_RET_KILL: + case SECCOMP_RET_KILL_PROCESS: + fprintf(stdout, "KILL_PROCESS\n"); + break; + case SECCOMP_RET_KILL_THREAD: fprintf(stdout, "KILL\n"); break; case SECCOMP_RET_TRAP: @@ -128,6 +131,9 @@ case SECCOMP_RET_TRACE: fprintf(stdout, "TRACE(%u)\n", data); break; + case SECCOMP_RET_LOG: + fprintf(stdout, "LOG\n"); + break; case SECCOMP_RET_ALLOW: fprintf(stdout, "ALLOW\n"); break; @@ -265,6 +271,10 @@ arch = AUDIT_ARCH_MIPS64N32; else if (strcmp(optarg, "mipsel64n32") == 0) arch = AUDIT_ARCH_MIPSEL64N32; + else if (strcmp(optarg, "parisc") == 0) + arch = AUDIT_ARCH_PARISC; + else if (strcmp(optarg, "parisc64") == 0) + arch = AUDIT_ARCH_PARISC64; else if (strcmp(optarg, "ppc") == 0) arch = AUDIT_ARCH_PPC; else if (strcmp(optarg, "ppc64") == 0) diff -Nru libseccomp-2.3.1/tools/util.c libseccomp-2.4.1/tools/util.c --- libseccomp-2.3.1/tools/util.c 2016-02-11 18:37:06.656650437 +0000 +++ libseccomp-2.4.1/tools/util.c 2019-04-16 16:19:07.784603033 +0000 @@ -62,6 +62,10 @@ #elif __MIPSEL__ #define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32 #endif /* _MIPS_SIM_NABI32 */ +#elif __hppa64__ +#define ARCH_NATIVE AUDIT_ARCH_PARISC64 +#elif __hppa__ +#define ARCH_NATIVE AUDIT_ARCH_PARISC #elif __PPC64__ #ifdef __BIG_ENDIAN__ #define ARCH_NATIVE AUDIT_ARCH_PPC64