Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Refactor makefile | Alice Frosi | 2023-04-06 | 1 | -12/+20 | |
| | ||||||
* | Add support for 64 bits arguments | Alice Frosi | 2023-04-06 | 6 | -34/+195 | |
| | ||||||
* | fix filter test | Alice Frosi | 2023-04-03 | 2 | -85/+72 | |
| | ||||||
* | filter: fix filter | Alice Frosi | 2023-04-03 | 4 | -56/+133 | |
| | | | | | An additional notification is need either when we jump from an instruction without arguments then at the end of the argument checks. | |||||
* | filter: load argument to check | Alice Frosi | 2023-03-31 | 2 | -1/+10 | |
| | ||||||
* | tests: add tests for filtering the syscalls | Alice Frosi | 2023-03-31 | 4 | -3/+122 | |
| | ||||||
* | test: moving shareable function in a separate file | Alice Frosi | 2023-03-30 | 4 | -176/+238 | |
| | ||||||
* | Create common function to install the BPF filter | Alice Frosi | 2023-03-30 | 5 | -42/+40 | |
| | ||||||
* | test: rename test-filter.c to test_filter_build.c | Alice Frosi | 2023-03-30 | 2 | -4/+4 | |
| | ||||||
* | test: fix filter order | Alice Frosi | 2023-03-29 | 1 | -43/+60 | |
| | ||||||
* | cooker: fix argument evaluation | Alice Frosi | 2023-03-29 | 1 | -19/+66 | |
| | | | | | Check sequentially the arguments for a syscall entry. If the check isn't successful then pass to the next entry. | |||||
* | test: fix cooker directory | Alice Frosi | 2023-03-29 | 1 | -1/+1 | |
| | ||||||
* | cooker: add filter.c/.h to the Makefile | Alice Frosi | 2023-03-29 | 1 | -3/+17 | |
| | | | | Integration of filter part in cooker. The filter requires the AUDIT_ARCH variable. | |||||
* | Rename cooker and eater with seitan prefix | Alice Frosi | 2023-03-28 | 23 | -6/+8 | |
| | ||||||
* | seitan: use die function to terminate on error | Alice Frosi | 2023-03-28 | 1 | -18/+10 | |
| | ||||||
* | seitan: remove unused variables and functions | Alice Frosi | 2023-03-24 | 1 | -64/+1 | |
| | | | | This was a left over of the previous version | |||||
* | Add missing pre-requirement to seitan target | Alice Frosi | 2023-03-24 | 1 | -1/+1 | |
| | ||||||
* | Replace errExit with die | Alice Frosi | 2023-03-24 | 2 | -17/+14 | |
| | ||||||
* | Move util.h and util.c in common | Alice Frosi | 2023-03-24 | 3 | -3/+4 | |
| | ||||||
* | Add license header to the integration tests | Alice Frosi | 2023-03-24 | 1 | -0/+7 | |
| | ||||||
* | cleanup commited files | Alice Frosi | 2023-03-24 | 1 | -0/+0 | |
| | ||||||
* | tests: Adjust project directory and add license headers | Alice Frosi | 2023-03-24 | 4 | -16/+64 | |
| | ||||||
* | Re-arrange repository structure | Alice Frosi | 2023-03-24 | 37 | -44/+16 | |
| | ||||||
* | Remove filter dir | Alice Frosi | 2023-03-24 | 3 | -38320/+0 | |
| | ||||||
* | Re-organize project and add license header | Alice Frosi | 2023-03-24 | 44 | -208/+38478 | |
| | ||||||
* | filter: add logging mode | Alice Frosi | 2023-03-23 | 5 | -35/+64 | |
| | | | | | The logging mode creates a BPF filter where all the syscalls trigger a notification to the seccomp notifier. | |||||
* | seitan: receiving seccomp notifier with socket | Alice Frosi | 2023-03-23 | 1 | -22/+126 | |
| | | | | | | | | OCI spec and container runtimes expect to send the seccomp notifer fd through a unix socket. This mode is complementary of retrieving the file descriptor using the pid of the target process. Add option to log the syscalls. | |||||
* | cooker: Initial import of new implementation | Stefano Brivio | 2023-03-20 | 19 | -0/+3179 | |
| | | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | |||||
* | tests: add unit tests for op_resolvedfd | Alice Frosi | 2023-03-15 | 1 | -1/+77 | |
| | ||||||
* | seitan: add op_resolvedfd | Alice Frosi | 2023-03-15 | 2 | -0/+36 | |
| | | | | | | The op_resolvedfd verifies that the fd points to a path. Signed-off-by: Alice Frosi <afrosi@redhat.com> | |||||
* | tests: add test for op_cmp | Alice Frosi | 2023-02-27 | 1 | -1/+63 | |
| | ||||||
* | seitan: add op_cmp | Alice Frosi | 2023-02-27 | 2 | -0/+15 | |
| | | | | | The operation op_cmp allows to compare 2 areas of memory and if they don't match to jump to an operation. | |||||
* | seitan: add op_end | Alice Frosi | 2023-02-27 | 2 | -0/+4 | |
| | | | | | The op_end signal to terminate reading the operations. This is useful for the introductions of branches for the matches. | |||||
* | test: fix arguments and offsets | Alice Frosi | 2023-02-27 | 1 | -6/+7 | |
| | ||||||
* | seitan: copy immediate args with op_copy | Alice Frosi | 2023-02-27 | 3 | -12/+22 | |
| | ||||||
* | tests: add test for op_copy | Alice Frosi | 2023-02-23 | 1 | -0/+64 | |
| | | | | | | The target process tries to perform a connect syscall and we need to check that the struct sockaddr_un is correctly copied from the memory of the target process | |||||
* | operations: add op_copy | Alice Frosi | 2023-02-23 | 3 | -5/+62 | |
| | ||||||
* | tests: generalize the syscall of the target | Alice Frosi | 2023-02-23 | 1 | -12/+19 | |
| | | | | | Refactor the tests to pass the filtered syscall and setting the argument into the shared struct. | |||||
* | test: fix check of a_block | Alice Frosi | 2023-02-23 | 1 | -1/+5 | |
| | ||||||
* | tests: adjust do_operations signature | Alice Frosi | 2023-02-23 | 1 | -7/+7 | |
| | | | | Signed-off-by: Alice Frosi <afrosi@redhat.com> | |||||
* | Rename actions to operations | Alice Frosi | 2023-02-22 | 6 | -117/+117 | |
| | | | | | Replace all the action related names to operations to make them more generic. | |||||
* | fix formatting | Alice Frosi | 2023-02-22 | 8 | -155/+171 | |
| | ||||||
* | gluten: remove error type | Alice Frosi | 2023-02-22 | 1 | -1/+0 | |
| | | | | The error is always constant and not a reference | |||||
* | tests: add test for act_inject with the references | Alice Frosi | 2023-02-21 | 1 | -8/+35 | |
| | ||||||
* | actions: add reference for the fds | Alice Frosi | 2023-02-21 | 3 | -15/+40 | |
| | ||||||
* | actions: change pointer to offset | Alice Frosi | 2023-02-21 | 3 | -25/+11 | |
| | ||||||
* | tests: add act_call and saving return value | Alice Frosi | 2023-02-21 | 1 | -0/+22 | |
| | ||||||
* | makefile: add variable to set temporary data size | Alice Frosi | 2023-02-21 | 1 | -0/+1 | |
| | ||||||
* | actions: cast data for temporary result to uint16_t | Alice Frosi | 2023-02-21 | 1 | -1/+1 | |
| | ||||||
* | tests: add test-action-call when running make test-unit | Alice Frosi | 2023-02-21 | 1 | -2/+2 | |
| |