Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | gluten: remove unused enum value_type | Alice Frosi | 2023-05-11 | 1 | -5/+0 | |
| | ||||||
* | Add missing license header to tests/unit/test_errors.c | Alice Frosi | 2023-05-11 | 1 | -0/+5 | |
| | ||||||
* | Clean-up error message and test | Alice Frosi | 2023-05-11 | 5 | -58/+122 | |
| | | | | | | | | Refactoring error messages: - standardize error messages and functions - return on error instead of exit - test error when target doesn't exist - include ability to capture stderr and stdout in the tests | |||||
* | ops: check for SECCOMP_DATA | Alice Frosi | 2023-05-10 | 2 | -3/+6 | |
| | | | | Add check if offset type is SECCOMP_DATA and the seccomp request is set. | |||||
* | seitan: add check for limits to op_cmp | Alice Frosi | 2023-05-10 | 2 | -3/+39 | |
| | | | | Adding the offset limits checks and unit tests. | |||||
* | Refactoring of gluten_read/write | Alice Frosi | 2023-05-10 | 5 | -60/+86 | |
| | | | | | | | | Refactor includes: - use static inline instead of macro - return -1 if there is an error and don't exit - eval return 0 or -1 - adjust code and tests | |||||
* | gluten: check limits | Alice Frosi | 2023-05-09 | 5 | -11/+183 | |
| | | | | | | Add bounds checking: - if offset is larger then the maximum per offset type - if memcpy is reading/writing inside gluten | |||||
* | test: fix operations | Alice Frosi | 2023-05-08 | 5 | -274/+244 | |
| | | | | Adjust the tests after the refactoring and to use struct gluten_offset | |||||
* | seitan: refactor operations | Alice Frosi | 2023-05-08 | 4 | -188/+231 | |
| | | | | | | | | | | | Refactoring: - rename do_operations to eval and reduce the number of arguments - create macro HANDLE_OP - rename all functions with op_*(operation name) - exposed the op_* functions in the operations.h Fixes: - use pread for op_load | |||||
* | cooker updates spilling all over the place | Stefano Brivio | 2023-05-02 | 15 | -283/+677 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only tangentially related: - make seitan C99 again, so that I can build cooker without warnings - make Makefiles make use of the usual conventions about assigning directory paths in variables, drop numbers.h as requirement for cooker and make it convenient to run stand-alone Makefiles - fix up nr_syscalls.sh to be POSIX, otherwise it will give syntax errors on my system - define a single, common way to refer to offsets in gluten, and functions to use those offsets in a safe way. Immediates are gone: cooker will write any bit of "data" to the read-only section - call const what has to be const - define on-disk layout for gluten - add OP_NR (to check syscall numbers), rename OP_COPY_ARGS to OP_LOAD (it loads _selected_ stuff from arguments) As for cooker itself: - drop ARG_ and arg_ prefixes from struct names, and similar - add/rework functions to build OP_NR, OP_LOAD, OP_CMP, and to write constant data to gluten - add parsing for "compound" arguments, but that's not completely hooked into evaluation for numeric arguments yet Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | |||||
* | filter: add missing license header | Alice Frosi | 2023-04-25 | 2 | -0/+10 | |
| | ||||||
* | filter: remove logging part | Alice Frosi | 2023-04-25 | 2 | -20/+3 | |
| | | | | The logging will be handled different using op_log | |||||
* | seitan: use functions from util.h | Alice Frosi | 2023-04-25 | 2 | -7/+8 | |
| | ||||||
* | seitan: remove unused options | Alice Frosi | 2023-04-25 | 1 | -108/+3 | |
| | ||||||
* | test: uncomment test | Alice Frosi | 2023-04-21 | 1 | -1/+1 | |
| | ||||||
* | test: test various values for op_cmp_type | Alice Frosi | 2023-04-21 | 1 | -8/+83 | |
| | ||||||
* | Add op_cmp type | Alice Frosi | 2023-04-21 | 2 | -5/+25 | |
| | ||||||
* | tests: clean-up created file | Alice Frosi | 2023-04-21 | 2 | -1/+3 | |
| | ||||||
* | operations: fix bug into the reference injection | Alice Frosi | 2023-04-21 | 1 | -2/+2 | |
| | ||||||
* | operation: remove pid and id | Alice Frosi | 2023-04-21 | 3 | -34/+36 | |
| | | | | | Pid and id are reduandant fields as the information are already included in the seccomp request | |||||
* | Replace argp with getopt | Alice Frosi | 2023-04-20 | 2 | -86/+90 | |
| | ||||||
* | Makefile: fix compilation for cooker for missing numbers.h | Alice Frosi | 2023-04-18 | 1 | -2/+2 | |
| | ||||||
* | filter: clean-up unused functions | Alice Frosi | 2023-04-18 | 1 | -28/+4 | |
| | ||||||
* | test: fix test filter with the new filter build | Alice Frosi | 2023-04-18 | 1 | -94/+101 | |
| | ||||||
* | filter: remove superfluous jumps | Alice Frosi | 2023-04-18 | 1 | -25/+25 | |
| | ||||||
* | test: add test for and_ne | Alice Frosi | 2023-04-18 | 1 | -10/+38 | |
| | ||||||
* | filter: add and_ne operation | Alice Frosi | 2023-04-18 | 1 | -4/+39 | |
| | ||||||
* | test: add unit test for and operation | Alice Frosi | 2023-04-18 | 1 | -0/+66 | |
| | ||||||
* | filter: add and operation | Alice Frosi | 2023-04-18 | 2 | -10/+57 | |
| | ||||||
* | Fix filter offset for gt and lt | Alice Frosi | 2023-04-14 | 1 | -2/+2 | |
| | ||||||
* | Add test for BPF filter comparison operations | Alice Frosi | 2023-04-14 | 1 | -28/+110 | |
| | ||||||
* | Add comparison operations to the BPF filter | Alice Frosi | 2023-04-13 | 1 | -2/+20 | |
| | ||||||
* | Fix tests | Alice Frosi | 2023-04-13 | 5 | -29/+35 | |
| | ||||||
* | Fix offset after refactoring | Alice Frosi | 2023-04-12 | 1 | -1/+5 | |
| | ||||||
* | Refactor tests to use same struct arg as the filter | Alice Frosi | 2023-04-12 | 6 | -43/+45 | |
| | ||||||
* | Add other comparison operation for the BPF filter | Alice Frosi | 2023-04-12 | 4 | -39/+122 | |
| | ||||||
* | filter: define arg_cmp and arg_type | Alice Frosi | 2023-04-06 | 6 | -49/+56 | |
| | ||||||
* | Refactor makefile | Alice Frosi | 2023-04-06 | 1 | -12/+20 | |
| | ||||||
* | Add support for 64 bits arguments | Alice Frosi | 2023-04-06 | 6 | -34/+195 | |
| | ||||||
* | fix filter test | Alice Frosi | 2023-04-03 | 2 | -85/+72 | |
| | ||||||
* | filter: fix filter | Alice Frosi | 2023-04-03 | 4 | -56/+133 | |
| | | | | | An additional notification is need either when we jump from an instruction without arguments then at the end of the argument checks. | |||||
* | filter: load argument to check | Alice Frosi | 2023-03-31 | 2 | -1/+10 | |
| | ||||||
* | tests: add tests for filtering the syscalls | Alice Frosi | 2023-03-31 | 4 | -3/+122 | |
| | ||||||
* | test: moving shareable function in a separate file | Alice Frosi | 2023-03-30 | 4 | -176/+238 | |
| | ||||||
* | Create common function to install the BPF filter | Alice Frosi | 2023-03-30 | 5 | -42/+40 | |
| | ||||||
* | test: rename test-filter.c to test_filter_build.c | Alice Frosi | 2023-03-30 | 2 | -4/+4 | |
| | ||||||
* | test: fix filter order | Alice Frosi | 2023-03-29 | 1 | -43/+60 | |
| | ||||||
* | cooker: fix argument evaluation | Alice Frosi | 2023-03-29 | 1 | -19/+66 | |
| | | | | | Check sequentially the arguments for a syscall entry. If the check isn't successful then pass to the next entry. | |||||
* | test: fix cooker directory | Alice Frosi | 2023-03-29 | 1 | -1/+1 | |
| | ||||||
* | cooker: add filter.c/.h to the Makefile | Alice Frosi | 2023-03-29 | 1 | -3/+17 | |
| | | | | Integration of filter part in cooker. The filter requires the AUDIT_ARCH variable. |