| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | seitan: small fixes | Alice Frosi | 2023-08-31 | 1 | -0/+8 |
| | | | | | | | Fixes: - return an error message in do_clone instead of exit - check if the type of context is out-of-bound | ||||
| * | common: print syscall name based on the number | Alice Frosi | 2023-08-30 | 1 | -1/+2 |
| | | |||||
| * | cooker: generate OCI seccomp profile | Alice Frosi | 2023-08-24 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | | Generate the OCI seccomp profile instead of directly the BPF filter. The seccomp profile will be used consquently by the container runtime as input in order to generate the BPF filter. Example with mknod: $ seitan-cooker -g /tmp/gluten -p /tmp/scmp_prof.json -s seccomp.json -i demo/mknod.hjson $ seitan -s /tmp/seitan.sock -i /tmp/gluten $ podman run --cap-drop ALL --security-opt=seccomp=/tmp/scmp_prof.json \ --annotation run.oci.seccomp.receiver=/tmp/seitan.sock \ -ti fedora \ sh -c 'mknod /dev/lol c 1 7 && ls /dev/lol' /dev/lol Signed-off-by: Alice Frosi <afrosi@redhat.com> | ||||
| * | treewide: Change to GPLv2, add LICENSES, missing headers | Stefano Brivio | 2023-06-04 | 1 | -1/+1 |
| | | | | | | | As discussed with Alice -- 'reuse lint' passes now. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | ||||
| * | Clean-up error message and test | Alice Frosi | 2023-05-11 | 1 | -0/+12 |
| | | | | | | | | | Refactoring error messages: - standardize error messages and functions - return on error instead of exit - test error when target doesn't exist - include ability to capture stderr and stdout in the tests | ||||
| * | cooker updates spilling all over the place | Stefano Brivio | 2023-05-02 | 1 | -0/+97 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only tangentially related: - make seitan C99 again, so that I can build cooker without warnings - make Makefiles make use of the usual conventions about assigning directory paths in variables, drop numbers.h as requirement for cooker and make it convenient to run stand-alone Makefiles - fix up nr_syscalls.sh to be POSIX, otherwise it will give syntax errors on my system - define a single, common way to refer to offsets in gluten, and functions to use those offsets in a safe way. Immediates are gone: cooker will write any bit of "data" to the read-only section - call const what has to be const - define on-disk layout for gluten - add OP_NR (to check syscall numbers), rename OP_COPY_ARGS to OP_LOAD (it loads _selected_ stuff from arguments) As for cooker itself: - drop ARG_ and arg_ prefixes from struct names, and similar - add/rework functions to build OP_NR, OP_LOAD, OP_CMP, and to write constant data to gluten - add parsing for "compound" arguments, but that's not completely hooked into evaluation for numeric arguments yet Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | ||||
| * | Move util.h and util.c in common | Alice Frosi | 2023-03-24 | 1 | -0/+22 |
 |
index : seitan |
| Syscall Expressive Interpreter, Transformer and Notifier |
| aboutgitcodelistschat:MatrixIRC |