| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Refactoring error messages:
- standardize error messages and functions
- return on error instead of exit
- test error when target doesn't exist
- include ability to capture stderr and stdout in the tests
|
|
|
|
| |
Add check if offset type is SECCOMP_DATA and the seccomp request is set.
|
|
|
|
| |
Adding the offset limits checks and unit tests.
|
|
|
|
|
|
|
|
| |
Refactor includes:
- use static inline instead of macro
- return -1 if there is an error and don't exit
- eval return 0 or -1
- adjust code and tests
|
|
|
|
|
|
| |
Add bounds checking:
- if offset is larger then the maximum per offset type
- if memcpy is reading/writing inside gluten
|
|
|
|
|
|
|
|
|
|
|
| |
Refactoring:
- rename do_operations to eval and reduce the number of arguments
- create macro HANDLE_OP
- rename all functions with op_*(operation name)
- exposed the op_* functions in the operations.h
Fixes:
- use pread for op_load
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only tangentially related:
- make seitan C99 again, so that I can build cooker without warnings
- make Makefiles make use of the usual conventions about assigning
directory paths in variables, drop numbers.h as requirement for
cooker and make it convenient to run stand-alone Makefiles
- fix up nr_syscalls.sh to be POSIX, otherwise it will give syntax
errors on my system
- define a single, common way to refer to offsets in gluten, and
functions to use those offsets in a safe way. Immediates are gone:
cooker will write any bit of "data" to the read-only section
- call const what has to be const
- define on-disk layout for gluten
- add OP_NR (to check syscall numbers), rename OP_COPY_ARGS to
OP_LOAD (it loads _selected_ stuff from arguments)
As for cooker itself:
- drop ARG_ and arg_ prefixes from struct names, and similar
- add/rework functions to build OP_NR, OP_LOAD, OP_CMP, and to
write constant data to gluten
- add parsing for "compound" arguments, but that's not completely
hooked into evaluation for numeric arguments yet
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
| |
|
| |
|
|
|
|
|
| |
Pid and id are reduandant fields as the information are already included
in the seccomp request
|
| |
|
| |
|
|
|
|
|
|
| |
The op_resolvedfd verifies that the fd points to a path.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
|
|
|
|
| |
The operation op_cmp allows to compare 2 areas of memory and if they
don't match to jump to an operation.
|
|
|
|
|
| |
The op_end signal to terminate reading the operations. This is useful
for the introductions of branches for the matches.
|
| |
|
| |
|
|
Replace all the action related names to operations to make them more
generic.
|