| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Makefile, seccomp: Fix build for i386, ppc64, ppc64le | Stefano Brivio | 2022-01-26 | 1 | -1/+5 |
| | | | | | | | | | | | | | | | | | | On some distributions, on ppc64, ulimit -s returns 'unlimited': add a reasonable default, and also make sure ulimit is invoked using the default shell, which should ensure ulimit is actually implemented. Also note that AUDIT_ARCH doesn't follow closely the naming reported by 'uname -m': convert for i386 and ppc as needed. While at it, move inclusion of seccomp.h after util.h, the former is less generic (cosmetic/clang-tidy only). Older kernel headers might lack a definition for AUDIT_ARCH_PPC64LE: define that explicitly if it's not available. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | ||||
| * | seccomp.sh: Handle missing ausyscall(8) or unknown syscall number | Stefano Brivio | 2021-10-21 | 1 | -3/+26 |
| | | | | | | | | ...try sourcing it with the compiler from <sys/syscalls.h> before giving up. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | ||||
| * | passt, pasta: Add seccomp support | Stefano Brivio | 2021-10-14 | 1 | -0/+180 |
| List of allowed syscalls comes from comments in the form: #syscalls <list> for syscalls needed both in passt and pasta mode, and: #syscalls:pasta <list> #syscalls:passt <list> for syscalls specifically needed in pasta or passt mode only. seccomp.sh builds a list of BPF statements from those comments, prefixed by a binary search tree to keep lookup fast. While at it, clean up a bit the Makefile using wildcards. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> | |||||
 |
index : passt |
| Plug A Simple Socket Transport |
| aboutgitcodebugslistschat |
path: root/seccomp.sh