1. Forum
  2. Usenet
  3. LINUX.DEBIAN.PORTS.SUPERH

  • Adding support for SECCOMP_FILTER

    From John Paul Adrian Glaubitz@21:1/5 to All on Tue Jul 21 21:00:01 2020
    Hello!

    I recently discovered that the kernel supports seccomp on Linux as support
    was added in 2.6.27 [1].

    I consequently added SH support to libseccomp [2], only to discover that we
    are missing the SECCOMP_FILTER feature. Looking at the changes for PA-RISC [3] and RISC-V [4], the necessary changes in the kernel seem to be rather modest.

    Would anyone be willing to help me to implement SECCOMP_FILTER for SH? From what
    I can see, we just need to implement the part to add syscall filtering.

    Adrian

    [1] https://github.com/torvalds/linux/commit/c4637d475170ca0d99973efd07df727012db6cd1
    [2] https://github.com/seccomp/libseccomp/pull/271
    [3] https://github.com/torvalds/linux/commit/910cd32e552ea09caa89cdbe328e468979b030dd
    [4] https://github.com/torvalds/linux/commit/5340627e3fe08030988bdda46dd86cd5d5fb7517

    --
    .''`. John Paul Adrian Glaubitz
    : :' : Debian Developer - glaubitz@debian.org
    `. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
    `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rob Landley@21:1/5 to John Paul Adrian Glaubitz on Wed Jul 22 05:30:01 2020
    On 7/21/20 1:59 PM, John Paul Adrian Glaubitz wrote:
    Hello!

    I recently discovered that the kernel supports seccomp on Linux as support was added in 2.6.27 [1].

    I consequently added SH support to libseccomp [2], only to discover that we are missing the SECCOMP_FILTER feature. Looking at the changes for PA-RISC [3]
    and RISC-V [4], the necessary changes in the kernel seem to be rather modest.

    Would anyone be willing to help me to implement SECCOMP_FILTER for SH? From what
    I can see, we just need to implement the part to add syscall filtering.

    I dunno how much help I'd be (never having used seccomp), but I can try to reproduce what you do on a second setup? :)

    Rob

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Paul Adrian Glaubitz@21:1/5 to John Paul Adrian Glaubitz on Thu Jul 23 01:40:01 2020
    On 7/21/20 8:59 PM, John Paul Adrian Glaubitz wrote:
    Would anyone be willing to help me to implement SECCOMP_FILTER for SH? From what
    I can see, we just need to implement the part to add syscall filtering.

    Patches have been posted by Michael Karcher now to this list.

    The seccomp library code is also ready for merging, see [1].

    All tests pass as expected, including the live tests (with the exception
    of #51 which is broken on all 32-bit targets).

    Adrian

    [1] https://github.com/glaubitz/libseccomp/tree/superh

    --
    .''`. John Paul Adrian Glaubitz
    : :' : Debian Developer - glaubitz@debian.org
    `. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
    `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)