On Tue, Apr 2, 2013 at 7:12 AM, Paul Moore <[email protected]> wrote:
> On Monday, April 01, 2013 07:00:26 PM Kees Cook wrote:
>> On Thu, Mar 28, 2013 at 8:55 AM, Paul Moore <[email protected]> wrote:
>> > I've been fixing and sitting on these patches for some time now,
>> > waiting on upstream x32 kernel fixes (x32) and access to an ARM*
>> > system for verification. Unfortunately, sitting on this large of
>> > a patchset results in merging problems whenever we add another
>> > patch to the repo.
>> >
>> > Therefore, I'm considering simply merging the following patches
>> > just to get them into repo and we can always fix up any problems
>> > that may appear during testing. If I don't hear any objects in
>> > the next day or two I'll go ahead.
>> >
>> > * Does anyone have an ARM system running 3.8 that they would be
>> > willing to test?
>>
>> I can get a simulated system up running 3.8 tomorrow. I just have to
>> find my notes from doing the ARM seccomp porting work. :)
>
> If you can get it going without too much fuss that would be helpful. All you
> would need to do is grab the latest repo, build it (with the python bindings
> too please) and do the following:
$ ./configure --enable-python
CONFIGURATION SUMMARY
libseccomp version: 0.0.0
installation base: /usr/local
library directory: /usr/local/lib
use system includes: no
python bindings: yes
Is there a reason for the 0.0.0 version in the tree? The tarballs
don't show that...
The Python bindings fail to build for me:
Error compiling Cython file:
------------------------------------------------------------
...
raise TypeError("Syscall must either be an int or str type")
""" NOTE: the code below exists solely to deal with the varadic
nature of seccomp_rule_add() function and the inability of Cython
to handle this automatically """
for i, arg in enumerate(args):
c_arg[i] = arg.to_c()
^
------------------------------------------------------------
seccomp.pyx:419:31: Cannot convert Python object to 'scmp_arg_cmp'
...
seccomp.pyx:498:31: Cannot convert Python object to 'scmp_arg_cmp'
> # cd tests
> # ./regression -m c -m python
Running "regression -m c" has some failures:
Test 08-sim-subtree_checks%%022-00001 result: FAILURE bpf_sim resulted in KILL
Test 12-sim-basic_masked_ops%%001-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%002-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%004-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%005-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%006-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%008-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%009-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%010-00001 result: FAILURE bpf_sim
resulted in KILL
Test 12-sim-basic_masked_ops%%015-00001 result: FAILURE bpf_sim
resulted in KILL
...
Regression Test Summary
tests run: 3950
tests skipped: 55
tests passed: 3940
tests failed: 10
tests errored: 0
> # ./regression -m c -m python -T live
Running "regression -m c -T live" passes:
Test 20-live-basic_die%%001-00000 result: SUCCESS
Test 20-live-basic_die%%002-00000 result: SUCCESS
Test 20-live-basic_die%%003-00000 result: SUCCESS
Test 21-live-basic_allow%%001-00000 result: SUCCESS
Test 24-live-arg_allow%%001-00000 result: SUCCESS
...
Regression Test Summary
tests run: 5
tests skipped: 0
tests passed: 5
tests failed: 0
tests errored: 0
> The live tests are the most important, but it would be nice to run all the
> regression tests just to be safe.
>
>> Regardless, I think it's fine to push it into trunk. We can fix up
>> anything we find later.
>
> Yep, I merged it yesterday afternoon.
>
> --
> paul moore
> security and virtualization @ redhat
Are you on IRC anywhere normally?
-Kees
--
Kees Cook
Chrome OS Security
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
