On Tuesday, April 02, 2013 11:52:04 AM Kees Cook wrote:
> On Tue, Apr 2, 2013 at 7:12 AM, Paul Moore <[email protected]> wrote:
> > On Monday, April 01, 2013 07:00:26 PM Kees Cook wrote:
> >> On Thu, Mar 28, 2013 at 8:55 AM, Paul Moore <[email protected]> wrote:
> >> > I've been fixing and sitting on these patches for some time now,
> >> > waiting on upstream x32 kernel fixes (x32) and access to an ARM*
> >> > system for verification. Unfortunately, sitting on this large of
> >> > a patchset results in merging problems whenever we add another
> >> > patch to the repo.
> >> >
> >> > Therefore, I'm considering simply merging the following patches
> >> > just to get them into repo and we can always fix up any problems
> >> > that may appear during testing. If I don't hear any objects in
> >> > the next day or two I'll go ahead.
> >> >
> >> > * Does anyone have an ARM system running 3.8 that they would be
> >> > willing to test?
> >>
> >> I can get a simulated system up running 3.8 tomorrow. I just have to
> >> find my notes from doing the ARM seccomp porting work. :)
> >
> > If you can get it going without too much fuss that would be helpful. All
> > you would need to do is grab the latest repo, build it (with the python
> > bindings too please) and do the following:
>
> $ ./configure --enable-python
> CONFIGURATION SUMMARY
> libseccomp version: 0.0.0
> installation base: /usr/local
> library directory: /usr/local/lib
> use system includes: no
> python bindings: yes
>
> Is there a reason for the 0.0.0 version in the tree? The tarballs
> don't show that...
Sorta, I keep the main dev branch set at 0.0.0 so it is easy for me to
distinguish between dev and released code.
> The Python bindings fail to build for me:
>
> Error compiling Cython file:
> ------------------------------------------------------------
> ...
> raise TypeError("Syscall must either be an int or str type")
> """ NOTE: the code below exists solely to deal with the varadic
> nature of seccomp_rule_add() function and the inability of Cython
> to handle this automatically """
> for i, arg in enumerate(args):
> c_arg[i] = arg.to_c()
> ^
> ------------------------------------------------------------
>
> seccomp.pyx:419:31: Cannot convert Python object to 'scmp_arg_cmp'
> ...
> seccomp.pyx:498:31: Cannot convert Python object to 'scmp_arg_cmp'
Interesting. What version of Cython do you have installed? For reference I'm
curently using Cython 0.17.4 ... although I just noticed that 0.18 is
available. Also, can I assume this is Ubuntu and/or Debian?
> > # cd tests
> > # ./regression -m c -m python
>
> Running "regression -m c" has some failures:
>
> Test 08-sim-subtree_checks%%022-00001 result: FAILURE bpf_sim resulted in
> KILL Test 12-sim-basic_masked_ops%%001-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%002-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%004-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%005-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%006-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%008-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%009-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%010-00001 result: FAILURE bpf_sim
> resulted in KILL
> Test 12-sim-basic_masked_ops%%015-00001 result: FAILURE bpf_sim
> resulted in KILL
> ...
> Regression Test Summary
> tests run: 3950
> tests skipped: 55
> tests passed: 3940
> tests failed: 10
> tests errored: 0
Hmm, bummer. Can you post the output of the following:
# cd tests
# ./08-sim-subtree_checks
# ./08-sim-subtree_checks -b | ../tools/bpf_disasm
> > # ./regression -m c -m python -T live
>
> Running "regression -m c -T live" passes:
>
> Test 20-live-basic_die%%001-00000 result: SUCCESS
> Test 20-live-basic_die%%002-00000 result: SUCCESS
> Test 20-live-basic_die%%003-00000 result: SUCCESS
> Test 21-live-basic_allow%%001-00000 result: SUCCESS
> Test 24-live-arg_allow%%001-00000 result: SUCCESS
> ...
> Regression Test Summary
> tests run: 5
> tests skipped: 0
> tests passed: 5
> tests failed: 0
> tests errored: 0
At least that worked okay. That's good.
> Are you on IRC anywhere normally?
Yes and no; I'm on IRC in a few channels but you generally have to yell my
name to get my attention, I don't really actively monitor any particular
channel. You can find me on freenode in #kvm and #selinux as pmoore; do you
guys have a seccomp channel?
--
paul moore
security and virtualization @ redhat
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
