Branch: refs/heads/master
Home: https://github.com/seccomp/libseccomp
Commit: dead12bc788b259b148cc4d93b970ef0bd602b1a
https://github.com/seccomp/libseccomp/commit/dead12bc788b259b148cc4d93b970ef0bd602b1a
Author: Paul Moore <[email protected]>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M doc/man/man3/seccomp_api_get.3
A doc/man/man3/seccomp_notify_alloc.3
A doc/man/man3/seccomp_notify_fd.3
A doc/man/man3/seccomp_notify_free.3
A doc/man/man3/seccomp_notify_id_valid.3
A doc/man/man3/seccomp_notify_receive.3
A doc/man/man3/seccomp_notify_respond.3
M include/seccomp.h.in
M src/api.c
M src/db.c
M src/db.h
M src/system.c
M src/system.h
Log Message:
-----------
api: implement user notification in libseccomp
This patch is heavily based on an earlier patchset by Tycho
Andersen. I took Tycho's patch and incorporated the requested changes
from the review, fixed some corner case bugs, and simplified the API
a bit.
Kernel 5.0 includes the new user notification return code. Here's all the
infrastructure to handle that.
The idea behind the user notification return code is that the filter stops
the syscall, and forwards it to a "listener fd" that is created when
installing a filter. Then then some userspace task can listen and process
events accordingly by taking some (or no) action in userspace, and then
returning a value from the command.
Signed-off-by: Tycho Andersen <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Commit: 7929badbb223d0dcfe866f7b47bcaffc57f6f3e2
https://github.com/seccomp/libseccomp/commit/7929badbb223d0dcfe866f7b47bcaffc57f6f3e2
Author: Paul Moore <[email protected]>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M include/seccomp.h.in
M src/api.c
M src/db.c
M src/db.h
Log Message:
-----------
api: make TSYNC and NOTIFY mutually exclusive
The kernel explicitly disallows setting both TSYNC and NEW_LISTENER
at the same time, so catch this and block it in libseccomp.
Signed-off-by: Paul Moore <[email protected]>
Commit: e15f41574db5845a9f262f0867f3d13dba5e3452
https://github.com/seccomp/libseccomp/commit/e15f41574db5845a9f262f0867f3d13dba5e3452
Author: Paul Moore <[email protected]>
Date: 2019-05-03 (Fri, 03 May 2019)
Changed paths:
M src/python/libseccomp.pxd
M src/python/seccomp.pyx
Log Message:
-----------
python: update the python bindings to support notifications
Here is the desciption from the main commit:
"Kernel 5.0 includes the new user notification return code. Here's
all the infrastructure to handle that.
The idea behind the user notification return code is that the
filter stops the syscall, and forwards it to a "listener fd" that
is created when installing a filter. Then then some userspace task
can listen and process events accordingly by taking some (or no)
action in userspace, and then returning a value from the command."
Signed-off-by: Paul Moore <[email protected]>
Commit: 78497a5d1da200ab0356e1189f5efb8724ad70a1
https://github.com/seccomp/libseccomp/commit/78497a5d1da200ab0356e1189f5efb8724ad70a1
Author: Paul Moore <[email protected]>
Date: 2019-05-03 (Fri, 03 May 2019)
Changed paths:
M tests/.gitignore
M tests/13-basic-attrs.c
M tests/13-basic-attrs.py
A tests/51-live-user_notification.c
A tests/51-live-user_notification.py
A tests/51-live-user_notification.tests
M tests/Makefile.am
Log Message:
-----------
tests: add notification tests
Some of this was taken from Tycho's original patch.
Signed-off-by: Tycho Andersen <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Compare:
https://github.com/seccomp/libseccomp/compare/d390edad9a85...78497a5d1da2
--
You received this message because you are subscribed to the Google Groups
"libseccomp" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/d/optout.
