--- Hi, This patch ports the syscall filter to libseccomp. It can be disable with --disable-seccomp and is enabled by default if libseccomp is present.
Maybe I should add a warning when parsing SyscallFilter in a .service if seccomp has been disabled ? Now the SyscallFilter property is a duplicate of the string in the .service file instead of a uint array. Ronny Makefile.am | 30 ++--------------- README | 1 + TODO | 1 - configure.ac | 14 ++++++++ src/core/dbus-execute.c | 8 ++--- src/core/execute.c | 72 +++++++++------------------------------ src/core/execute.h | 8 ++++- src/core/load-fragment.c | 63 +++++++++++++++++----------------- src/shared/.gitignore | 4 --- src/shared/linux/seccomp-bpf.h | 76 ------------------------------------------ src/shared/linux/seccomp.h | 47 -------------------------- src/shared/syscall-list.c | 56 ------------------------------- src/shared/syscall-list.h | 41 ----------------------- src/test/test-tables.c | 3 -- 14 files changed, 75 insertions(+), 349 deletions(-) delete mode 100644 src/shared/linux/seccomp-bpf.h delete mode 100644 src/shared/linux/seccomp.h delete mode 100644 src/shared/syscall-list.c delete mode 100644 src/shared/syscall-list.h diff --git a/Makefile.am b/Makefile.am index 935a195..9a69fce 100644 --- a/Makefile.am +++ b/Makefile.am @@ -648,8 +648,6 @@ noinst_LTLIBRARIES += \ libsystemd_shared_la_SOURCES = \ src/shared/linux/auto_dev-ioctl.h \ src/shared/linux/fanotify.h \ - src/shared/linux/seccomp.h \ - src/shared/linux/seccomp-bpf.h \ src/shared/ioprio.h \ src/shared/missing.h \ src/shared/initreq.h \ @@ -757,8 +755,6 @@ libsystemd_shared_la_SOURCES = \ src/shared/net-util.h \ src/shared/errno-list.c \ src/shared/errno-list.h \ - src/shared/syscall-list.c \ - src/shared/syscall-list.h \ src/shared/audit.c \ src/shared/audit.h \ src/shared/xml.c \ @@ -766,9 +762,7 @@ libsystemd_shared_la_SOURCES = \ nodist_libsystemd_shared_la_SOURCES = \ src/shared/errno-from-name.h \ - src/shared/errno-to-name.h \ - src/shared/syscall-from-name.h \ - src/shared/syscall-to-name.h + src/shared/errno-to-name.h # ------------------------------------------------------------------------------ noinst_LTLIBRARIES += \ @@ -993,6 +987,7 @@ libsystemd_core_la_CFLAGS = \ $(PAM_CFLAGS) \ $(AUDIT_CFLAGS) \ $(KMOD_CFLAGS) \ + $(SECCOMP_CFLAGS) \ -pthread libsystemd_core_la_LIBADD = \ @@ -1008,6 +1003,7 @@ libsystemd_core_la_LIBADD = \ $(PAM_LIBS) \ $(AUDIT_LIBS) \ $(CAP_LIBS) \ + $(SECCOMP_LIBS) \ $(KMOD_LIBS) src/core/load-fragment-gperf-nulstr.c: src/core/load-fragment-gperf.gperf @@ -1021,33 +1017,13 @@ CLEANFILES += \ src/core/load-fragment-gperf.gperf \ src/core/load-fragment-gperf.c \ src/core/load-fragment-gperf-nulstr.c \ - src/shared/syscall-list.txt \ - src/shared/syscall-from-name.gperf \ src/shared/errno-list.txt \ src/shared/errno-from-name.gperf BUILT_SOURCES += \ - src/shared/syscall-from-name.h \ - src/shared/syscall-to-name.h \ src/shared/errno-from-name.h \ src/shared/errno-to-name.h -src/shared/syscall-list.txt: - $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include sys/syscall.h - < /dev/null | $(AWK) '/^#define[ \t]+__NR_[^ ]+[ \t]+[0-9(]/ { sub(/__NR_/, "", $$2); if ($$2 !~ /SYSCALL_BASE/) print $$2; }' > $@ - -src/shared/syscall-from-name.gperf: src/shared/syscall-list.txt - $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(AWK) 'BEGIN{ print "struct syscall_name { const char* name; int id; };"; print "%null-strings"; print "%%";} { printf "%s, __NR_%s\n", $$1, $$1 }' < $< > $@ - -src/shared/syscall-from-name.h: src/shared/syscall-from-name.gperf - $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GPERF)$(GPERF) -L ANSI-C -t --ignore-case -N lookup_syscall -H hash_syscall_name -p -C < $< > $@ - -src/shared/syscall-to-name.h: src/shared/syscall-list.txt - $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const syscall_names[] = { "} { printf "[SYSCALL_TO_INDEX(__NR_%s)] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ - src/shared/errno-list.txt: $(AM_V_at)$(MKDIR_P) $(dir $@) $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+[0-9]/ { print $$2; }' > $@ diff --git a/README b/README index 0548e6a..d94fbb3 100644 --- a/README +++ b/README @@ -92,6 +92,7 @@ REQUIREMENTS: glibc >= 2.14 libcap + libseccomp >= 1.0.0 (optional) libblkid >= 2.20 (from util-linux) (optional) libkmod >= 15 (optional) PAM >= 1.1.2 (optional) diff --git a/TODO b/TODO index e5318d7..d2095c0 100644 --- a/TODO +++ b/TODO @@ -528,7 +528,6 @@ Features: - syscall filter: add knowledge about compat syscalls - syscall filter: don't enforce no new privs? - syscall filter: option to return EPERM rather than SIGSYS? - - syscall filter: port to libseccomp - system-wide seccomp filter * load-fragment: when loading a unit file via a chain of symlinks diff --git a/configure.ac b/configure.ac index 939ba6d..1f68f3e 100644 --- a/configure.ac +++ b/configure.ac @@ -309,6 +309,19 @@ fi AM_CONDITIONAL(HAVE_BLKID, [test "$have_blkid" = "yes"]) # ------------------------------------------------------------------------------ +have_seccomp=no +AC_ARG_ENABLE(seccomp, AS_HELP_STRING([--disable-seccomp], [Disable optional SECCOMP support])) +if test "x$enable_seccomp" != "xno"; then + PKG_CHECK_MODULES(SECCOMP, [libseccomp >= 1.0.0], + [AC_DEFINE(HAVE_SECCOMP, 1, [Define if seccomp is available]) have_seccomp=yes], + [have_seccomp=no]) + if test "x$have_seccomp" = "xno" -a "x$enable_seccomp" = "xyes"; then + AC_MSG_ERROR([*** seccomp support requested but libraries not found]) + fi +fi +AM_CONDITIONAL(HAVE_SECCOMP, [test "$have_seccomp" = "yes"]) + +# ------------------------------------------------------------------------------ have_ima=yes AC_ARG_ENABLE([ima], AS_HELP_STRING([--disable-ima],[Disable optional IMA support]), [case "${enableval}" in @@ -1076,6 +1089,7 @@ AC_MSG_RESULT([ AUDIT: ${have_audit} IMA: ${have_ima} SELinux: ${have_selinux} + SECCOMP: ${have_seccomp} SMACK: ${have_smack} XZ: ${have_xz} ACL: ${have_acl} diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index edf84f8..6f7c8ea 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -25,7 +25,6 @@ #include "missing.h" #include "ioprio.h" #include "strv.h" -#include "syscall-list.h" #include "fileio.h" #include "execute.h" #include "dbus-execute.h" @@ -353,10 +352,7 @@ static int property_get_syscall_filter( assert(reply); assert(c); - if (c->syscall_filter) - return sd_bus_message_append_array(reply, 'u', c->syscall_filter, (syscall_max() + 31) >> 4); - else - return sd_bus_message_append_array(reply, 'u', NULL, 0); + return sd_bus_message_append(reply, "s", c->syscall_filter_string); } const sd_bus_vtable bus_exec_vtable[] = { @@ -420,7 +416,7 @@ const sd_bus_vtable bus_exec_vtable[] = { SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL, offsetof(ExecContext, utmp_id), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool, offsetof(ExecContext, ignore_sigpipe), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool, offsetof(ExecContext, no_new_privileges), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("SystemCallFilter", "au", property_get_syscall_filter, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("SystemCallFilter", "s", property_get_syscall_filter, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_VTABLE_END }; diff --git a/src/core/execute.c b/src/core/execute.c index 91e4352..47547c8 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -38,9 +38,11 @@ #include <linux/fs.h> #include <linux/oom.h> #include <sys/poll.h> -#include <linux/seccomp-bpf.h> #include <glob.h> #include <libgen.h> +#ifdef HAVE_SECCOMP +#include <seccomp.h> +#endif #undef basename #ifdef HAVE_PAM @@ -63,7 +65,6 @@ #include "utmp-wtmp.h" #include "def.h" #include "path-util.h" -#include "syscall-list.h" #include "env-util.h" #include "fileio.h" #include "unit.h" @@ -928,58 +929,6 @@ static void rename_process_from_path(const char *path) { rename_process(process_name); } -static int apply_seccomp(uint32_t *syscall_filter) { - static const struct sock_filter header[] = { - VALIDATE_ARCHITECTURE, - EXAMINE_SYSCALL - }; - static const struct sock_filter footer[] = { - _KILL_PROCESS - }; - - int i; - unsigned n; - struct sock_filter *f; - struct sock_fprog prog = {}; - - assert(syscall_filter); - - /* First: count the syscalls to check for */ - for (i = 0, n = 0; i < syscall_max(); i++) - if (syscall_filter[i >> 4] & (1 << (i & 31))) - n++; - - /* Second: build the filter program from a header the syscall - * matches and the footer */ - f = alloca(sizeof(struct sock_filter) * (ELEMENTSOF(header) + 2*n + ELEMENTSOF(footer))); - memcpy(f, header, sizeof(header)); - - for (i = 0, n = 0; i < syscall_max(); i++) - if (syscall_filter[i >> 4] & (1 << (i & 31))) { - struct sock_filter item[] = { - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, INDEX_TO_SYSCALL(i), 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) - }; - - assert_cc(ELEMENTSOF(item) == 2); - - f[ELEMENTSOF(header) + 2*n] = item[0]; - f[ELEMENTSOF(header) + 2*n+1] = item[1]; - - n++; - } - - memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer)); - - /* Third: install the filter */ - prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n; - prog.filter = f; - if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) - return -errno; - - return 0; -} - static void do_idle_pipe_dance(int idle_pipe[4]) { assert(idle_pipe); @@ -1557,13 +1506,15 @@ int exec_spawn(ExecCommand *command, goto fail_child; } +#ifdef HAVE_SECCOMP if (context->syscall_filter) { - err = apply_seccomp(context->syscall_filter); + err = seccomp_load(context->syscall_filter); if (err < 0) { r = EXIT_SECCOMP; goto fail_child; } } +#endif } err = build_environment(context, n_fds, watchdog_usec, home, username, shell, &our_env); @@ -1722,8 +1673,15 @@ void exec_context_done(ExecContext *c) { free(c->utmp_id); c->utmp_id = NULL; - free(c->syscall_filter); - c->syscall_filter = NULL; + free(c->syscall_filter_string); + c->syscall_filter_string = NULL; + +#ifdef HAVE_SECCOMP + if (c->syscall_filter) { + seccomp_release(c->syscall_filter); + c->syscall_filter = NULL; + } +#endif } void exec_command_done(ExecCommand *c) { diff --git a/src/core/execute.h b/src/core/execute.h index 4851152..00b7d9a 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -33,6 +33,9 @@ typedef struct ExecRuntime ExecRuntime; #include <stdbool.h> #include <stdio.h> #include <sched.h> +#ifdef HAVE_SECCOMP +#include <seccomp.h> +#endif #include "list.h" #include "util.h" @@ -160,7 +163,10 @@ struct ExecContext { * don't enter a trigger loop. */ bool same_pgrp; - uint32_t *syscall_filter; +#ifdef HAVE_SECCOMP + scmp_filter_ctx syscall_filter; +#endif + char *syscall_filter_string; bool oom_score_adjust_set:1; bool nice_set:1; diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 7a2d32d..08fcc1b 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -33,6 +33,9 @@ #include <sys/stat.h> #include <sys/time.h> #include <sys/resource.h> +#ifdef HAVE_SECCOMP +#include <seccomp.h> +#endif #include "sd-messages.h" #include "unit.h" @@ -47,7 +50,6 @@ #include "unit-printf.h" #include "utf8.h" #include "path-util.h" -#include "syscall-list.h" #include "env-util.h" #include "cgroup.h" #include "bus-util.h" @@ -1916,16 +1918,6 @@ int config_parse_documentation(const char *unit, return r; } -static void syscall_set(uint32_t *p, int nr) { - nr = SYSCALL_TO_INDEX(nr); - p[nr >> 4] |= 1 << (nr & 31); -} - -static void syscall_unset(uint32_t *p, int nr) { - nr = SYSCALL_TO_INDEX(nr); - p[nr >> 4] &= ~(1 << (nr & 31)); -} - int config_parse_syscall_filter(const char *unit, const char *filename, unsigned line, @@ -1936,49 +1928,61 @@ int config_parse_syscall_filter(const char *unit, const char *rvalue, void *data, void *userdata) { +#ifdef HAVE_SECCOMP +#define SECCOMP_RULE_ADD(ctx, action, id, name) \ + do {\ + r = seccomp_rule_add(ctx, action, id, 0);\ + if (r < 0)\ + log_syntax(unit, LOG_ERR, filename, line, -r,\ + "Failed to add syscall filter, ignoring: %s", name);\ + } while(0) ExecContext *c = data; Unit *u = userdata; bool invert = false; + uint32_t action = SCMP_ACT_ALLOW; char *w; size_t l; char *state; + int r; assert(filename); assert(lvalue); assert(rvalue); assert(u); + if (isempty(rvalue)) { /* Empty assignment resets the list */ - free(c->syscall_filter); + seccomp_release(c->syscall_filter); c->syscall_filter = NULL; + free(c->syscall_filter_string = NULL); + c->syscall_filter_string = NULL; return 0; } + c->syscall_filter_string = strdup(rvalue); if (rvalue[0] == '~') { + action = SCMP_ACT_KILL; invert = true; rvalue++; } if (!c->syscall_filter) { - size_t n; + if (invert) + c->syscall_filter = seccomp_init(SCMP_ACT_ALLOW); + else + c->syscall_filter = seccomp_init(SCMP_ACT_KILL); - n = (syscall_max() + 31) >> 4; - c->syscall_filter = new(uint32_t, n); if (!c->syscall_filter) - return log_oom(); - - memset(c->syscall_filter, invert ? 0xFF : 0, n * sizeof(uint32_t)); + return -1; /* Add these by default */ - syscall_set(c->syscall_filter, __NR_execve); - syscall_set(c->syscall_filter, __NR_rt_sigreturn); -#ifdef __NR_sigreturn - syscall_set(c->syscall_filter, __NR_sigreturn); -#endif - syscall_set(c->syscall_filter, __NR_exit_group); - syscall_set(c->syscall_filter, __NR_exit); + SECCOMP_RULE_ADD(c->syscall_filter, SCMP_ACT_ALLOW, SCMP_SYS(execve), "execve"); + SECCOMP_RULE_ADD(c->syscall_filter, SCMP_ACT_ALLOW, SCMP_SYS(exit), "exit"); + SECCOMP_RULE_ADD(c->syscall_filter, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), "exit_group"); + SECCOMP_RULE_ADD(c->syscall_filter, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), "rt_sigreturn"); + SECCOMP_RULE_ADD(c->syscall_filter, SCMP_ACT_ALLOW, SCMP_SYS(sigreturn), "sigreturn"); } FOREACH_WORD_QUOTED(w, l, rvalue, state) { @@ -1989,20 +1993,19 @@ int config_parse_syscall_filter(const char *unit, if (!t) return log_oom(); - id = syscall_from_name(t); + id = seccomp_syscall_resolve_name(t); if (id < 0) { log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse syscall, ignoring: %s", t); continue; } - if (invert) - syscall_unset(c->syscall_filter, id); - else - syscall_set(c->syscall_filter, id); + SECCOMP_RULE_ADD(c->syscall_filter, action, id, t); } c->no_new_privileges = true; +#undef SECCOMP_RULE_ADD +#endif return 0; } diff --git a/src/shared/.gitignore b/src/shared/.gitignore index 3820d19..c9b5f81 100644 --- a/src/shared/.gitignore +++ b/src/shared/.gitignore @@ -1,7 +1,3 @@ -/syscall-from-name.gperf -/syscall-from-name.h -/syscall-list.txt -/syscall-to-name.h /errno-from-name.gperf /errno-from-name.h /errno-list.txt diff --git a/src/shared/linux/seccomp-bpf.h b/src/shared/linux/seccomp-bpf.h deleted file mode 100644 index 1e3d136..0000000 --- a/src/shared/linux/seccomp-bpf.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * seccomp example for x86 (32-bit and 64-bit) with BPF macros - * - * Copyright (c) 2012 The Chromium OS Authors <chromium-os-...@chromium.org> - * Authors: - * Will Drewry <w...@chromium.org> - * Kees Cook <keesc...@chromium.org> - * - * The code may be used by anyone for any purpose, and can serve as a - * starting point for developing applications using mode 2 seccomp. - */ -#ifndef _SECCOMP_BPF_H_ -#define _SECCOMP_BPF_H_ - -#include <stdio.h> -#include <stddef.h> -#include <stdlib.h> -#include <errno.h> -#include <signal.h> -#include <string.h> -#include <unistd.h> - -#include <sys/prctl.h> - -#include <linux/unistd.h> -#include <linux/audit.h> -#include <linux/filter.h> -#include <linux/seccomp.h> - -#ifndef SECCOMP_MODE_FILTER -# define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ -# define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ -# define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ -# define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ -struct seccomp_data { - int nr; - __u32 arch; - __u64 instruction_pointer; - __u64 args[6]; -}; -#endif -#ifndef SYS_SECCOMP -# define SYS_SECCOMP 1 -#endif - -#define syscall_nr (offsetof(struct seccomp_data, nr)) -#define arch_nr (offsetof(struct seccomp_data, arch)) - -#if defined(__i386__) -# define REG_SYSCALL REG_EAX -# define ARCH_NR AUDIT_ARCH_I386 -#elif defined(__x86_64__) -# define REG_SYSCALL REG_RAX -# define ARCH_NR AUDIT_ARCH_X86_64 -#else -# warning "Platform does not support seccomp filter yet" -# define REG_SYSCALL 0 -# define ARCH_NR 0 -#endif - -#define VALIDATE_ARCHITECTURE \ - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, arch_nr), \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) - -#define EXAMINE_SYSCALL \ - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_nr) - -#define ALLOW_SYSCALL(name) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) - -#define _KILL_PROCESS \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) - -#endif /* _SECCOMP_BPF_H_ */ diff --git a/src/shared/linux/seccomp.h b/src/shared/linux/seccomp.h deleted file mode 100644 index 9c03683..0000000 --- a/src/shared/linux/seccomp.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef _LINUX_SECCOMP_H -#define _LINUX_SECCOMP_H - - -#include <linux/types.h> - - -/* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */ -#define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */ -#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */ -#define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ - -/* - * All BPF programs must return a 32-bit value. - * The bottom 16-bits are for optional return data. - * The upper 16-bits are ordered from least permissive values to most. - * - * The ordering ensures that a min_t() over composed return values always - * selects the least permissive choice. - */ -#define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ -#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ -#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ -#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ -#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ - -/* Masks for the return value sections. */ -#define SECCOMP_RET_ACTION 0x7fff0000U -#define SECCOMP_RET_DATA 0x0000ffffU - -/** - * struct seccomp_data - the format the BPF program executes over. - * @nr: the system call number - * @arch: indicates system call convention as an AUDIT_ARCH_* value - * as defined in <linux/audit.h>. - * @instruction_pointer: at the time of the system call. - * @args: up to 6 system call arguments always stored as 64-bit values - * regardless of the architecture. - */ -struct seccomp_data { - int nr; - __u32 arch; - __u64 instruction_pointer; - __u64 args[6]; -}; - -#endif /* _LINUX_SECCOMP_H */ diff --git a/src/shared/syscall-list.c b/src/shared/syscall-list.c deleted file mode 100644 index dc84dca..0000000 --- a/src/shared/syscall-list.c +++ /dev/null @@ -1,56 +0,0 @@ -/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ - -/*** - This file is part of systemd. - - Copyright 2012 Lennart Poettering - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. -***/ - -#include <sys/syscall.h> -#include <string.h> - -#include "util.h" -#include "syscall-list.h" - -static const struct syscall_name* lookup_syscall(register const char *str, - register unsigned int len); - -#include "syscall-to-name.h" -#include "syscall-from-name.h" - -const char *syscall_to_name(int id) { - id = SYSCALL_TO_INDEX(id); - if (id < 0 || id >= (int) ELEMENTSOF(syscall_names)) - return NULL; - - return syscall_names[id]; -} - -int syscall_from_name(const char *name) { - const struct syscall_name *sc; - - assert(name); - - sc = lookup_syscall(name, strlen(name)); - if (!sc) - return -1; - - return sc->id; -} - -int syscall_max(void) { - return ELEMENTSOF(syscall_names); -} diff --git a/src/shared/syscall-list.h b/src/shared/syscall-list.h deleted file mode 100644 index 37efc56..0000000 --- a/src/shared/syscall-list.h +++ /dev/null @@ -1,41 +0,0 @@ -/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ - -#pragma once - -/*** - This file is part of systemd. - - Copyright 2012 Lennart Poettering - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. -***/ - -#if defined __x86_64__ && defined __ILP32__ -/* The x32 ABI defines all of its syscalls with bit 30 set, which causes - issues when attempting to use syscalls as simple indices into an array. - Instead, use the syscall id & ~SYSCALL_MASK as the index, and | the - internal id with the syscall mask as needed. -*/ -#include <asm/unistd.h> -#define SYSCALL_TO_INDEX(x) ((x) & ~__X32_SYSCALL_BIT) -#define INDEX_TO_SYSCALL(x) ((x) | __X32_SYSCALL_BIT) -#else -#define SYSCALL_TO_INDEX(x) (x) -#define INDEX_TO_SYSCALL(x) (x) -#endif - -const char *syscall_to_name(int id); -int syscall_from_name(const char *name); - -int syscall_max(void); diff --git a/src/test/test-tables.c b/src/test/test-tables.c index 3b7800c..dff6431 100644 --- a/src/test/test-tables.c +++ b/src/test/test-tables.c @@ -43,7 +43,6 @@ #include "unit-name.h" #include "unit.h" #include "util.h" -#include "syscall-list.h" #include "test-tables.h" @@ -99,7 +98,5 @@ int main(int argc, char **argv) { test_table(unit_load_state, UNIT_LOAD_STATE); test_table(unit_type, UNIT_TYPE); - _test_table("syscall", syscall_to_name, syscall_from_name, syscall_max(), true); - return EXIT_SUCCESS; } -- 1.8.5.3 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel