Home
last modified time | relevance | path

Searched +full:- +full:- +full:disable +full:- +full:seccomp (Results 1 – 25 of 52) sorted by relevance

123

/openbmc/openbmc/meta-security/recipes-security/Firejail/
H A Dfirejail_0.9.72.bb4 SUMMARY = "Linux namespaces and seccomp-bpf sandbox"
7 seccomp-bpf and Linux capabilities."
10 LICENSE = "GPL-2.0-only"
21 inherit autotools-brokensep pkgconfig bash-completion features_check
23 REQUIRED_DISTRO_FEATURES = "seccomp"
30 PACKAGECONFIG[apparmor] = "--enable-apparmor, --disable-apparmor, apparmor, apparmor"
31 PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
32 PACKAGECONFIG[x11] = " --enable-x11, --disable-x11, "
33 PACKAGECONFIG[dbusproxy] = ", --disable-dbusproxy, "
34 PACKAGECONFIG[notmpfs] = ", --disable-usertmpfs ,"
[all …]
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-devtools/ctags/
H A Dctags_6.1.20241201.0.bb12 LICENSE = "GPL-2.0-only"
15 inherit autotools-brokensep pkgconfig manpages
18 SRC_URI = "git://github.com/universal-ctags/ctags;branch=master;protocol=https"
28 PACKAGECONFIG[readcmd] = "--enable-readcmd,--disable-readcmd"
29 PACKAGECONFIG[etags] = "--enable-etags,--disable-etags"
30 PACKAGECONFIG[xml] = "--enable-xml,--disable-xml,libxml2"
31 PACKAGECONFIG[json] = "--enable-json,--disable-json,jansson"
32 PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
33 PACKAGECONFIG[yaml] = "--enable-yaml,--disable-yaml,libyaml"
34 PACKAGECONFIG[manpages] = ",,python3-docutils-native"
/openbmc/openbmc/poky/meta/conf/distro/include/
H A Ddefault-distrovars.inc5 KERNEL_CONSOLE ?= "${@','.join(d.getVar('SERIAL_CONSOLES').split(' ')[0].split(';')[::-1]) or 'ttyS…
8 DEFAULT_IMAGE_LINGUAS = "en-us en-gb"
9 DEFAULT_IMAGE_LINGUAS:libc-glibc = "c en-us en-gb"
15 LOCALE_UTF8_IS_DEFAULT:class-nativesdk = "0"
17 # seccomp is not yet ported to rv32
18 DISTRO_FEATURES_DEFAULT:remove:riscv32 = "seccomp"
20 # seccomp is not yet ported to ARC
21 DISTRO_FEATURES_DEFAULT:remove:arc = "seccomp"
23 # seccomp is not yet ported to microblaze
24 DISTRO_FEATURES_DEFAULT:remove:microblaze = "seccomp"
[all …]
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-daemons/lldpd/
H A Dlldpd_1.0.18.bb4 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/ISC;md5=f3b90e78ea0cffb20bf5cca79…
12 file://run-ptest \
17 inherit autotools update-rc.d useradd systemd pkgconfig bash-completion github-releases ptest
20 USERADD_PARAM:${PN} = "--system -g lldpd --shell /bin/false lldpd"
21 GROUPADD_PARAM:${PN} = "--system lldpd"
23 EXTRA_OECONF += "--without-embedded-libevent \
24 --disable-oldies \
25 --with-privsep-user=lldpd \
26 --with-privsep-group=lldpd \
27 --with-systemdsystemunitdir=${systemd_system_unitdir} \
[all …]
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-security/usbguard/
H A Dusbguard_1.1.3.bb3 # SPDX-License-Identifier: MIT
8 capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \
11 LICENSE = "GPL-2.0-only"
14 SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
15 file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch"
19 inherit autotools-brokensep bash-completion pkgconfig systemd github-releases
21 DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native protobuf protobuf-native x…
23 UPSTREAM_CHECK_REGEX = "releases/tag/usbguard-(?P<pver>\d+(\.\d+)+)"
26 --with-bundled-catch \
27 --with-bundled-pegtl \
[all …]
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-support/ntpsec/
H A Dntpsec_1.2.2a.bb4 LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT"
5 LIC_FILES_CHKSUM = "file://LICENSES/BSD-2;md5=653830da7b770a32f6f50f6107e0b186 \
6 file://LICENSES/BSD-3;md5=55e9dcf6a625a2dcfcda4ef6a647fbfd \
7 file://LICENSES/CC-BY-4.0;md5=2ab724713fdaf49e4523c4503bfd068d \
11 DEPENDS += "bison-native \
15 SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
17 file://0001-wscript-Add-BISONFLAGS-support.patch \
24 inherit pkgconfig python3-dir python3targetconfig systemd update-alternatives update-rc.d useradd w…
29 PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'seccomp systemd', d)} \
31 leap-smear \
[all …]
/openbmc/openbmc/poky/meta/recipes-support/libseccomp/
H A Dlibseccomp_2.5.5.bb1 SUMMARY = "interface to seccomp filtering mechanism"
2 …o use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp."
3 HOMEPAGE = "https://github.com/seccomp/libseccomp"
5 LICENSE = "LGPL-2.1-only"
8 DEPENDS += "gperf-native"
12 SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5;protocol=https \
13 file://run-ptest \
18 inherit autotools-brokensep pkgconfig ptest features_check
22 REQUIRED_DISTRO_FEATURES = "seccomp"
25 PACKAGECONFIG[python] = "--enable-python, --disable-python, python3-cython-native"
[all …]
/openbmc/openbmc/poky/meta/recipes-support/gnutls/
H A Dgnutls_3.8.8.bb7 LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later"
8 LICENSE:${PN} = "LGPL-2.1-or-later"
9 LICENSE:${PN}-xx = "LGPL-2.1-or-later"
10 LICENSE:${PN}-bin = "GPL-3.0-or-later"
11 LICENSE:${PN}-openssl = "GPL-3.0-or-later"
21 SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
23 file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
24 file://run-ptest \
25 file://Add-ptest-support.patch \
30 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
[all …]
/openbmc/linux/Documentation/admin-guide/
H A Dsyscall-user-dispatch.rst1 .. SPDX-License-Identifier: GPL-2.0
8 ----------
11 calls of only a part of their process - the part that has the
12 incompatible code - while being able to execute native syscalls without
13 a high performance penalty on the native part of the process. Seccomp
21 multiple-personality application can then flip the switch without
23 boundaries, to enable/disable the syscall redirection and execute
40 non-native applications, it must function on syscalls whose invocation
49 ---------
57 disable the mechanism globally for that thread. When
[all …]
/openbmc/openbmc/poky/meta/recipes-devtools/qemu/
H A Dqemu.inc7 LICENSE = "GPL-2.0-only & LGPL-2.1-only"
9 DEPENDS += "bison-native meson-native ninja-native"
11 RDEPENDS:${PN}-ptest = "bash"
13 require qemu-targets.inc
14 # https://gitlab.com/qemu-project/qemu/-/commit/81e2b198a8cb4ee5fdf108bd438f44b193ee3a36 means
15 # we need a full python3-native setup
16 inherit pkgconfig ptest update-rc.d systemd python3native
21 SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
23 file://run-ptest \
24 file://fix-strerrorname_np.patch \
[all …]
H A Dqemu_9.1.1.bb5 DEPENDS += "glib-2.0 zlib pixman"
7 DEPENDS:append:libc-musl = " libucontext"
9 CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}"
11 RDEPENDS:${PN}-common:class-target += "bash"
13 EXTRA_OECONF:append:class-target = " --target-list=${@get_qemu_target_list(d)}"
14 EXTRA_OECONF:append:class-target:mipsarcho32 = "${@bb.utils.contains('BBEXTENDCURR', 'multilib', '
15 EXTRA_OECONF:append:class-nativesdk = " --target-list=${@get_qemu_target_list(d)}"
21 ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
23 PACKAGECONFIG:class-nativesdk ??= "fdt sdl kvm pie slirp \
/openbmc/openbmc/poky/meta/recipes-devtools/file/
H A Dfile_5.45.bb8 LICENSE = "BSD-2-Clause"
11 DEPENDS = "file-replacement-native"
12 DEPENDS:class-native = "bzip2-replacement-native"
21 inherit autotools update-alternatives
24 PACKAGECONFIG[bz2] = "--enable-bzlib, --disable-bzlib, bzip2"
25 PACKAGECONFIG[lzma] = "--enable-xzlib, --disable-xzlib, xz"
26 PACKAGECONFIG[zlib] = "--enable-zlib, --disable-zlib, zlib"
27 PACKAGECONFIG[zstdlib] = "--enable-zstdlib, --disable-zstdlib, zstd"
28 PACKAGECONFIG[lzlib] = "--enable-lzlib, --disable-lzlib, lzlib"
29 PACKAGECONFIG[seccomp] = "--enable-libseccomp, --disable-libseccomp, libseccomp"
[all …]
/openbmc/qemu/scripts/
H A Dmeson-buildoptions.sh1 # This file is generated by meson-buildoptions.py, do not edit!
3 printf "%s\n" ' --audio-drv-list=CHOICES Set audio driver list [default] (choices: alsa/co'
6 printf "%s\n" ' --bindir=VALUE Executable directory [bin]'
7 printf "%s\n" ' --block-drv-ro-whitelist=VALUE'
8 printf "%s\n" ' set block driver read-only whitelist (by default'
9 printf "%s\n" ' affects only QEMU, not tools like qemu-img)'
10 printf "%s\n" ' --block-drv-rw-whitelist=VALUE'
11 printf "%s\n" ' set block driver read-write whitelist (by default'
12 printf "%s\n" ' affects only QEMU, not tools like qemu-img)'
13 printf "%s\n" ' --datadir=VALUE Data file directory [share]'
[all …]
/openbmc/linux/arch/x86/kernel/cpu/
H A Dbugs.c1 // SPDX-License-Identifier: GPL-2.0
6 * - Rafael R. Reilova (moved everything from head.S),
8 * - Channing Corn (tests & fixes),
9 * - Andrew D. Balsa (code cleanup).
20 #include <asm/spec-ctrl.h>
24 #include <asm/processor-flags.h>
29 #include <asm/intel-family.h>
53 /* The base value of the SPEC_CTRL MSR without task-specific bits set */
57 /* The current value of the SPEC_CTRL MSR with task-specific bits set */
89 * When KERNEL_IBRS this MSR is written on return-to-user, unless in update_spec_ctrl_cond()
[all …]
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-support/chrony/
H A Dchrony_4.5.bb17 sub-microsecond accuracy is possible. \
20 started at boot time and chronyc is a command-line interface program \
30 LICENSE = "GPL-2.0-only"
33 SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \
39 SRC_URI:append:libc-musl = " \
40 file://0001-Fix-compilation-with-musl.patch \
44 DEPENDS = "pps-tools"
48 inherit update-rc.d systemd pkgconfig
53 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell…
56 # - Security-related:
[all …]
/openbmc/openbmc/poky/documentation/ref-manual/
H A Dfeatures.rst1 .. SPDX-License-Identifier: CC-BY-SA-2.0-UK
9 can select, and a reference on :ref:`ref-features-backfill`.
15 as ``poky.conf``, ``poky-tiny.conf``, ``poky-lsb.conf`` and so forth.
34 .. _ref-features-machine:
41 one-to-one correspondence to packages, and they can go beyond simply
45 specified within the :ref:`ref-tasks-configure` task
51 - *acpi:* Hardware has ACPI (x86/x86_64 only)
53 - *alsa:* Hardware has ALSA audio drivers
55 - *bluetooth:* Hardware has integrated BT
57 - *efi:* Support for booting through EFI
[all …]
/openbmc/linux/tools/perf/
H A Dbuiltin-bench.c1 // SPDX-License-Identifier: GPL-2.0
3 * builtin-bench.c
20 #include <subcmd/parse-options.h>
50 { "seccomp-notify", "Benchmark for seccomp user notify", bench_sched_seccomp_notify},
75 { "wake-parallel", "Benchmark for parallel futex wake calls", bench_futex_wake_parallel },
77 /* pi-futexes */
78 { "lock-pi", "Benchmark for futex lock_pi calls", bench_futex_lock_pi },
94 { "kallsyms-parse", "Benchmark kallsyms parsing", bench_kallsyms_parse },
95 { "inject-build-id", "Benchmark build-id injection", bench_inject_build_id },
96 { "evlist-open-close", "Benchmark evlist open and close", bench_evlist_open_close },
[all …]
/openbmc/openbmc/meta-phosphor/conf/distro/include/
H A Dphosphor-base.inc1 require conf/distro/include/phosphor-defaults.inc
6 DISTROOVERRIDES .= ":openbmc-phosphor"
26 # fetch from the network (and warn you if not). To disable the test set
28 # Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=https;rev=master
32 poky-4.2 \n \
33 poky-4.3 \n \
34 ubuntu-18.04 \n \
35 ubuntu-20.04 \n \
36 ubuntu-22.04 \n \
37 ubuntu-23.04 \n \
[all …]
/openbmc/qemu/
H A Dmeson_options.txt1 # These options do not correspond to a --enable/--disable-* option
3 # scripts/meson-buildoptions.py's SKIP_OPTIONS constant too.
9 option('qemu_firmwarepath', type : 'array', value : ['share/qemu-firmware'],
12 description: 'use specified string as sub-version of the package')
25 …description: 'set block driver read-write whitelist (by default affects only QEMU, not tools like …
27 …description: 'set block driver read-only whitelist (by default affects only QEMU, not tools like q…
28 option('interp_prefix', type : 'string', value : '/usr/gnemul/qemu-%M',
33 description: 'fuzzing engine library for OSS-Fuzz')
40 # Everything else can be set via --enable/--disable-* option
42 # here make sure to run "make update-buildoptions".
[all …]
/openbmc/linux/Documentation/admin-guide/sysctl/
H A Dnet.rst9 - Terrehon Bowden <terrehon@pacbell.net>
10 - Bodo Bauer <bb@ricochet.net>
14 - Jorge Nerin <comandante@zaralinux.com>
18 - Shen Feng <shen@cn.fujitsu.com>
22 ------------------------------------------------------------------------------
47 1. /proc/sys/net/core - Network core options
51 --------------
57 and security (e.g. seccomp). LLVM has a BPF back end that can compile
63 - x86_64
64 - x86_32
[all …]
/openbmc/linux/kernel/
H A Dptrace.c1 // SPDX-License-Identifier: GPL-2.0-only
54 if (!tsk->ptrace || in ptrace_access_vm()
55 (current != tsk->parent) || in ptrace_access_vm()
57 !ptracer_capable(tsk, mm->user_ns))) { in ptrace_access_vm()
72 BUG_ON(!list_empty(&child->ptrace_entry)); in __ptrace_link()
73 list_add(&child->ptrace_entry, &new_parent->ptraced); in __ptrace_link()
74 child->parent = new_parent; in __ptrace_link()
75 child->ptracer_cred = get_cred(ptracer_cred); in __ptrace_link()
82 * Must be called with the tasklist lock write-held.
90 * __ptrace_unlink - unlink ptracee and restore its execution state
[all …]
/openbmc/openbmc/poky/meta/recipes-core/systemd/
H A Dsystemd_256.8.bb7 DEPENDS = "gperf-native libcap util-linux python3-jinja2-native"
11 inherit useradd pkgconfig meson perlnative update-rc.d update-alternatives qemu systemd gettext bas…
13 # unmerged-usr support is deprecated upstream, taints the system and will be
23 file://00-create-volatile.conf \
25 …s.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', …
27 file://99-default.preset \
28 file://systemd-pager.sh \
29 file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
30 file://0002-implment-systemd-sysv-install-for-OE.patch \
31 file://0003-coredump-set-ProtectHome-to-read-only.patch \
[all …]
/openbmc/linux/Documentation/admin-guide/hw-vuln/
H A Dspectre.rst1 .. SPDX-License-Identifier: GPL-2.0
14 -------------------
22 - Intel Core, Atom, Pentium, and Xeon processors
24 - AMD Phenom, EPYC, and Zen processors
26 - IBM POWER and zSeries processors
28 - Higher end ARM processors
30 - Apple CPUs
32 - Higher end MIPS CPUs
34 - Likely most other high performance CPUs. Contact your CPU vendor for details.
40 ------------
[all …]
/openbmc/qemu/tests/docker/
H A DMakefile.include3 .PHONY: docker docker-help docker-test docker-clean docker-image docker-qemu-src
9 HOST_ARCH = $(shell uname -m)
10 USER = $(if $(NOUSER),,$(shell id -un))
11 UID = $(if $(NOUSER),,$(shell id -u))
15 DOCKER_DEFAULT_REGISTRY := registry.gitlab.com/qemu-project/qemu
19 RUNC ?= $(if $(shell command -v docker), docker, podman)
20 DOCKER_SCRIPT=$(SRC_PATH)/tests/docker/docker.py --engine $(RUNC)
22 CUR_TIME := $(shell date +%Y-%m-%d-%H.%M.%S.$$$$)
23 DOCKER_SRC_COPY := $(BUILD_DIR)/docker-src.$(CUR_TIME)
29 $(call quiet-command, cp "$(SRC_ARCHIVE)" $@/qemu.tar, \
[all …]
/openbmc/linux/kernel/entry/
H A Dcommon.c1 // SPDX-License-Identifier: GPL-2.0
4 #include <linux/entry-common.h>
18 /* See comment for enter_from_user_mode() in entry-common.h */
60 return -1L; in syscall_trace_enter()
67 return -1L; in syscall_trace_enter()
70 /* Do seccomp after ptrace, to catch any tracer changes. */ in syscall_trace_enter()
73 if (ret == -1L) in syscall_trace_enter()
97 unsigned long work = READ_ONCE(current_thread_info()->syscall_work); in __syscall_enter_from_user_work()
132 /* See comment for exit_to_user_mode() in entry-common.h */
183 * Disable interrupts and reevaluate the work flags as they in exit_to_user_mode_loop()
[all …]

123