Home
last modified time | relevance | path

Searched refs:seccomp (Results 1 – 25 of 125) sorted by relevance

12345

/openbmc/linux/Documentation/translations/zh_CN/userspace-api/
H A Dseccomp_filter.rst29 此外,BPF让seccomp用户不再成为在系统调用干预框架(system call interposition
45 添加了一个额外的seccomp模式,它可以使用和严格seccomp相同的 prctl(2) 调用来启用。
76 一个seccomp过滤器可能返回下列任意值。如果多个过滤器存在,评估一个指定系统调用的
121 在追踪器被通知后,seccomp检查不会再次运行。(这意味着基于seccomp的沙箱必须禁止
171 seccomp通知文件描述符由两个结构体组成:
201 seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes);
208 间对于监听者的pid命名空间不可见的话,可能为0)。通知还包含传递给seccomp的 ``data``
244 这个列表代表了内核支持的seccomp返回值集合。一个用户空间程序可以使用这个列表来在
245 程序建立时确定在 ``seccomp.h`` 中找到的动作是否和当前运行内核实际支持的动作有所
259 seccomp,那么它将可以通过较小的修改支持seccomp过滤器: ``SIGSYS`` 支持和seccomp
[all …]
/openbmc/openbmc/meta-security/recipes-security/Firejail/
H A Dfirejail_0.9.72.bb4 SUMMARY = "Linux namespaces and seccomp-bpf sandbox"
7 seccomp-bpf and Linux capabilities."
23 REQUIRED_DISTRO_FEATURES = "seccomp"
52 ${libdir}/${BPN}/fseccomp default ${libdir}/${BPN}/seccomp
53 ${libdir}/${BPN}/fsec-optimize ${libdir}/${BPN}/seccomp
54 ${libdir}/${BPN}/fseccomp default ${libdir}/${BPN}/seccomp.debug allow-debuggers
55 ${libdir}/${BPN}/fsec-optimize ${libdir}/${BPN}/seccomp.debug
56 ${libdir}/${BPN}/fseccomp secondary 32 ${libdir}/${BPN}/seccomp.32
57 ${libdir}/${BPN}/fsec-optimize ${libdir}/${BPN}/seccomp.32
58 ${libdir}/${BPN}/fseccomp secondary block ${libdir}/${BPN}/seccomp.block_secondary
[all …]
/openbmc/openbmc/meta-security/recipes-security/Firejail/firejail/
H A Dexclude_seccomp_util_compiles.patch1 Exclude all the seccomp files to run during build.
16 -SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.md…
26 seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
27 src/fseccomp/fseccomp default seccomp
28 src/fsec-optimize/fsec-optimize seccomp
/openbmc/openbmc/poky/meta/conf/distro/include/
H A Ddefault-distrovars.inc16 # seccomp is not yet ported to rv32
17 DISTRO_FEATURES_DEFAULT:remove:riscv32 = "seccomp"
19 # seccomp is not yet ported to ARC
20 DISTRO_FEATURES_DEFAULT:remove:arc = "seccomp"
22 # seccomp is not yet ported to microblaze
23 DISTRO_FEATURES_DEFAULT:remove:microblaze = "seccomp"
25 # seccomp is not yet ported to loongarch64
26 DISTRO_FEATURES_DEFAULT:remove:loongarch64 = "seccomp"
28 …ginfod ext2 ipv4 ipv6 pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11 vfat seccomp"
/openbmc/openbmc/poky/meta/recipes-support/gnutls/gnutls/
H A Darm_eabi.patch13 tests/seccomp.c | 2 ++
16 diff --git a/tests/seccomp.c b/tests/seccomp.c
18 --- a/tests/seccomp.c
19 +++ b/tests/seccomp.c
/openbmc/linux/include/linux/
H A Dseccomp.h37 struct seccomp { struct
58 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode() argument
67 struct seccomp { }; struct
88 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode()
/openbmc/openbmc/meta-security/meta-tpm/recipes-tpm/swtpm/
H A Dswtpm_0.8.1.bb23 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
32 PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
/openbmc/openbmc/poky/meta/recipes-support/libseccomp/
H A Dlibseccomp_2.5.5.bb1 SUMMARY = "interface to seccomp filtering mechanism"
2 …o use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp."
3 HOMEPAGE = "https://github.com/seccomp/libseccomp"
12 SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5;protocol=https \
22 REQUIRED_DISTRO_FEATURES = "seccomp"
/openbmc/linux/kernel/
H A Dseccomp.c412 READ_ONCE(current->seccomp.filter); in seccomp_run_filters()
441 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) in seccomp_may_assign_mode()
455 task->seccomp.mode = seccomp_mode; in seccomp_assign_mode()
509 caller->seccomp.filter))) in seccomp_can_sync_threads()
577 tsk->seccomp.filter = NULL; in seccomp_filter_release()
617 caller->seccomp.filter); in seccomp_sync_threads()
918 current->seccomp.filter = filter; in seccomp_attach_filter()
1039 int mode = current->seccomp.mode; in secure_computing_strict()
1339 int mode = current->seccomp.mode; in __secure_computing()
1368 return current->seccomp.mode; in prctl_get_seccomp()
[all …]
/openbmc/linux/Documentation/userspace-api/
H A Dseccomp_filter.rst46 An additional seccomp mode is added and is enabled using the same
47 prctl(2) call as the strict seccomp. If the architecture has
149 The seccomp check will not be run again after the tracer is
150 notified. (This means that seccomp-based sandboxes MUST NOT
200 argument to the ``seccomp()`` syscall:
244 seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes);
247 samples/seccomp/user-trap.c for an example.
304 The list represents the set of seccomp return values supported
306 determine if the actions found in the ``seccomp.h``, when the
326 support seccomp filter with minor fixup: ``SIGSYS`` support and seccomp return
[all …]
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-devtools/ctags/
H A Dctags_6.1.20240310.0.bb32 PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
/openbmc/linux/Documentation/features/seccomp/seccomp-filter/
H A Darch-support.txt2 # Feature name: seccomp-filter
4 # description: arch supports seccomp filters
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-security/usbguard/
H A Dusbguard_1.1.2.bb34 ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
44 PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-extended/flatpak/
H A Dflatpak_1.15.6.bb58 PACKAGECONFIG[seccomp] = "-Dseccomp=enabled,-Dseccomp=disabled,libseccomp"
65 ${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \
/openbmc/qemu/system/
H A Dmeson.build34 system_ss.add(when: seccomp, if_true: files('qemu-seccomp.c'))
/openbmc/openbmc/meta-openembedded/meta-gnome/recipes-gnome/tracker/
H A Dtracker-miners_3.7.1.bb41 ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
47 PACKAGECONFIG:remove:libc-musl = "seccomp"
71 PACKAGECONFIG[seccomp] = "-Dseccomp=true,-Dseccomp=false,libseccomp"
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-support/ntpsec/
H A Dntpsec_1.2.2a.bb29 PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'seccomp systemd', d)} \
37 PACKAGECONFIG:remove:riscv32 = "seccomp"
46 PACKAGECONFIG[seccomp] = "--enable-seccomp,,libseccomp"
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-daemons/lldpd/
H A Dlldpd_1.0.18.bb35 PACKAGECONFIG[seccomp] = "--with-seccomp,--without-seccomp,libseccomp"
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-devtools/pax-utils/
H A Dpax-utils_1.3.3.bb32 PACKAGECONFIG[libseccomp] = "--with-seccomp, --without-seccomp, libseccomp"
/openbmc/linux/tools/testing/selftests/seccomp/
H A Dseccomp_bpf.c282 #ifndef seccomp
835 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, in kill_thread_or_group()
2123 FIXTURE_VARIANT_ADD(TRACE_syscall, seccomp) { in FIXTURE_VARIANT_ADD() argument
2322 ret = seccomp(-1, 0, &prog); in TEST()
2331 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); in TEST()
2335 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog); in TEST()
2345 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL); in TEST()
2350 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST()
2373 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST()
2387 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL); in TEST()
[all …]
/openbmc/openbmc/poky/meta/recipes-devtools/apt/apt/
H A D0001-Hide-fstatat64-and-prlimit64-defines-on-musl.patch7 seccomp sysall rewiring since there are syscalls with same names
21 return _error->FatalE("HttpMethod::Configuration", "Cannot init seccomp");
/openbmc/linux/samples/seccomp/
H A Duser-trap.c26 static int seccomp(unsigned int op, unsigned int flags, void *args) in seccomp() function
101 return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog); in user_trap_syscall()
293 if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes) < 0) { in main()
/openbmc/linux/tools/perf/bench/
H A Dsched-seccomp-notify.c44 static int seccomp(unsigned int op, unsigned int flags, void *args) in seccomp() function
64 return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog); in user_notif_syscall()
/openbmc/openbmc/poky/meta/recipes-support/gnutls/
H A Dgnutls_3.8.4.bb32 PACKAGECONFIG ??= "libidn libtasn1 ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}"
35 # seccomp to work.
36 PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,lib…
/openbmc/qemu/tests/unit/
H A Dmeson.build57 if seccomp.found()
58 tests += {'test-seccomp': ['../../system/qemu-seccomp.c', seccomp]}

12345