[openssh-commits] [openssh] 02/04: Remove macro trickery; no binary change
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Mar 14 18:28:34 AEDT 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
Author: Damien Miller <djm at mindrot.org>
Date: Tue Mar 14 17:48:43 2017 +1100
Remove macro trickery; no binary change
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
prepending __NR_ to the syscall number parameter and just makes
them explicit in the macro invocations.
No binary change in stripped object file before/after.
---
sandbox-seccomp-filter.c | 80 ++++++++++++++++++++++++------------------------
1 file changed, 40 insertions(+), 40 deletions(-)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 6ceee33..14006b9 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -85,13 +85,13 @@
/* Simple helpers to avoid manual errors (but larger BPF programs). */
#define SC_DENY(_nr, _errno) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
#define SC_ALLOW(_nr) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 6), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \
/* load and test first syscall argument, low word */ \
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
@@ -120,114 +120,114 @@ static const struct sock_filter preauth_insns[] = {
/* Syscalls to non-fatally deny */
#ifdef __NR_lstat
- SC_DENY(lstat, EACCES),
+ SC_DENY(__NR_lstat, EACCES),
#endif
#ifdef __NR_lstat64
- SC_DENY(lstat64, EACCES),
+ SC_DENY(__NR_lstat64, EACCES),
#endif
#ifdef __NR_fstat
- SC_DENY(fstat, EACCES),
+ SC_DENY(__NR_fstat, EACCES),
#endif
#ifdef __NR_fstat64
- SC_DENY(fstat64, EACCES),
+ SC_DENY(__NR_fstat64, EACCES),
#endif
#ifdef __NR_open
- SC_DENY(open, EACCES),
+ SC_DENY(__NR_open, EACCES),
#endif
#ifdef __NR_openat
- SC_DENY(openat, EACCES),
+ SC_DENY(__NR_openat, EACCES),
#endif
#ifdef __NR_newfstatat
- SC_DENY(newfstatat, EACCES),
+ SC_DENY(__NR_newfstatat, EACCES),
#endif
#ifdef __NR_stat
- SC_DENY(stat, EACCES),
+ SC_DENY(__NR_stat, EACCES),
#endif
#ifdef __NR_stat64
- SC_DENY(stat64, EACCES),
+ SC_DENY(__NR_stat64, EACCES),
#endif
/* Syscalls to permit */
#ifdef __NR_brk
- SC_ALLOW(brk),
+ SC_ALLOW(__NR_brk),
#endif
#ifdef __NR_clock_gettime
- SC_ALLOW(clock_gettime),
+ SC_ALLOW(__NR_clock_gettime),
#endif
#ifdef __NR_close
- SC_ALLOW(close),
+ SC_ALLOW(__NR_close),
#endif
#ifdef __NR_exit
- SC_ALLOW(exit),
+ SC_ALLOW(__NR_exit),
#endif
#ifdef __NR_exit_group
- SC_ALLOW(exit_group),
+ SC_ALLOW(__NR_exit_group),
#endif
#ifdef __NR_getpgid
- SC_ALLOW(getpgid),
+ SC_ALLOW(__NR_getpgid),
#endif
#ifdef __NR_getpid
- SC_ALLOW(getpid),
+ SC_ALLOW(__NR_getpid),
#endif
#ifdef __NR_getrandom
- SC_ALLOW(getrandom),
+ SC_ALLOW(__NR_getrandom),
#endif
#ifdef __NR_gettimeofday
- SC_ALLOW(gettimeofday),
+ SC_ALLOW(__NR_gettimeofday),
#endif
#ifdef __NR_madvise
- SC_ALLOW(madvise),
+ SC_ALLOW(__NR_madvise),
#endif
#ifdef __NR_mmap
- SC_ALLOW(mmap),
+ SC_ALLOW(__NR_mmap),
#endif
#ifdef __NR_mmap2
- SC_ALLOW(mmap2),
+ SC_ALLOW(__NR_mmap2),
#endif
#ifdef __NR_mremap
- SC_ALLOW(mremap),
+ SC_ALLOW(__NR_mremap),
#endif
#ifdef __NR_munmap
- SC_ALLOW(munmap),
+ SC_ALLOW(__NR_munmap),
#endif
#ifdef __NR__newselect
- SC_ALLOW(_newselect),
+ SC_ALLOW(__NR__newselect),
#endif
#ifdef __NR_poll
- SC_ALLOW(poll),
+ SC_ALLOW(__NR_poll),
#endif
#ifdef __NR_pselect6
- SC_ALLOW(pselect6),
+ SC_ALLOW(__NR_pselect6),
#endif
#ifdef __NR_read
- SC_ALLOW(read),
+ SC_ALLOW(__NR_read),
#endif
#ifdef __NR_rt_sigprocmask
- SC_ALLOW(rt_sigprocmask),
+ SC_ALLOW(__NR_rt_sigprocmask),
#endif
#ifdef __NR_select
- SC_ALLOW(select),
+ SC_ALLOW(__NR_select),
#endif
#ifdef __NR_shutdown
- SC_ALLOW(shutdown),
+ SC_ALLOW(__NR_shutdown),
#endif
#ifdef __NR_sigprocmask
- SC_ALLOW(sigprocmask),
+ SC_ALLOW(__NR_sigprocmask),
#endif
#ifdef __NR_time
- SC_ALLOW(time),
+ SC_ALLOW(__NR_time),
#endif
#ifdef __NR_write
- SC_ALLOW(write),
+ SC_ALLOW(__NR_write),
#endif
#ifdef __NR_socketcall
- SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
+ SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
#endif
#if defined(__NR_ioctl) && defined(__s390__)
/* Allow ioctls for ICA crypto card on s390 */
- SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK),
- SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO),
- SC_ALLOW_ARG(ioctl, 1, ICARSACRT),
+ SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
+ SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
+ SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
#endif /* defined(__NR_ioctl) && defined(__s390__) */
/* Default deny */
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list