diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2020-03-14 00:07:06 +0200 |
|---|---|---|
| committer |  Topi Miettinen <topimiettinen@users.noreply.github.com> | 2020-03-28 11:24:25 +0000 |
| commit | 88eadbf31fe25dcd7c224a5d92f71c79ccf6c9d3 (patch) | |
| tree | 6b4d2a805a2900755bfc857586a10948b3c8395e /src/fsec-print/syscall_list.c | |
| parent | Added compatibility with BetterDiscord (#3300) (diff) | |
| download | firejail-88eadbf31fe25dcd7c224a5d92f71c79ccf6c9d3.tar.gz firejail-88eadbf31fe25dcd7c224a5d92f71c79ccf6c9d3.tar.zst firejail-88eadbf31fe25dcd7c224a5d92f71c79ccf6c9d3.zip | |
seccomp: allow defining separate filters for 32-bit arch
System calls (names and numbers) are not exactly the same for 32 bit
and 64 bit architectures. Let's allow defining separate filters for
32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This
is useful for mixed 64/32 bit application environments like Steam and
Wine.
Implement protocol and mdwx filtering also for 32 bit arch. It's still
better to block secondary archs completely if not needed.
Lists of supported system calls are also updated.
Warn if preload libraries would be needed due to trace, tracelog or
postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic
linker does not understand the 64 bit preload libraries.
Closes #3267.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'src/fsec-print/syscall_list.c')
| -rw-r--r-- | src/fsec-print/syscall_list.c | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/src/fsec-print/syscall_list.c b/src/fsec-print/syscall_list.c deleted file mode 100644 index 274908cef..000000000 --- a/src/fsec-print/syscall_list.c +++ /dev/null | |||
| @@ -1,47 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2014-2020 Firejail Authors | ||
| 3 | * | ||
| 4 | * This file is part of firejail project | ||
| 5 | * | ||
| 6 | * This program is free software; you can redistribute it and/or modify | ||
| 7 | * it under the terms of the GNU General Public License as published by | ||
| 8 | * the Free Software Foundation; either version 2 of the License, or | ||
| 9 | * (at your option) any later version. | ||
| 10 | * | ||
| 11 | * This program is distributed in the hope that it will be useful, | ||
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 14 | * GNU General Public License for more details. | ||
| 15 | * | ||
| 16 | * You should have received a copy of the GNU General Public License along | ||
| 17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
| 19 | */ | ||
| 20 | #include "fsec_print.h" | ||
| 21 | #include <sys/syscall.h> | ||
| 22 | |||
| 23 | typedef struct { | ||
| 24 | const char * const name; | ||
| 25 | int nr; | ||
| 26 | } SyscallEntry; | ||
| 27 | |||
| 28 | static const SyscallEntry syslist[] = { | ||
| 29 | // | ||
| 30 | // code generated using tools/extract-syscall | ||
| 31 | // | ||
| 32 | #include "../include/syscall.h" | ||
| 33 | // | ||
| 34 | // end of generated code | ||
| 35 | // | ||
| 36 | }; // end of syslist | ||
| 37 | |||
| 38 | const char *syscall_find_nr(int nr) { | ||
| 39 | int i; | ||
| 40 | int elems = sizeof(syslist) / sizeof(syslist[0]); | ||
| 41 | for (i = 0; i < elems; i++) { | ||
| 42 | if (nr == syslist[i].nr) | ||
| 43 | return syslist[i].name; | ||
| 44 | } | ||
| 45 | |||
| 46 | return NULL; | ||
| 47 | } | ||