From 88eadbf31fe25dcd7c224a5d92f71c79ccf6c9d3 Mon Sep 17 00:00:00 2001 From: Topi Miettinen Date: Sat, 14 Mar 2020 00:07:06 +0200 Subject: seccomp: allow defining separate filters for 32-bit arch System calls (names and numbers) are not exactly the same for 32 bit and 64 bit architectures. Let's allow defining separate filters for 32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This is useful for mixed 64/32 bit application environments like Steam and Wine. Implement protocol and mdwx filtering also for 32 bit arch. It's still better to block secondary archs completely if not needed. Lists of supported system calls are also updated. Warn if preload libraries would be needed due to trace, tracelog or postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic linker does not understand the 64 bit preload libraries. Closes #3267. Signed-off-by: Topi Miettinen --- Makefile.in | 4 +- src/bash_completion/firejail.bash_completion | 2 +- src/firejail/Makefile.in | 6 +- src/firejail/firejail.h | 11 +- src/firejail/main.c | 70 + src/firejail/preproc.c | 12 +- src/firejail/profile.c | 34 + src/firejail/sandbox.c | 14 +- src/firejail/seccomp.c | 75 +- src/firejail/usage.c | 1 + src/firemon/procevent.c | 2 +- src/fsec-print/Makefile.in | 4 +- src/fsec-print/fsec_print.h | 4 +- src/fsec-print/main.c | 3 + src/fsec-print/syscall_list.c | 47 - src/fseccomp/Makefile.in | 4 +- src/fseccomp/errno.c | 204 - src/fseccomp/fseccomp.h | 34 +- src/fseccomp/main.c | 41 +- src/fseccomp/protocol.c | 21 +- src/fseccomp/seccomp.c | 143 +- src/fseccomp/seccomp_file.c | 33 +- src/fseccomp/syscall.c | 1632 -------- src/include/rundefs.h | 10 +- src/include/syscall.h | 5213 +------------------------- src/include/syscall_i386.h | 425 +++ src/include/syscall_x86_64.h | 347 ++ src/lib/errno.c | 206 + src/lib/syscall.c | 1694 +++++++++ src/man/firejail-profile.txt | 14 +- src/man/firejail.txt | 22 +- 31 files changed, 3137 insertions(+), 7195 deletions(-) delete mode 100644 src/fsec-print/syscall_list.c delete mode 100644 src/fseccomp/errno.c delete mode 100644 src/fseccomp/syscall.c create mode 100644 src/include/syscall_i386.h create mode 100644 src/include/syscall_x86_64.h create mode 100644 src/lib/errno.c create mode 100644 src/lib/syscall.c diff --git a/Makefile.in b/Makefile.in index f7c94aa09..afe8c9972 100644 --- a/Makefile.in +++ b/Makefile.in @@ -3,7 +3,7 @@ MYLIBS = src/lib APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee \ src/faudit src/fnet src/fseccomp src/fbuilder src/fcopy src/fldd src/libpostexecseccomp src/profstats MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 -SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx +SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -48,6 +48,7 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) src/fsec-optimize/fsec-optimize seccomp.32 src/fseccomp/fseccomp secondary block seccomp.block_secondary src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx + src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 endif clean: @@ -109,6 +110,7 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) install -c -m 0644 seccomp.32 $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. + install -c -m 0644 seccomp.mdwx.32 $(DESTDIR)/$(libdir)/firejail/. endif ifeq ($(HAVE_CONTRIB_INSTALL),yes) install -c -m 0755 contrib/fix_private-bin.py $(DESTDIR)/$(libdir)/firejail/. diff --git a/src/bash_completion/firejail.bash_completion b/src/bash_completion/firejail.bash_completion index 09798f505..0a1b34d7d 100644 --- a/src/bash_completion/firejail.bash_completion +++ b/src/bash_completion/firejail.bash_completion @@ -16,7 +16,7 @@ _firejail() _init_completion -s || return case $prev in - --help|--version|-debug-caps|--debug-syscalls|--list|--tree|--top|--join|--shutdown) + --help|--version|-debug-caps|--debug-syscalls|--debug-syscalls32|--list|--tree|--top|--join|--shutdown) return 0 ;; --profile) diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index e2d02788d..b9bf13b9c 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in @@ -2,11 +2,11 @@ all: firejail include ../common.mk -%.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h +%.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall_i386.h ../include/syscall_x86_64.h ../include/firejail_user.h $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ -firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o - $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o $(LIBS) $(EXTRA_LDFLAGS) +firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o ../lib/errno.o ../lib/syscall.o + $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS) clean:; rm -fr *.o firejail *.gcov *.gcda *.gcno *.plist diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 7391a8994..dae2dfd7b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -182,9 +182,9 @@ typedef struct config_t { char *dns4; // seccomp - char *seccomp_list;// optional seccomp list on top of default filter - char *seccomp_list_drop; // seccomp drop list - char *seccomp_list_keep; // seccomp keep list + char *seccomp_list, *seccomp_list32; // optional seccomp list on top of default filter + char *seccomp_list_drop, *seccomp_list_drop32; // seccomp drop list + char *seccomp_list_keep, *seccomp_list_keep32; // seccomp keep list char *protocol; // protocol list // rlimits @@ -270,6 +270,7 @@ extern int arg_overlay_keep; // place overlay diff in a known directory extern int arg_overlay_reuse; // allow the reuse of overlays extern int arg_seccomp; // enable default seccomp filter +extern int arg_seccomp32; // enable default seccomp filter for 32 bit arch extern int arg_seccomp_postexec; // need postexec ld.preload library? extern int arg_seccomp_block_secondary; // block any secondary architectures @@ -568,8 +569,8 @@ void fs_private_home_list(void); char *seccomp_check_list(const char *str); int seccomp_install_filters(void); int seccomp_load(const char *fname); -int seccomp_filter_drop(void); -int seccomp_filter_keep(void); +int seccomp_filter_drop(bool native); +int seccomp_filter_keep(bool native); void seccomp_print_filter(pid_t pid); // caps.c diff --git a/src/firejail/main.c b/src/firejail/main.c index 78717ab41..922ba2edb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -20,6 +20,7 @@ #include "firejail.h" #include "../include/pid.h" #include "../include/firejail_user.h" +#include "../include/syscall.h" #define _GNU_SOURCE #include #include @@ -72,6 +73,7 @@ int arg_overlay_keep = 0; // place overlay diff in a known directory int arg_overlay_reuse = 0; // allow the reuse of overlays int arg_seccomp = 0; // enable default seccomp filter +int arg_seccomp32 = 0; // enable default seccomp filter for 32 bit arch int arg_seccomp_postexec = 0; // need postexec ld.preload library? int arg_seccomp_block_secondary = 0; // block any secondary architectures @@ -548,6 +550,14 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { else exit_err_feature("seccomp"); } + else if (strcmp(argv[i], "--debug-syscalls32") == 0) { + if (checkcfg(CFG_SECCOMP)) { + int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls32"); + exit(rv); + } + else + exit_err_feature("seccomp"); + } else if (strcmp(argv[i], "--debug-errnos") == 0) { if (checkcfg(CFG_SECCOMP)) { int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-errnos"); @@ -956,6 +966,18 @@ static void run_builder(int argc, char **argv) { exit(1); } +void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {} + +static int check_postexec(const char *list) { + char *prelist, *postlist; + + if (list) { + syscalls_in_list(list, "@default-keep", -1, &prelist, &postlist, true); + if (postlist) + return 1; + } + return 0; +} //******************************************* // Main program @@ -1263,6 +1285,18 @@ int main(int argc, char **argv) { else exit_err_feature("seccomp"); } + else if (strncmp(argv[i], "--seccomp.32=", 13) == 0) { + if (checkcfg(CFG_SECCOMP)) { + if (arg_seccomp32) { + fprintf(stderr, "Error: seccomp.32 already enabled\n"); + exit(1); + } + arg_seccomp32 = 1; + cfg.seccomp_list32 = seccomp_check_list(argv[i] + 13); + } + else + exit_err_feature("seccomp"); + } else if (strncmp(argv[i], "--seccomp.drop=", 15) == 0) { if (checkcfg(CFG_SECCOMP)) { if (arg_seccomp) { @@ -1275,6 +1309,18 @@ int main(int argc, char **argv) { else exit_err_feature("seccomp"); } + else if (strncmp(argv[i], "--seccomp.32.drop=", 18) == 0) { + if (checkcfg(CFG_SECCOMP)) { + if (arg_seccomp32) { + fprintf(stderr, "Error: seccomp.32 already enabled\n"); + exit(1); + } + arg_seccomp32 = 1; + cfg.seccomp_list_drop32 = seccomp_check_list(argv[i] + 18); + } + else + exit_err_feature("seccomp"); + } else if (strncmp(argv[i], "--seccomp.keep=", 15) == 0) { if (checkcfg(CFG_SECCOMP)) { if (arg_seccomp) { @@ -1287,8 +1333,24 @@ int main(int argc, char **argv) { else exit_err_feature("seccomp"); } + else if (strncmp(argv[i], "--seccomp.32.keep=", 18) == 0) { + if (checkcfg(CFG_SECCOMP)) { + if (arg_seccomp32) { + fprintf(stderr, "Error: seccomp.32 already enabled\n"); + exit(1); + } + arg_seccomp32 = 1; + cfg.seccomp_list_keep32 = seccomp_check_list(argv[i] + 18); + } + else + exit_err_feature("seccomp"); + } else if (strcmp(argv[i], "--seccomp.block-secondary") == 0) { if (checkcfg(CFG_SECCOMP)) { + if (arg_seccomp32) { + fprintf(stderr, "Error: seccomp.32 conflicts with block-secondary\n"); + exit(1); + } arg_seccomp_block_secondary = 1; } else @@ -2542,6 +2604,14 @@ int main(int argc, char **argv) { // check network configuration options - it will exit if anything went wrong net_check_cfg(); +#ifdef HAVE_SECCOMP + if (arg_seccomp) + arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop); +#endif + bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; + if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32)) + fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n"); + // check and assign an IP address - for macvlan it will be done again in the sandbox! if (any_bridge_configured()) { EUID_ROOT(); diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 278099e55..7f23a9f6f 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c @@ -98,13 +98,16 @@ void preproc_mount_mnt_dir(void) { //copy default seccomp files copy_file(PATH_SECCOMP_32, RUN_SECCOMP_32, getuid(), getgid(), 0644); // root needed } - if (arg_allow_debuggers) + if (arg_allow_debuggers) { copy_file(PATH_SECCOMP_DEFAULT_DEBUG, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); // root needed - else + copy_file(PATH_SECCOMP_DEBUG_32, RUN_SECCOMP_32, getuid(), getgid(), 0644); // root needed + } else copy_file(PATH_SECCOMP_DEFAULT, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); // root needed - if (arg_memory_deny_write_execute) + if (arg_memory_deny_write_execute) { copy_file(PATH_SECCOMP_MDWX, RUN_SECCOMP_MDWX, getuid(), getgid(), 0644); // root needed + copy_file(PATH_SECCOMP_MDWX_32, RUN_SECCOMP_MDWX_32, getuid(), getgid(), 0644); // root needed + } // as root, create empty RUN_SECCOMP_PROTOCOL and RUN_SECCOMP_POSTEXEC files create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) @@ -112,6 +115,9 @@ void preproc_mount_mnt_dir(void) { create_empty_file_as_root(RUN_SECCOMP_POSTEXEC, 0644); if (set_perms(RUN_SECCOMP_POSTEXEC, getuid(), getgid(), 0644)) errExit("set_perms"); + create_empty_file_as_root(RUN_SECCOMP_POSTEXEC_32, 0644); + if (set_perms(RUN_SECCOMP_POSTEXEC_32, getuid(), getgid(), 0644)) + errExit("set_perms"); #endif } } diff --git a/src/firejail/profile.c b/src/firejail/profile.c index c7269857d..2200fec01 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -788,6 +788,18 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { return 0; } + if (strncmp(ptr, "seccomp.32 ", 11) == 0) { +#ifdef HAVE_SECCOMP + if (checkcfg(CFG_SECCOMP)) { + arg_seccomp32 = 1; + cfg.seccomp_list32 = seccomp_check_list(ptr + 11); + } + else if (!arg_quiet) + warning_feature_disabled("seccomp"); +#endif + + return 0; + } if (strcmp(ptr, "seccomp.block-secondary") == 0) { #ifdef HAVE_SECCOMP @@ -811,6 +823,17 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { #endif return 0; } + if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) { +#ifdef HAVE_SECCOMP + if (checkcfg(CFG_SECCOMP)) { + arg_seccomp32 = 1; + cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13); + } + else + warning_feature_disabled("seccomp"); +#endif + return 0; + } // seccomp keep list if (strncmp(ptr, "seccomp.keep ", 13) == 0) { @@ -824,6 +847,17 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { #endif return 0; } + if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) { +#ifdef HAVE_SECCOMP + if (checkcfg(CFG_SECCOMP)) { + arg_seccomp32 = 1; + cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13); + } + else + warning_feature_disabled("seccomp"); +#endif + return 0; + } // memory deny write&execute if (strcmp(ptr, "memory-deny-write-execute") == 0) { diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d1879fd98..93fe5425a 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -793,8 +793,6 @@ int sandbox(void* sandbox_arg) { if (rv) exit(rv); } - if (arg_seccomp && (cfg.seccomp_list || cfg.seccomp_list_drop || cfg.seccomp_list_keep)) - arg_seccomp_postexec = 1; #endif // need ld.so.preload if tracing or seccomp with any non-default lists @@ -1113,9 +1111,15 @@ int sandbox(void* sandbox_arg) { // if a keep list is available, disregard the drop list if (arg_seccomp == 1) { if (cfg.seccomp_list_keep) - seccomp_filter_keep(); + seccomp_filter_keep(true); else - seccomp_filter_drop(); + seccomp_filter_drop(true); + } + if (arg_seccomp32 == 1) { + if (cfg.seccomp_list_keep32) + seccomp_filter_keep(false); + else + seccomp_filter_drop(false); } else { // clean seccomp files under /run/firejail/mnt @@ -1128,9 +1132,11 @@ int sandbox(void* sandbox_arg) { if (arg_debug) printf("Install memory write&execute filter\n"); seccomp_load(RUN_SECCOMP_MDWX); // install filter + seccomp_load(RUN_SECCOMP_MDWX_32); } else { int rv = unlink(RUN_SECCOMP_MDWX); + rv |= unlink(RUN_SECCOMP_MDWX_32); (void) rv; } // make seccomp filters read-only diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 10a2a5665..b0a48591e 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c @@ -191,7 +191,17 @@ static void seccomp_filter_block_secondary(void) { } // drop filter for seccomp option -int seccomp_filter_drop(void) { +int seccomp_filter_drop(bool native) { + const char *filter, *postexec_filter; + + if (native) { + filter = RUN_SECCOMP_CFG; + postexec_filter = RUN_SECCOMP_POSTEXEC; + } else { + filter = RUN_SECCOMP_32; + postexec_filter = RUN_SECCOMP_POSTEXEC_32; + } + // if we have multiple seccomp commands, only one of them is executed // in the following order: // - seccomp.drop list @@ -224,19 +234,28 @@ int seccomp_filter_drop(void) { if (arg_debug) printf("Build default+drop seccomp filter\n"); + const char *command, *list; + if (native) { + command = "default"; + list = cfg.seccomp_list; + } else { + command = "default32"; + list = cfg.seccomp_list32; + } + // build the seccomp filter as a regular user int rv; if (arg_allow_debuggers) rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 7, - PATH_FSECCOMP, "default", "drop", RUN_SECCOMP_CFG, RUN_SECCOMP_POSTEXEC, cfg.seccomp_list, "allow-debuggers"); + PATH_FSECCOMP, command, "drop", filter, postexec_filter, list, "allow-debuggers"); else rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 6, - PATH_FSECCOMP, "default", "drop", RUN_SECCOMP_CFG, RUN_SECCOMP_POSTEXEC, cfg.seccomp_list); + PATH_FSECCOMP, command, "drop", filter, postexec_filter, list); if (rv) exit(rv); // optimize the new filter - rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSEC_OPTIMIZE, RUN_SECCOMP_CFG); + rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSEC_OPTIMIZE, filter); if (rv) exit(rv); } @@ -250,36 +269,45 @@ int seccomp_filter_drop(void) { if (arg_debug) printf("Build drop seccomp filter\n"); + const char *command, *list; + if (native) { + command = "drop"; + list = cfg.seccomp_list_drop; + } else { + command = "drop32"; + list = cfg.seccomp_list_drop32; + } + // build the seccomp filter as a regular user int rv; if (arg_allow_debuggers) rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 6, - PATH_FSECCOMP, "drop", RUN_SECCOMP_CFG, RUN_SECCOMP_POSTEXEC, cfg.seccomp_list_drop, "allow-debuggers"); + PATH_FSECCOMP, command, filter, postexec_filter, list, "allow-debuggers"); else rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 5, - PATH_FSECCOMP, "drop", RUN_SECCOMP_CFG, RUN_SECCOMP_POSTEXEC, cfg.seccomp_list_drop); + PATH_FSECCOMP, command, filter, postexec_filter, list); if (rv) exit(rv); // optimize the drop filter - rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSEC_OPTIMIZE, RUN_SECCOMP_CFG); + rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSEC_OPTIMIZE, filter); if (rv) exit(rv); } // load the filter - if (seccomp_load(RUN_SECCOMP_CFG) == 0) { + if (seccomp_load(filter) == 0) { if (arg_debug) printf("seccomp filter configured\n"); } if (arg_debug && access(PATH_FSEC_PRINT, X_OK) == 0) { struct stat st; - if (stat(RUN_SECCOMP_POSTEXEC, &st) != -1 && st.st_size != 0) { - printf("configuring postexec seccomp filter in %s\n", RUN_SECCOMP_POSTEXEC); + if (stat(postexec_filter, &st) != -1 && st.st_size != 0) { + printf("configuring postexec seccomp filter in %s\n", postexec_filter); sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, - PATH_FSEC_PRINT, RUN_SECCOMP_POSTEXEC); + PATH_FSEC_PRINT, postexec_filter); } } @@ -287,7 +315,7 @@ int seccomp_filter_drop(void) { } // keep filter for seccomp option -int seccomp_filter_keep(void) { +int seccomp_filter_keep(bool native) { // secondary filters are not installed except when secondary // architectures are explicitly blocked if (arg_seccomp_block_secondary) @@ -296,9 +324,22 @@ int seccomp_filter_keep(void) { if (arg_debug) printf("Build keep seccomp filter\n"); + const char *command, *filter, *postexec_filter, *list; + if (native) { + command = "keep"; + filter = RUN_SECCOMP_CFG; + postexec_filter = RUN_SECCOMP_POSTEXEC; + list = cfg.seccomp_list_keep; + } else { + command = "keep32"; + filter = RUN_SECCOMP_32; + postexec_filter = RUN_SECCOMP_POSTEXEC_32; + list = cfg.seccomp_list_keep32; + } + // build the seccomp filter as a regular user int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 5, - PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, RUN_SECCOMP_POSTEXEC, cfg.seccomp_list_keep); + PATH_FSECCOMP, "keep", filter, postexec_filter, list); if (rv) { fprintf(stderr, "Error: cannot configure seccomp filter\n"); @@ -309,17 +350,17 @@ int seccomp_filter_keep(void) { printf("seccomp filter configured\n"); // load the filter - if (seccomp_load(RUN_SECCOMP_CFG) == 0) { + if (seccomp_load(filter) == 0) { if (arg_debug) printf("seccomp filter configured\n"); } if (arg_debug && access(PATH_FSEC_PRINT, X_OK) == 0) { struct stat st; - if (stat(RUN_SECCOMP_POSTEXEC, &st) != -1 && st.st_size != 0) { - printf("configuring postexec seccomp filter in %s\n", RUN_SECCOMP_POSTEXEC); + if (stat(postexec_filter, &st) != -1 && st.st_size != 0) { + printf("configuring postexec seccomp filter in %s\n", postexec_filter); sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, - PATH_FSEC_PRINT, RUN_SECCOMP_POSTEXEC); + PATH_FSEC_PRINT, postexec_filter); } } diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 52d4f7c03..c98ad3620 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -60,6 +60,7 @@ static char *usage_str = " --debug-private-lib - debug for --private-lib option.\n" " --debug-protocols - print all recognized protocols.\n" " --debug-syscalls - print all recognized system calls.\n" + " --debug-syscalls32 - print all recognized 32 bit system calls.\n" #ifdef HAVE_WHITELIST " --debug-whitelists - debug whitelisting.\n" #endif diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index c823943c0..7dd08444e 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -98,7 +98,7 @@ static int pid_is_firejail(pid_t pid) { "apparmor.print", "caps.print", "cpu.print", "dns.print", "fs.print", "netfilter.print", "netfilter6.print", "profile.print", "protocol.print", "seccomp.print", // debug - "debug-caps", "debug-errnos", "debug-protocols", "debug-syscalls", + "debug-caps", "debug-errnos", "debug-protocols", "debug-syscalls", "debug-syscalls32", // file transfer "ls", "get", "put", // stats diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in index f717af788..a30ff4ba3 100644 --- a/src/fsec-print/Makefile.in +++ b/src/fsec-print/Makefile.in @@ -5,8 +5,8 @@ include ../common.mk %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ -fsec-print: $(OBJS) ../lib/libnetlink.o - $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) +fsec-print: $(OBJS) ../lib/libnetlink.o ../lib/errno.o ../lib/syscall.o + $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS) clean:; rm -fr *.o fsec-print *.gcov *.gcda *.gcno *.plist diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h index 0237fd020..337199288 100644 --- a/src/fsec-print/fsec_print.h +++ b/src/fsec-print/fsec_print.h @@ -21,12 +21,10 @@ #define FSEC_PRINT_H #include "../include/common.h" #include "../include/seccomp.h" +#include "../include/syscall.h" #include // print.c void print(struct sock_filter *filter, int entries); -// syscall_list.c -const char *syscall_find_nr(int nr); - #endif diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index 728308dac..7bb4fd0cd 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c @@ -24,6 +24,9 @@ static void usage(void) { printf("\tfsec-print file - disassemble seccomp filter\n"); } +int arg_quiet = 0; +void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {} + int main(int argc, char **argv) { #if 0 { diff --git a/src/fsec-print/syscall_list.c b/src/fsec-print/syscall_list.c deleted file mode 100644 index 274908cef..000000000 --- a/src/fsec-print/syscall_list.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2014-2020 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ -#include "fsec_print.h" -#include - -typedef struct { - const char * const name; - int nr; -} SyscallEntry; - -static const SyscallEntry syslist[] = { -// -// code generated using tools/extract-syscall -// -#include "../include/syscall.h" -// -// end of generated code -// -}; // end of syslist - -const char *syscall_find_nr(int nr) { - int i; - int elems = sizeof(syslist) / sizeof(syslist[0]); - for (i = 0; i < elems; i++) { - if (nr == syslist[i].nr) - return syslist[i].name; - } - - return NULL; -} diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 67e074b3d..8623db6f8 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in @@ -5,8 +5,8 @@ include ../common.mk %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ -fseccomp: $(OBJS) - $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) +fseccomp: $(OBJS) ../lib/errno.o ../lib/syscall.o + $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS) clean:; rm -fr *.o fseccomp *.gcov *.gcda *.gcno *.plist diff --git a/src/fseccomp/errno.c b/src/fseccomp/errno.c deleted file mode 100644 index 9c5aa770c..000000000 --- a/src/fseccomp/errno.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (C) 2014-2020 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ -#include "fseccomp.h" - -#include -//#include - -typedef struct { - char *name; - int nr; -} ErrnoEntry; - -static ErrnoEntry errnolist[] = { -// -// code generated using tools/extract-errnos -// - {"EPERM", EPERM}, - {"ENOENT", ENOENT}, - {"ESRCH", ESRCH}, - {"EINTR", EINTR}, - {"EIO", EIO}, - {"ENXIO", ENXIO}, - {"E2BIG", E2BIG}, - {"ENOEXEC", ENOEXEC}, - {"EBADF", EBADF}, - {"ECHILD", ECHILD}, - {"EAGAIN", EAGAIN}, - {"ENOMEM", ENOMEM}, - {"EACCES", EACCES}, - {"EFAULT", EFAULT}, - {"ENOTBLK", ENOTBLK}, - {"EBUSY", EBUSY}, - {"EEXIST", EEXIST}, - {"EXDEV", EXDEV}, - {"ENODEV", ENODEV}, - {"ENOTDIR", ENOTDIR}, - {"EISDIR", EISDIR}, - {"EINVAL", EINVAL}, - {"ENFILE", ENFILE}, - {"EMFILE", EMFILE}, - {"ENOTTY", ENOTTY}, - {"ETXTBSY", ETXTBSY}, - {"EFBIG", EFBIG}, - {"ENOSPC", ENOSPC}, - {"ESPIPE", ESPIPE}, - {"EROFS", EROFS}, - {"EMLINK", EMLINK}, - {"EPIPE", EPIPE}, - {"EDOM", EDOM}, - {"ERANGE", ERANGE}, - {"EDEADLK", EDEADLK}, - {"ENAMETOOLONG", ENAMETOOLONG}, - {"ENOLCK", ENOLCK}, - {"ENOSYS", ENOSYS}, - {"ENOTEMPTY", ENOTEMPTY}, - {"ELOOP", ELOOP}, - {"EWOULDBLOCK", EWOULDBLOCK}, - {"ENOMSG", ENOMSG}, - {"EIDRM", EIDRM}, - {"ECHRNG", ECHRNG}, - {"EL2NSYNC", EL2NSYNC}, - {"EL3HLT", EL3HLT}, - {"EL3RST", EL3RST}, - {"ELNRNG", ELNRNG}, - {"EUNATCH", EUNATCH}, - {"ENOCSI", ENOCSI}, - {"EL2HLT", EL2HLT}, - {"EBADE", EBADE}, - {"EBADR", EBADR}, - {"EXFULL", EXFULL}, - {"ENOANO", ENOANO}, - {"EBADRQC", EBADRQC}, - {"EBADSLT", EBADSLT}, - {"EDEADLOCK", EDEADLOCK}, - {"EBFONT", EBFONT}, - {"ENOSTR", ENOSTR}, - {"ENODATA", ENODATA}, - {"ETIME", ETIME}, - {"ENOSR", ENOSR}, - {"ENONET", ENONET}, - {"ENOPKG", ENOPKG}, - {"EREMOTE", EREMOTE}, - {"ENOLINK", ENOLINK}, - {"EADV", EADV}, - {"ESRMNT", ESRMNT}, - {"ECOMM", ECOMM}, - {"EPROTO", EPROTO}, - {"EMULTIHOP", EMULTIHOP}, - {"EDOTDOT", EDOTDOT}, - {"EBADMSG", EBADMSG}, - {"EOVERFLOW", EOVERFLOW}, - {"ENOTUNIQ", ENOTUNIQ}, - {"EBADFD", EBADFD}, - {"EREMCHG", EREMCHG}, - {"ELIBACC", ELIBACC}, - {"ELIBBAD", ELIBBAD}, - {"ELIBSCN", ELIBSCN}, - {"ELIBMAX", ELIBMAX}, - {"ELIBEXEC", ELIBEXEC}, - {"EILSEQ", EILSEQ}, - {"ERESTART", ERESTART}, - {"ESTRPIPE", ESTRPIPE}, - {"EUSERS", EUSERS}, - {"ENOTSOCK", ENOTSOCK}, - {"EDESTADDRREQ", EDESTADDRREQ}, - {"EMSGSIZE", EMSGSIZE}, - {"EPROTOTYPE", EPROTOTYPE}, - {"ENOPROTOOPT", ENOPROTOOPT}, - {"EPROTONOSUPPORT", EPROTONOSUPPORT}, - {"ESOCKTNOSUPPORT", ESOCKTNOSUPPORT}, - {"EOPNOTSUPP", EOPNOTSUPP}, - {"EPFNOSUPPORT", EPFNOSUPPORT}, - {"EAFNOSUPPORT", EAFNOSUPPORT}, - {"EADDRINUSE", EADDRINUSE}, - {"EADDRNOTAVAIL", EADDRNOTAVAIL}, - {"ENETDOWN", ENETDOWN}, - {"ENETUNREACH", ENETUNREACH}, - {"ENETRESET", ENETRESET}, - {"ECONNABORTED", ECONNABORTED}, - {"ECONNRESET", ECONNRESET}, - {"ENOBUFS", ENOBUFS}, - {"EISCONN", EISCONN}, - {"ENOTCONN", ENOTCONN}, - {"ESHUTDOWN", ESHUTDOWN}, - {"ETOOMANYREFS", ETOOMANYREFS}, - {"ETIMEDOUT", ETIMEDOUT}, - {"ECONNREFUSED", ECONNREFUSED}, - {"EHOSTDOWN", EHOSTDOWN}, - {"EHOSTUNREACH", EHOSTUNREACH}, - {"EALREADY", EALREADY}, - {"EINPROGRESS", EINPROGRESS}, - {"ESTALE", ESTALE}, - {"EUCLEAN", EUCLEAN}, - {"ENOTNAM", ENOTNAM}, - {"ENAVAIL", ENAVAIL}, - {"EISNAM", EISNAM}, - {"EREMOTEIO", EREMOTEIO}, - {"EDQUOT", EDQUOT}, - {"ENOMEDIUM", ENOMEDIUM}, - {"EMEDIUMTYPE", EMEDIUMTYPE}, - {"ECANCELED", ECANCELED}, - {"ENOKEY", ENOKEY}, - {"EKEYEXPIRED", EKEYEXPIRED}, - {"EKEYREVOKED", EKEYREVOKED}, - {"EKEYREJECTED", EKEYREJECTED}, - {"EOWNERDEAD", EOWNERDEAD}, - {"ENOTRECOVERABLE", ENOTRECOVERABLE}, - {"ERFKILL", ERFKILL}, - {"EHWPOISON", EHWPOISON}, - {"ENOTSUP", ENOTSUP}, -#ifdef ENOATTR - {"ENOATTR", ENOATTR}, -#endif -}; - -int errno_find_name(const char *name) { - int i; - int elems = sizeof(errnolist) / sizeof(errnolist[0]); - for (i = 0; i < elems; i++) { - if (strcasecmp(name, errnolist[i].name) == 0) - return errnolist[i].nr; - } - - return -1; -} - -char *errno_find_nr(int nr) { - int i; - int elems = sizeof(errnolist) / sizeof(errnolist[0]); - for (i = 0; i < elems; i++) { - if (nr == errnolist[i].nr) - return errnolist[i].name; - } - - return "unknown"; -} - - - -void errno_print(void) { - int i; - int elems = sizeof(errnolist) / sizeof(errnolist[0]); - for (i = 0; i < elems; i++) { - printf("%d\t- %s\n", errnolist[i].nr, errnolist[i].name); - } - printf("\n"); -} diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h index bf55870f2..e8dd083b6 100644 --- a/src/fseccomp/fseccomp.h +++ b/src/fseccomp/fseccomp.h @@ -24,21 +24,11 @@ #include #include #include "../include/common.h" +#include "../include/syscall.h" // main.c extern int arg_quiet; -// syscall.c -void syscall_print(void); -int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, int arg, void *ptrarg), int fd, int arg, void *ptrarg); -const char *syscall_find_nr(int nr); -void syscalls_in_list(const char *list, const char *slist, int fd, char **prelist, char **postlist); - -// errno.c -void errno_print(void); -int errno_find_name(const char *name); -char *errno_find_nr(int nr); - // protocol.c void protocol_print(void); void protocol_build_filter(const char *prlist, const char *fname); @@ -49,27 +39,27 @@ void seccomp_secondary_32(const char *fname); void seccomp_secondary_block(const char *fname); // seccomp_file.c -void write_to_file(int fd, const void *data, int size); -void filter_init(int fd); -void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg); -void filter_add_whitelist_for_excluded(int fd, int syscall, int arg, void *ptrarg); -void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg); -void filter_add_blacklist_for_excluded(int fd, int syscall, int arg, void *ptrarg); -void filter_add_errno(int fd, int syscall, int arg, void *ptrarg); +void write_to_file(int fd, const void *data, size_t size); +void filter_init(int fd, bool native); +void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg, bool native); +void filter_add_whitelist_for_excluded(int fd, int syscall, int arg, void *ptrarg, bool native); +void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg, bool native); +void filter_add_blacklist_for_excluded(int fd, int syscall, int arg, void *ptrarg, bool native); void filter_end_blacklist(int fd); void filter_end_whitelist(int fd); // seccomp.c // default list -void seccomp_default(const char *fname, int allow_debuggers); +void seccomp_default(const char *fname, int allow_debuggers, bool native); // drop list -void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers); +void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers, bool native); // default+drop list -void seccomp_default_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers); +void seccomp_default_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers, bool native); // whitelisted filter -void seccomp_keep(const char *fname1, const char *fname2, char *list); +void seccomp_keep(const char *fname1, const char *fname2, char *list, bool native); // block writable and executable memory void memory_deny_write_execute(const char *fname); +void memory_deny_write_execute_32(const char *fname); // seccomp_print void filter_print(const char *fname); diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 82b96f476..b3161a6db 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c @@ -23,6 +23,7 @@ int arg_quiet = 0; static void usage(void) { printf("Usage:\n"); printf("\tfseccomp debug-syscalls\n"); + printf("\tfseccomp debug-syscalls32\n"); printf("\tfseccomp debug-errnos\n"); printf("\tfseccomp debug-protocols\n"); printf("\tfseccomp protocol build list file\n"); @@ -31,12 +32,20 @@ static void usage(void) { printf("\tfseccomp secondary block file\n"); printf("\tfseccomp default file\n"); printf("\tfseccomp default file allow-debuggers\n"); + printf("\tfseccomp default32 file\n"); + printf("\tfseccomp default32 file allow-debuggers\n"); printf("\tfseccomp drop file1 file2 list\n"); printf("\tfseccomp drop file1 file2 list allow-debuggers\n"); + printf("\tfseccomp drop32 file1 file2 list\n"); + printf("\tfseccomp drop32 file1 file2 list allow-debuggers\n"); printf("\tfseccomp default drop file1 file2 list\n"); printf("\tfseccomp default drop file1 file2 list allow-debuggers\n"); + printf("\tfseccomp default32 drop file1 file2 list\n"); + printf("\tfseccomp default32 drop file1 file2 list allow-debuggers\n"); printf("\tfseccomp keep file1 file2 list\n"); + printf("\tfseccomp keep32 file1 file2 list\n"); printf("\tfseccomp memory-deny-write-execute file\n"); + printf("\tfseccomp memory-deny-write-execute.32 file\n"); } int main(int argc, char **argv) { @@ -64,6 +73,8 @@ printf("\n"); } else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) syscall_print(); + else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0) + syscall_print_32(); else if (argc == 2 && strcmp(argv[1], "debug-errnos") == 0) errno_print(); else if (argc == 2 && strcmp(argv[1], "debug-protocols") == 0) @@ -75,21 +86,37 @@ printf("\n"); else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "block") == 0) seccomp_secondary_block(argv[3]); else if (argc == 3 && strcmp(argv[1], "default") == 0) - seccomp_default(argv[2], 0); + seccomp_default(argv[2], 0, true); else if (argc == 4 && strcmp(argv[1], "default") == 0 && strcmp(argv[3], "allow-debuggers") == 0) - seccomp_default(argv[2], 1); + seccomp_default(argv[2], 1, true); + else if (argc == 3 && strcmp(argv[1], "default32") == 0) + seccomp_default(argv[2], 0, false); + else if (argc == 4 && strcmp(argv[1], "default32") == 0 && strcmp(argv[3], "allow-debuggers") == 0) + seccomp_default(argv[2], 1, false); else if (argc == 5 && strcmp(argv[1], "drop") == 0) - seccomp_drop(argv[2], argv[3], argv[4], 0); + seccomp_drop(argv[2], argv[3], argv[4], 0, true); else if (argc == 6 && strcmp(argv[1], "drop") == 0 && strcmp(argv[5], "allow-debuggers") == 0) - seccomp_drop(argv[2], argv[3], argv[4], 1); + seccomp_drop(argv[2], argv[3], argv[4], 1, true); + else if (argc == 5 && strcmp(argv[1], "drop32") == 0) + seccomp_drop(argv[2], argv[3], argv[4], 0, false); + else if (argc == 6 && strcmp(argv[1], "drop32") == 0 && strcmp(argv[5], "allow-debuggers") == 0) + seccomp_drop(argv[2], argv[3], argv[4], 1, false); else if (argc == 6 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0) - seccomp_default_drop(argv[3], argv[4], argv[5], 0); + seccomp_default_drop(argv[3], argv[4], argv[5], 0, true); else if (argc == 7 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) - seccomp_default_drop(argv[3], argv[4], argv[5], 1); + seccomp_default_drop(argv[3], argv[4], argv[5], 1, true); + else if (argc == 6 && strcmp(argv[1], "default32") == 0 && strcmp(argv[2], "drop") == 0) + seccomp_default_drop(argv[3], argv[4], argv[5], 0, false); + else if (argc == 7 && strcmp(argv[1], "default32") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) + seccomp_default_drop(argv[3], argv[4], argv[5], 1, false); else if (argc == 5 && strcmp(argv[1], "keep") == 0) - seccomp_keep(argv[2], argv[3], argv[4]); + seccomp_keep(argv[2], argv[3], argv[4], true); + else if (argc == 5 && strcmp(argv[1], "keep32") == 0) + seccomp_keep(argv[2], argv[3], argv[4], false); else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute") == 0) memory_deny_write_execute(argv[2]); + else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute.32") == 0) + memory_deny_write_execute_32(argv[2]); else { fprintf(stderr, "Error fseccomp: invalid arguments\n"); return 1; diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index 7a21eb2c2..b8b30f488 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c @@ -122,10 +122,23 @@ void protocol_build_filter(const char *prlist, const char *fname) { // header struct sock_filter filter_start[] = { - VALIDATE_ARCHITECTURE, - EXAMINE_SYSCALL, - ONLY(SYS_socket), - EXAMINE_ARGUMENT(0) +#if defined __x86_64__ + /* check for native arch */ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1 + 2 + 1, 0), + /* i386 filter */ + EXAMINE_SYSCALL, // 1 + // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp + ONLY(359), // 1 + 2 + BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 2), 0, 0), // 1 + 2 + 1 +#else +#warning 32 bit protocol filter not implemented yet for your architecture +#endif + VALIDATE_ARCHITECTURE, // 3 + EXAMINE_SYSCALL, // 3 + 1 + ONLY(SYS_socket), // 3 + 1 + 2 + + EXAMINE_ARGUMENT(0) // 3 + 1 + 2 + 1 }; memcpy(ptr, &filter_start[0], sizeof(filter_start)); ptr += sizeof(filter_start); diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 29aa2f2f5..0db7b5954 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c @@ -24,12 +24,12 @@ #include #include -static void add_default_list(int fd, int allow_debuggers) { +static void add_default_list(int fd, int allow_debuggers, bool native) { int r; if (!allow_debuggers) - r = syscall_check_list("@default-nodebuggers", filter_add_blacklist, fd, 0, NULL); + r = syscall_check_list("@default-nodebuggers", filter_add_blacklist, fd, 0, NULL, native); else - r = syscall_check_list("@default", filter_add_blacklist, fd, 0, NULL); + r = syscall_check_list("@default", filter_add_blacklist, fd, 0, NULL, native); assert(r == 0); //#ifdef SYS_mknod - emoved in 0.9.29 - it breaks Zotero extension @@ -46,7 +46,7 @@ static void add_default_list(int fd, int allow_debuggers) { } // default list -void seccomp_default(const char *fname, int allow_debuggers) { +void seccomp_default(const char *fname, int allow_debuggers, bool native) { assert(fname); // open file @@ -57,8 +57,8 @@ void seccomp_default(const char *fname, int allow_debuggers) { } // build filter (no post-exec filter needed because default list is fine for us) - filter_init(fd); - add_default_list(fd, allow_debuggers); + filter_init(fd, native); + add_default_list(fd, allow_debuggers, native); filter_end_blacklist(fd); // close file @@ -66,7 +66,7 @@ void seccomp_default(const char *fname, int allow_debuggers) { } // drop list -void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers) { +void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers, bool native) { assert(fname1); assert(fname2); (void) allow_debuggers; // todo: to implemnet it @@ -79,15 +79,15 @@ void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_ } // build pre-exec filter: don't blacklist any syscalls in @default-keep - filter_init(fd); + filter_init(fd, native); // allow exceptions in form of !syscall - syscall_check_list(list, filter_add_whitelist_for_excluded, fd, 0, NULL); + syscall_check_list(list, filter_add_whitelist_for_excluded, fd, 0, NULL, native); char *prelist, *postlist; - syscalls_in_list(list, "@default-keep", fd, &prelist, &postlist); + syscalls_in_list(list, "@default-keep", fd, &prelist, &postlist, native); if (prelist) - if (syscall_check_list(prelist, filter_add_blacklist, fd, 0, NULL)) { + if (syscall_check_list(prelist, filter_add_blacklist, fd, 0, NULL, native)) { fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); exit(1); } @@ -106,8 +106,8 @@ void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_ } // build post-exec filter: blacklist remaining syscalls - filter_init(fd); - if (syscall_check_list(postlist, filter_add_blacklist, fd, 0, NULL)) { + filter_init(fd, native); + if (syscall_check_list(postlist, filter_add_blacklist, fd, 0, NULL, native)) { fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); exit(1); } @@ -118,7 +118,7 @@ void seccomp_drop(const char *fname1, const char *fname2, char *list, int allow_ } // default+drop -void seccomp_default_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers) { +void seccomp_default_drop(const char *fname1, const char *fname2, char *list, int allow_debuggers, bool native) { assert(fname1); assert(fname2); @@ -131,16 +131,16 @@ void seccomp_default_drop(const char *fname1, const char *fname2, char *list, in // build pre-exec filter: blacklist @default, don't blacklist // any listed syscalls in @default-keep - filter_init(fd); + filter_init(fd, native); // allow exceptions in form of !syscall - syscall_check_list(list, filter_add_whitelist_for_excluded, fd, 0, NULL); + syscall_check_list(list, filter_add_whitelist_for_excluded, fd, 0, NULL, native); - add_default_list(fd, allow_debuggers); + add_default_list(fd, allow_debuggers, native); char *prelist, *postlist; - syscalls_in_list(list, "@default-keep", fd, &prelist, &postlist); + syscalls_in_list(list, "@default-keep", fd, &prelist, &postlist, native); if (prelist) - if (syscall_check_list(prelist, filter_add_blacklist, fd, 0, NULL)) { + if (syscall_check_list(prelist, filter_add_blacklist, fd, 0, NULL, native)) { fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); exit(1); } @@ -160,8 +160,8 @@ void seccomp_default_drop(const char *fname1, const char *fname2, char *list, in } // build post-exec filter: blacklist remaining syscalls - filter_init(fd); - if (syscall_check_list(postlist, filter_add_blacklist, fd, 0, NULL)) { + filter_init(fd, native); + if (syscall_check_list(postlist, filter_add_blacklist, fd, 0, NULL, native)) { fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); exit(1); } @@ -171,7 +171,7 @@ void seccomp_default_drop(const char *fname1, const char *fname2, char *list, in close(fd); } -void seccomp_keep(const char *fname1, const char *fname2, char *list) { +void seccomp_keep(const char *fname1, const char *fname2, char *list, bool native) { (void) fname2; // open file for pre-exec filter @@ -182,17 +182,17 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { } // build pre-exec filter: whitelist also @default-keep - filter_init(fd); + filter_init(fd, native); // allow exceptions in form of !syscall - syscall_check_list(list, filter_add_blacklist_for_excluded, fd, 0, NULL); + syscall_check_list(list, filter_add_blacklist_for_excluded, fd, 0, NULL, native); // these syscalls are used by firejail after the seccomp filter is initialized int r; - r = syscall_check_list("@default-keep", filter_add_whitelist, fd, 0, NULL); + r = syscall_check_list("@default-keep", filter_add_whitelist, fd, 0, NULL, native); assert(r == 0); - if (syscall_check_list(list, filter_add_whitelist, fd, 0, NULL)) { + if (syscall_check_list(list, filter_add_whitelist, fd, 0, NULL, native)) { fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); exit(1); } @@ -206,6 +206,15 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { #if defined(__x86_64__) || defined(__aarch64__) || defined(__powerpc64__) # define filter_syscall SYS_mmap # undef block_syscall +#if defined(__x86_64__) +// i386 syscalls +# define filter_syscall_32 192 +# define block_syscall_32 90 +# define mprotect_32 125 +# define pkey_mprotect_32 380 +# define shmat_32 397 +# define memfd_create_32 356 +#endif #elif defined(__i386__) # define filter_syscall SYS_mmap2 # define block_syscall SYS_mmap @@ -216,6 +225,12 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { # warning "Platform does not support seccomp memory-deny-write-execute filter yet" # undef filter_syscall # undef block_syscall +# undef filter_syscall_32 +# undef block_syscall_32 +# undef mprotect_32 +# undef pkey_mprotect_32 +# undef shmat_32 +# undef memfd_create_32 #endif void memory_deny_write_execute(const char *fname) { @@ -226,10 +241,10 @@ void memory_deny_write_execute(const char *fname) { exit(1); } - filter_init(fd); + filter_init(fd, true); // build filter - static const struct sock_filter filter[] = { + struct sock_filter filter[] = { #ifdef block_syscall // block old multiplexing mmap syscall for i386 BLACKLIST(block_syscall), @@ -288,3 +303,75 @@ void memory_deny_write_execute(const char *fname) { // close file close(fd); } + +void memory_deny_write_execute_32(const char *fname) { + // open file + int fd = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + if (fd < 0) { + fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); + exit(1); + } + + filter_init(fd, false); + + // build filter + struct sock_filter filter[] = { +#if defined(__x86_64__) +#ifdef block_syscall_32 + // block old multiplexing mmap syscall for i386 + BLACKLIST(block_syscall_32), +#endif +#ifdef filter_syscall_32 + // block mmap(,,x|PROT_WRITE|PROT_EXEC) so W&X memory can't be created + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, filter_syscall_32, 0, 5), + EXAMINE_ARGUMENT(2), + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE|PROT_EXEC), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1), + KILL_PROCESS, + RETURN_ALLOW, +#endif +#ifdef mprotect_32 + // block mprotect(,,PROT_EXEC) so writable memory can't be turned into executable + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, mprotect_32, 0, 5), + EXAMINE_ARGUMENT(2), + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1), + KILL_PROCESS, + RETURN_ALLOW, +#endif +#ifdef pkey_mprotect_32 + // same for pkey_mprotect(,,PROT_EXEC), where available + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, pkey_mprotect_32, 0, 5), + EXAMINE_ARGUMENT(2), + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1), + KILL_PROCESS, + RETURN_ALLOW, +#endif + +#ifdef shmat_32 + // block shmat(,,x|SHM_EXEC) so W&X shared memory can't be created + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, shmat_32, 0, 5), + EXAMINE_ARGUMENT(2), + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1), + KILL_PROCESS, + RETURN_ALLOW, +#endif +#ifdef memfd_create_32 + // block memfd_create as it can be used to create + // arbitrary memory contents which can be later mapped + // as executable + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, memfd_create_32, 0, 1), + KILL_PROCESS, +#endif +#endif + RETURN_ALLOW + }; + write_to_file(fd, filter, sizeof(filter)); + + filter_end_blacklist(fd); + + // close file + close(fd); +} diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c index e47e8db25..872b41261 100644 --- a/src/fseccomp/seccomp_file.c +++ b/src/fseccomp/seccomp_file.c @@ -21,11 +21,11 @@ #include "../include/seccomp.h" #include -void write_to_file(int fd, const void *data, int size) { +void write_to_file(int fd, const void *data, size_t size) { assert(data); assert(size); - int written = 0; + size_t written = 0; while (written < size) { int rv = write(fd, (unsigned char *) data + written, size - written); if (rv == -1) { @@ -36,8 +36,8 @@ void write_to_file(int fd, const void *data, int size) { } } -void filter_init(int fd) { - struct sock_filter filter[] = { +void filter_init(int fd, bool native) { + struct sock_filter filter_native[] = { VALIDATE_ARCHITECTURE, #if defined(__x86_64__) EXAMINE_SYSCALL, @@ -46,6 +46,10 @@ void filter_init(int fd) { EXAMINE_SYSCALL #endif }; + struct sock_filter filter_32[] = { + VALIDATE_ARCHITECTURE_32, + EXAMINE_SYSCALL + }; #if 0 { @@ -57,7 +61,10 @@ void filter_init(int fd) { } #endif - write_to_file(fd, filter, sizeof(filter)); + if (native) + write_to_file(fd, filter_native, sizeof(filter_native)); + else + write_to_file(fd, filter_32, sizeof(filter_32)); } static void write_whitelist(int fd, int syscall) { @@ -74,9 +81,10 @@ static void write_blacklist(int fd, int syscall) { write_to_file(fd, filter, sizeof(filter)); } -void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg) { +void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg, bool native) { (void) arg; (void) ptrarg; + (void) native; if (syscall >= 0) { write_whitelist(fd, syscall); @@ -84,18 +92,20 @@ void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg) { } // handle seccomp list exceptions (seccomp x,y,!z) -void filter_add_whitelist_for_excluded(int fd, int syscall, int arg, void *ptrarg) { +void filter_add_whitelist_for_excluded(int fd, int syscall, int arg, void *ptrarg, bool native) { (void) arg; (void) ptrarg; + (void) native; if (syscall < 0) { write_whitelist(fd, -syscall); } } -void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg) { +void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg, bool native) { (void) arg; (void) ptrarg; + (void) native; if (syscall >= 0) { write_blacklist(fd, syscall); @@ -103,17 +113,20 @@ void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg) { } // handle seccomp list exceptions (seccomp x,y,!z) -void filter_add_blacklist_for_excluded(int fd, int syscall, int arg, void *ptrarg) { +void filter_add_blacklist_for_excluded(int fd, int syscall, int arg, void *ptrarg, bool native) { (void) arg; (void) ptrarg; + (void) native; if (syscall < 0) { write_blacklist(fd, -syscall); } } -void filter_add_errno(int fd, int syscall, int arg, void *ptrarg) { +void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) { (void) ptrarg; + (void) native; + struct sock_filter filter[] = { BLACKLIST_ERRNO(syscall, arg) }; diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c deleted file mode 100644 index 2b112245c..000000000 --- a/src/fseccomp/syscall.c +++ /dev/null @@ -1,1632 +0,0 @@ -/* - * Copyright (C) 2014-2020 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ -#define _GNU_SOURCE -#include "fseccomp.h" -#include -#include - -typedef struct { - const char * const name; - int nr; -} SyscallEntry; - -typedef struct { - const char * const name; - const char * const list; -} SyscallGroupList; - -typedef struct { - const char *slist; - char *prelist, *postlist; - bool found; - int syscall; -} SyscallCheckList; - -static const SyscallEntry syslist[] = { -// -// code generated using tools/extract-syscall -// -#include "../include/syscall.h" -// -// end of generated code -// -}; // end of syslist - -static const SyscallGroupList sysgroups[] = { - { .name = "@aio", .list = -#ifdef SYS_io_cancel - "io_cancel," -#endif -#ifdef SYS_io_destroy - "io_destroy," -#endif -#ifdef SYS_io_getevents - "io_getevents," -#endif -#ifdef SYS_io_pgetevents - "io_pgetevents," -#endif -#ifdef SYS_io_setup - "io_setup," -#endif -#ifdef SYS_io_submit - "io_submit" -#endif - }, - { .name = "@basic-io", .list = -#ifdef SYS__llseek - "_llseek," -#endif -#ifdef SYS_close - "close," -#endif -#ifdef SYS_dup - "dup," -#endif -#ifdef SYS_dup2 - "dup2," -#endif -#ifdef SYS_dup3 - "dup3," -#endif -#ifdef SYS_lseek - "lseek," -#endif -#ifdef SYS_pread64 - "pread64," -#endif -#ifdef SYS_preadv - "preadv," -#endif -#ifdef SYS_preadv2 - "preadv2," -#endif -#ifdef SYS_pwrite64 - "pwrite64," -#endif -#ifdef SYS_pwritev - "pwritev," -#endif -#ifdef SYS_pwritev2 - "pwritev2," -#endif -#ifdef SYS_read - "read," -#endif -#ifdef SYS_readv - "readv," -#endif -#ifdef SYS_write - "write," -#endif -#ifdef SYS_writev - "writev" -#endif - }, - { .name = "@chown", .list = -#ifdef SYS_chown - "chown," -#endif -#ifdef SYS_chown32 - "chown32," -#endif -#ifdef SYS_fchown - "fchown," -#endif -#ifdef SYS_fchown32 - "fchown32," -#endif -#ifdef SYS_fchownat - "fchownat," -#endif -#ifdef SYS_lchown - "lchown," -#endif -#ifdef SYS_lchown32 - "lchown32" -#endif - }, - { .name = "@clock", .list = -#ifdef SYS_adjtimex - "adjtimex," -#endif -#ifdef SYS_clock_adjtime - "clock_adjtime," -#endif -#ifdef SYS_clock_settime - "clock_settime," -#endif -#ifdef SYS_settimeofday - "settimeofday," -#endif -#ifdef SYS_stime - "stime" -#endif - }, - { .name = "@cpu-emulation", .list = -#ifdef SYS_modify_ldt - "modify_ldt," -#endif -#ifdef SYS_subpage_prot - "subpage_prot," -#endif -#ifdef SYS_switch_endian - "switch_endian," -#endif -#ifdef SYS_vm86 - "vm86," -#endif -#ifdef SYS_vm86old - "vm86old" -#endif -#if !defined(SYS_modify_ldt) && !defined(SYS_subpage_prot) && !defined(SYS_switch_endian) && !defined(SYS_vm86) && !defined(SYS_vm86old) - "__dummy_syscall__" // workaround for arm64, s390x and sparc64 which don't have any of above defined and empty syscall lists are not allowed -#endif - }, - { .name = "@debug", .list = -#ifdef SYS_lookup_dcookie - "lookup_dcookie," -#endif -#ifdef SYS_perf_event_open - "perf_event_open," -#endif -#ifdef SYS_process_vm_writev - "process_vm_writev," -#endif -#ifdef SYS_rtas - "rtas," -#endif -#ifdef SYS_s390_runtime_instr - "s390_runtime_instr," -#endif -#ifdef SYS_sys_debug_setcontext - "sys_debug_setcontext," -#endif - }, - { .name = "@default", .list = - "@clock," - "@cpu-emulation," - "@debug," - "@module," - "@obsolete," - "@raw-io," - "@reboot," - "@swap," -#ifdef SYS_open_by_handle_at - "open_by_handle_at," -#endif -#ifdef SYS_name_to_handle_at - "name_to_handle_at," -#endif -#ifdef SYS_ioprio_set - "ioprio_set," -#endif -#ifdef SYS_ni_syscall - "ni_syscall," -#endif -#ifdef SYS_syslog - "syslog," -#endif -#ifdef SYS_fanotify_init - "fanotify_init," -#endif -#ifdef SYS_kcmp - "kcmp," -#endif -#ifdef SYS_add_key - "add_key," -#endif -#ifdef SYS_request_key - "request_key," -#endif -#ifdef SYS_mbind - "mbind," -#endif -#ifdef SYS_migrate_pages - "migrate_pages," -#endif -#ifdef SYS_move_pages - "move_pages," -#endif -#ifdef SYS_keyctl - "keyctl," -#endif -#ifdef SYS_io_setup - "io_setup," -#endif -#ifdef SYS_io_destroy - "io_destroy," -#endif -#ifdef SYS_io_getevents - "io_getevents," -#endif -#ifdef SYS_io_submit - "io_submit," -#endif -#ifdef SYS_io_cancel - "io_cancel," -#endif -#ifdef SYS_remap_file_pages - "remap_file_pages," -#endif -#ifdef SYS_set_mempolicy - "set_mempolicy" -#endif -#ifdef SYS_vmsplice - "vmsplice," -#endif -#ifdef SYS_umount - "umount," -#endif -#ifdef SYS_userfaultfd - "userfaultfd," -#endif -#ifdef SYS_acct - "acct," -#endif -#ifdef SYS_bpf - "bpf," -#endif -#ifdef SYS_chroot - "chroot," -#endif -#ifdef SYS_mount - "mount," -#endif -#ifdef SYS_nfsservctl - "nfsservctl," -#endif -#ifdef SYS_pivot_root - "pivot_root," -#endif -#ifdef SYS_setdomainname - "setdomainname," -#endif -#ifdef SYS_sethostname - "sethostname," -#endif -#ifdef SYS_umount2 - "umount2," -#endif -#ifdef SYS_vhangup - "vhangup" -#endif -//#ifdef SYS_mincore // 0.9.57 - problem fixed in Linux kernel 5.0; on 4.x it will break kodi, mpv, totem -// "mincore" -//#endif - }, - { .name = "@default-nodebuggers", .list = - "@default," -#ifdef SYS_ptrace - "ptrace," -#endif -#ifdef SYS_personality - "personality," -#endif -#ifdef SYS_process_vm_readv - "process_vm_readv" -#endif - }, - { .name = "@default-keep", .list = - "execve," - "prctl" - }, - { .name = "@file-system", .list = -#ifdef SYS_access - "access," -#endif -#ifdef SYS_chdir - "chdir," -#endif -#ifdef SYS_chmod - "chmod," -#endif -#ifdef SYS_close - "close," -#endif -#ifdef SYS_creat - "creat," -#endif -#ifdef SYS_faccessat - "faccessat," -#endif -#ifdef SYS_fallocate - "fallocate," -#endif -#ifdef SYS_fchdir - "fchdir," -#endif -#ifdef SYS_fchmod - "fchmod," -#endif -#ifdef SYS_fchmodat - "fchmodat," -#endif -#ifdef SYS_fcntl - "fcntl," -#endif -#ifdef SYS_fcntl64 - "fcntl64," -#endif -#ifdef SYS_fgetxattr - "fgetxattr," -#endif -#ifdef SYS_flistxattr - "flistxattr," -#endif -#ifdef SYS_fremovexattr - "fremovexattr," -#endif -#ifdef SYS_fsetxattr - "fsetxattr," -#endif -#ifdef SYS_fstat - "fstat," -#endif -#ifdef SYS_fstat64 - "fstat64," -#endif -#ifdef SYS_fstatat64 - "fstatat64," -#endif -#ifdef SYS_fstatfs - "fstatfs," -#endif -#ifdef SYS_fstatfs64 - "fstatfs64," -#endif -#ifdef SYS_ftruncate - "ftruncate," -#endif -#ifdef SYS_ftruncate64 - "ftruncate64," -#endif -#ifdef SYS_futimesat - "futimesat," -#endif -#ifdef SYS_getcwd - "getcwd," -#endif -#ifdef SYS_getdents - "getdents," -#endif -#ifdef SYS_getdents64 - "getdents64," -#endif -#ifdef SYS_getxattr - "getxattr," -#endif -#ifdef SYS_inotify_add_watch - "inotify_add_watch," -#endif -#ifdef SYS_inotify_init - "inotify_init," -#endif -#ifdef SYS_inotify_init1 - "inotify_init1," -#endif -#ifdef SYS_inotify_rm_watch - "inotify_rm_watch," -#endif -#ifdef SYS_lgetxattr - "lgetxattr," -#endif -#ifdef SYS_link - "link," -#endif -#ifdef SYS_linkat - "linkat," -#endif -#ifdef SYS_listxattr - "listxattr," -#endif -#ifdef SYS_llistxattr - "llistxattr," -#endif -#ifdef SYS_lremovexattr - "lremovexattr," -#endif -#ifdef SYS_lsetxattr - "lsetxattr," -#endif -#ifdef SYS_lstat - "lstat," -#endif -#ifdef SYS_lstat64 - "lstat64," -#endif -#ifdef SYS_mkdir - "mkdir," -#endif -#ifdef SYS_mkdirat - "mkdirat," -#endif -#ifdef SYS_mknod - "mknod," -#endif -#ifdef SYS_mknodat - "mknodat," -#endif -#ifdef SYS_mmap - "mmap," -#endif -#ifdef SYS_mmap2 - "mmap2," -#endif -#ifdef SYS_munmap - "munmap," -#endif -#ifdef SYS_newfstatat - "newfstatat," -#endif -#ifdef SYS_oldfstat - "oldfstat," -#endif -#ifdef SYS_oldlstat - "oldlstat," -#endif -#ifdef SYS_oldstat - "oldstat," -#endif -#ifdef SYS_open - "open," -#endif -#ifdef SYS_openat - "openat," -#endif -#ifdef SYS_readlink - "readlink," -#endif -#ifdef SYS_readlinkat - "readlinkat," -#endif -#ifdef SYS_removexattr - "removexattr," -#endif -#ifdef SYS_rename - "rename," -#endif -#ifdef SYS_renameat - "renameat," -#endif -#ifdef SYS_renameat2 - "renameat2," -#endif -#ifdef SYS_rmdir - "rmdir," -#endif -#ifdef SYS_setxattr - "setxattr," -#endif -#ifdef SYS_stat - "stat," -#endif -#ifdef SYS_stat64 - "stat64," -#endif -#ifdef SYS_statfs - "statfs," -#endif -#ifdef SYS_statfs64 - "statfs64," -#endif -#ifdef SYS_statx - "statx," -#endif -#ifdef SYS_symlink - "symlink," -#endif -#ifdef SYS_symlinkat - "symlinkat," -#endif -#ifdef SYS_truncate - "truncate," -#endif -#ifdef SYS_truncate64 - "truncate64," -#endif -#ifdef SYS_unlink - "unlink," -#endif -#ifdef SYS_unlinkat - "unlinkat," -#endif -#ifdef SYS_utime - "utime," -#endif -#ifdef SYS_utimensat - "utimensat," -#endif -#ifdef SYS_utimes - "utimes" -#endif - }, - { .name = "@io-event", .list = -#ifdef SYS__newselect - "_newselect," -#endif -#ifdef SYS_epoll_create - "epoll_create," -#endif -#ifdef SYS_epoll_create1 - "epoll_create1," -#endif -#ifdef SYS_epoll_ctl - "epoll_ctl," -#endif -#ifdef SYS_epoll_ctl_old - "epoll_ctl_old," -#endif -#ifdef SYS_epoll_pwait - "epoll_pwait," -#endif -#ifdef SYS_epoll_wait - "epoll_wait," -#endif -#ifdef SYS_epoll_wait_old - "epoll_wait_old," -#endif -#ifdef SYS_eventfd - "eventfd," -#endif -#ifdef SYS_eventfd2 - "eventfd2," -#endif -#ifdef SYS_poll - "poll," -#endif -#ifdef SYS_ppoll - "ppoll," -#endif -#ifdef SYS_pselect6 - "pselect6," -#endif -#ifdef SYS_select - "select" -#endif - }, - { .name = "@ipc", .list = -#ifdef SYS_ipc - "ipc," -#endif -#ifdef SYS_memfd_create - "memfd_create," -#endif -#ifdef SYS_mq_getsetattr - "mq_getsetattr," -#endif -#ifdef SYS_mq_notify - "mq_notify," -#endif -#ifdef SYS_mq_open - "mq_open," -#endif -#ifdef SYS_mq_timedreceive - "mq_timedreceive," -#endif -#ifdef SYS_mq_timedsend - "mq_timedsend," -#endif -#ifdef SYS_mq_unlink - "mq_unlink," -#endif -#ifdef SYS_msgctl - "msgctl," -#endif -#ifdef SYS_msgget - "msgget," -#endif -#ifdef SYS_msgrcv - "msgrcv," -#endif -#ifdef SYS_msgsnd - "msgsnd," -#endif -#ifdef SYS_pipe - "pipe," -#endif -#ifdef SYS_pipe2 - "pipe2," -#endif -#ifdef SYS_process_vm_readv - "process_vm_readv," -#endif -#ifdef SYS_process_vm_writev - "process_vm_writev," -#endif -#ifdef SYS_semctl - "semctl," -#endif -#ifdef SYS_semget - "semget," -#endif -#ifdef SYS_semop - "semop," -#endif -#ifdef SYS_semtimedop - "semtimedop," -#endif -#ifdef SYS_shmat - "shmat," -#endif -#ifdef SYS_shmctl - "shmctl," -#endif -#ifdef SYS_shmdt - "shmdt," -#endif -#ifdef SYS_shmget - "shmget" -#endif - }, - { .name = "@keyring", .list = -#ifdef SYS_add_key - "add_key," -#endif -#ifdef SYS_keyctl - "keyctl," -#endif -#ifdef SYS_request_key - "request_key" -#endif - }, - { .name = "@memlock", .list = -#ifdef SYS_mlock - "mlock," -#endif -#ifdef SYS_mlock2 - "mlock2," -#endif -#ifdef SYS_mlockall - "mlockall," -#endif -#ifdef SYS_munlock - "munlock," -#endif -#ifdef SYS_munlockall - "munlockall" -#endif - }, - { .name = "@module", .list = -#ifdef SYS_delete_module - "delete_module," -#endif -#ifdef SYS_finit_module - "finit_module," -#endif -#ifdef SYS_init_module - "init_module" -#endif - }, - { .name = "@mount", .list = -#ifdef SYS_chroot - "chroot," -#endif -#ifdef SYS_mount - "mount," -#endif -#ifdef SYS_pivot_root - "pivot_root," -#endif -#ifdef SYS_umount - "umount," -#endif -#ifdef SYS_umount2 - "umount2" -#endif - }, - { .name = "@network-io", .list = -#ifdef SYS_accept - "accept," -#endif -#ifdef SYS_accept4 - "accept4," -#endif -#ifdef SYS_bind - "bind," -#endif -#ifdef SYS_connect - "connect," -#endif -#ifdef SYS_getpeername - "getpeername," -#endif -#ifdef SYS_getsockname - "getsockname," -#endif -#ifdef SYS_getsockopt - "getsockopt," -#endif -#ifdef SYS_listen - "listen," -#endif -#ifdef SYS_recv - "recv," -#endif -#ifdef SYS_recvfrom - "recvfrom," -#endif -#ifdef SYS_recvmmsg - "recvmmsg," -#endif -#ifdef SYS_recvmsg - "recvmsg," -#endif -#ifdef SYS_send - "send," -#endif -#ifdef SYS_sendmmsg - "sendmmsg," -#endif -#ifdef SYS_sendmsg - "sendmsg," -#endif -#ifdef SYS_sendto - "sendto," -#endif -#ifdef SYS_setsockopt - "setsockopt," -#endif -#ifdef SYS_shutdown - "shutdown," -#endif -#ifdef SYS_socket - "socket," -#endif -#ifdef SYS_socketcall - "socketcall," -#endif -#ifdef SYS_socketpair - "socketpair" -#endif - }, - { .name = "@obsolete", .list = -#ifdef SYS__sysctl - "_sysctl," -#endif -#ifdef SYS_afs_syscall - "afs_syscall," -#endif -#ifdef SYS_bdflush - "bdflush," -#endif -#ifdef SYS_break - "break," -#endif -#ifdef SYS_create_module - "create_module," -#endif -#ifdef SYS_ftime - "ftime," -#endif -#ifdef SYS_get_kernel_syms - "get_kernel_syms," -#endif -#ifdef SYS_getpmsg - "getpmsg," -#endif -#ifdef SYS_gtty - "gtty," -#endif -#ifdef SYS_idle - "idle," -#endif -#ifdef SYS_lock - "lock," -#endif -#ifdef SYS_mpx - "mpx," -#endif -#ifdef SYS_prof - "prof," -#endif -#ifdef SYS_profil - "profil," -#endif -#ifdef SYS_putpmsg - "putpmsg," -#endif -#ifdef SYS_query_module - "query_module," -#endif -#ifdef SYS_security - "security," -#endif -#ifdef SYS_sgetmask - "sgetmask," -#endif -#ifdef SYS_ssetmask - "ssetmask," -#endif -#ifdef SYS_stty - "stty," -#endif -#ifdef SYS_sysfs - "sysfs," -#endif -#ifdef SYS_tuxcall - "tuxcall," -#endif -#ifdef SYS_ulimit - "ulimit," -#endif -#ifdef SYS_uselib - "uselib," -#endif -#ifdef SYS_ustat - "ustat," -#endif -#ifdef SYS_vserver - "vserver" -#endif -#if !defined(SYS__sysctl) && !defined(SYS_afs_syscall) && !defined(SYS_bdflush) && !defined(SYS_break) && !defined(SYS_create_module) && !defined(SYS_ftime) && !defined(SYS_get_kernel_syms) && !defined(SYS_getpmsg) && !defined(SYS_gtty) && !defined(SYS_lock) && !defined(SYS_mpx) && !defined(SYS_prof) && !defined(SYS_profil) && !defined(SYS_putpmsg) && !defined(SYS_query_module) && !defined(SYS_security) && !defined(SYS_sgetmask) && !defined(SYS_ssetmask) && !defined(SYS_stty) && !defined(SYS_sysfs) && !defined(SYS_tuxcall) && !defined(SYS_ulimit) && !defined(SYS_uselib) && !defined(SYS_ustat) && !defined(SYS_vserver) - "__dummy_syscall__" // workaround for arm64 which doesn't have any of above defined and empty syscall lists are not allowed -#endif - }, - { .name = "@privileged", .list = - "@chown," - "@clock," - "@module," - "@raw-io," - "@reboot," - "@swap," -#ifdef SYS__sysctl - "_sysctl," -#endif -#ifdef SYS_acct - "acct," -#endif -#ifdef SYS_bpf - "bpf," -#endif -#ifdef SYS_capset - "capset," -#endif -#ifdef SYS_chroot - "chroot," -#endif -#ifdef SYS_fanotify_init - "fanotify_init," -#endif -#ifdef SYS_mount - "mount," -#endif -#ifdef SYS_nfsservctl - "nfsservctl," -#endif -#ifdef SYS_open_by_handle_at - "open_by_handle_at," -#endif -#ifdef SYS_pivot_root - "pivot_root," -#endif -#ifdef SYS_quotactl - "quotactl," -#endif -#ifdef SYS_setdomainname - "setdomainname," -#endif -#ifdef SYS_setfsuid - "setfsuid," -#endif -#ifdef SYS_setfsuid32 - "setfsuid32," -#endif -#ifdef SYS_setgroups - "setgroups," -#endif -#ifdef SYS_setgroups32 - "setgroups32," -#endif -#ifdef SYS_sethostname - "sethostname," -#endif -#ifdef SYS_setresuid - "setresuid," -#endif -#ifdef SYS_setresuid32 - "setresuid32," -#endif -#ifdef SYS_setreuid - "setreuid," -#endif -#ifdef SYS_setreuid32 - "setreuid32," -#endif -#ifdef SYS_setuid - "setuid," -#endif -#ifdef SYS_setuid32 - "setuid32," -#endif -#ifdef SYS_umount2 - "umount2," -#endif -#ifdef SYS_vhangup - "vhangup" -#endif - }, - { .name = "@process", .list = -#ifdef SYS_arch_prctl - "arch_prctl," -#endif -#ifdef SYS_capget - "capget," -#endif -#ifdef SYS_clone - "clone," -#endif -#ifdef SYS_execveat - "execveat," -#endif -#ifdef SYS_fork - "fork," -#endif -#ifdef SYS_getrusage - "getrusage," -#endif -#ifdef SYS_kill - "kill," -#endif -#ifdef SYS_pidfd_send_signal - "pidfd_send_signal," -#endif -#ifdef SYS_prctl - "prctl," -#endif -#ifdef SYS_rt_sigqueueinfo - "rt_sigqueueinfo," -#endif -#ifdef SYS_rt_tgsigqueueinfo - "rt_tgsigqueueinfo," -#endif -#ifdef SYS_setns - "setns," -#endif -#ifdef SYS_swapcontext - "swapcontext," -#endif -#ifdef SYS_tgkill - "tgkill," -#endif -#ifdef SYS_times - "times," -#endif -#ifdef SYS_tkill - "tkill," -#endif -#ifdef SYS_unshare - "unshare," -#endif -#ifdef SYS_vfork - "vfork," -#endif -#ifdef SYS_wait4 - "wait4," -#endif -#ifdef SYS_waitid - "waitid," -#endif -#ifdef SYS_waitpid - "waitpid" -#endif - }, - { .name = "@raw-io", .list = -#ifdef SYS_ioperm - "ioperm," -#endif -#ifdef SYS_iopl - "iopl," -#endif -#ifdef SYS_pciconfig_iobase - "pciconfig_iobase," -#endif -#ifdef SYS_pciconfig_read - "pciconfig_read," -#endif -#ifdef SYS_pciconfig_write - "pciconfig_write," -#endif -#ifdef SYS_s390_mmio_read - "s390_mmio_read," -#endif -#ifdef SYS_s390_mmio_write - "s390_mmio_write" -#endif -#if !defined(SYS_ioperm) && !defined(SYS_iopl) && !defined(SYS_pciconfig_iobase) && !defined(SYS_pciconfig_read) && !defined(SYS_pciconfig_write) && !defined(SYS_s390_mmio_read) && !defined(SYS_s390_mmio_write) - "__dummy_syscall__" // workaround for s390x which doesn't have any of above defined and empty syscall lists are not allowed -#endif - }, - { .name = "@reboot", .list = -#ifdef SYS_kexec_load - "kexec_load," -#endif -#ifdef SYS_kexec_file_load - "kexec_file_load," -#endif -#ifdef SYS_reboot - "reboot," -#endif - }, - { .name = "@resources", .list = -#ifdef SYS_ioprio_set - "ioprio_set," -#endif -#ifdef SYS_mbind - "mbind," -#endif -#ifdef SYS_migrate_pages - "migrate_pages," -#endif -#ifdef SYS_move_pages - "move_pages," -#endif -#ifdef SYS_nice - "nice," -#endif -#ifdef SYS_sched_setaffinity - "sched_setaffinity," -#endif -#ifdef SYS_sched_setattr - "sched_setattr," -#endif -#ifdef SYS_sched_setparam - "sched_setparam," -#endif -#ifdef SYS_sched_setscheduler - "sched_setscheduler," -#endif -#ifdef SYS_set_mempolicy - "set_mempolicy" -#endif - }, - { .name = "@setuid", .list = -#ifdef SYS_setgid - "setgid," -#endif -#ifdef SYS_setgid32 - "setgid32," -#endif -#ifdef SYS_setgroups - "setgroups," -#endif -#ifdef SYS_setgroups32 - "setgroups32," -#endif -#ifdef SYS_setregid - "setregid," -#endif -#ifdef SYS_setregid32 - "setregid32," -#endif -#ifdef SYS_setresgid - "setresgid," -#endif -#ifdef SYS_setresgid32 - "setresgid32," -#endif -#ifdef SYS_setresuid - "setresuid," -#endif -#ifdef SYS_setresuid32 - "setresuid32," -#endif -#ifdef SYS_setreuid - "setreuid," -#endif -#ifdef SYS_setreuid32 - "setreuid32," -#endif -#ifdef SYS_setuid - "setuid," -#endif -#ifdef SYS_setuid32 - "setuid32" -#endif - }, - { .name = "@signal", .list = -#ifdef SYS_rt_sigaction - "rt_sigaction," -#endif -#ifdef SYS_rt_sigpending - "rt_sigpending," -#endif -#ifdef SYS_rt_sigprocmask - "rt_sigprocmask," -#endif -#ifdef SYS_rt_sigsuspend - "rt_sigsuspend," -#endif -#ifdef SYS_rt_sigtimedwait - "rt_sigtimedwait," -#endif -#ifdef SYS_sigaction - "sigaction," -#endif -#ifdef SYS_sigaltstack - "sigaltstack," -#endif -#ifdef SYS_signal - "signal," -#endif -#ifdef SYS_signalfd - "signalfd," -#endif -#ifdef SYS_signalfd4 - "signalfd4," -#endif -#ifdef SYS_sigpending - "sigpending," -#endif -#ifdef SYS_sigprocmask - "sigprocmask," -#endif -#ifdef SYS_sigsuspend - "sigsuspend" -#endif - }, - { .name = "@swap", .list = -#ifdef SYS_swapon - "swapon," -#endif -#ifdef SYS_swapoff - "swapoff" -#endif - }, - { .name = "@sync", .list = -#ifdef SYS_fdatasync - "fdatasync," -#endif -#ifdef SYS_fsync - "fsync," -#endif -#ifdef SYS_msync - "msync," -#endif -#ifdef SYS_sync - "sync," -#endif -#ifdef SYS_sync_file_range - "sync_file_range," -#endif -#ifdef SYS_sync_file_range2 - "sync_file_range2," -#endif -#ifdef SYS_syncfs - "syncfs" -#endif - }, - { .name = "@system-service", .list = - "@aio," - "@basic-io," - "@chown," - "@default," - "@file-system," - "@io-event," - "@ipc," - "@keyring," - "@memlock," - "@network-io," - "@process," - "@resources," - "@setuid," - "@signal," - "@sync," - "@timer," -#ifdef SYS_brk - "brk," -#endif -#ifdef SYS_capget - "capget," -#endif -#ifdef SYS_capset - "capset," -#endif -#ifdef SYS_copy_file_range - "copy_file_range," -#endif -#ifdef SYS_fadvise64 - "fadvise64," -#endif -#ifdef SYS_fadvise64_64 - "fadvise64_64," -#endif -#ifdef SYS_flock - "flock," -#endif -#ifdef SYS_get_mempolicy - "get_mempolicy," -#endif -#ifdef SYS_getcpu - "getcpu," -#endif -#ifdef SYS_getpriority - "getpriority," -#endif -#ifdef SYS_getrandom - "getrandom," -#endif -#ifdef SYS_ioctl - "ioctl," -#endif -#ifdef SYS_ioprio_get - "ioprio_get," -#endif -#ifdef SYS_kcmp - "kcmp," -#endif -#ifdef SYS_madvise - "madvise," -#endif -#ifdef SYS_mprotect - "mprotect," -#endif -#ifdef SYS_mremap - "mremap," -#endif -#ifdef SYS_name_to_handle_at - "name_to_handle_at," -#endif -#ifdef SYS_oldolduname - "oldolduname," -#endif -#ifdef SYS_olduname - "olduname," -#endif -#ifdef SYS_personality - "personality," -#endif -#ifdef SYS_readahead - "readahead," -#endif -#ifdef SYS_readdir - "readdir," -#endif -#ifdef SYS_remap_file_pages - "remap_file_pages," -#endif -#ifdef SYS_sched_get_priority_max - "sched_get_priority_max," -#endif -#ifdef SYS_sched_get_priority_min - "sched_get_priority_min," -#endif -#ifdef SYS_sched_getaffinity - "sched_getaffinity," -#endif -#ifdef SYS_sched_getattr - "sched_getattr," -#endif -#ifdef SYS_sched_getparam - "sched_getparam," -#endif -#ifdef SYS_sched_getscheduler - "sched_getscheduler," -#endif -#ifdef SYS_sched_rr_get_interval - "sched_rr_get_interval," -#endif -#ifdef SYS_sched_yield - "sched_yield," -#endif -#ifdef SYS_sendfile - "sendfile," -#endif -#ifdef SYS_sendfile64 - "sendfile64," -#endif -#ifdef SYS_setfsgid - "setfsgid," -#endif -#ifdef SYS_setfsgid32 - "setfsgid32," -#endif -#ifdef SYS_setfsuid - "setfsuid," -#endif -#ifdef SYS_setfsuid32 - "setfsuid32," -#endif -#ifdef SYS_setpgid - "setpgid," -#endif -#ifdef SYS_setsid - "setsid," -#endif -#ifdef SYS_splice - "splice," -#endif -#ifdef SYS_sysinfo - "sysinfo," -#endif -#ifdef SYS_tee - "tee," -#endif -#ifdef SYS_umask - "umask," -#endif -#ifdef SYS_uname - "uname," -#endif -#ifdef SYS_userfaultfd - "userfaultfd," -#endif -#ifdef SYS_vmsplice - "vmsplice" -#endif - }, - { .name = "@timer", .list = -#ifdef SYS_alarm - "alarm," -#endif -#ifdef SYS_getitimer - "getitimer," -#endif -#ifdef SYS_setitimer - "setitimer," -#endif -#ifdef SYS_timer_create - "timer_create," -#endif -#ifdef SYS_timer_delete - "timer_delete," -#endif -#ifdef SYS_timer_getoverrun - "timer_getoverrun," -#endif -#ifdef SYS_timer_gettime - "timer_gettime," -#endif -#ifdef SYS_timer_settime - "timer_settime," -#endif -#ifdef SYS_timerfd_create - "timerfd_create," -#endif -#ifdef SYS_timerfd_gettime - "timerfd_gettime," -#endif -#ifdef SYS_timerfd_settime - "timerfd_settime," -#endif -#ifdef SYS_times - "times" -#endif - } -}; - -// return -1 if error, or syscall number -static int syscall_find_name(const char *name) { - int i; - int elems = sizeof(syslist) / sizeof(syslist[0]); - for (i = 0; i < elems; i++) { - if (strcmp(name, syslist[i].name) == 0) - return syslist[i].nr; - } - - return -1; -} - -const char *syscall_find_nr(int nr) { - int i; - int elems = sizeof(syslist) / sizeof(syslist[0]); - for (i = 0; i < elems; i++) { - if (nr == syslist[i].nr) - return syslist[i].name; - } - - return "unknown"; -} - -void syscall_print(void) { - int i; - int elems = sizeof(syslist) / sizeof(syslist[0]); - for (i = 0; i < elems; i++) { - printf("%d\t- %s\n", syslist[i].nr, syslist[i].name); - } - printf("\n"); -} - -static const char *syscall_find_group(const char *name) { - int i; - int elems = sizeof(sysgroups) / sizeof(sysgroups[0]); - for (i = 0; i < elems; i++) { - if (strcmp(name, sysgroups[i].name) == 0) - return sysgroups[i].list; - } - - return NULL; -} - -// allowed input: -// - syscall -// - syscall(error) -static void syscall_process_name(const char *name, int *syscall_nr, int *error_nr) { - assert(name); - if (strlen(name) == 0) - goto error; - *error_nr = -1; - - // syntax check - char *str = strdup(name); - if (!str) - errExit("strdup"); - - char *syscall_name = str; - char *error_name = strchr(str, ':'); - if (error_name) { - *error_name = '\0'; - error_name++; - } - if (strlen(syscall_name) == 0) { - free(str); - goto error; - } - - if (*syscall_name == '$') - *syscall_nr = strtol(syscall_name + 1, NULL, 0); - else - *syscall_nr = syscall_find_name(syscall_name); - if (error_name) { - *error_nr = errno_find_name(error_name); - if (*error_nr == -1) - *syscall_nr = -1; - } - - free(str); - return; - -error: - fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name); - exit(1); -} - -// return 1 if error, 0 if OK -int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, int arg, void *ptrarg), int fd, int arg, void *ptrarg) { - // don't allow empty lists - if (slist == NULL || *slist == '\0') { - fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n"); - exit(1); - } - - // work on a copy of the string - char *str = strdup(slist); - if (!str) - errExit("strdup"); - - char *saveptr; - char *ptr = strtok_r(str, ",", &saveptr); - if (ptr == NULL) { - fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n"); - exit(1); - } - - while (ptr) { - int syscall_nr; - int error_nr; - if (*ptr == '@') { - const char *new_list = syscall_find_group(ptr); - if (!new_list) { - fprintf(stderr, "Error fseccomp: unknown syscall group %s\n", ptr); - exit(1); - } - syscall_check_list(new_list, callback, fd, arg, ptrarg); - } - else { - bool negate = false; - if (*ptr == '!') { - negate = true; - ptr++; - } - syscall_process_name(ptr, &syscall_nr, &error_nr); - if (syscall_nr == -1) {;} - else if (callback != NULL) { - if (negate) { - syscall_nr = -syscall_nr; - } - if (error_nr != -1 && fd != 0) { - filter_add_errno(fd, syscall_nr, error_nr, ptrarg); - } - else if (error_nr != -1 && fd == 0) { - callback(fd, syscall_nr, error_nr, ptrarg); - } - else { - callback(fd, syscall_nr, arg, ptrarg); - } - } - } - ptr = strtok_r(NULL, ",", &saveptr); - } - - free(str); - return 0; -} - -static void find_syscall(int fd, int syscall, int arg, void *ptrarg) { - (void)fd; - (void) arg; - SyscallCheckList *ptr = ptrarg; - if (abs(syscall) == ptr->syscall) - ptr->found = true; -} - -// go through list2 and find matches for problem syscall -static void syscall_in_list(int fd, int syscall, int arg, void *ptrarg) { - (void) fd; - (void)arg; - SyscallCheckList *ptr = ptrarg; - SyscallCheckList sl; - sl.found = false; - sl.syscall = syscall; - syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl); - // if found in the problem list, add to post-exec list - if (sl.found) { - if (ptr->postlist) { - if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, syscall_find_nr(syscall)) == -1) - errExit("asprintf"); - } - else - ptr->postlist = strdup(syscall_find_nr(syscall)); - } - else { // no problem, add to pre-exec list - // build syscall:error_no - char *newcall = NULL; - if (arg != 0) { - if (asprintf(&newcall, "%s:%s", syscall_find_nr(syscall), errno_find_nr(arg)) == -1) - errExit("asprintf"); - } - else { - newcall = strdup(syscall_find_nr(syscall)); - if (!newcall) - errExit("strdup"); - } - - if (ptr->prelist) { - if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, newcall) == -1) - errExit("asprintf"); - free(newcall); - } - else - ptr->prelist = newcall; - } -} - -// go through list and find matches for syscalls in list @default-keep -void syscalls_in_list(const char *list, const char *slist, int fd, char **prelist, char **postlist) { - (void) fd; - SyscallCheckList sl; - // these syscalls are used by firejail after the seccomp filter is initialized - sl.slist = slist; - sl.prelist = NULL; - sl.postlist = NULL; - syscall_check_list(list, syscall_in_list, 0, 0, &sl); - if (!arg_quiet) { - printf("Seccomp list in: %s,", list); - if (sl.slist) - printf(" check list: %s,", sl.slist); - if (sl.prelist) - printf(" prelist: %s,", sl.prelist); - if (sl.postlist) - printf(" postlist: %s", sl.postlist); - printf("\n"); - } - *prelist = sl.prelist; - *postlist = sl.postlist; -} diff --git a/src/include/rundefs.h b/src/include/rundefs.h index 1cfeee28d..32f5ff12c 100644 --- a/src/include/rundefs.h +++ b/src/include/rundefs.h @@ -62,13 +62,17 @@ #define RUN_SECCOMP_PROTOCOL RUN_SECCOMP_DIR "/seccomp.protocol" // protocol filter #define RUN_SECCOMP_CFG RUN_SECCOMP_DIR "/seccomp" // configured filter #define RUN_SECCOMP_32 RUN_SECCOMP_DIR "/seccomp.32" // 32bit arch filter installed on 64bit architectures -#define RUN_SECCOMP_MDWX RUN_SECCOMP_DIR "/seccomp.mdwx" // filter for memory-deny-write-execute +#define RUN_SECCOMP_MDWX RUN_SECCOMP_DIR "/seccomp.mdwx" // filter for memory-deny-write-execute +#define RUN_SECCOMP_MDWX_32 RUN_SECCOMP_DIR "/seccomp.mdwx.32" #define RUN_SECCOMP_BLOCK_SECONDARY RUN_SECCOMP_DIR "/seccomp.block_secondary" // secondary arch blocking filter #define RUN_SECCOMP_POSTEXEC RUN_SECCOMP_DIR "/seccomp.postexec" // filter for post-exec library +#define RUN_SECCOMP_POSTEXEC_32 RUN_SECCOMP_DIR "/seccomp.postexec32" // filter for post-exec library #define PATH_SECCOMP_DEFAULT LIBDIR "/firejail/seccomp" // default filter built during make -#define PATH_SECCOMP_DEFAULT_DEBUG LIBDIR "/firejail/seccomp.debug" // default filter built during make +#define PATH_SECCOMP_DEFAULT_DEBUG LIBDIR "/firejail/seccomp.debug" // debug filter built during make #define PATH_SECCOMP_32 LIBDIR "/firejail/seccomp.32" // 32bit arch filter built during make -#define PATH_SECCOMP_MDWX LIBDIR "/firejail/seccomp.mdwx" // filter for memory-deny-write-execute built during make +#define PATH_SECCOMP_DEBUG_32 LIBDIR "/firejail/seccomp.debug32" // 32bit arch debug filter built during make +#define PATH_SECCOMP_MDWX LIBDIR "/firejail/seccomp.mdwx" // filter for memory-deny-write-execute built during make +#define PATH_SECCOMP_MDWX_32 LIBDIR "/firejail/seccomp.mdwx.32" #define PATH_SECCOMP_BLOCK_SECONDARY LIBDIR "/firejail/seccomp.block_secondary" // secondary arch blocking filter built during make diff --git a/src/include/syscall.h b/src/include/syscall.h index e11c56a05..9841fc7ab 100644 --- a/src/include/syscall.h +++ b/src/include/syscall.h @@ -17,5195 +17,28 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#ifndef SYSCALL_H +#define SYSCALL_H + +#include + +// main.c +extern int arg_quiet; + +// seccomp_file.c or dummy versions in firejail/main.c and fsec-print/main.c +void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native); + +// errno.c +void errno_print(void); +int errno_find_name(const char *name); +char *errno_find_nr(int nr); + +// syscall.c +void syscall_print(void); +void syscall_print_32(void); +typedef void (filter_fn)(int fd, int syscall, int arg, void *ptrarg, bool native); +int syscall_check_list(const char *slist, filter_fn *callback, int fd, int arg, void *ptrarg, bool native); +const char *syscall_find_nr(int nr); +void syscalls_in_list(const char *list, const char *slist, int fd, char **prelist, char **postlist, bool native); -// content extracted from /bits/syscall.h file form glibc 2.22 -// using ../tools/extract_syscall tool -#if !defined __x86_64__ -#ifdef SYS__llseek -#ifdef __NR__llseek - {"_llseek", __NR__llseek}, -#endif -#endif -#ifdef SYS__newselect -#ifdef __NR__newselect - {"_newselect", __NR__newselect}, -#endif -#endif -#ifdef SYS__sysctl -#ifdef __NR__sysctl - {"_sysctl", __NR__sysctl}, -#endif -#endif -#ifdef SYS_accept4 -#ifdef __NR_accept4 - {"accept4", __NR_accept4}, -#endif -#endif -#ifdef SYS_access -#ifdef __NR_access - {"access", __NR_access}, -#endif -#endif -#ifdef SYS_acct -#ifdef __NR_acct - {"acct", __NR_acct}, -#endif -#endif -#ifdef SYS_add_key -#ifdef __NR_add_key - {"add_key", __NR_add_key}, -#endif -#endif -#ifdef SYS_adjtimex -#ifdef __NR_adjtimex - {"adjtimex", __NR_adjtimex}, -#endif -#endif -#ifdef SYS_afs_syscall -#ifdef __NR_afs_syscall - {"afs_syscall", __NR_afs_syscall}, -#endif -#endif -#ifdef SYS_alarm -#ifdef __NR_alarm - {"alarm", __NR_alarm}, -#endif -#endif -#ifdef SYS_arch_prctl -#ifdef __NR_arch_prctl - {"arch_prctl", __NR_arch_prctl}, -#endif -#endif -#ifdef SYS_bdflush -#ifdef __NR_bdflush - {"bdflush", __NR_bdflush}, -#endif -#endif -#ifdef SYS_bind -#ifdef __NR_bind - {"bind", __NR_bind}, -#endif -#endif -#ifdef SYS_bpf -#ifdef __NR_bpf - {"bpf", __NR_bpf}, -#endif -#endif -#ifdef SYS_break -#ifdef __NR_break - {"break", __NR_break}, -#endif -#endif -#ifdef SYS_brk -#ifdef __NR_brk - {"brk", __NR_brk}, -#endif -#endif -#ifdef SYS_capget -#ifdef __NR_capget - {"capget", __NR_capget}, -#endif -#endif -#ifdef SYS_capset -#ifdef __NR_capset - {"capset", __NR_capset}, -#endif -#endif -#ifdef SYS_chdir -#ifdef __NR_chdir - {"chdir", __NR_chdir}, -#endif -#endif -#ifdef SYS_chmod -#ifdef __NR_chmod - {"chmod", __NR_chmod}, -#endif -#endif -#ifdef SYS_chown -#ifdef __NR_chown - {"chown", __NR_chown}, -#endif -#endif -#ifdef SYS_chown32 -#ifdef __NR_chown32 - {"chown32", __NR_chown32}, -#endif -#endif -#ifdef SYS_chroot -#ifdef __NR_chroot - {"chroot", __NR_chroot}, -#endif -#endif -#ifdef SYS_clock_adjtime -#ifdef __NR_clock_adjtime - {"clock_adjtime", __NR_clock_adjtime}, -#endif -#endif -#ifdef SYS_clock_getres -#ifdef __NR_clock_getres - {"clock_getres", __NR_clock_getres}, -#endif -#endif -#ifdef SYS_clock_gettime -#ifdef __NR_clock_gettime - {"clock_gettime", __NR_clock_gettime}, -#endif -#endif -#ifdef SYS_clock_nanosleep -#ifdef __NR_clock_nanosleep - {"clock_nanosleep", __NR_clock_nanosleep}, -#endif -#endif -#ifdef SYS_clock_settime -#ifdef __NR_clock_settime - {"clock_settime", __NR_clock_settime}, -#endif -#endif -#ifdef SYS_clone -#ifdef __NR_clone - {"clone", __NR_clone}, -#endif -#endif -#ifdef SYS_close -#ifdef __NR_close - {"close", __NR_close}, -#endif -#endif -#ifdef SYS_connect -#ifdef __NR_connect - {"connect", __NR_connect}, -#endif -#endif -#ifdef SYS_copy_file_range -#ifdef __NR_copy_file_range - {"copy_file_range", __NR_copy_file_range}, -#endif -#endif -#ifdef SYS_creat -#ifdef __NR_creat - {"creat", __NR_creat}, -#endif -#endif -#ifdef SYS_create_module -#ifdef __NR_create_module - {"create_module", __NR_create_module}, -#endif -#endif -#ifdef SYS_delete_module -#ifdef __NR_delete_module - {"delete_module", __NR_delete_module}, -#endif -#endif -#ifdef SYS_dup -#ifdef __NR_dup - {"dup", __NR_dup}, -#endif -#endif -#ifdef SYS_dup2 -#ifdef __NR_dup2 - {"dup2", __NR_dup2}, -#endif -#endif -#ifdef SYS_dup3 -#ifdef __NR_dup3 - {"dup3", __NR_dup3}, -#endif -#endif -#ifdef SYS_epoll_create -#ifdef __NR_epoll_create - {"epoll_create", __NR_epoll_create}, -#endif -#endif -#ifdef SYS_epoll_create1 -#ifdef __NR_epoll_create1 - {"epoll_create1", __NR_epoll_create1}, -#endif -#endif -#ifdef SYS_epoll_ctl -#ifdef __NR_epoll_ctl - {"epoll_ctl", __NR_epoll_ctl}, -#endif -#endif -#ifdef SYS_epoll_pwait -#ifdef __NR_epoll_pwait - {"epoll_pwait", __NR_epoll_pwait}, -#endif -#endif -#ifdef SYS_epoll_wait -#ifdef __NR_epoll_wait - {"epoll_wait", __NR_epoll_wait}, -#endif -#endif -#ifdef SYS_eventfd -#ifdef __NR_eventfd - {"eventfd", __NR_eventfd}, -#endif -#endif -#ifdef SYS_eventfd2 -#ifdef __NR_eventfd2 - {"eventfd2", __NR_eventfd2}, -#endif -#endif -#ifdef SYS_execve -#ifdef __NR_execve - {"execve", __NR_execve}, -#endif -#endif -#ifdef SYS_execveat -#ifdef __NR_execveat - {"execveat", __NR_execveat}, -#endif -#endif -#ifdef SYS_exit -#ifdef __NR_exit - {"exit", __NR_exit}, -#endif -#endif -#ifdef SYS_exit_group -#ifdef __NR_exit_group - {"exit_group", __NR_exit_group}, -#endif -#endif -#ifdef SYS_faccessat -#ifdef __NR_faccessat - {"faccessat", __NR_faccessat}, -#endif -#endif -#ifdef SYS_fadvise64 -#ifdef __NR_fadvise64 - {"fadvise64", __NR_fadvise64}, -#endif -#endif -#ifdef SYS_fadvise64_64 -#ifdef __NR_fadvise64_64 - {"fadvise64_64", __NR_fadvise64_64}, -#endif -#endif -#ifdef SYS_fallocate -#ifdef __NR_fallocate - {"fallocate", __NR_fallocate}, -#endif -#endif -#ifdef SYS_fanotify_init -#ifdef __NR_fanotify_init - {"fanotify_init", __NR_fanotify_init}, -#endif -#endif -#ifdef SYS_fanotify_mark -#ifdef __NR_fanotify_mark - {"fanotify_mark", __NR_fanotify_mark}, -#endif -#endif -#ifdef SYS_fchdir -#ifdef __NR_fchdir - {"fchdir", __NR_fchdir}, -#endif -#endif -#ifdef SYS_fchmod -#ifdef __NR_fchmod - {"fchmod", __NR_fchmod}, -#endif -#endif -#ifdef SYS_fchmodat -#ifdef __NR_fchmodat - {"fchmodat", __NR_fchmodat}, -#endif -#endif -#ifdef SYS_fchown -#ifdef __NR_fchown - {"fchown", __NR_fchown}, -#endif -#endif -#ifdef SYS_fchown32 -#ifdef __NR_fchown32 - {"fchown32", __NR_fchown32}, -#endif -#endif -#ifdef SYS_fchownat -#ifdef __NR_fchownat - {"fchownat", __NR_fchownat}, -#endif -#endif -#ifdef SYS_fcntl -#ifdef __NR_fcntl - {"fcntl", __NR_fcntl}, -#endif -#endif -#ifdef SYS_fcntl64 -#ifdef __NR_fcntl64 - {"fcntl64", __NR_fcntl64}, -#endif -#endif -#ifdef SYS_fdatasync -#ifdef __NR_fdatasync - {"fdatasync", __NR_fdatasync}, -#endif -#endif -#ifdef SYS_fgetxattr -#ifdef __NR_fgetxattr - {"fgetxattr", __NR_fgetxattr}, -#endif -#endif -#ifdef SYS_finit_module -#ifdef __NR_finit_module - {"finit_module", __NR_finit_module}, -#endif -#endif -#ifdef SYS_flistxattr -#ifdef __NR_flistxattr - {"flistxattr", __NR_flistxattr}, -#endif -#endif -#ifdef SYS_flock -#ifdef __NR_flock - {"flock", __NR_flock}, -#endif -#endif -#ifdef SYS_fork -#ifdef __NR_fork - {"fork", __NR_fork}, -#endif -#endif -#ifdef SYS_fremovexattr -#ifdef __NR_fremovexattr - {"fremovexattr", __NR_fremovexattr}, -#endif -#endif -#ifdef SYS_fsetxattr -#ifdef __NR_fsetxattr - {"fsetxattr", __NR_fsetxattr}, -#endif -#endif -#ifdef SYS_fstat -#ifdef __NR_fstat - {"fstat", __NR_fstat}, -#endif -#endif -#ifdef SYS_fstat64 -#ifdef __NR_fstat64 - {"fstat64", __NR_fstat64}, -#endif -#endif -#ifdef SYS_fstatat64 -#ifdef __NR_fstatat64 - {"fstatat64", __NR_fstatat64}, -#endif -#endif -#ifdef SYS_fstatfs -#ifdef __NR_fstatfs - {"fstatfs", __NR_fstatfs}, -#endif -#endif -#ifdef SYS_fstatfs64 -#ifdef __NR_fstatfs64 - {"fstatfs64", __NR_fstatfs64}, -#endif -#endif -#ifdef SYS_fsync -#ifdef __NR_fsync - {"fsync", __NR_fsync}, -#endif -#endif -#ifdef SYS_ftime -#ifdef __NR_ftime - {"ftime", __NR_ftime}, -#endif -#endif -#ifdef SYS_ftruncate -#ifdef __NR_ftruncate - {"ftruncate", __NR_ftruncate}, -#endif -#endif -#ifdef SYS_ftruncate64 -#ifdef __NR_ftruncate64 - {"ftruncate64", __NR_ftruncate64}, -#endif -#endif -#ifdef SYS_futex -#ifdef __NR_futex - {"futex", __NR_futex}, -#endif -#endif -#ifdef SYS_futimesat -#ifdef __NR_futimesat - {"futimesat", __NR_futimesat}, -#endif -#endif -#ifdef SYS_get_kernel_syms -#ifdef __NR_get_kernel_syms - {"get_kernel_syms", __NR_get_kernel_syms}, -#endif -#endif -#ifdef SYS_get_mempolicy -#ifdef __NR_get_mempolicy - {"get_mempolicy", __NR_get_mempolicy}, -#endif -#endif -#ifdef SYS_get_robust_list -#ifdef __NR_get_robust_list - {"get_robust_list", __NR_get_robust_list}, -#endif -#endif -#ifdef SYS_get_thread_area -#ifdef __NR_get_thread_area - {"get_thread_area", __NR_get_thread_area}, -#endif -#endif -#ifdef SYS_getcpu -#ifdef __NR_getcpu - {"getcpu", __NR_getcpu}, -#endif -#endif -#ifdef SYS_getcwd -#ifdef __NR_getcwd - {"getcwd", __NR_getcwd}, -#endif -#endif -#ifdef SYS_getdents -#ifdef __NR_getdents - {"getdents", __NR_getdents}, -#endif -#endif -#ifdef SYS_getdents64 -#ifdef __NR_getdents64 - {"getdents64", __NR_getdents64}, -#endif -#endif -#ifdef SYS_getegid -#ifdef __NR_getegid - {"getegid", __NR_getegid}, -#endif -#endif -#ifdef SYS_getegid32 -#ifdef __NR_getegid32 - {"getegid32", __NR_getegid32}, -#endif -#endif -#ifdef SYS_geteuid -#ifdef __NR_geteuid - {"geteuid", __NR_geteuid}, -#endif -#endif -#ifdef SYS_geteuid32 -#ifdef __NR_geteuid32 - {"geteuid32", __NR_geteuid32}, -#endif -#endif -#ifdef SYS_getgid -#ifdef __NR_getgid - {"getgid", __NR_getgid}, -#endif -#endif -#ifdef SYS_getgid32 -#ifdef __NR_getgid32 - {"getgid32", __NR_getgid32}, -#endif -#endif -#ifdef SYS_getgroups -#ifdef __NR_getgroups - {"getgroups", __NR_getgroups}, -#endif -#endif -#ifdef SYS_getgroups32 -#ifdef __NR_getgroups32 - {"getgroups32", __NR_getgroups32}, -#endif -#endif -#ifdef SYS_getitimer -#ifdef __NR_getitimer - {"getitimer", __NR_getitimer}, -#endif -#endif -#ifdef SYS_getpeername -#ifdef __NR_getpeername - {"getpeername", __NR_getpeername}, -#endif -#endif -#ifdef SYS_getpgid -#ifdef __NR_getpgid - {"getpgid", __NR_getpgid}, -#endif -#endif -#ifdef SYS_getpgrp -#ifdef __NR_getpgrp - {"getpgrp", __NR_getpgrp}, -#endif -#endif -#ifdef SYS_getpid -#ifdef __NR_getpid - {"getpid", __NR_getpid}, -#endif -#endif -#ifdef SYS_getpmsg -#ifdef __NR_getpmsg - {"getpmsg", __NR_getpmsg}, -#endif -#endif -#ifdef SYS_getppid -#ifdef __NR_getppid - {"getppid", __NR_getppid}, -#endif -#endif -#ifdef SYS_getpriority -#ifdef __NR_getpriority - {"getpriority", __NR_getpriority}, -#endif -#endif -#ifdef SYS_getrandom -#ifdef __NR_getrandom - {"getrandom", __NR_getrandom}, -#endif -#endif -#ifdef SYS_getresgid -#ifdef __NR_getresgid - {"getresgid", __NR_getresgid}, -#endif -#endif -#ifdef SYS_getresgid32 -#ifdef __NR_getresgid32 - {"getresgid32", __NR_getresgid32}, -#endif -#endif -#ifdef SYS_getresuid -#ifdef __NR_getresuid - {"getresuid", __NR_getresuid}, -#endif -#endif -#ifdef SYS_getresuid32 -#ifdef __NR_getresuid32 - {"getresuid32", __NR_getresuid32}, -#endif -#endif -#ifdef SYS_getrlimit -#ifdef __NR_getrlimit - {"getrlimit", __NR_getrlimit}, -#endif -#endif -#ifdef SYS_getrusage -#ifdef __NR_getrusage - {"getrusage", __NR_getrusage}, -#endif -#endif -#ifdef SYS_getsid -#ifdef __NR_getsid - {"getsid", __NR_getsid}, -#endif -#endif -#ifdef SYS_getsockname -#ifdef __NR_getsockname - {"getsockname", __NR_getsockname}, -#endif -#endif -#ifdef SYS_getsockopt -#ifdef __NR_getsockopt - {"getsockopt", __NR_getsockopt}, -#endif -#endif -#ifdef SYS_gettid -#ifdef __NR_gettid - {"gettid", __NR_gettid}, -#endif -#endif -#ifdef SYS_gettimeofday -#ifdef __NR_gettimeofday - {"gettimeofday", __NR_gettimeofday}, -#endif -#endif -#ifdef SYS_getuid -#ifdef __NR_getuid - {"getuid", __NR_getuid}, -#endif -#endif -#ifdef SYS_getuid32 -#ifdef __NR_getuid32 - {"getuid32", __NR_getuid32}, -#endif -#endif -#ifdef SYS_getxattr -#ifdef __NR_getxattr - {"getxattr", __NR_getxattr}, -#endif -#endif -#ifdef SYS_gtty -#ifdef __NR_gtty - {"gtty", __NR_gtty}, -#endif -#endif -#ifdef SYS_idle -#ifdef __NR_idle - {"idle", __NR_idle}, -#endif -#endif -#ifdef SYS_init_module -#ifdef __NR_init_module - {"init_module", __NR_init_module}, -#endif -#endif -#ifdef SYS_inotify_add_watch -#ifdef __NR_inotify_add_watch - {"inotify_add_watch", __NR_inotify_add_watch}, -#endif -#endif -#ifdef SYS_inotify_init -#ifdef __NR_inotify_init - {"inotify_init", __NR_inotify_init}, -#endif -#endif -#ifdef SYS_inotify_init1 -#ifdef __NR_inotify_init1 - {"inotify_init1", __NR_inotify_init1}, -#endif -#endif -#ifdef SYS_inotify_rm_watch -#ifdef __NR_inotify_rm_watch - {"inotify_rm_watch", __NR_inotify_rm_watch}, -#endif -#endif -#ifdef SYS_io_cancel -#ifdef __NR_io_cancel - {"io_cancel", __NR_io_cancel}, -#endif -#endif -#ifdef SYS_io_destroy -#ifdef __NR_io_destroy - {"io_destroy", __NR_io_destroy}, -#endif -#endif -#ifdef SYS_io_getevents -#ifdef __NR_io_getevents - {"io_getevents", __NR_io_getevents}, -#endif -#endif -#ifdef SYS_io_setup -#ifdef __NR_io_setup - {"io_setup", __NR_io_setup}, -#endif -#endif -#ifdef SYS_io_submit -#ifdef __NR_io_submit - {"io_submit", __NR_io_submit}, -#endif -#endif -#ifdef SYS_ioctl -#ifdef __NR_ioctl - {"ioctl", __NR_ioctl}, -#endif -#endif -#ifdef SYS_ioperm -#ifdef __NR_ioperm - {"ioperm", __NR_ioperm}, -#endif -#endif -#ifdef SYS_iopl -#ifdef __NR_iopl - {"iopl", __NR_iopl}, -#endif -#endif -#ifdef SYS_ioprio_get -#ifdef __NR_ioprio_get - {"ioprio_get", __NR_ioprio_get}, -#endif -#endif -#ifdef SYS_ioprio_set -#ifdef __NR_ioprio_set - {"ioprio_set", __NR_ioprio_set}, -#endif -#endif -#ifdef SYS_ipc -#ifdef __NR_ipc - {"ipc", __NR_ipc}, -#endif -#endif -#ifdef SYS_kcmp -#ifdef __NR_kcmp - {"kcmp", __NR_kcmp}, -#endif -#endif -#ifdef SYS_kexec_load -#ifdef __NR_kexec_load - {"kexec_load", __NR_kexec_load}, -#endif -#endif -#ifdef SYS_keyctl -#ifdef __NR_keyctl - {"keyctl", __NR_keyctl}, -#endif -#endif -#ifdef SYS_kill -#ifdef __NR_kill - {"kill", __NR_kill}, -#endif -#endif -#ifdef SYS_lchown -#ifdef __NR_lchown - {"lchown", __NR_lchown}, -#endif -#endif -#ifdef SYS_lchown32 -#ifdef __NR_lchown32 - {"lchown32", __NR_lchown32}, -#endif -#endif -#ifdef SYS_lgetxattr -#ifdef __NR_lgetxattr - {"lgetxattr", __NR_lgetxattr}, -#endif -#endif -#ifdef SYS_link -#ifdef __NR_link - {"link", __NR_link}, -#endif -#endif -#ifdef SYS_linkat -#ifdef __NR_linkat - {"linkat", __NR_linkat}, -#endif -#endif -#ifdef SYS_listen -#ifdef __NR_listen - {"listen", __NR_listen}, -#endif -#endif -#ifdef SYS_listxattr -#ifdef __NR_listxattr - {"listxattr", __NR_listxattr}, -#endif -#endif -#ifdef SYS_llistxattr -#ifdef __NR_llistxattr - {"llistxattr", __NR_llistxattr}, -#endif -#endif -#ifdef SYS_lock -#ifdef __NR_lock - {"lock", __NR_lock}, -#endif -#endif -#ifdef SYS_lookup_dcookie -#ifdef __NR_lookup_dcookie - {"lookup_dcookie", __NR_lookup_dcookie}, -#endif -#endif -#ifdef SYS_lremovexattr -#ifdef __NR_lremovexattr - {"lremovexattr", __NR_lremovexattr}, -#endif -#endif -#ifdef SYS_lseek -#ifdef __NR_lseek - {"lseek", __NR_lseek}, -#endif -#endif -#ifdef SYS_lsetxattr -#ifdef __NR_lsetxattr - {"lsetxattr", __NR_lsetxattr}, -#endif -#endif -#ifdef SYS_lstat -#ifdef __NR_lstat - {"lstat", __NR_lstat}, -#endif -#endif -#ifdef SYS_lstat64 -#ifdef __NR_lstat64 - {"lstat64", __NR_lstat64}, -#endif -#endif -#ifdef SYS_madvise -#ifdef __NR_madvise - {"madvise", __NR_madvise}, -#endif -#endif -#ifdef SYS_mbind -#ifdef __NR_mbind - {"mbind", __NR_mbind}, -#endif -#endif -#ifdef SYS_membarrier -#ifdef __NR_membarrier - {"membarrier", __NR_membarrier}, -#endif -#endif -#ifdef SYS_memfd_create -#ifdef __NR_memfd_create - {"memfd_create", __NR_memfd_create}, -#endif -#endif -#ifdef SYS_migrate_pages -#ifdef __NR_migrate_pages - {"migrate_pages", __NR_migrate_pages}, -#endif -#endif -#ifdef SYS_mincore -#ifdef __NR_mincore - {"mincore", __NR_mincore}, -#endif -#endif -#ifdef SYS_mkdir -#ifdef __NR_mkdir - {"mkdir", __NR_mkdir}, -#endif -#endif -#ifdef SYS_mkdirat -#ifdef __NR_mkdirat - {"mkdirat", __NR_mkdirat}, -#endif -#endif -#ifdef SYS_mknod -#ifdef __NR_mknod - {"mknod", __NR_mknod}, -#endif -#endif -#ifdef SYS_mknodat -#ifdef __NR_mknodat - {"mknodat", __NR_mknodat}, -#endif -#endif -#ifdef SYS_mlock -#ifdef __NR_mlock - {"mlock", __NR_mlock}, -#endif -#endif -#ifdef SYS_mlock2 -#ifdef __NR_mlock2 - {"mlock2", __NR_mlock2}, -#endif -#endif -#ifdef SYS_mlockall -#ifdef __NR_mlockall - {"mlockall", __NR_mlockall}, -#endif -#endif -#ifdef SYS_mmap -#ifdef __NR_mmap - {"mmap", __NR_mmap}, -#endif -#endif -#ifdef SYS_mmap2 -#ifdef __NR_mmap2 - {"mmap2", __NR_mmap2}, -#endif -#endif -#ifdef SYS_modify_ldt -#ifdef __NR_modify_ldt - {"modify_ldt", __NR_modify_ldt}, -#endif -#endif -#ifdef SYS_mount -#ifdef __NR_mount - {"mount", __NR_mount}, -#endif -#endif -#ifdef SYS_move_pages -#ifdef __NR_move_pages - {"move_pages", __NR_move_pages}, -#endif -#endif -#ifdef SYS_mprotect -#ifdef __NR_mprotect - {"mprotect", __NR_mprotect}, -#endif -#endif -#ifdef SYS_mpx -#ifdef __NR_mpx - {"mpx", __NR_mpx}, -#endif -#endif -#ifdef SYS_mq_getsetattr -#ifdef __NR_mq_getsetattr - {"mq_getsetattr", __NR_mq_getsetattr}, -#endif -#endif -#ifdef SYS_mq_notify -#ifdef __NR_mq_notify - {"mq_notify", __NR_mq_notify}, -#endif -#endif -#ifdef SYS_mq_open -#ifdef __NR_mq_open - {"mq_open", __NR_mq_open}, -#endif -#endif -#ifdef SYS_mq_timedreceive -#ifdef __NR_mq_timedreceive - {"mq_timedreceive", __NR_mq_timedreceive}, -#endif -#endif -#ifdef SYS_mq_timedsend -#ifdef __NR_mq_timedsend - {"mq_timedsend", __NR_mq_timedsend}, -#endif -#endif -#ifdef SYS_mq_unlink -#ifdef __NR_mq_unlink - {"mq_unlink", __NR_mq_unlink}, -#endif -#endif -#ifdef SYS_mremap -#ifdef __NR_mremap - {"mremap", __NR_mremap}, -#endif -#endif -#ifdef SYS_msync -#ifdef __NR_msync - {"msync", __NR_msync}, -#endif -#endif -#ifdef SYS_munlock -#ifdef __NR_munlock - {"munlock", __NR_munlock}, -#endif -#endif -#ifdef SYS_munlockall -#ifdef __NR_munlockall - {"munlockall", __NR_munlockall}, -#endif -#endif -#ifdef SYS_munmap -#ifdef __NR_munmap - {"munmap", __NR_munmap}, -#endif -#endif -#ifdef SYS_name_to_handle_at -#ifdef __NR_name_to_handle_at - {"name_to_handle_at", __NR_name_to_handle_at}, -#endif -#endif -#ifdef SYS_nanosleep -#ifdef __NR_nanosleep - {"nanosleep", __NR_nanosleep}, -#endif -#endif -#ifdef SYS_nfsservctl -#ifdef __NR_nfsservctl - {"nfsservctl", __NR_nfsservctl}, -#endif -#endif -#ifdef SYS_nice -#ifdef __NR_nice - {"nice", __NR_nice}, -#endif -#endif -#ifdef SYS_oldfstat -#ifdef __NR_oldfstat - {"oldfstat", __NR_oldfstat}, -#endif -#endif -#ifdef SYS_oldlstat -#ifdef __NR_oldlstat - {"oldlstat", __NR_oldlstat}, -#endif -#endif -#ifdef SYS_oldolduname -#ifdef __NR_oldolduname - {"oldolduname", __NR_oldolduname}, -#endif -#endif -#ifdef SYS_oldstat -#ifdef __NR_oldstat - {"oldstat", __NR_oldstat}, -#endif -#endif -#ifdef SYS_olduname -#ifdef __NR_olduname - {"olduname", __NR_olduname}, -#endif -#endif -#ifdef SYS_open -#ifdef __NR_open - {"open", __NR_open}, -#endif -#endif -#ifdef SYS_open_by_handle_at -#ifdef __NR_open_by_handle_at - {"open_by_handle_at", __NR_open_by_handle_at}, -#endif -#endif -#ifdef SYS_openat -#ifdef __NR_openat - {"openat", __NR_openat}, -#endif -#endif -#ifdef SYS_pause -#ifdef __NR_pause - {"pause", __NR_pause}, -#endif -#endif -#ifdef SYS_perf_event_open -#ifdef __NR_perf_event_open - {"perf_event_open", __NR_perf_event_open}, -#endif -#endif -#ifdef SYS_personality -#ifdef __NR_personality - {"personality", __NR_personality}, -#endif -#endif -#ifdef SYS_pipe -#ifdef __NR_pipe - {"pipe", __NR_pipe}, -#endif -#endif -#ifdef SYS_pipe2 -#ifdef __NR_pipe2 - {"pipe2", __NR_pipe2}, -#endif -#endif -#ifdef SYS_pivot_root -#ifdef __NR_pivot_root - {"pivot_root", __NR_pivot_root}, -#endif -#endif -#ifdef SYS_pkey_alloc -#ifdef __NR_pkey_alloc - {"pkey_alloc", __NR_pkey_alloc}, -#endif -#endif -#ifdef SYS_pkey_free -#ifdef __NR_pkey_free - {"pkey_free", __NR_pkey_free}, -#endif -#endif -#ifdef SYS_pkey_mprotect -#ifdef __NR_pkey_mprotect - {"pkey_mprotect", __NR_pkey_mprotect}, -#endif -#endif -#ifdef SYS_poll -#ifdef __NR_poll - {"poll", __NR_poll}, -#endif -#endif -#ifdef SYS_ppoll -#ifdef __NR_ppoll - {"ppoll", __NR_ppoll}, -#endif -#endif -#ifdef SYS_prctl -#ifdef __NR_prctl - {"prctl", __NR_prctl}, -#endif -#endif -#ifdef SYS_pread64 -#ifdef __NR_pread64 - {"pread64", __NR_pread64}, -#endif -#endif -#ifdef SYS_preadv -#ifdef __NR_preadv - {"preadv", __NR_preadv}, -#endif -#endif -#ifdef SYS_preadv2 -#ifdef __NR_preadv2 - {"preadv2", __NR_preadv2}, -#endif -#endif -#ifdef SYS_prlimit64 -#ifdef __NR_prlimit64 - {"prlimit64", __NR_prlimit64}, -#endif -#endif -#ifdef SYS_process_vm_readv -#ifdef __NR_process_vm_readv - {"process_vm_readv", __NR_process_vm_readv}, -#endif -#endif -#ifdef SYS_process_vm_writev -#ifdef __NR_process_vm_writev - {"process_vm_writev", __NR_process_vm_writev}, -#endif -#endif -#ifdef SYS_prof -#ifdef __NR_prof - {"prof", __NR_prof}, -#endif -#endif -#ifdef SYS_profil -#ifdef __NR_profil - {"profil", __NR_profil}, -#endif -#endif -#ifdef SYS_pselect6 -#ifdef __NR_pselect6 - {"pselect6", __NR_pselect6}, -#endif -#endif -#ifdef SYS_ptrace -#ifdef __NR_ptrace - {"ptrace", __NR_ptrace}, -#endif -#endif -#ifdef SYS_putpmsg -#ifdef __NR_putpmsg - {"putpmsg", __NR_putpmsg}, -#endif -#endif -#ifdef SYS_pwrite64 -#ifdef __NR_pwrite64 - {"pwrite64", __NR_pwrite64}, -#endif -#endif -#ifdef SYS_pwritev -#ifdef __NR_pwritev - {"pwritev", __NR_pwritev}, -#endif -#endif -#ifdef SYS_pwritev2 -#ifdef __NR_pwritev2 - {"pwritev2", __NR_pwritev2}, -#endif -#endif -#ifdef SYS_query_module -#ifdef __NR_query_module - {"query_module", __NR_query_module}, -#endif -#endif -#ifdef SYS_quotactl -#ifdef __NR_quotactl - {"quotactl", __NR_quotactl}, -#endif -#endif -#ifdef SYS_read -#ifdef __NR_read - {"read", __NR_read}, -#endif -#endif -#ifdef SYS_readahead -#ifdef __NR_readahead - {"readahead", __NR_readahead}, -#endif -#endif -#ifdef SYS_readdir -#ifdef __NR_readdir - {"readdir", __NR_readdir}, -#endif -#endif -#ifdef SYS_readlink -#ifdef __NR_readlink - {"readlink", __NR_readlink}, -#endif -#endif -#ifdef SYS_readlinkat -#ifdef __NR_readlinkat - {"readlinkat", __NR_readlinkat}, -#endif -#endif -#ifdef SYS_readv -#ifdef __NR_readv - {"readv", __NR_readv}, -#endif -#endif -#ifdef SYS_reboot -#ifdef __NR_reboot - {"reboot", __NR_reboot}, -#endif -#endif -#ifdef SYS_recvfrom -#ifdef __NR_recvfrom - {"recvfrom", __NR_recvfrom}, -#endif -#endif -#ifdef SYS_recvmmsg -#ifdef __NR_recvmmsg - {"recvmmsg", __NR_recvmmsg}, -#endif -#endif -#ifdef SYS_recvmsg -#ifdef __NR_recvmsg - {"recvmsg", __NR_recvmsg}, -#endif -#endif -#ifdef SYS_remap_file_pages -#ifdef __NR_remap_file_pages - {"remap_file_pages", __NR_remap_file_pages}, -#endif -#endif -#ifdef SYS_removexattr -#ifdef __NR_removexattr - {"removexattr", __NR_removexattr}, -#endif -#endif -#ifdef SYS_rename -#ifdef __NR_rename - {"rename", __NR_rename}, -#endif -#endif -#ifdef SYS_renameat -#ifdef __NR_renameat - {"renameat", __NR_renameat}, -#endif -#endif -#ifdef SYS_renameat2 -#ifdef __NR_renameat2 - {"renameat2", __NR_renameat2}, -#endif -#endif -#ifdef SYS_request_key -#ifdef __NR_request_key - {"request_key", __NR_request_key}, -#endif -#endif -#ifdef SYS_restart_syscall -#ifdef __NR_restart_syscall - {"restart_syscall", __NR_restart_syscall}, -#endif -#endif -#ifdef SYS_rmdir -#ifdef __NR_rmdir - {"rmdir", __NR_rmdir}, -#endif -#endif -#ifdef SYS_rt_sigaction -#ifdef __NR_rt_sigaction - {"rt_sigaction", __NR_rt_sigaction}, -#endif -#endif -#ifdef SYS_rt_sigpending -#ifdef __NR_rt_sigpending - {"rt_sigpending", __NR_rt_sigpending}, -#endif -#endif -#ifdef SYS_rt_sigprocmask -#ifdef __NR_rt_sigprocmask - {"rt_sigprocmask", __NR_rt_sigprocmask}, -#endif -#endif -#ifdef SYS_rt_sigqueueinfo -#ifdef __NR_rt_sigqueueinfo - {"rt_sigqueueinfo", __NR_rt_sigqueueinfo}, -#endif -#endif -#ifdef SYS_rt_sigreturn -#ifdef __NR_rt_sigreturn - {"rt_sigreturn", __NR_rt_sigreturn}, -#endif -#endif -#ifdef SYS_rt_sigsuspend -#ifdef __NR_rt_sigsuspend - {"rt_sigsuspend", __NR_rt_sigsuspend}, -#endif -#endif -#ifdef SYS_rt_sigtimedwait -#ifdef __NR_rt_sigtimedwait - {"rt_sigtimedwait", __NR_rt_sigtimedwait}, -#endif -#endif -#ifdef SYS_rt_tgsigqueueinfo -#ifdef __NR_rt_tgsigqueueinfo - {"rt_tgsigqueueinfo", __NR_rt_tgsigqueueinfo}, -#endif -#endif -#ifdef SYS_sched_get_priority_max -#ifdef __NR_sched_get_priority_max - {"sched_get_priority_max", __NR_sched_get_priority_max}, -#endif -#endif -#ifdef SYS_sched_get_priority_min -#ifdef __NR_sched_get_priority_min - {"sched_get_priority_min", __NR_sched_get_priority_min}, -#endif -#endif -#ifdef SYS_sched_getaffinity -#ifdef __NR_sched_getaffinity - {"sched_getaffinity", __NR_sched_getaffinity}, -#endif -#endif -#ifdef SYS_sched_getattr -#ifdef __NR_sched_getattr - {"sched_getattr", __NR_sched_getattr}, -#endif -#endif -#ifdef SYS_sched_getparam -#ifdef __NR_sched_getparam - {"sched_getparam", __NR_sched_getparam}, -#endif -#endif -#ifdef SYS_sched_getscheduler -#ifdef __NR_sched_getscheduler - {"sched_getscheduler", __NR_sched_getscheduler}, -#endif -#endif -#ifdef SYS_sched_rr_get_interval -#ifdef __NR_sched_rr_get_interval - {"sched_rr_get_interval", __NR_sched_rr_get_interval}, -#endif -#endif -#ifdef SYS_sched_setaffinity -#ifdef __NR_sched_setaffinity - {"sched_setaffinity", __NR_sched_setaffinity}, -#endif -#endif -#ifdef SYS_sched_setattr -#ifdef __NR_sched_setattr - {"sched_setattr", __NR_sched_setattr}, -#endif -#endif -#ifdef SYS_sched_setparam -#ifdef __NR_sched_setparam - {"sched_setparam", __NR_sched_setparam}, -#endif -#endif -#ifdef SYS_sched_setscheduler -#ifdef __NR_sched_setscheduler - {"sched_setscheduler", __NR_sched_setscheduler}, -#endif -#endif -#ifdef SYS_sched_yield -#ifdef __NR_sched_yield - {"sched_yield", __NR_sched_yield}, -#endif -#endif -#ifdef SYS_seccomp -#ifdef __NR_seccomp - {"seccomp", __NR_seccomp}, -#endif -#endif -#ifdef SYS_select -#ifdef __NR_select - {"select", __NR_select}, -#endif -#endif -#ifdef SYS_sendfile -#ifdef __NR_sendfile - {"sendfile", __NR_sendfile}, -#endif -#endif -#ifdef SYS_sendfile64 -#ifdef __NR_sendfile64 - {"sendfile64", __NR_sendfile64}, -#endif -#endif -#ifdef SYS_sendmmsg -#ifdef __NR_sendmmsg - {"sendmmsg", __NR_sendmmsg}, -#endif -#endif -#ifdef SYS_sendmsg -#ifdef __NR_sendmsg - {"sendmsg", __NR_sendmsg}, -#endif -#endif -#ifdef SYS_sendto -#ifdef __NR_sendto - {"sendto", __NR_sendto}, -#endif -#endif -#ifdef SYS_set_mempolicy -#ifdef __NR_set_mempolicy - {"set_mempolicy", __NR_set_mempolicy}, -#endif -#endif -#ifdef SYS_set_robust_list -#ifdef __NR_set_robust_list - {"set_robust_list", __NR_set_robust_list}, -#endif -#endif -#ifdef SYS_set_thread_area -#ifdef __NR_set_thread_area - {"set_thread_area", __NR_set_thread_area}, -#endif -#endif -#ifdef SYS_set_tid_address -#ifdef __NR_set_tid_address - {"set_tid_address", __NR_set_tid_address}, -#endif -#endif -#ifdef SYS_setdomainname -#ifdef __NR_setdomainname - {"setdomainname", __NR_setdomainname}, -#endif -#endif -#ifdef SYS_setfsgid -#ifdef __NR_setfsgid - {"setfsgid", __NR_setfsgid}, -#endif -#endif -#ifdef SYS_setfsgid32 -#ifdef __NR_setfsgid32 - {"setfsgid32", __NR_setfsgid32}, -#endif -#endif -#ifdef SYS_setfsuid -#ifdef __NR_setfsuid - {"setfsuid", __NR_setfsuid}, -#endif -#endif -#ifdef SYS_setfsuid32 -#ifdef __NR_setfsuid32 - {"setfsuid32", __NR_setfsuid32}, -#endif -#endif -#ifdef SYS_setgid -#ifdef __NR_setgid - {"setgid", __NR_setgid}, -#endif -#endif -#ifdef SYS_setgid32 -#ifdef __NR_setgid32 - {"setgid32", __NR_setgid32}, -#endif -#endif -#ifdef SYS_setgroups -#ifdef __NR_setgroups - {"setgroups", __NR_setgroups}, -#endif -#endif -#ifdef SYS_setgroups32 -#ifdef __NR_setgroups32 - {"setgroups32", __NR_setgroups32}, -#endif -#endif -#ifdef SYS_sethostname -#ifdef __NR_sethostname - {"sethostname", __NR_sethostname}, -#endif -#endif -#ifdef SYS_setitimer -#ifdef __NR_setitimer - {"setitimer", __NR_setitimer}, -#endif -#endif -#ifdef SYS_setns -#ifdef __NR_setns - {"setns", __NR_setns}, -#endif -#endif -#ifdef SYS_setpgid -#ifdef __NR_setpgid - {"setpgid", __NR_setpgid}, -#endif -#endif -#ifdef SYS_setpriority -#ifdef __NR_setpriority - {"setpriority", __NR_setpriority}, -#endif -#endif -#ifdef SYS_setregid -#ifdef __NR_setregid - {"setregid", __NR_setregid}, -#endif -#endif -#ifdef SYS_setregid32 -#ifdef __NR_setregid32 - {"setregid32", __NR_setregid32}, -#endif -#endif -#ifdef SYS_setresgid -#ifdef __NR_setresgid - {"setresgid", __NR_setresgid}, -#endif -#endif -#ifdef SYS_setresgid32 -#ifdef __NR_setresgid32 - {"setresgid32", __NR_setresgid32}, -#endif -#endif -#ifdef SYS_setresuid -#ifdef __NR_setresuid - {"setresuid", __NR_setresuid}, -#endif -#endif -#ifdef SYS_setresuid32 -#ifdef __NR_setresuid32 - {"setresuid32", __NR_setresuid32}, -#endif -#endif -#ifdef SYS_setreuid -#ifdef __NR_setreuid - {"setreuid", __NR_setreuid}, -#endif -#endif -#ifdef SYS_setreuid32 -#ifdef __NR_setreuid32 - {"setreuid32", __NR_setreuid32}, -#endif -#endif -#ifdef SYS_setrlimit -#ifdef __NR_setrlimit - {"setrlimit", __NR_setrlimit}, -#endif -#endif -#ifdef SYS_setsid -#ifdef __NR_setsid - {"setsid", __NR_setsid}, -#endif -#endif -#ifdef SYS_setsockopt -#ifdef __NR_setsockopt - {"setsockopt", __NR_setsockopt}, -#endif -#endif -#ifdef SYS_settimeofday -#ifdef __NR_settimeofday - {"settimeofday", __NR_settimeofday}, -#endif -#endif -#ifdef SYS_setuid -#ifdef __NR_setuid - {"setuid", __NR_setuid}, -#endif -#endif -#ifdef SYS_setuid32 -#ifdef __NR_setuid32 - {"setuid32", __NR_setuid32}, -#endif -#endif -#ifdef SYS_setxattr -#ifdef __NR_setxattr - {"setxattr", __NR_setxattr}, -#endif -#endif -#ifdef SYS_sgetmask -#ifdef __NR_sgetmask - {"sgetmask", __NR_sgetmask}, -#endif -#endif -#ifdef SYS_shutdown -#ifdef __NR_shutdown - {"shutdown", __NR_shutdown}, -#endif -#endif -#ifdef SYS_sigaction -#ifdef __NR_sigaction - {"sigaction", __NR_sigaction}, -#endif -#endif -#ifdef SYS_sigaltstack -#ifdef __NR_sigaltstack - {"sigaltstack", __NR_sigaltstack}, -#endif -#endif -#ifdef SYS_signal -#ifdef __NR_signal - {"signal", __NR_signal}, -#endif -#endif -#ifdef SYS_signalfd -#ifdef __NR_signalfd - {"signalfd", __NR_signalfd}, -#endif -#endif -#ifdef SYS_signalfd4 -#ifdef __NR_signalfd4 - {"signalfd4", __NR_signalfd4}, -#endif -#endif -#ifdef SYS_sigpending -#ifdef __NR_sigpending - {"sigpending", __NR_sigpending}, -#endif -#endif -#ifdef SYS_sigprocmask -#ifdef __NR_sigprocmask - {"sigprocmask", __NR_sigprocmask}, -#endif -#endif -#ifdef SYS_sigreturn -#ifdef __NR_sigreturn - {"sigreturn", __NR_sigreturn}, -#endif -#endif -#ifdef SYS_sigsuspend -#ifdef __NR_sigsuspend - {"sigsuspend", __NR_sigsuspend}, -#endif -#endif -#ifdef SYS_socket -#ifdef __NR_socket - {"socket", __NR_socket}, -#endif -#endif -#ifdef SYS_socketcall -#ifdef __NR_socketcall - {"socketcall", __NR_socketcall}, -#endif -#endif -#ifdef SYS_socketpair -#ifdef __NR_socketpair - {"socketpair", __NR_socketpair}, -#endif -#endif -#ifdef SYS_splice -#ifdef __NR_splice - {"splice", __NR_splice}, -#endif -#endif -#ifdef SYS_ssetmask -#ifdef __NR_ssetmask - {"ssetmask", __NR_ssetmask}, -#endif -#endif -#ifdef SYS_stat -#ifdef __NR_stat - {"stat", __NR_stat}, -#endif -#endif -#ifdef SYS_stat64 -#ifdef __NR_stat64 - {"stat64", __NR_stat64}, -#endif -#endif -#ifdef SYS_statfs -#ifdef __NR_statfs - {"statfs", __NR_statfs}, -#endif -#endif -#ifdef SYS_statfs64 -#ifdef __NR_statfs64 - {"statfs64", __NR_statfs64}, -#endif -#endif -#ifdef SYS_statx -#ifdef __NR_statx - {"statx", __NR_statx}, -#endif -#endif -#ifdef SYS_stime -#ifdef __NR_stime - {"stime", __NR_stime}, -#endif -#endif -#ifdef SYS_stty -#ifdef __NR_stty - {"stty", __NR_stty}, -#endif -#endif -#ifdef SYS_swapoff -#ifdef __NR_swapoff - {"swapoff", __NR_swapoff}, -#endif -#endif -#ifdef SYS_swapon -#ifdef __NR_swapon - {"swapon", __NR_swapon}, -#endif -#endif -#ifdef SYS_symlink -#ifdef __NR_symlink - {"symlink", __NR_symlink}, -#endif -#endif -#ifdef SYS_symlinkat -#ifdef __NR_symlinkat - {"symlinkat", __NR_symlinkat}, -#endif -#endif -#ifdef SYS_sync -#ifdef __NR_sync - {"sync", __NR_sync}, -#endif -#endif -#ifdef SYS_sync_file_range -#ifdef __NR_sync_file_range - {"sync_file_range", __NR_sync_file_range}, -#endif -#endif -#ifdef SYS_syncfs -#ifdef __NR_syncfs - {"syncfs", __NR_syncfs}, -#endif -#endif -#ifdef SYS_sysfs -#ifdef __NR_sysfs - {"sysfs", __NR_sysfs}, -#endif -#endif -#ifdef SYS_sysinfo -#ifdef __NR_sysinfo - {"sysinfo", __NR_sysinfo}, -#endif -#endif -#ifdef SYS_syslog -#ifdef __NR_syslog - {"syslog", __NR_syslog}, -#endif -#endif -#ifdef SYS_tee -#ifdef __NR_tee - {"tee", __NR_tee}, -#endif -#endif -#ifdef SYS_tgkill -#ifdef __NR_tgkill - {"tgkill", __NR_tgkill}, -#endif -#endif -#ifdef SYS_time -#ifdef __NR_time - {"time", __NR_time}, -#endif -#endif -#ifdef SYS_timer_create -#ifdef __NR_timer_create - {"timer_create", __NR_timer_create}, -#endif -#endif -#ifdef SYS_timer_delete -#ifdef __NR_timer_delete - {"timer_delete", __NR_timer_delete}, -#endif -#endif -#ifdef SYS_timer_getoverrun -#ifdef __NR_timer_getoverrun - {"timer_getoverrun", __NR_timer_getoverrun}, -#endif -#endif -#ifdef SYS_timer_gettime -#ifdef __NR_timer_gettime - {"timer_gettime", __NR_timer_gettime}, -#endif -#endif -#ifdef SYS_timer_settime -#ifdef __NR_timer_settime - {"timer_settime", __NR_timer_settime}, -#endif -#endif -#ifdef SYS_timerfd_create -#ifdef __NR_timerfd_create - {"timerfd_create", __NR_timerfd_create}, -#endif -#endif -#ifdef SYS_timerfd_gettime -#ifdef __NR_timerfd_gettime - {"timerfd_gettime", __NR_timerfd_gettime}, -#endif -#endif -#ifdef SYS_timerfd_settime -#ifdef __NR_timerfd_settime - {"timerfd_settime", __NR_timerfd_settime}, -#endif -#endif -#ifdef SYS_times -#ifdef __NR_times - {"times", __NR_times}, -#endif -#endif -#ifdef SYS_tkill -#ifdef __NR_tkill - {"tkill", __NR_tkill}, -#endif -#endif -#ifdef SYS_truncate -#ifdef __NR_truncate - {"truncate", __NR_truncate}, -#endif -#endif -#ifdef SYS_truncate64 -#ifdef __NR_truncate64 - {"truncate64", __NR_truncate64}, -#endif -#endif -#ifdef SYS_ugetrlimit -#ifdef __NR_ugetrlimit - {"ugetrlimit", __NR_ugetrlimit}, -#endif -#endif -#ifdef SYS_ulimit -#ifdef __NR_ulimit - {"ulimit", __NR_ulimit}, -#endif -#endif -#ifdef SYS_umask -#ifdef __NR_umask - {"umask", __NR_umask}, -#endif -#endif -#ifdef SYS_umount -#ifdef __NR_umount - {"umount", __NR_umount}, -#endif -#endif -#ifdef SYS_umount2 -#ifdef __NR_umount2 - {"umount2", __NR_umount2}, -#endif -#endif -#ifdef SYS_uname -#ifdef __NR_uname - {"uname", __NR_uname}, -#endif -#endif -#ifdef SYS_unlink -#ifdef __NR_unlink - {"unlink", __NR_unlink}, -#endif -#endif -#ifdef SYS_unlinkat -#ifdef __NR_unlinkat - {"unlinkat", __NR_unlinkat}, -#endif -#endif -#ifdef SYS_unshare -#ifdef __NR_unshare - {"unshare", __NR_unshare}, -#endif -#endif -#ifdef SYS_uselib -#ifdef __NR_uselib - {"uselib", __NR_uselib}, -#endif -#endif -#ifdef SYS_userfaultfd -#ifdef __NR_userfaultfd - {"userfaultfd", __NR_userfaultfd}, -#endif -#endif -#ifdef SYS_ustat -#ifdef __NR_ustat - {"ustat", __NR_ustat}, -#endif -#endif -#ifdef SYS_utime -#ifdef __NR_utime - {"utime", __NR_utime}, -#endif -#endif -#ifdef SYS_utimensat -#ifdef __NR_utimensat - {"utimensat", __NR_utimensat}, -#endif -#endif -#ifdef SYS_utimes -#ifdef __NR_utimes - {"utimes", __NR_utimes}, -#endif -#endif -#ifdef SYS_vfork -#ifdef __NR_vfork - {"vfork", __NR_vfork}, -#endif -#endif -#ifdef SYS_vhangup -#ifdef __NR_vhangup - {"vhangup", __NR_vhangup}, -#endif -#endif -#ifdef SYS_vm86 -#ifdef __NR_vm86 - {"vm86", __NR_vm86}, -#endif -#endif -#ifdef SYS_vm86old -#ifdef __NR_vm86old - {"vm86old", __NR_vm86old}, -#endif -#endif -#ifdef SYS_vmsplice -#ifdef __NR_vmsplice - {"vmsplice", __NR_vmsplice}, -#endif -#endif -#ifdef SYS_vserver -#ifdef __NR_vserver - {"vserver", __NR_vserver}, -#endif -#endif -#ifdef SYS_wait4 -#ifdef __NR_wait4 - {"wait4", __NR_wait4}, -#endif -#endif -#ifdef SYS_waitid -#ifdef __NR_waitid - {"waitid", __NR_waitid}, -#endif -#endif -#ifdef SYS_waitpid -#ifdef __NR_waitpid - {"waitpid", __NR_waitpid}, -#endif -#endif -#ifdef SYS_write -#ifdef __NR_write - {"write", __NR_write}, -#endif -#endif -#ifdef SYS_writev -#ifdef __NR_writev - {"writev", __NR_writev}, -#endif -#endif -#endif -//#endif -#if defined __x86_64__ && defined __LP64__ -#ifdef SYS__sysctl -#ifdef __NR__sysctl - {"_sysctl", __NR__sysctl}, -#endif -#endif -#ifdef SYS_accept -#ifdef __NR_accept - {"accept", __NR_accept}, -#endif -#endif -#ifdef SYS_accept4 -#ifdef __NR_accept4 - {"accept4", __NR_accept4}, -#endif -#endif -#ifdef SYS_access -#ifdef __NR_access - {"access", __NR_access}, -#endif -#endif -#ifdef SYS_acct -#ifdef __NR_acct - {"acct", __NR_acct}, -#endif -#endif -#ifdef SYS_add_key -#ifdef __NR_add_key - {"add_key", __NR_add_key}, -#endif -#endif -#ifdef SYS_adjtimex -#ifdef __NR_adjtimex - {"adjtimex", __NR_adjtimex}, -#endif -#endif -#ifdef SYS_afs_syscall -#ifdef __NR_afs_syscall - {"afs_syscall", __NR_afs_syscall}, -#endif -#endif -#ifdef SYS_alarm -#ifdef __NR_alarm - {"alarm", __NR_alarm}, -#endif -#endif -#ifdef SYS_arch_prctl -#ifdef __NR_arch_prctl - {"arch_prctl", __NR_arch_prctl}, -#endif -#endif -#ifdef SYS_bind -#ifdef __NR_bind - {"bind", __NR_bind}, -#endif -#endif -#ifdef SYS_bpf -#ifdef __NR_bpf - {"bpf", __NR_bpf}, -#endif -#endif -#ifdef SYS_brk -#ifdef __NR_brk - {"brk", __NR_brk}, -#endif -#endif -#ifdef SYS_capget -#ifdef __NR_capget - {"capget", __NR_capget}, -#endif -#endif -#ifdef SYS_capset -#ifdef __NR_capset - {"capset", __NR_capset}, -#endif -#endif -#ifdef SYS_chdir -#ifdef __NR_chdir - {"chdir", __NR_chdir}, -#endif -#endif -#ifdef SYS_chmod -#ifdef __NR_chmod - {"chmod", __NR_chmod}, -#endif -#endif -#ifdef SYS_chown -#ifdef __NR_chown - {"chown", __NR_chown}, -#endif -#endif -#ifdef SYS_chroot -#ifdef __NR_chroot - {"chroot", __NR_chroot}, -#endif -#endif -#ifdef SYS_clock_adjtime -#ifdef __NR_clock_adjtime - {"clock_adjtime", __NR_clock_adjtime}, -#endif -#endif -#ifdef SYS_clock_getres -#ifdef __NR_clock_getres - {"clock_getres", __NR_clock_getres}, -#endif -#endif -#ifdef SYS_clock_gettime -#ifdef __NR_clock_gettime - {"clock_gettime", __NR_clock_gettime}, -#endif -#endif -#ifdef SYS_clock_nanosleep -#ifdef __NR_clock_nanosleep - {"clock_nanosleep", __NR_clock_nanosleep}, -#endif -#endif -#ifdef SYS_clock_settime -#ifdef __NR_clock_settime - {"clock_settime", __NR_clock_settime}, -#endif -#endif -#ifdef SYS_clone -#ifdef __NR_clone - {"clone", __NR_clone}, -#endif -#endif -#ifdef SYS_close -#ifdef __NR_close - {"close", __NR_close}, -#endif -#endif -#ifdef SYS_connect -#ifdef __NR_connect - {"connect", __NR_connect}, -#endif -#endif -#ifdef SYS_copy_file_range -#ifdef __NR_copy_file_range - {"copy_file_range", __NR_copy_file_range}, -#endif -#endif -#ifdef SYS_creat -#ifdef __NR_creat - {"creat", __NR_creat}, -#endif -#endif -#ifdef SYS_create_module -#ifdef __NR_create_module - {"create_module", __NR_create_module}, -#endif -#endif -#ifdef SYS_delete_module -#ifdef __NR_delete_module - {"delete_module", __NR_delete_module}, -#endif -#endif -#ifdef SYS_dup -#ifdef __NR_dup - {"dup", __NR_dup}, -#endif -#endif -#ifdef SYS_dup2 -#ifdef __NR_dup2 - {"dup2", __NR_dup2}, -#endif -#endif -#ifdef SYS_dup3 -#ifdef __NR_dup3 - {"dup3", __NR_dup3}, -#endif -#endif -#ifdef SYS_epoll_create -#ifdef __NR_epoll_create - {"epoll_create", __NR_epoll_create}, -#endif -#endif -#ifdef SYS_epoll_create1 -#ifdef __NR_epoll_create1 - {"epoll_create1", __NR_epoll_create1}, -#endif -#endif -#ifdef SYS_epoll_ctl -#ifdef __NR_epoll_ctl - {"epoll_ctl", __NR_epoll_ctl}, -#endif -#endif -#ifdef SYS_epoll_ctl_old -#ifdef __NR_epoll_ctl_old - {"epoll_ctl_old", __NR_epoll_ctl_old}, -#endif -#endif -#ifdef SYS_epoll_pwait -#ifdef __NR_epoll_pwait - {"epoll_pwait", __NR_epoll_pwait}, -#endif -#endif -#ifdef SYS_epoll_wait -#ifdef __NR_epoll_wait - {"epoll_wait", __NR_epoll_wait}, -#endif -#endif -#ifdef SYS_epoll_wait_old -#ifdef __NR_epoll_wait_old - {"epoll_wait_old", __NR_epoll_wait_old}, -#endif -#endif -#ifdef SYS_eventfd -#ifdef __NR_eventfd - {"eventfd", __NR_eventfd}, -#endif -#endif -#ifdef SYS_eventfd2 -#ifdef __NR_eventfd2 - {"eventfd2", __NR_eventfd2}, -#endif -#endif -#ifdef SYS_execve -#ifdef __NR_execve - {"execve", __NR_execve}, -#endif -#endif -#ifdef SYS_execveat -#ifdef __NR_execveat - {"execveat", __NR_execveat}, -#endif -#endif -#ifdef SYS_exit -#ifdef __NR_exit - {"exit", __NR_exit}, -#endif -#endif -#ifdef SYS_exit_group -#ifdef __NR_exit_group - {"exit_group", __NR_exit_group}, -#endif -#endif -#ifdef SYS_faccessat -#ifdef __NR_faccessat - {"faccessat", __NR_faccessat}, -#endif -#endif -#ifdef SYS_fadvise64 -#ifdef __NR_fadvise64 - {"fadvise64", __NR_fadvise64}, -#endif -#endif -#ifdef SYS_fallocate -#ifdef __NR_fallocate - {"fallocate", __NR_fallocate}, -#endif -#endif -#ifdef SYS_fanotify_init -#ifdef __NR_fanotify_init - {"fanotify_init", __NR_fanotify_init}, -#endif -#endif -#ifdef SYS_fanotify_mark -#ifdef __NR_fanotify_mark - {"fanotify_mark", __NR_fanotify_mark}, -#endif -#endif -#ifdef SYS_fchdir -#ifdef __NR_fchdir - {"fchdir", __NR_fchdir}, -#endif -#endif -#ifdef SYS_fchmod -#ifdef __NR_fchmod - {"fchmod", __NR_fchmod}, -#endif -#endif -#ifdef SYS_fchmodat -#ifdef __NR_fchmodat - {"fchmodat", __NR_fchmodat}, -#endif -#endif -#ifdef SYS_fchown -#ifdef __NR_fchown - {"fchown", __NR_fchown}, -#endif -#endif -#ifdef SYS_fchownat -#ifdef __NR_fchownat - {"fchownat", __NR_fchownat}, -#endif -#endif -#ifdef SYS_fcntl -#ifdef __NR_fcntl - {"fcntl", __NR_fcntl}, -#endif -#endif -#ifdef SYS_fdatasync -#ifdef __NR_fdatasync - {"fdatasync", __NR_fdatasync}, -#endif -#endif -#ifdef SYS_fgetxattr -#ifdef __NR_fgetxattr - {"fgetxattr", __NR_fgetxattr}, -#endif -#endif -#ifdef SYS_finit_module -#ifdef __NR_finit_module - {"finit_module", __NR_finit_module}, -#endif -#endif -#ifdef SYS_flistxattr -#ifdef __NR_flistxattr - {"flistxattr", __NR_flistxattr}, -#endif -#endif -#ifdef SYS_flock -#ifdef __NR_flock - {"flock", __NR_flock}, -#endif -#endif -#ifdef SYS_fork -#ifdef __NR_fork - {"fork", __NR_fork}, -#endif -#endif -#ifdef SYS_fremovexattr -#ifdef __NR_fremovexattr - {"fremovexattr", __NR_fremovexattr}, -#endif -#endif -#ifdef SYS_fsetxattr -#ifdef __NR_fsetxattr - {"fsetxattr", __NR_fsetxattr}, -#endif -#endif -#ifdef SYS_fstat -#ifdef __NR_fstat - {"fstat", __NR_fstat}, -#endif -#endif -#ifdef SYS_fstatfs -#ifdef __NR_fstatfs - {"fstatfs", __NR_fstatfs}, -#endif -#endif -#ifdef SYS_fsync -#ifdef __NR_fsync - {"fsync", __NR_fsync}, -#endif -#endif -#ifdef SYS_ftruncate -#ifdef __NR_ftruncate - {"ftruncate", __NR_ftruncate}, -#endif -#endif -#ifdef SYS_futex -#ifdef __NR_futex - {"futex", __NR_futex}, -#endif -#endif -#ifdef SYS_futimesat -#ifdef __NR_futimesat - {"futimesat", __NR_futimesat}, -#endif -#endif -#ifdef SYS_get_kernel_syms -#ifdef __NR_get_kernel_syms - {"get_kernel_syms", __NR_get_kernel_syms}, -#endif -#endif -#ifdef SYS_get_mempolicy -#ifdef __NR_get_mempolicy - {"get_mempolicy", __NR_get_mempolicy}, -#endif -#endif -#ifdef SYS_get_robust_list -#ifdef __NR_get_robust_list - {"get_robust_list", __NR_get_robust_list}, -#endif -#endif -#ifdef SYS_get_thread_area -#ifdef __NR_get_thread_area - {"get_thread_area", __NR_get_thread_area}, -#endif -#endif -#ifdef SYS_getcpu -#ifdef __NR_getcpu - {"getcpu", __NR_getcpu}, -#endif -#endif -#ifdef SYS_getcwd -#ifdef __NR_getcwd - {"getcwd", __NR_getcwd}, -#endif -#endif -#ifdef SYS_getdents -#ifdef __NR_getdents - {"getdents", __NR_getdents}, -#endif -#endif -#ifdef SYS_getdents64 -#ifdef __NR_getdents64 - {"getdents64", __NR_getdents64}, -#endif -#endif -#ifdef SYS_getegid -#ifdef __NR_getegid - {"getegid", __NR_getegid}, -#endif -#endif -#ifdef SYS_geteuid -#ifdef __NR_geteuid - {"geteuid", __NR_geteuid}, -#endif -#endif -#ifdef SYS_getgid -#ifdef __NR_getgid - {"getgid", __NR_getgid}, -#endif -#endif -#ifdef SYS_getgroups -#ifdef __NR_getgroups - {"getgroups", __NR_getgroups}, -#endif -#endif -#ifdef SYS_getitimer -#ifdef __NR_getitimer - {"getitimer", __NR_getitimer}, -#endif -#endif -#ifdef SYS_getpeername -#ifdef __NR_getpeername - {"getpeername", __NR_getpeername}, -#endif -#endif -#ifdef SYS_getpgid -#ifdef __NR_getpgid - {"getpgid", __NR_getpgid}, -#endif -#endif -#ifdef SYS_getpgrp -#ifdef __NR_getpgrp - {"getpgrp", __NR_getpgrp}, -#endif -#endif -#ifdef SYS_getpid -#ifdef __NR_getpid - {"getpid", __NR_getpid}, -#endif -#endif -#ifdef SYS_getpmsg -#ifdef __NR_getpmsg - {"getpmsg", __NR_getpmsg}, -#endif -#endif -#ifdef SYS_getppid -#ifdef __NR_getppid - {"getppid", __NR_getppid}, -#endif -#endif -#ifdef SYS_getpriority -#ifdef __NR_getpriority - {"getpriority", __NR_getpriority}, -#endif -#endif -#ifdef SYS_getrandom -#ifdef __NR_getrandom - {"getrandom", __NR_getrandom}, -#endif -#endif -#ifdef SYS_getresgid -#ifdef __NR_getresgid - {"getresgid", __NR_getresgid}, -#endif -#endif -#ifdef SYS_getresuid -#ifdef __NR_getresuid - {"getresuid", __NR_getresuid}, -#endif -#endif -#ifdef SYS_getrlimit -#ifdef __NR_getrlimit - {"getrlimit", __NR_getrlimit}, -#endif -#endif -#ifdef SYS_getrusage -#ifdef __NR_getrusage - {"getrusage", __NR_getrusage}, -#endif -#endif -#ifdef SYS_getsid -#ifdef __NR_getsid - {"getsid", __NR_getsid}, -#endif -#endif -#ifdef SYS_getsockname -#ifdef __NR_getsockname - {"getsockname", __NR_getsockname}, -#endif -#endif -#ifdef SYS_getsockopt -#ifdef __NR_getsockopt - {"getsockopt", __NR_getsockopt}, -#endif -#endif -#ifdef SYS_gettid -#ifdef __NR_gettid - {"gettid", __NR_gettid}, -#endif -#endif -#ifdef SYS_gettimeofday -#ifdef __NR_gettimeofday - {"gettimeofday", __NR_gettimeofday}, -#endif -#endif -#ifdef SYS_getuid -#ifdef __NR_getuid - {"getuid", __NR_getuid}, -#endif -#endif -#ifdef SYS_getxattr -#ifdef __NR_getxattr - {"getxattr", __NR_getxattr}, -#endif -#endif -#ifdef SYS_init_module -#ifdef __NR_init_module - {"init_module", __NR_init_module}, -#endif -#endif -#ifdef SYS_inotify_add_watch -#ifdef __NR_inotify_add_watch - {"inotify_add_watch", __NR_inotify_add_watch}, -#endif -#endif -#ifdef SYS_inotify_init -#ifdef __NR_inotify_init - {"inotify_init", __NR_inotify_init}, -#endif -#endif -#ifdef SYS_inotify_init1 -#ifdef __NR_inotify_init1 - {"inotify_init1", __NR_inotify_init1}, -#endif -#endif -#ifdef SYS_inotify_rm_watch -#ifdef __NR_inotify_rm_watch - {"inotify_rm_watch", __NR_inotify_rm_watch}, -#endif -#endif -#ifdef SYS_io_cancel -#ifdef __NR_io_cancel - {"io_cancel", __NR_io_cancel}, -#endif -#endif -#ifdef SYS_io_destroy -#ifdef __NR_io_destroy - {"io_destroy", __NR_io_destroy}, -#endif -#endif -#ifdef SYS_io_getevents -#ifdef __NR_io_getevents - {"io_getevents", __NR_io_getevents}, -#endif -#endif -#ifdef SYS_io_setup -#ifdef __NR_io_setup - {"io_setup", __NR_io_setup}, -#endif -#endif -#ifdef SYS_io_submit -#ifdef __NR_io_submit - {"io_submit", __NR_io_submit}, -#endif -#endif -#ifdef SYS_ioctl -#ifdef __NR_ioctl - {"ioctl", __NR_ioctl}, -#endif -#endif -#ifdef SYS_ioperm -#ifdef __NR_ioperm - {"ioperm", __NR_ioperm}, -#endif -#endif -#ifdef SYS_iopl -#ifdef __NR_iopl - {"iopl", __NR_iopl}, -#endif -#endif -#ifdef SYS_ioprio_get -#ifdef __NR_ioprio_get - {"ioprio_get", __NR_ioprio_get}, -#endif -#endif -#ifdef SYS_ioprio_set -#ifdef __NR_ioprio_set - {"ioprio_set", __NR_ioprio_set}, -#endif -#endif -#ifdef SYS_kcmp -#ifdef __NR_kcmp - {"kcmp", __NR_kcmp}, -#endif -#endif -#ifdef SYS_kexec_file_load -#ifdef __NR_kexec_file_load - {"kexec_file_load", __NR_kexec_file_load}, -#endif -#endif -#ifdef SYS_kexec_load -#ifdef __NR_kexec_load - {"kexec_load", __NR_kexec_load}, -#endif -#endif -#ifdef SYS_keyctl -#ifdef __NR_keyctl - {"keyctl", __NR_keyctl}, -#endif -#endif -#ifdef SYS_kill -#ifdef __NR_kill - {"kill", __NR_kill}, -#endif -#endif -#ifdef SYS_lchown -#ifdef __NR_lchown - {"lchown", __NR_lchown}, -#endif -#endif -#ifdef SYS_lgetxattr -#ifdef __NR_lgetxattr - {"lgetxattr", __NR_lgetxattr}, -#endif -#endif -#ifdef SYS_link -#ifdef __NR_link - {"link", __NR_link}, -#endif -#endif -#ifdef SYS_linkat -#ifdef __NR_linkat - {"linkat", __NR_linkat}, -#endif -#endif -#ifdef SYS_listen -#ifdef __NR_listen - {"listen", __NR_listen}, -#endif -#endif -#ifdef SYS_listxattr -#ifdef __NR_listxattr - {"listxattr", __NR_listxattr}, -#endif -#endif -#ifdef SYS_llistxattr -#ifdef __NR_llistxattr - {"llistxattr", __NR_llistxattr}, -#endif -#endif -#ifdef SYS_lookup_dcookie -#ifdef __NR_lookup_dcookie - {"lookup_dcookie", __NR_lookup_dcookie}, -#endif -#endif -#ifdef SYS_lremovexattr -#ifdef __NR_lremovexattr - {"lremovexattr", __NR_lremovexattr}, -#endif -#endif -#ifdef SYS_lseek -#ifdef __NR_lseek - {"lseek", __NR_lseek}, -#endif -#endif -#ifdef SYS_lsetxattr -#ifdef __NR_lsetxattr - {"lsetxattr", __NR_lsetxattr}, -#endif -#endif -#ifdef SYS_lstat -#ifdef __NR_lstat - {"lstat", __NR_lstat}, -#endif -#endif -#ifdef SYS_madvise -#ifdef __NR_madvise - {"madvise", __NR_madvise}, -#endif -#endif -#ifdef SYS_mbind -#ifdef __NR_mbind - {"mbind", __NR_mbind}, -#endif -#endif -#ifdef SYS_membarrier -#ifdef __NR_membarrier - {"membarrier", __NR_membarrier}, -#endif -#endif -#ifdef SYS_memfd_create -#ifdef __NR_memfd_create - {"memfd_create", __NR_memfd_create}, -#endif -#endif -#ifdef SYS_migrate_pages -#ifdef __NR_migrate_pages - {"migrate_pages", __NR_migrate_pages}, -#endif -#endif -#ifdef SYS_mincore -#ifdef __NR_mincore - {"mincore", __NR_mincore}, -#endif -#endif -#ifdef SYS_mkdir -#ifdef __NR_mkdir - {"mkdir", __NR_mkdir}, -#endif -#endif -#ifdef SYS_mkdirat -#ifdef __NR_mkdirat - {"mkdirat", __NR_mkdirat}, -#endif -#endif -#ifdef SYS_mknod -#ifdef __NR_mknod - {"mknod", __NR_mknod}, -#endif -#endif -#ifdef SYS_mknodat -#ifdef __NR_mknodat - {"mknodat", __NR_mknodat}, -#endif -#endif -#ifdef SYS_mlock -#ifdef __NR_mlock - {"mlock", __NR_mlock}, -#endif -#endif -#ifdef SYS_mlock2 -#ifdef __NR_mlock2 - {"mlock2", __NR_mlock2}, -#endif -#endif -#ifdef SYS_mlockall -#ifdef __NR_mlockall - {"mlockall", __NR_mlockall}, -#endif -#endif -#ifdef SYS_mmap -#ifdef __NR_mmap - {"mmap", __NR_mmap}, -#endif -#endif -#ifdef SYS_modify_ldt -#ifdef __NR_modify_ldt - {"modify_ldt", __NR_modify_ldt}, -#endif -#endif -#ifdef SYS_mount -#ifdef __NR_mount - {"mount", __NR_mount}, -#endif -#endif -#ifdef SYS_move_pages -#ifdef __NR_move_pages - {"move_pages", __NR_move_pages}, -#endif -#endif -#ifdef SYS_mprotect -#ifdef __NR_mprotect - {"mprotect", __NR_mprotect}, -#endif -#endif -#ifdef SYS_mq_getsetattr -#ifdef __NR_mq_getsetattr - {"mq_getsetattr", __NR_mq_getsetattr}, -#endif -#endif -#ifdef SYS_mq_notify -#ifdef __NR_mq_notify - {"mq_notify", __NR_mq_notify}, -#endif -#endif -#ifdef SYS_mq_open -#ifdef __NR_mq_open - {"mq_open", __NR_mq_open}, -#endif -#endif -#ifdef SYS_mq_timedreceive -#ifdef __NR_mq_timedreceive - {"mq_timedreceive", __NR_mq_timedreceive}, -#endif -#endif -#ifdef SYS_mq_timedsend -#ifdef __NR_mq_timedsend - {"mq_timedsend", __NR_mq_timedsend}, -#endif -#endif -#ifdef SYS_mq_unlink -#ifdef __NR_mq_unlink - {"mq_unlink", __NR_mq_unlink}, -#endif -#endif -#ifdef SYS_mremap -#ifdef __NR_mremap - {"mremap", __NR_mremap}, -#endif -#endif -#ifdef SYS_msgctl -#ifdef __NR_msgctl - {"msgctl", __NR_msgctl}, -#endif -#endif -#ifdef SYS_msgget -#ifdef __NR_msgget - {"msgget", __NR_msgget}, -#endif -#endif -#ifdef SYS_msgrcv -#ifdef __NR_msgrcv - {"msgrcv", __NR_msgrcv}, -#endif -#endif -#ifdef SYS_msgsnd -#ifdef __NR_msgsnd - {"msgsnd", __NR_msgsnd}, -#endif -#endif -#ifdef SYS_msync -#ifdef __NR_msync - {"msync", __NR_msync}, -#endif -#endif -#ifdef SYS_munlock -#ifdef __NR_munlock - {"munlock", __NR_munlock}, -#endif -#endif -#ifdef SYS_munlockall -#ifdef __NR_munlockall - {"munlockall", __NR_munlockall}, -#endif -#endif -#ifdef SYS_munmap -#ifdef __NR_munmap - {"munmap", __NR_munmap}, -#endif -#endif -#ifdef SYS_name_to_handle_at -#ifdef __NR_name_to_handle_at - {"name_to_handle_at", __NR_name_to_handle_at}, -#endif -#endif -#ifdef SYS_nanosleep -#ifdef __NR_nanosleep - {"nanosleep", __NR_nanosleep}, -#endif -#endif -#ifdef SYS_newfstatat -#ifdef __NR_newfstatat - {"newfstatat", __NR_newfstatat}, -#endif -#endif -#ifdef SYS_nfsservctl -#ifdef __NR_nfsservctl - {"nfsservctl", __NR_nfsservctl}, -#endif -#endif -#ifdef SYS_open -#ifdef __NR_open - {"open", __NR_open}, -#endif -#endif -#ifdef SYS_open_by_handle_at -#ifdef __NR_open_by_handle_at - {"open_by_handle_at", __NR_open_by_handle_at}, -#endif -#endif -#ifdef SYS_openat -#ifdef __NR_openat - {"openat", __NR_openat}, -#endif -#endif -#ifdef SYS_pause -#ifdef __NR_pause - {"pause", __NR_pause}, -#endif -#endif -#ifdef SYS_perf_event_open -#ifdef __NR_perf_event_open - {"perf_event_open", __NR_perf_event_open}, -#endif -#endif -#ifdef SYS_personality -#ifdef __NR_personality - {"personality", __NR_personality}, -#endif -#endif -#ifdef SYS_pipe -#ifdef __NR_pipe - {"pipe", __NR_pipe}, -#endif -#endif -#ifdef SYS_pipe2 -#ifdef __NR_pipe2 - {"pipe2", __NR_pipe2}, -#endif -#endif -#ifdef SYS_pivot_root -#ifdef __NR_pivot_root - {"pivot_root", __NR_pivot_root}, -#endif -#endif -#ifdef SYS_pkey_alloc -#ifdef __NR_pkey_alloc - {"pkey_alloc", __NR_pkey_alloc}, -#endif -#endif -#ifdef SYS_pkey_free -#ifdef __NR_pkey_free - {"pkey_free", __NR_pkey_free}, -#endif -#endif -#ifdef SYS_pkey_mprotect -#ifdef __NR_pkey_mprotect - {"pkey_mprotect", __NR_pkey_mprotect}, -#endif -#endif -#ifdef SYS_poll -#ifdef __NR_poll - {"poll", __NR_poll}, -#endif -#endif -#ifdef SYS_ppoll -#ifdef __NR_ppoll - {"ppoll", __NR_ppoll}, -#endif -#endif -#ifdef SYS_prctl -#ifdef __NR_prctl - {"prctl", __NR_prctl}, -#endif -#endif -#ifdef SYS_pread64 -#ifdef __NR_pread64 - {"pread64", __NR_pread64}, -#endif -#endif -#ifdef SYS_preadv -#ifdef __NR_preadv - {"preadv", __NR_preadv}, -#endif -#endif -#ifdef SYS_preadv2 -#ifdef __NR_preadv2 - {"preadv2", __NR_preadv2}, -#endif -#endif -#ifdef SYS_prlimit64 -#ifdef __NR_prlimit64 - {"prlimit64", __NR_prlimit64}, -#endif -#endif -#ifdef SYS_process_vm_readv -#ifdef __NR_process_vm_readv - {"process_vm_readv", __NR_process_vm_readv}, -#endif -#endif -#ifdef SYS_process_vm_writev -#ifdef __NR_process_vm_writev - {"process_vm_writev", __NR_process_vm_writev}, -#endif -#endif -#ifdef SYS_pselect6 -#ifdef __NR_pselect6 - {"pselect6", __NR_pselect6}, -#endif -#endif -#ifdef SYS_ptrace -#ifdef __NR_ptrace - {"ptrace", __NR_ptrace}, -#endif -#endif -#ifdef SYS_putpmsg -#ifdef __NR_putpmsg - {"putpmsg", __NR_putpmsg}, -#endif -#endif -#ifdef SYS_pwrite64 -#ifdef __NR_pwrite64 - {"pwrite64", __NR_pwrite64}, -#endif -#endif -#ifdef SYS_pwritev -#ifdef __NR_pwritev - {"pwritev", __NR_pwritev}, -#endif -#endif -#ifdef SYS_pwritev2 -#ifdef __NR_pwritev2 - {"pwritev2", __NR_pwritev2}, -#endif -#endif -#ifdef SYS_query_module -#ifdef __NR_query_module - {"query_module", __NR_query_module}, -#endif -#endif -#ifdef SYS_quotactl -#ifdef __NR_quotactl - {"quotactl", __NR_quotactl}, -#endif -#endif -#ifdef SYS_read -#ifdef __NR_read - {"read", __NR_read}, -#endif -#endif -#ifdef SYS_readahead -#ifdef __NR_readahead - {"readahead", __NR_readahead}, -#endif -#endif -#ifdef SYS_readlink -#ifdef __NR_readlink - {"readlink", __NR_readlink}, -#endif -#endif -#ifdef SYS_readlinkat -#ifdef __NR_readlinkat - {"readlinkat", __NR_readlinkat}, -#endif -#endif -#ifdef SYS_readv -#ifdef __NR_readv - {"readv", __NR_readv}, -#endif -#endif -#ifdef SYS_reboot -#ifdef __NR_reboot - {"reboot", __NR_reboot}, -#endif -#endif -#ifdef SYS_recvfrom -#ifdef __NR_recvfrom - {"recvfrom", __NR_recvfrom}, -#endif -#endif -#ifdef SYS_recvmmsg -#ifdef __NR_recvmmsg - {"recvmmsg", __NR_recvmmsg}, -#endif -#endif -#ifdef SYS_recvmsg -#ifdef __NR_recvmsg - {"recvmsg", __NR_recvmsg}, -#endif -#endif -#ifdef SYS_remap_file_pages -#ifdef __NR_remap_file_pages - {"remap_file_pages", __NR_remap_file_pages}, -#endif -#endif -#ifdef SYS_removexattr -#ifdef __NR_removexattr - {"removexattr", __NR_removexattr}, -#endif -#endif -#ifdef SYS_rename -#ifdef __NR_rename - {"rename", __NR_rename}, -#endif -#endif -#ifdef SYS_renameat -#ifdef __NR_renameat - {"renameat", __NR_renameat}, -#endif -#endif -#ifdef SYS_renameat2 -#ifdef __NR_renameat2 - {"renameat2", __NR_renameat2}, -#endif -#endif -#ifdef SYS_request_key -#ifdef __NR_request_key - {"request_key", __NR_request_key}, -#endif -#endif -#ifdef SYS_restart_syscall -#ifdef __NR_restart_syscall - {"restart_syscall", __NR_restart_syscall}, -#endif -#endif -#ifdef SYS_rmdir -#ifdef __NR_rmdir - {"rmdir", __NR_rmdir}, -#endif -#endif -#ifdef SYS_rt_sigaction -#ifdef __NR_rt_sigaction - {"rt_sigaction", __NR_rt_sigaction}, -#endif -#endif -#ifdef SYS_rt_sigpending -#ifdef __NR_rt_sigpending - {"rt_sigpending", __NR_rt_sigpending}, -#endif -#endif -#ifdef SYS_rt_sigprocmask -#ifdef __NR_rt_sigprocmask - {"rt_sigprocmask", __NR_rt_sigprocmask}, -#endif -#endif -#ifdef SYS_rt_sigqueueinfo -#ifdef __NR_rt_sigqueueinfo - {"rt_sigqueueinfo", __NR_rt_sigqueueinfo}, -#endif -#endif -#ifdef SYS_rt_sigreturn -#ifdef __NR_rt_sigreturn - {"rt_sigreturn", __NR_rt_sigreturn}, -#endif -#endif -#ifdef SYS_rt_sigsuspend -#ifdef __NR_rt_sigsuspend - {"rt_sigsuspend", __NR_rt_sigsuspend}, -#endif -#endif -#ifdef SYS_rt_sigtimedwait -#ifdef __NR_rt_sigtimedwait - {"rt_sigtimedwait", __NR_rt_sigtimedwait}, -#endif -#endif -#ifdef SYS_rt_tgsigqueueinfo -#ifdef __NR_rt_tgsigqueueinfo - {"rt_tgsigqueueinfo", __NR_rt_tgsigqueueinfo}, -#endif -#endif -#ifdef SYS_sched_get_priority_max -#ifdef __NR_sched_get_priority_max - {"sched_get_priority_max", __NR_sched_get_priority_max}, -#endif -#endif -#ifdef SYS_sched_get_priority_min -#ifdef __NR_sched_get_priority_min - {"sched_get_priority_min", __NR_sched_get_priority_min}, -#endif -#endif -#ifdef SYS_sched_getaffinity -#ifdef __NR_sched_getaffinity - {"sched_getaffinity", __NR_sched_getaffinity}, -#endif -#endif -#ifdef SYS_sched_getattr -#ifdef __NR_sched_getattr - {"sched_getattr", __NR_sched_getattr}, -#endif -#endif -#ifdef SYS_sched_getparam -#ifdef __NR_sched_getparam - {"sched_getparam", __NR_sched_getparam}, -#endif -#endif -#ifdef SYS_sched_getscheduler -#ifdef __NR_sched_getscheduler - {"sched_getscheduler", __NR_sched_getscheduler}, -#endif -#endif -#ifdef SYS_sched_rr_get_interval -#ifdef __NR_sched_rr_get_interval - {"sched_rr_get_interval", __NR_sched_rr_get_interval}, -#endif -#endif -#ifdef SYS_sched_setaffinity -#ifdef __NR_sched_setaffinity - {"sched_setaffinity", __NR_sched_setaffinity}, -#endif -#endif -#ifdef SYS_sched_setattr -#ifdef __NR_sched_setattr - {"sched_setattr", __NR_sched_setattr}, -#endif -#endif -#ifdef SYS_sched_setparam -#ifdef __NR_sched_setparam - {"sched_setparam", __NR_sched_setparam}, -#endif -#endif -#ifdef SYS_sched_setscheduler -#ifdef __NR_sched_setscheduler - {"sched_setscheduler", __NR_sched_setscheduler}, -#endif -#endif -#ifdef SYS_sched_yield -#ifdef __NR_sched_yield - {"sched_yield", __NR_sched_yield}, -#endif -#endif -#ifdef SYS_seccomp -#ifdef __NR_seccomp - {"seccomp", __NR_seccomp}, -#endif -#endif -#ifdef SYS_security -#ifdef __NR_security - {"security", __NR_security}, -#endif -#endif -#ifdef SYS_select -#ifdef __NR_select - {"select", __NR_select}, -#endif -#endif -#ifdef SYS_semctl -#ifdef __NR_semctl - {"semctl", __NR_semctl}, -#endif -#endif -#ifdef SYS_semget -#ifdef __NR_semget - {"semget", __NR_semget}, -#endif -#endif -#ifdef SYS_semop -#ifdef __NR_semop - {"semop", __NR_semop}, -#endif -#endif -#ifdef SYS_semtimedop -#ifdef __NR_semtimedop - {"semtimedop", __NR_semtimedop}, -#endif -#endif -#ifdef SYS_sendfile -#ifdef __NR_sendfile - {"sendfile", __NR_sendfile}, -#endif -#endif -#ifdef SYS_sendmmsg -#ifdef __NR_sendmmsg - {"sendmmsg", __NR_sendmmsg}, -#endif -#endif -#ifdef SYS_sendmsg -#ifdef __NR_sendmsg - {"sendmsg", __NR_sendmsg}, -#endif -#endif -#ifdef SYS_sendto -#ifdef __NR_sendto - {"sendto", __NR_sendto}, -#endif -#endif -#ifdef SYS_set_mempolicy -#ifdef __NR_set_mempolicy - {"set_mempolicy", __NR_set_mempolicy}, -#endif -#endif -#ifdef SYS_set_robust_list -#ifdef __NR_set_robust_list - {"set_robust_list", __NR_set_robust_list}, -#endif -#endif -#ifdef SYS_set_thread_area -#ifdef __NR_set_thread_area - {"set_thread_area", __NR_set_thread_area}, -#endif -#endif -#ifdef SYS_set_tid_address -#ifdef __NR_set_tid_address - {"set_tid_address", __NR_set_tid_address}, -#endif -#endif -#ifdef SYS_setdomainname -#ifdef __NR_setdomainname - {"setdomainname", __NR_setdomainname}, -#endif -#endif -#ifdef SYS_setfsgid -#ifdef __NR_setfsgid - {"setfsgid", __NR_setfsgid}, -#endif -#endif -#ifdef SYS_setfsuid -#ifdef __NR_setfsuid - {"setfsuid", __NR_setfsuid}, -#endif -#endif -#ifdef SYS_setgid -#ifdef __NR_setgid - {"setgid", __NR_setgid}, -#endif -#endif -#ifdef SYS_setgroups -#ifdef __NR_setgroups - {"setgroups", __NR_setgroups}, -#endif -#endif -#ifdef SYS_sethostname -#ifdef __NR_sethostname - {"sethostname", __NR_sethostname}, -#endif -#endif -#ifdef SYS_setitimer -#ifdef __NR_setitimer - {"setitimer", __NR_setitimer}, -#endif -#endif -#ifdef SYS_setns -#ifdef __NR_setns - {"setns", __NR_setns}, -#endif -#endif -#ifdef SYS_setpgid -#ifdef __NR_setpgid - {"setpgid", __NR_setpgid}, -#endif -#endif -#ifdef SYS_setpriority -#ifdef __NR_setpriority - {"setpriority", __NR_setpriority}, -#endif -#endif -#ifdef SYS_setregid -#ifdef __NR_setregid - {"setregid", __NR_setregid}, -#endif -#endif -#ifdef SYS_setresgid -#ifdef __NR_setresgid - {"setresgid", __NR_setresgid}, -#endif -#endif -#ifdef SYS_setresuid -#ifdef __NR_setresuid - {"setresuid", __NR_setresuid}, -#endif -#endif -#ifdef SYS_setreuid -#ifdef __NR_setreuid - {"setreuid", __NR_setreuid}, -#endif -#endif -#ifdef SYS_setrlimit -#ifdef __NR_setrlimit - {"setrlimit", __NR_setrlimit}, -#endif -#endif -#ifdef SYS_setsid -#ifdef __NR_setsid - {"setsid", __NR_setsid}, -#endif -#endif -#ifdef SYS_setsockopt -#ifdef __NR_setsockopt - {"setsockopt", __NR_setsockopt}, -#endif -#endif -#ifdef SYS_settimeofday -#ifdef __NR_settimeofday - {"settimeofday", __NR_settimeofday}, -#endif -#endif -#ifdef SYS_setuid -#ifdef __NR_setuid - {"setuid", __NR_setuid}, -#endif -#endif -#ifdef SYS_setxattr -#ifdef __NR_setxattr - {"setxattr", __NR_setxattr}, -#endif -#endif -#ifdef SYS_shmat -#ifdef __NR_shmat - {"shmat", __NR_shmat}, -#endif -#endif -#ifdef SYS_shmctl -#ifdef __NR_shmctl - {"shmctl", __NR_shmctl}, -#endif -#endif -#ifdef SYS_shmdt -#ifdef __NR_shmdt - {"shmdt", __NR_shmdt}, -#endif -#endif -#ifdef SYS_shmget -#ifdef __NR_shmget - {"shmget", __NR_shmget}, -#endif -#endif -#ifdef SYS_shutdown -#ifdef __NR_shutdown - {"shutdown", __NR_shutdown}, -#endif -#endif -#ifdef SYS_sigaltstack -#ifdef __NR_sigaltstack - {"sigaltstack", __NR_sigaltstack}, -#endif -#endif -#ifdef SYS_signalfd -#ifdef __NR_signalfd - {"signalfd", __NR_signalfd}, -#endif -#endif -#ifdef SYS_signalfd4 -#ifdef __NR_signalfd4 - {"signalfd4", __NR_signalfd4}, -#endif -#endif -#ifdef SYS_socket -#ifdef __NR_socket - {"socket", __NR_socket}, -#endif -#endif -#ifdef SYS_socketpair -#ifdef __NR_socketpair - {"socketpair", __NR_socketpair}, -#endif -#endif -#ifdef SYS_splice -#ifdef __NR_splice - {"splice", __NR_splice}, -#endif -#endif -#ifdef SYS_stat -#ifdef __NR_stat - {"stat", __NR_stat}, -#endif -#endif -#ifdef SYS_statfs -#ifdef __NR_statfs - {"statfs", __NR_statfs}, -#endif -#endif -#ifdef SYS_statx -#ifdef __NR_statx - {"statx", __NR_statx}, -#endif -#endif -#ifdef SYS_swapoff -#ifdef __NR_swapoff - {"swapoff", __NR_swapoff}, -#endif -#endif -#ifdef SYS_swapon -#ifdef __NR_swapon - {"swapon", __NR_swapon}, -#endif -#endif -#ifdef SYS_symlink -#ifdef __NR_symlink - {"symlink", __NR_symlink}, -#endif -#endif -#ifdef SYS_symlinkat -#ifdef __NR_symlinkat - {"symlinkat", __NR_symlinkat}, -#endif -#endif -#ifdef SYS_sync -#ifdef __NR_sync - {"sync", __NR_sync}, -#endif -#endif -#ifdef SYS_sync_file_range -#ifdef __NR_sync_file_range - {"sync_file_range", __NR_sync_file_range}, -#endif -#endif -#ifdef SYS_syncfs -#ifdef __NR_syncfs - {"syncfs", __NR_syncfs}, -#endif -#endif -#ifdef SYS_sysfs -#ifdef __NR_sysfs - {"sysfs", __NR_sysfs}, -#endif -#endif -#ifdef SYS_sysinfo -#ifdef __NR_sysinfo - {"sysinfo", __NR_sysinfo}, -#endif -#endif -#ifdef SYS_syslog -#ifdef __NR_syslog - {"syslog", __NR_syslog}, -#endif -#endif -#ifdef SYS_tee -#ifdef __NR_tee - {"tee", __NR_tee}, -#endif -#endif -#ifdef SYS_tgkill -#ifdef __NR_tgkill - {"tgkill", __NR_tgkill}, -#endif -#endif -#ifdef SYS_time -#ifdef __NR_time - {"time", __NR_time}, -#endif -#endif -#ifdef SYS_timer_create -#ifdef __NR_timer_create - {"timer_create", __NR_timer_create}, -#endif -#endif -#ifdef SYS_timer_delete -#ifdef __NR_timer_delete - {"timer_delete", __NR_timer_delete}, -#endif -#endif -#ifdef SYS_timer_getoverrun -#ifdef __NR_timer_getoverrun - {"timer_getoverrun", __NR_timer_getoverrun}, -#endif -#endif -#ifdef SYS_timer_gettime -#ifdef __NR_timer_gettime - {"timer_gettime", __NR_timer_gettime}, -#endif -#endif -#ifdef SYS_timer_settime -#ifdef __NR_timer_settime - {"timer_settime", __NR_timer_settime}, -#endif -#endif -#ifdef SYS_timerfd_create -#ifdef __NR_timerfd_create - {"timerfd_create", __NR_timerfd_create}, -#endif -#endif -#ifdef SYS_timerfd_gettime -#ifdef __NR_timerfd_gettime - {"timerfd_gettime", __NR_timerfd_gettime}, -#endif -#endif -#ifdef SYS_timerfd_settime -#ifdef __NR_timerfd_settime - {"timerfd_settime", __NR_timerfd_settime}, -#endif -#endif -#ifdef SYS_times -#ifdef __NR_times - {"times", __NR_times}, -#endif -#endif -#ifdef SYS_tkill -#ifdef __NR_tkill - {"tkill", __NR_tkill}, -#endif -#endif -#ifdef SYS_truncate -#ifdef __NR_truncate - {"truncate", __NR_truncate}, -#endif -#endif -#ifdef SYS_tuxcall -#ifdef __NR_tuxcall - {"tuxcall", __NR_tuxcall}, -#endif -#endif -#ifdef SYS_umask -#ifdef __NR_umask - {"umask", __NR_umask}, -#endif -#endif -#ifdef SYS_umount2 -#ifdef __NR_umount2 - {"umount2", __NR_umount2}, -#endif -#endif -#ifdef SYS_uname -#ifdef __NR_uname - {"uname", __NR_uname}, -#endif -#endif -#ifdef SYS_unlink -#ifdef __NR_unlink - {"unlink", __NR_unlink}, -#endif -#endif -#ifdef SYS_unlinkat -#ifdef __NR_unlinkat - {"unlinkat", __NR_unlinkat}, -#endif -#endif -#ifdef SYS_unshare -#ifdef __NR_unshare - {"unshare", __NR_unshare}, -#endif -#endif -#ifdef SYS_uselib -#ifdef __NR_uselib - {"uselib", __NR_uselib}, -#endif -#endif -#ifdef SYS_userfaultfd -#ifdef __NR_userfaultfd - {"userfaultfd", __NR_userfaultfd}, -#endif -#endif -#ifdef SYS_ustat -#ifdef __NR_ustat - {"ustat", __NR_ustat}, -#endif -#endif -#ifdef SYS_utime -#ifdef __NR_utime - {"utime", __NR_utime}, -#endif -#endif -#ifdef SYS_utimensat -#ifdef __NR_utimensat - {"utimensat", __NR_utimensat}, -#endif -#endif -#ifdef SYS_utimes -#ifdef __NR_utimes - {"utimes", __NR_utimes}, -#endif -#endif -#ifdef SYS_vfork -#ifdef __NR_vfork - {"vfork", __NR_vfork}, -#endif -#endif -#ifdef SYS_vhangup -#ifdef __NR_vhangup - {"vhangup", __NR_vhangup}, -#endif -#endif -#ifdef SYS_vmsplice -#ifdef __NR_vmsplice - {"vmsplice", __NR_vmsplice}, -#endif -#endif -#ifdef SYS_vserver -#ifdef __NR_vserver - {"vserver", __NR_vserver}, -#endif -#endif -#ifdef SYS_wait4 -#ifdef __NR_wait4 - {"wait4", __NR_wait4}, -#endif -#endif -#ifdef SYS_waitid -#ifdef __NR_waitid - {"waitid", __NR_waitid}, -#endif -#endif -#ifdef SYS_write -#ifdef __NR_write - {"write", __NR_write}, -#endif -#endif -#ifdef SYS_writev -#ifdef __NR_writev - {"writev", __NR_writev}, -#endif -#endif -#endif -//#endif -#if defined __x86_64__ && defined __ILP32__ -#ifdef SYS_accept -#ifdef __NR_accept - {"accept", __NR_accept}, -#endif -#endif -#ifdef SYS_accept4 -#ifdef __NR_accept4 - {"accept4", __NR_accept4}, -#endif -#endif -#ifdef SYS_access -#ifdef __NR_access - {"access", __NR_access}, -#endif -#endif -#ifdef SYS_acct -#ifdef __NR_acct - {"acct", __NR_acct}, -#endif -#endif -#ifdef SYS_add_key -#ifdef __NR_add_key - {"add_key", __NR_add_key}, -#endif -#endif -#ifdef SYS_adjtimex -#ifdef __NR_adjtimex - {"adjtimex", __NR_adjtimex}, -#endif -#endif -#ifdef SYS_afs_syscall -#ifdef __NR_afs_syscall - {"afs_syscall", __NR_afs_syscall}, -#endif -#endif -#ifdef SYS_alarm -#ifdef __NR_alarm - {"alarm", __NR_alarm}, -#endif -#endif -#ifdef SYS_arch_prctl -#ifdef __NR_arch_prctl - {"arch_prctl", __NR_arch_prctl}, -#endif -#endif -#ifdef SYS_bind -#ifdef __NR_bind - {"bind", __NR_bind}, -#endif -#endif -#ifdef SYS_bpf -#ifdef __NR_bpf - {"bpf", __NR_bpf}, -#endif -#endif -#ifdef SYS_brk -#ifdef __NR_brk - {"brk", __NR_brk}, -#endif -#endif -#ifdef SYS_capget -#ifdef __NR_capget - {"capget", __NR_capget}, -#endif -#endif -#ifdef SYS_capset -#ifdef __NR_capset - {"capset", __NR_capset}, -#endif -#endif -#ifdef SYS_chdir -#ifdef __NR_chdir - {"chdir", __NR_chdir}, -#endif -#endif -#ifdef SYS_chmod -#ifdef __NR_chmod - {"chmod", __NR_chmod}, -#endif -#endif -#ifdef SYS_chown -#ifdef __NR_chown - {"chown", __NR_chown}, -#endif -#endif -#ifdef SYS_chroot -#ifdef __NR_chroot - {"chroot", __NR_chroot}, -#endif -#endif -#ifdef SYS_clock_adjtime -#ifdef __NR_clock_adjtime - {"clock_adjtime", __NR_clock_adjtime}, -#endif -#endif -#ifdef SYS_clock_getres -#ifdef __NR_clock_getres - {"clock_getres", __NR_clock_getres}, -#endif -#endif -#ifdef SYS_clock_gettime -#ifdef __NR_clock_gettime - {"clock_gettime", __NR_clock_gettime}, -#endif -#endif -#ifdef SYS_clock_nanosleep -#ifdef __NR_clock_nanosleep - {"clock_nanosleep", __NR_clock_nanosleep}, -#endif -#endif -#ifdef SYS_clock_settime -#ifdef __NR_clock_settime - {"clock_settime", __NR_clock_settime}, -#endif -#endif -#ifdef SYS_clone -#ifdef __NR_clone - {"clone", __NR_clone}, -#endif -#endif -#ifdef SYS_close -#ifdef __NR_close - {"close", __NR_close}, -#endif -#endif -#ifdef SYS_connect -#ifdef __NR_connect - {"connect", __NR_connect}, -#endif -#endif -#ifdef SYS_copy_file_range -#ifdef __NR_copy_file_range - {"copy_file_range", __NR_copy_file_range}, -#endif -#endif -#ifdef SYS_creat -#ifdef __NR_creat - {"creat", __NR_creat}, -#endif -#endif -#ifdef SYS_delete_module -#ifdef __NR_delete_module - {"delete_module", __NR_delete_module}, -#endif -#endif -#ifdef SYS_dup -#ifdef __NR_dup - {"dup", __NR_dup}, -#endif -#endif -#ifdef SYS_dup2 -#ifdef __NR_dup2 - {"dup2", __NR_dup2}, -#endif -#endif -#ifdef SYS_dup3 -#ifdef __NR_dup3 - {"dup3", __NR_dup3}, -#endif -#endif -#ifdef SYS_epoll_create -#ifdef __NR_epoll_create - {"epoll_create", __NR_epoll_create}, -#endif -#endif -#ifdef SYS_epoll_create1 -#ifdef __NR_epoll_create1 - {"epoll_create1", __NR_epoll_create1}, -#endif -#endif -#ifdef SYS_epoll_ctl -#ifdef __NR_epoll_ctl - {"epoll_ctl", __NR_epoll_ctl}, -#endif -#endif -#ifdef SYS_epoll_pwait -#ifdef __NR_epoll_pwait - {"epoll_pwait", __NR_epoll_pwait}, -#endif -#endif -#ifdef SYS_epoll_wait -#ifdef __NR_epoll_wait - {"epoll_wait", __NR_epoll_wait}, -#endif -#endif -#ifdef SYS_eventfd -#ifdef __NR_eventfd - {"eventfd", __NR_eventfd}, -#endif -#endif -#ifdef SYS_eventfd2 -#ifdef __NR_eventfd2 - {"eventfd2", __NR_eventfd2}, -#endif -#endif -#ifdef SYS_execve -#ifdef __NR_execve - {"execve", __NR_execve}, -#endif -#endif -#ifdef SYS_execveat -#ifdef __NR_execveat - {"execveat", __NR_execveat}, -#endif -#endif -#ifdef SYS_exit -#ifdef __NR_exit - {"exit", __NR_exit}, -#endif -#endif -#ifdef SYS_exit_group -#ifdef __NR_exit_group - {"exit_group", __NR_exit_group}, -#endif -#endif -#ifdef SYS_faccessat -#ifdef __NR_faccessat - {"faccessat", __NR_faccessat}, -#endif -#endif -#ifdef SYS_fadvise64 -#ifdef __NR_fadvise64 - {"fadvise64", __NR_fadvise64}, -#endif -#endif -#ifdef SYS_fallocate -#ifdef __NR_fallocate - {"fallocate", __NR_fallocate}, -#endif -#endif -#ifdef SYS_fanotify_init -#ifdef __NR_fanotify_init - {"fanotify_init", __NR_fanotify_init}, -#endif -#endif -#ifdef SYS_fanotify_mark -#ifdef __NR_fanotify_mark - {"fanotify_mark", __NR_fanotify_mark}, -#endif -#endif -#ifdef SYS_fchdir -#ifdef __NR_fchdir - {"fchdir", __NR_fchdir}, -#endif -#endif -#ifdef SYS_fchmod -#ifdef __NR_fchmod - {"fchmod", __NR_fchmod}, -#endif -#endif -#ifdef SYS_fchmodat -#ifdef __NR_fchmodat - {"fchmodat", __NR_fchmodat}, -#endif -#endif -#ifdef SYS_fchown -#ifdef __NR_fchown - {"fchown", __NR_fchown}, -#endif -#endif -#ifdef SYS_fchownat -#ifdef __NR_fchownat - {"fchownat", __NR_fchownat}, -#endif -#endif -#ifdef SYS_fcntl -#ifdef __NR_fcntl - {"fcntl", __NR_fcntl}, -#endif -#endif -#ifdef SYS_fdatasync -#ifdef __NR_fdatasync - {"fdatasync", __NR_fdatasync}, -#endif -#endif -#ifdef SYS_fgetxattr -#ifdef __NR_fgetxattr - {"fgetxattr", __NR_fgetxattr}, -#endif -#endif -#ifdef SYS_finit_module -#ifdef __NR_finit_module - {"finit_module", __NR_finit_module}, -#endif -#endif -#ifdef SYS_flistxattr -#ifdef __NR_flistxattr - {"flistxattr", __NR_flistxattr}, -#endif -#endif -#ifdef SYS_flock -#ifdef __NR_flock - {"flock", __NR_flock}, -#endif -#endif -#ifdef SYS_fork -#ifdef __NR_fork - {"fork", __NR_fork}, -#endif -#endif -#ifdef SYS_fremovexattr -#ifdef __NR_fremovexattr - {"fremovexattr", __NR_fremovexattr}, -#endif -#endif -#ifdef SYS_fsetxattr -#ifdef __NR_fsetxattr - {"fsetxattr", __NR_fsetxattr}, -#endif -#endif -#ifdef SYS_fstat -#ifdef __NR_fstat - {"fstat", __NR_fstat}, -#endif -#endif -#ifdef SYS_fstatfs -#ifdef __NR_fstatfs - {"fstatfs", __NR_fstatfs}, -#endif -#endif -#ifdef SYS_fsync -#ifdef __NR_fsync - {"fsync", __NR_fsync}, -#endif -#endif -#ifdef SYS_ftruncate -#ifdef __NR_ftruncate - {"ftruncate", __NR_ftruncate}, -#endif -#endif -#ifdef SYS_futex -#ifdef __NR_futex - {"futex", __NR_futex}, -#endif -#endif -#ifdef SYS_futimesat -#ifdef __NR_futimesat - {"futimesat", __NR_futimesat}, -#endif -#endif -#ifdef SYS_get_mempolicy -#ifdef __NR_get_mempolicy - {"get_mempolicy", __NR_get_mempolicy}, -#endif -#endif -#ifdef SYS_get_robust_list -#ifdef __NR_get_robust_list - {"get_robust_list", __NR_get_robust_list}, -#endif -#endif -#ifdef SYS_getcpu -#ifdef __NR_getcpu - {"getcpu", __NR_getcpu}, -#endif -#endif -#ifdef SYS_getcwd -#ifdef __NR_getcwd - {"getcwd", __NR_getcwd}, -#endif -#endif -#ifdef SYS_getdents -#ifdef __NR_getdents - {"getdents", __NR_getdents}, -#endif -#endif -#ifdef SYS_getdents64 -#ifdef __NR_getdents64 - {"getdents64", __NR_getdents64}, -#endif -#endif -#ifdef SYS_getegid -#ifdef __NR_getegid - {"getegid", __NR_getegid}, -#endif -#endif -#ifdef SYS_geteuid -#ifdef __NR_geteuid - {"geteuid", __NR_geteuid}, -#endif -#endif -#ifdef SYS_getgid -#ifdef __NR_getgid - {"getgid", __NR_getgid}, -#endif -#endif -#ifdef SYS_getgroups -#ifdef __NR_getgroups - {"getgroups", __NR_getgroups}, -#endif -#endif -#ifdef SYS_getitimer -#ifdef __NR_getitimer - {"getitimer", __NR_getitimer}, -#endif -#endif -#ifdef SYS_getpeername -#ifdef __NR_getpeername - {"getpeername", __NR_getpeername}, -#endif -#endif -#ifdef SYS_getpgid -#ifdef __NR_getpgid - {"getpgid", __NR_getpgid}, -#endif -#endif -#ifdef SYS_getpgrp -#ifdef __NR_getpgrp - {"getpgrp", __NR_getpgrp}, -#endif -#endif -#ifdef SYS_getpid -#ifdef __NR_getpid - {"getpid", __NR_getpid}, -#endif -#endif -#ifdef SYS_getpmsg -#ifdef __NR_getpmsg - {"getpmsg", __NR_getpmsg}, -#endif -#endif -#ifdef SYS_getppid -#ifdef __NR_getppid - {"getppid", __NR_getppid}, -#endif -#endif -#ifdef SYS_getpriority -#ifdef __NR_getpriority - {"getpriority", __NR_getpriority}, -#endif -#endif -#ifdef SYS_getrandom -#ifdef __NR_getrandom - {"getrandom", __NR_getrandom}, -#endif -#endif -#ifdef SYS_getresgid -#ifdef __NR_getresgid - {"getresgid", __NR_getresgid}, -#endif -#endif -#ifdef SYS_getresuid -#ifdef __NR_getresuid - {"getresuid", __NR_getresuid}, -#endif -#endif -#ifdef SYS_getrlimit -#ifdef __NR_getrlimit - {"getrlimit", __NR_getrlimit}, -#endif -#endif -#ifdef SYS_getrusage -#ifdef __NR_getrusage - {"getrusage", __NR_getrusage}, -#endif -#endif -#ifdef SYS_getsid -#ifdef __NR_getsid - {"getsid", __NR_getsid}, -#endif -#endif -#ifdef SYS_getsockname -#ifdef __NR_getsockname - {"getsockname", __NR_getsockname}, -#endif -#endif -#ifdef SYS_getsockopt -#ifdef __NR_getsockopt - {"getsockopt", __NR_getsockopt}, -#endif -#endif -#ifdef SYS_gettid -#ifdef __NR_gettid - {"gettid", __NR_gettid}, -#endif -#endif -#ifdef SYS_gettimeofday -#ifdef __NR_gettimeofday - {"gettimeofday", __NR_gettimeofday}, -#endif -#endif -#ifdef SYS_getuid -#ifdef __NR_getuid - {"getuid", __NR_getuid}, -#endif -#endif -#ifdef SYS_getxattr -#ifdef __NR_getxattr - {"getxattr", __NR_getxattr}, -#endif -#endif -#ifdef SYS_init_module -#ifdef __NR_init_module - {"init_module", __NR_init_module}, -#endif -#endif -#ifdef SYS_inotify_add_watch -#ifdef __NR_inotify_add_watch - {"inotify_add_watch", __NR_inotify_add_watch}, -#endif -#endif -#ifdef SYS_inotify_init -#ifdef __NR_inotify_init - {"inotify_init", __NR_inotify_init}, -#endif -#endif -#ifdef SYS_inotify_init1 -#ifdef __NR_inotify_init1 - {"inotify_init1", __NR_inotify_init1}, -#endif -#endif -#ifdef SYS_inotify_rm_watch -#ifdef __NR_inotify_rm_watch - {"inotify_rm_watch", __NR_inotify_rm_watch}, -#endif -#endif -#ifdef SYS_io_cancel -#ifdef __NR_io_cancel - {"io_cancel", __NR_io_cancel}, -#endif -#endif -#ifdef SYS_io_destroy -#ifdef __NR_io_destroy - {"io_destroy", __NR_io_destroy}, -#endif -#endif -#ifdef SYS_io_getevents -#ifdef __NR_io_getevents - {"io_getevents", __NR_io_getevents}, -#endif -#endif -#ifdef SYS_io_setup -#ifdef __NR_io_setup - {"io_setup", __NR_io_setup}, -#endif -#endif -#ifdef SYS_io_submit -#ifdef __NR_io_submit - {"io_submit", __NR_io_submit}, -#endif -#endif -#ifdef SYS_ioctl -#ifdef __NR_ioctl - {"ioctl", __NR_ioctl}, -#endif -#endif -#ifdef SYS_ioperm -#ifdef __NR_ioperm - {"ioperm", __NR_ioperm}, -#endif -#endif -#ifdef SYS_iopl -#ifdef __NR_iopl - {"iopl", __NR_iopl}, -#endif -#endif -#ifdef SYS_ioprio_get -#ifdef __NR_ioprio_get - {"ioprio_get", __NR_ioprio_get}, -#endif -#endif -#ifdef SYS_ioprio_set -#ifdef __NR_ioprio_set - {"ioprio_set", __NR_ioprio_set}, -#endif -#endif -#ifdef SYS_kcmp -#ifdef __NR_kcmp - {"kcmp", __NR_kcmp}, -#endif -#endif -#ifdef SYS_kexec_file_load -#ifdef __NR_kexec_file_load - {"kexec_file_load", __NR_kexec_file_load}, -#endif -#endif -#ifdef SYS_kexec_load -#ifdef __NR_kexec_load - {"kexec_load", __NR_kexec_load}, -#endif -#endif -#ifdef SYS_keyctl -#ifdef __NR_keyctl - {"keyctl", __NR_keyctl}, -#endif -#endif -#ifdef SYS_kill -#ifdef __NR_kill - {"kill", __NR_kill}, -#endif -#endif -#ifdef SYS_lchown -#ifdef __NR_lchown - {"lchown", __NR_lchown}, -#endif -#endif -#ifdef SYS_lgetxattr -#ifdef __NR_lgetxattr - {"lgetxattr", __NR_lgetxattr}, -#endif -#endif -#ifdef SYS_link -#ifdef __NR_link - {"link", __NR_link}, -#endif -#endif -#ifdef SYS_linkat -#ifdef __NR_linkat - {"linkat", __NR_linkat}, -#endif -#endif -#ifdef SYS_listen -#ifdef __NR_listen - {"listen", __NR_listen}, -#endif -#endif -#ifdef SYS_listxattr -#ifdef __NR_listxattr - {"listxattr", __NR_listxattr}, -#endif -#endif -#ifdef SYS_llistxattr -#ifdef __NR_llistxattr - {"llistxattr", __NR_llistxattr}, -#endif -#endif -#ifdef SYS_lookup_dcookie -#ifdef __NR_lookup_dcookie - {"lookup_dcookie", __NR_lookup_dcookie}, -#endif -#endif -#ifdef SYS_lremovexattr -#ifdef __NR_lremovexattr - {"lremovexattr", __NR_lremovexattr}, -#endif -#endif -#ifdef SYS_lseek -#ifdef __NR_lseek - {"lseek", __NR_lseek}, -#endif -#endif -#ifdef SYS_lsetxattr -#ifdef __NR_lsetxattr - {"lsetxattr", __NR_lsetxattr}, -#endif -#endif -#ifdef SYS_lstat -#ifdef __NR_lstat - {"lstat", __NR_lstat}, -#endif -#endif -#ifdef SYS_madvise -#ifdef __NR_madvise - {"madvise", __NR_madvise}, -#endif -#endif -#ifdef SYS_mbind -#ifdef __NR_mbind - {"mbind", __NR_mbind}, -#endif -#endif -#ifdef SYS_membarrier -#ifdef __NR_membarrier - {"membarrier", __NR_membarrier}, -#endif -#endif -#ifdef SYS_memfd_create -#ifdef __NR_memfd_create - {"memfd_create", __NR_memfd_create}, -#endif -#endif -#ifdef SYS_migrate_pages -#ifdef __NR_migrate_pages - {"migrate_pages", __NR_migrate_pages}, -#endif -#endif -#ifdef SYS_mincore -#ifdef __NR_mincore - {"mincore", __NR_mincore}, -#endif -#endif -#ifdef SYS_mkdir -#ifdef __NR_mkdir - {"mkdir", __NR_mkdir}, -#endif -#endif -#ifdef SYS_mkdirat -#ifdef __NR_mkdirat - {"mkdirat", __NR_mkdirat}, -#endif -#endif -#ifdef SYS_mknod -#ifdef __NR_mknod - {"mknod", __NR_mknod}, -#endif -#endif -#ifdef SYS_mknodat -#ifdef __NR_mknodat - {"mknodat", __NR_mknodat}, -#endif -#endif -#ifdef SYS_mlock -#ifdef __NR_mlock - {"mlock", __NR_mlock}, -#endif -#endif -#ifdef SYS_mlock2 -#ifdef __NR_mlock2 - {"mlock2", __NR_mlock2}, -#endif -#endif -#ifdef SYS_mlockall -#ifdef __NR_mlockall - {"mlockall", __NR_mlockall}, -#endif -#endif -#ifdef SYS_mmap -#ifdef __NR_mmap - {"mmap", __NR_mmap}, -#endif -#endif -#ifdef SYS_modify_ldt -#ifdef __NR_modify_ldt - {"modify_ldt", __NR_modify_ldt}, -#endif -#endif -#ifdef SYS_mount -#ifdef __NR_mount - {"mount", __NR_mount}, -#endif -#endif -#ifdef SYS_move_pages -#ifdef __NR_move_pages - {"move_pages", __NR_move_pages}, -#endif -#endif -#ifdef SYS_mprotect -#ifdef __NR_mprotect - {"mprotect", __NR_mprotect}, -#endif -#endif -#ifdef SYS_mq_getsetattr -#ifdef __NR_mq_getsetattr - {"mq_getsetattr", __NR_mq_getsetattr}, -#endif -#endif -#ifdef SYS_mq_notify -#ifdef __NR_mq_notify - {"mq_notify", __NR_mq_notify}, -#endif -#endif -#ifdef SYS_mq_open -#ifdef __NR_mq_open - {"mq_open", __NR_mq_open}, -#endif -#endif -#ifdef SYS_mq_timedreceive -#ifdef __NR_mq_timedreceive - {"mq_timedreceive", __NR_mq_timedreceive}, -#endif -#endif -#ifdef SYS_mq_timedsend -#ifdef __NR_mq_timedsend - {"mq_timedsend", __NR_mq_timedsend}, -#endif -#endif -#ifdef SYS_mq_unlink -#ifdef __NR_mq_unlink - {"mq_unlink", __NR_mq_unlink}, -#endif -#endif -#ifdef SYS_mremap -#ifdef __NR_mremap - {"mremap", __NR_mremap}, -#endif -#endif -#ifdef SYS_msgctl -#ifdef __NR_msgctl - {"msgctl", __NR_msgctl}, -#endif -#endif -#ifdef SYS_msgget -#ifdef __NR_msgget - {"msgget", __NR_msgget}, -#endif -#endif -#ifdef SYS_msgrcv -#ifdef __NR_msgrcv - {"msgrcv", __NR_msgrcv}, -#endif -#endif -#ifdef SYS_msgsnd -#ifdef __NR_msgsnd - {"msgsnd", __NR_msgsnd}, -#endif -#endif -#ifdef SYS_msync -#ifdef __NR_msync - {"msync", __NR_msync}, -#endif -#endif -#ifdef SYS_munlock -#ifdef __NR_munlock - {"munlock", __NR_munlock}, -#endif -#endif -#ifdef SYS_munlockall -#ifdef __NR_munlockall - {"munlockall", __NR_munlockall}, -#endif -#endif -#ifdef SYS_munmap -#ifdef __NR_munmap - {"munmap", __NR_munmap}, -#endif -#endif -#ifdef SYS_name_to_handle_at -#ifdef __NR_name_to_handle_at - {"name_to_handle_at", __NR_name_to_handle_at}, -#endif -#endif -#ifdef SYS_nanosleep -#ifdef __NR_nanosleep - {"nanosleep", __NR_nanosleep}, -#endif -#endif -#ifdef SYS_newfstatat -#ifdef __NR_newfstatat - {"newfstatat", __NR_newfstatat}, -#endif -#endif -#ifdef SYS_open -#ifdef __NR_open - {"open", __NR_open}, -#endif -#endif -#ifdef SYS_open_by_handle_at -#ifdef __NR_open_by_handle_at - {"open_by_handle_at", __NR_open_by_handle_at}, -#endif -#endif -#ifdef SYS_openat -#ifdef __NR_openat - {"openat", __NR_openat}, -#endif -#endif -#ifdef SYS_pause -#ifdef __NR_pause - {"pause", __NR_pause}, -#endif -#endif -#ifdef SYS_perf_event_open -#ifdef __NR_perf_event_open - {"perf_event_open", __NR_perf_event_open}, -#endif -#endif -#ifdef SYS_personality -#ifdef __NR_personality - {"personality", __NR_personality}, -#endif -#endif -#ifdef SYS_pipe -#ifdef __NR_pipe - {"pipe", __NR_pipe}, -#endif -#endif -#ifdef SYS_pipe2 -#ifdef __NR_pipe2 - {"pipe2", __NR_pipe2}, -#endif -#endif -#ifdef SYS_pivot_root -#ifdef __NR_pivot_root - {"pivot_root", __NR_pivot_root}, -#endif -#endif -#ifdef SYS_pkey_alloc -#ifdef __NR_pkey_alloc - {"pkey_alloc", __NR_pkey_alloc}, -#endif -#endif -#ifdef SYS_pkey_free -#ifdef __NR_pkey_free - {"pkey_free", __NR_pkey_free}, -#endif -#endif -#ifdef SYS_pkey_mprotect -#ifdef __NR_pkey_mprotect - {"pkey_mprotect", __NR_pkey_mprotect}, -#endif -#endif -#ifdef SYS_poll -#ifdef __NR_poll - {"poll", __NR_poll}, -#endif -#endif -#ifdef SYS_ppoll -#ifdef __NR_ppoll - {"ppoll", __NR_ppoll}, -#endif -#endif -#ifdef SYS_prctl -#ifdef __NR_prctl - {"prctl", __NR_prctl}, -#endif -#endif -#ifdef SYS_pread64 -#ifdef __NR_pread64 - {"pread64", __NR_pread64}, -#endif -#endif -#ifdef SYS_preadv -#ifdef __NR_preadv - {"preadv", __NR_preadv}, -#endif -#endif -#ifdef SYS_preadv2 -#ifdef __NR_preadv2 - {"preadv2", __NR_preadv2}, -#endif -#endif -#ifdef SYS_prlimit64 -#ifdef __NR_prlimit64 - {"prlimit64", __NR_prlimit64}, -#endif -#endif -#ifdef SYS_process_vm_readv -#ifdef __NR_process_vm_readv - {"process_vm_readv", __NR_process_vm_readv}, -#endif -#endif -#ifdef SYS_process_vm_writev -#ifdef __NR_process_vm_writev - {"process_vm_writev", __NR_process_vm_writev}, -#endif -#endif -#ifdef SYS_pselect6 -#ifdef __NR_pselect6 - {"pselect6", __NR_pselect6}, -#endif -#endif -#ifdef SYS_ptrace -#ifdef __NR_ptrace - {"ptrace", __NR_ptrace}, -#endif -#endif -#ifdef SYS_putpmsg -#ifdef __NR_putpmsg - {"putpmsg", __NR_putpmsg}, -#endif -#endif -#ifdef SYS_pwrite64 -#ifdef __NR_pwrite64 - {"pwrite64", __NR_pwrite64}, -#endif -#endif -#ifdef SYS_pwritev -#ifdef __NR_pwritev - {"pwritev", __NR_pwritev}, -#endif -#endif -#ifdef SYS_pwritev2 -#ifdef __NR_pwritev2 - {"pwritev2", __NR_pwritev2}, -#endif -#endif -#ifdef SYS_quotactl -#ifdef __NR_quotactl - {"quotactl", __NR_quotactl}, -#endif -#endif -#ifdef SYS_read -#ifdef __NR_read - {"read", __NR_read}, -#endif -#endif -#ifdef SYS_readahead -#ifdef __NR_readahead - {"readahead", __NR_readahead}, -#endif -#endif -#ifdef SYS_readlink -#ifdef __NR_readlink - {"readlink", __NR_readlink}, -#endif -#endif -#ifdef SYS_readlinkat -#ifdef __NR_readlinkat - {"readlinkat", __NR_readlinkat}, -#endif -#endif -#ifdef SYS_readv -#ifdef __NR_readv - {"readv", __NR_readv}, -#endif -#endif -#ifdef SYS_reboot -#ifdef __NR_reboot - {"reboot", __NR_reboot}, -#endif -#endif -#ifdef SYS_recvfrom -#ifdef __NR_recvfrom - {"recvfrom", __NR_recvfrom}, -#endif -#endif -#ifdef SYS_recvmmsg -#ifdef __NR_recvmmsg - {"recvmmsg", __NR_recvmmsg}, -#endif -#endif -#ifdef SYS_recvmsg -#ifdef __NR_recvmsg - {"recvmsg", __NR_recvmsg}, -#endif -#endif -#ifdef SYS_remap_file_pages -#ifdef __NR_remap_file_pages - {"remap_file_pages", __NR_remap_file_pages}, -#endif -#endif -#ifdef SYS_removexattr -#ifdef __NR_removexattr - {"removexattr", __NR_removexattr}, -#endif -#endif -#ifdef SYS_rename -#ifdef __NR_rename - {"rename", __NR_rename}, -#endif -#endif -#ifdef SYS_renameat -#ifdef __NR_renameat - {"renameat", __NR_renameat}, -#endif -#endif -#ifdef SYS_renameat2 -#ifdef __NR_renameat2 - {"renameat2", __NR_renameat2}, -#endif -#endif -#ifdef SYS_request_key -#ifdef __NR_request_key - {"request_key", __NR_request_key}, -#endif -#endif -#ifdef SYS_restart_syscall -#ifdef __NR_restart_syscall - {"restart_syscall", __NR_restart_syscall}, -#endif -#endif -#ifdef SYS_rmdir -#ifdef __NR_rmdir - {"rmdir", __NR_rmdir}, -#endif -#endif -#ifdef SYS_rt_sigaction -#ifdef __NR_rt_sigaction - {"rt_sigaction", __NR_rt_sigaction}, -#endif -#endif -#ifdef SYS_rt_sigpending -#ifdef __NR_rt_sigpending - {"rt_sigpending", __NR_rt_sigpending}, -#endif -#endif -#ifdef SYS_rt_sigprocmask -#ifdef __NR_rt_sigprocmask - {"rt_sigprocmask", __NR_rt_sigprocmask}, -#endif -#endif -#ifdef SYS_rt_sigqueueinfo -#ifdef __NR_rt_sigqueueinfo - {"rt_sigqueueinfo", __NR_rt_sigqueueinfo}, -#endif -#endif -#ifdef SYS_rt_sigreturn -#ifdef __NR_rt_sigreturn - {"rt_sigreturn", __NR_rt_sigreturn}, -#endif -#endif -#ifdef SYS_rt_sigsuspend -#ifdef __NR_rt_sigsuspend - {"rt_sigsuspend", __NR_rt_sigsuspend}, -#endif -#endif -#ifdef SYS_rt_sigtimedwait -#ifdef __NR_rt_sigtimedwait - {"rt_sigtimedwait", __NR_rt_sigtimedwait}, -#endif -#endif -#ifdef SYS_rt_tgsigqueueinfo -#ifdef __NR_rt_tgsigqueueinfo - {"rt_tgsigqueueinfo", __NR_rt_tgsigqueueinfo}, -#endif -#endif -#ifdef SYS_sched_get_priority_max -#ifdef __NR_sched_get_priority_max - {"sched_get_priority_max", __NR_sched_get_priority_max}, -#endif -#endif -#ifdef SYS_sched_get_priority_min -#ifdef __NR_sched_get_priority_min - {"sched_get_priority_min", __NR_sched_get_priority_min}, -#endif -#endif -#ifdef SYS_sched_getaffinity -#ifdef __NR_sched_getaffinity - {"sched_getaffinity", __NR_sched_getaffinity}, -#endif -#endif -#ifdef SYS_sched_getattr -#ifdef __NR_sched_getattr - {"sched_getattr", __NR_sched_getattr}, -#endif -#endif -#ifdef SYS_sched_getparam -#ifdef __NR_sched_getparam - {"sched_getparam", __NR_sched_getparam}, -#endif -#endif -#ifdef SYS_sched_getscheduler -#ifdef __NR_sched_getscheduler - {"sched_getscheduler", __NR_sched_getscheduler}, -#endif -#endif -#ifdef SYS_sched_rr_get_interval -#ifdef __NR_sched_rr_get_interval - {"sched_rr_get_interval", __NR_sched_rr_get_interval}, -#endif -#endif -#ifdef SYS_sched_setaffinity -#ifdef __NR_sched_setaffinity - {"sched_setaffinity", __NR_sched_setaffinity}, -#endif -#endif -#ifdef SYS_sched_setattr -#ifdef __NR_sched_setattr - {"sched_setattr", __NR_sched_setattr}, -#endif -#endif -#ifdef SYS_sched_setparam -#ifdef __NR_sched_setparam - {"sched_setparam", __NR_sched_setparam}, -#endif -#endif -#ifdef SYS_sched_setscheduler -#ifdef __NR_sched_setscheduler - {"sched_setscheduler", __NR_sched_setscheduler}, -#endif -#endif -#ifdef SYS_sched_yield -#ifdef __NR_sched_yield - {"sched_yield", __NR_sched_yield}, -#endif -#endif -#ifdef SYS_seccomp -#ifdef __NR_seccomp - {"seccomp", __NR_seccomp}, -#endif -#endif -#ifdef SYS_security -#ifdef __NR_security - {"security", __NR_security}, -#endif -#endif -#ifdef SYS_select -#ifdef __NR_select - {"select", __NR_select}, -#endif -#endif -#ifdef SYS_semctl -#ifdef __NR_semctl - {"semctl", __NR_semctl}, -#endif -#endif -#ifdef SYS_semget -#ifdef __NR_semget - {"semget", __NR_semget}, -#endif -#endif -#ifdef SYS_semop -#ifdef __NR_semop - {"semop", __NR_semop}, -#endif -#endif -#ifdef SYS_semtimedop -#ifdef __NR_semtimedop - {"semtimedop", __NR_semtimedop}, -#endif -#endif -#ifdef SYS_sendfile -#ifdef __NR_sendfile - {"sendfile", __NR_sendfile}, -#endif -#endif -#ifdef SYS_sendmmsg -#ifdef __NR_sendmmsg - {"sendmmsg", __NR_sendmmsg}, -#endif -#endif -#ifdef SYS_sendmsg -#ifdef __NR_sendmsg - {"sendmsg", __NR_sendmsg}, -#endif -#endif -#ifdef SYS_sendto -#ifdef __NR_sendto - {"sendto", __NR_sendto}, -#endif -#endif -#ifdef SYS_set_mempolicy -#ifdef __NR_set_mempolicy - {"set_mempolicy", __NR_set_mempolicy}, -#endif -#endif -#ifdef SYS_set_robust_list -#ifdef __NR_set_robust_list - {"set_robust_list", __NR_set_robust_list}, -#endif -#endif -#ifdef SYS_set_tid_address -#ifdef __NR_set_tid_address - {"set_tid_address", __NR_set_tid_address}, -#endif -#endif -#ifdef SYS_setdomainname -#ifdef __NR_setdomainname - {"setdomainname", __NR_setdomainname}, -#endif -#endif -#ifdef SYS_setfsgid -#ifdef __NR_setfsgid - {"setfsgid", __NR_setfsgid}, -#endif -#endif -#ifdef SYS_setfsuid -#ifdef __NR_setfsuid - {"setfsuid", __NR_setfsuid}, -#endif -#endif -#ifdef SYS_setgid -#ifdef __NR_setgid - {"setgid", __NR_setgid}, -#endif -#endif -#ifdef SYS_setgroups -#ifdef __NR_setgroups - {"setgroups", __NR_setgroups}, -#endif -#endif -#ifdef SYS_sethostname -#ifdef __NR_sethostname - {"sethostname", __NR_sethostname}, -#endif -#endif -#ifdef SYS_setitimer -#ifdef __NR_setitimer - {"setitimer", __NR_setitimer}, -#endif -#endif -#ifdef SYS_setns -#ifdef __NR_setns - {"setns", __NR_setns}, -#endif -#endif -#ifdef SYS_setpgid -#ifdef __NR_setpgid - {"setpgid", __NR_setpgid}, -#endif -#endif -#ifdef SYS_setpriority -#ifdef __NR_setpriority - {"setpriority", __NR_setpriority}, -#endif -#endif -#ifdef SYS_setregid -#ifdef __NR_setregid - {"setregid", __NR_setregid}, -#endif -#endif -#ifdef SYS_setresgid -#ifdef __NR_setresgid - {"setresgid", __NR_setresgid}, -#endif -#endif -#ifdef SYS_setresuid -#ifdef __NR_setresuid - {"setresuid", __NR_setresuid}, -#endif -#endif -#ifdef SYS_setreuid -#ifdef __NR_setreuid - {"setreuid", __NR_setreuid}, -#endif -#endif -#ifdef SYS_setrlimit -#ifdef __NR_setrlimit - {"setrlimit", __NR_setrlimit}, -#endif -#endif -#ifdef SYS_setsid -#ifdef __NR_setsid - {"setsid", __NR_setsid}, -#endif -#endif -#ifdef SYS_setsockopt -#ifdef __NR_setsockopt - {"setsockopt", __NR_setsockopt}, -#endif -#endif -#ifdef SYS_settimeofday -#ifdef __NR_settimeofday - {"settimeofday", __NR_settimeofday}, -#endif -#endif -#ifdef SYS_setuid -#ifdef __NR_setuid - {"setuid", __NR_setuid}, -#endif -#endif -#ifdef SYS_setxattr -#ifdef __NR_setxattr - {"setxattr", __NR_setxattr}, -#endif -#endif -#ifdef SYS_shmat -#ifdef __NR_shmat - {"shmat", __NR_shmat}, -#endif -#endif -#ifdef SYS_shmctl -#ifdef __NR_shmctl - {"shmctl", __NR_shmctl}, -#endif -#endif -#ifdef SYS_shmdt -#ifdef __NR_shmdt - {"shmdt", __NR_shmdt}, -#endif -#endif -#ifdef SYS_shmget -#ifdef __NR_shmget - {"shmget", __NR_shmget}, -#endif -#endif -#ifdef SYS_shutdown -#ifdef __NR_shutdown - {"shutdown", __NR_shutdown}, -#endif -#endif -#ifdef SYS_sigaltstack -#ifdef __NR_sigaltstack - {"sigaltstack", __NR_sigaltstack}, -#endif -#endif -#ifdef SYS_signalfd -#ifdef __NR_signalfd - {"signalfd", __NR_signalfd}, -#endif -#endif -#ifdef SYS_signalfd4 -#ifdef __NR_signalfd4 - {"signalfd4", __NR_signalfd4}, -#endif -#endif -#ifdef SYS_socket -#ifdef __NR_socket - {"socket", __NR_socket}, -#endif -#endif -#ifdef SYS_socketpair -#ifdef __NR_socketpair - {"socketpair", __NR_socketpair}, -#endif -#endif -#ifdef SYS_splice -#ifdef __NR_splice - {"splice", __NR_splice}, -#endif -#endif -#ifdef SYS_stat -#ifdef __NR_stat - {"stat", __NR_stat}, -#endif -#endif -#ifdef SYS_statfs -#ifdef __NR_statfs - {"statfs", __NR_statfs}, -#endif -#endif -#ifdef SYS_statx -#ifdef __NR_statx - {"statx", __NR_statx}, -#endif -#endif -#ifdef SYS_swapoff -#ifdef __NR_swapoff - {"swapoff", __NR_swapoff}, -#endif -#endif -#ifdef SYS_swapon -#ifdef __NR_swapon - {"swapon", __NR_swapon}, -#endif -#endif -#ifdef SYS_symlink -#ifdef __NR_symlink - {"symlink", __NR_symlink}, -#endif -#endif -#ifdef SYS_symlinkat -#ifdef __NR_symlinkat - {"symlinkat", __NR_symlinkat}, -#endif -#endif -#ifdef SYS_sync -#ifdef __NR_sync - {"sync", __NR_sync}, -#endif -#endif -#ifdef SYS_sync_file_range -#ifdef __NR_sync_file_range - {"sync_file_range", __NR_sync_file_range}, -#endif -#endif -#ifdef SYS_syncfs -#ifdef __NR_syncfs - {"syncfs", __NR_syncfs}, -#endif -#endif -#ifdef SYS_sysfs -#ifdef __NR_sysfs - {"sysfs", __NR_sysfs}, -#endif -#endif -#ifdef SYS_sysinfo -#ifdef __NR_sysinfo - {"sysinfo", __NR_sysinfo}, -#endif -#endif -#ifdef SYS_syslog -#ifdef __NR_syslog - {"syslog", __NR_syslog}, -#endif -#endif -#ifdef SYS_tee -#ifdef __NR_tee - {"tee", __NR_tee}, -#endif -#endif -#ifdef SYS_tgkill -#ifdef __NR_tgkill - {"tgkill", __NR_tgkill}, -#endif -#endif -#ifdef SYS_time -#ifdef __NR_time - {"time", __NR_time}, -#endif -#endif -#ifdef SYS_timer_create -#ifdef __NR_timer_create - {"timer_create", __NR_timer_create}, -#endif -#endif -#ifdef SYS_timer_delete -#ifdef __NR_timer_delete - {"timer_delete", __NR_timer_delete}, -#endif -#endif -#ifdef SYS_timer_getoverrun -#ifdef __NR_timer_getoverrun - {"timer_getoverrun", __NR_timer_getoverrun}, -#endif -#endif -#ifdef SYS_timer_gettime -#ifdef __NR_timer_gettime - {"timer_gettime", __NR_timer_gettime}, -#endif -#endif -#ifdef SYS_timer_settime -#ifdef __NR_timer_settime - {"timer_settime", __NR_timer_settime}, -#endif -#endif -#ifdef SYS_timerfd_create -#ifdef __NR_timerfd_create - {"timerfd_create", __NR_timerfd_create}, -#endif -#endif -#ifdef SYS_timerfd_gettime -#ifdef __NR_timerfd_gettime - {"timerfd_gettime", __NR_timerfd_gettime}, -#endif -#endif -#ifdef SYS_timerfd_settime -#ifdef __NR_timerfd_settime - {"timerfd_settime", __NR_timerfd_settime}, -#endif -#endif -#ifdef SYS_times -#ifdef __NR_times - {"times", __NR_times}, -#endif -#endif -#ifdef SYS_tkill -#ifdef __NR_tkill - {"tkill", __NR_tkill}, -#endif -#endif -#ifdef SYS_truncate -#ifdef __NR_truncate - {"truncate", __NR_truncate}, -#endif -#endif -#ifdef SYS_tuxcall -#ifdef __NR_tuxcall - {"tuxcall", __NR_tuxcall}, -#endif -#endif -#ifdef SYS_umask -#ifdef __NR_umask - {"umask", __NR_umask}, -#endif -#endif -#ifdef SYS_umount2 -#ifdef __NR_umount2 - {"umount2", __NR_umount2}, -#endif -#endif -#ifdef SYS_uname -#ifdef __NR_uname - {"uname", __NR_uname}, -#endif -#endif -#ifdef SYS_unlink -#ifdef __NR_unlink - {"unlink", __NR_unlink}, -#endif -#endif -#ifdef SYS_unlinkat -#ifdef __NR_unlinkat - {"unlinkat", __NR_unlinkat}, -#endif -#endif -#ifdef SYS_unshare -#ifdef __NR_unshare - {"unshare", __NR_unshare}, -#endif -#endif -#ifdef SYS_userfaultfd -#ifdef __NR_userfaultfd - {"userfaultfd", __NR_userfaultfd}, -#endif -#endif -#ifdef SYS_ustat -#ifdef __NR_ustat - {"ustat", __NR_ustat}, -#endif -#endif -#ifdef SYS_utime -#ifdef __NR_utime - {"utime", __NR_utime}, -#endif -#endif -#ifdef SYS_utimensat -#ifdef __NR_utimensat - {"utimensat", __NR_utimensat}, -#endif -#endif -#ifdef SYS_utimes -#ifdef __NR_utimes - {"utimes", __NR_utimes}, -#endif -#endif -#ifdef SYS_vfork -#ifdef __NR_vfork - {"vfork", __NR_vfork}, -#endif -#endif -#ifdef SYS_vhangup -#ifdef __NR_vhangup - {"vhangup", __NR_vhangup}, -#endif -#endif -#ifdef SYS_vmsplice -#ifdef __NR_vmsplice - {"vmsplice", __NR_vmsplice}, -#endif -#endif -#ifdef SYS_wait4 -#ifdef __NR_wait4 - {"wait4", __NR_wait4}, -#endif -#endif -#ifdef SYS_waitid -#ifdef __NR_waitid - {"waitid", __NR_waitid}, -#endif -#endif -#ifdef SYS_write -#ifdef __NR_write - {"write", __NR_write}, -#endif -#endif -#ifdef SYS_writev -#ifdef __NR_writev - {"writev", __NR_writev}, -#endif -#endif #endif -//#endif diff --git a/src/include/syscall_i386.h b/src/include/syscall_i386.h new file mode 100644 index 000000000..4795e5b2a --- /dev/null +++ b/src/include/syscall_i386.h @@ -0,0 +1,425 @@ +{ "_llseek", 140 }, +{ "_newselect", 142 }, +{ "_sysctl", 149 }, +{ "accept4", 364 }, +{ "access", 33 }, +{ "acct", 51 }, +{ "add_key", 286 }, +{ "adjtimex", 124 }, +{ "afs_syscall", 137 }, +{ "alarm", 27 }, +{ "arch_prctl", 384 }, +{ "bdflush", 134 }, +{ "bind", 361 }, +{ "bpf", 357 }, +{ "break", 17 }, +{ "brk", 45 }, +{ "capget", 184 }, +{ "capset", 185 }, +{ "chdir", 12 }, +{ "chmod", 15 }, +{ "chown", 182 }, +{ "chown32", 212 }, +{ "chroot", 61 }, +{ "clock_adjtime", 343 }, +{ "clock_adjtime64", 405 }, +{ "clock_getres", 266 }, +{ "clock_getres_time64", 406 }, +{ "clock_gettime", 265 }, +{ "clock_gettime64", 403 }, +{ "clock_nanosleep", 267 }, +{ "clock_nanosleep_time64", 407 }, +{ "clock_settime", 264 }, +{ "clock_settime64", 404 }, +{ "clone", 120 }, +{ "clone3", 435 }, +{ "close", 6 }, +{ "connect", 362 }, +{ "copy_file_range", 377 }, +{ "creat", 8 }, +{ "create_module", 127 }, +{ "delete_module", 129 }, +{ "dup", 41 }, +{ "dup2", 63 }, +{ "dup3", 330 }, +{ "epoll_create", 254 }, +{ "epoll_create1", 329 }, +{ "epoll_ctl", 255 }, +{ "epoll_pwait", 319 }, +{ "epoll_wait", 256 }, +{ "eventfd", 323 }, +{ "eventfd2", 328 }, +{ "execve", 11 }, +{ "execveat", 358 }, +{ "exit", 1 }, +{ "exit_group", 252 }, +{ "faccessat", 307 }, +{ "fadvise64", 250 }, +{ "fadvise64_64", 272 }, +{ "fallocate", 324 }, +{ "fanotify_init", 338 }, +{ "fanotify_mark", 339 }, +{ "fchdir", 133 }, +{ "fchmod", 94 }, +{ "fchmodat", 306 }, +{ "fchown", 95 }, +{ "fchown32", 207 }, +{ "fchownat", 298 }, +{ "fcntl", 55 }, +{ "fcntl64", 221 }, +{ "fdatasync", 148 }, +{ "fgetxattr", 231 }, +{ "finit_module", 350 }, +{ "flistxattr", 234 }, +{ "flock", 143 }, +{ "fork", 2 }, +{ "fremovexattr", 237 }, +{ "fsconfig", 431 }, +{ "fsetxattr", 228 }, +{ "fsmount", 432 }, +{ "fsopen", 430 }, +{ "fspick", 433 }, +{ "fstat", 108 }, +{ "fstat64", 197 }, +{ "fstatat64", 300 }, +{ "fstatfs", 100 }, +{ "fstatfs64", 269 }, +{ "fsync", 118 }, +{ "ftime", 35 }, +{ "ftruncate", 93 }, +{ "ftruncate64", 194 }, +{ "futex", 240 }, +{ "futex_time64", 422 }, +{ "futimesat", 299 }, +{ "get_kernel_syms", 130 }, +{ "get_mempolicy", 275 }, +{ "get_robust_list", 312 }, +{ "get_thread_area", 244 }, +{ "getcpu", 318 }, +{ "getcwd", 183 }, +{ "getdents", 141 }, +{ "getdents64", 220 }, +{ "getegid", 50 }, +{ "getegid32", 202 }, +{ "geteuid", 49 }, +{ "geteuid32", 201 }, +{ "getgid", 47 }, +{ "getgid32", 200 }, +{ "getgroups", 80 }, +{ "getgroups32", 205 }, +{ "getitimer", 105 }, +{ "getpeername", 368 }, +{ "getpgid", 132 }, +{ "getpgrp", 65 }, +{ "getpid", 20 }, +{ "getpmsg", 188 }, +{ "getppid", 64 }, +{ "getpriority", 96 }, +{ "getrandom", 355 }, +{ "getresgid", 171 }, +{ "getresgid32", 211 }, +{ "getresuid", 165 }, +{ "getresuid32", 209 }, +{ "getrlimit", 76 }, +{ "getrusage", 77 }, +{ "getsid", 147 }, +{ "getsockname", 367 }, +{ "getsockopt", 365 }, +{ "gettid", 224 }, +{ "gettimeofday", 78 }, +{ "getuid", 24 }, +{ "getuid32", 199 }, +{ "getxattr", 229 }, +{ "gtty", 32 }, +{ "idle", 112 }, +{ "init_module", 128 }, +{ "inotify_add_watch", 292 }, +{ "inotify_init", 291 }, +{ "inotify_init1", 332 }, +{ "inotify_rm_watch", 293 }, +{ "io_cancel", 249 }, +{ "io_destroy", 246 }, +{ "io_getevents", 247 }, +{ "io_pgetevents", 385 }, +{ "io_pgetevents_time64", 416 }, +{ "io_setup", 245 }, +{ "io_submit", 248 }, +{ "io_uring_enter", 426 }, +{ "io_uring_register", 427 }, +{ "io_uring_setup", 425 }, +{ "ioctl", 54 }, +{ "ioperm", 101 }, +{ "iopl", 110 }, +{ "ioprio_get", 290 }, +{ "ioprio_set", 289 }, +{ "ipc", 117 }, +{ "kcmp", 349 }, +{ "kexec_load", 283 }, +{ "keyctl", 288 }, +{ "kill", 37 }, +{ "lchown", 16 }, +{ "lchown32", 198 }, +{ "lgetxattr", 230 }, +{ "link", 9 }, +{ "linkat", 303 }, +{ "listen", 363 }, +{ "listxattr", 232 }, +{ "llistxattr", 233 }, +{ "lock", 53 }, +{ "lookup_dcookie", 253 }, +{ "lremovexattr", 236 }, +{ "lseek", 19 }, +{ "lsetxattr", 227 }, +{ "lstat", 107 }, +{ "lstat64", 196 }, +{ "madvise", 219 }, +{ "mbind", 274 }, +{ "membarrier", 375 }, +{ "memfd_create", 356 }, +{ "migrate_pages", 294 }, +{ "mincore", 218 }, +{ "mkdir", 39 }, +{ "mkdirat", 296 }, +{ "mknod", 14 }, +{ "mknodat", 297 }, +{ "mlock", 150 }, +{ "mlock2", 376 }, +{ "mlockall", 152 }, +{ "mmap", 90 }, +{ "mmap2", 192 }, +{ "modify_ldt", 123 }, +{ "mount", 21 }, +{ "move_mount", 429 }, +{ "move_pages", 317 }, +{ "mprotect", 125 }, +{ "mpx", 56 }, +{ "mq_getsetattr", 282 }, +{ "mq_notify", 281 }, +{ "mq_open", 277 }, +{ "mq_timedreceive", 280 }, +{ "mq_timedreceive_time64", 419 }, +{ "mq_timedsend", 279 }, +{ "mq_timedsend_time64", 418 }, +{ "mq_unlink", 278 }, +{ "mremap", 163 }, +{ "msgctl", 402 }, +{ "msgget", 399 }, +{ "msgrcv", 401 }, +{ "msgsnd", 400 }, +{ "msync", 144 }, +{ "munlock", 151 }, +{ "munlockall", 153 }, +{ "munmap", 91 }, +{ "name_to_handle_at", 341 }, +{ "nanosleep", 162 }, +{ "nfsservctl", 169 }, +{ "nice", 34 }, +{ "oldfstat", 28 }, +{ "oldlstat", 84 }, +{ "oldolduname", 59 }, +{ "oldstat", 18 }, +{ "olduname", 109 }, +{ "open", 5 }, +{ "open_by_handle_at", 342 }, +{ "open_tree", 428 }, +{ "openat", 295 }, +{ "pause", 29 }, +{ "perf_event_open", 336 }, +{ "personality", 136 }, +{ "pidfd_open", 434 }, +{ "pidfd_send_signal", 424 }, +{ "pipe", 42 }, +{ "pipe2", 331 }, +{ "pivot_root", 217 }, +{ "pkey_alloc", 381 }, +{ "pkey_free", 382 }, +{ "pkey_mprotect", 380 }, +{ "poll", 168 }, +{ "ppoll", 309 }, +{ "ppoll_time64", 414 }, +{ "prctl", 172 }, +{ "pread64", 180 }, +{ "preadv", 333 }, +{ "preadv2", 378 }, +{ "prlimit64", 340 }, +{ "process_vm_readv", 347 }, +{ "process_vm_writev", 348 }, +{ "prof", 44 }, +{ "profil", 98 }, +{ "pselect6", 308 }, +{ "pselect6_time64", 413 }, +{ "ptrace", 26 }, +{ "putpmsg", 189 }, +{ "pwrite64", 181 }, +{ "pwritev", 334 }, +{ "pwritev2", 379 }, +{ "query_module", 167 }, +{ "quotactl", 131 }, +{ "read", 3 }, +{ "readahead", 225 }, +{ "readdir", 89 }, +{ "readlink", 85 }, +{ "readlinkat", 305 }, +{ "readv", 145 }, +{ "reboot", 88 }, +{ "recvfrom", 371 }, +{ "recvmmsg", 337 }, +{ "recvmmsg_time64", 417 }, +{ "recvmsg", 372 }, +{ "remap_file_pages", 257 }, +{ "removexattr", 235 }, +{ "rename", 38 }, +{ "renameat", 302 }, +{ "renameat2", 353 }, +{ "request_key", 287 }, +{ "restart_syscall", 0 }, +{ "rmdir", 40 }, +{ "rseq", 386 }, +{ "rt_sigaction", 174 }, +{ "rt_sigpending", 176 }, +{ "rt_sigprocmask", 175 }, +{ "rt_sigqueueinfo", 178 }, +{ "rt_sigreturn", 173 }, +{ "rt_sigsuspend", 179 }, +{ "rt_sigtimedwait", 177 }, +{ "rt_sigtimedwait_time64", 421 }, +{ "rt_tgsigqueueinfo", 335 }, +{ "sched_get_priority_max", 159 }, +{ "sched_get_priority_min", 160 }, +{ "sched_getaffinity", 242 }, +{ "sched_getattr", 352 }, +{ "sched_getparam", 155 }, +{ "sched_getscheduler", 157 }, +{ "sched_rr_get_interval", 161 }, +{ "sched_rr_get_interval_time64", 423 }, +{ "sched_setaffinity", 241 }, +{ "sched_setattr", 351 }, +{ "sched_setparam", 154 }, +{ "sched_setscheduler", 156 }, +{ "sched_yield", 158 }, +{ "seccomp", 354 }, +{ "select", 82 }, +{ "semctl", 394 }, +{ "semget", 393 }, +{ "semtimedop_time64", 420 }, +{ "sendfile", 187 }, +{ "sendfile64", 239 }, +{ "sendmmsg", 345 }, +{ "sendmsg", 370 }, +{ "sendto", 369 }, +{ "set_mempolicy", 276 }, +{ "set_robust_list", 311 }, +{ "set_thread_area", 243 }, +{ "set_tid_address", 258 }, +{ "setdomainname", 121 }, +{ "setfsgid", 139 }, +{ "setfsgid32", 216 }, +{ "setfsuid", 138 }, +{ "setfsuid32", 215 }, +{ "setgid", 46 }, +{ "setgid32", 214 }, +{ "setgroups", 81 }, +{ "setgroups32", 206 }, +{ "sethostname", 74 }, +{ "setitimer", 104 }, +{ "setns", 346 }, +{ "setpgid", 57 }, +{ "setpriority", 97 }, +{ "setregid", 71 }, +{ "setregid32", 204 }, +{ "setresgid", 170 }, +{ "setresgid32", 210 }, +{ "setresuid", 164 }, +{ "setresuid32", 208 }, +{ "setreuid", 70 }, +{ "setreuid32", 203 }, +{ "setrlimit", 75 }, +{ "setsid", 66 }, +{ "setsockopt", 366 }, +{ "settimeofday", 79 }, +{ "setuid", 23 }, +{ "setuid32", 213 }, +{ "setxattr", 226 }, +{ "sgetmask", 68 }, +{ "shmat", 397 }, +{ "shmctl", 396 }, +{ "shmdt", 398 }, +{ "shmget", 395 }, +{ "shutdown", 373 }, +{ "sigaction", 67 }, +{ "sigaltstack", 186 }, +{ "signal", 48 }, +{ "signalfd", 321 }, +{ "signalfd4", 327 }, +{ "sigpending", 73 }, +{ "sigprocmask", 126 }, +{ "sigreturn", 119 }, +{ "sigsuspend", 72 }, +{ "socket", 359 }, +{ "socketcall", 102 }, +{ "socketpair", 360 }, +{ "splice", 313 }, +{ "ssetmask", 69 }, +{ "stat", 106 }, +{ "stat64", 195 }, +{ "statfs", 99 }, +{ "statfs64", 268 }, +{ "statx", 383 }, +{ "stime", 25 }, +{ "stty", 31 }, +{ "swapoff", 115 }, +{ "swapon", 87 }, +{ "symlink", 83 }, +{ "symlinkat", 304 }, +{ "sync", 36 }, +{ "sync_file_range", 314 }, +{ "syncfs", 344 }, +{ "sysfs", 135 }, +{ "sysinfo", 116 }, +{ "syslog", 103 }, +{ "tee", 315 }, +{ "tgkill", 270 }, +{ "time", 13 }, +{ "timer_create", 259 }, +{ "timer_delete", 263 }, +{ "timer_getoverrun", 262 }, +{ "timer_gettime", 261 }, +{ "timer_gettime64", 408 }, +{ "timer_settime", 260 }, +{ "timer_settime64", 409 }, +{ "timerfd_create", 322 }, +{ "timerfd_gettime", 326 }, +{ "timerfd_gettime64", 410 }, +{ "timerfd_settime", 325 }, +{ "timerfd_settime64", 411 }, +{ "times", 43 }, +{ "tkill", 238 }, +{ "truncate", 92 }, +{ "truncate64", 193 }, +{ "ugetrlimit", 191 }, +{ "ulimit", 58 }, +{ "umask", 60 }, +{ "umount", 22 }, +{ "umount2", 52 }, +{ "uname", 122 }, +{ "unlink", 10 }, +{ "unlinkat", 301 }, +{ "unshare", 310 }, +{ "uselib", 86 }, +{ "userfaultfd", 374 }, +{ "ustat", 62 }, +{ "utime", 30 }, +{ "utimensat", 320 }, +{ "utimensat_time64", 412 }, +{ "utimes", 271 }, +{ "vfork", 190 }, +{ "vhangup", 111 }, +{ "vm86", 166 }, +{ "vm86old", 113 }, +{ "vmsplice", 316 }, +{ "vserver", 273 }, +{ "wait4", 114 }, +{ "waitid", 284 }, +{ "waitpid", 7 }, +{ "write", 4 }, +{ "writev", 146 }, diff --git a/src/include/syscall_x86_64.h b/src/include/syscall_x86_64.h new file mode 100644 index 000000000..539e874be --- /dev/null +++ b/src/include/syscall_x86_64.h @@ -0,0 +1,347 @@ +{ "_sysctl", 156 }, +{ "accept", 43 }, +{ "accept4", 288 }, +{ "access", 21 }, +{ "acct", 163 }, +{ "add_key", 248 }, +{ "adjtimex", 159 }, +{ "afs_syscall", 183 }, +{ "alarm", 37 }, +{ "arch_prctl", 158 }, +{ "bind", 49 }, +{ "bpf", 321 }, +{ "brk", 12 }, +{ "capget", 125 }, +{ "capset", 126 }, +{ "chdir", 80 }, +{ "chmod", 90 }, +{ "chown", 92 }, +{ "chroot", 161 }, +{ "clock_adjtime", 305 }, +{ "clock_getres", 229 }, +{ "clock_gettime", 228 }, +{ "clock_nanosleep", 230 }, +{ "clock_settime", 227 }, +{ "clone", 56 }, +{ "clone3", 435 }, +{ "close", 3 }, +{ "connect", 42 }, +{ "copy_file_range", 326 }, +{ "creat", 85 }, +{ "create_module", 174 }, +{ "delete_module", 176 }, +{ "dup", 32 }, +{ "dup2", 33 }, +{ "dup3", 292 }, +{ "epoll_create", 213 }, +{ "epoll_create1", 291 }, +{ "epoll_ctl", 233 }, +{ "epoll_ctl_old", 214 }, +{ "epoll_pwait", 281 }, +{ "epoll_wait", 232 }, +{ "epoll_wait_old", 215 }, +{ "eventfd", 284 }, +{ "eventfd2", 290 }, +{ "execve", 59 }, +{ "execveat", 322 }, +{ "exit", 60 }, +{ "exit_group", 231 }, +{ "faccessat", 269 }, +{ "fadvise64", 221 }, +{ "fallocate", 285 }, +{ "fanotify_init", 300 }, +{ "fanotify_mark", 301 }, +{ "fchdir", 81 }, +{ "fchmod", 91 }, +{ "fchmodat", 268 }, +{ "fchown", 93 }, +{ "fchownat", 260 }, +{ "fcntl", 72 }, +{ "fdatasync", 75 }, +{ "fgetxattr", 193 }, +{ "finit_module", 313 }, +{ "flistxattr", 196 }, +{ "flock", 73 }, +{ "fork", 57 }, +{ "fremovexattr", 199 }, +{ "fsconfig", 431 }, +{ "fsetxattr", 190 }, +{ "fsmount", 432 }, +{ "fsopen", 430 }, +{ "fspick", 433 }, +{ "fstat", 5 }, +{ "fstatfs", 138 }, +{ "fsync", 74 }, +{ "ftruncate", 77 }, +{ "futex", 202 }, +{ "futimesat", 261 }, +{ "get_kernel_syms", 177 }, +{ "get_mempolicy", 239 }, +{ "get_robust_list", 274 }, +{ "get_thread_area", 211 }, +{ "getcpu", 309 }, +{ "getcwd", 79 }, +{ "getdents", 78 }, +{ "getdents64", 217 }, +{ "getegid", 108 }, +{ "geteuid", 107 }, +{ "getgid", 104 }, +{ "getgroups", 115 }, +{ "getitimer", 36 }, +{ "getpeername", 52 }, +{ "getpgid", 121 }, +{ "getpgrp", 111 }, +{ "getpid", 39 }, +{ "getpmsg", 181 }, +{ "getppid", 110 }, +{ "getpriority", 140 }, +{ "getrandom", 318 }, +{ "getresgid", 120 }, +{ "getresuid", 118 }, +{ "getrlimit", 97 }, +{ "getrusage", 98 }, +{ "getsid", 124 }, +{ "getsockname", 51 }, +{ "getsockopt", 55 }, +{ "gettid", 186 }, +{ "gettimeofday", 96 }, +{ "getuid", 102 }, +{ "getxattr", 191 }, +{ "init_module", 175 }, +{ "inotify_add_watch", 254 }, +{ "inotify_init", 253 }, +{ "inotify_init1", 294 }, +{ "inotify_rm_watch", 255 }, +{ "io_cancel", 210 }, +{ "io_destroy", 207 }, +{ "io_getevents", 208 }, +{ "io_pgetevents", 333 }, +{ "io_setup", 206 }, +{ "io_submit", 209 }, +{ "io_uring_enter", 426 }, +{ "io_uring_register", 427 }, +{ "io_uring_setup", 425 }, +{ "ioctl", 16 }, +{ "ioperm", 173 }, +{ "iopl", 172 }, +{ "ioprio_get", 252 }, +{ "ioprio_set", 251 }, +{ "kcmp", 312 }, +{ "kexec_file_load", 320 }, +{ "kexec_load", 246 }, +{ "keyctl", 250 }, +{ "kill", 62 }, +{ "lchown", 94 }, +{ "lgetxattr", 192 }, +{ "link", 86 }, +{ "linkat", 265 }, +{ "listen", 50 }, +{ "listxattr", 194 }, +{ "llistxattr", 195 }, +{ "lookup_dcookie", 212 }, +{ "lremovexattr", 198 }, +{ "lseek", 8 }, +{ "lsetxattr", 189 }, +{ "lstat", 6 }, +{ "madvise", 28 }, +{ "mbind", 237 }, +{ "membarrier", 324 }, +{ "memfd_create", 319 }, +{ "migrate_pages", 256 }, +{ "mincore", 27 }, +{ "mkdir", 83 }, +{ "mkdirat", 258 }, +{ "mknod", 133 }, +{ "mknodat", 259 }, +{ "mlock", 149 }, +{ "mlock2", 325 }, +{ "mlockall", 151 }, +{ "mmap", 9 }, +{ "modify_ldt", 154 }, +{ "mount", 165 }, +{ "move_mount", 429 }, +{ "move_pages", 279 }, +{ "mprotect", 10 }, +{ "mq_getsetattr", 245 }, +{ "mq_notify", 244 }, +{ "mq_open", 240 }, +{ "mq_timedreceive", 243 }, +{ "mq_timedsend", 242 }, +{ "mq_unlink", 241 }, +{ "mremap", 25 }, +{ "msgctl", 71 }, +{ "msgget", 68 }, +{ "msgrcv", 70 }, +{ "msgsnd", 69 }, +{ "msync", 26 }, +{ "munlock", 150 }, +{ "munlockall", 152 }, +{ "munmap", 11 }, +{ "name_to_handle_at", 303 }, +{ "nanosleep", 35 }, +{ "newfstatat", 262 }, +{ "nfsservctl", 180 }, +{ "open", 2 }, +{ "open_by_handle_at", 304 }, +{ "open_tree", 428 }, +{ "openat", 257 }, +{ "pause", 34 }, +{ "perf_event_open", 298 }, +{ "personality", 135 }, +{ "pidfd_open", 434 }, +{ "pidfd_send_signal", 424 }, +{ "pipe", 22 }, +{ "pipe2", 293 }, +{ "pivot_root", 155 }, +{ "pkey_alloc", 330 }, +{ "pkey_free", 331 }, +{ "pkey_mprotect", 329 }, +{ "poll", 7 }, +{ "ppoll", 271 }, +{ "prctl", 157 }, +{ "pread64", 17 }, +{ "preadv", 295 }, +{ "preadv2", 327 }, +{ "prlimit64", 302 }, +{ "process_vm_readv", 310 }, +{ "process_vm_writev", 311 }, +{ "pselect6", 270 }, +{ "ptrace", 101 }, +{ "putpmsg", 182 }, +{ "pwrite64", 18 }, +{ "pwritev", 296 }, +{ "pwritev2", 328 }, +{ "query_module", 178 }, +{ "quotactl", 179 }, +{ "read", 0 }, +{ "readahead", 187 }, +{ "readlink", 89 }, +{ "readlinkat", 267 }, +{ "readv", 19 }, +{ "reboot", 169 }, +{ "recvfrom", 45 }, +{ "recvmmsg", 299 }, +{ "recvmsg", 47 }, +{ "remap_file_pages", 216 }, +{ "removexattr", 197 }, +{ "rename", 82 }, +{ "renameat", 264 }, +{ "renameat2", 316 }, +{ "request_key", 249 }, +{ "restart_syscall", 219 }, +{ "rmdir", 84 }, +{ "rseq", 334 }, +{ "rt_sigaction", 13 }, +{ "rt_sigpending", 127 }, +{ "rt_sigprocmask", 14 }, +{ "rt_sigqueueinfo", 129 }, +{ "rt_sigreturn", 15 }, +{ "rt_sigsuspend", 130 }, +{ "rt_sigtimedwait", 128 }, +{ "rt_tgsigqueueinfo", 297 }, +{ "sched_get_priority_max", 146 }, +{ "sched_get_priority_min", 147 }, +{ "sched_getaffinity", 204 }, +{ "sched_getattr", 315 }, +{ "sched_getparam", 143 }, +{ "sched_getscheduler", 145 }, +{ "sched_rr_get_interval", 148 }, +{ "sched_setaffinity", 203 }, +{ "sched_setattr", 314 }, +{ "sched_setparam", 142 }, +{ "sched_setscheduler", 144 }, +{ "sched_yield", 24 }, +{ "seccomp", 317 }, +{ "security", 185 }, +{ "select", 23 }, +{ "semctl", 66 }, +{ "semget", 64 }, +{ "semop", 65 }, +{ "semtimedop", 220 }, +{ "sendfile", 40 }, +{ "sendmmsg", 307 }, +{ "sendmsg", 46 }, +{ "sendto", 44 }, +{ "set_mempolicy", 238 }, +{ "set_robust_list", 273 }, +{ "set_thread_area", 205 }, +{ "set_tid_address", 218 }, +{ "setdomainname", 171 }, +{ "setfsgid", 123 }, +{ "setfsuid", 122 }, +{ "setgid", 106 }, +{ "setgroups", 116 }, +{ "sethostname", 170 }, +{ "setitimer", 38 }, +{ "setns", 308 }, +{ "setpgid", 109 }, +{ "setpriority", 141 }, +{ "setregid", 114 }, +{ "setresgid", 119 }, +{ "setresuid", 117 }, +{ "setreuid", 113 }, +{ "setrlimit", 160 }, +{ "setsid", 112 }, +{ "setsockopt", 54 }, +{ "settimeofday", 164 }, +{ "setuid", 105 }, +{ "setxattr", 188 }, +{ "shmat", 30 }, +{ "shmctl", 31 }, +{ "shmdt", 67 }, +{ "shmget", 29 }, +{ "shutdown", 48 }, +{ "sigaltstack", 131 }, +{ "signalfd", 282 }, +{ "signalfd4", 289 }, +{ "socket", 41 }, +{ "socketpair", 53 }, +{ "splice", 275 }, +{ "stat", 4 }, +{ "statfs", 137 }, +{ "statx", 332 }, +{ "swapoff", 168 }, +{ "swapon", 167 }, +{ "symlink", 88 }, +{ "symlinkat", 266 }, +{ "sync", 162 }, +{ "sync_file_range", 277 }, +{ "syncfs", 306 }, +{ "sysfs", 139 }, +{ "sysinfo", 99 }, +{ "syslog", 103 }, +{ "tee", 276 }, +{ "tgkill", 234 }, +{ "time", 201 }, +{ "timer_create", 222 }, +{ "timer_delete", 226 }, +{ "timer_getoverrun", 225 }, +{ "timer_gettime", 224 }, +{ "timer_settime", 223 }, +{ "timerfd_create", 283 }, +{ "timerfd_gettime", 287 }, +{ "timerfd_settime", 286 }, +{ "times", 100 }, +{ "tkill", 200 }, +{ "truncate", 76 }, +{ "tuxcall", 184 }, +{ "umask", 95 }, +{ "umount2", 166 }, +{ "uname", 63 }, +{ "unlink", 87 }, +{ "unlinkat", 263 }, +{ "unshare", 272 }, +{ "uselib", 134 }, +{ "userfaultfd", 323 }, +{ "ustat", 136 }, +{ "utime", 132 }, +{ "utimensat", 280 }, +{ "utimes", 235 }, +{ "vfork", 58 }, +{ "vhangup", 153 }, +{ "vmsplice", 278 }, +{ "vserver", 236 }, +{ "wait4", 61 }, +{ "waitid", 247 }, +{ "write", 1 }, +{ "writev", 20 }, diff --git a/src/lib/errno.c b/src/lib/errno.c new file mode 100644 index 000000000..d38c197ad --- /dev/null +++ b/src/lib/errno.c @@ -0,0 +1,206 @@ +/* + * Copyright (C) 2014-2020 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ +#include "../include/syscall.h" + +#include +#include +#include +//#include + +typedef struct { + char *name; + int nr; +} ErrnoEntry; + +static ErrnoEntry errnolist[] = { +// +// code generated using tools/extract-errnos +// + {"EPERM", EPERM}, + {"ENOENT", ENOENT}, + {"ESRCH", ESRCH}, + {"EINTR", EINTR}, + {"EIO", EIO}, + {"ENXIO", ENXIO}, + {"E2BIG", E2BIG}, + {"ENOEXEC", ENOEXEC}, + {"EBADF", EBADF}, + {"ECHILD", ECHILD}, + {"EAGAIN", EAGAIN}, + {"ENOMEM", ENOMEM}, + {"EACCES", EACCES}, + {"EFAULT", EFAULT}, + {"ENOTBLK", ENOTBLK}, + {"EBUSY", EBUSY}, + {"EEXIST", EEXIST}, + {"EXDEV", EXDEV}, + {"ENODEV", ENODEV}, + {"ENOTDIR", ENOTDIR}, + {"EISDIR", EISDIR}, + {"EINVAL", EINVAL}, + {"ENFILE", ENFILE}, + {"EMFILE", EMFILE}, + {"ENOTTY", ENOTTY}, + {"ETXTBSY", ETXTBSY}, + {"EFBIG", EFBIG}, + {"ENOSPC", ENOSPC}, + {"ESPIPE", ESPIPE}, + {"EROFS", EROFS}, + {"EMLINK", EMLINK}, + {"EPIPE", EPIPE}, + {"EDOM", EDOM}, + {"ERANGE", ERANGE}, + {"EDEADLK", EDEADLK}, + {"ENAMETOOLONG", ENAMETOOLONG}, + {"ENOLCK", ENOLCK}, + {"ENOSYS", ENOSYS}, + {"ENOTEMPTY", ENOTEMPTY}, + {"ELOOP", ELOOP}, + {"EWOULDBLOCK", EWOULDBLOCK}, + {"ENOMSG", ENOMSG}, + {"EIDRM", EIDRM}, + {"ECHRNG", ECHRNG}, + {"EL2NSYNC", EL2NSYNC}, + {"EL3HLT", EL3HLT}, + {"EL3RST", EL3RST}, + {"ELNRNG", ELNRNG}, + {"EUNATCH", EUNATCH}, + {"ENOCSI", ENOCSI}, + {"EL2HLT", EL2HLT}, + {"EBADE", EBADE}, + {"EBADR", EBADR}, + {"EXFULL", EXFULL}, + {"ENOANO", ENOANO}, + {"EBADRQC", EBADRQC}, + {"EBADSLT", EBADSLT}, + {"EDEADLOCK", EDEADLOCK}, + {"EBFONT", EBFONT}, + {"ENOSTR", ENOSTR}, + {"ENODATA", ENODATA}, + {"ETIME", ETIME}, + {"ENOSR", ENOSR}, + {"ENONET", ENONET}, + {"ENOPKG", ENOPKG}, + {"EREMOTE", EREMOTE}, + {"ENOLINK", ENOLINK}, + {"EADV", EADV}, + {"ESRMNT", ESRMNT}, + {"ECOMM", ECOMM}, + {"EPROTO", EPROTO}, + {"EMULTIHOP", EMULTIHOP}, + {"EDOTDOT", EDOTDOT}, + {"EBADMSG", EBADMSG}, + {"EOVERFLOW", EOVERFLOW}, + {"ENOTUNIQ", ENOTUNIQ}, + {"EBADFD", EBADFD}, + {"EREMCHG", EREMCHG}, + {"ELIBACC", ELIBACC}, + {"ELIBBAD", ELIBBAD}, + {"ELIBSCN", ELIBSCN}, + {"ELIBMAX", ELIBMAX}, + {"ELIBEXEC", ELIBEXEC}, + {"EILSEQ", EILSEQ}, + {"ERESTART", ERESTART}, + {"ESTRPIPE", ESTRPIPE}, + {"EUSERS", EUSERS}, + {"ENOTSOCK", ENOTSOCK}, + {"EDESTADDRREQ", EDESTADDRREQ}, + {"EMSGSIZE", EMSGSIZE}, + {"EPROTOTYPE", EPROTOTYPE}, + {"ENOPROTOOPT", ENOPROTOOPT}, + {"EPROTONOSUPPORT", EPROTONOSUPPORT}, + {"ESOCKTNOSUPPORT", ESOCKTNOSUPPORT}, + {"EOPNOTSUPP", EOPNOTSUPP}, + {"EPFNOSUPPORT", EPFNOSUPPORT}, + {"EAFNOSUPPORT", EAFNOSUPPORT}, + {"EADDRINUSE", EADDRINUSE}, + {"EADDRNOTAVAIL", EADDRNOTAVAIL}, + {"ENETDOWN", ENETDOWN}, + {"ENETUNREACH", ENETUNREACH}, + {"ENETRESET", ENETRESET}, + {"ECONNABORTED", ECONNABORTED}, + {"ECONNRESET", ECONNRESET}, + {"ENOBUFS", ENOBUFS}, + {"EISCONN", EISCONN}, + {"ENOTCONN", ENOTCONN}, + {"ESHUTDOWN", ESHUTDOWN}, + {"ETOOMANYREFS", ETOOMANYREFS}, + {"ETIMEDOUT", ETIMEDOUT}, + {"ECONNREFUSED", ECONNREFUSED}, + {"EHOSTDOWN", EHOSTDOWN}, + {"EHOSTUNREACH", EHOSTUNREACH}, + {"EALREADY", EALREADY}, + {"EINPROGRESS", EINPROGRESS}, + {"ESTALE", ESTALE}, + {"EUCLEAN", EUCLEAN}, + {"ENOTNAM", ENOTNAM}, + {"ENAVAIL", ENAVAIL}, + {"EISNAM", EISNAM}, + {"EREMOTEIO", EREMOTEIO}, + {"EDQUOT", EDQUOT}, + {"ENOMEDIUM", ENOMEDIUM}, + {"EMEDIUMTYPE", EMEDIUMTYPE}, + {"ECANCELED", ECANCELED}, + {"ENOKEY", ENOKEY}, + {"EKEYEXPIRED", EKEYEXPIRED}, + {"EKEYREVOKED", EKEYREVOKED}, + {"EKEYREJECTED", EKEYREJECTED}, + {"EOWNERDEAD", EOWNERDEAD}, + {"ENOTRECOVERABLE", ENOTRECOVERABLE}, + {"ERFKILL", ERFKILL}, + {"EHWPOISON", EHWPOISON}, + {"ENOTSUP", ENOTSUP}, +#ifdef ENOATTR + {"ENOATTR", ENOATTR}, +#endif +}; + +int errno_find_name(const char *name) { + int i; + int elems = sizeof(errnolist) / sizeof(errnolist[0]); + for (i = 0; i < elems; i++) { + if (strcasecmp(name, errnolist[i].name) == 0) + return errnolist[i].nr; + } + + return -1; +} + +char *errno_find_nr(int nr) { + int i; + int elems = sizeof(errnolist) / sizeof(errnolist[0]); + for (i = 0; i < elems; i++) { + if (nr == errnolist[i].nr) + return errnolist[i].name; + } + + return "unknown"; +} + + + +void errno_print(void) { + int i; + int elems = sizeof(errnolist) / sizeof(errnolist[0]); + for (i = 0; i < elems; i++) { + printf("%d\t- %s\n", errnolist[i].nr, errnolist[i].name); + } + printf("\n"); +} diff --git a/src/lib/syscall.c b/src/lib/syscall.c new file mode 100644 index 000000000..1cf7f2d52 --- /dev/null +++ b/src/lib/syscall.c @@ -0,0 +1,1694 @@ +/* + * Copyright (C) 2014-2020 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ +#define _GNU_SOURCE +#include "../include/syscall.h" +#include +#include +#include +#include +#include +#include "../include/common.h" + +typedef struct { + const char * const name; + int nr; +} SyscallEntry; + +typedef struct { + const char * const name; + const char * const list; +} SyscallGroupList; + +typedef struct { + const char *slist; + char *prelist, *postlist; + bool found; + int syscall; +} SyscallCheckList; + +// Native syscalls (64 bit versions for 64 bit arch etc) +static const SyscallEntry syslist[] = { +#if defined(__x86_64__) +// code generated using +// awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h +#include "../include/syscall_x86_64.h" +#elif defined(__i386__) +// awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h +#include "../include/syscall_i386.h" +#else +#warning "Please submit a syscall table for your architecture" +#endif +}; + +// 32 bit syscalls for 64 bit arch +static const SyscallEntry syslist32[] = { +#if defined(__x86_64__) +#include "../include/syscall_i386.h" +// TODO for other 64 bit archs +#elif defined(__i386__) || defined(__arm__) || defined(__powerpc__) +// no secondary arch for 32 bit archs +#endif +}; + +static const SyscallGroupList sysgroups[] = { + { .name = "@aio", .list = +#ifdef SYS_io_cancel + "io_cancel," +#endif +#ifdef SYS_io_destroy + "io_destroy," +#endif +#ifdef SYS_io_getevents + "io_getevents," +#endif +#ifdef SYS_io_pgetevents + "io_pgetevents," +#endif +#ifdef SYS_io_setup + "io_setup," +#endif +#ifdef SYS_io_submit + "io_submit" +#endif + }, + { .name = "@basic-io", .list = +#ifdef SYS__llseek + "_llseek," +#endif +#ifdef SYS_close + "close," +#endif +#ifdef SYS_dup + "dup," +#endif +#ifdef SYS_dup2 + "dup2," +#endif +#ifdef SYS_dup3 + "dup3," +#endif +#ifdef SYS_lseek + "lseek," +#endif +#ifdef SYS_pread64 + "pread64," +#endif +#ifdef SYS_preadv + "preadv," +#endif +#ifdef SYS_preadv2 + "preadv2," +#endif +#ifdef SYS_pwrite64 + "pwrite64," +#endif +#ifdef SYS_pwritev + "pwritev," +#endif +#ifdef SYS_pwritev2 + "pwritev2," +#endif +#ifdef SYS_read + "read," +#endif +#ifdef SYS_readv + "readv," +#endif +#ifdef SYS_write + "write," +#endif +#ifdef SYS_writev + "writev" +#endif + }, + { .name = "@chown", .list = +#ifdef SYS_chown + "chown," +#endif +#ifdef SYS_chown32 + "chown32," +#endif +#ifdef SYS_fchown + "fchown," +#endif +#ifdef SYS_fchown32 + "fchown32," +#endif +#ifdef SYS_fchownat + "fchownat," +#endif +#ifdef SYS_lchown + "lchown," +#endif +#ifdef SYS_lchown32 + "lchown32" +#endif + }, + { .name = "@clock", .list = +#ifdef SYS_adjtimex + "adjtimex," +#endif +#ifdef SYS_clock_adjtime + "clock_adjtime," +#endif +#ifdef SYS_clock_settime + "clock_settime," +#endif +#ifdef SYS_settimeofday + "settimeofday," +#endif +#ifdef SYS_stime + "stime" +#endif + }, + { .name = "@cpu-emulation", .list = +#ifdef SYS_modify_ldt + "modify_ldt," +#endif +#ifdef SYS_subpage_prot + "subpage_prot," +#endif +#ifdef SYS_switch_endian + "switch_endian," +#endif +#ifdef SYS_vm86 + "vm86," +#endif +#ifdef SYS_vm86old + "vm86old" +#endif +#if !defined(SYS_modify_ldt) && !defined(SYS_subpage_prot) && !defined(SYS_switch_endian) && !defined(SYS_vm86) && !defined(SYS_vm86old) + "__dummy_syscall__" // workaround for arm64, s390x and sparc64 which don't have any of above defined and empty syscall lists are not allowed +#endif + }, + { .name = "@debug", .list = +#ifdef SYS_lookup_dcookie + "lookup_dcookie," +#endif +#ifdef SYS_perf_event_open + "perf_event_open," +#endif +#ifdef SYS_process_vm_writev + "process_vm_writev," +#endif +#ifdef SYS_rtas + "rtas," +#endif +#ifdef SYS_s390_runtime_instr + "s390_runtime_instr," +#endif +#ifdef SYS_sys_debug_setcontext + "sys_debug_setcontext," +#endif + }, + { .name = "@default", .list = + "@clock," + "@cpu-emulation," + "@debug," + "@module," + "@obsolete," + "@raw-io," + "@reboot," + "@swap," +#ifdef SYS_open_by_handle_at + "open_by_handle_at," +#endif +#ifdef SYS_name_to_handle_at + "name_to_handle_at," +#endif +#ifdef SYS_ioprio_set + "ioprio_set," +#endif +#ifdef SYS_ni_syscall + "ni_syscall," +#endif +#ifdef SYS_syslog + "syslog," +#endif +#ifdef SYS_fanotify_init + "fanotify_init," +#endif +#ifdef SYS_kcmp + "kcmp," +#endif +#ifdef SYS_add_key + "add_key," +#endif +#ifdef SYS_request_key + "request_key," +#endif +#ifdef SYS_mbind + "mbind," +#endif +#ifdef SYS_migrate_pages + "migrate_pages," +#endif +#ifdef SYS_move_pages + "move_pages," +#endif +#ifdef SYS_keyctl + "keyctl," +#endif +#ifdef SYS_io_setup + "io_setup," +#endif +#ifdef SYS_io_destroy + "io_destroy," +#endif +#ifdef SYS_io_getevents + "io_getevents," +#endif +#ifdef SYS_io_submit + "io_submit," +#endif +#ifdef SYS_io_cancel + "io_cancel," +#endif +#ifdef SYS_remap_file_pages + "remap_file_pages," +#endif +#ifdef SYS_set_mempolicy + "set_mempolicy" +#endif +#ifdef SYS_vmsplice + "vmsplice," +#endif +#ifdef SYS_umount + "umount," +#endif +#ifdef SYS_userfaultfd + "userfaultfd," +#endif +#ifdef SYS_acct + "acct," +#endif +#ifdef SYS_bpf + "bpf," +#endif +#ifdef SYS_chroot + "chroot," +#endif +#ifdef SYS_mount + "mount," +#endif +#ifdef SYS_nfsservctl + "nfsservctl," +#endif +#ifdef SYS_pivot_root + "pivot_root," +#endif +#ifdef SYS_setdomainname + "setdomainname," +#endif +#ifdef SYS_sethostname + "sethostname," +#endif +#ifdef SYS_umount2 + "umount2," +#endif +#ifdef SYS_vhangup + "vhangup" +#endif +//#ifdef SYS_mincore // 0.9.57 - problem fixed in Linux kernel 5.0; on 4.x it will break kodi, mpv, totem +// "mincore" +//#endif + }, + { .name = "@default-nodebuggers", .list = + "@default," +#ifdef SYS_ptrace + "ptrace," +#endif +#ifdef SYS_personality + "personality," +#endif +#ifdef SYS_process_vm_readv + "process_vm_readv" +#endif + }, + { .name = "@default-keep", .list = + "execve," + "prctl" + }, + { .name = "@file-system", .list = +#ifdef SYS_access + "access," +#endif +#ifdef SYS_chdir + "chdir," +#endif +#ifdef SYS_chmod + "chmod," +#endif +#ifdef SYS_close + "close," +#endif +#ifdef SYS_creat + "creat," +#endif +#ifdef SYS_faccessat + "faccessat," +#endif +#ifdef SYS_fallocate + "fallocate," +#endif +#ifdef SYS_fchdir + "fchdir," +#endif +#ifdef SYS_fchmod + "fchmod," +#endif +#ifdef SYS_fchmodat + "fchmodat," +#endif +#ifdef SYS_fcntl + "fcntl," +#endif +#ifdef SYS_fcntl64 + "fcntl64," +#endif +#ifdef SYS_fgetxattr + "fgetxattr," +#endif +#ifdef SYS_flistxattr + "flistxattr," +#endif +#ifdef SYS_fremovexattr + "fremovexattr," +#endif +#ifdef SYS_fsetxattr + "fsetxattr," +#endif +#ifdef SYS_fstat + "fstat," +#endif +#ifdef SYS_fstat64 + "fstat64," +#endif +#ifdef SYS_fstatat64 + "fstatat64," +#endif +#ifdef SYS_fstatfs + "fstatfs," +#endif +#ifdef SYS_fstatfs64 + "fstatfs64," +#endif +#ifdef SYS_ftruncate + "ftruncate," +#endif +#ifdef SYS_ftruncate64 + "ftruncate64," +#endif +#ifdef SYS_futimesat + "futimesat," +#endif +#ifdef SYS_getcwd + "getcwd," +#endif +#ifdef SYS_getdents + "getdents," +#endif +#ifdef SYS_getdents64 + "getdents64," +#endif +#ifdef SYS_getxattr + "getxattr," +#endif +#ifdef SYS_inotify_add_watch + "inotify_add_watch," +#endif +#ifdef SYS_inotify_init + "inotify_init," +#endif +#ifdef SYS_inotify_init1 + "inotify_init1," +#endif +#ifdef SYS_inotify_rm_watch + "inotify_rm_watch," +#endif +#ifdef SYS_lgetxattr + "lgetxattr," +#endif +#ifdef SYS_link + "link," +#endif +#ifdef SYS_linkat + "linkat," +#endif +#ifdef SYS_listxattr + "listxattr," +#endif +#ifdef SYS_llistxattr + "llistxattr," +#endif +#ifdef SYS_lremovexattr + "lremovexattr," +#endif +#ifdef SYS_lsetxattr + "lsetxattr," +#endif +#ifdef SYS_lstat + "lstat," +#endif +#ifdef SYS_lstat64 + "lstat64," +#endif +#ifdef SYS_mkdir + "mkdir," +#endif +#ifdef SYS_mkdirat + "mkdirat," +#endif +#ifdef SYS_mknod + "mknod," +#endif +#ifdef SYS_mknodat + "mknodat," +#endif +#ifdef SYS_mmap + "mmap," +#endif +#ifdef SYS_mmap2 + "mmap2," +#endif +#ifdef SYS_munmap + "munmap," +#endif +#ifdef SYS_newfstatat + "newfstatat," +#endif +#ifdef SYS_oldfstat + "oldfstat," +#endif +#ifdef SYS_oldlstat + "oldlstat," +#endif +#ifdef SYS_oldstat + "oldstat," +#endif +#ifdef SYS_open + "open," +#endif +#ifdef SYS_openat + "openat," +#endif +#ifdef SYS_readlink + "readlink," +#endif +#ifdef SYS_readlinkat + "readlinkat," +#endif +#ifdef SYS_removexattr + "removexattr," +#endif +#ifdef SYS_rename + "rename," +#endif +#ifdef SYS_renameat + "renameat," +#endif +#ifdef SYS_renameat2 + "renameat2," +#endif +#ifdef SYS_rmdir + "rmdir," +#endif +#ifdef SYS_setxattr + "setxattr," +#endif +#ifdef SYS_stat + "stat," +#endif +#ifdef SYS_stat64 + "stat64," +#endif +#ifdef SYS_statfs + "statfs," +#endif +#ifdef SYS_statfs64 + "statfs64," +#endif +#ifdef SYS_statx + "statx," +#endif +#ifdef SYS_symlink + "symlink," +#endif +#ifdef SYS_symlinkat + "symlinkat," +#endif +#ifdef SYS_truncate + "truncate," +#endif +#ifdef SYS_truncate64 + "truncate64," +#endif +#ifdef SYS_unlink + "unlink," +#endif +#ifdef SYS_unlinkat + "unlinkat," +#endif +#ifdef SYS_utime + "utime," +#endif +#ifdef SYS_utimensat + "utimensat," +#endif +#ifdef SYS_utimes + "utimes" +#endif + }, + { .name = "@io-event", .list = +#ifdef SYS__newselect + "_newselect," +#endif +#ifdef SYS_epoll_create + "epoll_create," +#endif +#ifdef SYS_epoll_create1 + "epoll_create1," +#endif +#ifdef SYS_epoll_ctl + "epoll_ctl," +#endif +#ifdef SYS_epoll_ctl_old + "epoll_ctl_old," +#endif +#ifdef SYS_epoll_pwait + "epoll_pwait," +#endif +#ifdef SYS_epoll_wait + "epoll_wait," +#endif +#ifdef SYS_epoll_wait_old + "epoll_wait_old," +#endif +#ifdef SYS_eventfd + "eventfd," +#endif +#ifdef SYS_eventfd2 + "eventfd2," +#endif +#ifdef SYS_poll + "poll," +#endif +#ifdef SYS_ppoll + "ppoll," +#endif +#ifdef SYS_pselect6 + "pselect6," +#endif +#ifdef SYS_select + "select" +#endif + }, + { .name = "@ipc", .list = +#ifdef SYS_ipc + "ipc," +#endif +#ifdef SYS_memfd_create + "memfd_create," +#endif +#ifdef SYS_mq_getsetattr + "mq_getsetattr," +#endif +#ifdef SYS_mq_notify + "mq_notify," +#endif +#ifdef SYS_mq_open + "mq_open," +#endif +#ifdef SYS_mq_timedreceive + "mq_timedreceive," +#endif +#ifdef SYS_mq_timedsend + "mq_timedsend," +#endif +#ifdef SYS_mq_unlink + "mq_unlink," +#endif +#ifdef SYS_msgctl + "msgctl," +#endif +#ifdef SYS_msgget + "msgget," +#endif +#ifdef SYS_msgrcv + "msgrcv," +#endif +#ifdef SYS_msgsnd + "msgsnd," +#endif +#ifdef SYS_pipe + "pipe," +#endif +#ifdef SYS_pipe2 + "pipe2," +#endif +#ifdef SYS_process_vm_readv + "process_vm_readv," +#endif +#ifdef SYS_process_vm_writev + "process_vm_writev," +#endif +#ifdef SYS_semctl + "semctl," +#endif +#ifdef SYS_semget + "semget," +#endif +#ifdef SYS_semop + "semop," +#endif +#ifdef SYS_semtimedop + "semtimedop," +#endif +#ifdef SYS_shmat + "shmat," +#endif +#ifdef SYS_shmctl + "shmctl," +#endif +#ifdef SYS_shmdt + "shmdt," +#endif +#ifdef SYS_shmget + "shmget" +#endif + }, + { .name = "@keyring", .list = +#ifdef SYS_add_key + "add_key," +#endif +#ifdef SYS_keyctl + "keyctl," +#endif +#ifdef SYS_request_key + "request_key" +#endif + }, + { .name = "@memlock", .list = +#ifdef SYS_mlock + "mlock," +#endif +#ifdef SYS_mlock2 + "mlock2," +#endif +#ifdef SYS_mlockall + "mlockall," +#endif +#ifdef SYS_munlock + "munlock," +#endif +#ifdef SYS_munlockall + "munlockall" +#endif + }, + { .name = "@module", .list = +#ifdef SYS_delete_module + "delete_module," +#endif +#ifdef SYS_finit_module + "finit_module," +#endif +#ifdef SYS_init_module + "init_module" +#endif + }, + { .name = "@mount", .list = +#ifdef SYS_chroot + "chroot," +#endif +#ifdef SYS_mount + "mount," +#endif +#ifdef SYS_pivot_root + "pivot_root," +#endif +#ifdef SYS_umount + "umount," +#endif +#ifdef SYS_umount2 + "umount2" +#endif + }, + { .name = "@network-io", .list = +#ifdef SYS_accept + "accept," +#endif +#ifdef SYS_accept4 + "accept4," +#endif +#ifdef SYS_bind + "bind," +#endif +#ifdef SYS_connect + "connect," +#endif +#ifdef SYS_getpeername + "getpeername," +#endif +#ifdef SYS_getsockname + "getsockname," +#endif +#ifdef SYS_getsockopt + "getsockopt," +#endif +#ifdef SYS_listen + "listen," +#endif +#ifdef SYS_recv + "recv," +#endif +#ifdef SYS_recvfrom + "recvfrom," +#endif +#ifdef SYS_recvmmsg + "recvmmsg," +#endif +#ifdef SYS_recvmsg + "recvmsg," +#endif +#ifdef SYS_send + "send," +#endif +#ifdef SYS_sendmmsg + "sendmmsg," +#endif +#ifdef SYS_sendmsg + "sendmsg," +#endif +#ifdef SYS_sendto + "sendto," +#endif +#ifdef SYS_setsockopt + "setsockopt," +#endif +#ifdef SYS_shutdown + "shutdown," +#endif +#ifdef SYS_socket + "socket," +#endif +#ifdef SYS_socketcall + "socketcall," +#endif +#ifdef SYS_socketpair + "socketpair" +#endif + }, + { .name = "@obsolete", .list = +#ifdef SYS__sysctl + "_sysctl," +#endif +#ifdef SYS_afs_syscall + "afs_syscall," +#endif +#ifdef SYS_bdflush + "bdflush," +#endif +#ifdef SYS_break + "break," +#endif +#ifdef SYS_create_module + "create_module," +#endif +#ifdef SYS_ftime + "ftime," +#endif +#ifdef SYS_get_kernel_syms + "get_kernel_syms," +#endif +#ifdef SYS_getpmsg + "getpmsg," +#endif +#ifdef SYS_gtty + "gtty," +#endif +#ifdef SYS_idle + "idle," +#endif +#ifdef SYS_lock + "lock," +#endif +#ifdef SYS_mpx + "mpx," +#endif +#ifdef SYS_prof + "prof," +#endif +#ifdef SYS_profil + "profil," +#endif +#ifdef SYS_putpmsg + "putpmsg," +#endif +#ifdef SYS_query_module + "query_module," +#endif +#ifdef SYS_security + "security," +#endif +#ifdef SYS_sgetmask + "sgetmask," +#endif +#ifdef SYS_ssetmask + "ssetmask," +#endif +#ifdef SYS_stty + "stty," +#endif +#ifdef SYS_sysfs + "sysfs," +#endif +#ifdef SYS_tuxcall + "tuxcall," +#endif +#ifdef SYS_ulimit + "ulimit," +#endif +#ifdef SYS_uselib + "uselib," +#endif +#ifdef SYS_ustat + "ustat," +#endif +#ifdef SYS_vserver + "vserver" +#endif +#if !defined(SYS__sysctl) && !defined(SYS_afs_syscall) && !defined(SYS_bdflush) && !defined(SYS_break) && !defined(SYS_create_module) && !defined(SYS_ftime) && !defined(SYS_get_kernel_syms) && !defined(SYS_getpmsg) && !defined(SYS_gtty) && !defined(SYS_lock) && !defined(SYS_mpx) && !defined(SYS_prof) && !defined(SYS_profil) && !defined(SYS_putpmsg) && !defined(SYS_query_module) && !defined(SYS_security) && !defined(SYS_sgetmask) && !defined(SYS_ssetmask) && !defined(SYS_stty) && !defined(SYS_sysfs) && !defined(SYS_tuxcall) && !defined(SYS_ulimit) && !defined(SYS_uselib) && !defined(SYS_ustat) && !defined(SYS_vserver) + "__dummy_syscall__" // workaround for arm64 which doesn't have any of above defined and empty syscall lists are not allowed +#endif + }, + { .name = "@privileged", .list = + "@chown," + "@clock," + "@module," + "@raw-io," + "@reboot," + "@swap," +#ifdef SYS__sysctl + "_sysctl," +#endif +#ifdef SYS_acct + "acct," +#endif +#ifdef SYS_bpf + "bpf," +#endif +#ifdef SYS_capset + "capset," +#endif +#ifdef SYS_chroot + "chroot," +#endif +#ifdef SYS_fanotify_init + "fanotify_init," +#endif +#ifdef SYS_mount + "mount," +#endif +#ifdef SYS_nfsservctl + "nfsservctl," +#endif +#ifdef SYS_open_by_handle_at + "open_by_handle_at," +#endif +#ifdef SYS_pivot_root + "pivot_root," +#endif +#ifdef SYS_quotactl + "quotactl," +#endif +#ifdef SYS_setdomainname + "setdomainname," +#endif +#ifdef SYS_setfsuid + "setfsuid," +#endif +#ifdef SYS_setfsuid32 + "setfsuid32," +#endif +#ifdef SYS_setgroups + "setgroups," +#endif +#ifdef SYS_setgroups32 + "setgroups32," +#endif +#ifdef SYS_sethostname + "sethostname," +#endif +#ifdef SYS_setresuid + "setresuid," +#endif +#ifdef SYS_setresuid32 + "setresuid32," +#endif +#ifdef SYS_setreuid + "setreuid," +#endif +#ifdef SYS_setreuid32 + "setreuid32," +#endif +#ifdef SYS_setuid + "setuid," +#endif +#ifdef SYS_setuid32 + "setuid32," +#endif +#ifdef SYS_umount2 + "umount2," +#endif +#ifdef SYS_vhangup + "vhangup" +#endif + }, + { .name = "@process", .list = +#ifdef SYS_arch_prctl + "arch_prctl," +#endif +#ifdef SYS_capget + "capget," +#endif +#ifdef SYS_clone + "clone," +#endif +#ifdef SYS_execveat + "execveat," +#endif +#ifdef SYS_fork + "fork," +#endif +#ifdef SYS_getrusage + "getrusage," +#endif +#ifdef SYS_kill + "kill," +#endif +#ifdef SYS_pidfd_send_signal + "pidfd_send_signal," +#endif +#ifdef SYS_prctl + "prctl," +#endif +#ifdef SYS_rt_sigqueueinfo + "rt_sigqueueinfo," +#endif +#ifdef SYS_rt_tgsigqueueinfo + "rt_tgsigqueueinfo," +#endif +#ifdef SYS_setns + "setns," +#endif +#ifdef SYS_swapcontext + "swapcontext," +#endif +#ifdef SYS_tgkill + "tgkill," +#endif +#ifdef SYS_times + "times," +#endif +#ifdef SYS_tkill + "tkill," +#endif +#ifdef SYS_unshare + "unshare," +#endif +#ifdef SYS_vfork + "vfork," +#endif +#ifdef SYS_wait4 + "wait4," +#endif +#ifdef SYS_waitid + "waitid," +#endif +#ifdef SYS_waitpid + "waitpid" +#endif + }, + { .name = "@raw-io", .list = +#ifdef SYS_ioperm + "ioperm," +#endif +#ifdef SYS_iopl + "iopl," +#endif +#ifdef SYS_pciconfig_iobase + "pciconfig_iobase," +#endif +#ifdef SYS_pciconfig_read + "pciconfig_read," +#endif +#ifdef SYS_pciconfig_write + "pciconfig_write," +#endif +#ifdef SYS_s390_mmio_read + "s390_mmio_read," +#endif +#ifdef SYS_s390_mmio_write + "s390_mmio_write" +#endif +#if !defined(SYS_ioperm) && !defined(SYS_iopl) && !defined(SYS_pciconfig_iobase) && !defined(SYS_pciconfig_read) && !defined(SYS_pciconfig_write) && !defined(SYS_s390_mmio_read) && !defined(SYS_s390_mmio_write) + "__dummy_syscall__" // workaround for s390x which doesn't have any of above defined and empty syscall lists are not allowed +#endif + }, + { .name = "@reboot", .list = +#ifdef SYS_kexec_load + "kexec_load," +#endif +#ifdef SYS_kexec_file_load + "kexec_file_load," +#endif +#ifdef SYS_reboot + "reboot," +#endif + }, + { .name = "@resources", .list = +#ifdef SYS_ioprio_set + "ioprio_set," +#endif +#ifdef SYS_mbind + "mbind," +#endif +#ifdef SYS_migrate_pages + "migrate_pages," +#endif +#ifdef SYS_move_pages + "move_pages," +#endif +#ifdef SYS_nice + "nice," +#endif +#ifdef SYS_sched_setaffinity + "sched_setaffinity," +#endif +#ifdef SYS_sched_setattr + "sched_setattr," +#endif +#ifdef SYS_sched_setparam + "sched_setparam," +#endif +#ifdef SYS_sched_setscheduler + "sched_setscheduler," +#endif +#ifdef SYS_set_mempolicy + "set_mempolicy" +#endif + }, + { .name = "@setuid", .list = +#ifdef SYS_setgid + "setgid," +#endif +#ifdef SYS_setgid32 + "setgid32," +#endif +#ifdef SYS_setgroups + "setgroups," +#endif +#ifdef SYS_setgroups32 + "setgroups32," +#endif +#ifdef SYS_setregid + "setregid," +#endif +#ifdef SYS_setregid32 + "setregid32," +#endif +#ifdef SYS_setresgid + "setresgid," +#endif +#ifdef SYS_setresgid32 + "setresgid32," +#endif +#ifdef SYS_setresuid + "setresuid," +#endif +#ifdef SYS_setresuid32 + "setresuid32," +#endif +#ifdef SYS_setreuid + "setreuid," +#endif +#ifdef SYS_setreuid32 + "setreuid32," +#endif +#ifdef SYS_setuid + "setuid," +#endif +#ifdef SYS_setuid32 + "setuid32" +#endif + }, + { .name = "@signal", .list = +#ifdef SYS_rt_sigaction + "rt_sigaction," +#endif +#ifdef SYS_rt_sigpending + "rt_sigpending," +#endif +#ifdef SYS_rt_sigprocmask + "rt_sigprocmask," +#endif +#ifdef SYS_rt_sigsuspend + "rt_sigsuspend," +#endif +#ifdef SYS_rt_sigtimedwait + "rt_sigtimedwait," +#endif +#ifdef SYS_sigaction + "sigaction," +#endif +#ifdef SYS_sigaltstack + "sigaltstack," +#endif +#ifdef SYS_signal + "signal," +#endif +#ifdef SYS_signalfd + "signalfd," +#endif +#ifdef SYS_signalfd4 + "signalfd4," +#endif +#ifdef SYS_sigpending + "sigpending," +#endif +#ifdef SYS_sigprocmask + "sigprocmask," +#endif +#ifdef SYS_sigsuspend + "sigsuspend" +#endif + }, + { .name = "@swap", .list = +#ifdef SYS_swapon + "swapon," +#endif +#ifdef SYS_swapoff + "swapoff" +#endif + }, + { .name = "@sync", .list = +#ifdef SYS_fdatasync + "fdatasync," +#endif +#ifdef SYS_fsync + "fsync," +#endif +#ifdef SYS_msync + "msync," +#endif +#ifdef SYS_sync + "sync," +#endif +#ifdef SYS_sync_file_range + "sync_file_range," +#endif +#ifdef SYS_sync_file_range2 + "sync_file_range2," +#endif +#ifdef SYS_syncfs + "syncfs" +#endif + }, + { .name = "@system-service", .list = + "@aio," + "@basic-io," + "@chown," + "@default," + "@file-system," + "@io-event," + "@ipc," + "@keyring," + "@memlock," + "@network-io," + "@process," + "@resources," + "@setuid," + "@signal," + "@sync," + "@timer," +#ifdef SYS_brk + "brk," +#endif +#ifdef SYS_capget + "capget," +#endif +#ifdef SYS_capset + "capset," +#endif +#ifdef SYS_copy_file_range + "copy_file_range," +#endif +#ifdef SYS_fadvise64 + "fadvise64," +#endif +#ifdef SYS_fadvise64_64 + "fadvise64_64," +#endif +#ifdef SYS_flock + "flock," +#endif +#ifdef SYS_get_mempolicy + "get_mempolicy," +#endif +#ifdef SYS_getcpu + "getcpu," +#endif +#ifdef SYS_getpriority + "getpriority," +#endif +#ifdef SYS_getrandom + "getrandom," +#endif +#ifdef SYS_ioctl + "ioctl," +#endif +#ifdef SYS_ioprio_get + "ioprio_get," +#endif +#ifdef SYS_kcmp + "kcmp," +#endif +#ifdef SYS_madvise + "madvise," +#endif +#ifdef SYS_mprotect + "mprotect," +#endif +#ifdef SYS_mremap + "mremap," +#endif +#ifdef SYS_name_to_handle_at + "name_to_handle_at," +#endif +#ifdef SYS_oldolduname + "oldolduname," +#endif +#ifdef SYS_olduname + "olduname," +#endif +#ifdef SYS_personality + "personality," +#endif +#ifdef SYS_readahead + "readahead," +#endif +#ifdef SYS_readdir + "readdir," +#endif +#ifdef SYS_remap_file_pages + "remap_file_pages," +#endif +#ifdef SYS_sched_get_priority_max + "sched_get_priority_max," +#endif +#ifdef SYS_sched_get_priority_min + "sched_get_priority_min," +#endif +#ifdef SYS_sched_getaffinity + "sched_getaffinity," +#endif +#ifdef SYS_sched_getattr + "sched_getattr," +#endif +#ifdef SYS_sched_getparam + "sched_getparam," +#endif +#ifdef SYS_sched_getscheduler + "sched_getscheduler," +#endif +#ifdef SYS_sched_rr_get_interval + "sched_rr_get_interval," +#endif +#ifdef SYS_sched_yield + "sched_yield," +#endif +#ifdef SYS_sendfile + "sendfile," +#endif +#ifdef SYS_sendfile64 + "sendfile64," +#endif +#ifdef SYS_setfsgid + "setfsgid," +#endif +#ifdef SYS_setfsgid32 + "setfsgid32," +#endif +#ifdef SYS_setfsuid + "setfsuid," +#endif +#ifdef SYS_setfsuid32 + "setfsuid32," +#endif +#ifdef SYS_setpgid + "setpgid," +#endif +#ifdef SYS_setsid + "setsid," +#endif +#ifdef SYS_splice + "splice," +#endif +#ifdef SYS_sysinfo + "sysinfo," +#endif +#ifdef SYS_tee + "tee," +#endif +#ifdef SYS_umask + "umask," +#endif +#ifdef SYS_uname + "uname," +#endif +#ifdef SYS_userfaultfd + "userfaultfd," +#endif +#ifdef SYS_vmsplice + "vmsplice" +#endif + }, + { .name = "@timer", .list = +#ifdef SYS_alarm + "alarm," +#endif +#ifdef SYS_getitimer + "getitimer," +#endif +#ifdef SYS_setitimer + "setitimer," +#endif +#ifdef SYS_timer_create + "timer_create," +#endif +#ifdef SYS_timer_delete + "timer_delete," +#endif +#ifdef SYS_timer_getoverrun + "timer_getoverrun," +#endif +#ifdef SYS_timer_gettime + "timer_gettime," +#endif +#ifdef SYS_timer_settime + "timer_settime," +#endif +#ifdef SYS_timerfd_create + "timerfd_create," +#endif +#ifdef SYS_timerfd_gettime + "timerfd_gettime," +#endif +#ifdef SYS_timerfd_settime + "timerfd_settime," +#endif +#ifdef SYS_times + "times" +#endif + } +}; + +// return -1 if error, or syscall number +static int syscall_find_name(const char *name) { + int i; + int elems = sizeof(syslist) / sizeof(syslist[0]); + for (i = 0; i < elems; i++) { + if (strcmp(name, syslist[i].name) == 0) + return syslist[i].nr; + } + + return -1; +} + +static int syscall_find_name_32(const char *name) { + int i; + int elems = sizeof(syslist32) / sizeof(syslist32[0]); + for (i = 0; i < elems; i++) { + if (strcmp(name, syslist32[i].name) == 0) + return syslist32[i].nr; + } + + return -1; +} + +const char *syscall_find_nr(int nr) { + int i; + int elems = sizeof(syslist) / sizeof(syslist[0]); + for (i = 0; i < elems; i++) { + if (nr == syslist[i].nr) + return syslist[i].name; + } + + return "unknown"; +} + +const char *syscall_find_nr_32(int nr) { + int i; + int elems = sizeof(syslist32) / sizeof(syslist32[0]); + for (i = 0; i < elems; i++) { + if (nr == syslist32[i].nr) + return syslist32[i].name; + } + + return "unknown"; +} + +void syscall_print(void) { + int i; + int elems = sizeof(syslist) / sizeof(syslist[0]); + for (i = 0; i < elems; i++) { + printf("%d\t- %s\n", syslist[i].nr, syslist[i].name); + } + printf("\n"); +} + +void syscall_print_32(void) { + int i; + int elems = sizeof(syslist32) / sizeof(syslist32[0]); + for (i = 0; i < elems; i++) { + printf("%d\t- %s\n", syslist32[i].nr, syslist32[i].name); + } + printf("\n"); +} + +static const char *syscall_find_group(const char *name) { + int i; + int elems = sizeof(sysgroups) / sizeof(sysgroups[0]); + for (i = 0; i < elems; i++) { + if (strcmp(name, sysgroups[i].name) == 0) + return sysgroups[i].list; + } + + return NULL; +} + +// allowed input: +// - syscall +// - syscall(error) +static void syscall_process_name(const char *name, int *syscall_nr, int *error_nr, bool native) { + assert(name); + if (strlen(name) == 0) + goto error; + *error_nr = -1; + + // syntax check + char *str = strdup(name); + if (!str) + errExit("strdup"); + + char *syscall_name = str; + char *error_name = strchr(str, ':'); + if (error_name) { + *error_name = '\0'; + error_name++; + } + if (strlen(syscall_name) == 0) { + free(str); + goto error; + } + + if (*syscall_name == '$') + *syscall_nr = strtol(syscall_name + 1, NULL, 0); + else { + if (native) + *syscall_nr = syscall_find_name(syscall_name); + else + *syscall_nr = syscall_find_name_32(syscall_name); + } + if (error_name) { + *error_nr = errno_find_name(error_name); + if (*error_nr == -1) + *syscall_nr = -1; + } + + free(str); + return; + +error: + fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name); + exit(1); +} + +// return 1 if error, 0 if OK +int syscall_check_list(const char *slist, filter_fn *callback, int fd, int arg, void *ptrarg, bool native) { + // don't allow empty lists + if (slist == NULL || *slist == '\0') { + fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n"); + exit(1); + } + + // work on a copy of the string + char *str = strdup(slist); + if (!str) + errExit("strdup"); + + char *saveptr; + char *ptr = strtok_r(str, ",", &saveptr); + if (ptr == NULL) { + fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n"); + exit(1); + } + + while (ptr) { + int syscall_nr; + int error_nr; + if (*ptr == '@') { + const char *new_list = syscall_find_group(ptr); + if (!new_list) { + fprintf(stderr, "Error fseccomp: unknown syscall group %s\n", ptr); + exit(1); + } + syscall_check_list(new_list, callback, fd, arg, ptrarg, native); + } + else { + bool negate = false; + if (*ptr == '!') { + negate = true; + ptr++; + } + syscall_process_name(ptr, &syscall_nr, &error_nr, native); + if (syscall_nr == -1) {;} + else if (callback != NULL) { + if (negate) { + syscall_nr = -syscall_nr; + } + if (error_nr != -1 && fd > 0) { + filter_add_errno(fd, syscall_nr, error_nr, ptrarg, native); + } + else if (error_nr != -1 && fd == 0) { + callback(fd, syscall_nr, error_nr, ptrarg, native); + } + else { + callback(fd, syscall_nr, arg, ptrarg, native); + } + } + } + ptr = strtok_r(NULL, ",", &saveptr); + } + + free(str); + return 0; +} + +static void find_syscall(int fd, int syscall, int arg, void *ptrarg, bool native) { + (void)fd; + (void) arg; + (void)native; + SyscallCheckList *ptr = ptrarg; + if (abs(syscall) == ptr->syscall) + ptr->found = true; +} + +// go through list2 and find matches for problem syscall +static void syscall_in_list(int fd, int syscall, int arg, void *ptrarg, bool native) { + (void) fd; + (void)arg; + SyscallCheckList *ptr = ptrarg; + SyscallCheckList sl; + const char *name; + + sl.found = false; + sl.syscall = syscall; + syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl, native); + + if (native) + name = syscall_find_nr(syscall); + else + name = syscall_find_nr_32(syscall); + + // if found in the problem list, add to post-exec list + if (sl.found) { + if (ptr->postlist) { + if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, name) == -1) + errExit("asprintf"); + } + else + ptr->postlist = strdup(name); + } + else { // no problem, add to pre-exec list + // build syscall:error_no + char *newcall = NULL; + if (arg != 0) { + if (asprintf(&newcall, "%s:%s", name, errno_find_nr(arg)) == -1) + errExit("asprintf"); + } + else { + newcall = strdup(name); + if (!newcall) + errExit("strdup"); + } + + if (ptr->prelist) { + if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, newcall) == -1) + errExit("asprintf"); + free(newcall); + } + else + ptr->prelist = newcall; + } +} + +// go through list and find matches for syscalls in list @default-keep +void syscalls_in_list(const char *list, const char *slist, int fd, char **prelist, char **postlist, bool native) { + (void) fd; + SyscallCheckList sl; + // these syscalls are used by firejail after the seccomp filter is initialized + sl.slist = slist; + sl.prelist = NULL; + sl.postlist = NULL; + syscall_check_list(list, syscall_in_list, 0, 0, &sl, native); + if (!arg_quiet) { + printf("Seccomp list in: %s,", list); + if (sl.slist) + printf(" check list: %s,", sl.slist); + if (sl.prelist) + printf(" prelist: %s,", sl.prelist); + if (sl.postlist) + printf(" postlist: %s", sl.postlist); + printf("\n"); + } + *prelist = sl.prelist; + *postlist = sl.postlist; +} diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9af25bf63..511194ff3 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -386,19 +386,31 @@ first argument to socket system call. Recognized values: \fBunix\fR, \fBseccomp Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. .TP +\fBseccomp.32 +Enable seccomp filter and blacklist the syscalls in the default list for 32 bit system calls on a 64 bit architecture system. +.TP \fBseccomp syscall,syscall,syscall Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. .TP +\fBseccomp.32 syscall,syscall,syscall +Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter for 32 bit system calls on a 64 bit architecture system. +.TP \fBseccomp.block-secondary Enable seccomp filter and filter system call architectures so that only the native architecture is allowed. .TP \fBseccomp.drop syscall,syscall,syscall -Enable seccomp filter and blacklist the system calls in the list. +Enable seccomp filter and blacklist the system calls in the list. +.TP +\fBseccomp.32.drop syscall,syscall,syscall +Enable seccomp filter and blacklist the system calls in the list for 32 bit system calls on a 64 bit architecture system. .TP \fBseccomp.keep syscall,syscall,syscall Enable seccomp filter and whitelist the system calls in the list. .TP +\fBseccomp.32.keep syscall,syscall,syscall +Enable seccomp filter and whitelist the system calls in the list for 32 bit system calls on a 64 bit architecture system. +.TP \fBx11 Enable X11 sandboxing. .TP diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 926e9b2cc..13dcf09ee 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -35,7 +35,7 @@ firejail {\-\-list | \-\-netstats | \-\-top | \-\-tree} Miscellaneous: .PP .RS -firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-protocols | \-\-help | \-\-version} +firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version} .RE .SH DESCRIPTION Firejail is a SUID sandbox program that reduces the risk of security breaches by @@ -386,6 +386,10 @@ Example: .br $ firejail \-\-debug-syscalls .TP +\fB\-\-debug-syscalls32 +Print all recognized 32 bit system calls in the current Firejail software build and exit. +.br +.TP \fB\-\-debug-whitelists\fR Debug whitelisting. .br @@ -1832,7 +1836,9 @@ Exceptions can be allowed with prefix !. System architecture is strictly imposed only if flag \-\-seccomp.block-secondary is used. The filter is applied at run time only if the correct architecture was detected. For the case of I386 -and AMD64 both 32-bit and 64-bit filters are installed. +and AMD64 both 32-bit and 64-bit filters are installed. On a 64 bit +architecture, an additional filter for 32 bit system calls can be +installed with \-\-seccomp.32. .br .br @@ -1881,7 +1887,8 @@ rm: cannot remove `testfile': Operation not permitted .br If the blocked system calls would also block Firejail from operating, they are handled by adding a preloaded library which performs seccomp -system calls later. +system calls later. However, this is incompatible with 32 bit seccomp +filters. .br .br @@ -1912,7 +1919,10 @@ domain with personality(2) system call. .TP \fB\-\-seccomp.drop=syscall,@group -Enable seccomp filter, and blacklist the syscalls or the syscall groups specified by the command. +Enable seccomp filter, and blacklist the syscalls or the syscall +groups specified by the command. On a 64 bit architecture, an +additional filter for 32 bit system calls can be installed with +\-\-seccomp.32.drop. .br .br @@ -1950,7 +1960,9 @@ rm: cannot remove `testfile': Operation not permitted \fB\-\-seccomp.keep=syscall,@group,!syscall2 Enable seccomp filter, blacklist all syscall not listed and "syscall2". The system calls needed by Firejail (group @default-keep: prctl, execve) -are handled with the preload library. +are handled with the preload library. On a 64 bit architecture, an +additional filter for 32 bit system calls can be installed with +\-\-seccomp.32.keep. .br .br -- cgit v1.2.3-54-g00ecf