Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFE: clarify seccomp_rule_add syscall translation behavior #261

Closed
wants to merge 1 commit into from

Conversation

Xyene
Copy link
Contributor

@Xyene Xyene commented Jun 25, 2020

Refs #259.

@coveralls
Copy link

coveralls commented Jun 25, 2020

Coverage Status

Coverage remained the same at 92.991% when pulling 3633794 on Xyene:syscall-translation-docs into 6b286c2 on seccomp:master.

@Xyene Xyene force-pushed the syscall-translation-docs branch from 38f9fa7 to 1cb5762 Compare June 25, 2020 22:10
.B __NR_syscall
values in a context containing non-native architectures, the syscall
corresponding to the value in the native architecture will be used in all
non-native architectures.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I not sure that reads quite right, how about the following?

... it is highly recommended to use the SCMP_SYS() macro instead, see the EXAMPLES section below. It is also important to remember that regardless of the architectures present in the filter, the syscall numbers passed to the libseccomp rule add functions should always be in the context of the native architecture.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Xyene what did you think of the substitute text above?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about the delay, I got DOS'd by real-life stuff -- I've committed a slightly reworded variant of your suggested text, emphasizing that libseccomp is performing some "interpreting" of the given syscall value.

@pcmoore pcmoore changed the title doc: clarify seccomp_rule_add syscall translation behavior RFE: clarify seccomp_rule_add syscall translation behavior Jun 27, 2020
@pcmoore pcmoore added this to the v2.5.0 milestone Jun 27, 2020
@Xyene Xyene force-pushed the syscall-translation-docs branch from 1cb5762 to 2215602 Compare July 11, 2020 06:14
libseccomp performs a translation step when adding a raw syscall value
to a multi-architecture filter. For instance, when adding __NR_open
(syscall value 2 on x86-64) to a filter containing x86 and x86-64 where
the native ABI is x86-64, the x86 BPF branch will use the value 5
(__NR_open on x86).

This commit adds explicit documentation for the translation step.

Refs seccomp#259.

Signed-off-by: Tudor Brindus <[email protected]>
@Xyene Xyene force-pushed the syscall-translation-docs branch from 2215602 to 3633794 Compare July 11, 2020 06:20
@pcmoore
Copy link
Member

pcmoore commented Jul 14, 2020

Thanks for getting back to this, I definitely understand competing priorities and I can assure you we appreciate the help regardless of where libseccomp falls in your personal priority list :)

This updated text looks good to me, any objections @drakenclimber?

@drakenclimber
Copy link
Member

Looks good to me 👍

Acked-by: Tom Hromatka <[email protected]>

@pcmoore
Copy link
Member

pcmoore commented Jul 14, 2020

Merged via fa6264b, thanks!

@pcmoore pcmoore closed this Jul 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants