maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity

Compare commits

base: maemachinebroke:pkgserver-old
Branches Tags
maemachinebroke:staging maemachinebroke:pkgserver maemachinebroke:pkgserver-old maemachinebroke:wip-irdump rosa:staging rosa:develop rosa:master
maemachinebroke:v0.3.4 maemachinebroke:v0.3.3 maemachinebroke:v0.3.2 maemachinebroke:v0.3.1 maemachinebroke:v0.3.0 maemachinebroke:v0.2.2 maemachinebroke:v0.2.1 maemachinebroke:v0.2.0 maemachinebroke:v0.1.3 maemachinebroke:v0.1.2 maemachinebroke:v0.1.1 maemachinebroke:v0.1.0 rosa:v0.3.7 rosa:v0.3.6 rosa:v0.3.5 rosa:v0.3.4 rosa:v0.3.3 rosa:v0.3.2 rosa:v0.3.1 rosa:v0.3.0 rosa:v0.2.2 rosa:v0.2.1 rosa:v0.2.0 rosa:v0.1.3 rosa:v0.1.2 rosa:v0.1.1 rosa:v0.1.0
..
compare: rosa:develop
Branches Tags
rosa:staging rosa:develop rosa:master maemachinebroke:staging maemachinebroke:pkgserver maemachinebroke:pkgserver-old maemachinebroke:wip-irdump
rosa:v0.3.7 rosa:v0.3.6 rosa:v0.3.5 rosa:v0.3.4 rosa:v0.3.3 rosa:v0.3.2 rosa:v0.3.1 rosa:v0.3.0 rosa:v0.2.2 rosa:v0.2.1 rosa:v0.2.0 rosa:v0.1.3 rosa:v0.1.2 rosa:v0.1.1 rosa:v0.1.0 maemachinebroke:v0.3.4 maemachinebroke:v0.3.3 maemachinebroke:v0.3.2 maemachinebroke:v0.3.1 maemachinebroke:v0.3.0 maemachinebroke:v0.2.2 maemachinebroke:v0.2.1 maemachinebroke:v0.2.0 maemachinebroke:v0.1.3 maemachinebroke:v0.1.2 maemachinebroke:v0.1.1 maemachinebroke:v0.1.0

50 Commits
pkgserver- ... develop

Author SHA1 Message Date
Ophestra
faea1f4bd6 all: remove deprecated packages 
Closes #24.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:54:56 +09:00
Ophestra
0cb1007daa ldd: remove deprecated API 
Closes #25.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:53:14 +09:00
Ophestra
e292031624 ext: move lookup test 
This was kept in-place to reduce patch size in the previous patch.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:44:59 +09:00
Ophestra
cd5959fe5a ext: isolate from container/std 
These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:39:26 +09:00
Ophestra
08c35ca24f container: use new netlink implementation 
This is adapted from the container netlink implementation and is much more reusable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 23:33:52 +09:00
Ophestra
72bd3fb05e internal/netlink: generalise implementation from container 
This is useful for uevent implementation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 23:07:51 +09:00
Ophestra
59c66747df internal/rosa/kernel: 6.12.76 to 6.12.77 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 15:21:33 +09:00
Ophestra
9e6fe8db4b internal/rosa/meson: 1.10.1 to 1.10.2 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 13:41:06 +09:00
Ophestra
5168ee3e13 internal/rosa/python: remove pre_commit 
This is unused and introduces many dependencies.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 13:39:56 +09:00
Ophestra
c8313c2dc4 internal/rosa/tamago: disable cgo 
This toolchain does not support cgo for the new target, anyway, and disabling it altogether avoids adding a dependency on arm64.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 13:22:10 +09:00
Ophestra
3fcdadb669 internal/rosa/curl: remove broken test 
Upstream testdata is not broken on the arm64 builder, but breaks reproducibly on amd64.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 12:54:03 +09:00
Ophestra
3966bc5152 internal/rosa/hakurei: 0.3.6 to 0.3.7 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-15 21:43:55 +09:00
Ophestra
b208af8b85 release: 0.3.7 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-15 21:04:55 +09:00
Ophestra
8d650c0c8f all: migrate to rosa/hakurei 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-15 20:12:51 +09:00
Ophestra
a720efc32d internal/rosa/llvm: arch-specific versions 
This enables temporarily avoiding a broken release on specific targets.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-15 15:06:36 +09:00
Ophestra
400540cd41 internal/rosa/llvm: arch-specific patches 
Broken aarch64 tests in LLVM seem unlikely to be fixed soon.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-15 11:37:24 +09:00
Ophestra
1113efa5c2 internal/rosa/kernel: enable arm64 block drivers 
These are added separately to the amd64 patch due to the arm64 toolchain not being available at that time.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-15 00:22:05 +09:00
Ophestra
8b875f865c cmd/earlyinit: remount root and set firmware path 
The default search paths cannot be configured, configuring them here is most sound for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-14 19:50:04 +09:00
Ophestra
8905d653ba cmd/earlyinit: mount pseudo-filesystems 
The proposal for merging both init programs was unanimously accepted, so this is set up here alongside devtmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-14 19:43:42 +09:00
Ophestra
9c2fb6246f internal/rosa/kernel: enable FW_LOADER 
This wants to be loaded early, so having it as a dlkm is not helpful as it will always be loaded anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-14 19:32:14 +09:00
Ophestra
9c116acec6 internal/rosa/kernel: enable amd64 block drivers 
These have to be built into initramfs, anyway, so build them into the kernel instead. The arm64 toolchain is not yet ready, so will be updated in a later patch.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-14 19:22:56 +09:00
Ophestra
988239a2bc internal/rosa: basic system image 
This is a simple image for debugging and is not yet set up for dm-verity.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-14 15:54:13 +09:00
Ophestra
bc03118142 cmd/earlyinit: handle args from cmdline 
These are set by the bootloader.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-14 15:13:52 +09:00
Ophestra
74c213264a internal/rosa/git: install libexec symlinks 
This is less clumsy to represent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 20:43:23 +09:00
Ophestra
345cffddc2 cmd/mbf: optionally export output 
This is for debugging for now, as no program consumes this format yet.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 19:53:55 +09:00
Ophestra
49163758c8 internal/rosa/llvm: 22.1.0 to 22.1.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 16:08:49 +09:00
Ophestra
ad22c15fb1 internal/rosa/perl: 5.42.0 to 5.42.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 16:08:24 +09:00
Ophestra
9c774f7e0a internal/rosa/python: setuptools 82.0.0 to 82.0.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 15:32:00 +09:00
Ophestra
707f0a349f internal/rosa/gtk: glib 2.87.3 to 2.87.5 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 15:26:42 +09:00
Ophestra
7c35be066a internal/rosa/tamago: 1.26.0 to 1.26.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 15:23:29 +09:00
Ophestra
f91d55fa5e internal/rosa/curl: 8.18.0 to 8.19.0 
The test suite now depends on python to run mock servers. SMB is disabled because it is completely unused, and pulls in a python dependency for tests. A broken test is fixed and the patch hopefully upstreamed before next release.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 15:23:07 +09:00
Ophestra
5862cc1966 internal/rosa/kernel: firmware 20260221 to 20260309 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 14:06:21 +09:00
Ophestra
b3f0360a05 internal/rosa: populate runtime dependencies 
This also removes manually resolved indirect dependencies.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 13:23:30 +09:00
Ophestra
8938994036 cmd/mbf: display runtime dependency info 
This only presents top-level dependencies, resolving indirect dependencies can be misleading in this context.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 10:46:37 +09:00
Ophestra
96d382f805 cmd/mbf: resolve runtime dependencies 
This also adds the collection meta-artifact for concurrent curing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 10:41:22 +09:00
Ophestra
5c785c135c internal/rosa: collection meta-artifact 
This is a stub FloodArtifact for concurrently curing multiple artifacts.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 10:34:45 +09:00
Ophestra
0130f8ea6d internal/rosa: represent runtime dependencies 
This also resolves indirect dependencies, reducing noise.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-13 10:31:14 +09:00
Ophestra
faac5c4a83 internal/rosa: store artifact results in struct 
This is cleaner and makes adding additional values easier.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 18:08:41 +09:00
Ophestra
620062cca9 hst: expose scheduling priority 
This is useful when limits are configured to allow it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 02:15:14 +09:00
Ophestra
196b200d0f container: expose priority and SCHED_OTHER policy 
The more explicit API removes the arbitrary limit preventing use of SCHED_OTHER (referred to as SCHED_NORMAL in the kernel). This change also exposes priority value to set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 01:14:03 +09:00
Ophestra
04e6bc3c5c hst: expose scheduling policy 
This is primarily useful for poorly written music players for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 00:52:18 +09:00
Ophestra
5c540f90aa internal/outcome: improve doc comments 
This improves readability on smaller displays.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 21:04:02 +09:00
Ophestra
1e8ac5f68e container: use policy name in log message 
This is more helpful than having the user resolve the integer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:20:34 +09:00
Ophestra
fd515badff container: move scheduler policy constants to std 
This avoids depending on cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:03:08 +09:00
Ophestra
330a344845 hst: improve doc comments 
These now read a lot better both in source and on pkgsite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 19:21:55 +09:00
Ophestra
48cdf8bf85 go: 1.26 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 03:29:19 +09:00
Ophestra
7fb42ba49d internal/rosa/llvm: set LLVM_LIT_ARGS 
This replaces the progress bar, which was worse than useless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 02:05:11 +09:00
Ophestra
19a2737148 container: sched policy string representation 
This also uses priority obtained via sched_get_priority_min, and improves bounds checking.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-09 18:38:31 +09:00
Ophestra
baf2def9cc internal/rosa/kmod: prefix moduledir 
This change also works around the kernel build system being unaware of this option.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-09 16:40:55 +09:00
Ophestra
242e042cb9 internal/rosa/nss: rename from ssl 
The SSL name came from earlier on and is counterintuitive.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-09 14:58:31 +09:00
142 changed files with 5580 additions and 5696 deletions
Expand all files Collapse all files

8
README.md
View File

@@ -1,5 +1,5 @@
<p align="center"> <p align="center">
<a href="https://git.gensokyo.uk/security/hakurei"> <a href="https://git.gensokyo.uk/rosa/hakurei">
<picture> <picture>
<img src="https://basement.gensokyo.uk/images/yukari1.png" width="200px" alt="Yukari"> <img src="https://basement.gensokyo.uk/images/yukari1.png" width="200px" alt="Yukari">
</picture> </picture>
@@ -8,16 +8,16 @@
<p align="center"> <p align="center">
<a href="https://pkg.go.dev/hakurei.app"><img src="https://pkg.go.dev/badge/hakurei.app.svg" alt="Go Reference" /></a> <a href="https://pkg.go.dev/hakurei.app"><img src="https://pkg.go.dev/badge/hakurei.app.svg" alt="Go Reference" /></a>
<a href="https://git.gensokyo.uk/security/hakurei/actions"><img src="https://git.gensokyo.uk/security/hakurei/actions/workflows/test.yml/badge.svg?branch=staging&style=flat-square" alt="Gitea Workflow Status" /></a> <a href="https://git.gensokyo.uk/rosa/hakurei/actions"><img src="https://git.gensokyo.uk/rosa/hakurei/actions/workflows/test.yml/badge.svg?branch=staging&style=flat-square" alt="Gitea Workflow Status" /></a>
<br/> <br/>
<a href="https://git.gensokyo.uk/security/hakurei/releases"><img src="https://img.shields.io/gitea/v/release/security/hakurei?gitea_url=https%3A%2F%2Fgit.gensokyo.uk&color=purple" alt="Release" /></a> <a href="https://git.gensokyo.uk/rosa/hakurei/releases"><img src="https://img.shields.io/gitea/v/release/rosa/hakurei?gitea_url=https%3A%2F%2Fgit.gensokyo.uk&color=purple" alt="Release" /></a>
<a href="https://goreportcard.com/report/hakurei.app"><img src="https://goreportcard.com/badge/hakurei.app" alt="Go Report Card" /></a> <a href="https://goreportcard.com/report/hakurei.app"><img src="https://goreportcard.com/badge/hakurei.app" alt="Go Report Card" /></a>
<a href="https://hakurei.app"><img src="https://img.shields.io/website?url=https%3A%2F%2Fhakurei.app" alt="Website" /></a> <a href="https://hakurei.app"><img src="https://img.shields.io/website?url=https%3A%2F%2Fhakurei.app" alt="Website" /></a>
</p> </p>
Hakurei is a tool for running sandboxed desktop applications as dedicated Hakurei is a tool for running sandboxed desktop applications as dedicated
subordinate users on the Linux kernel. It implements the application container subordinate users on the Linux kernel. It implements the application container
of [planterette (WIP)](https://git.gensokyo.uk/security/planterette), a of [planterette (WIP)](https://git.gensokyo.uk/rosa/planterette), a
self-contained Android-like package manager with modern security features. self-contained Android-like package manager with modern security features.
Interaction with hakurei happens entirely through structures described by Interaction with hakurei happens entirely through structures described by

69
cmd/earlyinit/main.go
View File

@@ -4,6 +4,7 @@ import (
"log" "log"
"os" "os"
"runtime" "runtime"
"strings"
. "syscall" . "syscall"
) )
@@ -12,6 +13,22 @@ func main() {
log.SetFlags(0) log.SetFlags(0)
log.SetPrefix("earlyinit: ") log.SetPrefix("earlyinit: ")
var (
option map[string]string
flags []string
)
if len(os.Args) > 1 {
option = make(map[string]string)
for _, s := range os.Args[1:] {
key, value, ok := strings.Cut(s, "=")
if !ok {
flags = append(flags, s)
continue
}
option[key] = value
}
}
if err := Mount( if err := Mount(
"devtmpfs", "devtmpfs",
"/dev/", "/dev/",
@@ -55,4 +72,56 @@ func main() {
} }
} }
// staying in rootfs, these are no longer used
must(os.Remove("/root"))
must(os.Remove("/init"))
must(os.Mkdir("/proc", 0))
mustSyscall("mount proc", Mount(
"proc",
"/proc",
"proc",
MS_NOSUID|MS_NOEXEC|MS_NODEV,
"hidepid=1",
))
must(os.Mkdir("/sys", 0))
mustSyscall("mount sysfs", Mount(
"sysfs",
"/sys",
"sysfs",
0,
"",
))
// after top level has been set up
mustSyscall("remount root", Mount(
"",
"/",
"",
MS_REMOUNT|MS_BIND|
MS_RDONLY|MS_NODEV|MS_NOSUID|MS_NOEXEC,
"",
))
must(os.WriteFile(
"/sys/module/firmware_class/parameters/path",
[]byte("/system/lib/firmware"),
0,
))
}
// mustSyscall calls [log.Fatalln] if err is non-nil.
func mustSyscall(action string, err error) {
if err != nil {
log.Fatalln("cannot "+action+":", err)
}
}
// must calls [log.Fatal] with err if it is non-nil.
func must(err error) {
if err != nil {
log.Fatal(err)
}
} }

31
cmd/hakurei/command.go
View File

@@ -16,6 +16,7 @@ import (
"hakurei.app/command" "hakurei.app/command"
"hakurei.app/container/check" "hakurei.app/container/check"
"hakurei.app/container/fhs" "hakurei.app/container/fhs"
"hakurei.app/ext"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
"hakurei.app/internal/env" "hakurei.app/internal/env"
@@ -89,6 +90,9 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
flagHomeDir string flagHomeDir string
flagUserName string flagUserName string
flagSchedPolicy string
flagSchedPriority int
flagPrivateRuntime, flagPrivateTmpdir bool flagPrivateRuntime, flagPrivateTmpdir bool
flagWayland, flagX11, flagDBus, flagPipeWire, flagPulse bool flagWayland, flagX11, flagDBus, flagPipeWire, flagPulse bool
@@ -131,7 +135,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
log.Fatal(optionalErrorUnwrap(err)) log.Fatal(optionalErrorUnwrap(err))
return err return err
} else if progPath, err = check.NewAbs(p); err != nil { } else if progPath, err = check.NewAbs(p); err != nil {
log.Fatal(err.Error()) log.Fatal(err)
return err return err
} }
} }
@@ -150,7 +154,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
et |= hst.EPipeWire et |= hst.EPipeWire
} }
config := &hst.Config{ config := hst.Config{
ID: flagID, ID: flagID,
Identity: flagIdentity, Identity: flagIdentity,
Groups: flagGroups, Groups: flagGroups,
@@ -177,6 +181,13 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
}, },
} }
if err := config.SchedPolicy.UnmarshalText(
[]byte(flagSchedPolicy),
); err != nil {
log.Fatal(err)
}
config.SchedPriority = ext.Int(flagSchedPriority)
// bind GPU stuff // bind GPU stuff
if et&(hst.EX11|hst.EWayland) != 0 { if et&(hst.EX11|hst.EWayland) != 0 {
config.Container.Filesystem = append(config.Container.Filesystem, hst.FilesystemConfigJSON{FilesystemConfig: &hst.FSBind{ config.Container.Filesystem = append(config.Container.Filesystem, hst.FilesystemConfigJSON{FilesystemConfig: &hst.FSBind{
@@ -214,7 +225,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
homeDir = passwd.HomeDir homeDir = passwd.HomeDir
} }
if a, err := check.NewAbs(homeDir); err != nil { if a, err := check.NewAbs(homeDir); err != nil {
log.Fatal(err.Error()) log.Fatal(err)
return err return err
} else { } else {
config.Container.Home = a config.Container.Home = a
@@ -234,11 +245,11 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
config.SessionBus = dbus.NewConfig(flagID, true, flagDBusMpris) config.SessionBus = dbus.NewConfig(flagID, true, flagDBusMpris)
} else { } else {
if f, err := os.Open(flagDBusConfigSession); err != nil { if f, err := os.Open(flagDBusConfigSession); err != nil {
log.Fatal(err.Error()) log.Fatal(err)
} else { } else {
decodeJSON(log.Fatal, "load session bus proxy config", f, &config.SessionBus) decodeJSON(log.Fatal, "load session bus proxy config", f, &config.SessionBus)
if err = f.Close(); err != nil { if err = f.Close(); err != nil {
log.Fatal(err.Error()) log.Fatal(err)
} }
} }
} }
@@ -246,11 +257,11 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
// system bus proxy is optional // system bus proxy is optional
if flagDBusConfigSystem != "nil" { if flagDBusConfigSystem != "nil" {
if f, err := os.Open(flagDBusConfigSystem); err != nil { if f, err := os.Open(flagDBusConfigSystem); err != nil {
log.Fatal(err.Error()) log.Fatal(err)
} else { } else {
decodeJSON(log.Fatal, "load system bus proxy config", f, &config.SystemBus) decodeJSON(log.Fatal, "load system bus proxy config", f, &config.SystemBus)
if err = f.Close(); err != nil { if err = f.Close(); err != nil {
log.Fatal(err.Error()) log.Fatal(err)
} }
} }
} }
@@ -266,7 +277,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
} }
} }
outcome.Main(ctx, msg, config, -1) outcome.Main(ctx, msg, &config, -1)
panic("unreachable") panic("unreachable")
}). }).
Flag(&flagDBusConfigSession, "dbus-config", command.StringFlag("builtin"), Flag(&flagDBusConfigSession, "dbus-config", command.StringFlag("builtin"),
@@ -287,6 +298,10 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
"Container home directory"). "Container home directory").
Flag(&flagUserName, "u", command.StringFlag("chronos"), Flag(&flagUserName, "u", command.StringFlag("chronos"),
"Passwd user name within sandbox"). "Passwd user name within sandbox").
Flag(&flagSchedPolicy, "policy", command.StringFlag(""),
"Scheduling policy to set for the container").
Flag(&flagSchedPriority, "priority", command.IntFlag(0),
"Scheduling priority to set for the container").
Flag(&flagPrivateRuntime, "private-runtime", command.BoolFlag(false), Flag(&flagPrivateRuntime, "private-runtime", command.BoolFlag(false),
"Do not share XDG_RUNTIME_DIR between containers under the same identity"). "Do not share XDG_RUNTIME_DIR between containers under the same identity").
Flag(&flagPrivateTmpdir, "private-tmpdir", command.BoolFlag(false), Flag(&flagPrivateTmpdir, "private-tmpdir", command.BoolFlag(false),

6
cmd/hakurei/command_test.go
View File

@@ -36,7 +36,7 @@ Commands:
}, },
{ {
"run", []string{"run", "-h"}, ` "run", []string{"run", "-h"}, `
Usage: hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS] Usage: hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--policy <value>] [--priority <int>] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS]
Flags: Flags:
-X Enable direct connection to X11 -X Enable direct connection to X11
@@ -60,6 +60,10 @@ Flags:
Allow owning MPRIS D-Bus path, has no effect if custom config is available Allow owning MPRIS D-Bus path, has no effect if custom config is available
-pipewire -pipewire
Enable connection to PipeWire via SecurityContext Enable connection to PipeWire via SecurityContext
-policy string
Scheduling policy to set for the container
-priority int
Scheduling priority to set for the container
-private-runtime -private-runtime
Do not share XDG_RUNTIME_DIR between containers under the same identity Do not share XDG_RUNTIME_DIR between containers under the same identity
-private-tmpdir -private-tmpdir

67
cmd/mbf/main.go
View File

@@ -87,7 +87,7 @@ func main() {
} }
if flagIdle { if flagIdle {
pkg.SchedPolicy = container.SCHED_IDLE pkg.SetSchedIdle = true
} }
return return
@@ -175,6 +175,17 @@ func main() {
fmt.Println("website : " + fmt.Println("website : " +
strings.TrimSuffix(meta.Website, "/")) strings.TrimSuffix(meta.Website, "/"))
} }
if len(meta.Dependencies) > 0 {
fmt.Print("depends on :")
for _, d := range meta.Dependencies {
s := rosa.GetMetadata(d).Name
if version := rosa.Std.Version(d); version != rosa.Unversioned {
s += "-" + version
}
fmt.Print(" " + s)
}
fmt.Println()
}
const statusPrefix = "status : " const statusPrefix = "status : "
if flagStatus { if flagStatus {
@@ -423,7 +434,8 @@ func main() {
{ {
var ( var (
flagDump string flagDump string
flagExport string
) )
c.NewCommand( c.NewCommand(
"cure", "cure",
@@ -436,10 +448,34 @@ func main() {
return fmt.Errorf("unknown artifact %q", args[0]) return fmt.Errorf("unknown artifact %q", args[0])
} else if flagDump == "" { } else if flagDump == "" {
pathname, _, err := cache.Cure(rosa.Std.Load(p)) pathname, _, err := cache.Cure(rosa.Std.Load(p))
if err == nil { if err != nil {
log.Println(pathname) return err
} }
return err log.Println(pathname)
if flagExport != "" {
msg.Verbosef("exporting %s to %s...", args[0], flagExport)
var f *os.File
if f, err = os.OpenFile(
flagExport,
os.O_WRONLY|os.O_CREATE|os.O_EXCL,
0400,
); err != nil {
return err
} else if _, err = pkg.Flatten(
os.DirFS(pathname.String()),
".",
f,
); err != nil {
_ = f.Close()
return err
} else if err = f.Close(); err != nil {
return err
}
}
return nil
} else { } else {
f, err := os.OpenFile( f, err := os.OpenFile(
flagDump, flagDump,
@@ -463,6 +499,11 @@ func main() {
&flagDump, &flagDump,
"dump", command.StringFlag(""), "dump", command.StringFlag(""),
"Write IR to specified pathname and terminate", "Write IR to specified pathname and terminate",
).
Flag(
&flagExport,
"export", command.StringFlag(""),
"Export cured artifact to specified pathname",
) )
} }
@@ -477,17 +518,19 @@ func main() {
"shell", "shell",
"Interactive shell in the specified Rosa OS environment", "Interactive shell in the specified Rosa OS environment",
func(args []string) error { func(args []string) error {
root := make([]pkg.Artifact, 0, 6+len(args)) presets := make([]rosa.PArtifact, len(args))
for _, arg := range args { for i, arg := range args {
p, ok := rosa.ResolveName(arg) p, ok := rosa.ResolveName(arg)
if !ok { if !ok {
return fmt.Errorf("unknown artifact %q", arg) return fmt.Errorf("unknown artifact %q", arg)
} }
root = append(root, rosa.Std.Load(p)) presets[i] = p
} }
root := make(rosa.Collect, 0, 6+len(args))
root = rosa.Std.AppendPresets(root, presets...)
if flagWithToolchain { if flagWithToolchain {
musl, compilerRT, runtimes, clang := rosa.Std.NewLLVM() musl, compilerRT, runtimes, clang := (rosa.Std - 1).NewLLVM()
root = append(root, musl, compilerRT, runtimes, clang) root = append(root, musl, compilerRT, runtimes, clang)
} else { } else {
root = append(root, rosa.Std.Load(rosa.Musl)) root = append(root, rosa.Std.Load(rosa.Musl))
@@ -497,6 +540,12 @@ func main() {
rosa.Std.Load(rosa.Toybox), rosa.Std.Load(rosa.Toybox),
) )
if _, _, err := cache.Cure(&root); err == nil {
return errors.New("unreachable")
} else if !errors.Is(err, rosa.Collected{}) {
return err
}
type cureRes struct { type cureRes struct {
pathname *check.Absolute pathname *check.Absolute
checksum unique.Handle[pkg.Checksum] checksum unique.Handle[pkg.Checksum]

229
cmd/pkgserver/main.go
View File

@@ -1,229 +0,0 @@
package main
import (
"bytes"
"cmp"
"context"
"embed"
"fmt"
"io"
"log"
"net/http"
"os"
"os/signal"
"path"
"slices"
"strings"
"syscall"
"hakurei.app/command"
"hakurei.app/container/check"
"hakurei.app/internal/pkg"
"hakurei.app/internal/rosa"
"hakurei.app/message"
)
//go:generate sh -c "sass ui/static/dark.scss ui/static/dark.css && sass ui/static/light.scss ui/static/light.css && tsc ui/static/index.ts"
//go:embed ui/*
var content embed.FS
func serveWebUI(w http.ResponseWriter, r *http.Request) {
fmt.Printf("serveWebUI: %s\n", r.URL.Path)
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Expires", "0")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-XSS-Protection", "1")
w.Header().Set("X-Frame-Options", "DENY")
http.ServeFileFS(w, r, content, "ui/index.html")
}
func serveStaticContent(w http.ResponseWriter, r *http.Request) {
fmt.Printf("serveStaticContent: %s\n", r.URL.Path)
switch r.URL.Path {
case "/static/style.css":
darkTheme := r.CookiesNamed("dark_theme")
if len(darkTheme) > 0 && darkTheme[0].Value == "true" {
http.ServeFileFS(w, r, content, "ui/static/dark.css")
} else {
http.ServeFileFS(w, r, content, "ui/static/light.css")
}
break
case "/favicon.ico":
http.ServeFileFS(w, r, content, "ui/static/favicon.ico")
break
case "/static/index.js":
http.ServeFileFS(w, r, content, "ui/static/index.js")
break
default:
http.NotFound(w, r)
}
}
func serveAPI(index *PackageIndex) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {}
}
func serveStatus(index *PackageIndex) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if index == nil {
http.Error(w, "index is nil", http.StatusInternalServerError)
return
}
base := path.Base(r.URL.Path)
name := strings.TrimSuffix(base, ".log")
p, ok := rosa.ResolveName(name)
if !ok {
http.NotFound(w, r)
return
}
m := rosa.GetMetadata(p)
pk, ok := index.names[m.Name]
if !ok {
http.NotFound(w, r)
return
}
if len(pk.status) > 0 {
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
w.WriteHeader(http.StatusOK)
_, err := io.Copy(w, bytes.NewReader(pk.status))
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
} else {
http.NotFound(w, r)
}
}
}
type SortOrders int
const (
DeclarationAscending SortOrders = iota
DeclarationDescending
NameAscending
NameDescending
limitSortOrders
)
type PackageIndex struct {
sorts [limitSortOrders][rosa.PresetUnexportedStart]*PackageIndexEntry
names map[string]*PackageIndexEntry
}
type PackageIndexEntry struct {
Name string `json:"name"`
Description string `json:"description"`
Website string `json:"website"`
Version string `json:"version"`
status []byte
}
func createPackageIndex(cache *pkg.Cache, report *rosa.Report) (_ *PackageIndex, err error) {
index := new(PackageIndex)
index.names = make(map[string]*PackageIndexEntry, rosa.PresetUnexportedStart)
work := make([]PackageIndexEntry, rosa.PresetUnexportedStart)
defer report.HandleAccess(&err)()
for p := range rosa.PresetUnexportedStart {
m := rosa.GetMetadata(p)
v := rosa.Std.Version(p)
a := rosa.Std.Load(p)
id := cache.Ident(a)
st, n := report.ArtifactOf(id)
var status []byte
if n < 1 {
status = nil
} else {
status = st
}
log.Printf("Processing package %s...\n", m.Name)
entry := PackageIndexEntry{
Name: m.Name,
Description: m.Description,
Website: m.Website,
Version: v,
status: status,
}
work[p] = entry
index.names[m.Name] = &entry
}
for i, p := range work {
index.sorts[DeclarationAscending][i] = &p
}
slices.Reverse(work)
for i, p := range work {
index.sorts[DeclarationDescending][i] = &p
}
slices.SortFunc(work, func(a PackageIndexEntry, b PackageIndexEntry) int {
return cmp.Compare(a.Name, b.Name)
})
for i, p := range work {
index.sorts[NameAscending][i] = &p
}
slices.Reverse(work)
for i, p := range work {
index.sorts[NameDescending][i] = &p
}
return index, err
}
func main() {
log.SetFlags(0)
log.SetPrefix("pkgserver: ")
var (
flagBaseDir string
flagPort int
)
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
defer stop()
msg := message.New(log.Default())
c := command.New(os.Stderr, log.Printf, "pkgserver", func(args []string) error {
reportPath := args[0]
baseDir, err := check.NewAbs(flagBaseDir)
if err != nil {
return err
}
log.Println("baseDir:", baseDir)
cache, err := pkg.Open(ctx, msg, 0, baseDir)
if err != nil {
return err
}
report, err := rosa.OpenReport(reportPath)
if err != nil {
return err
}
log.Println("reportPath:", reportPath)
log.Println("indexing packages...")
index, err := createPackageIndex(cache, report)
if err != nil {
return err
}
log.Println("created package index")
http.HandleFunc("GET /{$}", serveWebUI)
http.HandleFunc("GET /favicon.ico", serveStaticContent)
http.HandleFunc("GET /static/", serveStaticContent)
http.HandleFunc("GET /api/", serveAPI(index))
http.HandleFunc("GET /api/status/", serveStatus(index))
log.Println("listening on", flagPort)
err = http.ListenAndServe(fmt.Sprintf(":%d", flagPort), nil)
if err != nil {
return err
}
return nil
}).Flag(
&flagBaseDir,
"b", command.StringFlag(""),
"base directory for cache",
).Flag(
&flagPort,
"p", command.IntFlag(8067),
"http listen port",
)
c.MustParse(os.Args[1:], func(e error) {
log.Fatal(e)
})
}

26
cmd/pkgserver/ui/index.html
View File

@@ -1,26 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="static/style.css">
<title>Hakurei PkgServer</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
<script src="static/index.js"></script>
</head>
<body>
<h1>Hakurei PkgServer</h1>
<table id="pkg-list">
<tr><th>Status</th><th>Name</th><th>Version</th></tr>
</table>
<p>Showing entries <span id="entry-counter"></span>.</p>
<span class="bottom-nav"><a href="javascript:prevPage()">&laquo; Previous</a> <span id="page-number">1</span> <a href="javascript:nextPage()">Next &raquo;</a></span>
<span><label for="count">Entries per page:</label><select name="count" id="count">
<option value="10">10</option>
<option value="25">25</option>
<option value="50">50</option>
<option value="100">100</option>
</select></span>
</body>
<footer>&copy; <a href="https://hakurei.app/">Hakurei</a>. Licensed under the MIT license.</footer>
</html>

0
cmd/pkgserver/ui/static/_common.scss
View File

6
cmd/pkgserver/ui/static/dark.css
View File

@@ -1,6 +0,0 @@
@use 'common';
html {
background-color: #2c2c2c;
color: ghostwhite; }
/*# sourceMappingURL=dark.css.map */

7
cmd/pkgserver/ui/static/dark.css.map
View File

@@ -1,7 +0,0 @@
{
"version": 3,
"mappings": "AAAA,aAAa;AAEb,IAAK;EACH,gBAAgB,EAAE,OAAO;EACzB,KAAK,EAAE,UAAU",
"sources": ["dark.scss"],
"names": [],
"file": "dark.css"
}

6
cmd/pkgserver/ui/static/dark.scss
View File

@@ -1,6 +0,0 @@
@use 'common';
html {
background-color: #2c2c2c;
color: ghostwhite;
}

BIN
cmd/pkgserver/ui/static/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

67
cmd/pkgserver/ui/static/index.js
View File

@@ -1,67 +0,0 @@
"use strict";
var PackageEntry = /** @class */ (function () {
function PackageEntry() {
}
return PackageEntry;
}());
var State = /** @class */ (function () {
function State() {
this.entriesPerPage = 10;
this.currentPage = 1;
this.entryIndex = 0;
this.loadedEntries = [];
}
State.prototype.getEntriesPerPage = function () {
return this.entriesPerPage;
};
State.prototype.setEntriesPerPage = function (entriesPerPage) {
this.entriesPerPage = entriesPerPage;
this.updateRange();
};
State.prototype.getCurrentPage = function () {
return this.currentPage;
};
State.prototype.setCurrentPage = function (page) {
this.currentPage = page;
document.getElementById("page-number").innerText = String(this.currentPage);
this.updateRange();
};
State.prototype.getEntryIndex = function () {
return this.entryIndex;
};
State.prototype.setEntryIndex = function (entryIndex) {
this.entryIndex = entryIndex;
this.updateRange();
};
State.prototype.getLoadedEntries = function () {
return this.loadedEntries;
};
State.prototype.getMaxPage = function () {
return this.loadedEntries.length / this.entriesPerPage;
};
State.prototype.updateRange = function () {
var max = Math.min(this.entryIndex + this.entriesPerPage, this.loadedEntries.length);
document.getElementById("entry-counter").innerText = "".concat(this.entryIndex, "-").concat(max, " of ").concat(this.loadedEntries.length);
};
return State;
}());
var STATE;
function prevPage() {
var current = STATE.getCurrentPage();
if (current > 1) {
STATE.setCurrentPage(STATE.getCurrentPage() - 1);
}
}
function nextPage() {
var current = STATE.getCurrentPage();
if (current < STATE.getMaxPage()) {
STATE.setCurrentPage(STATE.getCurrentPage() + 1);
}
}
document.addEventListener("DOMContentLoaded", function () {
STATE = new State();
STATE.updateRange();
document.getElementById("count").addEventListener("change", function (event) {
STATE.setEntriesPerPage(parseInt(event.target.value));
});
});

66
cmd/pkgserver/ui/static/index.ts
View File

@@ -1,66 +0,0 @@
"use strict"
class PackageEntry {
}
class State {
entriesPerPage: number = 10
currentPage: number = 1
entryIndex: number = 0
loadedEntries: PackageEntry[] = []
getEntriesPerPage(): number {
return this.entriesPerPage
}
setEntriesPerPage(entriesPerPage: number) {
this.entriesPerPage = entriesPerPage
this.updateRange()
}
getCurrentPage(): number {
return this.currentPage
}
setCurrentPage(page: number) {
this.currentPage = page
document.getElementById("page-number").innerText = String(this.currentPage)
this.updateRange()
}
getEntryIndex(): number {
return this.entryIndex
}
setEntryIndex(entryIndex: number) {
this.entryIndex = entryIndex
this.updateRange()
}
getLoadedEntries(): PackageEntry[] {
return this.loadedEntries
}
getMaxPage(): number {
return this.loadedEntries.length / this.entriesPerPage
}
updateRange() {
let max = Math.min(this.entryIndex + this.entriesPerPage, this.loadedEntries.length)
document.getElementById("entry-counter").innerText = `${this.entryIndex}-${max} of ${this.loadedEntries.length}`
}
}
let STATE: State
function prevPage() {
let current = STATE.getCurrentPage()
if (current > 1) {
STATE.setCurrentPage(STATE.getCurrentPage() - 1)
}
}
function nextPage() {
let current = STATE.getCurrentPage()
if (current < STATE.getMaxPage()) {
STATE.setCurrentPage(STATE.getCurrentPage() + 1)
}
}
document.addEventListener("DOMContentLoaded", () => {
STATE = new State()
STATE.updateRange()
document.getElementById("count").addEventListener("change", (event) => {
STATE.setEntriesPerPage(parseInt((event.target as HTMLSelectElement).value))
})
})

6
cmd/pkgserver/ui/static/light.css
View File

@@ -1,6 +0,0 @@
@use 'common';
html {
background-color: #d3d3d3;
color: black; }
/*# sourceMappingURL=light.css.map */

7
cmd/pkgserver/ui/static/light.css.map
View File

@@ -1,7 +0,0 @@
{
"version": 3,
"mappings": "AAAA,aAAa;AAEb,IAAK;EACH,gBAAgB,EAAE,OAAO;EACzB,KAAK,EAAE,KAAK",
"sources": ["light.scss"],
"names": [],
"file": "light.css"
}

6
cmd/pkgserver/ui/static/light.scss
View File

@@ -1,6 +0,0 @@
@use 'common';
html {
background-color: #d3d3d3;
color: black;
}

41
container/container.go
View File

@@ -20,6 +20,7 @@ import (
"hakurei.app/container/fhs" "hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -38,9 +39,13 @@ type (
Container struct { Container struct {
// Whether the container init should stay alive after its parent terminates. // Whether the container init should stay alive after its parent terminates.
AllowOrphan bool AllowOrphan bool
// Scheduling policy to set via sched_setscheduler(2). The zero value // Whether to set SchedPolicy and SchedPriority via sched_setscheduler(2).
// skips this call. Supported policies are [SCHED_BATCH], [SCHED_IDLE]. SetScheduler bool
SchedPolicy int // Scheduling policy to set via sched_setscheduler(2).
SchedPolicy ext.SchedPolicy
// Scheduling priority to set via sched_setscheduler(2). The zero value
// implies the minimum value supported by the current SchedPolicy.
SchedPriority ext.Int
// Cgroup fd, nil to disable. // Cgroup fd, nil to disable.
Cgroup *int Cgroup *int
// ExtraFiles passed through to initial process in the container, with // ExtraFiles passed through to initial process in the container, with
@@ -373,16 +378,38 @@ func (p *Container) Start() error {
// sched_setscheduler: thread-directed but acts on all processes // sched_setscheduler: thread-directed but acts on all processes
// created from the calling thread // created from the calling thread
if p.SchedPolicy > 0 { if p.SetScheduler {
p.msg.Verbosef("setting scheduling policy %d", p.SchedPolicy) if p.SchedPolicy < 0 || p.SchedPolicy > ext.SCHED_LAST {
return &StartError{
Fatal: false,
Step: "set scheduling policy",
Err: EINVAL,
}
}
var param schedParam
if priority, err := p.SchedPolicy.GetPriorityMin(); err != nil {
return &StartError{
Fatal: true,
Step: "get minimum priority",
Err: err,
}
} else {
param.priority = max(priority, p.SchedPriority)
}
p.msg.Verbosef(
"setting scheduling policy %s priority %d",
p.SchedPolicy, param.priority,
)
if err := schedSetscheduler( if err := schedSetscheduler(
0, // calling thread 0, // calling thread
p.SchedPolicy, p.SchedPolicy,
&schedParam{0}, &param,
); err != nil { ); err != nil {
return &StartError{ return &StartError{
Fatal: true, Fatal: true,
Step: "enforce landlock ruleset", Step: "set scheduling policy",
Err: err, Err: err,
} }
} }

3
container/container_test.go
View File

@@ -25,6 +25,7 @@ import (
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/vfs" "hakurei.app/container/vfs"
"hakurei.app/ext"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/ldd" "hakurei.app/ldd"
"hakurei.app/message" "hakurei.app/message"
@@ -258,7 +259,7 @@ var containerTestCases = []struct {
1000, 100, nil, 0, std.PresetExt}, 1000, 100, nil, 0, std.PresetExt},
{"custom rules", true, true, true, false, {"custom rules", true, true, true, false,
emptyOps, emptyMnt, emptyOps, emptyMnt,
1, 31, []std.NativeRule{{Syscall: std.ScmpSyscall(syscall.SYS_SETUID), Errno: std.ScmpErrno(syscall.EPERM)}}, 0, std.PresetExt}, 1, 31, []std.NativeRule{{Syscall: ext.SyscallNum(syscall.SYS_SETUID), Errno: std.ScmpErrno(syscall.EPERM)}}, 0, std.PresetExt},
{"tmpfs", true, false, false, true, {"tmpfs", true, false, false, true,
earlyOps(new(container.Ops). earlyOps(new(container.Ops).

44
container/dispatcher.go
View File

@@ -3,6 +3,7 @@ package container
import ( import (
"io" "io"
"io/fs" "io/fs"
"net"
"os" "os"
"os/exec" "os/exec"
"os/signal" "os/signal"
@@ -12,6 +13,7 @@ import (
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/internal/netlink"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -167,7 +169,47 @@ func (k direct) mountTmpfs(fsname, target string, flags uintptr, size int, perm
func (direct) ensureFile(name string, perm, pperm os.FileMode) error { func (direct) ensureFile(name string, perm, pperm os.FileMode) error {
return ensureFile(name, perm, pperm) return ensureFile(name, perm, pperm)
} }
func (direct) mustLoopback(msg message.Msg) { mustLoopback(msg) } func (direct) mustLoopback(msg message.Msg) {
var lo int
if ifi, err := net.InterfaceByName("lo"); err != nil {
msg.GetLogger().Fatalln(err)
} else {
lo = ifi.Index
}
c, err := netlink.DialRoute()
if err != nil {
msg.GetLogger().Fatalln(err)
}
must := func(err error) {
if err == nil {
return
}
if closeErr := c.Close(); closeErr != nil {
msg.Verbosef("cannot close RTNETLINK: %v", closeErr)
}
switch err.(type) {
case *os.SyscallError:
msg.GetLogger().Fatalf("cannot %v", err)
case syscall.Errno:
msg.GetLogger().Fatalf("RTNETLINK answers: %v", err)
default:
msg.GetLogger().Fatalf("RTNETLINK answers with malformed message")
}
}
must(c.SendNewaddrLo(uint32(lo)))
must(c.SendIfInfomsg(syscall.RTM_NEWLINK, 0, &syscall.IfInfomsg{
Family: syscall.AF_UNSPEC,
Index: int32(lo),
Flags: syscall.IFF_UP,
Change: syscall.IFF_UP,
}))
must(c.Close())
}
func (direct) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error { func (direct) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error {
return seccomp.Load(rules, flags) return seccomp.Load(rules, flags)

37
container/executable.go
View File

@@ -1,37 +0,0 @@
package container
import (
"fmt"
"log"
"os"
"sync"
"hakurei.app/message"
)
var (
executable string
executableOnce sync.Once
)
func copyExecutable(msg message.Msg) {
if name, err := os.Executable(); err != nil {
m := fmt.Sprintf("cannot read executable path: %v", err)
if msg != nil {
msg.BeforeExit()
msg.GetLogger().Fatal(m)
} else {
log.Fatal(m)
}
} else {
executable = name
}
}
// MustExecutable calls [os.Executable] and terminates the process on error.
//
// Deprecated: This is no longer used and will be removed in 0.4.
func MustExecutable(msg message.Msg) string {
executableOnce.Do(func() { copyExecutable(msg) })
return executable
}

18
container/executable_test.go
View File

@@ -1,18 +0,0 @@
package container_test
import (
"os"
"testing"
"hakurei.app/container"
"hakurei.app/message"
)
func TestExecutable(t *testing.T) {
t.Parallel()
for i := 0; i < 16; i++ {
if got := container.MustExecutable(message.New(nil)); got != os.Args[0] {
t.Errorf("MustExecutable: %q, want %q", got, os.Args[0])
}
}
}

6
container/landlock.go
View File

@@ -5,7 +5,7 @@ import (
"syscall" "syscall"
"unsafe" "unsafe"
"hakurei.app/container/std" "hakurei.app/ext"
) )
// include/uapi/linux/landlock.h // include/uapi/linux/landlock.h
@@ -223,7 +223,7 @@ func (rulesetAttr *RulesetAttr) Create(flags uintptr) (fd int, err error) {
} }
rulesetFd, _, errno := syscall.Syscall( rulesetFd, _, errno := syscall.Syscall(
std.SYS_LANDLOCK_CREATE_RULESET, ext.SYS_LANDLOCK_CREATE_RULESET,
pointer, size, pointer, size,
flags, flags,
) )
@@ -247,7 +247,7 @@ func LandlockGetABI() (int, error) {
// LandlockRestrictSelf applies a loaded ruleset to the calling thread. // LandlockRestrictSelf applies a loaded ruleset to the calling thread.
func LandlockRestrictSelf(rulesetFd int, flags uintptr) error { func LandlockRestrictSelf(rulesetFd int, flags uintptr) error {
r, _, errno := syscall.Syscall( r, _, errno := syscall.Syscall(
std.SYS_LANDLOCK_RESTRICT_SELF, ext.SYS_LANDLOCK_RESTRICT_SELF,
uintptr(rulesetFd), uintptr(rulesetFd),
flags, flags,
0, 0,

269
container/netlink.go
View File

@@ -1,269 +0,0 @@
package container
import (
"encoding/binary"
"errors"
"net"
"os"
. "syscall"
"unsafe"
"hakurei.app/container/std"
"hakurei.app/message"
)
// rtnetlink represents a NETLINK_ROUTE socket.
type rtnetlink struct {
// Sent as part of rtnetlink messages.
pid uint32
// AF_NETLINK socket.
fd int
// Whether the socket is open.
ok bool
// Message sequence number.
seq uint32
}
// open creates the underlying NETLINK_ROUTE socket.
func (s *rtnetlink) open() (err error) {
if s.ok || s.fd < 0 {
return os.ErrInvalid
}
s.pid = uint32(Getpid())
if s.fd, err = Socket(
AF_NETLINK,
SOCK_RAW|SOCK_CLOEXEC,
NETLINK_ROUTE,
); err != nil {
return os.NewSyscallError("socket", err)
} else if err = Bind(s.fd, &SockaddrNetlink{
Family: AF_NETLINK,
Pid: s.pid,
}); err != nil {
_ = s.close()
return os.NewSyscallError("bind", err)
} else {
s.ok = true
return nil
}
}
// close closes the underlying NETLINK_ROUTE socket.
func (s *rtnetlink) close() error {
if !s.ok {
return os.ErrInvalid
}
s.ok = false
err := Close(s.fd)
s.fd = -1
return err
}
// roundtrip sends a netlink message and handles the reply.
func (s *rtnetlink) roundtrip(data []byte) error {
if !s.ok {
return os.ErrInvalid
}
defer func() { s.seq++ }()
if err := Sendto(s.fd, data, 0, &SockaddrNetlink{
Family: AF_NETLINK,
}); err != nil {
return os.NewSyscallError("sendto", err)
}
buf := make([]byte, Getpagesize())
done:
for {
p := buf
if n, _, err := Recvfrom(s.fd, p, 0); err != nil {
return os.NewSyscallError("recvfrom", err)
} else if n < NLMSG_HDRLEN {
return errors.ErrUnsupported
} else {
p = p[:n]
}
if msgs, err := ParseNetlinkMessage(p); err != nil {
return err
} else {
for _, m := range msgs {
if m.Header.Seq != s.seq || m.Header.Pid != s.pid {
return errors.ErrUnsupported
}
if m.Header.Type == NLMSG_DONE {
break done
}
if m.Header.Type == NLMSG_ERROR {
if len(m.Data) >= 4 {
errno := Errno(-std.Int(binary.NativeEndian.Uint32(m.Data)))
if errno == 0 {
return nil
}
return errno
}
return errors.ErrUnsupported
}
}
}
}
return nil
}
// mustRoundtrip calls roundtrip and terminates via msg for a non-nil error.
func (s *rtnetlink) mustRoundtrip(msg message.Msg, data []byte) {
err := s.roundtrip(data)
if err == nil {
return
}
if closeErr := Close(s.fd); closeErr != nil {
msg.Verbosef("cannot close: %v", err)
}
switch err.(type) {
case *os.SyscallError:
msg.GetLogger().Fatalf("cannot %v", err)
case Errno:
msg.GetLogger().Fatalf("RTNETLINK answers: %v", err)
default:
msg.GetLogger().Fatalln("RTNETLINK answers with unexpected message")
}
}
// newaddrLo represents a RTM_NEWADDR message with two addresses.
type newaddrLo struct {
header NlMsghdr
data IfAddrmsg
r0 RtAttr
a0 [4]byte // in_addr
r1 RtAttr
a1 [4]byte // in_addr
}
// sizeofNewaddrLo is the expected size of newaddrLo.
const sizeofNewaddrLo = NLMSG_HDRLEN + SizeofIfAddrmsg + (SizeofRtAttr+4)*2
// newaddrLo returns the address of a populated newaddrLo.
func (s *rtnetlink) newaddrLo(lo int) *newaddrLo {
return &newaddrLo{NlMsghdr{
Len: sizeofNewaddrLo,
Type: RTM_NEWADDR,
Flags: NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_EXCL,
Seq: s.seq,
Pid: s.pid,
}, IfAddrmsg{
Family: AF_INET,
Prefixlen: 8,
Flags: IFA_F_PERMANENT,
Scope: RT_SCOPE_HOST,
Index: uint32(lo),
}, RtAttr{
Len: uint16(SizeofRtAttr + len(newaddrLo{}.a0)),
Type: IFA_LOCAL,
}, [4]byte{127, 0, 0, 1}, RtAttr{
Len: uint16(SizeofRtAttr + len(newaddrLo{}.a1)),
Type: IFA_ADDRESS,
}, [4]byte{127, 0, 0, 1}}
}
func (msg *newaddrLo) toWireFormat() []byte {
var buf [sizeofNewaddrLo]byte
*(*uint32)(unsafe.Pointer(&buf[0:4][0])) = msg.header.Len
*(*uint16)(unsafe.Pointer(&buf[4:6][0])) = msg.header.Type
*(*uint16)(unsafe.Pointer(&buf[6:8][0])) = msg.header.Flags
*(*uint32)(unsafe.Pointer(&buf[8:12][0])) = msg.header.Seq
*(*uint32)(unsafe.Pointer(&buf[12:16][0])) = msg.header.Pid
buf[16] = msg.data.Family
buf[17] = msg.data.Prefixlen
buf[18] = msg.data.Flags
buf[19] = msg.data.Scope
*(*uint32)(unsafe.Pointer(&buf[20:24][0])) = msg.data.Index
*(*uint16)(unsafe.Pointer(&buf[24:26][0])) = msg.r0.Len
*(*uint16)(unsafe.Pointer(&buf[26:28][0])) = msg.r0.Type
copy(buf[28:32], msg.a0[:])
*(*uint16)(unsafe.Pointer(&buf[32:34][0])) = msg.r1.Len
*(*uint16)(unsafe.Pointer(&buf[34:36][0])) = msg.r1.Type
copy(buf[36:40], msg.a1[:])
return buf[:]
}
// newlinkLo represents a RTM_NEWLINK message.
type newlinkLo struct {
header NlMsghdr
data IfInfomsg
}
// sizeofNewlinkLo is the expected size of newlinkLo.
const sizeofNewlinkLo = NLMSG_HDRLEN + SizeofIfInfomsg
// newlinkLo returns the address of a populated newlinkLo.
func (s *rtnetlink) newlinkLo(lo int) *newlinkLo {
return &newlinkLo{NlMsghdr{
Len: sizeofNewlinkLo,
Type: RTM_NEWLINK,
Flags: NLM_F_REQUEST | NLM_F_ACK,
Seq: s.seq,
Pid: s.pid,
}, IfInfomsg{
Family: AF_UNSPEC,
Index: int32(lo),
Flags: IFF_UP,
Change: IFF_UP,
}}
}
func (msg *newlinkLo) toWireFormat() []byte {
var buf [sizeofNewlinkLo]byte
*(*uint32)(unsafe.Pointer(&buf[0:4][0])) = msg.header.Len
*(*uint16)(unsafe.Pointer(&buf[4:6][0])) = msg.header.Type
*(*uint16)(unsafe.Pointer(&buf[6:8][0])) = msg.header.Flags
*(*uint32)(unsafe.Pointer(&buf[8:12][0])) = msg.header.Seq
*(*uint32)(unsafe.Pointer(&buf[12:16][0])) = msg.header.Pid
buf[16] = msg.data.Family
*(*uint16)(unsafe.Pointer(&buf[18:20][0])) = msg.data.Type
*(*int32)(unsafe.Pointer(&buf[20:24][0])) = msg.data.Index
*(*uint32)(unsafe.Pointer(&buf[24:28][0])) = msg.data.Flags
*(*uint32)(unsafe.Pointer(&buf[28:32][0])) = msg.data.Change
return buf[:]
}
// mustLoopback creates the loopback address and brings the lo interface up.
// mustLoopback calls a fatal method of the underlying [log.Logger] of m with a
// user-facing error message if RTNETLINK behaves unexpectedly.
func mustLoopback(msg message.Msg) {
log := msg.GetLogger()
var lo int
if ifi, err := net.InterfaceByName("lo"); err != nil {
log.Fatalln(err)
} else {
lo = ifi.Index
}
var s rtnetlink
if err := s.open(); err != nil {
log.Fatalln(err)
}
defer func() {
if err := s.close(); err != nil {
msg.Verbosef("cannot close netlink: %v", err)
}
}()
s.mustRoundtrip(msg, s.newaddrLo(lo).toWireFormat())
s.mustRoundtrip(msg, s.newlinkLo(lo).toWireFormat())
}

72
container/netlink_test.go
View File

@@ -1,72 +0,0 @@
package container
import (
"testing"
"unsafe"
)
func TestSizeof(t *testing.T) {
if got := unsafe.Sizeof(newaddrLo{}); got != sizeofNewaddrLo {
t.Fatalf("newaddrLo: sizeof = %#x, want %#x", got, sizeofNewaddrLo)
}
if got := unsafe.Sizeof(newlinkLo{}); got != sizeofNewlinkLo {
t.Fatalf("newlinkLo: sizeof = %#x, want %#x", got, sizeofNewlinkLo)
}
}
func TestRtnetlinkMessage(t *testing.T) {
t.Parallel()
testCases := []struct {
name string
msg interface{ toWireFormat() []byte }
want []byte
}{
{"newaddrLo", (&rtnetlink{pid: 1, seq: 0}).newaddrLo(1), []byte{
/* Len */ 0x28, 0, 0, 0,
/* Type */ 0x14, 0,
/* Flags */ 5, 6,
/* Seq */ 0, 0, 0, 0,
/* Pid */ 1, 0, 0, 0,
/* Family */ 2,
/* Prefixlen */ 8,
/* Flags */ 0x80,
/* Scope */ 0xfe,
/* Index */ 1, 0, 0, 0,
/* Len */ 8, 0,
/* Type */ 2, 0,
/* in_addr */ 127, 0, 0, 1,
/* Len */ 8, 0,
/* Type */ 1, 0,
/* in_addr */ 127, 0, 0, 1,
}},
{"newlinkLo", (&rtnetlink{pid: 1, seq: 1}).newlinkLo(1), []byte{
/* Len */ 0x20, 0, 0, 0,
/* Type */ 0x10, 0,
/* Flags */ 5, 0,
/* Seq */ 1, 0, 0, 0,
/* Pid */ 1, 0, 0, 0,
/* Family */ 0,
/* pad */ 0,
/* Type */ 0, 0,
/* Index */ 1, 0, 0, 0,
/* Flags */ 1, 0, 0, 0,
/* Change */ 1, 0, 0, 0,
}},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
if got := tc.msg.toWireFormat(); string(got) != string(tc.want) {
t.Fatalf("toWireFormat: %#v, want %#v", got, tc.want)
}
})
}
}

5
container/seccomp/libseccomp.go
View File

@@ -16,6 +16,7 @@ import (
"unsafe" "unsafe"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
) )
// ErrInvalidRules is returned for a zero-length rules slice. // ErrInvalidRules is returned for a zero-length rules slice.
@@ -219,9 +220,9 @@ const (
// syscallResolveName resolves a syscall number by name via seccomp_syscall_resolve_name. // syscallResolveName resolves a syscall number by name via seccomp_syscall_resolve_name.
// This function is only for testing the lookup tables and included here for convenience. // This function is only for testing the lookup tables and included here for convenience.
func syscallResolveName(s string) (num std.ScmpSyscall, ok bool) { func syscallResolveName(s string) (num ext.SyscallNum, ok bool) {
v := C.CString(s) v := C.CString(s)
num = std.ScmpSyscall(C.seccomp_syscall_resolve_name(v)) num = ext.SyscallNum(C.seccomp_syscall_resolve_name(v))
C.free(unsafe.Pointer(v)) C.free(unsafe.Pointer(v))
ok = num != C.__NR_SCMP_ERROR ok = num != C.__NR_SCMP_ERROR
return return

1
container/seccomp/presets.go
View File

@@ -6,6 +6,7 @@ import (
. "syscall" . "syscall"
. "hakurei.app/container/std" . "hakurei.app/container/std"
. "hakurei.app/ext"
) )
func Preset(presets FilterPreset, flags ExportFlag) (rules []NativeRule) { func Preset(presets FilterPreset, flags ExportFlag) (rules []NativeRule) {

7
container/seccomp/std_test.go
View File

@@ -6,12 +6,13 @@ import (
"unsafe" "unsafe"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
) )
func TestSyscallResolveName(t *testing.T) { func TestSyscallResolveName(t *testing.T) {
t.Parallel() t.Parallel()
for name, want := range std.Syscalls() { for name, want := range ext.Syscalls() {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
t.Parallel() t.Parallel()
@@ -24,8 +25,8 @@ func TestSyscallResolveName(t *testing.T) {
} }
func TestRuleType(t *testing.T) { func TestRuleType(t *testing.T) {
assertKind[std.Uint, scmpUint](t) assertKind[ext.Uint, scmpUint](t)
assertKind[std.Int, scmpInt](t) assertKind[ext.Int, scmpInt](t)
assertSize[std.NativeRule, syscallRule](t) assertSize[std.NativeRule, syscallRule](t)
assertKind[std.ScmpDatum, scmpDatum](t) assertKind[std.ScmpDatum, scmpDatum](t)

58
container/std/seccomp.go
View File

@@ -1,34 +1,20 @@
package std package std
import ( import "hakurei.app/ext"
"encoding/json"
"strconv"
)
type ( type (
// ScmpUint is equivalent to C.uint.
//
// Deprecated: This type has been renamed to Uint and will be removed in 0.4.
ScmpUint = Uint
// ScmpInt is equivalent to C.int.
//
// Deprecated: This type has been renamed to Int and will be removed in 0.4.
ScmpInt = Int
// ScmpSyscall represents a syscall number passed to libseccomp via [NativeRule.Syscall].
ScmpSyscall Int
// ScmpErrno represents an errno value passed to libseccomp via [NativeRule.Errno]. // ScmpErrno represents an errno value passed to libseccomp via [NativeRule.Errno].
ScmpErrno Int ScmpErrno = ext.Int
// ScmpCompare is equivalent to enum scmp_compare; // ScmpCompare is equivalent to enum scmp_compare;
ScmpCompare Uint ScmpCompare = ext.Uint
// ScmpDatum is equivalent to scmp_datum_t. // ScmpDatum is equivalent to scmp_datum_t.
ScmpDatum uint64 ScmpDatum = uint64
// ScmpArgCmp is equivalent to struct scmp_arg_cmp. // ScmpArgCmp is equivalent to struct scmp_arg_cmp.
ScmpArgCmp struct { ScmpArgCmp struct {
// argument number, starting at 0 // argument number, starting at 0
Arg Uint `json:"arg"` Arg ext.Uint `json:"arg"`
// the comparison op, e.g. SCMP_CMP_* // the comparison op, e.g. SCMP_CMP_*
Op ScmpCompare `json:"op"` Op ScmpCompare `json:"op"`
@@ -39,42 +25,10 @@ type (
// A NativeRule specifies an arch-specific action taken by seccomp under certain conditions. // A NativeRule specifies an arch-specific action taken by seccomp under certain conditions.
NativeRule struct { NativeRule struct {
// Syscall is the arch-dependent syscall number to act against. // Syscall is the arch-dependent syscall number to act against.
Syscall ScmpSyscall `json:"syscall"` Syscall ext.SyscallNum `json:"syscall"`
// Errno is the errno value to return when the condition is satisfied. // Errno is the errno value to return when the condition is satisfied.
Errno ScmpErrno `json:"errno"` Errno ScmpErrno `json:"errno"`
// Arg is the optional struct scmp_arg_cmp passed to libseccomp. // Arg is the optional struct scmp_arg_cmp passed to libseccomp.
Arg *ScmpArgCmp `json:"arg,omitempty"` Arg *ScmpArgCmp `json:"arg,omitempty"`
} }
) )
// MarshalJSON resolves the name of [ScmpSyscall] and encodes it as a [json] string.
// If such a name does not exist, the syscall number is encoded instead.
func (num *ScmpSyscall) MarshalJSON() ([]byte, error) {
n := *num
for name, cur := range Syscalls() {
if cur == n {
return json.Marshal(name)
}
}
return json.Marshal(n)
}
// SyscallNameError is returned when trying to unmarshal an invalid syscall name into [ScmpSyscall].
type SyscallNameError string
func (e SyscallNameError) Error() string { return "invalid syscall name " + strconv.Quote(string(e)) }
// UnmarshalJSON looks up the syscall number corresponding to name encoded in data
// by calling [SyscallResolveName].
func (num *ScmpSyscall) UnmarshalJSON(data []byte) error {
var name string
if err := json.Unmarshal(data, &name); err != nil {
return err
}
if n, ok := SyscallResolveName(name); !ok {
return SyscallNameError(name)
} else {
*num = n
return nil
}
}

28
container/std/syscall.go
View File

@@ -1,28 +0,0 @@
package std
import "iter"
// Syscalls returns an iterator over all wired syscalls.
func Syscalls() iter.Seq2[string, ScmpSyscall] {
return func(yield func(string, ScmpSyscall) bool) {
for name, num := range syscallNum {
if !yield(name, num) {
return
}
}
for name, num := range syscallNumExtra {
if !yield(name, num) {
return
}
}
}
}
// SyscallResolveName resolves a syscall number from its string representation.
func SyscallResolveName(name string) (num ScmpSyscall, ok bool) {
if num, ok = syscallNum[name]; ok {
return
}
num, ok = syscallNumExtra[name]
return
}

13
container/std/syscall_extra_linux_386.go
View File

@@ -1,13 +0,0 @@
package std
var syscallNumExtra = map[string]ScmpSyscall{
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
}
const (
SNR_KEXEC_FILE_LOAD ScmpSyscall = __PNR_kexec_file_load
SNR_SUBPAGE_PROT ScmpSyscall = __PNR_subpage_prot
SNR_SWITCH_ENDIAN ScmpSyscall = __PNR_switch_endian
)

41
container/std/syscall_extra_linux_amd64.go
View File

@@ -1,41 +0,0 @@
package std
var syscallNumExtra = map[string]ScmpSyscall{
"umount": SNR_UMOUNT,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
"vm86": SNR_VM86,
"vm86old": SNR_VM86OLD,
"clock_adjtime64": SNR_CLOCK_ADJTIME64,
"clock_settime64": SNR_CLOCK_SETTIME64,
"chown32": SNR_CHOWN32,
"fchown32": SNR_FCHOWN32,
"lchown32": SNR_LCHOWN32,
"setgid32": SNR_SETGID32,
"setgroups32": SNR_SETGROUPS32,
"setregid32": SNR_SETREGID32,
"setresgid32": SNR_SETRESGID32,
"setresuid32": SNR_SETRESUID32,
"setreuid32": SNR_SETREUID32,
"setuid32": SNR_SETUID32,
}
const (
SNR_UMOUNT ScmpSyscall = __PNR_umount
SNR_SUBPAGE_PROT ScmpSyscall = __PNR_subpage_prot
SNR_SWITCH_ENDIAN ScmpSyscall = __PNR_switch_endian
SNR_VM86 ScmpSyscall = __PNR_vm86
SNR_VM86OLD ScmpSyscall = __PNR_vm86old
SNR_CLOCK_ADJTIME64 ScmpSyscall = __PNR_clock_adjtime64
SNR_CLOCK_SETTIME64 ScmpSyscall = __PNR_clock_settime64
SNR_CHOWN32 ScmpSyscall = __PNR_chown32
SNR_FCHOWN32 ScmpSyscall = __PNR_fchown32
SNR_LCHOWN32 ScmpSyscall = __PNR_lchown32
SNR_SETGID32 ScmpSyscall = __PNR_setgid32
SNR_SETGROUPS32 ScmpSyscall = __PNR_setgroups32
SNR_SETREGID32 ScmpSyscall = __PNR_setregid32
SNR_SETRESGID32 ScmpSyscall = __PNR_setresgid32
SNR_SETRESUID32 ScmpSyscall = __PNR_setresuid32
SNR_SETREUID32 ScmpSyscall = __PNR_setreuid32
SNR_SETUID32 ScmpSyscall = __PNR_setuid32
)

55
container/std/syscall_extra_linux_arm64.go
View File

@@ -1,55 +0,0 @@
package std
import "syscall"
const (
SYS_NEWFSTATAT = syscall.SYS_FSTATAT
)
var syscallNumExtra = map[string]ScmpSyscall{
"uselib": SNR_USELIB,
"clock_adjtime64": SNR_CLOCK_ADJTIME64,
"clock_settime64": SNR_CLOCK_SETTIME64,
"umount": SNR_UMOUNT,
"chown": SNR_CHOWN,
"chown32": SNR_CHOWN32,
"fchown32": SNR_FCHOWN32,
"lchown": SNR_LCHOWN,
"lchown32": SNR_LCHOWN32,
"setgid32": SNR_SETGID32,
"setgroups32": SNR_SETGROUPS32,
"setregid32": SNR_SETREGID32,
"setresgid32": SNR_SETRESGID32,
"setresuid32": SNR_SETRESUID32,
"setreuid32": SNR_SETREUID32,
"setuid32": SNR_SETUID32,
"modify_ldt": SNR_MODIFY_LDT,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
"vm86": SNR_VM86,
"vm86old": SNR_VM86OLD,
}
const (
SNR_USELIB ScmpSyscall = __PNR_uselib
SNR_CLOCK_ADJTIME64 ScmpSyscall = __PNR_clock_adjtime64
SNR_CLOCK_SETTIME64 ScmpSyscall = __PNR_clock_settime64
SNR_UMOUNT ScmpSyscall = __PNR_umount
SNR_CHOWN ScmpSyscall = __PNR_chown
SNR_CHOWN32 ScmpSyscall = __PNR_chown32
SNR_FCHOWN32 ScmpSyscall = __PNR_fchown32
SNR_LCHOWN ScmpSyscall = __PNR_lchown
SNR_LCHOWN32 ScmpSyscall = __PNR_lchown32
SNR_SETGID32 ScmpSyscall = __PNR_setgid32
SNR_SETGROUPS32 ScmpSyscall = __PNR_setgroups32
SNR_SETREGID32 ScmpSyscall = __PNR_setregid32
SNR_SETRESGID32 ScmpSyscall = __PNR_setresgid32
SNR_SETRESUID32 ScmpSyscall = __PNR_setresuid32
SNR_SETREUID32 ScmpSyscall = __PNR_setreuid32
SNR_SETUID32 ScmpSyscall = __PNR_setuid32
SNR_MODIFY_LDT ScmpSyscall = __PNR_modify_ldt
SNR_SUBPAGE_PROT ScmpSyscall = __PNR_subpage_prot
SNR_SWITCH_ENDIAN ScmpSyscall = __PNR_switch_endian
SNR_VM86 ScmpSyscall = __PNR_vm86
SNR_VM86OLD ScmpSyscall = __PNR_vm86old
)

55
container/std/syscall_extra_linux_riscv64.go
View File

@@ -1,55 +0,0 @@
package std
import "syscall"
const (
SYS_NEWFSTATAT = syscall.SYS_FSTATAT
)
var syscallNumExtra = map[string]ScmpSyscall{
"uselib": SNR_USELIB,
"clock_adjtime64": SNR_CLOCK_ADJTIME64,
"clock_settime64": SNR_CLOCK_SETTIME64,
"umount": SNR_UMOUNT,
"chown": SNR_CHOWN,
"chown32": SNR_CHOWN32,
"fchown32": SNR_FCHOWN32,
"lchown": SNR_LCHOWN,
"lchown32": SNR_LCHOWN32,
"setgid32": SNR_SETGID32,
"setgroups32": SNR_SETGROUPS32,
"setregid32": SNR_SETREGID32,
"setresgid32": SNR_SETRESGID32,
"setresuid32": SNR_SETRESUID32,
"setreuid32": SNR_SETREUID32,
"setuid32": SNR_SETUID32,
"modify_ldt": SNR_MODIFY_LDT,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
"vm86": SNR_VM86,
"vm86old": SNR_VM86OLD,
}
const (
SNR_USELIB ScmpSyscall = __PNR_uselib
SNR_CLOCK_ADJTIME64 ScmpSyscall = __PNR_clock_adjtime64
SNR_CLOCK_SETTIME64 ScmpSyscall = __PNR_clock_settime64
SNR_UMOUNT ScmpSyscall = __PNR_umount
SNR_CHOWN ScmpSyscall = __PNR_chown
SNR_CHOWN32 ScmpSyscall = __PNR_chown32
SNR_FCHOWN32 ScmpSyscall = __PNR_fchown32
SNR_LCHOWN ScmpSyscall = __PNR_lchown
SNR_LCHOWN32 ScmpSyscall = __PNR_lchown32
SNR_SETGID32 ScmpSyscall = __PNR_setgid32
SNR_SETGROUPS32 ScmpSyscall = __PNR_setgroups32
SNR_SETREGID32 ScmpSyscall = __PNR_setregid32
SNR_SETRESGID32 ScmpSyscall = __PNR_setresgid32
SNR_SETRESUID32 ScmpSyscall = __PNR_setresuid32
SNR_SETREUID32 ScmpSyscall = __PNR_setreuid32
SNR_SETUID32 ScmpSyscall = __PNR_setuid32
SNR_MODIFY_LDT ScmpSyscall = __PNR_modify_ldt
SNR_SUBPAGE_PROT ScmpSyscall = __PNR_subpage_prot
SNR_SWITCH_ENDIAN ScmpSyscall = __PNR_switch_endian
SNR_VM86 ScmpSyscall = __PNR_vm86
SNR_VM86OLD ScmpSyscall = __PNR_vm86old
)

1034
container/std/syscall_linux_386.go
View File

File diff suppressed because it is too large Load Diff

837
container/std/syscall_linux_amd64.go
View File

@@ -1,837 +0,0 @@
// mksysnum_linux.pl /usr/include/asm/unistd_64.h
// Code generated by the command above; DO NOT EDIT.
package std
import . "syscall"
var syscallNum = map[string]ScmpSyscall{
"read": SNR_READ,
"write": SNR_WRITE,
"open": SNR_OPEN,
"close": SNR_CLOSE,
"stat": SNR_STAT,
"fstat": SNR_FSTAT,
"lstat": SNR_LSTAT,
"poll": SNR_POLL,
"lseek": SNR_LSEEK,
"mmap": SNR_MMAP,
"mprotect": SNR_MPROTECT,
"munmap": SNR_MUNMAP,
"brk": SNR_BRK,
"rt_sigaction": SNR_RT_SIGACTION,
"rt_sigprocmask": SNR_RT_SIGPROCMASK,
"rt_sigreturn": SNR_RT_SIGRETURN,
"ioctl": SNR_IOCTL,
"pread64": SNR_PREAD64,
"pwrite64": SNR_PWRITE64,
"readv": SNR_READV,
"writev": SNR_WRITEV,
"access": SNR_ACCESS,
"pipe": SNR_PIPE,
"select": SNR_SELECT,
"sched_yield": SNR_SCHED_YIELD,
"mremap": SNR_MREMAP,
"msync": SNR_MSYNC,
"mincore": SNR_MINCORE,
"madvise": SNR_MADVISE,
"shmget": SNR_SHMGET,
"shmat": SNR_SHMAT,
"shmctl": SNR_SHMCTL,
"dup": SNR_DUP,
"dup2": SNR_DUP2,
"pause": SNR_PAUSE,
"nanosleep": SNR_NANOSLEEP,
"getitimer": SNR_GETITIMER,
"alarm": SNR_ALARM,
"setitimer": SNR_SETITIMER,
"getpid": SNR_GETPID,
"sendfile": SNR_SENDFILE,
"socket": SNR_SOCKET,
"connect": SNR_CONNECT,
"accept": SNR_ACCEPT,
"sendto": SNR_SENDTO,
"recvfrom": SNR_RECVFROM,
"sendmsg": SNR_SENDMSG,
"recvmsg": SNR_RECVMSG,
"shutdown": SNR_SHUTDOWN,
"bind": SNR_BIND,
"listen": SNR_LISTEN,
"getsockname": SNR_GETSOCKNAME,
"getpeername": SNR_GETPEERNAME,
"socketpair": SNR_SOCKETPAIR,
"setsockopt": SNR_SETSOCKOPT,
"getsockopt": SNR_GETSOCKOPT,
"clone": SNR_CLONE,
"fork": SNR_FORK,
"vfork": SNR_VFORK,
"execve": SNR_EXECVE,
"exit": SNR_EXIT,
"wait4": SNR_WAIT4,
"kill": SNR_KILL,
"uname": SNR_UNAME,
"semget": SNR_SEMGET,
"semop": SNR_SEMOP,
"semctl": SNR_SEMCTL,
"shmdt": SNR_SHMDT,
"msgget": SNR_MSGGET,
"msgsnd": SNR_MSGSND,
"msgrcv": SNR_MSGRCV,
"msgctl": SNR_MSGCTL,
"fcntl": SNR_FCNTL,
"flock": SNR_FLOCK,
"fsync": SNR_FSYNC,
"fdatasync": SNR_FDATASYNC,
"truncate": SNR_TRUNCATE,
"ftruncate": SNR_FTRUNCATE,
"getdents": SNR_GETDENTS,
"getcwd": SNR_GETCWD,
"chdir": SNR_CHDIR,
"fchdir": SNR_FCHDIR,
"rename": SNR_RENAME,
"mkdir": SNR_MKDIR,
"rmdir": SNR_RMDIR,
"creat": SNR_CREAT,
"link": SNR_LINK,
"unlink": SNR_UNLINK,
"symlink": SNR_SYMLINK,
"readlink": SNR_READLINK,
"chmod": SNR_CHMOD,
"fchmod": SNR_FCHMOD,
"chown": SNR_CHOWN,
"fchown": SNR_FCHOWN,
"lchown": SNR_LCHOWN,
"umask": SNR_UMASK,
"gettimeofday": SNR_GETTIMEOFDAY,
"getrlimit": SNR_GETRLIMIT,
"getrusage": SNR_GETRUSAGE,
"sysinfo": SNR_SYSINFO,
"times": SNR_TIMES,
"ptrace": SNR_PTRACE,
"getuid": SNR_GETUID,
"syslog": SNR_SYSLOG,
"getgid": SNR_GETGID,
"setuid": SNR_SETUID,
"setgid": SNR_SETGID,
"geteuid": SNR_GETEUID,
"getegid": SNR_GETEGID,
"setpgid": SNR_SETPGID,
"getppid": SNR_GETPPID,
"getpgrp": SNR_GETPGRP,
"setsid": SNR_SETSID,
"setreuid": SNR_SETREUID,
"setregid": SNR_SETREGID,
"getgroups": SNR_GETGROUPS,
"setgroups": SNR_SETGROUPS,
"setresuid": SNR_SETRESUID,
"getresuid": SNR_GETRESUID,
"setresgid": SNR_SETRESGID,
"getresgid": SNR_GETRESGID,
"getpgid": SNR_GETPGID,
"setfsuid": SNR_SETFSUID,
"setfsgid": SNR_SETFSGID,
"getsid": SNR_GETSID,
"capget": SNR_CAPGET,
"capset": SNR_CAPSET,
"rt_sigpending": SNR_RT_SIGPENDING,
"rt_sigtimedwait": SNR_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SNR_RT_SIGQUEUEINFO,
"rt_sigsuspend": SNR_RT_SIGSUSPEND,
"sigaltstack": SNR_SIGALTSTACK,
"utime": SNR_UTIME,
"mknod": SNR_MKNOD,
"uselib": SNR_USELIB,
"personality": SNR_PERSONALITY,
"ustat": SNR_USTAT,
"statfs": SNR_STATFS,
"fstatfs": SNR_FSTATFS,
"sysfs": SNR_SYSFS,
"getpriority": SNR_GETPRIORITY,
"setpriority": SNR_SETPRIORITY,
"sched_setparam": SNR_SCHED_SETPARAM,
"sched_getparam": SNR_SCHED_GETPARAM,
"sched_setscheduler": SNR_SCHED_SETSCHEDULER,
"sched_getscheduler": SNR_SCHED_GETSCHEDULER,
"sched_get_priority_max": SNR_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SNR_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SNR_SCHED_RR_GET_INTERVAL,
"mlock": SNR_MLOCK,
"munlock": SNR_MUNLOCK,
"mlockall": SNR_MLOCKALL,
"munlockall": SNR_MUNLOCKALL,
"vhangup": SNR_VHANGUP,
"modify_ldt": SNR_MODIFY_LDT,
"pivot_root": SNR_PIVOT_ROOT,
"_sysctl": SNR__SYSCTL,
"prctl": SNR_PRCTL,
"arch_prctl": SNR_ARCH_PRCTL,
"adjtimex": SNR_ADJTIMEX,
"setrlimit": SNR_SETRLIMIT,
"chroot": SNR_CHROOT,
"sync": SNR_SYNC,
"acct": SNR_ACCT,
"settimeofday": SNR_SETTIMEOFDAY,
"mount": SNR_MOUNT,
"umount2": SNR_UMOUNT2,
"swapon": SNR_SWAPON,
"swapoff": SNR_SWAPOFF,
"reboot": SNR_REBOOT,
"sethostname": SNR_SETHOSTNAME,
"setdomainname": SNR_SETDOMAINNAME,
"iopl": SNR_IOPL,
"ioperm": SNR_IOPERM,
"create_module": SNR_CREATE_MODULE,
"init_module": SNR_INIT_MODULE,
"delete_module": SNR_DELETE_MODULE,
"get_kernel_syms": SNR_GET_KERNEL_SYMS,
"query_module": SNR_QUERY_MODULE,
"quotactl": SNR_QUOTACTL,
"nfsservctl": SNR_NFSSERVCTL,
"getpmsg": SNR_GETPMSG,
"putpmsg": SNR_PUTPMSG,
"afs_syscall": SNR_AFS_SYSCALL,
"tuxcall": SNR_TUXCALL,
"security": SNR_SECURITY,
"gettid": SNR_GETTID,
"readahead": SNR_READAHEAD,
"setxattr": SNR_SETXATTR,
"lsetxattr": SNR_LSETXATTR,
"fsetxattr": SNR_FSETXATTR,
"getxattr": SNR_GETXATTR,
"lgetxattr": SNR_LGETXATTR,
"fgetxattr": SNR_FGETXATTR,
"listxattr": SNR_LISTXATTR,
"llistxattr": SNR_LLISTXATTR,
"flistxattr": SNR_FLISTXATTR,
"removexattr": SNR_REMOVEXATTR,
"lremovexattr": SNR_LREMOVEXATTR,
"fremovexattr": SNR_FREMOVEXATTR,
"tkill": SNR_TKILL,
"time": SNR_TIME,
"futex": SNR_FUTEX,
"sched_setaffinity": SNR_SCHED_SETAFFINITY,
"sched_getaffinity": SNR_SCHED_GETAFFINITY,
"set_thread_area": SNR_SET_THREAD_AREA,
"io_setup": SNR_IO_SETUP,
"io_destroy": SNR_IO_DESTROY,
"io_getevents": SNR_IO_GETEVENTS,
"io_submit": SNR_IO_SUBMIT,
"io_cancel": SNR_IO_CANCEL,
"get_thread_area": SNR_GET_THREAD_AREA,
"lookup_dcookie": SNR_LOOKUP_DCOOKIE,
"epoll_create": SNR_EPOLL_CREATE,
"epoll_ctl_old": SNR_EPOLL_CTL_OLD,
"epoll_wait_old": SNR_EPOLL_WAIT_OLD,
"remap_file_pages": SNR_REMAP_FILE_PAGES,
"getdents64": SNR_GETDENTS64,
"set_tid_address": SNR_SET_TID_ADDRESS,
"restart_syscall": SNR_RESTART_SYSCALL,
"semtimedop": SNR_SEMTIMEDOP,
"fadvise64": SNR_FADVISE64,
"timer_create": SNR_TIMER_CREATE,
"timer_settime": SNR_TIMER_SETTIME,
"timer_gettime": SNR_TIMER_GETTIME,
"timer_getoverrun": SNR_TIMER_GETOVERRUN,
"timer_delete": SNR_TIMER_DELETE,
"clock_settime": SNR_CLOCK_SETTIME,
"clock_gettime": SNR_CLOCK_GETTIME,
"clock_getres": SNR_CLOCK_GETRES,
"clock_nanosleep": SNR_CLOCK_NANOSLEEP,
"exit_group": SNR_EXIT_GROUP,
"epoll_wait": SNR_EPOLL_WAIT,
"epoll_ctl": SNR_EPOLL_CTL,
"tgkill": SNR_TGKILL,
"utimes": SNR_UTIMES,
"vserver": SNR_VSERVER,
"mbind": SNR_MBIND,
"set_mempolicy": SNR_SET_MEMPOLICY,
"get_mempolicy": SNR_GET_MEMPOLICY,
"mq_open": SNR_MQ_OPEN,
"mq_unlink": SNR_MQ_UNLINK,
"mq_timedsend": SNR_MQ_TIMEDSEND,
"mq_timedreceive": SNR_MQ_TIMEDRECEIVE,
"mq_notify": SNR_MQ_NOTIFY,
"mq_getsetattr": SNR_MQ_GETSETATTR,
"kexec_load": SNR_KEXEC_LOAD,
"waitid": SNR_WAITID,
"add_key": SNR_ADD_KEY,
"request_key": SNR_REQUEST_KEY,
"keyctl": SNR_KEYCTL,
"ioprio_set": SNR_IOPRIO_SET,
"ioprio_get": SNR_IOPRIO_GET,
"inotify_init": SNR_INOTIFY_INIT,
"inotify_add_watch": SNR_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SNR_INOTIFY_RM_WATCH,
"migrate_pages": SNR_MIGRATE_PAGES,
"openat": SNR_OPENAT,
"mkdirat": SNR_MKDIRAT,
"mknodat": SNR_MKNODAT,
"fchownat": SNR_FCHOWNAT,
"futimesat": SNR_FUTIMESAT,
"newfstatat": SNR_NEWFSTATAT,
"unlinkat": SNR_UNLINKAT,
"renameat": SNR_RENAMEAT,
"linkat": SNR_LINKAT,
"symlinkat": SNR_SYMLINKAT,
"readlinkat": SNR_READLINKAT,
"fchmodat": SNR_FCHMODAT,
"faccessat": SNR_FACCESSAT,
"pselect6": SNR_PSELECT6,
"ppoll": SNR_PPOLL,
"unshare": SNR_UNSHARE,
"set_robust_list": SNR_SET_ROBUST_LIST,
"get_robust_list": SNR_GET_ROBUST_LIST,
"splice": SNR_SPLICE,
"tee": SNR_TEE,
"sync_file_range": SNR_SYNC_FILE_RANGE,
"vmsplice": SNR_VMSPLICE,
"move_pages": SNR_MOVE_PAGES,
"utimensat": SNR_UTIMENSAT,
"epoll_pwait": SNR_EPOLL_PWAIT,
"signalfd": SNR_SIGNALFD,
"timerfd_create": SNR_TIMERFD_CREATE,
"eventfd": SNR_EVENTFD,
"fallocate": SNR_FALLOCATE,
"timerfd_settime": SNR_TIMERFD_SETTIME,
"timerfd_gettime": SNR_TIMERFD_GETTIME,
"accept4": SNR_ACCEPT4,
"signalfd4": SNR_SIGNALFD4,
"eventfd2": SNR_EVENTFD2,
"epoll_create1": SNR_EPOLL_CREATE1,
"dup3": SNR_DUP3,
"pipe2": SNR_PIPE2,
"inotify_init1": SNR_INOTIFY_INIT1,
"preadv": SNR_PREADV,
"pwritev": SNR_PWRITEV,
"rt_tgsigqueueinfo": SNR_RT_TGSIGQUEUEINFO,
"perf_event_open": SNR_PERF_EVENT_OPEN,
"recvmmsg": SNR_RECVMMSG,
"fanotify_init": SNR_FANOTIFY_INIT,
"fanotify_mark": SNR_FANOTIFY_MARK,
"prlimit64": SNR_PRLIMIT64,
"name_to_handle_at": SNR_NAME_TO_HANDLE_AT,
"open_by_handle_at": SNR_OPEN_BY_HANDLE_AT,
"clock_adjtime": SNR_CLOCK_ADJTIME,
"syncfs": SNR_SYNCFS,
"sendmmsg": SNR_SENDMMSG,
"setns": SNR_SETNS,
"getcpu": SNR_GETCPU,
"process_vm_readv": SNR_PROCESS_VM_READV,
"process_vm_writev": SNR_PROCESS_VM_WRITEV,
"kcmp": SNR_KCMP,
"finit_module": SNR_FINIT_MODULE,
"sched_setattr": SNR_SCHED_SETATTR,
"sched_getattr": SNR_SCHED_GETATTR,
"renameat2": SNR_RENAMEAT2,
"seccomp": SNR_SECCOMP,
"getrandom": SNR_GETRANDOM,
"memfd_create": SNR_MEMFD_CREATE,
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"bpf": SNR_BPF,
"execveat": SNR_EXECVEAT,
"userfaultfd": SNR_USERFAULTFD,
"membarrier": SNR_MEMBARRIER,
"mlock2": SNR_MLOCK2,
"copy_file_range": SNR_COPY_FILE_RANGE,
"preadv2": SNR_PREADV2,
"pwritev2": SNR_PWRITEV2,
"pkey_mprotect": SNR_PKEY_MPROTECT,
"pkey_alloc": SNR_PKEY_ALLOC,
"pkey_free": SNR_PKEY_FREE,
"statx": SNR_STATX,
"io_pgetevents": SNR_IO_PGETEVENTS,
"rseq": SNR_RSEQ,
"uretprobe": SNR_URETPROBE,
"pidfd_send_signal": SNR_PIDFD_SEND_SIGNAL,
"io_uring_setup": SNR_IO_URING_SETUP,
"io_uring_enter": SNR_IO_URING_ENTER,
"io_uring_register": SNR_IO_URING_REGISTER,
"open_tree": SNR_OPEN_TREE,
"move_mount": SNR_MOVE_MOUNT,
"fsopen": SNR_FSOPEN,
"fsconfig": SNR_FSCONFIG,
"fsmount": SNR_FSMOUNT,
"fspick": SNR_FSPICK,
"pidfd_open": SNR_PIDFD_OPEN,
"clone3": SNR_CLONE3,
"close_range": SNR_CLOSE_RANGE,
"openat2": SNR_OPENAT2,
"pidfd_getfd": SNR_PIDFD_GETFD,
"faccessat2": SNR_FACCESSAT2,
"process_madvise": SNR_PROCESS_MADVISE,
"epoll_pwait2": SNR_EPOLL_PWAIT2,
"mount_setattr": SNR_MOUNT_SETATTR,
"quotactl_fd": SNR_QUOTACTL_FD,
"landlock_create_ruleset": SNR_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SNR_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SNR_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SNR_MEMFD_SECRET,
"process_mrelease": SNR_PROCESS_MRELEASE,
"futex_waitv": SNR_FUTEX_WAITV,
"set_mempolicy_home_node": SNR_SET_MEMPOLICY_HOME_NODE,
"cachestat": SNR_CACHESTAT,
"fchmodat2": SNR_FCHMODAT2,
"map_shadow_stack": SNR_MAP_SHADOW_STACK,
"futex_wake": SNR_FUTEX_WAKE,
"futex_wait": SNR_FUTEX_WAIT,
"futex_requeue": SNR_FUTEX_REQUEUE,
"statmount": SNR_STATMOUNT,
"listmount": SNR_LISTMOUNT,
"lsm_get_self_attr": SNR_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SNR_LSM_SET_SELF_ATTR,
"lsm_list_modules": SNR_LSM_LIST_MODULES,
"mseal": SNR_MSEAL,
}
const (
SYS_NAME_TO_HANDLE_AT = 303
SYS_OPEN_BY_HANDLE_AT = 304
SYS_CLOCK_ADJTIME = 305
SYS_SYNCFS = 306
SYS_SENDMMSG = 307
SYS_SETNS = 308
SYS_GETCPU = 309
SYS_PROCESS_VM_READV = 310
SYS_PROCESS_VM_WRITEV = 311
SYS_KCMP = 312
SYS_FINIT_MODULE = 313
SYS_SCHED_SETATTR = 314
SYS_SCHED_GETATTR = 315
SYS_RENAMEAT2 = 316
SYS_SECCOMP = 317
SYS_GETRANDOM = 318
SYS_MEMFD_CREATE = 319
SYS_KEXEC_FILE_LOAD = 320
SYS_BPF = 321
SYS_EXECVEAT = 322
SYS_USERFAULTFD = 323
SYS_MEMBARRIER = 324
SYS_MLOCK2 = 325
SYS_COPY_FILE_RANGE = 326
SYS_PREADV2 = 327
SYS_PWRITEV2 = 328
SYS_PKEY_MPROTECT = 329
SYS_PKEY_ALLOC = 330
SYS_PKEY_FREE = 331
SYS_STATX = 332
SYS_IO_PGETEVENTS = 333
SYS_RSEQ = 334
SYS_URETPROBE = 335
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
)
const (
SNR_READ ScmpSyscall = SYS_READ
SNR_WRITE ScmpSyscall = SYS_WRITE
SNR_OPEN ScmpSyscall = SYS_OPEN
SNR_CLOSE ScmpSyscall = SYS_CLOSE
SNR_STAT ScmpSyscall = SYS_STAT
SNR_FSTAT ScmpSyscall = SYS_FSTAT
SNR_LSTAT ScmpSyscall = SYS_LSTAT
SNR_POLL ScmpSyscall = SYS_POLL
SNR_LSEEK ScmpSyscall = SYS_LSEEK
SNR_MMAP ScmpSyscall = SYS_MMAP
SNR_MPROTECT ScmpSyscall = SYS_MPROTECT
SNR_MUNMAP ScmpSyscall = SYS_MUNMAP
SNR_BRK ScmpSyscall = SYS_BRK
SNR_RT_SIGACTION ScmpSyscall = SYS_RT_SIGACTION
SNR_RT_SIGPROCMASK ScmpSyscall = SYS_RT_SIGPROCMASK
SNR_RT_SIGRETURN ScmpSyscall = SYS_RT_SIGRETURN
SNR_IOCTL ScmpSyscall = SYS_IOCTL
SNR_PREAD64 ScmpSyscall = SYS_PREAD64
SNR_PWRITE64 ScmpSyscall = SYS_PWRITE64
SNR_READV ScmpSyscall = SYS_READV
SNR_WRITEV ScmpSyscall = SYS_WRITEV
SNR_ACCESS ScmpSyscall = SYS_ACCESS
SNR_PIPE ScmpSyscall = SYS_PIPE
SNR_SELECT ScmpSyscall = SYS_SELECT
SNR_SCHED_YIELD ScmpSyscall = SYS_SCHED_YIELD
SNR_MREMAP ScmpSyscall = SYS_MREMAP
SNR_MSYNC ScmpSyscall = SYS_MSYNC
SNR_MINCORE ScmpSyscall = SYS_MINCORE
SNR_MADVISE ScmpSyscall = SYS_MADVISE
SNR_SHMGET ScmpSyscall = SYS_SHMGET
SNR_SHMAT ScmpSyscall = SYS_SHMAT
SNR_SHMCTL ScmpSyscall = SYS_SHMCTL
SNR_DUP ScmpSyscall = SYS_DUP
SNR_DUP2 ScmpSyscall = SYS_DUP2
SNR_PAUSE ScmpSyscall = SYS_PAUSE
SNR_NANOSLEEP ScmpSyscall = SYS_NANOSLEEP
SNR_GETITIMER ScmpSyscall = SYS_GETITIMER
SNR_ALARM ScmpSyscall = SYS_ALARM
SNR_SETITIMER ScmpSyscall = SYS_SETITIMER
SNR_GETPID ScmpSyscall = SYS_GETPID
SNR_SENDFILE ScmpSyscall = SYS_SENDFILE
SNR_SOCKET ScmpSyscall = SYS_SOCKET
SNR_CONNECT ScmpSyscall = SYS_CONNECT
SNR_ACCEPT ScmpSyscall = SYS_ACCEPT
SNR_SENDTO ScmpSyscall = SYS_SENDTO
SNR_RECVFROM ScmpSyscall = SYS_RECVFROM
SNR_SENDMSG ScmpSyscall = SYS_SENDMSG
SNR_RECVMSG ScmpSyscall = SYS_RECVMSG
SNR_SHUTDOWN ScmpSyscall = SYS_SHUTDOWN
SNR_BIND ScmpSyscall = SYS_BIND
SNR_LISTEN ScmpSyscall = SYS_LISTEN
SNR_GETSOCKNAME ScmpSyscall = SYS_GETSOCKNAME
SNR_GETPEERNAME ScmpSyscall = SYS_GETPEERNAME
SNR_SOCKETPAIR ScmpSyscall = SYS_SOCKETPAIR
SNR_SETSOCKOPT ScmpSyscall = SYS_SETSOCKOPT
SNR_GETSOCKOPT ScmpSyscall = SYS_GETSOCKOPT
SNR_CLONE ScmpSyscall = SYS_CLONE
SNR_FORK ScmpSyscall = SYS_FORK
SNR_VFORK ScmpSyscall = SYS_VFORK
SNR_EXECVE ScmpSyscall = SYS_EXECVE
SNR_EXIT ScmpSyscall = SYS_EXIT
SNR_WAIT4 ScmpSyscall = SYS_WAIT4
SNR_KILL ScmpSyscall = SYS_KILL
SNR_UNAME ScmpSyscall = SYS_UNAME
SNR_SEMGET ScmpSyscall = SYS_SEMGET
SNR_SEMOP ScmpSyscall = SYS_SEMOP
SNR_SEMCTL ScmpSyscall = SYS_SEMCTL
SNR_SHMDT ScmpSyscall = SYS_SHMDT
SNR_MSGGET ScmpSyscall = SYS_MSGGET
SNR_MSGSND ScmpSyscall = SYS_MSGSND
SNR_MSGRCV ScmpSyscall = SYS_MSGRCV
SNR_MSGCTL ScmpSyscall = SYS_MSGCTL
SNR_FCNTL ScmpSyscall = SYS_FCNTL
SNR_FLOCK ScmpSyscall = SYS_FLOCK
SNR_FSYNC ScmpSyscall = SYS_FSYNC
SNR_FDATASYNC ScmpSyscall = SYS_FDATASYNC
SNR_TRUNCATE ScmpSyscall = SYS_TRUNCATE
SNR_FTRUNCATE ScmpSyscall = SYS_FTRUNCATE
SNR_GETDENTS ScmpSyscall = SYS_GETDENTS
SNR_GETCWD ScmpSyscall = SYS_GETCWD
SNR_CHDIR ScmpSyscall = SYS_CHDIR
SNR_FCHDIR ScmpSyscall = SYS_FCHDIR
SNR_RENAME ScmpSyscall = SYS_RENAME
SNR_MKDIR ScmpSyscall = SYS_MKDIR
SNR_RMDIR ScmpSyscall = SYS_RMDIR
SNR_CREAT ScmpSyscall = SYS_CREAT
SNR_LINK ScmpSyscall = SYS_LINK
SNR_UNLINK ScmpSyscall = SYS_UNLINK
SNR_SYMLINK ScmpSyscall = SYS_SYMLINK
SNR_READLINK ScmpSyscall = SYS_READLINK
SNR_CHMOD ScmpSyscall = SYS_CHMOD
SNR_FCHMOD ScmpSyscall = SYS_FCHMOD
SNR_CHOWN ScmpSyscall = SYS_CHOWN
SNR_FCHOWN ScmpSyscall = SYS_FCHOWN
SNR_LCHOWN ScmpSyscall = SYS_LCHOWN
SNR_UMASK ScmpSyscall = SYS_UMASK
SNR_GETTIMEOFDAY ScmpSyscall = SYS_GETTIMEOFDAY
SNR_GETRLIMIT ScmpSyscall = SYS_GETRLIMIT
SNR_GETRUSAGE ScmpSyscall = SYS_GETRUSAGE
SNR_SYSINFO ScmpSyscall = SYS_SYSINFO
SNR_TIMES ScmpSyscall = SYS_TIMES
SNR_PTRACE ScmpSyscall = SYS_PTRACE
SNR_GETUID ScmpSyscall = SYS_GETUID
SNR_SYSLOG ScmpSyscall = SYS_SYSLOG
SNR_GETGID ScmpSyscall = SYS_GETGID
SNR_SETUID ScmpSyscall = SYS_SETUID
SNR_SETGID ScmpSyscall = SYS_SETGID
SNR_GETEUID ScmpSyscall = SYS_GETEUID
SNR_GETEGID ScmpSyscall = SYS_GETEGID
SNR_SETPGID ScmpSyscall = SYS_SETPGID
SNR_GETPPID ScmpSyscall = SYS_GETPPID
SNR_GETPGRP ScmpSyscall = SYS_GETPGRP
SNR_SETSID ScmpSyscall = SYS_SETSID
SNR_SETREUID ScmpSyscall = SYS_SETREUID
SNR_SETREGID ScmpSyscall = SYS_SETREGID
SNR_GETGROUPS ScmpSyscall = SYS_GETGROUPS
SNR_SETGROUPS ScmpSyscall = SYS_SETGROUPS
SNR_SETRESUID ScmpSyscall = SYS_SETRESUID
SNR_GETRESUID ScmpSyscall = SYS_GETRESUID
SNR_SETRESGID ScmpSyscall = SYS_SETRESGID
SNR_GETRESGID ScmpSyscall = SYS_GETRESGID
SNR_GETPGID ScmpSyscall = SYS_GETPGID
SNR_SETFSUID ScmpSyscall = SYS_SETFSUID
SNR_SETFSGID ScmpSyscall = SYS_SETFSGID
SNR_GETSID ScmpSyscall = SYS_GETSID
SNR_CAPGET ScmpSyscall = SYS_CAPGET
SNR_CAPSET ScmpSyscall = SYS_CAPSET
SNR_RT_SIGPENDING ScmpSyscall = SYS_RT_SIGPENDING
SNR_RT_SIGTIMEDWAIT ScmpSyscall = SYS_RT_SIGTIMEDWAIT
SNR_RT_SIGQUEUEINFO ScmpSyscall = SYS_RT_SIGQUEUEINFO
SNR_RT_SIGSUSPEND ScmpSyscall = SYS_RT_SIGSUSPEND
SNR_SIGALTSTACK ScmpSyscall = SYS_SIGALTSTACK
SNR_UTIME ScmpSyscall = SYS_UTIME
SNR_MKNOD ScmpSyscall = SYS_MKNOD
SNR_USELIB ScmpSyscall = SYS_USELIB
SNR_PERSONALITY ScmpSyscall = SYS_PERSONALITY
SNR_USTAT ScmpSyscall = SYS_USTAT
SNR_STATFS ScmpSyscall = SYS_STATFS
SNR_FSTATFS ScmpSyscall = SYS_FSTATFS
SNR_SYSFS ScmpSyscall = SYS_SYSFS
SNR_GETPRIORITY ScmpSyscall = SYS_GETPRIORITY
SNR_SETPRIORITY ScmpSyscall = SYS_SETPRIORITY
SNR_SCHED_SETPARAM ScmpSyscall = SYS_SCHED_SETPARAM
SNR_SCHED_GETPARAM ScmpSyscall = SYS_SCHED_GETPARAM
SNR_SCHED_SETSCHEDULER ScmpSyscall = SYS_SCHED_SETSCHEDULER
SNR_SCHED_GETSCHEDULER ScmpSyscall = SYS_SCHED_GETSCHEDULER
SNR_SCHED_GET_PRIORITY_MAX ScmpSyscall = SYS_SCHED_GET_PRIORITY_MAX
SNR_SCHED_GET_PRIORITY_MIN ScmpSyscall = SYS_SCHED_GET_PRIORITY_MIN
SNR_SCHED_RR_GET_INTERVAL ScmpSyscall = SYS_SCHED_RR_GET_INTERVAL
SNR_MLOCK ScmpSyscall = SYS_MLOCK
SNR_MUNLOCK ScmpSyscall = SYS_MUNLOCK
SNR_MLOCKALL ScmpSyscall = SYS_MLOCKALL
SNR_MUNLOCKALL ScmpSyscall = SYS_MUNLOCKALL
SNR_VHANGUP ScmpSyscall = SYS_VHANGUP
SNR_MODIFY_LDT ScmpSyscall = SYS_MODIFY_LDT
SNR_PIVOT_ROOT ScmpSyscall = SYS_PIVOT_ROOT
SNR__SYSCTL ScmpSyscall = SYS__SYSCTL
SNR_PRCTL ScmpSyscall = SYS_PRCTL
SNR_ARCH_PRCTL ScmpSyscall = SYS_ARCH_PRCTL
SNR_ADJTIMEX ScmpSyscall = SYS_ADJTIMEX
SNR_SETRLIMIT ScmpSyscall = SYS_SETRLIMIT
SNR_CHROOT ScmpSyscall = SYS_CHROOT
SNR_SYNC ScmpSyscall = SYS_SYNC
SNR_ACCT ScmpSyscall = SYS_ACCT
SNR_SETTIMEOFDAY ScmpSyscall = SYS_SETTIMEOFDAY
SNR_MOUNT ScmpSyscall = SYS_MOUNT
SNR_UMOUNT2 ScmpSyscall = SYS_UMOUNT2
SNR_SWAPON ScmpSyscall = SYS_SWAPON
SNR_SWAPOFF ScmpSyscall = SYS_SWAPOFF
SNR_REBOOT ScmpSyscall = SYS_REBOOT
SNR_SETHOSTNAME ScmpSyscall = SYS_SETHOSTNAME
SNR_SETDOMAINNAME ScmpSyscall = SYS_SETDOMAINNAME
SNR_IOPL ScmpSyscall = SYS_IOPL
SNR_IOPERM ScmpSyscall = SYS_IOPERM
SNR_CREATE_MODULE ScmpSyscall = SYS_CREATE_MODULE
SNR_INIT_MODULE ScmpSyscall = SYS_INIT_MODULE
SNR_DELETE_MODULE ScmpSyscall = SYS_DELETE_MODULE
SNR_GET_KERNEL_SYMS ScmpSyscall = SYS_GET_KERNEL_SYMS
SNR_QUERY_MODULE ScmpSyscall = SYS_QUERY_MODULE
SNR_QUOTACTL ScmpSyscall = SYS_QUOTACTL
SNR_NFSSERVCTL ScmpSyscall = SYS_NFSSERVCTL
SNR_GETPMSG ScmpSyscall = SYS_GETPMSG
SNR_PUTPMSG ScmpSyscall = SYS_PUTPMSG
SNR_AFS_SYSCALL ScmpSyscall = SYS_AFS_SYSCALL
SNR_TUXCALL ScmpSyscall = SYS_TUXCALL
SNR_SECURITY ScmpSyscall = SYS_SECURITY
SNR_GETTID ScmpSyscall = SYS_GETTID
SNR_READAHEAD ScmpSyscall = SYS_READAHEAD
SNR_SETXATTR ScmpSyscall = SYS_SETXATTR
SNR_LSETXATTR ScmpSyscall = SYS_LSETXATTR
SNR_FSETXATTR ScmpSyscall = SYS_FSETXATTR
SNR_GETXATTR ScmpSyscall = SYS_GETXATTR
SNR_LGETXATTR ScmpSyscall = SYS_LGETXATTR
SNR_FGETXATTR ScmpSyscall = SYS_FGETXATTR
SNR_LISTXATTR ScmpSyscall = SYS_LISTXATTR
SNR_LLISTXATTR ScmpSyscall = SYS_LLISTXATTR
SNR_FLISTXATTR ScmpSyscall = SYS_FLISTXATTR
SNR_REMOVEXATTR ScmpSyscall = SYS_REMOVEXATTR
SNR_LREMOVEXATTR ScmpSyscall = SYS_LREMOVEXATTR
SNR_FREMOVEXATTR ScmpSyscall = SYS_FREMOVEXATTR
SNR_TKILL ScmpSyscall = SYS_TKILL
SNR_TIME ScmpSyscall = SYS_TIME
SNR_FUTEX ScmpSyscall = SYS_FUTEX
SNR_SCHED_SETAFFINITY ScmpSyscall = SYS_SCHED_SETAFFINITY
SNR_SCHED_GETAFFINITY ScmpSyscall = SYS_SCHED_GETAFFINITY
SNR_SET_THREAD_AREA ScmpSyscall = SYS_SET_THREAD_AREA
SNR_IO_SETUP ScmpSyscall = SYS_IO_SETUP
SNR_IO_DESTROY ScmpSyscall = SYS_IO_DESTROY
SNR_IO_GETEVENTS ScmpSyscall = SYS_IO_GETEVENTS
SNR_IO_SUBMIT ScmpSyscall = SYS_IO_SUBMIT
SNR_IO_CANCEL ScmpSyscall = SYS_IO_CANCEL
SNR_GET_THREAD_AREA ScmpSyscall = SYS_GET_THREAD_AREA
SNR_LOOKUP_DCOOKIE ScmpSyscall = SYS_LOOKUP_DCOOKIE
SNR_EPOLL_CREATE ScmpSyscall = SYS_EPOLL_CREATE
SNR_EPOLL_CTL_OLD ScmpSyscall = SYS_EPOLL_CTL_OLD
SNR_EPOLL_WAIT_OLD ScmpSyscall = SYS_EPOLL_WAIT_OLD
SNR_REMAP_FILE_PAGES ScmpSyscall = SYS_REMAP_FILE_PAGES
SNR_GETDENTS64 ScmpSyscall = SYS_GETDENTS64
SNR_SET_TID_ADDRESS ScmpSyscall = SYS_SET_TID_ADDRESS
SNR_RESTART_SYSCALL ScmpSyscall = SYS_RESTART_SYSCALL
SNR_SEMTIMEDOP ScmpSyscall = SYS_SEMTIMEDOP
SNR_FADVISE64 ScmpSyscall = SYS_FADVISE64
SNR_TIMER_CREATE ScmpSyscall = SYS_TIMER_CREATE
SNR_TIMER_SETTIME ScmpSyscall = SYS_TIMER_SETTIME
SNR_TIMER_GETTIME ScmpSyscall = SYS_TIMER_GETTIME
SNR_TIMER_GETOVERRUN ScmpSyscall = SYS_TIMER_GETOVERRUN
SNR_TIMER_DELETE ScmpSyscall = SYS_TIMER_DELETE
SNR_CLOCK_SETTIME ScmpSyscall = SYS_CLOCK_SETTIME
SNR_CLOCK_GETTIME ScmpSyscall = SYS_CLOCK_GETTIME
SNR_CLOCK_GETRES ScmpSyscall = SYS_CLOCK_GETRES
SNR_CLOCK_NANOSLEEP ScmpSyscall = SYS_CLOCK_NANOSLEEP
SNR_EXIT_GROUP ScmpSyscall = SYS_EXIT_GROUP
SNR_EPOLL_WAIT ScmpSyscall = SYS_EPOLL_WAIT
SNR_EPOLL_CTL ScmpSyscall = SYS_EPOLL_CTL
SNR_TGKILL ScmpSyscall = SYS_TGKILL
SNR_UTIMES ScmpSyscall = SYS_UTIMES
SNR_VSERVER ScmpSyscall = SYS_VSERVER
SNR_MBIND ScmpSyscall = SYS_MBIND
SNR_SET_MEMPOLICY ScmpSyscall = SYS_SET_MEMPOLICY
SNR_GET_MEMPOLICY ScmpSyscall = SYS_GET_MEMPOLICY
SNR_MQ_OPEN ScmpSyscall = SYS_MQ_OPEN
SNR_MQ_UNLINK ScmpSyscall = SYS_MQ_UNLINK
SNR_MQ_TIMEDSEND ScmpSyscall = SYS_MQ_TIMEDSEND
SNR_MQ_TIMEDRECEIVE ScmpSyscall = SYS_MQ_TIMEDRECEIVE
SNR_MQ_NOTIFY ScmpSyscall = SYS_MQ_NOTIFY
SNR_MQ_GETSETATTR ScmpSyscall = SYS_MQ_GETSETATTR
SNR_KEXEC_LOAD ScmpSyscall = SYS_KEXEC_LOAD
SNR_WAITID ScmpSyscall = SYS_WAITID
SNR_ADD_KEY ScmpSyscall = SYS_ADD_KEY
SNR_REQUEST_KEY ScmpSyscall = SYS_REQUEST_KEY
SNR_KEYCTL ScmpSyscall = SYS_KEYCTL
SNR_IOPRIO_SET ScmpSyscall = SYS_IOPRIO_SET
SNR_IOPRIO_GET ScmpSyscall = SYS_IOPRIO_GET
SNR_INOTIFY_INIT ScmpSyscall = SYS_INOTIFY_INIT
SNR_INOTIFY_ADD_WATCH ScmpSyscall = SYS_INOTIFY_ADD_WATCH
SNR_INOTIFY_RM_WATCH ScmpSyscall = SYS_INOTIFY_RM_WATCH
SNR_MIGRATE_PAGES ScmpSyscall = SYS_MIGRATE_PAGES
SNR_OPENAT ScmpSyscall = SYS_OPENAT
SNR_MKDIRAT ScmpSyscall = SYS_MKDIRAT
SNR_MKNODAT ScmpSyscall = SYS_MKNODAT
SNR_FCHOWNAT ScmpSyscall = SYS_FCHOWNAT
SNR_FUTIMESAT ScmpSyscall = SYS_FUTIMESAT
SNR_NEWFSTATAT ScmpSyscall = SYS_NEWFSTATAT
SNR_UNLINKAT ScmpSyscall = SYS_UNLINKAT
SNR_RENAMEAT ScmpSyscall = SYS_RENAMEAT
SNR_LINKAT ScmpSyscall = SYS_LINKAT
SNR_SYMLINKAT ScmpSyscall = SYS_SYMLINKAT
SNR_READLINKAT ScmpSyscall = SYS_READLINKAT
SNR_FCHMODAT ScmpSyscall = SYS_FCHMODAT
SNR_FACCESSAT ScmpSyscall = SYS_FACCESSAT
SNR_PSELECT6 ScmpSyscall = SYS_PSELECT6
SNR_PPOLL ScmpSyscall = SYS_PPOLL
SNR_UNSHARE ScmpSyscall = SYS_UNSHARE
SNR_SET_ROBUST_LIST ScmpSyscall = SYS_SET_ROBUST_LIST
SNR_GET_ROBUST_LIST ScmpSyscall = SYS_GET_ROBUST_LIST
SNR_SPLICE ScmpSyscall = SYS_SPLICE
SNR_TEE ScmpSyscall = SYS_TEE
SNR_SYNC_FILE_RANGE ScmpSyscall = SYS_SYNC_FILE_RANGE
SNR_VMSPLICE ScmpSyscall = SYS_VMSPLICE
SNR_MOVE_PAGES ScmpSyscall = SYS_MOVE_PAGES
SNR_UTIMENSAT ScmpSyscall = SYS_UTIMENSAT
SNR_EPOLL_PWAIT ScmpSyscall = SYS_EPOLL_PWAIT
SNR_SIGNALFD ScmpSyscall = SYS_SIGNALFD
SNR_TIMERFD_CREATE ScmpSyscall = SYS_TIMERFD_CREATE
SNR_EVENTFD ScmpSyscall = SYS_EVENTFD
SNR_FALLOCATE ScmpSyscall = SYS_FALLOCATE
SNR_TIMERFD_SETTIME ScmpSyscall = SYS_TIMERFD_SETTIME
SNR_TIMERFD_GETTIME ScmpSyscall = SYS_TIMERFD_GETTIME
SNR_ACCEPT4 ScmpSyscall = SYS_ACCEPT4
SNR_SIGNALFD4 ScmpSyscall = SYS_SIGNALFD4
SNR_EVENTFD2 ScmpSyscall = SYS_EVENTFD2
SNR_EPOLL_CREATE1 ScmpSyscall = SYS_EPOLL_CREATE1
SNR_DUP3 ScmpSyscall = SYS_DUP3
SNR_PIPE2 ScmpSyscall = SYS_PIPE2
SNR_INOTIFY_INIT1 ScmpSyscall = SYS_INOTIFY_INIT1
SNR_PREADV ScmpSyscall = SYS_PREADV
SNR_PWRITEV ScmpSyscall = SYS_PWRITEV
SNR_RT_TGSIGQUEUEINFO ScmpSyscall = SYS_RT_TGSIGQUEUEINFO
SNR_PERF_EVENT_OPEN ScmpSyscall = SYS_PERF_EVENT_OPEN
SNR_RECVMMSG ScmpSyscall = SYS_RECVMMSG
SNR_FANOTIFY_INIT ScmpSyscall = SYS_FANOTIFY_INIT
SNR_FANOTIFY_MARK ScmpSyscall = SYS_FANOTIFY_MARK
SNR_PRLIMIT64 ScmpSyscall = SYS_PRLIMIT64
SNR_NAME_TO_HANDLE_AT ScmpSyscall = SYS_NAME_TO_HANDLE_AT
SNR_OPEN_BY_HANDLE_AT ScmpSyscall = SYS_OPEN_BY_HANDLE_AT
SNR_CLOCK_ADJTIME ScmpSyscall = SYS_CLOCK_ADJTIME
SNR_SYNCFS ScmpSyscall = SYS_SYNCFS
SNR_SENDMMSG ScmpSyscall = SYS_SENDMMSG
SNR_SETNS ScmpSyscall = SYS_SETNS
SNR_GETCPU ScmpSyscall = SYS_GETCPU
SNR_PROCESS_VM_READV ScmpSyscall = SYS_PROCESS_VM_READV
SNR_PROCESS_VM_WRITEV ScmpSyscall = SYS_PROCESS_VM_WRITEV
SNR_KCMP ScmpSyscall = SYS_KCMP
SNR_FINIT_MODULE ScmpSyscall = SYS_FINIT_MODULE
SNR_SCHED_SETATTR ScmpSyscall = SYS_SCHED_SETATTR
SNR_SCHED_GETATTR ScmpSyscall = SYS_SCHED_GETATTR
SNR_RENAMEAT2 ScmpSyscall = SYS_RENAMEAT2
SNR_SECCOMP ScmpSyscall = SYS_SECCOMP
SNR_GETRANDOM ScmpSyscall = SYS_GETRANDOM
SNR_MEMFD_CREATE ScmpSyscall = SYS_MEMFD_CREATE
SNR_KEXEC_FILE_LOAD ScmpSyscall = SYS_KEXEC_FILE_LOAD
SNR_BPF ScmpSyscall = SYS_BPF
SNR_EXECVEAT ScmpSyscall = SYS_EXECVEAT
SNR_USERFAULTFD ScmpSyscall = SYS_USERFAULTFD
SNR_MEMBARRIER ScmpSyscall = SYS_MEMBARRIER
SNR_MLOCK2 ScmpSyscall = SYS_MLOCK2
SNR_COPY_FILE_RANGE ScmpSyscall = SYS_COPY_FILE_RANGE
SNR_PREADV2 ScmpSyscall = SYS_PREADV2
SNR_PWRITEV2 ScmpSyscall = SYS_PWRITEV2
SNR_PKEY_MPROTECT ScmpSyscall = SYS_PKEY_MPROTECT
SNR_PKEY_ALLOC ScmpSyscall = SYS_PKEY_ALLOC
SNR_PKEY_FREE ScmpSyscall = SYS_PKEY_FREE
SNR_STATX ScmpSyscall = SYS_STATX
SNR_IO_PGETEVENTS ScmpSyscall = SYS_IO_PGETEVENTS
SNR_RSEQ ScmpSyscall = SYS_RSEQ
SNR_URETPROBE ScmpSyscall = SYS_URETPROBE
SNR_PIDFD_SEND_SIGNAL ScmpSyscall = SYS_PIDFD_SEND_SIGNAL
SNR_IO_URING_SETUP ScmpSyscall = SYS_IO_URING_SETUP
SNR_IO_URING_ENTER ScmpSyscall = SYS_IO_URING_ENTER
SNR_IO_URING_REGISTER ScmpSyscall = SYS_IO_URING_REGISTER
SNR_OPEN_TREE ScmpSyscall = SYS_OPEN_TREE
SNR_MOVE_MOUNT ScmpSyscall = SYS_MOVE_MOUNT
SNR_FSOPEN ScmpSyscall = SYS_FSOPEN
SNR_FSCONFIG ScmpSyscall = SYS_FSCONFIG
SNR_FSMOUNT ScmpSyscall = SYS_FSMOUNT
SNR_FSPICK ScmpSyscall = SYS_FSPICK
SNR_PIDFD_OPEN ScmpSyscall = SYS_PIDFD_OPEN
SNR_CLONE3 ScmpSyscall = SYS_CLONE3
SNR_CLOSE_RANGE ScmpSyscall = SYS_CLOSE_RANGE
SNR_OPENAT2 ScmpSyscall = SYS_OPENAT2
SNR_PIDFD_GETFD ScmpSyscall = SYS_PIDFD_GETFD
SNR_FACCESSAT2 ScmpSyscall = SYS_FACCESSAT2
SNR_PROCESS_MADVISE ScmpSyscall = SYS_PROCESS_MADVISE
SNR_EPOLL_PWAIT2 ScmpSyscall = SYS_EPOLL_PWAIT2
SNR_MOUNT_SETATTR ScmpSyscall = SYS_MOUNT_SETATTR
SNR_QUOTACTL_FD ScmpSyscall = SYS_QUOTACTL_FD
SNR_LANDLOCK_CREATE_RULESET ScmpSyscall = SYS_LANDLOCK_CREATE_RULESET
SNR_LANDLOCK_ADD_RULE ScmpSyscall = SYS_LANDLOCK_ADD_RULE
SNR_LANDLOCK_RESTRICT_SELF ScmpSyscall = SYS_LANDLOCK_RESTRICT_SELF
SNR_MEMFD_SECRET ScmpSyscall = SYS_MEMFD_SECRET
SNR_PROCESS_MRELEASE ScmpSyscall = SYS_PROCESS_MRELEASE
SNR_FUTEX_WAITV ScmpSyscall = SYS_FUTEX_WAITV
SNR_SET_MEMPOLICY_HOME_NODE ScmpSyscall = SYS_SET_MEMPOLICY_HOME_NODE
SNR_CACHESTAT ScmpSyscall = SYS_CACHESTAT
SNR_FCHMODAT2 ScmpSyscall = SYS_FCHMODAT2
SNR_MAP_SHADOW_STACK ScmpSyscall = SYS_MAP_SHADOW_STACK
SNR_FUTEX_WAKE ScmpSyscall = SYS_FUTEX_WAKE
SNR_FUTEX_WAIT ScmpSyscall = SYS_FUTEX_WAIT
SNR_FUTEX_REQUEUE ScmpSyscall = SYS_FUTEX_REQUEUE
SNR_STATMOUNT ScmpSyscall = SYS_STATMOUNT
SNR_LISTMOUNT ScmpSyscall = SYS_LISTMOUNT
SNR_LSM_GET_SELF_ATTR ScmpSyscall = SYS_LSM_GET_SELF_ATTR
SNR_LSM_SET_SELF_ATTR ScmpSyscall = SYS_LSM_SET_SELF_ATTR
SNR_LSM_LIST_MODULES ScmpSyscall = SYS_LSM_LIST_MODULES
SNR_MSEAL ScmpSyscall = SYS_MSEAL
)

703
container/std/syscall_linux_arm64.go
View File

@@ -1,703 +0,0 @@
// mksysnum_linux.pl /usr/include/asm/unistd_64.h
// Code generated by the command above; DO NOT EDIT.
package std
import . "syscall"
var syscallNum = map[string]ScmpSyscall{
"io_setup": SNR_IO_SETUP,
"io_destroy": SNR_IO_DESTROY,
"io_submit": SNR_IO_SUBMIT,
"io_cancel": SNR_IO_CANCEL,
"io_getevents": SNR_IO_GETEVENTS,
"setxattr": SNR_SETXATTR,
"lsetxattr": SNR_LSETXATTR,
"fsetxattr": SNR_FSETXATTR,
"getxattr": SNR_GETXATTR,
"lgetxattr": SNR_LGETXATTR,
"fgetxattr": SNR_FGETXATTR,
"listxattr": SNR_LISTXATTR,
"llistxattr": SNR_LLISTXATTR,
"flistxattr": SNR_FLISTXATTR,
"removexattr": SNR_REMOVEXATTR,
"lremovexattr": SNR_LREMOVEXATTR,
"fremovexattr": SNR_FREMOVEXATTR,
"getcwd": SNR_GETCWD,
"lookup_dcookie": SNR_LOOKUP_DCOOKIE,
"eventfd2": SNR_EVENTFD2,
"epoll_create1": SNR_EPOLL_CREATE1,
"epoll_ctl": SNR_EPOLL_CTL,
"epoll_pwait": SNR_EPOLL_PWAIT,
"dup": SNR_DUP,
"dup3": SNR_DUP3,
"fcntl": SNR_FCNTL,
"inotify_init1": SNR_INOTIFY_INIT1,
"inotify_add_watch": SNR_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SNR_INOTIFY_RM_WATCH,
"ioctl": SNR_IOCTL,
"ioprio_set": SNR_IOPRIO_SET,
"ioprio_get": SNR_IOPRIO_GET,
"flock": SNR_FLOCK,
"mknodat": SNR_MKNODAT,
"mkdirat": SNR_MKDIRAT,
"unlinkat": SNR_UNLINKAT,
"symlinkat": SNR_SYMLINKAT,
"linkat": SNR_LINKAT,
"renameat": SNR_RENAMEAT,
"umount2": SNR_UMOUNT2,
"mount": SNR_MOUNT,
"pivot_root": SNR_PIVOT_ROOT,
"nfsservctl": SNR_NFSSERVCTL,
"statfs": SNR_STATFS,
"fstatfs": SNR_FSTATFS,
"truncate": SNR_TRUNCATE,
"ftruncate": SNR_FTRUNCATE,
"fallocate": SNR_FALLOCATE,
"faccessat": SNR_FACCESSAT,
"chdir": SNR_CHDIR,
"fchdir": SNR_FCHDIR,
"chroot": SNR_CHROOT,
"fchmod": SNR_FCHMOD,
"fchmodat": SNR_FCHMODAT,
"fchownat": SNR_FCHOWNAT,
"fchown": SNR_FCHOWN,
"openat": SNR_OPENAT,
"close": SNR_CLOSE,
"vhangup": SNR_VHANGUP,
"pipe2": SNR_PIPE2,
"quotactl": SNR_QUOTACTL,
"getdents64": SNR_GETDENTS64,
"lseek": SNR_LSEEK,
"read": SNR_READ,
"write": SNR_WRITE,
"readv": SNR_READV,
"writev": SNR_WRITEV,
"pread64": SNR_PREAD64,
"pwrite64": SNR_PWRITE64,
"preadv": SNR_PREADV,
"pwritev": SNR_PWRITEV,
"sendfile": SNR_SENDFILE,
"pselect6": SNR_PSELECT6,
"ppoll": SNR_PPOLL,
"signalfd4": SNR_SIGNALFD4,
"vmsplice": SNR_VMSPLICE,
"splice": SNR_SPLICE,
"tee": SNR_TEE,
"readlinkat": SNR_READLINKAT,
"newfstatat": SNR_NEWFSTATAT,
"fstat": SNR_FSTAT,
"sync": SNR_SYNC,
"fsync": SNR_FSYNC,
"fdatasync": SNR_FDATASYNC,
"sync_file_range": SNR_SYNC_FILE_RANGE,
"timerfd_create": SNR_TIMERFD_CREATE,
"timerfd_settime": SNR_TIMERFD_SETTIME,
"timerfd_gettime": SNR_TIMERFD_GETTIME,
"utimensat": SNR_UTIMENSAT,
"acct": SNR_ACCT,
"capget": SNR_CAPGET,
"capset": SNR_CAPSET,
"personality": SNR_PERSONALITY,
"exit": SNR_EXIT,
"exit_group": SNR_EXIT_GROUP,
"waitid": SNR_WAITID,
"set_tid_address": SNR_SET_TID_ADDRESS,
"unshare": SNR_UNSHARE,
"futex": SNR_FUTEX,
"set_robust_list": SNR_SET_ROBUST_LIST,
"get_robust_list": SNR_GET_ROBUST_LIST,
"nanosleep": SNR_NANOSLEEP,
"getitimer": SNR_GETITIMER,
"setitimer": SNR_SETITIMER,
"kexec_load": SNR_KEXEC_LOAD,
"init_module": SNR_INIT_MODULE,
"delete_module": SNR_DELETE_MODULE,
"timer_create": SNR_TIMER_CREATE,
"timer_gettime": SNR_TIMER_GETTIME,
"timer_getoverrun": SNR_TIMER_GETOVERRUN,
"timer_settime": SNR_TIMER_SETTIME,
"timer_delete": SNR_TIMER_DELETE,
"clock_settime": SNR_CLOCK_SETTIME,
"clock_gettime": SNR_CLOCK_GETTIME,
"clock_getres": SNR_CLOCK_GETRES,
"clock_nanosleep": SNR_CLOCK_NANOSLEEP,
"syslog": SNR_SYSLOG,
"ptrace": SNR_PTRACE,
"sched_setparam": SNR_SCHED_SETPARAM,
"sched_setscheduler": SNR_SCHED_SETSCHEDULER,
"sched_getscheduler": SNR_SCHED_GETSCHEDULER,
"sched_getparam": SNR_SCHED_GETPARAM,
"sched_setaffinity": SNR_SCHED_SETAFFINITY,
"sched_getaffinity": SNR_SCHED_GETAFFINITY,
"sched_yield": SNR_SCHED_YIELD,
"sched_get_priority_max": SNR_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SNR_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SNR_SCHED_RR_GET_INTERVAL,
"restart_syscall": SNR_RESTART_SYSCALL,
"kill": SNR_KILL,
"tkill": SNR_TKILL,
"tgkill": SNR_TGKILL,
"sigaltstack": SNR_SIGALTSTACK,
"rt_sigsuspend": SNR_RT_SIGSUSPEND,
"rt_sigaction": SNR_RT_SIGACTION,
"rt_sigprocmask": SNR_RT_SIGPROCMASK,
"rt_sigpending": SNR_RT_SIGPENDING,
"rt_sigtimedwait": SNR_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SNR_RT_SIGQUEUEINFO,
"rt_sigreturn": SNR_RT_SIGRETURN,
"setpriority": SNR_SETPRIORITY,
"getpriority": SNR_GETPRIORITY,
"reboot": SNR_REBOOT,
"setregid": SNR_SETREGID,
"setgid": SNR_SETGID,
"setreuid": SNR_SETREUID,
"setuid": SNR_SETUID,
"setresuid": SNR_SETRESUID,
"getresuid": SNR_GETRESUID,
"setresgid": SNR_SETRESGID,
"getresgid": SNR_GETRESGID,
"setfsuid": SNR_SETFSUID,
"setfsgid": SNR_SETFSGID,
"times": SNR_TIMES,
"setpgid": SNR_SETPGID,
"getpgid": SNR_GETPGID,
"getsid": SNR_GETSID,
"setsid": SNR_SETSID,
"getgroups": SNR_GETGROUPS,
"setgroups": SNR_SETGROUPS,
"uname": SNR_UNAME,
"sethostname": SNR_SETHOSTNAME,
"setdomainname": SNR_SETDOMAINNAME,
"getrlimit": SNR_GETRLIMIT,
"setrlimit": SNR_SETRLIMIT,
"getrusage": SNR_GETRUSAGE,
"umask": SNR_UMASK,
"prctl": SNR_PRCTL,
"getcpu": SNR_GETCPU,
"gettimeofday": SNR_GETTIMEOFDAY,
"settimeofday": SNR_SETTIMEOFDAY,
"adjtimex": SNR_ADJTIMEX,
"getpid": SNR_GETPID,
"getppid": SNR_GETPPID,
"getuid": SNR_GETUID,
"geteuid": SNR_GETEUID,
"getgid": SNR_GETGID,
"getegid": SNR_GETEGID,
"gettid": SNR_GETTID,
"sysinfo": SNR_SYSINFO,
"mq_open": SNR_MQ_OPEN,
"mq_unlink": SNR_MQ_UNLINK,
"mq_timedsend": SNR_MQ_TIMEDSEND,
"mq_timedreceive": SNR_MQ_TIMEDRECEIVE,
"mq_notify": SNR_MQ_NOTIFY,
"mq_getsetattr": SNR_MQ_GETSETATTR,
"msgget": SNR_MSGGET,
"msgctl": SNR_MSGCTL,
"msgrcv": SNR_MSGRCV,
"msgsnd": SNR_MSGSND,
"semget": SNR_SEMGET,
"semctl": SNR_SEMCTL,
"semtimedop": SNR_SEMTIMEDOP,
"semop": SNR_SEMOP,
"shmget": SNR_SHMGET,
"shmctl": SNR_SHMCTL,
"shmat": SNR_SHMAT,
"shmdt": SNR_SHMDT,
"socket": SNR_SOCKET,
"socketpair": SNR_SOCKETPAIR,
"bind": SNR_BIND,
"listen": SNR_LISTEN,
"accept": SNR_ACCEPT,
"connect": SNR_CONNECT,
"getsockname": SNR_GETSOCKNAME,
"getpeername": SNR_GETPEERNAME,
"sendto": SNR_SENDTO,
"recvfrom": SNR_RECVFROM,
"setsockopt": SNR_SETSOCKOPT,
"getsockopt": SNR_GETSOCKOPT,
"shutdown": SNR_SHUTDOWN,
"sendmsg": SNR_SENDMSG,
"recvmsg": SNR_RECVMSG,
"readahead": SNR_READAHEAD,
"brk": SNR_BRK,
"munmap": SNR_MUNMAP,
"mremap": SNR_MREMAP,
"add_key": SNR_ADD_KEY,
"request_key": SNR_REQUEST_KEY,
"keyctl": SNR_KEYCTL,
"clone": SNR_CLONE,
"execve": SNR_EXECVE,
"mmap": SNR_MMAP,
"fadvise64": SNR_FADVISE64,
"swapon": SNR_SWAPON,
"swapoff": SNR_SWAPOFF,
"mprotect": SNR_MPROTECT,
"msync": SNR_MSYNC,
"mlock": SNR_MLOCK,
"munlock": SNR_MUNLOCK,
"mlockall": SNR_MLOCKALL,
"munlockall": SNR_MUNLOCKALL,
"mincore": SNR_MINCORE,
"madvise": SNR_MADVISE,
"remap_file_pages": SNR_REMAP_FILE_PAGES,
"mbind": SNR_MBIND,
"get_mempolicy": SNR_GET_MEMPOLICY,
"set_mempolicy": SNR_SET_MEMPOLICY,
"migrate_pages": SNR_MIGRATE_PAGES,
"move_pages": SNR_MOVE_PAGES,
"rt_tgsigqueueinfo": SNR_RT_TGSIGQUEUEINFO,
"perf_event_open": SNR_PERF_EVENT_OPEN,
"accept4": SNR_ACCEPT4,
"recvmmsg": SNR_RECVMMSG,
"wait4": SNR_WAIT4,
"prlimit64": SNR_PRLIMIT64,
"fanotify_init": SNR_FANOTIFY_INIT,
"fanotify_mark": SNR_FANOTIFY_MARK,
"name_to_handle_at": SNR_NAME_TO_HANDLE_AT,
"open_by_handle_at": SNR_OPEN_BY_HANDLE_AT,
"clock_adjtime": SNR_CLOCK_ADJTIME,
"syncfs": SNR_SYNCFS,
"setns": SNR_SETNS,
"sendmmsg": SNR_SENDMMSG,
"process_vm_readv": SNR_PROCESS_VM_READV,
"process_vm_writev": SNR_PROCESS_VM_WRITEV,
"kcmp": SNR_KCMP,
"finit_module": SNR_FINIT_MODULE,
"sched_setattr": SNR_SCHED_SETATTR,
"sched_getattr": SNR_SCHED_GETATTR,
"renameat2": SNR_RENAMEAT2,
"seccomp": SNR_SECCOMP,
"getrandom": SNR_GETRANDOM,
"memfd_create": SNR_MEMFD_CREATE,
"bpf": SNR_BPF,
"execveat": SNR_EXECVEAT,
"userfaultfd": SNR_USERFAULTFD,
"membarrier": SNR_MEMBARRIER,
"mlock2": SNR_MLOCK2,
"copy_file_range": SNR_COPY_FILE_RANGE,
"preadv2": SNR_PREADV2,
"pwritev2": SNR_PWRITEV2,
"pkey_mprotect": SNR_PKEY_MPROTECT,
"pkey_alloc": SNR_PKEY_ALLOC,
"pkey_free": SNR_PKEY_FREE,
"statx": SNR_STATX,
"io_pgetevents": SNR_IO_PGETEVENTS,
"rseq": SNR_RSEQ,
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"pidfd_send_signal": SNR_PIDFD_SEND_SIGNAL,
"io_uring_setup": SNR_IO_URING_SETUP,
"io_uring_enter": SNR_IO_URING_ENTER,
"io_uring_register": SNR_IO_URING_REGISTER,
"open_tree": SNR_OPEN_TREE,
"move_mount": SNR_MOVE_MOUNT,
"fsopen": SNR_FSOPEN,
"fsconfig": SNR_FSCONFIG,
"fsmount": SNR_FSMOUNT,
"fspick": SNR_FSPICK,
"pidfd_open": SNR_PIDFD_OPEN,
"clone3": SNR_CLONE3,
"close_range": SNR_CLOSE_RANGE,
"openat2": SNR_OPENAT2,
"pidfd_getfd": SNR_PIDFD_GETFD,
"faccessat2": SNR_FACCESSAT2,
"process_madvise": SNR_PROCESS_MADVISE,
"epoll_pwait2": SNR_EPOLL_PWAIT2,
"mount_setattr": SNR_MOUNT_SETATTR,
"quotactl_fd": SNR_QUOTACTL_FD,
"landlock_create_ruleset": SNR_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SNR_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SNR_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SNR_MEMFD_SECRET,
"process_mrelease": SNR_PROCESS_MRELEASE,
"futex_waitv": SNR_FUTEX_WAITV,
"set_mempolicy_home_node": SNR_SET_MEMPOLICY_HOME_NODE,
"cachestat": SNR_CACHESTAT,
"fchmodat2": SNR_FCHMODAT2,
"map_shadow_stack": SNR_MAP_SHADOW_STACK,
"futex_wake": SNR_FUTEX_WAKE,
"futex_wait": SNR_FUTEX_WAIT,
"futex_requeue": SNR_FUTEX_REQUEUE,
"statmount": SNR_STATMOUNT,
"listmount": SNR_LISTMOUNT,
"lsm_get_self_attr": SNR_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SNR_LSM_SET_SELF_ATTR,
"lsm_list_modules": SNR_LSM_LIST_MODULES,
"mseal": SNR_MSEAL,
}
const (
SYS_USERFAULTFD = 282
SYS_MEMBARRIER = 283
SYS_MLOCK2 = 284
SYS_COPY_FILE_RANGE = 285
SYS_PREADV2 = 286
SYS_PWRITEV2 = 287
SYS_PKEY_MPROTECT = 288
SYS_PKEY_ALLOC = 289
SYS_PKEY_FREE = 290
SYS_STATX = 291
SYS_IO_PGETEVENTS = 292
SYS_RSEQ = 293
SYS_KEXEC_FILE_LOAD = 294
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
)
const (
SNR_IO_SETUP ScmpSyscall = SYS_IO_SETUP
SNR_IO_DESTROY ScmpSyscall = SYS_IO_DESTROY
SNR_IO_SUBMIT ScmpSyscall = SYS_IO_SUBMIT
SNR_IO_CANCEL ScmpSyscall = SYS_IO_CANCEL
SNR_IO_GETEVENTS ScmpSyscall = SYS_IO_GETEVENTS
SNR_SETXATTR ScmpSyscall = SYS_SETXATTR
SNR_LSETXATTR ScmpSyscall = SYS_LSETXATTR
SNR_FSETXATTR ScmpSyscall = SYS_FSETXATTR
SNR_GETXATTR ScmpSyscall = SYS_GETXATTR
SNR_LGETXATTR ScmpSyscall = SYS_LGETXATTR
SNR_FGETXATTR ScmpSyscall = SYS_FGETXATTR
SNR_LISTXATTR ScmpSyscall = SYS_LISTXATTR
SNR_LLISTXATTR ScmpSyscall = SYS_LLISTXATTR
SNR_FLISTXATTR ScmpSyscall = SYS_FLISTXATTR
SNR_REMOVEXATTR ScmpSyscall = SYS_REMOVEXATTR
SNR_LREMOVEXATTR ScmpSyscall = SYS_LREMOVEXATTR
SNR_FREMOVEXATTR ScmpSyscall = SYS_FREMOVEXATTR
SNR_GETCWD ScmpSyscall = SYS_GETCWD
SNR_LOOKUP_DCOOKIE ScmpSyscall = SYS_LOOKUP_DCOOKIE
SNR_EVENTFD2 ScmpSyscall = SYS_EVENTFD2
SNR_EPOLL_CREATE1 ScmpSyscall = SYS_EPOLL_CREATE1
SNR_EPOLL_CTL ScmpSyscall = SYS_EPOLL_CTL
SNR_EPOLL_PWAIT ScmpSyscall = SYS_EPOLL_PWAIT
SNR_DUP ScmpSyscall = SYS_DUP
SNR_DUP3 ScmpSyscall = SYS_DUP3
SNR_FCNTL ScmpSyscall = SYS_FCNTL
SNR_INOTIFY_INIT1 ScmpSyscall = SYS_INOTIFY_INIT1
SNR_INOTIFY_ADD_WATCH ScmpSyscall = SYS_INOTIFY_ADD_WATCH
SNR_INOTIFY_RM_WATCH ScmpSyscall = SYS_INOTIFY_RM_WATCH
SNR_IOCTL ScmpSyscall = SYS_IOCTL
SNR_IOPRIO_SET ScmpSyscall = SYS_IOPRIO_SET
SNR_IOPRIO_GET ScmpSyscall = SYS_IOPRIO_GET
SNR_FLOCK ScmpSyscall = SYS_FLOCK
SNR_MKNODAT ScmpSyscall = SYS_MKNODAT
SNR_MKDIRAT ScmpSyscall = SYS_MKDIRAT
SNR_UNLINKAT ScmpSyscall = SYS_UNLINKAT
SNR_SYMLINKAT ScmpSyscall = SYS_SYMLINKAT
SNR_LINKAT ScmpSyscall = SYS_LINKAT
SNR_RENAMEAT ScmpSyscall = SYS_RENAMEAT
SNR_UMOUNT2 ScmpSyscall = SYS_UMOUNT2
SNR_MOUNT ScmpSyscall = SYS_MOUNT
SNR_PIVOT_ROOT ScmpSyscall = SYS_PIVOT_ROOT
SNR_NFSSERVCTL ScmpSyscall = SYS_NFSSERVCTL
SNR_STATFS ScmpSyscall = SYS_STATFS
SNR_FSTATFS ScmpSyscall = SYS_FSTATFS
SNR_TRUNCATE ScmpSyscall = SYS_TRUNCATE
SNR_FTRUNCATE ScmpSyscall = SYS_FTRUNCATE
SNR_FALLOCATE ScmpSyscall = SYS_FALLOCATE
SNR_FACCESSAT ScmpSyscall = SYS_FACCESSAT
SNR_CHDIR ScmpSyscall = SYS_CHDIR
SNR_FCHDIR ScmpSyscall = SYS_FCHDIR
SNR_CHROOT ScmpSyscall = SYS_CHROOT
SNR_FCHMOD ScmpSyscall = SYS_FCHMOD
SNR_FCHMODAT ScmpSyscall = SYS_FCHMODAT
SNR_FCHOWNAT ScmpSyscall = SYS_FCHOWNAT
SNR_FCHOWN ScmpSyscall = SYS_FCHOWN
SNR_OPENAT ScmpSyscall = SYS_OPENAT
SNR_CLOSE ScmpSyscall = SYS_CLOSE
SNR_VHANGUP ScmpSyscall = SYS_VHANGUP
SNR_PIPE2 ScmpSyscall = SYS_PIPE2
SNR_QUOTACTL ScmpSyscall = SYS_QUOTACTL
SNR_GETDENTS64 ScmpSyscall = SYS_GETDENTS64
SNR_LSEEK ScmpSyscall = SYS_LSEEK
SNR_READ ScmpSyscall = SYS_READ
SNR_WRITE ScmpSyscall = SYS_WRITE
SNR_READV ScmpSyscall = SYS_READV
SNR_WRITEV ScmpSyscall = SYS_WRITEV
SNR_PREAD64 ScmpSyscall = SYS_PREAD64
SNR_PWRITE64 ScmpSyscall = SYS_PWRITE64
SNR_PREADV ScmpSyscall = SYS_PREADV
SNR_PWRITEV ScmpSyscall = SYS_PWRITEV
SNR_SENDFILE ScmpSyscall = SYS_SENDFILE
SNR_PSELECT6 ScmpSyscall = SYS_PSELECT6
SNR_PPOLL ScmpSyscall = SYS_PPOLL
SNR_SIGNALFD4 ScmpSyscall = SYS_SIGNALFD4
SNR_VMSPLICE ScmpSyscall = SYS_VMSPLICE
SNR_SPLICE ScmpSyscall = SYS_SPLICE
SNR_TEE ScmpSyscall = SYS_TEE
SNR_READLINKAT ScmpSyscall = SYS_READLINKAT
SNR_NEWFSTATAT ScmpSyscall = SYS_NEWFSTATAT
SNR_FSTAT ScmpSyscall = SYS_FSTAT
SNR_SYNC ScmpSyscall = SYS_SYNC
SNR_FSYNC ScmpSyscall = SYS_FSYNC
SNR_FDATASYNC ScmpSyscall = SYS_FDATASYNC
SNR_SYNC_FILE_RANGE ScmpSyscall = SYS_SYNC_FILE_RANGE
SNR_TIMERFD_CREATE ScmpSyscall = SYS_TIMERFD_CREATE
SNR_TIMERFD_SETTIME ScmpSyscall = SYS_TIMERFD_SETTIME
SNR_TIMERFD_GETTIME ScmpSyscall = SYS_TIMERFD_GETTIME
SNR_UTIMENSAT ScmpSyscall = SYS_UTIMENSAT
SNR_ACCT ScmpSyscall = SYS_ACCT
SNR_CAPGET ScmpSyscall = SYS_CAPGET
SNR_CAPSET ScmpSyscall = SYS_CAPSET
SNR_PERSONALITY ScmpSyscall = SYS_PERSONALITY
SNR_EXIT ScmpSyscall = SYS_EXIT
SNR_EXIT_GROUP ScmpSyscall = SYS_EXIT_GROUP
SNR_WAITID ScmpSyscall = SYS_WAITID
SNR_SET_TID_ADDRESS ScmpSyscall = SYS_SET_TID_ADDRESS
SNR_UNSHARE ScmpSyscall = SYS_UNSHARE
SNR_FUTEX ScmpSyscall = SYS_FUTEX
SNR_SET_ROBUST_LIST ScmpSyscall = SYS_SET_ROBUST_LIST
SNR_GET_ROBUST_LIST ScmpSyscall = SYS_GET_ROBUST_LIST
SNR_NANOSLEEP ScmpSyscall = SYS_NANOSLEEP
SNR_GETITIMER ScmpSyscall = SYS_GETITIMER
SNR_SETITIMER ScmpSyscall = SYS_SETITIMER
SNR_KEXEC_LOAD ScmpSyscall = SYS_KEXEC_LOAD
SNR_INIT_MODULE ScmpSyscall = SYS_INIT_MODULE
SNR_DELETE_MODULE ScmpSyscall = SYS_DELETE_MODULE
SNR_TIMER_CREATE ScmpSyscall = SYS_TIMER_CREATE
SNR_TIMER_GETTIME ScmpSyscall = SYS_TIMER_GETTIME
SNR_TIMER_GETOVERRUN ScmpSyscall = SYS_TIMER_GETOVERRUN
SNR_TIMER_SETTIME ScmpSyscall = SYS_TIMER_SETTIME
SNR_TIMER_DELETE ScmpSyscall = SYS_TIMER_DELETE
SNR_CLOCK_SETTIME ScmpSyscall = SYS_CLOCK_SETTIME
SNR_CLOCK_GETTIME ScmpSyscall = SYS_CLOCK_GETTIME
SNR_CLOCK_GETRES ScmpSyscall = SYS_CLOCK_GETRES
SNR_CLOCK_NANOSLEEP ScmpSyscall = SYS_CLOCK_NANOSLEEP
SNR_SYSLOG ScmpSyscall = SYS_SYSLOG
SNR_PTRACE ScmpSyscall = SYS_PTRACE
SNR_SCHED_SETPARAM ScmpSyscall = SYS_SCHED_SETPARAM
SNR_SCHED_SETSCHEDULER ScmpSyscall = SYS_SCHED_SETSCHEDULER
SNR_SCHED_GETSCHEDULER ScmpSyscall = SYS_SCHED_GETSCHEDULER
SNR_SCHED_GETPARAM ScmpSyscall = SYS_SCHED_GETPARAM
SNR_SCHED_SETAFFINITY ScmpSyscall = SYS_SCHED_SETAFFINITY
SNR_SCHED_GETAFFINITY ScmpSyscall = SYS_SCHED_GETAFFINITY
SNR_SCHED_YIELD ScmpSyscall = SYS_SCHED_YIELD
SNR_SCHED_GET_PRIORITY_MAX ScmpSyscall = SYS_SCHED_GET_PRIORITY_MAX
SNR_SCHED_GET_PRIORITY_MIN ScmpSyscall = SYS_SCHED_GET_PRIORITY_MIN
SNR_SCHED_RR_GET_INTERVAL ScmpSyscall = SYS_SCHED_RR_GET_INTERVAL
SNR_RESTART_SYSCALL ScmpSyscall = SYS_RESTART_SYSCALL
SNR_KILL ScmpSyscall = SYS_KILL
SNR_TKILL ScmpSyscall = SYS_TKILL
SNR_TGKILL ScmpSyscall = SYS_TGKILL
SNR_SIGALTSTACK ScmpSyscall = SYS_SIGALTSTACK
SNR_RT_SIGSUSPEND ScmpSyscall = SYS_RT_SIGSUSPEND
SNR_RT_SIGACTION ScmpSyscall = SYS_RT_SIGACTION
SNR_RT_SIGPROCMASK ScmpSyscall = SYS_RT_SIGPROCMASK
SNR_RT_SIGPENDING ScmpSyscall = SYS_RT_SIGPENDING
SNR_RT_SIGTIMEDWAIT ScmpSyscall = SYS_RT_SIGTIMEDWAIT
SNR_RT_SIGQUEUEINFO ScmpSyscall = SYS_RT_SIGQUEUEINFO
SNR_RT_SIGRETURN ScmpSyscall = SYS_RT_SIGRETURN
SNR_SETPRIORITY ScmpSyscall = SYS_SETPRIORITY
SNR_GETPRIORITY ScmpSyscall = SYS_GETPRIORITY
SNR_REBOOT ScmpSyscall = SYS_REBOOT
SNR_SETREGID ScmpSyscall = SYS_SETREGID
SNR_SETGID ScmpSyscall = SYS_SETGID
SNR_SETREUID ScmpSyscall = SYS_SETREUID
SNR_SETUID ScmpSyscall = SYS_SETUID
SNR_SETRESUID ScmpSyscall = SYS_SETRESUID
SNR_GETRESUID ScmpSyscall = SYS_GETRESUID
SNR_SETRESGID ScmpSyscall = SYS_SETRESGID
SNR_GETRESGID ScmpSyscall = SYS_GETRESGID
SNR_SETFSUID ScmpSyscall = SYS_SETFSUID
SNR_SETFSGID ScmpSyscall = SYS_SETFSGID
SNR_TIMES ScmpSyscall = SYS_TIMES
SNR_SETPGID ScmpSyscall = SYS_SETPGID
SNR_GETPGID ScmpSyscall = SYS_GETPGID
SNR_GETSID ScmpSyscall = SYS_GETSID
SNR_SETSID ScmpSyscall = SYS_SETSID
SNR_GETGROUPS ScmpSyscall = SYS_GETGROUPS
SNR_SETGROUPS ScmpSyscall = SYS_SETGROUPS
SNR_UNAME ScmpSyscall = SYS_UNAME
SNR_SETHOSTNAME ScmpSyscall = SYS_SETHOSTNAME
SNR_SETDOMAINNAME ScmpSyscall = SYS_SETDOMAINNAME
SNR_GETRLIMIT ScmpSyscall = SYS_GETRLIMIT
SNR_SETRLIMIT ScmpSyscall = SYS_SETRLIMIT
SNR_GETRUSAGE ScmpSyscall = SYS_GETRUSAGE
SNR_UMASK ScmpSyscall = SYS_UMASK
SNR_PRCTL ScmpSyscall = SYS_PRCTL
SNR_GETCPU ScmpSyscall = SYS_GETCPU
SNR_GETTIMEOFDAY ScmpSyscall = SYS_GETTIMEOFDAY
SNR_SETTIMEOFDAY ScmpSyscall = SYS_SETTIMEOFDAY
SNR_ADJTIMEX ScmpSyscall = SYS_ADJTIMEX
SNR_GETPID ScmpSyscall = SYS_GETPID
SNR_GETPPID ScmpSyscall = SYS_GETPPID
SNR_GETUID ScmpSyscall = SYS_GETUID
SNR_GETEUID ScmpSyscall = SYS_GETEUID
SNR_GETGID ScmpSyscall = SYS_GETGID
SNR_GETEGID ScmpSyscall = SYS_GETEGID
SNR_GETTID ScmpSyscall = SYS_GETTID
SNR_SYSINFO ScmpSyscall = SYS_SYSINFO
SNR_MQ_OPEN ScmpSyscall = SYS_MQ_OPEN
SNR_MQ_UNLINK ScmpSyscall = SYS_MQ_UNLINK
SNR_MQ_TIMEDSEND ScmpSyscall = SYS_MQ_TIMEDSEND
SNR_MQ_TIMEDRECEIVE ScmpSyscall = SYS_MQ_TIMEDRECEIVE
SNR_MQ_NOTIFY ScmpSyscall = SYS_MQ_NOTIFY
SNR_MQ_GETSETATTR ScmpSyscall = SYS_MQ_GETSETATTR
SNR_MSGGET ScmpSyscall = SYS_MSGGET
SNR_MSGCTL ScmpSyscall = SYS_MSGCTL
SNR_MSGRCV ScmpSyscall = SYS_MSGRCV
SNR_MSGSND ScmpSyscall = SYS_MSGSND
SNR_SEMGET ScmpSyscall = SYS_SEMGET
SNR_SEMCTL ScmpSyscall = SYS_SEMCTL
SNR_SEMTIMEDOP ScmpSyscall = SYS_SEMTIMEDOP
SNR_SEMOP ScmpSyscall = SYS_SEMOP
SNR_SHMGET ScmpSyscall = SYS_SHMGET
SNR_SHMCTL ScmpSyscall = SYS_SHMCTL
SNR_SHMAT ScmpSyscall = SYS_SHMAT
SNR_SHMDT ScmpSyscall = SYS_SHMDT
SNR_SOCKET ScmpSyscall = SYS_SOCKET
SNR_SOCKETPAIR ScmpSyscall = SYS_SOCKETPAIR
SNR_BIND ScmpSyscall = SYS_BIND
SNR_LISTEN ScmpSyscall = SYS_LISTEN
SNR_ACCEPT ScmpSyscall = SYS_ACCEPT
SNR_CONNECT ScmpSyscall = SYS_CONNECT
SNR_GETSOCKNAME ScmpSyscall = SYS_GETSOCKNAME
SNR_GETPEERNAME ScmpSyscall = SYS_GETPEERNAME
SNR_SENDTO ScmpSyscall = SYS_SENDTO
SNR_RECVFROM ScmpSyscall = SYS_RECVFROM
SNR_SETSOCKOPT ScmpSyscall = SYS_SETSOCKOPT
SNR_GETSOCKOPT ScmpSyscall = SYS_GETSOCKOPT
SNR_SHUTDOWN ScmpSyscall = SYS_SHUTDOWN
SNR_SENDMSG ScmpSyscall = SYS_SENDMSG
SNR_RECVMSG ScmpSyscall = SYS_RECVMSG
SNR_READAHEAD ScmpSyscall = SYS_READAHEAD
SNR_BRK ScmpSyscall = SYS_BRK
SNR_MUNMAP ScmpSyscall = SYS_MUNMAP
SNR_MREMAP ScmpSyscall = SYS_MREMAP
SNR_ADD_KEY ScmpSyscall = SYS_ADD_KEY
SNR_REQUEST_KEY ScmpSyscall = SYS_REQUEST_KEY
SNR_KEYCTL ScmpSyscall = SYS_KEYCTL
SNR_CLONE ScmpSyscall = SYS_CLONE
SNR_EXECVE ScmpSyscall = SYS_EXECVE
SNR_MMAP ScmpSyscall = SYS_MMAP
SNR_FADVISE64 ScmpSyscall = SYS_FADVISE64
SNR_SWAPON ScmpSyscall = SYS_SWAPON
SNR_SWAPOFF ScmpSyscall = SYS_SWAPOFF
SNR_MPROTECT ScmpSyscall = SYS_MPROTECT
SNR_MSYNC ScmpSyscall = SYS_MSYNC
SNR_MLOCK ScmpSyscall = SYS_MLOCK
SNR_MUNLOCK ScmpSyscall = SYS_MUNLOCK
SNR_MLOCKALL ScmpSyscall = SYS_MLOCKALL
SNR_MUNLOCKALL ScmpSyscall = SYS_MUNLOCKALL
SNR_MINCORE ScmpSyscall = SYS_MINCORE
SNR_MADVISE ScmpSyscall = SYS_MADVISE
SNR_REMAP_FILE_PAGES ScmpSyscall = SYS_REMAP_FILE_PAGES
SNR_MBIND ScmpSyscall = SYS_MBIND
SNR_GET_MEMPOLICY ScmpSyscall = SYS_GET_MEMPOLICY
SNR_SET_MEMPOLICY ScmpSyscall = SYS_SET_MEMPOLICY
SNR_MIGRATE_PAGES ScmpSyscall = SYS_MIGRATE_PAGES
SNR_MOVE_PAGES ScmpSyscall = SYS_MOVE_PAGES
SNR_RT_TGSIGQUEUEINFO ScmpSyscall = SYS_RT_TGSIGQUEUEINFO
SNR_PERF_EVENT_OPEN ScmpSyscall = SYS_PERF_EVENT_OPEN
SNR_ACCEPT4 ScmpSyscall = SYS_ACCEPT4
SNR_RECVMMSG ScmpSyscall = SYS_RECVMMSG
SNR_WAIT4 ScmpSyscall = SYS_WAIT4
SNR_PRLIMIT64 ScmpSyscall = SYS_PRLIMIT64
SNR_FANOTIFY_INIT ScmpSyscall = SYS_FANOTIFY_INIT
SNR_FANOTIFY_MARK ScmpSyscall = SYS_FANOTIFY_MARK
SNR_NAME_TO_HANDLE_AT ScmpSyscall = SYS_NAME_TO_HANDLE_AT
SNR_OPEN_BY_HANDLE_AT ScmpSyscall = SYS_OPEN_BY_HANDLE_AT
SNR_CLOCK_ADJTIME ScmpSyscall = SYS_CLOCK_ADJTIME
SNR_SYNCFS ScmpSyscall = SYS_SYNCFS
SNR_SETNS ScmpSyscall = SYS_SETNS
SNR_SENDMMSG ScmpSyscall = SYS_SENDMMSG
SNR_PROCESS_VM_READV ScmpSyscall = SYS_PROCESS_VM_READV
SNR_PROCESS_VM_WRITEV ScmpSyscall = SYS_PROCESS_VM_WRITEV
SNR_KCMP ScmpSyscall = SYS_KCMP
SNR_FINIT_MODULE ScmpSyscall = SYS_FINIT_MODULE
SNR_SCHED_SETATTR ScmpSyscall = SYS_SCHED_SETATTR
SNR_SCHED_GETATTR ScmpSyscall = SYS_SCHED_GETATTR
SNR_RENAMEAT2 ScmpSyscall = SYS_RENAMEAT2
SNR_SECCOMP ScmpSyscall = SYS_SECCOMP
SNR_GETRANDOM ScmpSyscall = SYS_GETRANDOM
SNR_MEMFD_CREATE ScmpSyscall = SYS_MEMFD_CREATE
SNR_BPF ScmpSyscall = SYS_BPF
SNR_EXECVEAT ScmpSyscall = SYS_EXECVEAT
SNR_USERFAULTFD ScmpSyscall = SYS_USERFAULTFD
SNR_MEMBARRIER ScmpSyscall = SYS_MEMBARRIER
SNR_MLOCK2 ScmpSyscall = SYS_MLOCK2
SNR_COPY_FILE_RANGE ScmpSyscall = SYS_COPY_FILE_RANGE
SNR_PREADV2 ScmpSyscall = SYS_PREADV2
SNR_PWRITEV2 ScmpSyscall = SYS_PWRITEV2
SNR_PKEY_MPROTECT ScmpSyscall = SYS_PKEY_MPROTECT
SNR_PKEY_ALLOC ScmpSyscall = SYS_PKEY_ALLOC
SNR_PKEY_FREE ScmpSyscall = SYS_PKEY_FREE
SNR_STATX ScmpSyscall = SYS_STATX
SNR_IO_PGETEVENTS ScmpSyscall = SYS_IO_PGETEVENTS
SNR_RSEQ ScmpSyscall = SYS_RSEQ
SNR_KEXEC_FILE_LOAD ScmpSyscall = SYS_KEXEC_FILE_LOAD
SNR_PIDFD_SEND_SIGNAL ScmpSyscall = SYS_PIDFD_SEND_SIGNAL
SNR_IO_URING_SETUP ScmpSyscall = SYS_IO_URING_SETUP
SNR_IO_URING_ENTER ScmpSyscall = SYS_IO_URING_ENTER
SNR_IO_URING_REGISTER ScmpSyscall = SYS_IO_URING_REGISTER
SNR_OPEN_TREE ScmpSyscall = SYS_OPEN_TREE
SNR_MOVE_MOUNT ScmpSyscall = SYS_MOVE_MOUNT
SNR_FSOPEN ScmpSyscall = SYS_FSOPEN
SNR_FSCONFIG ScmpSyscall = SYS_FSCONFIG
SNR_FSMOUNT ScmpSyscall = SYS_FSMOUNT
SNR_FSPICK ScmpSyscall = SYS_FSPICK
SNR_PIDFD_OPEN ScmpSyscall = SYS_PIDFD_OPEN
SNR_CLONE3 ScmpSyscall = SYS_CLONE3
SNR_CLOSE_RANGE ScmpSyscall = SYS_CLOSE_RANGE
SNR_OPENAT2 ScmpSyscall = SYS_OPENAT2
SNR_PIDFD_GETFD ScmpSyscall = SYS_PIDFD_GETFD
SNR_FACCESSAT2 ScmpSyscall = SYS_FACCESSAT2
SNR_PROCESS_MADVISE ScmpSyscall = SYS_PROCESS_MADVISE
SNR_EPOLL_PWAIT2 ScmpSyscall = SYS_EPOLL_PWAIT2
SNR_MOUNT_SETATTR ScmpSyscall = SYS_MOUNT_SETATTR
SNR_QUOTACTL_FD ScmpSyscall = SYS_QUOTACTL_FD
SNR_LANDLOCK_CREATE_RULESET ScmpSyscall = SYS_LANDLOCK_CREATE_RULESET
SNR_LANDLOCK_ADD_RULE ScmpSyscall = SYS_LANDLOCK_ADD_RULE
SNR_LANDLOCK_RESTRICT_SELF ScmpSyscall = SYS_LANDLOCK_RESTRICT_SELF
SNR_MEMFD_SECRET ScmpSyscall = SYS_MEMFD_SECRET
SNR_PROCESS_MRELEASE ScmpSyscall = SYS_PROCESS_MRELEASE
SNR_FUTEX_WAITV ScmpSyscall = SYS_FUTEX_WAITV
SNR_SET_MEMPOLICY_HOME_NODE ScmpSyscall = SYS_SET_MEMPOLICY_HOME_NODE
SNR_CACHESTAT ScmpSyscall = SYS_CACHESTAT
SNR_FCHMODAT2 ScmpSyscall = SYS_FCHMODAT2
SNR_MAP_SHADOW_STACK ScmpSyscall = SYS_MAP_SHADOW_STACK
SNR_FUTEX_WAKE ScmpSyscall = SYS_FUTEX_WAKE
SNR_FUTEX_WAIT ScmpSyscall = SYS_FUTEX_WAIT
SNR_FUTEX_REQUEUE ScmpSyscall = SYS_FUTEX_REQUEUE
SNR_STATMOUNT ScmpSyscall = SYS_STATMOUNT
SNR_LISTMOUNT ScmpSyscall = SYS_LISTMOUNT
SNR_LSM_GET_SELF_ATTR ScmpSyscall = SYS_LSM_GET_SELF_ATTR
SNR_LSM_SET_SELF_ATTR ScmpSyscall = SYS_LSM_SET_SELF_ATTR
SNR_LSM_LIST_MODULES ScmpSyscall = SYS_LSM_LIST_MODULES
SNR_MSEAL ScmpSyscall = SYS_MSEAL
)

719
container/std/syscall_linux_riscv64.go
View File

@@ -1,719 +0,0 @@
// mksysnum_linux.pl /usr/include/riscv64-linux-gnu/asm/unistd.h
// Code generated by the command above; DO NOT EDIT.
package std
import . "syscall"
var syscallNum = map[string]ScmpSyscall{
"io_setup": SNR_IO_SETUP,
"io_destroy": SNR_IO_DESTROY,
"io_submit": SNR_IO_SUBMIT,
"io_cancel": SNR_IO_CANCEL,
"io_getevents": SNR_IO_GETEVENTS,
"setxattr": SNR_SETXATTR,
"lsetxattr": SNR_LSETXATTR,
"fsetxattr": SNR_FSETXATTR,
"getxattr": SNR_GETXATTR,
"lgetxattr": SNR_LGETXATTR,
"fgetxattr": SNR_FGETXATTR,
"listxattr": SNR_LISTXATTR,
"llistxattr": SNR_LLISTXATTR,
"flistxattr": SNR_FLISTXATTR,
"removexattr": SNR_REMOVEXATTR,
"lremovexattr": SNR_LREMOVEXATTR,
"fremovexattr": SNR_FREMOVEXATTR,
"getcwd": SNR_GETCWD,
"lookup_dcookie": SNR_LOOKUP_DCOOKIE,
"eventfd2": SNR_EVENTFD2,
"epoll_create1": SNR_EPOLL_CREATE1,
"epoll_ctl": SNR_EPOLL_CTL,
"epoll_pwait": SNR_EPOLL_PWAIT,
"dup": SNR_DUP,
"dup3": SNR_DUP3,
"fcntl": SNR_FCNTL,
"inotify_init1": SNR_INOTIFY_INIT1,
"inotify_add_watch": SNR_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SNR_INOTIFY_RM_WATCH,
"ioctl": SNR_IOCTL,
"ioprio_set": SNR_IOPRIO_SET,
"ioprio_get": SNR_IOPRIO_GET,
"flock": SNR_FLOCK,
"mknodat": SNR_MKNODAT,
"mkdirat": SNR_MKDIRAT,
"unlinkat": SNR_UNLINKAT,
"symlinkat": SNR_SYMLINKAT,
"linkat": SNR_LINKAT,
"umount2": SNR_UMOUNT2,
"mount": SNR_MOUNT,
"pivot_root": SNR_PIVOT_ROOT,
"nfsservctl": SNR_NFSSERVCTL,
"statfs": SNR_STATFS,
"fstatfs": SNR_FSTATFS,
"truncate": SNR_TRUNCATE,
"ftruncate": SNR_FTRUNCATE,
"fallocate": SNR_FALLOCATE,
"faccessat": SNR_FACCESSAT,
"chdir": SNR_CHDIR,
"fchdir": SNR_FCHDIR,
"chroot": SNR_CHROOT,
"fchmod": SNR_FCHMOD,
"fchmodat": SNR_FCHMODAT,
"fchownat": SNR_FCHOWNAT,
"fchown": SNR_FCHOWN,
"openat": SNR_OPENAT,
"close": SNR_CLOSE,
"vhangup": SNR_VHANGUP,
"pipe2": SNR_PIPE2,
"quotactl": SNR_QUOTACTL,
"getdents64": SNR_GETDENTS64,
"lseek": SNR_LSEEK,
"read": SNR_READ,
"write": SNR_WRITE,
"readv": SNR_READV,
"writev": SNR_WRITEV,
"pread64": SNR_PREAD64,
"pwrite64": SNR_PWRITE64,
"preadv": SNR_PREADV,
"pwritev": SNR_PWRITEV,
"sendfile": SNR_SENDFILE,
"pselect6": SNR_PSELECT6,
"ppoll": SNR_PPOLL,
"signalfd4": SNR_SIGNALFD4,
"vmsplice": SNR_VMSPLICE,
"splice": SNR_SPLICE,
"tee": SNR_TEE,
"readlinkat": SNR_READLINKAT,
"newfstatat": SNR_NEWFSTATAT,
"fstat": SNR_FSTAT,
"sync": SNR_SYNC,
"fsync": SNR_FSYNC,
"fdatasync": SNR_FDATASYNC,
"sync_file_range": SNR_SYNC_FILE_RANGE,
"timerfd_create": SNR_TIMERFD_CREATE,
"timerfd_settime": SNR_TIMERFD_SETTIME,
"timerfd_gettime": SNR_TIMERFD_GETTIME,
"utimensat": SNR_UTIMENSAT,
"acct": SNR_ACCT,
"capget": SNR_CAPGET,
"capset": SNR_CAPSET,
"personality": SNR_PERSONALITY,
"exit": SNR_EXIT,
"exit_group": SNR_EXIT_GROUP,
"waitid": SNR_WAITID,
"set_tid_address": SNR_SET_TID_ADDRESS,
"unshare": SNR_UNSHARE,
"futex": SNR_FUTEX,
"set_robust_list": SNR_SET_ROBUST_LIST,
"get_robust_list": SNR_GET_ROBUST_LIST,
"nanosleep": SNR_NANOSLEEP,
"getitimer": SNR_GETITIMER,
"setitimer": SNR_SETITIMER,
"kexec_load": SNR_KEXEC_LOAD,
"init_module": SNR_INIT_MODULE,
"delete_module": SNR_DELETE_MODULE,
"timer_create": SNR_TIMER_CREATE,
"timer_gettime": SNR_TIMER_GETTIME,
"timer_getoverrun": SNR_TIMER_GETOVERRUN,
"timer_settime": SNR_TIMER_SETTIME,
"timer_delete": SNR_TIMER_DELETE,
"clock_settime": SNR_CLOCK_SETTIME,
"clock_gettime": SNR_CLOCK_GETTIME,
"clock_getres": SNR_CLOCK_GETRES,
"clock_nanosleep": SNR_CLOCK_NANOSLEEP,
"syslog": SNR_SYSLOG,
"ptrace": SNR_PTRACE,
"sched_setparam": SNR_SCHED_SETPARAM,
"sched_setscheduler": SNR_SCHED_SETSCHEDULER,
"sched_getscheduler": SNR_SCHED_GETSCHEDULER,
"sched_getparam": SNR_SCHED_GETPARAM,
"sched_setaffinity": SNR_SCHED_SETAFFINITY,
"sched_getaffinity": SNR_SCHED_GETAFFINITY,
"sched_yield": SNR_SCHED_YIELD,
"sched_get_priority_max": SNR_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SNR_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SNR_SCHED_RR_GET_INTERVAL,
"restart_syscall": SNR_RESTART_SYSCALL,
"kill": SNR_KILL,
"tkill": SNR_TKILL,
"tgkill": SNR_TGKILL,
"sigaltstack": SNR_SIGALTSTACK,
"rt_sigsuspend": SNR_RT_SIGSUSPEND,
"rt_sigaction": SNR_RT_SIGACTION,
"rt_sigprocmask": SNR_RT_SIGPROCMASK,
"rt_sigpending": SNR_RT_SIGPENDING,
"rt_sigtimedwait": SNR_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SNR_RT_SIGQUEUEINFO,
"rt_sigreturn": SNR_RT_SIGRETURN,
"setpriority": SNR_SETPRIORITY,
"getpriority": SNR_GETPRIORITY,
"reboot": SNR_REBOOT,
"setregid": SNR_SETREGID,
"setgid": SNR_SETGID,
"setreuid": SNR_SETREUID,
"setuid": SNR_SETUID,
"setresuid": SNR_SETRESUID,
"getresuid": SNR_GETRESUID,
"setresgid": SNR_SETRESGID,
"getresgid": SNR_GETRESGID,
"setfsuid": SNR_SETFSUID,
"setfsgid": SNR_SETFSGID,
"times": SNR_TIMES,
"setpgid": SNR_SETPGID,
"getpgid": SNR_GETPGID,
"getsid": SNR_GETSID,
"setsid": SNR_SETSID,
"getgroups": SNR_GETGROUPS,
"setgroups": SNR_SETGROUPS,
"uname": SNR_UNAME,
"sethostname": SNR_SETHOSTNAME,
"setdomainname": SNR_SETDOMAINNAME,
"getrlimit": SNR_GETRLIMIT,
"setrlimit": SNR_SETRLIMIT,
"getrusage": SNR_GETRUSAGE,
"umask": SNR_UMASK,
"prctl": SNR_PRCTL,
"getcpu": SNR_GETCPU,
"gettimeofday": SNR_GETTIMEOFDAY,
"settimeofday": SNR_SETTIMEOFDAY,
"adjtimex": SNR_ADJTIMEX,
"getpid": SNR_GETPID,
"getppid": SNR_GETPPID,
"getuid": SNR_GETUID,
"geteuid": SNR_GETEUID,
"getgid": SNR_GETGID,
"getegid": SNR_GETEGID,
"gettid": SNR_GETTID,
"sysinfo": SNR_SYSINFO,
"mq_open": SNR_MQ_OPEN,
"mq_unlink": SNR_MQ_UNLINK,
"mq_timedsend": SNR_MQ_TIMEDSEND,
"mq_timedreceive": SNR_MQ_TIMEDRECEIVE,
"mq_notify": SNR_MQ_NOTIFY,
"mq_getsetattr": SNR_MQ_GETSETATTR,
"msgget": SNR_MSGGET,
"msgctl": SNR_MSGCTL,
"msgrcv": SNR_MSGRCV,
"msgsnd": SNR_MSGSND,
"semget": SNR_SEMGET,
"semctl": SNR_SEMCTL,
"semtimedop": SNR_SEMTIMEDOP,
"semop": SNR_SEMOP,
"shmget": SNR_SHMGET,
"shmctl": SNR_SHMCTL,
"shmat": SNR_SHMAT,
"shmdt": SNR_SHMDT,
"socket": SNR_SOCKET,
"socketpair": SNR_SOCKETPAIR,
"bind": SNR_BIND,
"listen": SNR_LISTEN,
"accept": SNR_ACCEPT,
"connect": SNR_CONNECT,
"getsockname": SNR_GETSOCKNAME,
"getpeername": SNR_GETPEERNAME,
"sendto": SNR_SENDTO,
"recvfrom": SNR_RECVFROM,
"setsockopt": SNR_SETSOCKOPT,
"getsockopt": SNR_GETSOCKOPT,
"shutdown": SNR_SHUTDOWN,
"sendmsg": SNR_SENDMSG,
"recvmsg": SNR_RECVMSG,
"readahead": SNR_READAHEAD,
"brk": SNR_BRK,
"munmap": SNR_MUNMAP,
"mremap": SNR_MREMAP,
"add_key": SNR_ADD_KEY,
"request_key": SNR_REQUEST_KEY,
"keyctl": SNR_KEYCTL,
"clone": SNR_CLONE,
"execve": SNR_EXECVE,
"mmap": SNR_MMAP,
"fadvise64": SNR_FADVISE64,
"swapon": SNR_SWAPON,
"swapoff": SNR_SWAPOFF,
"mprotect": SNR_MPROTECT,
"msync": SNR_MSYNC,
"mlock": SNR_MLOCK,
"munlock": SNR_MUNLOCK,
"mlockall": SNR_MLOCKALL,
"munlockall": SNR_MUNLOCKALL,
"mincore": SNR_MINCORE,
"madvise": SNR_MADVISE,
"remap_file_pages": SNR_REMAP_FILE_PAGES,
"mbind": SNR_MBIND,
"get_mempolicy": SNR_GET_MEMPOLICY,
"set_mempolicy": SNR_SET_MEMPOLICY,
"migrate_pages": SNR_MIGRATE_PAGES,
"move_pages": SNR_MOVE_PAGES,
"rt_tgsigqueueinfo": SNR_RT_TGSIGQUEUEINFO,
"perf_event_open": SNR_PERF_EVENT_OPEN,
"accept4": SNR_ACCEPT4,
"recvmmsg": SNR_RECVMMSG,
"wait4": SNR_WAIT4,
"prlimit64": SNR_PRLIMIT64,
"fanotify_init": SNR_FANOTIFY_INIT,
"fanotify_mark": SNR_FANOTIFY_MARK,
"name_to_handle_at": SNR_NAME_TO_HANDLE_AT,
"open_by_handle_at": SNR_OPEN_BY_HANDLE_AT,
"clock_adjtime": SNR_CLOCK_ADJTIME,
"syncfs": SNR_SYNCFS,
"setns": SNR_SETNS,
"sendmmsg": SNR_SENDMMSG,
"process_vm_readv": SNR_PROCESS_VM_READV,
"process_vm_writev": SNR_PROCESS_VM_WRITEV,
"kcmp": SNR_KCMP,
"finit_module": SNR_FINIT_MODULE,
"sched_setattr": SNR_SCHED_SETATTR,
"sched_getattr": SNR_SCHED_GETATTR,
"renameat2": SNR_RENAMEAT2,
"seccomp": SNR_SECCOMP,
"getrandom": SNR_GETRANDOM,
"memfd_create": SNR_MEMFD_CREATE,
"bpf": SNR_BPF,
"execveat": SNR_EXECVEAT,
"userfaultfd": SNR_USERFAULTFD,
"membarrier": SNR_MEMBARRIER,
"mlock2": SNR_MLOCK2,
"copy_file_range": SNR_COPY_FILE_RANGE,
"preadv2": SNR_PREADV2,
"pwritev2": SNR_PWRITEV2,
"pkey_mprotect": SNR_PKEY_MPROTECT,
"pkey_alloc": SNR_PKEY_ALLOC,
"pkey_free": SNR_PKEY_FREE,
"statx": SNR_STATX,
"io_pgetevents": SNR_IO_PGETEVENTS,
"rseq": SNR_RSEQ,
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"pidfd_send_signal": SNR_PIDFD_SEND_SIGNAL,
"io_uring_setup": SNR_IO_URING_SETUP,
"io_uring_enter": SNR_IO_URING_ENTER,
"io_uring_register": SNR_IO_URING_REGISTER,
"open_tree": SNR_OPEN_TREE,
"move_mount": SNR_MOVE_MOUNT,
"fsopen": SNR_FSOPEN,
"fsconfig": SNR_FSCONFIG,
"fsmount": SNR_FSMOUNT,
"fspick": SNR_FSPICK,
"pidfd_open": SNR_PIDFD_OPEN,
"clone3": SNR_CLONE3,
"close_range": SNR_CLOSE_RANGE,
"openat2": SNR_OPENAT2,
"pidfd_getfd": SNR_PIDFD_GETFD,
"faccessat2": SNR_FACCESSAT2,
"process_madvise": SNR_PROCESS_MADVISE,
"epoll_pwait2": SNR_EPOLL_PWAIT2,
"mount_setattr": SNR_MOUNT_SETATTR,
"quotactl_fd": SNR_QUOTACTL_FD,
"landlock_create_ruleset": SNR_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SNR_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SNR_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SNR_MEMFD_SECRET,
"process_mrelease": SNR_PROCESS_MRELEASE,
"futex_waitv": SNR_FUTEX_WAITV,
"set_mempolicy_home_node": SNR_SET_MEMPOLICY_HOME_NODE,
"cachestat": SNR_CACHESTAT,
"fchmodat2": SNR_FCHMODAT2,
"map_shadow_stack": SNR_MAP_SHADOW_STACK,
"futex_wake": SNR_FUTEX_WAKE,
"futex_wait": SNR_FUTEX_WAIT,
"futex_requeue": SNR_FUTEX_REQUEUE,
"statmount": SNR_STATMOUNT,
"listmount": SNR_LISTMOUNT,
"lsm_get_self_attr": SNR_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SNR_LSM_SET_SELF_ATTR,
"lsm_list_modules": SNR_LSM_LIST_MODULES,
"mseal": SNR_MSEAL,
"setxattrat": SNR_SETXATTRAT,
"getxattrat": SNR_GETXATTRAT,
"listxattrat": SNR_LISTXATTRAT,
"removexattrat": SNR_REMOVEXATTRAT,
}
const (
SYS_USERFAULTFD = 282
SYS_MEMBARRIER = 283
SYS_MLOCK2 = 284
SYS_COPY_FILE_RANGE = 285
SYS_PREADV2 = 286
SYS_PWRITEV2 = 287
SYS_PKEY_MPROTECT = 288
SYS_PKEY_ALLOC = 289
SYS_PKEY_FREE = 290
SYS_STATX = 291
SYS_IO_PGETEVENTS = 292
SYS_RSEQ = 293
SYS_KEXEC_FILE_LOAD = 294
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
SYS_SETXATTRAT = 463
SYS_GETXATTRAT = 464
SYS_LISTXATTRAT = 465
SYS_REMOVEXATTRAT = 466
SYS_OPEN_TREE_ATTR = 467
SYS_FILE_GETATTR = 468
SYS_FILE_SETATTR = 469
)
const (
SNR_IO_SETUP ScmpSyscall = SYS_IO_SETUP
SNR_IO_DESTROY ScmpSyscall = SYS_IO_DESTROY
SNR_IO_SUBMIT ScmpSyscall = SYS_IO_SUBMIT
SNR_IO_CANCEL ScmpSyscall = SYS_IO_CANCEL
SNR_IO_GETEVENTS ScmpSyscall = SYS_IO_GETEVENTS
SNR_SETXATTR ScmpSyscall = SYS_SETXATTR
SNR_LSETXATTR ScmpSyscall = SYS_LSETXATTR
SNR_FSETXATTR ScmpSyscall = SYS_FSETXATTR
SNR_GETXATTR ScmpSyscall = SYS_GETXATTR
SNR_LGETXATTR ScmpSyscall = SYS_LGETXATTR
SNR_FGETXATTR ScmpSyscall = SYS_FGETXATTR
SNR_LISTXATTR ScmpSyscall = SYS_LISTXATTR
SNR_LLISTXATTR ScmpSyscall = SYS_LLISTXATTR
SNR_FLISTXATTR ScmpSyscall = SYS_FLISTXATTR
SNR_REMOVEXATTR ScmpSyscall = SYS_REMOVEXATTR
SNR_LREMOVEXATTR ScmpSyscall = SYS_LREMOVEXATTR
SNR_FREMOVEXATTR ScmpSyscall = SYS_FREMOVEXATTR
SNR_GETCWD ScmpSyscall = SYS_GETCWD
SNR_LOOKUP_DCOOKIE ScmpSyscall = SYS_LOOKUP_DCOOKIE
SNR_EVENTFD2 ScmpSyscall = SYS_EVENTFD2
SNR_EPOLL_CREATE1 ScmpSyscall = SYS_EPOLL_CREATE1
SNR_EPOLL_CTL ScmpSyscall = SYS_EPOLL_CTL
SNR_EPOLL_PWAIT ScmpSyscall = SYS_EPOLL_PWAIT
SNR_DUP ScmpSyscall = SYS_DUP
SNR_DUP3 ScmpSyscall = SYS_DUP3
SNR_FCNTL ScmpSyscall = SYS_FCNTL
SNR_INOTIFY_INIT1 ScmpSyscall = SYS_INOTIFY_INIT1
SNR_INOTIFY_ADD_WATCH ScmpSyscall = SYS_INOTIFY_ADD_WATCH
SNR_INOTIFY_RM_WATCH ScmpSyscall = SYS_INOTIFY_RM_WATCH
SNR_IOCTL ScmpSyscall = SYS_IOCTL
SNR_IOPRIO_SET ScmpSyscall = SYS_IOPRIO_SET
SNR_IOPRIO_GET ScmpSyscall = SYS_IOPRIO_GET
SNR_FLOCK ScmpSyscall = SYS_FLOCK
SNR_MKNODAT ScmpSyscall = SYS_MKNODAT
SNR_MKDIRAT ScmpSyscall = SYS_MKDIRAT
SNR_UNLINKAT ScmpSyscall = SYS_UNLINKAT
SNR_SYMLINKAT ScmpSyscall = SYS_SYMLINKAT
SNR_LINKAT ScmpSyscall = SYS_LINKAT
SNR_UMOUNT2 ScmpSyscall = SYS_UMOUNT2
SNR_MOUNT ScmpSyscall = SYS_MOUNT
SNR_PIVOT_ROOT ScmpSyscall = SYS_PIVOT_ROOT
SNR_NFSSERVCTL ScmpSyscall = SYS_NFSSERVCTL
SNR_STATFS ScmpSyscall = SYS_STATFS
SNR_FSTATFS ScmpSyscall = SYS_FSTATFS
SNR_TRUNCATE ScmpSyscall = SYS_TRUNCATE
SNR_FTRUNCATE ScmpSyscall = SYS_FTRUNCATE
SNR_FALLOCATE ScmpSyscall = SYS_FALLOCATE
SNR_FACCESSAT ScmpSyscall = SYS_FACCESSAT
SNR_CHDIR ScmpSyscall = SYS_CHDIR
SNR_FCHDIR ScmpSyscall = SYS_FCHDIR
SNR_CHROOT ScmpSyscall = SYS_CHROOT
SNR_FCHMOD ScmpSyscall = SYS_FCHMOD
SNR_FCHMODAT ScmpSyscall = SYS_FCHMODAT
SNR_FCHOWNAT ScmpSyscall = SYS_FCHOWNAT
SNR_FCHOWN ScmpSyscall = SYS_FCHOWN
SNR_OPENAT ScmpSyscall = SYS_OPENAT
SNR_CLOSE ScmpSyscall = SYS_CLOSE
SNR_VHANGUP ScmpSyscall = SYS_VHANGUP
SNR_PIPE2 ScmpSyscall = SYS_PIPE2
SNR_QUOTACTL ScmpSyscall = SYS_QUOTACTL
SNR_GETDENTS64 ScmpSyscall = SYS_GETDENTS64
SNR_LSEEK ScmpSyscall = SYS_LSEEK
SNR_READ ScmpSyscall = SYS_READ
SNR_WRITE ScmpSyscall = SYS_WRITE
SNR_READV ScmpSyscall = SYS_READV
SNR_WRITEV ScmpSyscall = SYS_WRITEV
SNR_PREAD64 ScmpSyscall = SYS_PREAD64
SNR_PWRITE64 ScmpSyscall = SYS_PWRITE64
SNR_PREADV ScmpSyscall = SYS_PREADV
SNR_PWRITEV ScmpSyscall = SYS_PWRITEV
SNR_SENDFILE ScmpSyscall = SYS_SENDFILE
SNR_PSELECT6 ScmpSyscall = SYS_PSELECT6
SNR_PPOLL ScmpSyscall = SYS_PPOLL
SNR_SIGNALFD4 ScmpSyscall = SYS_SIGNALFD4
SNR_VMSPLICE ScmpSyscall = SYS_VMSPLICE
SNR_SPLICE ScmpSyscall = SYS_SPLICE
SNR_TEE ScmpSyscall = SYS_TEE
SNR_READLINKAT ScmpSyscall = SYS_READLINKAT
SNR_NEWFSTATAT ScmpSyscall = SYS_NEWFSTATAT
SNR_FSTAT ScmpSyscall = SYS_FSTAT
SNR_SYNC ScmpSyscall = SYS_SYNC
SNR_FSYNC ScmpSyscall = SYS_FSYNC
SNR_FDATASYNC ScmpSyscall = SYS_FDATASYNC
SNR_SYNC_FILE_RANGE ScmpSyscall = SYS_SYNC_FILE_RANGE
SNR_TIMERFD_CREATE ScmpSyscall = SYS_TIMERFD_CREATE
SNR_TIMERFD_SETTIME ScmpSyscall = SYS_TIMERFD_SETTIME
SNR_TIMERFD_GETTIME ScmpSyscall = SYS_TIMERFD_GETTIME
SNR_UTIMENSAT ScmpSyscall = SYS_UTIMENSAT
SNR_ACCT ScmpSyscall = SYS_ACCT
SNR_CAPGET ScmpSyscall = SYS_CAPGET
SNR_CAPSET ScmpSyscall = SYS_CAPSET
SNR_PERSONALITY ScmpSyscall = SYS_PERSONALITY
SNR_EXIT ScmpSyscall = SYS_EXIT
SNR_EXIT_GROUP ScmpSyscall = SYS_EXIT_GROUP
SNR_WAITID ScmpSyscall = SYS_WAITID
SNR_SET_TID_ADDRESS ScmpSyscall = SYS_SET_TID_ADDRESS
SNR_UNSHARE ScmpSyscall = SYS_UNSHARE
SNR_FUTEX ScmpSyscall = SYS_FUTEX
SNR_SET_ROBUST_LIST ScmpSyscall = SYS_SET_ROBUST_LIST
SNR_GET_ROBUST_LIST ScmpSyscall = SYS_GET_ROBUST_LIST
SNR_NANOSLEEP ScmpSyscall = SYS_NANOSLEEP
SNR_GETITIMER ScmpSyscall = SYS_GETITIMER
SNR_SETITIMER ScmpSyscall = SYS_SETITIMER
SNR_KEXEC_LOAD ScmpSyscall = SYS_KEXEC_LOAD
SNR_INIT_MODULE ScmpSyscall = SYS_INIT_MODULE
SNR_DELETE_MODULE ScmpSyscall = SYS_DELETE_MODULE
SNR_TIMER_CREATE ScmpSyscall = SYS_TIMER_CREATE
SNR_TIMER_GETTIME ScmpSyscall = SYS_TIMER_GETTIME
SNR_TIMER_GETOVERRUN ScmpSyscall = SYS_TIMER_GETOVERRUN
SNR_TIMER_SETTIME ScmpSyscall = SYS_TIMER_SETTIME
SNR_TIMER_DELETE ScmpSyscall = SYS_TIMER_DELETE
SNR_CLOCK_SETTIME ScmpSyscall = SYS_CLOCK_SETTIME
SNR_CLOCK_GETTIME ScmpSyscall = SYS_CLOCK_GETTIME
SNR_CLOCK_GETRES ScmpSyscall = SYS_CLOCK_GETRES
SNR_CLOCK_NANOSLEEP ScmpSyscall = SYS_CLOCK_NANOSLEEP
SNR_SYSLOG ScmpSyscall = SYS_SYSLOG
SNR_PTRACE ScmpSyscall = SYS_PTRACE
SNR_SCHED_SETPARAM ScmpSyscall = SYS_SCHED_SETPARAM
SNR_SCHED_SETSCHEDULER ScmpSyscall = SYS_SCHED_SETSCHEDULER
SNR_SCHED_GETSCHEDULER ScmpSyscall = SYS_SCHED_GETSCHEDULER
SNR_SCHED_GETPARAM ScmpSyscall = SYS_SCHED_GETPARAM
SNR_SCHED_SETAFFINITY ScmpSyscall = SYS_SCHED_SETAFFINITY
SNR_SCHED_GETAFFINITY ScmpSyscall = SYS_SCHED_GETAFFINITY
SNR_SCHED_YIELD ScmpSyscall = SYS_SCHED_YIELD
SNR_SCHED_GET_PRIORITY_MAX ScmpSyscall = SYS_SCHED_GET_PRIORITY_MAX
SNR_SCHED_GET_PRIORITY_MIN ScmpSyscall = SYS_SCHED_GET_PRIORITY_MIN
SNR_SCHED_RR_GET_INTERVAL ScmpSyscall = SYS_SCHED_RR_GET_INTERVAL
SNR_RESTART_SYSCALL ScmpSyscall = SYS_RESTART_SYSCALL
SNR_KILL ScmpSyscall = SYS_KILL
SNR_TKILL ScmpSyscall = SYS_TKILL
SNR_TGKILL ScmpSyscall = SYS_TGKILL
SNR_SIGALTSTACK ScmpSyscall = SYS_SIGALTSTACK
SNR_RT_SIGSUSPEND ScmpSyscall = SYS_RT_SIGSUSPEND
SNR_RT_SIGACTION ScmpSyscall = SYS_RT_SIGACTION
SNR_RT_SIGPROCMASK ScmpSyscall = SYS_RT_SIGPROCMASK
SNR_RT_SIGPENDING ScmpSyscall = SYS_RT_SIGPENDING
SNR_RT_SIGTIMEDWAIT ScmpSyscall = SYS_RT_SIGTIMEDWAIT
SNR_RT_SIGQUEUEINFO ScmpSyscall = SYS_RT_SIGQUEUEINFO
SNR_RT_SIGRETURN ScmpSyscall = SYS_RT_SIGRETURN
SNR_SETPRIORITY ScmpSyscall = SYS_SETPRIORITY
SNR_GETPRIORITY ScmpSyscall = SYS_GETPRIORITY
SNR_REBOOT ScmpSyscall = SYS_REBOOT
SNR_SETREGID ScmpSyscall = SYS_SETREGID
SNR_SETGID ScmpSyscall = SYS_SETGID
SNR_SETREUID ScmpSyscall = SYS_SETREUID
SNR_SETUID ScmpSyscall = SYS_SETUID
SNR_SETRESUID ScmpSyscall = SYS_SETRESUID
SNR_GETRESUID ScmpSyscall = SYS_GETRESUID
SNR_SETRESGID ScmpSyscall = SYS_SETRESGID
SNR_GETRESGID ScmpSyscall = SYS_GETRESGID
SNR_SETFSUID ScmpSyscall = SYS_SETFSUID
SNR_SETFSGID ScmpSyscall = SYS_SETFSGID
SNR_TIMES ScmpSyscall = SYS_TIMES
SNR_SETPGID ScmpSyscall = SYS_SETPGID
SNR_GETPGID ScmpSyscall = SYS_GETPGID
SNR_GETSID ScmpSyscall = SYS_GETSID
SNR_SETSID ScmpSyscall = SYS_SETSID
SNR_GETGROUPS ScmpSyscall = SYS_GETGROUPS
SNR_SETGROUPS ScmpSyscall = SYS_SETGROUPS
SNR_UNAME ScmpSyscall = SYS_UNAME
SNR_SETHOSTNAME ScmpSyscall = SYS_SETHOSTNAME
SNR_SETDOMAINNAME ScmpSyscall = SYS_SETDOMAINNAME
SNR_GETRLIMIT ScmpSyscall = SYS_GETRLIMIT
SNR_SETRLIMIT ScmpSyscall = SYS_SETRLIMIT
SNR_GETRUSAGE ScmpSyscall = SYS_GETRUSAGE
SNR_UMASK ScmpSyscall = SYS_UMASK
SNR_PRCTL ScmpSyscall = SYS_PRCTL
SNR_GETCPU ScmpSyscall = SYS_GETCPU
SNR_GETTIMEOFDAY ScmpSyscall = SYS_GETTIMEOFDAY
SNR_SETTIMEOFDAY ScmpSyscall = SYS_SETTIMEOFDAY
SNR_ADJTIMEX ScmpSyscall = SYS_ADJTIMEX
SNR_GETPID ScmpSyscall = SYS_GETPID
SNR_GETPPID ScmpSyscall = SYS_GETPPID
SNR_GETUID ScmpSyscall = SYS_GETUID
SNR_GETEUID ScmpSyscall = SYS_GETEUID
SNR_GETGID ScmpSyscall = SYS_GETGID
SNR_GETEGID ScmpSyscall = SYS_GETEGID
SNR_GETTID ScmpSyscall = SYS_GETTID
SNR_SYSINFO ScmpSyscall = SYS_SYSINFO
SNR_MQ_OPEN ScmpSyscall = SYS_MQ_OPEN
SNR_MQ_UNLINK ScmpSyscall = SYS_MQ_UNLINK
SNR_MQ_TIMEDSEND ScmpSyscall = SYS_MQ_TIMEDSEND
SNR_MQ_TIMEDRECEIVE ScmpSyscall = SYS_MQ_TIMEDRECEIVE
SNR_MQ_NOTIFY ScmpSyscall = SYS_MQ_NOTIFY
SNR_MQ_GETSETATTR ScmpSyscall = SYS_MQ_GETSETATTR
SNR_MSGGET ScmpSyscall = SYS_MSGGET
SNR_MSGCTL ScmpSyscall = SYS_MSGCTL
SNR_MSGRCV ScmpSyscall = SYS_MSGRCV
SNR_MSGSND ScmpSyscall = SYS_MSGSND
SNR_SEMGET ScmpSyscall = SYS_SEMGET
SNR_SEMCTL ScmpSyscall = SYS_SEMCTL
SNR_SEMTIMEDOP ScmpSyscall = SYS_SEMTIMEDOP
SNR_SEMOP ScmpSyscall = SYS_SEMOP
SNR_SHMGET ScmpSyscall = SYS_SHMGET
SNR_SHMCTL ScmpSyscall = SYS_SHMCTL
SNR_SHMAT ScmpSyscall = SYS_SHMAT
SNR_SHMDT ScmpSyscall = SYS_SHMDT
SNR_SOCKET ScmpSyscall = SYS_SOCKET
SNR_SOCKETPAIR ScmpSyscall = SYS_SOCKETPAIR
SNR_BIND ScmpSyscall = SYS_BIND
SNR_LISTEN ScmpSyscall = SYS_LISTEN
SNR_ACCEPT ScmpSyscall = SYS_ACCEPT
SNR_CONNECT ScmpSyscall = SYS_CONNECT
SNR_GETSOCKNAME ScmpSyscall = SYS_GETSOCKNAME
SNR_GETPEERNAME ScmpSyscall = SYS_GETPEERNAME
SNR_SENDTO ScmpSyscall = SYS_SENDTO
SNR_RECVFROM ScmpSyscall = SYS_RECVFROM
SNR_SETSOCKOPT ScmpSyscall = SYS_SETSOCKOPT
SNR_GETSOCKOPT ScmpSyscall = SYS_GETSOCKOPT
SNR_SHUTDOWN ScmpSyscall = SYS_SHUTDOWN
SNR_SENDMSG ScmpSyscall = SYS_SENDMSG
SNR_RECVMSG ScmpSyscall = SYS_RECVMSG
SNR_READAHEAD ScmpSyscall = SYS_READAHEAD
SNR_BRK ScmpSyscall = SYS_BRK
SNR_MUNMAP ScmpSyscall = SYS_MUNMAP
SNR_MREMAP ScmpSyscall = SYS_MREMAP
SNR_ADD_KEY ScmpSyscall = SYS_ADD_KEY
SNR_REQUEST_KEY ScmpSyscall = SYS_REQUEST_KEY
SNR_KEYCTL ScmpSyscall = SYS_KEYCTL
SNR_CLONE ScmpSyscall = SYS_CLONE
SNR_EXECVE ScmpSyscall = SYS_EXECVE
SNR_MMAP ScmpSyscall = SYS_MMAP
SNR_FADVISE64 ScmpSyscall = SYS_FADVISE64
SNR_SWAPON ScmpSyscall = SYS_SWAPON
SNR_SWAPOFF ScmpSyscall = SYS_SWAPOFF
SNR_MPROTECT ScmpSyscall = SYS_MPROTECT
SNR_MSYNC ScmpSyscall = SYS_MSYNC
SNR_MLOCK ScmpSyscall = SYS_MLOCK
SNR_MUNLOCK ScmpSyscall = SYS_MUNLOCK
SNR_MLOCKALL ScmpSyscall = SYS_MLOCKALL
SNR_MUNLOCKALL ScmpSyscall = SYS_MUNLOCKALL
SNR_MINCORE ScmpSyscall = SYS_MINCORE
SNR_MADVISE ScmpSyscall = SYS_MADVISE
SNR_REMAP_FILE_PAGES ScmpSyscall = SYS_REMAP_FILE_PAGES
SNR_MBIND ScmpSyscall = SYS_MBIND
SNR_GET_MEMPOLICY ScmpSyscall = SYS_GET_MEMPOLICY
SNR_SET_MEMPOLICY ScmpSyscall = SYS_SET_MEMPOLICY
SNR_MIGRATE_PAGES ScmpSyscall = SYS_MIGRATE_PAGES
SNR_MOVE_PAGES ScmpSyscall = SYS_MOVE_PAGES
SNR_RT_TGSIGQUEUEINFO ScmpSyscall = SYS_RT_TGSIGQUEUEINFO
SNR_PERF_EVENT_OPEN ScmpSyscall = SYS_PERF_EVENT_OPEN
SNR_ACCEPT4 ScmpSyscall = SYS_ACCEPT4
SNR_RECVMMSG ScmpSyscall = SYS_RECVMMSG
SNR_WAIT4 ScmpSyscall = SYS_WAIT4
SNR_PRLIMIT64 ScmpSyscall = SYS_PRLIMIT64
SNR_FANOTIFY_INIT ScmpSyscall = SYS_FANOTIFY_INIT
SNR_FANOTIFY_MARK ScmpSyscall = SYS_FANOTIFY_MARK
SNR_NAME_TO_HANDLE_AT ScmpSyscall = SYS_NAME_TO_HANDLE_AT
SNR_OPEN_BY_HANDLE_AT ScmpSyscall = SYS_OPEN_BY_HANDLE_AT
SNR_CLOCK_ADJTIME ScmpSyscall = SYS_CLOCK_ADJTIME
SNR_SYNCFS ScmpSyscall = SYS_SYNCFS
SNR_SETNS ScmpSyscall = SYS_SETNS
SNR_SENDMMSG ScmpSyscall = SYS_SENDMMSG
SNR_PROCESS_VM_READV ScmpSyscall = SYS_PROCESS_VM_READV
SNR_PROCESS_VM_WRITEV ScmpSyscall = SYS_PROCESS_VM_WRITEV
SNR_KCMP ScmpSyscall = SYS_KCMP
SNR_FINIT_MODULE ScmpSyscall = SYS_FINIT_MODULE
SNR_SCHED_SETATTR ScmpSyscall = SYS_SCHED_SETATTR
SNR_SCHED_GETATTR ScmpSyscall = SYS_SCHED_GETATTR
SNR_RENAMEAT2 ScmpSyscall = SYS_RENAMEAT2
SNR_SECCOMP ScmpSyscall = SYS_SECCOMP
SNR_GETRANDOM ScmpSyscall = SYS_GETRANDOM
SNR_MEMFD_CREATE ScmpSyscall = SYS_MEMFD_CREATE
SNR_BPF ScmpSyscall = SYS_BPF
SNR_EXECVEAT ScmpSyscall = SYS_EXECVEAT
SNR_USERFAULTFD ScmpSyscall = SYS_USERFAULTFD
SNR_MEMBARRIER ScmpSyscall = SYS_MEMBARRIER
SNR_MLOCK2 ScmpSyscall = SYS_MLOCK2
SNR_COPY_FILE_RANGE ScmpSyscall = SYS_COPY_FILE_RANGE
SNR_PREADV2 ScmpSyscall = SYS_PREADV2
SNR_PWRITEV2 ScmpSyscall = SYS_PWRITEV2
SNR_PKEY_MPROTECT ScmpSyscall = SYS_PKEY_MPROTECT
SNR_PKEY_ALLOC ScmpSyscall = SYS_PKEY_ALLOC
SNR_PKEY_FREE ScmpSyscall = SYS_PKEY_FREE
SNR_STATX ScmpSyscall = SYS_STATX
SNR_IO_PGETEVENTS ScmpSyscall = SYS_IO_PGETEVENTS
SNR_RSEQ ScmpSyscall = SYS_RSEQ
SNR_KEXEC_FILE_LOAD ScmpSyscall = SYS_KEXEC_FILE_LOAD
SNR_PIDFD_SEND_SIGNAL ScmpSyscall = SYS_PIDFD_SEND_SIGNAL
SNR_IO_URING_SETUP ScmpSyscall = SYS_IO_URING_SETUP
SNR_IO_URING_ENTER ScmpSyscall = SYS_IO_URING_ENTER
SNR_IO_URING_REGISTER ScmpSyscall = SYS_IO_URING_REGISTER
SNR_OPEN_TREE ScmpSyscall = SYS_OPEN_TREE
SNR_MOVE_MOUNT ScmpSyscall = SYS_MOVE_MOUNT
SNR_FSOPEN ScmpSyscall = SYS_FSOPEN
SNR_FSCONFIG ScmpSyscall = SYS_FSCONFIG
SNR_FSMOUNT ScmpSyscall = SYS_FSMOUNT
SNR_FSPICK ScmpSyscall = SYS_FSPICK
SNR_PIDFD_OPEN ScmpSyscall = SYS_PIDFD_OPEN
SNR_CLONE3 ScmpSyscall = SYS_CLONE3
SNR_CLOSE_RANGE ScmpSyscall = SYS_CLOSE_RANGE
SNR_OPENAT2 ScmpSyscall = SYS_OPENAT2
SNR_PIDFD_GETFD ScmpSyscall = SYS_PIDFD_GETFD
SNR_FACCESSAT2 ScmpSyscall = SYS_FACCESSAT2
SNR_PROCESS_MADVISE ScmpSyscall = SYS_PROCESS_MADVISE
SNR_EPOLL_PWAIT2 ScmpSyscall = SYS_EPOLL_PWAIT2
SNR_MOUNT_SETATTR ScmpSyscall = SYS_MOUNT_SETATTR
SNR_QUOTACTL_FD ScmpSyscall = SYS_QUOTACTL_FD
SNR_LANDLOCK_CREATE_RULESET ScmpSyscall = SYS_LANDLOCK_CREATE_RULESET
SNR_LANDLOCK_ADD_RULE ScmpSyscall = SYS_LANDLOCK_ADD_RULE
SNR_LANDLOCK_RESTRICT_SELF ScmpSyscall = SYS_LANDLOCK_RESTRICT_SELF
SNR_MEMFD_SECRET ScmpSyscall = SYS_MEMFD_SECRET
SNR_PROCESS_MRELEASE ScmpSyscall = SYS_PROCESS_MRELEASE
SNR_FUTEX_WAITV ScmpSyscall = SYS_FUTEX_WAITV
SNR_SET_MEMPOLICY_HOME_NODE ScmpSyscall = SYS_SET_MEMPOLICY_HOME_NODE
SNR_CACHESTAT ScmpSyscall = SYS_CACHESTAT
SNR_FCHMODAT2 ScmpSyscall = SYS_FCHMODAT2
SNR_MAP_SHADOW_STACK ScmpSyscall = SYS_MAP_SHADOW_STACK
SNR_FUTEX_WAKE ScmpSyscall = SYS_FUTEX_WAKE
SNR_FUTEX_WAIT ScmpSyscall = SYS_FUTEX_WAIT
SNR_FUTEX_REQUEUE ScmpSyscall = SYS_FUTEX_REQUEUE
SNR_STATMOUNT ScmpSyscall = SYS_STATMOUNT
SNR_LISTMOUNT ScmpSyscall = SYS_LISTMOUNT
SNR_LSM_GET_SELF_ATTR ScmpSyscall = SYS_LSM_GET_SELF_ATTR
SNR_LSM_SET_SELF_ATTR ScmpSyscall = SYS_LSM_SET_SELF_ATTR
SNR_LSM_LIST_MODULES ScmpSyscall = SYS_LSM_LIST_MODULES
SNR_MSEAL ScmpSyscall = SYS_MSEAL
SNR_SETXATTRAT ScmpSyscall = SYS_SETXATTRAT
SNR_GETXATTRAT ScmpSyscall = SYS_GETXATTRAT
SNR_LISTXATTRAT ScmpSyscall = SYS_LISTXATTRAT
SNR_REMOVEXATTRAT ScmpSyscall = SYS_REMOVEXATTRAT
SNR_OPEN_TREE_ATTR ScmpSyscall = SYS_OPEN_TREE_ATTR
SNR_FILE_GETATTR ScmpSyscall = SYS_FILE_GETATTR
SNR_FILE_SETATTR ScmpSyscall = SYS_FILE_SETATTR
)

21
container/std/syscall_test.go
View File

@@ -1,21 +0,0 @@
package std_test
import (
"testing"
"hakurei.app/container/std"
)
func TestSyscallResolveName(t *testing.T) {
t.Parallel()
for name, want := range std.Syscalls() {
t.Run(name, func(t *testing.T) {
t.Parallel()
if got, ok := std.SyscallResolveName(name); !ok || got != want {
t.Errorf("SyscallResolveName(%q) = %d, want %d", name, got, want)
}
})
}
}

8
container/std/types.go
View File

@@ -1,8 +0,0 @@
package std
type (
// Uint is equivalent to C.uint.
Uint uint32
// Int is equivalent to C.int.
Int int32
)

22
container/syscall.go
View File

@@ -4,7 +4,7 @@ import (
. "syscall" . "syscall"
"unsafe" "unsafe"
"hakurei.app/container/std" "hakurei.app/ext"
) )
// Prctl manipulates various aspects of the behavior of the calling thread or process. // Prctl manipulates various aspects of the behavior of the calling thread or process.
@@ -43,22 +43,10 @@ func Isatty(fd int) bool {
return r == 0 return r == 0
} }
// include/uapi/linux/sched.h
const (
SCHED_NORMAL = iota
SCHED_FIFO
SCHED_RR
SCHED_BATCH
_ // SCHED_ISO: reserved but not implemented yet
SCHED_IDLE
SCHED_DEADLINE
SCHED_EXT
)
// schedParam is equivalent to struct sched_param from include/linux/sched.h. // schedParam is equivalent to struct sched_param from include/linux/sched.h.
type schedParam struct { type schedParam struct {
// sched_priority // sched_priority
priority std.Int priority ext.Int
} }
// schedSetscheduler sets both the scheduling policy and parameters for the // schedSetscheduler sets both the scheduling policy and parameters for the
@@ -74,13 +62,13 @@ type schedParam struct {
// this if you do not have something similar in place! // this if you do not have something similar in place!
// //
// [very subtle to use correctly]: https://www.openwall.com/lists/musl/2016/03/01/4 // [very subtle to use correctly]: https://www.openwall.com/lists/musl/2016/03/01/4
func schedSetscheduler(tid, policy int, param *schedParam) error { func schedSetscheduler(tid int, policy ext.SchedPolicy, param *schedParam) error {
if r, _, errno := Syscall( if _, _, errno := Syscall(
SYS_SCHED_SETSCHEDULER, SYS_SCHED_SETSCHEDULER,
uintptr(tid), uintptr(tid),
uintptr(policy), uintptr(policy),
uintptr(unsafe.Pointer(param)), uintptr(unsafe.Pointer(param)),
); r < 0 { ); errno != 0 {
return errno return errno
} }
return nil return nil

78
ext/ext.go Normal file
View File

@@ -0,0 +1,78 @@
// Package ext provides wrappers around nonportable system interfaces.
package ext
import (
"encoding/json"
"iter"
"strconv"
)
// checked in container/seccomp
type (
// Uint is equivalent to C.uint.
Uint = uint32
// Int is equivalent to C.int.
Int = int32
)
// SyscallNum represents an architecture-specific, Linux syscall number.
type SyscallNum Int
// Syscalls returns an iterator over all wired syscalls.
func Syscalls() iter.Seq2[string, SyscallNum] {
return func(yield func(string, SyscallNum) bool) {
for name, num := range syscallNum {
if !yield(name, num) {
return
}
}
for name, num := range syscallNumExtra {
if !yield(name, num) {
return
}
}
}
}
// SyscallResolveName resolves a syscall number from its string representation.
func SyscallResolveName(name string) (num SyscallNum, ok bool) {
if num, ok = syscallNum[name]; ok {
return
}
num, ok = syscallNumExtra[name]
return
}
// MarshalJSON resolves the name of [Syscall] and encodes it as a [json] string.
// If such a name does not exist, the syscall number is encoded instead.
func (num *SyscallNum) MarshalJSON() ([]byte, error) {
n := *num
for name, cur := range Syscalls() {
if cur == n {
return json.Marshal(name)
}
}
return json.Marshal(n)
}
// SyscallNameError is returned when trying to unmarshal an invalid syscall name into [ScmpSyscall].
type SyscallNameError string
func (e SyscallNameError) Error() string {
return "invalid syscall name " + strconv.Quote(string(e))
}
// UnmarshalJSON looks up the syscall number corresponding to name encoded in data
// by calling [SyscallResolveName].
func (num *SyscallNum) UnmarshalJSON(data []byte) error {
var name string
if err := json.Unmarshal(data, &name); err != nil {
return err
}
if n, ok := SyscallResolveName(name); !ok {
return SyscallNameError(name)
} else {
*num = n
return nil
}
}

34
container/std/seccomp_test.go → ext/ext_test.go
View File

@@ -1,4 +1,4 @@
package std_test package ext_test
import ( import (
"encoding/json" "encoding/json"
@@ -7,39 +7,39 @@ import (
"reflect" "reflect"
"testing" "testing"
"hakurei.app/container/std" "hakurei.app/ext"
) )
func TestScmpSyscall(t *testing.T) { func TestSyscall(t *testing.T) {
t.Parallel() t.Parallel()
testCases := []struct { testCases := []struct {
name string name string
data string data string
want std.ScmpSyscall want ext.SyscallNum
err error err error
}{ }{
{"epoll_create1", `"epoll_create1"`, std.SNR_EPOLL_CREATE1, nil}, {"epoll_create1", `"epoll_create1"`, ext.SNR_EPOLL_CREATE1, nil},
{"clone3", `"clone3"`, std.SNR_CLONE3, nil}, {"clone3", `"clone3"`, ext.SNR_CLONE3, nil},
{"oob", `-2147483647`, -math.MaxInt32, {"oob", `-2147483647`, -math.MaxInt32,
&json.UnmarshalTypeError{Value: "number", Type: reflect.TypeFor[string](), Offset: 11}}, &json.UnmarshalTypeError{Value: "number", Type: reflect.TypeFor[string](), Offset: 11}},
{"name", `"nonexistent_syscall"`, -math.MaxInt32, {"name", `"nonexistent_syscall"`, -math.MaxInt32,
std.SyscallNameError("nonexistent_syscall")}, ext.SyscallNameError("nonexistent_syscall")},
} }
for _, tc := range testCases { for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
t.Parallel() t.Parallel()
t.Run("decode", func(t *testing.T) { t.Run("decode", func(t *testing.T) {
var got std.ScmpSyscall var got ext.SyscallNum
if err := json.Unmarshal([]byte(tc.data), &got); !reflect.DeepEqual(err, tc.err) { if err := json.Unmarshal([]byte(tc.data), &got); !reflect.DeepEqual(err, tc.err) {
t.Fatalf("Unmarshal: error = %#v, want %#v", err, tc.err) t.Fatalf("Unmarshal: error = %#v, want %#v", err, tc.err)
} else if err == nil && got != tc.want { } else if err == nil && got != tc.want {
t.Errorf("Unmarshal: %v, want %v", got, tc.want) t.Errorf("Unmarshal: %v, want %v", got, tc.want)
} }
}) })
if errors.As(tc.err, new(std.SyscallNameError)) { if errors.As(tc.err, new(ext.SyscallNameError)) {
return return
} }
@@ -55,8 +55,22 @@ func TestScmpSyscall(t *testing.T) {
t.Run("error", func(t *testing.T) { t.Run("error", func(t *testing.T) {
const want = `invalid syscall name "\x00"` const want = `invalid syscall name "\x00"`
if got := std.SyscallNameError("\x00").Error(); got != want { if got := ext.SyscallNameError("\x00").Error(); got != want {
t.Fatalf("Error: %q, want %q", got, want) t.Fatalf("Error: %q, want %q", got, want)
} }
}) })
} }
func TestSyscallResolveName(t *testing.T) {
t.Parallel()
for name, want := range ext.Syscalls() {
t.Run(name, func(t *testing.T) {
t.Parallel()
if got, ok := ext.SyscallResolveName(name); !ok || got != want {
t.Errorf("SyscallResolveName(%q) = %d, want %d", name, got, want)
}
})
}
}

6
container/std/mksysnum_linux.pl → ext/mksysnum_linux.pl
View File

@@ -19,11 +19,11 @@ print <<EOF;
// $command // $command
// Code generated by the command above; DO NOT EDIT. // Code generated by the command above; DO NOT EDIT.
package std package ext
import . "syscall" import . "syscall"
var syscallNum = map[string]ScmpSyscall{ var syscallNum = map[string]SyscallNum{
EOF EOF
my $offset = 0; my $offset = 0;
@@ -45,7 +45,7 @@ sub fmt {
print " \"$name\": SNR_$name_upper,\n"; print " \"$name\": SNR_$name_upper,\n";
} }
elsif($state == 1){ elsif($state == 1){
print " SNR_$name_upper ScmpSyscall = SYS_$name_upper\n"; print " SNR_$name_upper SyscallNum = SYS_$name_upper\n";
} }
else{ else{
return; return;

2
container/std/pnr.go → ext/pnr.go
View File

@@ -1,6 +1,6 @@
// Code generated from include/seccomp-syscalls.h; DO NOT EDIT. // Code generated from include/seccomp-syscalls.h; DO NOT EDIT.
package std package ext
/* /*
* pseudo syscall definitions * pseudo syscall definitions

133
ext/syscall.go Normal file
View File

@@ -0,0 +1,133 @@
package ext
import (
"encoding"
"strconv"
"sync"
"syscall"
)
// SchedPolicy denotes a scheduling policy defined in include/uapi/linux/sched.h.
type SchedPolicy int
// include/uapi/linux/sched.h
const (
SCHED_NORMAL SchedPolicy = iota
SCHED_FIFO
SCHED_RR
SCHED_BATCH
_SCHED_ISO // SCHED_ISO: reserved but not implemented yet
SCHED_IDLE
SCHED_DEADLINE
SCHED_EXT
SCHED_LAST SchedPolicy = iota - 1
)
var _ encoding.TextMarshaler = SCHED_LAST
var _ encoding.TextUnmarshaler = new(SCHED_LAST)
// String returns a unique representation of policy, also used in encoding.
func (policy SchedPolicy) String() string {
switch policy {
case SCHED_NORMAL:
return ""
case SCHED_FIFO:
return "fifo"
case SCHED_RR:
return "rr"
case SCHED_BATCH:
return "batch"
case SCHED_IDLE:
return "idle"
case SCHED_DEADLINE:
return "deadline"
case SCHED_EXT:
return "ext"
default:
return "invalid policy " + strconv.Itoa(int(policy))
}
}
// MarshalText performs bounds checking and returns the result of String.
func (policy SchedPolicy) MarshalText() ([]byte, error) {
if policy == _SCHED_ISO || policy < 0 || policy > SCHED_LAST {
return nil, syscall.EINVAL
}
return []byte(policy.String()), nil
}
// InvalidSchedPolicyError is an invalid string representation of a [SchedPolicy].
type InvalidSchedPolicyError string
func (InvalidSchedPolicyError) Unwrap() error { return syscall.EINVAL }
func (e InvalidSchedPolicyError) Error() string {
return "invalid scheduling policy " + strconv.Quote(string(e))
}
// UnmarshalText is the inverse of MarshalText.
func (policy *SchedPolicy) UnmarshalText(text []byte) error {
switch string(text) {
case "fifo":
*policy = SCHED_FIFO
case "rr":
*policy = SCHED_RR
case "batch":
*policy = SCHED_BATCH
case "idle":
*policy = SCHED_IDLE
case "deadline":
*policy = SCHED_DEADLINE
case "ext":
*policy = SCHED_EXT
case "":
*policy = 0
return nil
default:
return InvalidSchedPolicyError(text)
}
return nil
}
// for sched_get_priority_max and sched_get_priority_min
var (
schedPriority [SCHED_LAST + 1][2]Int
schedPriorityErr [SCHED_LAST + 1][2]error
schedPriorityOnce [SCHED_LAST + 1][2]sync.Once
)
// GetPriorityMax returns the maximum priority value that can be used with the
// scheduling algorithm identified by policy.
func (policy SchedPolicy) GetPriorityMax() (Int, error) {
schedPriorityOnce[policy][0].Do(func() {
priority, _, errno := syscall.Syscall(
syscall.SYS_SCHED_GET_PRIORITY_MAX,
uintptr(policy),
0, 0,
)
schedPriority[policy][0] = Int(priority)
if errno != 0 {
schedPriorityErr[policy][0] = errno
}
})
return schedPriority[policy][0], schedPriorityErr[policy][0]
}
// GetPriorityMin returns the minimum priority value that can be used with the
// scheduling algorithm identified by policy.
func (policy SchedPolicy) GetPriorityMin() (Int, error) {
schedPriorityOnce[policy][1].Do(func() {
priority, _, errno := syscall.Syscall(
syscall.SYS_SCHED_GET_PRIORITY_MIN,
uintptr(policy),
0, 0,
)
schedPriority[policy][1] = Int(priority)
if errno != 0 {
schedPriorityErr[policy][1] = errno
}
})
return schedPriority[policy][1], schedPriorityErr[policy][1]
}

13
ext/syscall_extra_linux_386.go Normal file
View File

@@ -0,0 +1,13 @@
package ext
var syscallNumExtra = map[string]SyscallNum{
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
}
const (
SNR_KEXEC_FILE_LOAD SyscallNum = __PNR_kexec_file_load
SNR_SUBPAGE_PROT SyscallNum = __PNR_subpage_prot
SNR_SWITCH_ENDIAN SyscallNum = __PNR_switch_endian
)

41
ext/syscall_extra_linux_amd64.go Normal file
View File

@@ -0,0 +1,41 @@
package ext
var syscallNumExtra = map[string]SyscallNum{
"umount": SNR_UMOUNT,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
"vm86": SNR_VM86,
"vm86old": SNR_VM86OLD,
"clock_adjtime64": SNR_CLOCK_ADJTIME64,
"clock_settime64": SNR_CLOCK_SETTIME64,
"chown32": SNR_CHOWN32,
"fchown32": SNR_FCHOWN32,
"lchown32": SNR_LCHOWN32,
"setgid32": SNR_SETGID32,
"setgroups32": SNR_SETGROUPS32,
"setregid32": SNR_SETREGID32,
"setresgid32": SNR_SETRESGID32,
"setresuid32": SNR_SETRESUID32,
"setreuid32": SNR_SETREUID32,
"setuid32": SNR_SETUID32,
}
const (
SNR_UMOUNT SyscallNum = __PNR_umount
SNR_SUBPAGE_PROT SyscallNum = __PNR_subpage_prot
SNR_SWITCH_ENDIAN SyscallNum = __PNR_switch_endian
SNR_VM86 SyscallNum = __PNR_vm86
SNR_VM86OLD SyscallNum = __PNR_vm86old
SNR_CLOCK_ADJTIME64 SyscallNum = __PNR_clock_adjtime64
SNR_CLOCK_SETTIME64 SyscallNum = __PNR_clock_settime64
SNR_CHOWN32 SyscallNum = __PNR_chown32
SNR_FCHOWN32 SyscallNum = __PNR_fchown32
SNR_LCHOWN32 SyscallNum = __PNR_lchown32
SNR_SETGID32 SyscallNum = __PNR_setgid32
SNR_SETGROUPS32 SyscallNum = __PNR_setgroups32
SNR_SETREGID32 SyscallNum = __PNR_setregid32
SNR_SETRESGID32 SyscallNum = __PNR_setresgid32
SNR_SETRESUID32 SyscallNum = __PNR_setresuid32
SNR_SETREUID32 SyscallNum = __PNR_setreuid32
SNR_SETUID32 SyscallNum = __PNR_setuid32
)

55
ext/syscall_extra_linux_arm64.go Normal file
View File

@@ -0,0 +1,55 @@
package ext
import "syscall"
const (
SYS_NEWFSTATAT = syscall.SYS_FSTATAT
)
var syscallNumExtra = map[string]SyscallNum{
"uselib": SNR_USELIB,
"clock_adjtime64": SNR_CLOCK_ADJTIME64,
"clock_settime64": SNR_CLOCK_SETTIME64,
"umount": SNR_UMOUNT,
"chown": SNR_CHOWN,
"chown32": SNR_CHOWN32,
"fchown32": SNR_FCHOWN32,
"lchown": SNR_LCHOWN,
"lchown32": SNR_LCHOWN32,
"setgid32": SNR_SETGID32,
"setgroups32": SNR_SETGROUPS32,
"setregid32": SNR_SETREGID32,
"setresgid32": SNR_SETRESGID32,
"setresuid32": SNR_SETRESUID32,
"setreuid32": SNR_SETREUID32,
"setuid32": SNR_SETUID32,
"modify_ldt": SNR_MODIFY_LDT,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
"vm86": SNR_VM86,
"vm86old": SNR_VM86OLD,
}
const (
SNR_USELIB SyscallNum = __PNR_uselib
SNR_CLOCK_ADJTIME64 SyscallNum = __PNR_clock_adjtime64
SNR_CLOCK_SETTIME64 SyscallNum = __PNR_clock_settime64
SNR_UMOUNT SyscallNum = __PNR_umount
SNR_CHOWN SyscallNum = __PNR_chown
SNR_CHOWN32 SyscallNum = __PNR_chown32
SNR_FCHOWN32 SyscallNum = __PNR_fchown32
SNR_LCHOWN SyscallNum = __PNR_lchown
SNR_LCHOWN32 SyscallNum = __PNR_lchown32
SNR_SETGID32 SyscallNum = __PNR_setgid32
SNR_SETGROUPS32 SyscallNum = __PNR_setgroups32
SNR_SETREGID32 SyscallNum = __PNR_setregid32
SNR_SETRESGID32 SyscallNum = __PNR_setresgid32
SNR_SETRESUID32 SyscallNum = __PNR_setresuid32
SNR_SETREUID32 SyscallNum = __PNR_setreuid32
SNR_SETUID32 SyscallNum = __PNR_setuid32
SNR_MODIFY_LDT SyscallNum = __PNR_modify_ldt
SNR_SUBPAGE_PROT SyscallNum = __PNR_subpage_prot
SNR_SWITCH_ENDIAN SyscallNum = __PNR_switch_endian
SNR_VM86 SyscallNum = __PNR_vm86
SNR_VM86OLD SyscallNum = __PNR_vm86old
)

55
ext/syscall_extra_linux_riscv64.go Normal file
View File

@@ -0,0 +1,55 @@
package ext
import "syscall"
const (
SYS_NEWFSTATAT = syscall.SYS_FSTATAT
)
var syscallNumExtra = map[string]SyscallNum{
"uselib": SNR_USELIB,
"clock_adjtime64": SNR_CLOCK_ADJTIME64,
"clock_settime64": SNR_CLOCK_SETTIME64,
"umount": SNR_UMOUNT,
"chown": SNR_CHOWN,
"chown32": SNR_CHOWN32,
"fchown32": SNR_FCHOWN32,
"lchown": SNR_LCHOWN,
"lchown32": SNR_LCHOWN32,
"setgid32": SNR_SETGID32,
"setgroups32": SNR_SETGROUPS32,
"setregid32": SNR_SETREGID32,
"setresgid32": SNR_SETRESGID32,
"setresuid32": SNR_SETRESUID32,
"setreuid32": SNR_SETREUID32,
"setuid32": SNR_SETUID32,
"modify_ldt": SNR_MODIFY_LDT,
"subpage_prot": SNR_SUBPAGE_PROT,
"switch_endian": SNR_SWITCH_ENDIAN,
"vm86": SNR_VM86,
"vm86old": SNR_VM86OLD,
}
const (
SNR_USELIB SyscallNum = __PNR_uselib
SNR_CLOCK_ADJTIME64 SyscallNum = __PNR_clock_adjtime64
SNR_CLOCK_SETTIME64 SyscallNum = __PNR_clock_settime64
SNR_UMOUNT SyscallNum = __PNR_umount
SNR_CHOWN SyscallNum = __PNR_chown
SNR_CHOWN32 SyscallNum = __PNR_chown32
SNR_FCHOWN32 SyscallNum = __PNR_fchown32
SNR_LCHOWN SyscallNum = __PNR_lchown
SNR_LCHOWN32 SyscallNum = __PNR_lchown32
SNR_SETGID32 SyscallNum = __PNR_setgid32
SNR_SETGROUPS32 SyscallNum = __PNR_setgroups32
SNR_SETREGID32 SyscallNum = __PNR_setregid32
SNR_SETRESGID32 SyscallNum = __PNR_setresgid32
SNR_SETRESUID32 SyscallNum = __PNR_setresuid32
SNR_SETREUID32 SyscallNum = __PNR_setreuid32
SNR_SETUID32 SyscallNum = __PNR_setuid32
SNR_MODIFY_LDT SyscallNum = __PNR_modify_ldt
SNR_SUBPAGE_PROT SyscallNum = __PNR_subpage_prot
SNR_SWITCH_ENDIAN SyscallNum = __PNR_switch_endian
SNR_VM86 SyscallNum = __PNR_vm86
SNR_VM86OLD SyscallNum = __PNR_vm86old
)

1034
ext/syscall_linux_386.go Normal file
View File

File diff suppressed because it is too large Load Diff

837
ext/syscall_linux_amd64.go Normal file
View File

@@ -0,0 +1,837 @@
// mksysnum_linux.pl /usr/include/asm/unistd_64.h
// Code generated by the command above; DO NOT EDIT.
package ext
import . "syscall"
var syscallNum = map[string]SyscallNum{
"read": SNR_READ,
"write": SNR_WRITE,
"open": SNR_OPEN,
"close": SNR_CLOSE,
"stat": SNR_STAT,
"fstat": SNR_FSTAT,
"lstat": SNR_LSTAT,
"poll": SNR_POLL,
"lseek": SNR_LSEEK,
"mmap": SNR_MMAP,
"mprotect": SNR_MPROTECT,
"munmap": SNR_MUNMAP,
"brk": SNR_BRK,
"rt_sigaction": SNR_RT_SIGACTION,
"rt_sigprocmask": SNR_RT_SIGPROCMASK,
"rt_sigreturn": SNR_RT_SIGRETURN,
"ioctl": SNR_IOCTL,
"pread64": SNR_PREAD64,
"pwrite64": SNR_PWRITE64,
"readv": SNR_READV,
"writev": SNR_WRITEV,
"access": SNR_ACCESS,
"pipe": SNR_PIPE,
"select": SNR_SELECT,
"sched_yield": SNR_SCHED_YIELD,
"mremap": SNR_MREMAP,
"msync": SNR_MSYNC,
"mincore": SNR_MINCORE,
"madvise": SNR_MADVISE,
"shmget": SNR_SHMGET,
"shmat": SNR_SHMAT,
"shmctl": SNR_SHMCTL,
"dup": SNR_DUP,
"dup2": SNR_DUP2,
"pause": SNR_PAUSE,
"nanosleep": SNR_NANOSLEEP,
"getitimer": SNR_GETITIMER,
"alarm": SNR_ALARM,
"setitimer": SNR_SETITIMER,
"getpid": SNR_GETPID,
"sendfile": SNR_SENDFILE,
"socket": SNR_SOCKET,
"connect": SNR_CONNECT,
"accept": SNR_ACCEPT,
"sendto": SNR_SENDTO,
"recvfrom": SNR_RECVFROM,
"sendmsg": SNR_SENDMSG,
"recvmsg": SNR_RECVMSG,
"shutdown": SNR_SHUTDOWN,
"bind": SNR_BIND,
"listen": SNR_LISTEN,
"getsockname": SNR_GETSOCKNAME,
"getpeername": SNR_GETPEERNAME,
"socketpair": SNR_SOCKETPAIR,
"setsockopt": SNR_SETSOCKOPT,
"getsockopt": SNR_GETSOCKOPT,
"clone": SNR_CLONE,
"fork": SNR_FORK,
"vfork": SNR_VFORK,
"execve": SNR_EXECVE,
"exit": SNR_EXIT,
"wait4": SNR_WAIT4,
"kill": SNR_KILL,
"uname": SNR_UNAME,
"semget": SNR_SEMGET,
"semop": SNR_SEMOP,
"semctl": SNR_SEMCTL,
"shmdt": SNR_SHMDT,
"msgget": SNR_MSGGET,
"msgsnd": SNR_MSGSND,
"msgrcv": SNR_MSGRCV,
"msgctl": SNR_MSGCTL,
"fcntl": SNR_FCNTL,
"flock": SNR_FLOCK,
"fsync": SNR_FSYNC,
"fdatasync": SNR_FDATASYNC,
"truncate": SNR_TRUNCATE,
"ftruncate": SNR_FTRUNCATE,
"getdents": SNR_GETDENTS,
"getcwd": SNR_GETCWD,
"chdir": SNR_CHDIR,
"fchdir": SNR_FCHDIR,
"rename": SNR_RENAME,
"mkdir": SNR_MKDIR,
"rmdir": SNR_RMDIR,
"creat": SNR_CREAT,
"link": SNR_LINK,
"unlink": SNR_UNLINK,
"symlink": SNR_SYMLINK,
"readlink": SNR_READLINK,
"chmod": SNR_CHMOD,
"fchmod": SNR_FCHMOD,
"chown": SNR_CHOWN,
"fchown": SNR_FCHOWN,
"lchown": SNR_LCHOWN,
"umask": SNR_UMASK,
"gettimeofday": SNR_GETTIMEOFDAY,
"getrlimit": SNR_GETRLIMIT,
"getrusage": SNR_GETRUSAGE,
"sysinfo": SNR_SYSINFO,
"times": SNR_TIMES,
"ptrace": SNR_PTRACE,
"getuid": SNR_GETUID,
"syslog": SNR_SYSLOG,
"getgid": SNR_GETGID,
"setuid": SNR_SETUID,
"setgid": SNR_SETGID,
"geteuid": SNR_GETEUID,
"getegid": SNR_GETEGID,
"setpgid": SNR_SETPGID,
"getppid": SNR_GETPPID,
"getpgrp": SNR_GETPGRP,
"setsid": SNR_SETSID,
"setreuid": SNR_SETREUID,
"setregid": SNR_SETREGID,
"getgroups": SNR_GETGROUPS,
"setgroups": SNR_SETGROUPS,
"setresuid": SNR_SETRESUID,
"getresuid": SNR_GETRESUID,
"setresgid": SNR_SETRESGID,
"getresgid": SNR_GETRESGID,
"getpgid": SNR_GETPGID,
"setfsuid": SNR_SETFSUID,
"setfsgid": SNR_SETFSGID,
"getsid": SNR_GETSID,
"capget": SNR_CAPGET,
"capset": SNR_CAPSET,
"rt_sigpending": SNR_RT_SIGPENDING,
"rt_sigtimedwait": SNR_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SNR_RT_SIGQUEUEINFO,
"rt_sigsuspend": SNR_RT_SIGSUSPEND,
"sigaltstack": SNR_SIGALTSTACK,
"utime": SNR_UTIME,
"mknod": SNR_MKNOD,
"uselib": SNR_USELIB,
"personality": SNR_PERSONALITY,
"ustat": SNR_USTAT,
"statfs": SNR_STATFS,
"fstatfs": SNR_FSTATFS,
"sysfs": SNR_SYSFS,
"getpriority": SNR_GETPRIORITY,
"setpriority": SNR_SETPRIORITY,
"sched_setparam": SNR_SCHED_SETPARAM,
"sched_getparam": SNR_SCHED_GETPARAM,
"sched_setscheduler": SNR_SCHED_SETSCHEDULER,
"sched_getscheduler": SNR_SCHED_GETSCHEDULER,
"sched_get_priority_max": SNR_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SNR_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SNR_SCHED_RR_GET_INTERVAL,
"mlock": SNR_MLOCK,
"munlock": SNR_MUNLOCK,
"mlockall": SNR_MLOCKALL,
"munlockall": SNR_MUNLOCKALL,
"vhangup": SNR_VHANGUP,
"modify_ldt": SNR_MODIFY_LDT,
"pivot_root": SNR_PIVOT_ROOT,
"_sysctl": SNR__SYSCTL,
"prctl": SNR_PRCTL,
"arch_prctl": SNR_ARCH_PRCTL,
"adjtimex": SNR_ADJTIMEX,
"setrlimit": SNR_SETRLIMIT,
"chroot": SNR_CHROOT,
"sync": SNR_SYNC,
"acct": SNR_ACCT,
"settimeofday": SNR_SETTIMEOFDAY,
"mount": SNR_MOUNT,
"umount2": SNR_UMOUNT2,
"swapon": SNR_SWAPON,
"swapoff": SNR_SWAPOFF,
"reboot": SNR_REBOOT,
"sethostname": SNR_SETHOSTNAME,
"setdomainname": SNR_SETDOMAINNAME,
"iopl": SNR_IOPL,
"ioperm": SNR_IOPERM,
"create_module": SNR_CREATE_MODULE,
"init_module": SNR_INIT_MODULE,
"delete_module": SNR_DELETE_MODULE,
"get_kernel_syms": SNR_GET_KERNEL_SYMS,
"query_module": SNR_QUERY_MODULE,
"quotactl": SNR_QUOTACTL,
"nfsservctl": SNR_NFSSERVCTL,
"getpmsg": SNR_GETPMSG,
"putpmsg": SNR_PUTPMSG,
"afs_syscall": SNR_AFS_SYSCALL,
"tuxcall": SNR_TUXCALL,
"security": SNR_SECURITY,
"gettid": SNR_GETTID,
"readahead": SNR_READAHEAD,
"setxattr": SNR_SETXATTR,
"lsetxattr": SNR_LSETXATTR,
"fsetxattr": SNR_FSETXATTR,
"getxattr": SNR_GETXATTR,
"lgetxattr": SNR_LGETXATTR,
"fgetxattr": SNR_FGETXATTR,
"listxattr": SNR_LISTXATTR,
"llistxattr": SNR_LLISTXATTR,
"flistxattr": SNR_FLISTXATTR,
"removexattr": SNR_REMOVEXATTR,
"lremovexattr": SNR_LREMOVEXATTR,
"fremovexattr": SNR_FREMOVEXATTR,
"tkill": SNR_TKILL,
"time": SNR_TIME,
"futex": SNR_FUTEX,
"sched_setaffinity": SNR_SCHED_SETAFFINITY,
"sched_getaffinity": SNR_SCHED_GETAFFINITY,
"set_thread_area": SNR_SET_THREAD_AREA,
"io_setup": SNR_IO_SETUP,
"io_destroy": SNR_IO_DESTROY,
"io_getevents": SNR_IO_GETEVENTS,
"io_submit": SNR_IO_SUBMIT,
"io_cancel": SNR_IO_CANCEL,
"get_thread_area": SNR_GET_THREAD_AREA,
"lookup_dcookie": SNR_LOOKUP_DCOOKIE,
"epoll_create": SNR_EPOLL_CREATE,
"epoll_ctl_old": SNR_EPOLL_CTL_OLD,
"epoll_wait_old": SNR_EPOLL_WAIT_OLD,
"remap_file_pages": SNR_REMAP_FILE_PAGES,
"getdents64": SNR_GETDENTS64,
"set_tid_address": SNR_SET_TID_ADDRESS,
"restart_syscall": SNR_RESTART_SYSCALL,
"semtimedop": SNR_SEMTIMEDOP,
"fadvise64": SNR_FADVISE64,
"timer_create": SNR_TIMER_CREATE,
"timer_settime": SNR_TIMER_SETTIME,
"timer_gettime": SNR_TIMER_GETTIME,
"timer_getoverrun": SNR_TIMER_GETOVERRUN,
"timer_delete": SNR_TIMER_DELETE,
"clock_settime": SNR_CLOCK_SETTIME,
"clock_gettime": SNR_CLOCK_GETTIME,
"clock_getres": SNR_CLOCK_GETRES,
"clock_nanosleep": SNR_CLOCK_NANOSLEEP,
"exit_group": SNR_EXIT_GROUP,
"epoll_wait": SNR_EPOLL_WAIT,
"epoll_ctl": SNR_EPOLL_CTL,
"tgkill": SNR_TGKILL,
"utimes": SNR_UTIMES,
"vserver": SNR_VSERVER,
"mbind": SNR_MBIND,
"set_mempolicy": SNR_SET_MEMPOLICY,
"get_mempolicy": SNR_GET_MEMPOLICY,
"mq_open": SNR_MQ_OPEN,
"mq_unlink": SNR_MQ_UNLINK,
"mq_timedsend": SNR_MQ_TIMEDSEND,
"mq_timedreceive": SNR_MQ_TIMEDRECEIVE,
"mq_notify": SNR_MQ_NOTIFY,
"mq_getsetattr": SNR_MQ_GETSETATTR,
"kexec_load": SNR_KEXEC_LOAD,
"waitid": SNR_WAITID,
"add_key": SNR_ADD_KEY,
"request_key": SNR_REQUEST_KEY,
"keyctl": SNR_KEYCTL,
"ioprio_set": SNR_IOPRIO_SET,
"ioprio_get": SNR_IOPRIO_GET,
"inotify_init": SNR_INOTIFY_INIT,
"inotify_add_watch": SNR_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SNR_INOTIFY_RM_WATCH,
"migrate_pages": SNR_MIGRATE_PAGES,
"openat": SNR_OPENAT,
"mkdirat": SNR_MKDIRAT,
"mknodat": SNR_MKNODAT,
"fchownat": SNR_FCHOWNAT,
"futimesat": SNR_FUTIMESAT,
"newfstatat": SNR_NEWFSTATAT,
"unlinkat": SNR_UNLINKAT,
"renameat": SNR_RENAMEAT,
"linkat": SNR_LINKAT,
"symlinkat": SNR_SYMLINKAT,
"readlinkat": SNR_READLINKAT,
"fchmodat": SNR_FCHMODAT,
"faccessat": SNR_FACCESSAT,
"pselect6": SNR_PSELECT6,
"ppoll": SNR_PPOLL,
"unshare": SNR_UNSHARE,
"set_robust_list": SNR_SET_ROBUST_LIST,
"get_robust_list": SNR_GET_ROBUST_LIST,
"splice": SNR_SPLICE,
"tee": SNR_TEE,
"sync_file_range": SNR_SYNC_FILE_RANGE,
"vmsplice": SNR_VMSPLICE,
"move_pages": SNR_MOVE_PAGES,
"utimensat": SNR_UTIMENSAT,
"epoll_pwait": SNR_EPOLL_PWAIT,
"signalfd": SNR_SIGNALFD,
"timerfd_create": SNR_TIMERFD_CREATE,
"eventfd": SNR_EVENTFD,
"fallocate": SNR_FALLOCATE,
"timerfd_settime": SNR_TIMERFD_SETTIME,
"timerfd_gettime": SNR_TIMERFD_GETTIME,
"accept4": SNR_ACCEPT4,
"signalfd4": SNR_SIGNALFD4,
"eventfd2": SNR_EVENTFD2,
"epoll_create1": SNR_EPOLL_CREATE1,
"dup3": SNR_DUP3,
"pipe2": SNR_PIPE2,
"inotify_init1": SNR_INOTIFY_INIT1,
"preadv": SNR_PREADV,
"pwritev": SNR_PWRITEV,
"rt_tgsigqueueinfo": SNR_RT_TGSIGQUEUEINFO,
"perf_event_open": SNR_PERF_EVENT_OPEN,
"recvmmsg": SNR_RECVMMSG,
"fanotify_init": SNR_FANOTIFY_INIT,
"fanotify_mark": SNR_FANOTIFY_MARK,
"prlimit64": SNR_PRLIMIT64,
"name_to_handle_at": SNR_NAME_TO_HANDLE_AT,
"open_by_handle_at": SNR_OPEN_BY_HANDLE_AT,
"clock_adjtime": SNR_CLOCK_ADJTIME,
"syncfs": SNR_SYNCFS,
"sendmmsg": SNR_SENDMMSG,
"setns": SNR_SETNS,
"getcpu": SNR_GETCPU,
"process_vm_readv": SNR_PROCESS_VM_READV,
"process_vm_writev": SNR_PROCESS_VM_WRITEV,
"kcmp": SNR_KCMP,
"finit_module": SNR_FINIT_MODULE,
"sched_setattr": SNR_SCHED_SETATTR,
"sched_getattr": SNR_SCHED_GETATTR,
"renameat2": SNR_RENAMEAT2,
"seccomp": SNR_SECCOMP,
"getrandom": SNR_GETRANDOM,
"memfd_create": SNR_MEMFD_CREATE,
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"bpf": SNR_BPF,
"execveat": SNR_EXECVEAT,
"userfaultfd": SNR_USERFAULTFD,
"membarrier": SNR_MEMBARRIER,
"mlock2": SNR_MLOCK2,
"copy_file_range": SNR_COPY_FILE_RANGE,
"preadv2": SNR_PREADV2,
"pwritev2": SNR_PWRITEV2,
"pkey_mprotect": SNR_PKEY_MPROTECT,
"pkey_alloc": SNR_PKEY_ALLOC,
"pkey_free": SNR_PKEY_FREE,
"statx": SNR_STATX,
"io_pgetevents": SNR_IO_PGETEVENTS,
"rseq": SNR_RSEQ,
"uretprobe": SNR_URETPROBE,
"pidfd_send_signal": SNR_PIDFD_SEND_SIGNAL,
"io_uring_setup": SNR_IO_URING_SETUP,
"io_uring_enter": SNR_IO_URING_ENTER,
"io_uring_register": SNR_IO_URING_REGISTER,
"open_tree": SNR_OPEN_TREE,
"move_mount": SNR_MOVE_MOUNT,
"fsopen": SNR_FSOPEN,
"fsconfig": SNR_FSCONFIG,
"fsmount": SNR_FSMOUNT,
"fspick": SNR_FSPICK,
"pidfd_open": SNR_PIDFD_OPEN,
"clone3": SNR_CLONE3,
"close_range": SNR_CLOSE_RANGE,
"openat2": SNR_OPENAT2,
"pidfd_getfd": SNR_PIDFD_GETFD,
"faccessat2": SNR_FACCESSAT2,
"process_madvise": SNR_PROCESS_MADVISE,
"epoll_pwait2": SNR_EPOLL_PWAIT2,
"mount_setattr": SNR_MOUNT_SETATTR,
"quotactl_fd": SNR_QUOTACTL_FD,
"landlock_create_ruleset": SNR_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SNR_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SNR_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SNR_MEMFD_SECRET,
"process_mrelease": SNR_PROCESS_MRELEASE,
"futex_waitv": SNR_FUTEX_WAITV,
"set_mempolicy_home_node": SNR_SET_MEMPOLICY_HOME_NODE,
"cachestat": SNR_CACHESTAT,
"fchmodat2": SNR_FCHMODAT2,
"map_shadow_stack": SNR_MAP_SHADOW_STACK,
"futex_wake": SNR_FUTEX_WAKE,
"futex_wait": SNR_FUTEX_WAIT,
"futex_requeue": SNR_FUTEX_REQUEUE,
"statmount": SNR_STATMOUNT,
"listmount": SNR_LISTMOUNT,
"lsm_get_self_attr": SNR_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SNR_LSM_SET_SELF_ATTR,
"lsm_list_modules": SNR_LSM_LIST_MODULES,
"mseal": SNR_MSEAL,
}
const (
SYS_NAME_TO_HANDLE_AT = 303
SYS_OPEN_BY_HANDLE_AT = 304
SYS_CLOCK_ADJTIME = 305
SYS_SYNCFS = 306
SYS_SENDMMSG = 307
SYS_SETNS = 308
SYS_GETCPU = 309
SYS_PROCESS_VM_READV = 310
SYS_PROCESS_VM_WRITEV = 311
SYS_KCMP = 312
SYS_FINIT_MODULE = 313
SYS_SCHED_SETATTR = 314
SYS_SCHED_GETATTR = 315
SYS_RENAMEAT2 = 316
SYS_SECCOMP = 317
SYS_GETRANDOM = 318
SYS_MEMFD_CREATE = 319
SYS_KEXEC_FILE_LOAD = 320
SYS_BPF = 321
SYS_EXECVEAT = 322
SYS_USERFAULTFD = 323
SYS_MEMBARRIER = 324
SYS_MLOCK2 = 325
SYS_COPY_FILE_RANGE = 326
SYS_PREADV2 = 327
SYS_PWRITEV2 = 328
SYS_PKEY_MPROTECT = 329
SYS_PKEY_ALLOC = 330
SYS_PKEY_FREE = 331
SYS_STATX = 332
SYS_IO_PGETEVENTS = 333
SYS_RSEQ = 334
SYS_URETPROBE = 335
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
)
const (
SNR_READ SyscallNum = SYS_READ
SNR_WRITE SyscallNum = SYS_WRITE
SNR_OPEN SyscallNum = SYS_OPEN
SNR_CLOSE SyscallNum = SYS_CLOSE
SNR_STAT SyscallNum = SYS_STAT
SNR_FSTAT SyscallNum = SYS_FSTAT
SNR_LSTAT SyscallNum = SYS_LSTAT
SNR_POLL SyscallNum = SYS_POLL
SNR_LSEEK SyscallNum = SYS_LSEEK
SNR_MMAP SyscallNum = SYS_MMAP
SNR_MPROTECT SyscallNum = SYS_MPROTECT
SNR_MUNMAP SyscallNum = SYS_MUNMAP
SNR_BRK SyscallNum = SYS_BRK
SNR_RT_SIGACTION SyscallNum = SYS_RT_SIGACTION
SNR_RT_SIGPROCMASK SyscallNum = SYS_RT_SIGPROCMASK
SNR_RT_SIGRETURN SyscallNum = SYS_RT_SIGRETURN
SNR_IOCTL SyscallNum = SYS_IOCTL
SNR_PREAD64 SyscallNum = SYS_PREAD64
SNR_PWRITE64 SyscallNum = SYS_PWRITE64
SNR_READV SyscallNum = SYS_READV
SNR_WRITEV SyscallNum = SYS_WRITEV
SNR_ACCESS SyscallNum = SYS_ACCESS
SNR_PIPE SyscallNum = SYS_PIPE
SNR_SELECT SyscallNum = SYS_SELECT
SNR_SCHED_YIELD SyscallNum = SYS_SCHED_YIELD
SNR_MREMAP SyscallNum = SYS_MREMAP
SNR_MSYNC SyscallNum = SYS_MSYNC
SNR_MINCORE SyscallNum = SYS_MINCORE
SNR_MADVISE SyscallNum = SYS_MADVISE
SNR_SHMGET SyscallNum = SYS_SHMGET
SNR_SHMAT SyscallNum = SYS_SHMAT
SNR_SHMCTL SyscallNum = SYS_SHMCTL
SNR_DUP SyscallNum = SYS_DUP
SNR_DUP2 SyscallNum = SYS_DUP2
SNR_PAUSE SyscallNum = SYS_PAUSE
SNR_NANOSLEEP SyscallNum = SYS_NANOSLEEP
SNR_GETITIMER SyscallNum = SYS_GETITIMER
SNR_ALARM SyscallNum = SYS_ALARM
SNR_SETITIMER SyscallNum = SYS_SETITIMER
SNR_GETPID SyscallNum = SYS_GETPID
SNR_SENDFILE SyscallNum = SYS_SENDFILE
SNR_SOCKET SyscallNum = SYS_SOCKET
SNR_CONNECT SyscallNum = SYS_CONNECT
SNR_ACCEPT SyscallNum = SYS_ACCEPT
SNR_SENDTO SyscallNum = SYS_SENDTO
SNR_RECVFROM SyscallNum = SYS_RECVFROM
SNR_SENDMSG SyscallNum = SYS_SENDMSG
SNR_RECVMSG SyscallNum = SYS_RECVMSG
SNR_SHUTDOWN SyscallNum = SYS_SHUTDOWN
SNR_BIND SyscallNum = SYS_BIND
SNR_LISTEN SyscallNum = SYS_LISTEN
SNR_GETSOCKNAME SyscallNum = SYS_GETSOCKNAME
SNR_GETPEERNAME SyscallNum = SYS_GETPEERNAME
SNR_SOCKETPAIR SyscallNum = SYS_SOCKETPAIR
SNR_SETSOCKOPT SyscallNum = SYS_SETSOCKOPT
SNR_GETSOCKOPT SyscallNum = SYS_GETSOCKOPT
SNR_CLONE SyscallNum = SYS_CLONE
SNR_FORK SyscallNum = SYS_FORK
SNR_VFORK SyscallNum = SYS_VFORK
SNR_EXECVE SyscallNum = SYS_EXECVE
SNR_EXIT SyscallNum = SYS_EXIT
SNR_WAIT4 SyscallNum = SYS_WAIT4
SNR_KILL SyscallNum = SYS_KILL
SNR_UNAME SyscallNum = SYS_UNAME
SNR_SEMGET SyscallNum = SYS_SEMGET
SNR_SEMOP SyscallNum = SYS_SEMOP
SNR_SEMCTL SyscallNum = SYS_SEMCTL
SNR_SHMDT SyscallNum = SYS_SHMDT
SNR_MSGGET SyscallNum = SYS_MSGGET
SNR_MSGSND SyscallNum = SYS_MSGSND
SNR_MSGRCV SyscallNum = SYS_MSGRCV
SNR_MSGCTL SyscallNum = SYS_MSGCTL
SNR_FCNTL SyscallNum = SYS_FCNTL
SNR_FLOCK SyscallNum = SYS_FLOCK
SNR_FSYNC SyscallNum = SYS_FSYNC
SNR_FDATASYNC SyscallNum = SYS_FDATASYNC
SNR_TRUNCATE SyscallNum = SYS_TRUNCATE
SNR_FTRUNCATE SyscallNum = SYS_FTRUNCATE
SNR_GETDENTS SyscallNum = SYS_GETDENTS
SNR_GETCWD SyscallNum = SYS_GETCWD
SNR_CHDIR SyscallNum = SYS_CHDIR
SNR_FCHDIR SyscallNum = SYS_FCHDIR
SNR_RENAME SyscallNum = SYS_RENAME
SNR_MKDIR SyscallNum = SYS_MKDIR
SNR_RMDIR SyscallNum = SYS_RMDIR
SNR_CREAT SyscallNum = SYS_CREAT
SNR_LINK SyscallNum = SYS_LINK
SNR_UNLINK SyscallNum = SYS_UNLINK
SNR_SYMLINK SyscallNum = SYS_SYMLINK
SNR_READLINK SyscallNum = SYS_READLINK
SNR_CHMOD SyscallNum = SYS_CHMOD
SNR_FCHMOD SyscallNum = SYS_FCHMOD
SNR_CHOWN SyscallNum = SYS_CHOWN
SNR_FCHOWN SyscallNum = SYS_FCHOWN
SNR_LCHOWN SyscallNum = SYS_LCHOWN
SNR_UMASK SyscallNum = SYS_UMASK
SNR_GETTIMEOFDAY SyscallNum = SYS_GETTIMEOFDAY
SNR_GETRLIMIT SyscallNum = SYS_GETRLIMIT
SNR_GETRUSAGE SyscallNum = SYS_GETRUSAGE
SNR_SYSINFO SyscallNum = SYS_SYSINFO
SNR_TIMES SyscallNum = SYS_TIMES
SNR_PTRACE SyscallNum = SYS_PTRACE
SNR_GETUID SyscallNum = SYS_GETUID
SNR_SYSLOG SyscallNum = SYS_SYSLOG
SNR_GETGID SyscallNum = SYS_GETGID
SNR_SETUID SyscallNum = SYS_SETUID
SNR_SETGID SyscallNum = SYS_SETGID
SNR_GETEUID SyscallNum = SYS_GETEUID
SNR_GETEGID SyscallNum = SYS_GETEGID
SNR_SETPGID SyscallNum = SYS_SETPGID
SNR_GETPPID SyscallNum = SYS_GETPPID
SNR_GETPGRP SyscallNum = SYS_GETPGRP
SNR_SETSID SyscallNum = SYS_SETSID
SNR_SETREUID SyscallNum = SYS_SETREUID
SNR_SETREGID SyscallNum = SYS_SETREGID
SNR_GETGROUPS SyscallNum = SYS_GETGROUPS
SNR_SETGROUPS SyscallNum = SYS_SETGROUPS
SNR_SETRESUID SyscallNum = SYS_SETRESUID
SNR_GETRESUID SyscallNum = SYS_GETRESUID
SNR_SETRESGID SyscallNum = SYS_SETRESGID
SNR_GETRESGID SyscallNum = SYS_GETRESGID
SNR_GETPGID SyscallNum = SYS_GETPGID
SNR_SETFSUID SyscallNum = SYS_SETFSUID
SNR_SETFSGID SyscallNum = SYS_SETFSGID
SNR_GETSID SyscallNum = SYS_GETSID
SNR_CAPGET SyscallNum = SYS_CAPGET
SNR_CAPSET SyscallNum = SYS_CAPSET
SNR_RT_SIGPENDING SyscallNum = SYS_RT_SIGPENDING
SNR_RT_SIGTIMEDWAIT SyscallNum = SYS_RT_SIGTIMEDWAIT
SNR_RT_SIGQUEUEINFO SyscallNum = SYS_RT_SIGQUEUEINFO
SNR_RT_SIGSUSPEND SyscallNum = SYS_RT_SIGSUSPEND
SNR_SIGALTSTACK SyscallNum = SYS_SIGALTSTACK
SNR_UTIME SyscallNum = SYS_UTIME
SNR_MKNOD SyscallNum = SYS_MKNOD
SNR_USELIB SyscallNum = SYS_USELIB
SNR_PERSONALITY SyscallNum = SYS_PERSONALITY
SNR_USTAT SyscallNum = SYS_USTAT
SNR_STATFS SyscallNum = SYS_STATFS
SNR_FSTATFS SyscallNum = SYS_FSTATFS
SNR_SYSFS SyscallNum = SYS_SYSFS
SNR_GETPRIORITY SyscallNum = SYS_GETPRIORITY
SNR_SETPRIORITY SyscallNum = SYS_SETPRIORITY
SNR_SCHED_SETPARAM SyscallNum = SYS_SCHED_SETPARAM
SNR_SCHED_GETPARAM SyscallNum = SYS_SCHED_GETPARAM
SNR_SCHED_SETSCHEDULER SyscallNum = SYS_SCHED_SETSCHEDULER
SNR_SCHED_GETSCHEDULER SyscallNum = SYS_SCHED_GETSCHEDULER
SNR_SCHED_GET_PRIORITY_MAX SyscallNum = SYS_SCHED_GET_PRIORITY_MAX
SNR_SCHED_GET_PRIORITY_MIN SyscallNum = SYS_SCHED_GET_PRIORITY_MIN
SNR_SCHED_RR_GET_INTERVAL SyscallNum = SYS_SCHED_RR_GET_INTERVAL
SNR_MLOCK SyscallNum = SYS_MLOCK
SNR_MUNLOCK SyscallNum = SYS_MUNLOCK
SNR_MLOCKALL SyscallNum = SYS_MLOCKALL
SNR_MUNLOCKALL SyscallNum = SYS_MUNLOCKALL
SNR_VHANGUP SyscallNum = SYS_VHANGUP
SNR_MODIFY_LDT SyscallNum = SYS_MODIFY_LDT
SNR_PIVOT_ROOT SyscallNum = SYS_PIVOT_ROOT
SNR__SYSCTL SyscallNum = SYS__SYSCTL
SNR_PRCTL SyscallNum = SYS_PRCTL
SNR_ARCH_PRCTL SyscallNum = SYS_ARCH_PRCTL
SNR_ADJTIMEX SyscallNum = SYS_ADJTIMEX
SNR_SETRLIMIT SyscallNum = SYS_SETRLIMIT
SNR_CHROOT SyscallNum = SYS_CHROOT
SNR_SYNC SyscallNum = SYS_SYNC
SNR_ACCT SyscallNum = SYS_ACCT
SNR_SETTIMEOFDAY SyscallNum = SYS_SETTIMEOFDAY
SNR_MOUNT SyscallNum = SYS_MOUNT
SNR_UMOUNT2 SyscallNum = SYS_UMOUNT2
SNR_SWAPON SyscallNum = SYS_SWAPON
SNR_SWAPOFF SyscallNum = SYS_SWAPOFF
SNR_REBOOT SyscallNum = SYS_REBOOT
SNR_SETHOSTNAME SyscallNum = SYS_SETHOSTNAME
SNR_SETDOMAINNAME SyscallNum = SYS_SETDOMAINNAME
SNR_IOPL SyscallNum = SYS_IOPL
SNR_IOPERM SyscallNum = SYS_IOPERM
SNR_CREATE_MODULE SyscallNum = SYS_CREATE_MODULE
SNR_INIT_MODULE SyscallNum = SYS_INIT_MODULE
SNR_DELETE_MODULE SyscallNum = SYS_DELETE_MODULE
SNR_GET_KERNEL_SYMS SyscallNum = SYS_GET_KERNEL_SYMS
SNR_QUERY_MODULE SyscallNum = SYS_QUERY_MODULE
SNR_QUOTACTL SyscallNum = SYS_QUOTACTL
SNR_NFSSERVCTL SyscallNum = SYS_NFSSERVCTL
SNR_GETPMSG SyscallNum = SYS_GETPMSG
SNR_PUTPMSG SyscallNum = SYS_PUTPMSG
SNR_AFS_SYSCALL SyscallNum = SYS_AFS_SYSCALL
SNR_TUXCALL SyscallNum = SYS_TUXCALL
SNR_SECURITY SyscallNum = SYS_SECURITY
SNR_GETTID SyscallNum = SYS_GETTID
SNR_READAHEAD SyscallNum = SYS_READAHEAD
SNR_SETXATTR SyscallNum = SYS_SETXATTR
SNR_LSETXATTR SyscallNum = SYS_LSETXATTR
SNR_FSETXATTR SyscallNum = SYS_FSETXATTR
SNR_GETXATTR SyscallNum = SYS_GETXATTR
SNR_LGETXATTR SyscallNum = SYS_LGETXATTR
SNR_FGETXATTR SyscallNum = SYS_FGETXATTR
SNR_LISTXATTR SyscallNum = SYS_LISTXATTR
SNR_LLISTXATTR SyscallNum = SYS_LLISTXATTR
SNR_FLISTXATTR SyscallNum = SYS_FLISTXATTR
SNR_REMOVEXATTR SyscallNum = SYS_REMOVEXATTR
SNR_LREMOVEXATTR SyscallNum = SYS_LREMOVEXATTR
SNR_FREMOVEXATTR SyscallNum = SYS_FREMOVEXATTR
SNR_TKILL SyscallNum = SYS_TKILL
SNR_TIME SyscallNum = SYS_TIME
SNR_FUTEX SyscallNum = SYS_FUTEX
SNR_SCHED_SETAFFINITY SyscallNum = SYS_SCHED_SETAFFINITY
SNR_SCHED_GETAFFINITY SyscallNum = SYS_SCHED_GETAFFINITY
SNR_SET_THREAD_AREA SyscallNum = SYS_SET_THREAD_AREA
SNR_IO_SETUP SyscallNum = SYS_IO_SETUP
SNR_IO_DESTROY SyscallNum = SYS_IO_DESTROY
SNR_IO_GETEVENTS SyscallNum = SYS_IO_GETEVENTS
SNR_IO_SUBMIT SyscallNum = SYS_IO_SUBMIT
SNR_IO_CANCEL SyscallNum = SYS_IO_CANCEL
SNR_GET_THREAD_AREA SyscallNum = SYS_GET_THREAD_AREA
SNR_LOOKUP_DCOOKIE SyscallNum = SYS_LOOKUP_DCOOKIE
SNR_EPOLL_CREATE SyscallNum = SYS_EPOLL_CREATE
SNR_EPOLL_CTL_OLD SyscallNum = SYS_EPOLL_CTL_OLD
SNR_EPOLL_WAIT_OLD SyscallNum = SYS_EPOLL_WAIT_OLD
SNR_REMAP_FILE_PAGES SyscallNum = SYS_REMAP_FILE_PAGES
SNR_GETDENTS64 SyscallNum = SYS_GETDENTS64
SNR_SET_TID_ADDRESS SyscallNum = SYS_SET_TID_ADDRESS
SNR_RESTART_SYSCALL SyscallNum = SYS_RESTART_SYSCALL
SNR_SEMTIMEDOP SyscallNum = SYS_SEMTIMEDOP
SNR_FADVISE64 SyscallNum = SYS_FADVISE64
SNR_TIMER_CREATE SyscallNum = SYS_TIMER_CREATE
SNR_TIMER_SETTIME SyscallNum = SYS_TIMER_SETTIME
SNR_TIMER_GETTIME SyscallNum = SYS_TIMER_GETTIME
SNR_TIMER_GETOVERRUN SyscallNum = SYS_TIMER_GETOVERRUN
SNR_TIMER_DELETE SyscallNum = SYS_TIMER_DELETE
SNR_CLOCK_SETTIME SyscallNum = SYS_CLOCK_SETTIME
SNR_CLOCK_GETTIME SyscallNum = SYS_CLOCK_GETTIME
SNR_CLOCK_GETRES SyscallNum = SYS_CLOCK_GETRES
SNR_CLOCK_NANOSLEEP SyscallNum = SYS_CLOCK_NANOSLEEP
SNR_EXIT_GROUP SyscallNum = SYS_EXIT_GROUP
SNR_EPOLL_WAIT SyscallNum = SYS_EPOLL_WAIT
SNR_EPOLL_CTL SyscallNum = SYS_EPOLL_CTL
SNR_TGKILL SyscallNum = SYS_TGKILL
SNR_UTIMES SyscallNum = SYS_UTIMES
SNR_VSERVER SyscallNum = SYS_VSERVER
SNR_MBIND SyscallNum = SYS_MBIND
SNR_SET_MEMPOLICY SyscallNum = SYS_SET_MEMPOLICY
SNR_GET_MEMPOLICY SyscallNum = SYS_GET_MEMPOLICY
SNR_MQ_OPEN SyscallNum = SYS_MQ_OPEN
SNR_MQ_UNLINK SyscallNum = SYS_MQ_UNLINK
SNR_MQ_TIMEDSEND SyscallNum = SYS_MQ_TIMEDSEND
SNR_MQ_TIMEDRECEIVE SyscallNum = SYS_MQ_TIMEDRECEIVE
SNR_MQ_NOTIFY SyscallNum = SYS_MQ_NOTIFY
SNR_MQ_GETSETATTR SyscallNum = SYS_MQ_GETSETATTR
SNR_KEXEC_LOAD SyscallNum = SYS_KEXEC_LOAD
SNR_WAITID SyscallNum = SYS_WAITID
SNR_ADD_KEY SyscallNum = SYS_ADD_KEY
SNR_REQUEST_KEY SyscallNum = SYS_REQUEST_KEY
SNR_KEYCTL SyscallNum = SYS_KEYCTL
SNR_IOPRIO_SET SyscallNum = SYS_IOPRIO_SET
SNR_IOPRIO_GET SyscallNum = SYS_IOPRIO_GET
SNR_INOTIFY_INIT SyscallNum = SYS_INOTIFY_INIT
SNR_INOTIFY_ADD_WATCH SyscallNum = SYS_INOTIFY_ADD_WATCH
SNR_INOTIFY_RM_WATCH SyscallNum = SYS_INOTIFY_RM_WATCH
SNR_MIGRATE_PAGES SyscallNum = SYS_MIGRATE_PAGES
SNR_OPENAT SyscallNum = SYS_OPENAT
SNR_MKDIRAT SyscallNum = SYS_MKDIRAT
SNR_MKNODAT SyscallNum = SYS_MKNODAT
SNR_FCHOWNAT SyscallNum = SYS_FCHOWNAT
SNR_FUTIMESAT SyscallNum = SYS_FUTIMESAT
SNR_NEWFSTATAT SyscallNum = SYS_NEWFSTATAT
SNR_UNLINKAT SyscallNum = SYS_UNLINKAT
SNR_RENAMEAT SyscallNum = SYS_RENAMEAT
SNR_LINKAT SyscallNum = SYS_LINKAT
SNR_SYMLINKAT SyscallNum = SYS_SYMLINKAT
SNR_READLINKAT SyscallNum = SYS_READLINKAT
SNR_FCHMODAT SyscallNum = SYS_FCHMODAT
SNR_FACCESSAT SyscallNum = SYS_FACCESSAT
SNR_PSELECT6 SyscallNum = SYS_PSELECT6
SNR_PPOLL SyscallNum = SYS_PPOLL
SNR_UNSHARE SyscallNum = SYS_UNSHARE
SNR_SET_ROBUST_LIST SyscallNum = SYS_SET_ROBUST_LIST
SNR_GET_ROBUST_LIST SyscallNum = SYS_GET_ROBUST_LIST
SNR_SPLICE SyscallNum = SYS_SPLICE
SNR_TEE SyscallNum = SYS_TEE
SNR_SYNC_FILE_RANGE SyscallNum = SYS_SYNC_FILE_RANGE
SNR_VMSPLICE SyscallNum = SYS_VMSPLICE
SNR_MOVE_PAGES SyscallNum = SYS_MOVE_PAGES
SNR_UTIMENSAT SyscallNum = SYS_UTIMENSAT
SNR_EPOLL_PWAIT SyscallNum = SYS_EPOLL_PWAIT
SNR_SIGNALFD SyscallNum = SYS_SIGNALFD
SNR_TIMERFD_CREATE SyscallNum = SYS_TIMERFD_CREATE
SNR_EVENTFD SyscallNum = SYS_EVENTFD
SNR_FALLOCATE SyscallNum = SYS_FALLOCATE
SNR_TIMERFD_SETTIME SyscallNum = SYS_TIMERFD_SETTIME
SNR_TIMERFD_GETTIME SyscallNum = SYS_TIMERFD_GETTIME
SNR_ACCEPT4 SyscallNum = SYS_ACCEPT4
SNR_SIGNALFD4 SyscallNum = SYS_SIGNALFD4
SNR_EVENTFD2 SyscallNum = SYS_EVENTFD2
SNR_EPOLL_CREATE1 SyscallNum = SYS_EPOLL_CREATE1
SNR_DUP3 SyscallNum = SYS_DUP3
SNR_PIPE2 SyscallNum = SYS_PIPE2
SNR_INOTIFY_INIT1 SyscallNum = SYS_INOTIFY_INIT1
SNR_PREADV SyscallNum = SYS_PREADV
SNR_PWRITEV SyscallNum = SYS_PWRITEV
SNR_RT_TGSIGQUEUEINFO SyscallNum = SYS_RT_TGSIGQUEUEINFO
SNR_PERF_EVENT_OPEN SyscallNum = SYS_PERF_EVENT_OPEN
SNR_RECVMMSG SyscallNum = SYS_RECVMMSG
SNR_FANOTIFY_INIT SyscallNum = SYS_FANOTIFY_INIT
SNR_FANOTIFY_MARK SyscallNum = SYS_FANOTIFY_MARK
SNR_PRLIMIT64 SyscallNum = SYS_PRLIMIT64
SNR_NAME_TO_HANDLE_AT SyscallNum = SYS_NAME_TO_HANDLE_AT
SNR_OPEN_BY_HANDLE_AT SyscallNum = SYS_OPEN_BY_HANDLE_AT
SNR_CLOCK_ADJTIME SyscallNum = SYS_CLOCK_ADJTIME
SNR_SYNCFS SyscallNum = SYS_SYNCFS
SNR_SENDMMSG SyscallNum = SYS_SENDMMSG
SNR_SETNS SyscallNum = SYS_SETNS
SNR_GETCPU SyscallNum = SYS_GETCPU
SNR_PROCESS_VM_READV SyscallNum = SYS_PROCESS_VM_READV
SNR_PROCESS_VM_WRITEV SyscallNum = SYS_PROCESS_VM_WRITEV
SNR_KCMP SyscallNum = SYS_KCMP
SNR_FINIT_MODULE SyscallNum = SYS_FINIT_MODULE
SNR_SCHED_SETATTR SyscallNum = SYS_SCHED_SETATTR
SNR_SCHED_GETATTR SyscallNum = SYS_SCHED_GETATTR
SNR_RENAMEAT2 SyscallNum = SYS_RENAMEAT2
SNR_SECCOMP SyscallNum = SYS_SECCOMP
SNR_GETRANDOM SyscallNum = SYS_GETRANDOM
SNR_MEMFD_CREATE SyscallNum = SYS_MEMFD_CREATE
SNR_KEXEC_FILE_LOAD SyscallNum = SYS_KEXEC_FILE_LOAD
SNR_BPF SyscallNum = SYS_BPF
SNR_EXECVEAT SyscallNum = SYS_EXECVEAT
SNR_USERFAULTFD SyscallNum = SYS_USERFAULTFD
SNR_MEMBARRIER SyscallNum = SYS_MEMBARRIER
SNR_MLOCK2 SyscallNum = SYS_MLOCK2
SNR_COPY_FILE_RANGE SyscallNum = SYS_COPY_FILE_RANGE
SNR_PREADV2 SyscallNum = SYS_PREADV2
SNR_PWRITEV2 SyscallNum = SYS_PWRITEV2
SNR_PKEY_MPROTECT SyscallNum = SYS_PKEY_MPROTECT
SNR_PKEY_ALLOC SyscallNum = SYS_PKEY_ALLOC
SNR_PKEY_FREE SyscallNum = SYS_PKEY_FREE
SNR_STATX SyscallNum = SYS_STATX
SNR_IO_PGETEVENTS SyscallNum = SYS_IO_PGETEVENTS
SNR_RSEQ SyscallNum = SYS_RSEQ
SNR_URETPROBE SyscallNum = SYS_URETPROBE
SNR_PIDFD_SEND_SIGNAL SyscallNum = SYS_PIDFD_SEND_SIGNAL
SNR_IO_URING_SETUP SyscallNum = SYS_IO_URING_SETUP
SNR_IO_URING_ENTER SyscallNum = SYS_IO_URING_ENTER
SNR_IO_URING_REGISTER SyscallNum = SYS_IO_URING_REGISTER
SNR_OPEN_TREE SyscallNum = SYS_OPEN_TREE
SNR_MOVE_MOUNT SyscallNum = SYS_MOVE_MOUNT
SNR_FSOPEN SyscallNum = SYS_FSOPEN
SNR_FSCONFIG SyscallNum = SYS_FSCONFIG
SNR_FSMOUNT SyscallNum = SYS_FSMOUNT
SNR_FSPICK SyscallNum = SYS_FSPICK
SNR_PIDFD_OPEN SyscallNum = SYS_PIDFD_OPEN
SNR_CLONE3 SyscallNum = SYS_CLONE3
SNR_CLOSE_RANGE SyscallNum = SYS_CLOSE_RANGE
SNR_OPENAT2 SyscallNum = SYS_OPENAT2
SNR_PIDFD_GETFD SyscallNum = SYS_PIDFD_GETFD
SNR_FACCESSAT2 SyscallNum = SYS_FACCESSAT2
SNR_PROCESS_MADVISE SyscallNum = SYS_PROCESS_MADVISE
SNR_EPOLL_PWAIT2 SyscallNum = SYS_EPOLL_PWAIT2
SNR_MOUNT_SETATTR SyscallNum = SYS_MOUNT_SETATTR
SNR_QUOTACTL_FD SyscallNum = SYS_QUOTACTL_FD
SNR_LANDLOCK_CREATE_RULESET SyscallNum = SYS_LANDLOCK_CREATE_RULESET
SNR_LANDLOCK_ADD_RULE SyscallNum = SYS_LANDLOCK_ADD_RULE
SNR_LANDLOCK_RESTRICT_SELF SyscallNum = SYS_LANDLOCK_RESTRICT_SELF
SNR_MEMFD_SECRET SyscallNum = SYS_MEMFD_SECRET
SNR_PROCESS_MRELEASE SyscallNum = SYS_PROCESS_MRELEASE
SNR_FUTEX_WAITV SyscallNum = SYS_FUTEX_WAITV
SNR_SET_MEMPOLICY_HOME_NODE SyscallNum = SYS_SET_MEMPOLICY_HOME_NODE
SNR_CACHESTAT SyscallNum = SYS_CACHESTAT
SNR_FCHMODAT2 SyscallNum = SYS_FCHMODAT2
SNR_MAP_SHADOW_STACK SyscallNum = SYS_MAP_SHADOW_STACK
SNR_FUTEX_WAKE SyscallNum = SYS_FUTEX_WAKE
SNR_FUTEX_WAIT SyscallNum = SYS_FUTEX_WAIT
SNR_FUTEX_REQUEUE SyscallNum = SYS_FUTEX_REQUEUE
SNR_STATMOUNT SyscallNum = SYS_STATMOUNT
SNR_LISTMOUNT SyscallNum = SYS_LISTMOUNT
SNR_LSM_GET_SELF_ATTR SyscallNum = SYS_LSM_GET_SELF_ATTR
SNR_LSM_SET_SELF_ATTR SyscallNum = SYS_LSM_SET_SELF_ATTR
SNR_LSM_LIST_MODULES SyscallNum = SYS_LSM_LIST_MODULES
SNR_MSEAL SyscallNum = SYS_MSEAL
)

703
ext/syscall_linux_arm64.go Normal file
View File

@@ -0,0 +1,703 @@
// mksysnum_linux.pl /usr/include/asm/unistd_64.h
// Code generated by the command above; DO NOT EDIT.
package ext
import . "syscall"
var syscallNum = map[string]SyscallNum{
"io_setup": SNR_IO_SETUP,
"io_destroy": SNR_IO_DESTROY,
"io_submit": SNR_IO_SUBMIT,
"io_cancel": SNR_IO_CANCEL,
"io_getevents": SNR_IO_GETEVENTS,
"setxattr": SNR_SETXATTR,
"lsetxattr": SNR_LSETXATTR,
"fsetxattr": SNR_FSETXATTR,
"getxattr": SNR_GETXATTR,
"lgetxattr": SNR_LGETXATTR,
"fgetxattr": SNR_FGETXATTR,
"listxattr": SNR_LISTXATTR,
"llistxattr": SNR_LLISTXATTR,
"flistxattr": SNR_FLISTXATTR,
"removexattr": SNR_REMOVEXATTR,
"lremovexattr": SNR_LREMOVEXATTR,
"fremovexattr": SNR_FREMOVEXATTR,
"getcwd": SNR_GETCWD,
"lookup_dcookie": SNR_LOOKUP_DCOOKIE,
"eventfd2": SNR_EVENTFD2,
"epoll_create1": SNR_EPOLL_CREATE1,
"epoll_ctl": SNR_EPOLL_CTL,
"epoll_pwait": SNR_EPOLL_PWAIT,
"dup": SNR_DUP,
"dup3": SNR_DUP3,
"fcntl": SNR_FCNTL,
"inotify_init1": SNR_INOTIFY_INIT1,
"inotify_add_watch": SNR_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SNR_INOTIFY_RM_WATCH,
"ioctl": SNR_IOCTL,
"ioprio_set": SNR_IOPRIO_SET,
"ioprio_get": SNR_IOPRIO_GET,
"flock": SNR_FLOCK,
"mknodat": SNR_MKNODAT,
"mkdirat": SNR_MKDIRAT,
"unlinkat": SNR_UNLINKAT,
"symlinkat": SNR_SYMLINKAT,
"linkat": SNR_LINKAT,
"renameat": SNR_RENAMEAT,
"umount2": SNR_UMOUNT2,
"mount": SNR_MOUNT,
"pivot_root": SNR_PIVOT_ROOT,
"nfsservctl": SNR_NFSSERVCTL,
"statfs": SNR_STATFS,
"fstatfs": SNR_FSTATFS,
"truncate": SNR_TRUNCATE,
"ftruncate": SNR_FTRUNCATE,
"fallocate": SNR_FALLOCATE,
"faccessat": SNR_FACCESSAT,
"chdir": SNR_CHDIR,
"fchdir": SNR_FCHDIR,
"chroot": SNR_CHROOT,
"fchmod": SNR_FCHMOD,
"fchmodat": SNR_FCHMODAT,
"fchownat": SNR_FCHOWNAT,
"fchown": SNR_FCHOWN,
"openat": SNR_OPENAT,
"close": SNR_CLOSE,
"vhangup": SNR_VHANGUP,
"pipe2": SNR_PIPE2,
"quotactl": SNR_QUOTACTL,
"getdents64": SNR_GETDENTS64,
"lseek": SNR_LSEEK,
"read": SNR_READ,
"write": SNR_WRITE,
"readv": SNR_READV,
"writev": SNR_WRITEV,
"pread64": SNR_PREAD64,
"pwrite64": SNR_PWRITE64,
"preadv": SNR_PREADV,
"pwritev": SNR_PWRITEV,
"sendfile": SNR_SENDFILE,
"pselect6": SNR_PSELECT6,
"ppoll": SNR_PPOLL,
"signalfd4": SNR_SIGNALFD4,
"vmsplice": SNR_VMSPLICE,
"splice": SNR_SPLICE,
"tee": SNR_TEE,
"readlinkat": SNR_READLINKAT,
"newfstatat": SNR_NEWFSTATAT,
"fstat": SNR_FSTAT,
"sync": SNR_SYNC,
"fsync": SNR_FSYNC,
"fdatasync": SNR_FDATASYNC,
"sync_file_range": SNR_SYNC_FILE_RANGE,
"timerfd_create": SNR_TIMERFD_CREATE,
"timerfd_settime": SNR_TIMERFD_SETTIME,
"timerfd_gettime": SNR_TIMERFD_GETTIME,
"utimensat": SNR_UTIMENSAT,
"acct": SNR_ACCT,
"capget": SNR_CAPGET,
"capset": SNR_CAPSET,
"personality": SNR_PERSONALITY,
"exit": SNR_EXIT,
"exit_group": SNR_EXIT_GROUP,
"waitid": SNR_WAITID,
"set_tid_address": SNR_SET_TID_ADDRESS,
"unshare": SNR_UNSHARE,
"futex": SNR_FUTEX,
"set_robust_list": SNR_SET_ROBUST_LIST,
"get_robust_list": SNR_GET_ROBUST_LIST,
"nanosleep": SNR_NANOSLEEP,
"getitimer": SNR_GETITIMER,
"setitimer": SNR_SETITIMER,
"kexec_load": SNR_KEXEC_LOAD,
"init_module": SNR_INIT_MODULE,
"delete_module": SNR_DELETE_MODULE,
"timer_create": SNR_TIMER_CREATE,
"timer_gettime": SNR_TIMER_GETTIME,
"timer_getoverrun": SNR_TIMER_GETOVERRUN,
"timer_settime": SNR_TIMER_SETTIME,
"timer_delete": SNR_TIMER_DELETE,
"clock_settime": SNR_CLOCK_SETTIME,
"clock_gettime": SNR_CLOCK_GETTIME,
"clock_getres": SNR_CLOCK_GETRES,
"clock_nanosleep": SNR_CLOCK_NANOSLEEP,
"syslog": SNR_SYSLOG,
"ptrace": SNR_PTRACE,
"sched_setparam": SNR_SCHED_SETPARAM,
"sched_setscheduler": SNR_SCHED_SETSCHEDULER,
"sched_getscheduler": SNR_SCHED_GETSCHEDULER,
"sched_getparam": SNR_SCHED_GETPARAM,
"sched_setaffinity": SNR_SCHED_SETAFFINITY,
"sched_getaffinity": SNR_SCHED_GETAFFINITY,
"sched_yield": SNR_SCHED_YIELD,
"sched_get_priority_max": SNR_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SNR_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SNR_SCHED_RR_GET_INTERVAL,
"restart_syscall": SNR_RESTART_SYSCALL,
"kill": SNR_KILL,
"tkill": SNR_TKILL,
"tgkill": SNR_TGKILL,
"sigaltstack": SNR_SIGALTSTACK,
"rt_sigsuspend": SNR_RT_SIGSUSPEND,
"rt_sigaction": SNR_RT_SIGACTION,
"rt_sigprocmask": SNR_RT_SIGPROCMASK,
"rt_sigpending": SNR_RT_SIGPENDING,
"rt_sigtimedwait": SNR_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SNR_RT_SIGQUEUEINFO,
"rt_sigreturn": SNR_RT_SIGRETURN,
"setpriority": SNR_SETPRIORITY,
"getpriority": SNR_GETPRIORITY,
"reboot": SNR_REBOOT,
"setregid": SNR_SETREGID,
"setgid": SNR_SETGID,
"setreuid": SNR_SETREUID,
"setuid": SNR_SETUID,
"setresuid": SNR_SETRESUID,
"getresuid": SNR_GETRESUID,
"setresgid": SNR_SETRESGID,
"getresgid": SNR_GETRESGID,
"setfsuid": SNR_SETFSUID,
"setfsgid": SNR_SETFSGID,
"times": SNR_TIMES,
"setpgid": SNR_SETPGID,
"getpgid": SNR_GETPGID,
"getsid": SNR_GETSID,
"setsid": SNR_SETSID,
"getgroups": SNR_GETGROUPS,
"setgroups": SNR_SETGROUPS,
"uname": SNR_UNAME,
"sethostname": SNR_SETHOSTNAME,
"setdomainname": SNR_SETDOMAINNAME,
"getrlimit": SNR_GETRLIMIT,
"setrlimit": SNR_SETRLIMIT,
"getrusage": SNR_GETRUSAGE,
"umask": SNR_UMASK,
"prctl": SNR_PRCTL,
"getcpu": SNR_GETCPU,
"gettimeofday": SNR_GETTIMEOFDAY,
"settimeofday": SNR_SETTIMEOFDAY,
"adjtimex": SNR_ADJTIMEX,
"getpid": SNR_GETPID,
"getppid": SNR_GETPPID,
"getuid": SNR_GETUID,
"geteuid": SNR_GETEUID,
"getgid": SNR_GETGID,
"getegid": SNR_GETEGID,
"gettid": SNR_GETTID,
"sysinfo": SNR_SYSINFO,
"mq_open": SNR_MQ_OPEN,
"mq_unlink": SNR_MQ_UNLINK,
"mq_timedsend": SNR_MQ_TIMEDSEND,
"mq_timedreceive": SNR_MQ_TIMEDRECEIVE,
"mq_notify": SNR_MQ_NOTIFY,
"mq_getsetattr": SNR_MQ_GETSETATTR,
"msgget": SNR_MSGGET,
"msgctl": SNR_MSGCTL,
"msgrcv": SNR_MSGRCV,
"msgsnd": SNR_MSGSND,
"semget": SNR_SEMGET,
"semctl": SNR_SEMCTL,
"semtimedop": SNR_SEMTIMEDOP,
"semop": SNR_SEMOP,
"shmget": SNR_SHMGET,
"shmctl": SNR_SHMCTL,
"shmat": SNR_SHMAT,
"shmdt": SNR_SHMDT,
"socket": SNR_SOCKET,
"socketpair": SNR_SOCKETPAIR,
"bind": SNR_BIND,
"listen": SNR_LISTEN,
"accept": SNR_ACCEPT,
"connect": SNR_CONNECT,
"getsockname": SNR_GETSOCKNAME,
"getpeername": SNR_GETPEERNAME,
"sendto": SNR_SENDTO,
"recvfrom": SNR_RECVFROM,
"setsockopt": SNR_SETSOCKOPT,
"getsockopt": SNR_GETSOCKOPT,
"shutdown": SNR_SHUTDOWN,
"sendmsg": SNR_SENDMSG,
"recvmsg": SNR_RECVMSG,
"readahead": SNR_READAHEAD,
"brk": SNR_BRK,
"munmap": SNR_MUNMAP,
"mremap": SNR_MREMAP,
"add_key": SNR_ADD_KEY,
"request_key": SNR_REQUEST_KEY,
"keyctl": SNR_KEYCTL,
"clone": SNR_CLONE,
"execve": SNR_EXECVE,
"mmap": SNR_MMAP,
"fadvise64": SNR_FADVISE64,
"swapon": SNR_SWAPON,
"swapoff": SNR_SWAPOFF,
"mprotect": SNR_MPROTECT,
"msync": SNR_MSYNC,
"mlock": SNR_MLOCK,
"munlock": SNR_MUNLOCK,
"mlockall": SNR_MLOCKALL,
"munlockall": SNR_MUNLOCKALL,
"mincore": SNR_MINCORE,
"madvise": SNR_MADVISE,
"remap_file_pages": SNR_REMAP_FILE_PAGES,
"mbind": SNR_MBIND,
"get_mempolicy": SNR_GET_MEMPOLICY,
"set_mempolicy": SNR_SET_MEMPOLICY,
"migrate_pages": SNR_MIGRATE_PAGES,
"move_pages": SNR_MOVE_PAGES,
"rt_tgsigqueueinfo": SNR_RT_TGSIGQUEUEINFO,
"perf_event_open": SNR_PERF_EVENT_OPEN,
"accept4": SNR_ACCEPT4,
"recvmmsg": SNR_RECVMMSG,
"wait4": SNR_WAIT4,
"prlimit64": SNR_PRLIMIT64,
"fanotify_init": SNR_FANOTIFY_INIT,
"fanotify_mark": SNR_FANOTIFY_MARK,
"name_to_handle_at": SNR_NAME_TO_HANDLE_AT,
"open_by_handle_at": SNR_OPEN_BY_HANDLE_AT,
"clock_adjtime": SNR_CLOCK_ADJTIME,
"syncfs": SNR_SYNCFS,
"setns": SNR_SETNS,
"sendmmsg": SNR_SENDMMSG,
"process_vm_readv": SNR_PROCESS_VM_READV,
"process_vm_writev": SNR_PROCESS_VM_WRITEV,
"kcmp": SNR_KCMP,
"finit_module": SNR_FINIT_MODULE,
"sched_setattr": SNR_SCHED_SETATTR,
"sched_getattr": SNR_SCHED_GETATTR,
"renameat2": SNR_RENAMEAT2,
"seccomp": SNR_SECCOMP,
"getrandom": SNR_GETRANDOM,
"memfd_create": SNR_MEMFD_CREATE,
"bpf": SNR_BPF,
"execveat": SNR_EXECVEAT,
"userfaultfd": SNR_USERFAULTFD,
"membarrier": SNR_MEMBARRIER,
"mlock2": SNR_MLOCK2,
"copy_file_range": SNR_COPY_FILE_RANGE,
"preadv2": SNR_PREADV2,
"pwritev2": SNR_PWRITEV2,
"pkey_mprotect": SNR_PKEY_MPROTECT,
"pkey_alloc": SNR_PKEY_ALLOC,
"pkey_free": SNR_PKEY_FREE,
"statx": SNR_STATX,
"io_pgetevents": SNR_IO_PGETEVENTS,
"rseq": SNR_RSEQ,
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"pidfd_send_signal": SNR_PIDFD_SEND_SIGNAL,
"io_uring_setup": SNR_IO_URING_SETUP,
"io_uring_enter": SNR_IO_URING_ENTER,
"io_uring_register": SNR_IO_URING_REGISTER,
"open_tree": SNR_OPEN_TREE,
"move_mount": SNR_MOVE_MOUNT,
"fsopen": SNR_FSOPEN,
"fsconfig": SNR_FSCONFIG,
"fsmount": SNR_FSMOUNT,
"fspick": SNR_FSPICK,
"pidfd_open": SNR_PIDFD_OPEN,
"clone3": SNR_CLONE3,
"close_range": SNR_CLOSE_RANGE,
"openat2": SNR_OPENAT2,
"pidfd_getfd": SNR_PIDFD_GETFD,
"faccessat2": SNR_FACCESSAT2,
"process_madvise": SNR_PROCESS_MADVISE,
"epoll_pwait2": SNR_EPOLL_PWAIT2,
"mount_setattr": SNR_MOUNT_SETATTR,
"quotactl_fd": SNR_QUOTACTL_FD,
"landlock_create_ruleset": SNR_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SNR_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SNR_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SNR_MEMFD_SECRET,
"process_mrelease": SNR_PROCESS_MRELEASE,
"futex_waitv": SNR_FUTEX_WAITV,
"set_mempolicy_home_node": SNR_SET_MEMPOLICY_HOME_NODE,
"cachestat": SNR_CACHESTAT,
"fchmodat2": SNR_FCHMODAT2,
"map_shadow_stack": SNR_MAP_SHADOW_STACK,
"futex_wake": SNR_FUTEX_WAKE,
"futex_wait": SNR_FUTEX_WAIT,
"futex_requeue": SNR_FUTEX_REQUEUE,
"statmount": SNR_STATMOUNT,
"listmount": SNR_LISTMOUNT,
"lsm_get_self_attr": SNR_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SNR_LSM_SET_SELF_ATTR,
"lsm_list_modules": SNR_LSM_LIST_MODULES,
"mseal": SNR_MSEAL,
}
const (
SYS_USERFAULTFD = 282
SYS_MEMBARRIER = 283
SYS_MLOCK2 = 284
SYS_COPY_FILE_RANGE = 285
SYS_PREADV2 = 286
SYS_PWRITEV2 = 287
SYS_PKEY_MPROTECT = 288
SYS_PKEY_ALLOC = 289
SYS_PKEY_FREE = 290
SYS_STATX = 291
SYS_IO_PGETEVENTS = 292
SYS_RSEQ = 293
SYS_KEXEC_FILE_LOAD = 294
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
)
const (
SNR_IO_SETUP SyscallNum = SYS_IO_SETUP
SNR_IO_DESTROY SyscallNum = SYS_IO_DESTROY
SNR_IO_SUBMIT SyscallNum = SYS_IO_SUBMIT
SNR_IO_CANCEL SyscallNum = SYS_IO_CANCEL
SNR_IO_GETEVENTS SyscallNum = SYS_IO_GETEVENTS
SNR_SETXATTR SyscallNum = SYS_SETXATTR
SNR_LSETXATTR SyscallNum = SYS_LSETXATTR
SNR_FSETXATTR SyscallNum = SYS_FSETXATTR
SNR_GETXATTR SyscallNum = SYS_GETXATTR
SNR_LGETXATTR SyscallNum = SYS_LGETXATTR
SNR_FGETXATTR SyscallNum = SYS_FGETXATTR
SNR_LISTXATTR SyscallNum = SYS_LISTXATTR
SNR_LLISTXATTR SyscallNum = SYS_LLISTXATTR
SNR_FLISTXATTR SyscallNum = SYS_FLISTXATTR
SNR_REMOVEXATTR SyscallNum = SYS_REMOVEXATTR
SNR_LREMOVEXATTR SyscallNum = SYS_LREMOVEXATTR
SNR_FREMOVEXATTR SyscallNum = SYS_FREMOVEXATTR
SNR_GETCWD SyscallNum = SYS_GETCWD
SNR_LOOKUP_DCOOKIE SyscallNum = SYS_LOOKUP_DCOOKIE
SNR_EVENTFD2 SyscallNum = SYS_EVENTFD2
SNR_EPOLL_CREATE1 SyscallNum = SYS_EPOLL_CREATE1
SNR_EPOLL_CTL SyscallNum = SYS_EPOLL_CTL
SNR_EPOLL_PWAIT SyscallNum = SYS_EPOLL_PWAIT
SNR_DUP SyscallNum = SYS_DUP
SNR_DUP3 SyscallNum = SYS_DUP3
SNR_FCNTL SyscallNum = SYS_FCNTL
SNR_INOTIFY_INIT1 SyscallNum = SYS_INOTIFY_INIT1
SNR_INOTIFY_ADD_WATCH SyscallNum = SYS_INOTIFY_ADD_WATCH
SNR_INOTIFY_RM_WATCH SyscallNum = SYS_INOTIFY_RM_WATCH
SNR_IOCTL SyscallNum = SYS_IOCTL
SNR_IOPRIO_SET SyscallNum = SYS_IOPRIO_SET
SNR_IOPRIO_GET SyscallNum = SYS_IOPRIO_GET
SNR_FLOCK SyscallNum = SYS_FLOCK
SNR_MKNODAT SyscallNum = SYS_MKNODAT
SNR_MKDIRAT SyscallNum = SYS_MKDIRAT
SNR_UNLINKAT SyscallNum = SYS_UNLINKAT
SNR_SYMLINKAT SyscallNum = SYS_SYMLINKAT
SNR_LINKAT SyscallNum = SYS_LINKAT
SNR_RENAMEAT SyscallNum = SYS_RENAMEAT
SNR_UMOUNT2 SyscallNum = SYS_UMOUNT2
SNR_MOUNT SyscallNum = SYS_MOUNT
SNR_PIVOT_ROOT SyscallNum = SYS_PIVOT_ROOT
SNR_NFSSERVCTL SyscallNum = SYS_NFSSERVCTL
SNR_STATFS SyscallNum = SYS_STATFS
SNR_FSTATFS SyscallNum = SYS_FSTATFS
SNR_TRUNCATE SyscallNum = SYS_TRUNCATE
SNR_FTRUNCATE SyscallNum = SYS_FTRUNCATE
SNR_FALLOCATE SyscallNum = SYS_FALLOCATE
SNR_FACCESSAT SyscallNum = SYS_FACCESSAT
SNR_CHDIR SyscallNum = SYS_CHDIR
SNR_FCHDIR SyscallNum = SYS_FCHDIR
SNR_CHROOT SyscallNum = SYS_CHROOT
SNR_FCHMOD SyscallNum = SYS_FCHMOD
SNR_FCHMODAT SyscallNum = SYS_FCHMODAT
SNR_FCHOWNAT SyscallNum = SYS_FCHOWNAT
SNR_FCHOWN SyscallNum = SYS_FCHOWN
SNR_OPENAT SyscallNum = SYS_OPENAT
SNR_CLOSE SyscallNum = SYS_CLOSE
SNR_VHANGUP SyscallNum = SYS_VHANGUP
SNR_PIPE2 SyscallNum = SYS_PIPE2
SNR_QUOTACTL SyscallNum = SYS_QUOTACTL
SNR_GETDENTS64 SyscallNum = SYS_GETDENTS64
SNR_LSEEK SyscallNum = SYS_LSEEK
SNR_READ SyscallNum = SYS_READ
SNR_WRITE SyscallNum = SYS_WRITE
SNR_READV SyscallNum = SYS_READV
SNR_WRITEV SyscallNum = SYS_WRITEV
SNR_PREAD64 SyscallNum = SYS_PREAD64
SNR_PWRITE64 SyscallNum = SYS_PWRITE64
SNR_PREADV SyscallNum = SYS_PREADV
SNR_PWRITEV SyscallNum = SYS_PWRITEV
SNR_SENDFILE SyscallNum = SYS_SENDFILE
SNR_PSELECT6 SyscallNum = SYS_PSELECT6
SNR_PPOLL SyscallNum = SYS_PPOLL
SNR_SIGNALFD4 SyscallNum = SYS_SIGNALFD4
SNR_VMSPLICE SyscallNum = SYS_VMSPLICE
SNR_SPLICE SyscallNum = SYS_SPLICE
SNR_TEE SyscallNum = SYS_TEE
SNR_READLINKAT SyscallNum = SYS_READLINKAT
SNR_NEWFSTATAT SyscallNum = SYS_NEWFSTATAT
SNR_FSTAT SyscallNum = SYS_FSTAT
SNR_SYNC SyscallNum = SYS_SYNC
SNR_FSYNC SyscallNum = SYS_FSYNC
SNR_FDATASYNC SyscallNum = SYS_FDATASYNC
SNR_SYNC_FILE_RANGE SyscallNum = SYS_SYNC_FILE_RANGE
SNR_TIMERFD_CREATE SyscallNum = SYS_TIMERFD_CREATE
SNR_TIMERFD_SETTIME SyscallNum = SYS_TIMERFD_SETTIME
SNR_TIMERFD_GETTIME SyscallNum = SYS_TIMERFD_GETTIME
SNR_UTIMENSAT SyscallNum = SYS_UTIMENSAT
SNR_ACCT SyscallNum = SYS_ACCT
SNR_CAPGET SyscallNum = SYS_CAPGET
SNR_CAPSET SyscallNum = SYS_CAPSET
SNR_PERSONALITY SyscallNum = SYS_PERSONALITY
SNR_EXIT SyscallNum = SYS_EXIT
SNR_EXIT_GROUP SyscallNum = SYS_EXIT_GROUP
SNR_WAITID SyscallNum = SYS_WAITID
SNR_SET_TID_ADDRESS SyscallNum = SYS_SET_TID_ADDRESS
SNR_UNSHARE SyscallNum = SYS_UNSHARE
SNR_FUTEX SyscallNum = SYS_FUTEX
SNR_SET_ROBUST_LIST SyscallNum = SYS_SET_ROBUST_LIST
SNR_GET_ROBUST_LIST SyscallNum = SYS_GET_ROBUST_LIST
SNR_NANOSLEEP SyscallNum = SYS_NANOSLEEP
SNR_GETITIMER SyscallNum = SYS_GETITIMER
SNR_SETITIMER SyscallNum = SYS_SETITIMER
SNR_KEXEC_LOAD SyscallNum = SYS_KEXEC_LOAD
SNR_INIT_MODULE SyscallNum = SYS_INIT_MODULE
SNR_DELETE_MODULE SyscallNum = SYS_DELETE_MODULE
SNR_TIMER_CREATE SyscallNum = SYS_TIMER_CREATE
SNR_TIMER_GETTIME SyscallNum = SYS_TIMER_GETTIME
SNR_TIMER_GETOVERRUN SyscallNum = SYS_TIMER_GETOVERRUN
SNR_TIMER_SETTIME SyscallNum = SYS_TIMER_SETTIME
SNR_TIMER_DELETE SyscallNum = SYS_TIMER_DELETE
SNR_CLOCK_SETTIME SyscallNum = SYS_CLOCK_SETTIME
SNR_CLOCK_GETTIME SyscallNum = SYS_CLOCK_GETTIME
SNR_CLOCK_GETRES SyscallNum = SYS_CLOCK_GETRES
SNR_CLOCK_NANOSLEEP SyscallNum = SYS_CLOCK_NANOSLEEP
SNR_SYSLOG SyscallNum = SYS_SYSLOG
SNR_PTRACE SyscallNum = SYS_PTRACE
SNR_SCHED_SETPARAM SyscallNum = SYS_SCHED_SETPARAM
SNR_SCHED_SETSCHEDULER SyscallNum = SYS_SCHED_SETSCHEDULER
SNR_SCHED_GETSCHEDULER SyscallNum = SYS_SCHED_GETSCHEDULER
SNR_SCHED_GETPARAM SyscallNum = SYS_SCHED_GETPARAM
SNR_SCHED_SETAFFINITY SyscallNum = SYS_SCHED_SETAFFINITY
SNR_SCHED_GETAFFINITY SyscallNum = SYS_SCHED_GETAFFINITY
SNR_SCHED_YIELD SyscallNum = SYS_SCHED_YIELD
SNR_SCHED_GET_PRIORITY_MAX SyscallNum = SYS_SCHED_GET_PRIORITY_MAX
SNR_SCHED_GET_PRIORITY_MIN SyscallNum = SYS_SCHED_GET_PRIORITY_MIN
SNR_SCHED_RR_GET_INTERVAL SyscallNum = SYS_SCHED_RR_GET_INTERVAL
SNR_RESTART_SYSCALL SyscallNum = SYS_RESTART_SYSCALL
SNR_KILL SyscallNum = SYS_KILL
SNR_TKILL SyscallNum = SYS_TKILL
SNR_TGKILL SyscallNum = SYS_TGKILL
SNR_SIGALTSTACK SyscallNum = SYS_SIGALTSTACK
SNR_RT_SIGSUSPEND SyscallNum = SYS_RT_SIGSUSPEND
SNR_RT_SIGACTION SyscallNum = SYS_RT_SIGACTION
SNR_RT_SIGPROCMASK SyscallNum = SYS_RT_SIGPROCMASK
SNR_RT_SIGPENDING SyscallNum = SYS_RT_SIGPENDING
SNR_RT_SIGTIMEDWAIT SyscallNum = SYS_RT_SIGTIMEDWAIT
SNR_RT_SIGQUEUEINFO SyscallNum = SYS_RT_SIGQUEUEINFO
SNR_RT_SIGRETURN SyscallNum = SYS_RT_SIGRETURN
SNR_SETPRIORITY SyscallNum = SYS_SETPRIORITY
SNR_GETPRIORITY SyscallNum = SYS_GETPRIORITY
SNR_REBOOT SyscallNum = SYS_REBOOT
SNR_SETREGID SyscallNum = SYS_SETREGID
SNR_SETGID SyscallNum = SYS_SETGID
SNR_SETREUID SyscallNum = SYS_SETREUID
SNR_SETUID SyscallNum = SYS_SETUID
SNR_SETRESUID SyscallNum = SYS_SETRESUID
SNR_GETRESUID SyscallNum = SYS_GETRESUID
SNR_SETRESGID SyscallNum = SYS_SETRESGID
SNR_GETRESGID SyscallNum = SYS_GETRESGID
SNR_SETFSUID SyscallNum = SYS_SETFSUID
SNR_SETFSGID SyscallNum = SYS_SETFSGID
SNR_TIMES SyscallNum = SYS_TIMES
SNR_SETPGID SyscallNum = SYS_SETPGID
SNR_GETPGID SyscallNum = SYS_GETPGID
SNR_GETSID SyscallNum = SYS_GETSID
SNR_SETSID SyscallNum = SYS_SETSID
SNR_GETGROUPS SyscallNum = SYS_GETGROUPS
SNR_SETGROUPS SyscallNum = SYS_SETGROUPS
SNR_UNAME SyscallNum = SYS_UNAME
SNR_SETHOSTNAME SyscallNum = SYS_SETHOSTNAME
SNR_SETDOMAINNAME SyscallNum = SYS_SETDOMAINNAME
SNR_GETRLIMIT SyscallNum = SYS_GETRLIMIT
SNR_SETRLIMIT SyscallNum = SYS_SETRLIMIT
SNR_GETRUSAGE SyscallNum = SYS_GETRUSAGE
SNR_UMASK SyscallNum = SYS_UMASK
SNR_PRCTL SyscallNum = SYS_PRCTL
SNR_GETCPU SyscallNum = SYS_GETCPU
SNR_GETTIMEOFDAY SyscallNum = SYS_GETTIMEOFDAY
SNR_SETTIMEOFDAY SyscallNum = SYS_SETTIMEOFDAY
SNR_ADJTIMEX SyscallNum = SYS_ADJTIMEX
SNR_GETPID SyscallNum = SYS_GETPID
SNR_GETPPID SyscallNum = SYS_GETPPID
SNR_GETUID SyscallNum = SYS_GETUID
SNR_GETEUID SyscallNum = SYS_GETEUID
SNR_GETGID SyscallNum = SYS_GETGID
SNR_GETEGID SyscallNum = SYS_GETEGID
SNR_GETTID SyscallNum = SYS_GETTID
SNR_SYSINFO SyscallNum = SYS_SYSINFO
SNR_MQ_OPEN SyscallNum = SYS_MQ_OPEN
SNR_MQ_UNLINK SyscallNum = SYS_MQ_UNLINK
SNR_MQ_TIMEDSEND SyscallNum = SYS_MQ_TIMEDSEND
SNR_MQ_TIMEDRECEIVE SyscallNum = SYS_MQ_TIMEDRECEIVE
SNR_MQ_NOTIFY SyscallNum = SYS_MQ_NOTIFY
SNR_MQ_GETSETATTR SyscallNum = SYS_MQ_GETSETATTR
SNR_MSGGET SyscallNum = SYS_MSGGET
SNR_MSGCTL SyscallNum = SYS_MSGCTL
SNR_MSGRCV SyscallNum = SYS_MSGRCV
SNR_MSGSND SyscallNum = SYS_MSGSND
SNR_SEMGET SyscallNum = SYS_SEMGET
SNR_SEMCTL SyscallNum = SYS_SEMCTL
SNR_SEMTIMEDOP SyscallNum = SYS_SEMTIMEDOP
SNR_SEMOP SyscallNum = SYS_SEMOP
SNR_SHMGET SyscallNum = SYS_SHMGET
SNR_SHMCTL SyscallNum = SYS_SHMCTL
SNR_SHMAT SyscallNum = SYS_SHMAT
SNR_SHMDT SyscallNum = SYS_SHMDT
SNR_SOCKET SyscallNum = SYS_SOCKET
SNR_SOCKETPAIR SyscallNum = SYS_SOCKETPAIR
SNR_BIND SyscallNum = SYS_BIND
SNR_LISTEN SyscallNum = SYS_LISTEN
SNR_ACCEPT SyscallNum = SYS_ACCEPT
SNR_CONNECT SyscallNum = SYS_CONNECT
SNR_GETSOCKNAME SyscallNum = SYS_GETSOCKNAME
SNR_GETPEERNAME SyscallNum = SYS_GETPEERNAME
SNR_SENDTO SyscallNum = SYS_SENDTO
SNR_RECVFROM SyscallNum = SYS_RECVFROM
SNR_SETSOCKOPT SyscallNum = SYS_SETSOCKOPT
SNR_GETSOCKOPT SyscallNum = SYS_GETSOCKOPT
SNR_SHUTDOWN SyscallNum = SYS_SHUTDOWN
SNR_SENDMSG SyscallNum = SYS_SENDMSG
SNR_RECVMSG SyscallNum = SYS_RECVMSG
SNR_READAHEAD SyscallNum = SYS_READAHEAD
SNR_BRK SyscallNum = SYS_BRK
SNR_MUNMAP SyscallNum = SYS_MUNMAP
SNR_MREMAP SyscallNum = SYS_MREMAP
SNR_ADD_KEY SyscallNum = SYS_ADD_KEY
SNR_REQUEST_KEY SyscallNum = SYS_REQUEST_KEY
SNR_KEYCTL SyscallNum = SYS_KEYCTL
SNR_CLONE SyscallNum = SYS_CLONE
SNR_EXECVE SyscallNum = SYS_EXECVE
SNR_MMAP SyscallNum = SYS_MMAP
SNR_FADVISE64 SyscallNum = SYS_FADVISE64
SNR_SWAPON SyscallNum = SYS_SWAPON
SNR_SWAPOFF SyscallNum = SYS_SWAPOFF
SNR_MPROTECT SyscallNum = SYS_MPROTECT
SNR_MSYNC SyscallNum = SYS_MSYNC
SNR_MLOCK SyscallNum = SYS_MLOCK
SNR_MUNLOCK SyscallNum = SYS_MUNLOCK
SNR_MLOCKALL SyscallNum = SYS_MLOCKALL
SNR_MUNLOCKALL SyscallNum = SYS_MUNLOCKALL
SNR_MINCORE SyscallNum = SYS_MINCORE
SNR_MADVISE SyscallNum = SYS_MADVISE
SNR_REMAP_FILE_PAGES SyscallNum = SYS_REMAP_FILE_PAGES
SNR_MBIND SyscallNum = SYS_MBIND
SNR_GET_MEMPOLICY SyscallNum = SYS_GET_MEMPOLICY
SNR_SET_MEMPOLICY SyscallNum = SYS_SET_MEMPOLICY
SNR_MIGRATE_PAGES SyscallNum = SYS_MIGRATE_PAGES
SNR_MOVE_PAGES SyscallNum = SYS_MOVE_PAGES
SNR_RT_TGSIGQUEUEINFO SyscallNum = SYS_RT_TGSIGQUEUEINFO
SNR_PERF_EVENT_OPEN SyscallNum = SYS_PERF_EVENT_OPEN
SNR_ACCEPT4 SyscallNum = SYS_ACCEPT4
SNR_RECVMMSG SyscallNum = SYS_RECVMMSG
SNR_WAIT4 SyscallNum = SYS_WAIT4
SNR_PRLIMIT64 SyscallNum = SYS_PRLIMIT64
SNR_FANOTIFY_INIT SyscallNum = SYS_FANOTIFY_INIT
SNR_FANOTIFY_MARK SyscallNum = SYS_FANOTIFY_MARK
SNR_NAME_TO_HANDLE_AT SyscallNum = SYS_NAME_TO_HANDLE_AT
SNR_OPEN_BY_HANDLE_AT SyscallNum = SYS_OPEN_BY_HANDLE_AT
SNR_CLOCK_ADJTIME SyscallNum = SYS_CLOCK_ADJTIME
SNR_SYNCFS SyscallNum = SYS_SYNCFS
SNR_SETNS SyscallNum = SYS_SETNS
SNR_SENDMMSG SyscallNum = SYS_SENDMMSG
SNR_PROCESS_VM_READV SyscallNum = SYS_PROCESS_VM_READV
SNR_PROCESS_VM_WRITEV SyscallNum = SYS_PROCESS_VM_WRITEV
SNR_KCMP SyscallNum = SYS_KCMP
SNR_FINIT_MODULE SyscallNum = SYS_FINIT_MODULE
SNR_SCHED_SETATTR SyscallNum = SYS_SCHED_SETATTR
SNR_SCHED_GETATTR SyscallNum = SYS_SCHED_GETATTR
SNR_RENAMEAT2 SyscallNum = SYS_RENAMEAT2
SNR_SECCOMP SyscallNum = SYS_SECCOMP
SNR_GETRANDOM SyscallNum = SYS_GETRANDOM
SNR_MEMFD_CREATE SyscallNum = SYS_MEMFD_CREATE
SNR_BPF SyscallNum = SYS_BPF
SNR_EXECVEAT SyscallNum = SYS_EXECVEAT
SNR_USERFAULTFD SyscallNum = SYS_USERFAULTFD
SNR_MEMBARRIER SyscallNum = SYS_MEMBARRIER
SNR_MLOCK2 SyscallNum = SYS_MLOCK2
SNR_COPY_FILE_RANGE SyscallNum = SYS_COPY_FILE_RANGE
SNR_PREADV2 SyscallNum = SYS_PREADV2
SNR_PWRITEV2 SyscallNum = SYS_PWRITEV2
SNR_PKEY_MPROTECT SyscallNum = SYS_PKEY_MPROTECT
SNR_PKEY_ALLOC SyscallNum = SYS_PKEY_ALLOC
SNR_PKEY_FREE SyscallNum = SYS_PKEY_FREE
SNR_STATX SyscallNum = SYS_STATX
SNR_IO_PGETEVENTS SyscallNum = SYS_IO_PGETEVENTS
SNR_RSEQ SyscallNum = SYS_RSEQ
SNR_KEXEC_FILE_LOAD SyscallNum = SYS_KEXEC_FILE_LOAD
SNR_PIDFD_SEND_SIGNAL SyscallNum = SYS_PIDFD_SEND_SIGNAL
SNR_IO_URING_SETUP SyscallNum = SYS_IO_URING_SETUP
SNR_IO_URING_ENTER SyscallNum = SYS_IO_URING_ENTER
SNR_IO_URING_REGISTER SyscallNum = SYS_IO_URING_REGISTER
SNR_OPEN_TREE SyscallNum = SYS_OPEN_TREE
SNR_MOVE_MOUNT SyscallNum = SYS_MOVE_MOUNT
SNR_FSOPEN SyscallNum = SYS_FSOPEN
SNR_FSCONFIG SyscallNum = SYS_FSCONFIG
SNR_FSMOUNT SyscallNum = SYS_FSMOUNT
SNR_FSPICK SyscallNum = SYS_FSPICK
SNR_PIDFD_OPEN SyscallNum = SYS_PIDFD_OPEN
SNR_CLONE3 SyscallNum = SYS_CLONE3
SNR_CLOSE_RANGE SyscallNum = SYS_CLOSE_RANGE
SNR_OPENAT2 SyscallNum = SYS_OPENAT2
SNR_PIDFD_GETFD SyscallNum = SYS_PIDFD_GETFD
SNR_FACCESSAT2 SyscallNum = SYS_FACCESSAT2
SNR_PROCESS_MADVISE SyscallNum = SYS_PROCESS_MADVISE
SNR_EPOLL_PWAIT2 SyscallNum = SYS_EPOLL_PWAIT2
SNR_MOUNT_SETATTR SyscallNum = SYS_MOUNT_SETATTR
SNR_QUOTACTL_FD SyscallNum = SYS_QUOTACTL_FD
SNR_LANDLOCK_CREATE_RULESET SyscallNum = SYS_LANDLOCK_CREATE_RULESET
SNR_LANDLOCK_ADD_RULE SyscallNum = SYS_LANDLOCK_ADD_RULE
SNR_LANDLOCK_RESTRICT_SELF SyscallNum = SYS_LANDLOCK_RESTRICT_SELF
SNR_MEMFD_SECRET SyscallNum = SYS_MEMFD_SECRET
SNR_PROCESS_MRELEASE SyscallNum = SYS_PROCESS_MRELEASE
SNR_FUTEX_WAITV SyscallNum = SYS_FUTEX_WAITV
SNR_SET_MEMPOLICY_HOME_NODE SyscallNum = SYS_SET_MEMPOLICY_HOME_NODE
SNR_CACHESTAT SyscallNum = SYS_CACHESTAT
SNR_FCHMODAT2 SyscallNum = SYS_FCHMODAT2
SNR_MAP_SHADOW_STACK SyscallNum = SYS_MAP_SHADOW_STACK
SNR_FUTEX_WAKE SyscallNum = SYS_FUTEX_WAKE
SNR_FUTEX_WAIT SyscallNum = SYS_FUTEX_WAIT
SNR_FUTEX_REQUEUE SyscallNum = SYS_FUTEX_REQUEUE
SNR_STATMOUNT SyscallNum = SYS_STATMOUNT
SNR_LISTMOUNT SyscallNum = SYS_LISTMOUNT
SNR_LSM_GET_SELF_ATTR SyscallNum = SYS_LSM_GET_SELF_ATTR
SNR_LSM_SET_SELF_ATTR SyscallNum = SYS_LSM_SET_SELF_ATTR
SNR_LSM_LIST_MODULES SyscallNum = SYS_LSM_LIST_MODULES
SNR_MSEAL SyscallNum = SYS_MSEAL
)

719
ext/syscall_linux_riscv64.go Normal file
View File

@@ -0,0 +1,719 @@
// mksysnum_linux.pl /usr/include/riscv64-linux-gnu/asm/unistd.h
// Code generated by the command above; DO NOT EDIT.
package ext
import . "syscall"
var syscallNum = map[string]SyscallNum{
"io_setup": SNR_IO_SETUP,
"io_destroy": SNR_IO_DESTROY,
"io_submit": SNR_IO_SUBMIT,
"io_cancel": SNR_IO_CANCEL,
"io_getevents": SNR_IO_GETEVENTS,
"setxattr": SNR_SETXATTR,
"lsetxattr": SNR_LSETXATTR,
"fsetxattr": SNR_FSETXATTR,
"getxattr": SNR_GETXATTR,
"lgetxattr": SNR_LGETXATTR,
"fgetxattr": SNR_FGETXATTR,
"listxattr": SNR_LISTXATTR,
"llistxattr": SNR_LLISTXATTR,
"flistxattr": SNR_FLISTXATTR,
"removexattr": SNR_REMOVEXATTR,
"lremovexattr": SNR_LREMOVEXATTR,
"fremovexattr": SNR_FREMOVEXATTR,
"getcwd": SNR_GETCWD,
"lookup_dcookie": SNR_LOOKUP_DCOOKIE,
"eventfd2": SNR_EVENTFD2,
"epoll_create1": SNR_EPOLL_CREATE1,
"epoll_ctl": SNR_EPOLL_CTL,
"epoll_pwait": SNR_EPOLL_PWAIT,
"dup": SNR_DUP,
"dup3": SNR_DUP3,
"fcntl": SNR_FCNTL,
"inotify_init1": SNR_INOTIFY_INIT1,
"inotify_add_watch": SNR_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SNR_INOTIFY_RM_WATCH,
"ioctl": SNR_IOCTL,
"ioprio_set": SNR_IOPRIO_SET,
"ioprio_get": SNR_IOPRIO_GET,
"flock": SNR_FLOCK,
"mknodat": SNR_MKNODAT,
"mkdirat": SNR_MKDIRAT,
"unlinkat": SNR_UNLINKAT,
"symlinkat": SNR_SYMLINKAT,
"linkat": SNR_LINKAT,
"umount2": SNR_UMOUNT2,
"mount": SNR_MOUNT,
"pivot_root": SNR_PIVOT_ROOT,
"nfsservctl": SNR_NFSSERVCTL,
"statfs": SNR_STATFS,
"fstatfs": SNR_FSTATFS,
"truncate": SNR_TRUNCATE,
"ftruncate": SNR_FTRUNCATE,
"fallocate": SNR_FALLOCATE,
"faccessat": SNR_FACCESSAT,
"chdir": SNR_CHDIR,
"fchdir": SNR_FCHDIR,
"chroot": SNR_CHROOT,
"fchmod": SNR_FCHMOD,
"fchmodat": SNR_FCHMODAT,
"fchownat": SNR_FCHOWNAT,
"fchown": SNR_FCHOWN,
"openat": SNR_OPENAT,
"close": SNR_CLOSE,
"vhangup": SNR_VHANGUP,
"pipe2": SNR_PIPE2,
"quotactl": SNR_QUOTACTL,
"getdents64": SNR_GETDENTS64,
"lseek": SNR_LSEEK,
"read": SNR_READ,
"write": SNR_WRITE,
"readv": SNR_READV,
"writev": SNR_WRITEV,
"pread64": SNR_PREAD64,
"pwrite64": SNR_PWRITE64,
"preadv": SNR_PREADV,
"pwritev": SNR_PWRITEV,
"sendfile": SNR_SENDFILE,
"pselect6": SNR_PSELECT6,
"ppoll": SNR_PPOLL,
"signalfd4": SNR_SIGNALFD4,
"vmsplice": SNR_VMSPLICE,
"splice": SNR_SPLICE,
"tee": SNR_TEE,
"readlinkat": SNR_READLINKAT,
"newfstatat": SNR_NEWFSTATAT,
"fstat": SNR_FSTAT,
"sync": SNR_SYNC,
"fsync": SNR_FSYNC,
"fdatasync": SNR_FDATASYNC,
"sync_file_range": SNR_SYNC_FILE_RANGE,
"timerfd_create": SNR_TIMERFD_CREATE,
"timerfd_settime": SNR_TIMERFD_SETTIME,
"timerfd_gettime": SNR_TIMERFD_GETTIME,
"utimensat": SNR_UTIMENSAT,
"acct": SNR_ACCT,
"capget": SNR_CAPGET,
"capset": SNR_CAPSET,
"personality": SNR_PERSONALITY,
"exit": SNR_EXIT,
"exit_group": SNR_EXIT_GROUP,
"waitid": SNR_WAITID,
"set_tid_address": SNR_SET_TID_ADDRESS,
"unshare": SNR_UNSHARE,
"futex": SNR_FUTEX,
"set_robust_list": SNR_SET_ROBUST_LIST,
"get_robust_list": SNR_GET_ROBUST_LIST,
"nanosleep": SNR_NANOSLEEP,
"getitimer": SNR_GETITIMER,
"setitimer": SNR_SETITIMER,
"kexec_load": SNR_KEXEC_LOAD,
"init_module": SNR_INIT_MODULE,
"delete_module": SNR_DELETE_MODULE,
"timer_create": SNR_TIMER_CREATE,
"timer_gettime": SNR_TIMER_GETTIME,
"timer_getoverrun": SNR_TIMER_GETOVERRUN,
"timer_settime": SNR_TIMER_SETTIME,
"timer_delete": SNR_TIMER_DELETE,
"clock_settime": SNR_CLOCK_SETTIME,
"clock_gettime": SNR_CLOCK_GETTIME,
"clock_getres": SNR_CLOCK_GETRES,
"clock_nanosleep": SNR_CLOCK_NANOSLEEP,
"syslog": SNR_SYSLOG,
"ptrace": SNR_PTRACE,
"sched_setparam": SNR_SCHED_SETPARAM,
"sched_setscheduler": SNR_SCHED_SETSCHEDULER,
"sched_getscheduler": SNR_SCHED_GETSCHEDULER,
"sched_getparam": SNR_SCHED_GETPARAM,
"sched_setaffinity": SNR_SCHED_SETAFFINITY,
"sched_getaffinity": SNR_SCHED_GETAFFINITY,
"sched_yield": SNR_SCHED_YIELD,
"sched_get_priority_max": SNR_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SNR_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SNR_SCHED_RR_GET_INTERVAL,
"restart_syscall": SNR_RESTART_SYSCALL,
"kill": SNR_KILL,
"tkill": SNR_TKILL,
"tgkill": SNR_TGKILL,
"sigaltstack": SNR_SIGALTSTACK,
"rt_sigsuspend": SNR_RT_SIGSUSPEND,
"rt_sigaction": SNR_RT_SIGACTION,
"rt_sigprocmask": SNR_RT_SIGPROCMASK,
"rt_sigpending": SNR_RT_SIGPENDING,
"rt_sigtimedwait": SNR_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SNR_RT_SIGQUEUEINFO,
"rt_sigreturn": SNR_RT_SIGRETURN,
"setpriority": SNR_SETPRIORITY,
"getpriority": SNR_GETPRIORITY,
"reboot": SNR_REBOOT,
"setregid": SNR_SETREGID,
"setgid": SNR_SETGID,
"setreuid": SNR_SETREUID,
"setuid": SNR_SETUID,
"setresuid": SNR_SETRESUID,
"getresuid": SNR_GETRESUID,
"setresgid": SNR_SETRESGID,
"getresgid": SNR_GETRESGID,
"setfsuid": SNR_SETFSUID,
"setfsgid": SNR_SETFSGID,
"times": SNR_TIMES,
"setpgid": SNR_SETPGID,
"getpgid": SNR_GETPGID,
"getsid": SNR_GETSID,
"setsid": SNR_SETSID,
"getgroups": SNR_GETGROUPS,
"setgroups": SNR_SETGROUPS,
"uname": SNR_UNAME,
"sethostname": SNR_SETHOSTNAME,
"setdomainname": SNR_SETDOMAINNAME,
"getrlimit": SNR_GETRLIMIT,
"setrlimit": SNR_SETRLIMIT,
"getrusage": SNR_GETRUSAGE,
"umask": SNR_UMASK,
"prctl": SNR_PRCTL,
"getcpu": SNR_GETCPU,
"gettimeofday": SNR_GETTIMEOFDAY,
"settimeofday": SNR_SETTIMEOFDAY,
"adjtimex": SNR_ADJTIMEX,
"getpid": SNR_GETPID,
"getppid": SNR_GETPPID,
"getuid": SNR_GETUID,
"geteuid": SNR_GETEUID,
"getgid": SNR_GETGID,
"getegid": SNR_GETEGID,
"gettid": SNR_GETTID,
"sysinfo": SNR_SYSINFO,
"mq_open": SNR_MQ_OPEN,
"mq_unlink": SNR_MQ_UNLINK,
"mq_timedsend": SNR_MQ_TIMEDSEND,
"mq_timedreceive": SNR_MQ_TIMEDRECEIVE,
"mq_notify": SNR_MQ_NOTIFY,
"mq_getsetattr": SNR_MQ_GETSETATTR,
"msgget": SNR_MSGGET,
"msgctl": SNR_MSGCTL,
"msgrcv": SNR_MSGRCV,
"msgsnd": SNR_MSGSND,
"semget": SNR_SEMGET,
"semctl": SNR_SEMCTL,
"semtimedop": SNR_SEMTIMEDOP,
"semop": SNR_SEMOP,
"shmget": SNR_SHMGET,
"shmctl": SNR_SHMCTL,
"shmat": SNR_SHMAT,
"shmdt": SNR_SHMDT,
"socket": SNR_SOCKET,
"socketpair": SNR_SOCKETPAIR,
"bind": SNR_BIND,
"listen": SNR_LISTEN,
"accept": SNR_ACCEPT,
"connect": SNR_CONNECT,
"getsockname": SNR_GETSOCKNAME,
"getpeername": SNR_GETPEERNAME,
"sendto": SNR_SENDTO,
"recvfrom": SNR_RECVFROM,
"setsockopt": SNR_SETSOCKOPT,
"getsockopt": SNR_GETSOCKOPT,
"shutdown": SNR_SHUTDOWN,
"sendmsg": SNR_SENDMSG,
"recvmsg": SNR_RECVMSG,
"readahead": SNR_READAHEAD,
"brk": SNR_BRK,
"munmap": SNR_MUNMAP,
"mremap": SNR_MREMAP,
"add_key": SNR_ADD_KEY,
"request_key": SNR_REQUEST_KEY,
"keyctl": SNR_KEYCTL,
"clone": SNR_CLONE,
"execve": SNR_EXECVE,
"mmap": SNR_MMAP,
"fadvise64": SNR_FADVISE64,
"swapon": SNR_SWAPON,
"swapoff": SNR_SWAPOFF,
"mprotect": SNR_MPROTECT,
"msync": SNR_MSYNC,
"mlock": SNR_MLOCK,
"munlock": SNR_MUNLOCK,
"mlockall": SNR_MLOCKALL,
"munlockall": SNR_MUNLOCKALL,
"mincore": SNR_MINCORE,
"madvise": SNR_MADVISE,
"remap_file_pages": SNR_REMAP_FILE_PAGES,
"mbind": SNR_MBIND,
"get_mempolicy": SNR_GET_MEMPOLICY,
"set_mempolicy": SNR_SET_MEMPOLICY,
"migrate_pages": SNR_MIGRATE_PAGES,
"move_pages": SNR_MOVE_PAGES,
"rt_tgsigqueueinfo": SNR_RT_TGSIGQUEUEINFO,
"perf_event_open": SNR_PERF_EVENT_OPEN,
"accept4": SNR_ACCEPT4,
"recvmmsg": SNR_RECVMMSG,
"wait4": SNR_WAIT4,
"prlimit64": SNR_PRLIMIT64,
"fanotify_init": SNR_FANOTIFY_INIT,
"fanotify_mark": SNR_FANOTIFY_MARK,
"name_to_handle_at": SNR_NAME_TO_HANDLE_AT,
"open_by_handle_at": SNR_OPEN_BY_HANDLE_AT,
"clock_adjtime": SNR_CLOCK_ADJTIME,
"syncfs": SNR_SYNCFS,
"setns": SNR_SETNS,
"sendmmsg": SNR_SENDMMSG,
"process_vm_readv": SNR_PROCESS_VM_READV,
"process_vm_writev": SNR_PROCESS_VM_WRITEV,
"kcmp": SNR_KCMP,
"finit_module": SNR_FINIT_MODULE,
"sched_setattr": SNR_SCHED_SETATTR,
"sched_getattr": SNR_SCHED_GETATTR,
"renameat2": SNR_RENAMEAT2,
"seccomp": SNR_SECCOMP,
"getrandom": SNR_GETRANDOM,
"memfd_create": SNR_MEMFD_CREATE,
"bpf": SNR_BPF,
"execveat": SNR_EXECVEAT,
"userfaultfd": SNR_USERFAULTFD,
"membarrier": SNR_MEMBARRIER,
"mlock2": SNR_MLOCK2,
"copy_file_range": SNR_COPY_FILE_RANGE,
"preadv2": SNR_PREADV2,
"pwritev2": SNR_PWRITEV2,
"pkey_mprotect": SNR_PKEY_MPROTECT,
"pkey_alloc": SNR_PKEY_ALLOC,
"pkey_free": SNR_PKEY_FREE,
"statx": SNR_STATX,
"io_pgetevents": SNR_IO_PGETEVENTS,
"rseq": SNR_RSEQ,
"kexec_file_load": SNR_KEXEC_FILE_LOAD,
"pidfd_send_signal": SNR_PIDFD_SEND_SIGNAL,
"io_uring_setup": SNR_IO_URING_SETUP,
"io_uring_enter": SNR_IO_URING_ENTER,
"io_uring_register": SNR_IO_URING_REGISTER,
"open_tree": SNR_OPEN_TREE,
"move_mount": SNR_MOVE_MOUNT,
"fsopen": SNR_FSOPEN,
"fsconfig": SNR_FSCONFIG,
"fsmount": SNR_FSMOUNT,
"fspick": SNR_FSPICK,
"pidfd_open": SNR_PIDFD_OPEN,
"clone3": SNR_CLONE3,
"close_range": SNR_CLOSE_RANGE,
"openat2": SNR_OPENAT2,
"pidfd_getfd": SNR_PIDFD_GETFD,
"faccessat2": SNR_FACCESSAT2,
"process_madvise": SNR_PROCESS_MADVISE,
"epoll_pwait2": SNR_EPOLL_PWAIT2,
"mount_setattr": SNR_MOUNT_SETATTR,
"quotactl_fd": SNR_QUOTACTL_FD,
"landlock_create_ruleset": SNR_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SNR_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SNR_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SNR_MEMFD_SECRET,
"process_mrelease": SNR_PROCESS_MRELEASE,
"futex_waitv": SNR_FUTEX_WAITV,
"set_mempolicy_home_node": SNR_SET_MEMPOLICY_HOME_NODE,
"cachestat": SNR_CACHESTAT,
"fchmodat2": SNR_FCHMODAT2,
"map_shadow_stack": SNR_MAP_SHADOW_STACK,
"futex_wake": SNR_FUTEX_WAKE,
"futex_wait": SNR_FUTEX_WAIT,
"futex_requeue": SNR_FUTEX_REQUEUE,
"statmount": SNR_STATMOUNT,
"listmount": SNR_LISTMOUNT,
"lsm_get_self_attr": SNR_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SNR_LSM_SET_SELF_ATTR,
"lsm_list_modules": SNR_LSM_LIST_MODULES,
"mseal": SNR_MSEAL,
"setxattrat": SNR_SETXATTRAT,
"getxattrat": SNR_GETXATTRAT,
"listxattrat": SNR_LISTXATTRAT,
"removexattrat": SNR_REMOVEXATTRAT,
}
const (
SYS_USERFAULTFD = 282
SYS_MEMBARRIER = 283
SYS_MLOCK2 = 284
SYS_COPY_FILE_RANGE = 285
SYS_PREADV2 = 286
SYS_PWRITEV2 = 287
SYS_PKEY_MPROTECT = 288
SYS_PKEY_ALLOC = 289
SYS_PKEY_FREE = 290
SYS_STATX = 291
SYS_IO_PGETEVENTS = 292
SYS_RSEQ = 293
SYS_KEXEC_FILE_LOAD = 294
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
SYS_SETXATTRAT = 463
SYS_GETXATTRAT = 464
SYS_LISTXATTRAT = 465
SYS_REMOVEXATTRAT = 466
SYS_OPEN_TREE_ATTR = 467
SYS_FILE_GETATTR = 468
SYS_FILE_SETATTR = 469
)
const (
SNR_IO_SETUP SyscallNum = SYS_IO_SETUP
SNR_IO_DESTROY SyscallNum = SYS_IO_DESTROY
SNR_IO_SUBMIT SyscallNum = SYS_IO_SUBMIT
SNR_IO_CANCEL SyscallNum = SYS_IO_CANCEL
SNR_IO_GETEVENTS SyscallNum = SYS_IO_GETEVENTS
SNR_SETXATTR SyscallNum = SYS_SETXATTR
SNR_LSETXATTR SyscallNum = SYS_LSETXATTR
SNR_FSETXATTR SyscallNum = SYS_FSETXATTR
SNR_GETXATTR SyscallNum = SYS_GETXATTR
SNR_LGETXATTR SyscallNum = SYS_LGETXATTR
SNR_FGETXATTR SyscallNum = SYS_FGETXATTR
SNR_LISTXATTR SyscallNum = SYS_LISTXATTR
SNR_LLISTXATTR SyscallNum = SYS_LLISTXATTR
SNR_FLISTXATTR SyscallNum = SYS_FLISTXATTR
SNR_REMOVEXATTR SyscallNum = SYS_REMOVEXATTR
SNR_LREMOVEXATTR SyscallNum = SYS_LREMOVEXATTR
SNR_FREMOVEXATTR SyscallNum = SYS_FREMOVEXATTR
SNR_GETCWD SyscallNum = SYS_GETCWD
SNR_LOOKUP_DCOOKIE SyscallNum = SYS_LOOKUP_DCOOKIE
SNR_EVENTFD2 SyscallNum = SYS_EVENTFD2
SNR_EPOLL_CREATE1 SyscallNum = SYS_EPOLL_CREATE1
SNR_EPOLL_CTL SyscallNum = SYS_EPOLL_CTL
SNR_EPOLL_PWAIT SyscallNum = SYS_EPOLL_PWAIT
SNR_DUP SyscallNum = SYS_DUP
SNR_DUP3 SyscallNum = SYS_DUP3
SNR_FCNTL SyscallNum = SYS_FCNTL
SNR_INOTIFY_INIT1 SyscallNum = SYS_INOTIFY_INIT1
SNR_INOTIFY_ADD_WATCH SyscallNum = SYS_INOTIFY_ADD_WATCH
SNR_INOTIFY_RM_WATCH SyscallNum = SYS_INOTIFY_RM_WATCH
SNR_IOCTL SyscallNum = SYS_IOCTL
SNR_IOPRIO_SET SyscallNum = SYS_IOPRIO_SET
SNR_IOPRIO_GET SyscallNum = SYS_IOPRIO_GET
SNR_FLOCK SyscallNum = SYS_FLOCK
SNR_MKNODAT SyscallNum = SYS_MKNODAT
SNR_MKDIRAT SyscallNum = SYS_MKDIRAT
SNR_UNLINKAT SyscallNum = SYS_UNLINKAT
SNR_SYMLINKAT SyscallNum = SYS_SYMLINKAT
SNR_LINKAT SyscallNum = SYS_LINKAT
SNR_UMOUNT2 SyscallNum = SYS_UMOUNT2
SNR_MOUNT SyscallNum = SYS_MOUNT
SNR_PIVOT_ROOT SyscallNum = SYS_PIVOT_ROOT
SNR_NFSSERVCTL SyscallNum = SYS_NFSSERVCTL
SNR_STATFS SyscallNum = SYS_STATFS
SNR_FSTATFS SyscallNum = SYS_FSTATFS
SNR_TRUNCATE SyscallNum = SYS_TRUNCATE
SNR_FTRUNCATE SyscallNum = SYS_FTRUNCATE
SNR_FALLOCATE SyscallNum = SYS_FALLOCATE
SNR_FACCESSAT SyscallNum = SYS_FACCESSAT
SNR_CHDIR SyscallNum = SYS_CHDIR
SNR_FCHDIR SyscallNum = SYS_FCHDIR
SNR_CHROOT SyscallNum = SYS_CHROOT
SNR_FCHMOD SyscallNum = SYS_FCHMOD
SNR_FCHMODAT SyscallNum = SYS_FCHMODAT
SNR_FCHOWNAT SyscallNum = SYS_FCHOWNAT
SNR_FCHOWN SyscallNum = SYS_FCHOWN
SNR_OPENAT SyscallNum = SYS_OPENAT
SNR_CLOSE SyscallNum = SYS_CLOSE
SNR_VHANGUP SyscallNum = SYS_VHANGUP
SNR_PIPE2 SyscallNum = SYS_PIPE2
SNR_QUOTACTL SyscallNum = SYS_QUOTACTL
SNR_GETDENTS64 SyscallNum = SYS_GETDENTS64
SNR_LSEEK SyscallNum = SYS_LSEEK
SNR_READ SyscallNum = SYS_READ
SNR_WRITE SyscallNum = SYS_WRITE
SNR_READV SyscallNum = SYS_READV
SNR_WRITEV SyscallNum = SYS_WRITEV
SNR_PREAD64 SyscallNum = SYS_PREAD64
SNR_PWRITE64 SyscallNum = SYS_PWRITE64
SNR_PREADV SyscallNum = SYS_PREADV
SNR_PWRITEV SyscallNum = SYS_PWRITEV
SNR_SENDFILE SyscallNum = SYS_SENDFILE
SNR_PSELECT6 SyscallNum = SYS_PSELECT6
SNR_PPOLL SyscallNum = SYS_PPOLL
SNR_SIGNALFD4 SyscallNum = SYS_SIGNALFD4
SNR_VMSPLICE SyscallNum = SYS_VMSPLICE
SNR_SPLICE SyscallNum = SYS_SPLICE
SNR_TEE SyscallNum = SYS_TEE
SNR_READLINKAT SyscallNum = SYS_READLINKAT
SNR_NEWFSTATAT SyscallNum = SYS_NEWFSTATAT
SNR_FSTAT SyscallNum = SYS_FSTAT
SNR_SYNC SyscallNum = SYS_SYNC
SNR_FSYNC SyscallNum = SYS_FSYNC
SNR_FDATASYNC SyscallNum = SYS_FDATASYNC
SNR_SYNC_FILE_RANGE SyscallNum = SYS_SYNC_FILE_RANGE
SNR_TIMERFD_CREATE SyscallNum = SYS_TIMERFD_CREATE
SNR_TIMERFD_SETTIME SyscallNum = SYS_TIMERFD_SETTIME
SNR_TIMERFD_GETTIME SyscallNum = SYS_TIMERFD_GETTIME
SNR_UTIMENSAT SyscallNum = SYS_UTIMENSAT
SNR_ACCT SyscallNum = SYS_ACCT
SNR_CAPGET SyscallNum = SYS_CAPGET
SNR_CAPSET SyscallNum = SYS_CAPSET
SNR_PERSONALITY SyscallNum = SYS_PERSONALITY
SNR_EXIT SyscallNum = SYS_EXIT
SNR_EXIT_GROUP SyscallNum = SYS_EXIT_GROUP
SNR_WAITID SyscallNum = SYS_WAITID
SNR_SET_TID_ADDRESS SyscallNum = SYS_SET_TID_ADDRESS
SNR_UNSHARE SyscallNum = SYS_UNSHARE
SNR_FUTEX SyscallNum = SYS_FUTEX
SNR_SET_ROBUST_LIST SyscallNum = SYS_SET_ROBUST_LIST
SNR_GET_ROBUST_LIST SyscallNum = SYS_GET_ROBUST_LIST
SNR_NANOSLEEP SyscallNum = SYS_NANOSLEEP
SNR_GETITIMER SyscallNum = SYS_GETITIMER
SNR_SETITIMER SyscallNum = SYS_SETITIMER
SNR_KEXEC_LOAD SyscallNum = SYS_KEXEC_LOAD
SNR_INIT_MODULE SyscallNum = SYS_INIT_MODULE
SNR_DELETE_MODULE SyscallNum = SYS_DELETE_MODULE
SNR_TIMER_CREATE SyscallNum = SYS_TIMER_CREATE
SNR_TIMER_GETTIME SyscallNum = SYS_TIMER_GETTIME
SNR_TIMER_GETOVERRUN SyscallNum = SYS_TIMER_GETOVERRUN
SNR_TIMER_SETTIME SyscallNum = SYS_TIMER_SETTIME
SNR_TIMER_DELETE SyscallNum = SYS_TIMER_DELETE
SNR_CLOCK_SETTIME SyscallNum = SYS_CLOCK_SETTIME
SNR_CLOCK_GETTIME SyscallNum = SYS_CLOCK_GETTIME
SNR_CLOCK_GETRES SyscallNum = SYS_CLOCK_GETRES
SNR_CLOCK_NANOSLEEP SyscallNum = SYS_CLOCK_NANOSLEEP
SNR_SYSLOG SyscallNum = SYS_SYSLOG
SNR_PTRACE SyscallNum = SYS_PTRACE
SNR_SCHED_SETPARAM SyscallNum = SYS_SCHED_SETPARAM
SNR_SCHED_SETSCHEDULER SyscallNum = SYS_SCHED_SETSCHEDULER
SNR_SCHED_GETSCHEDULER SyscallNum = SYS_SCHED_GETSCHEDULER
SNR_SCHED_GETPARAM SyscallNum = SYS_SCHED_GETPARAM
SNR_SCHED_SETAFFINITY SyscallNum = SYS_SCHED_SETAFFINITY
SNR_SCHED_GETAFFINITY SyscallNum = SYS_SCHED_GETAFFINITY
SNR_SCHED_YIELD SyscallNum = SYS_SCHED_YIELD
SNR_SCHED_GET_PRIORITY_MAX SyscallNum = SYS_SCHED_GET_PRIORITY_MAX
SNR_SCHED_GET_PRIORITY_MIN SyscallNum = SYS_SCHED_GET_PRIORITY_MIN
SNR_SCHED_RR_GET_INTERVAL SyscallNum = SYS_SCHED_RR_GET_INTERVAL
SNR_RESTART_SYSCALL SyscallNum = SYS_RESTART_SYSCALL
SNR_KILL SyscallNum = SYS_KILL
SNR_TKILL SyscallNum = SYS_TKILL
SNR_TGKILL SyscallNum = SYS_TGKILL
SNR_SIGALTSTACK SyscallNum = SYS_SIGALTSTACK
SNR_RT_SIGSUSPEND SyscallNum = SYS_RT_SIGSUSPEND
SNR_RT_SIGACTION SyscallNum = SYS_RT_SIGACTION
SNR_RT_SIGPROCMASK SyscallNum = SYS_RT_SIGPROCMASK
SNR_RT_SIGPENDING SyscallNum = SYS_RT_SIGPENDING
SNR_RT_SIGTIMEDWAIT SyscallNum = SYS_RT_SIGTIMEDWAIT
SNR_RT_SIGQUEUEINFO SyscallNum = SYS_RT_SIGQUEUEINFO
SNR_RT_SIGRETURN SyscallNum = SYS_RT_SIGRETURN
SNR_SETPRIORITY SyscallNum = SYS_SETPRIORITY
SNR_GETPRIORITY SyscallNum = SYS_GETPRIORITY
SNR_REBOOT SyscallNum = SYS_REBOOT
SNR_SETREGID SyscallNum = SYS_SETREGID
SNR_SETGID SyscallNum = SYS_SETGID
SNR_SETREUID SyscallNum = SYS_SETREUID
SNR_SETUID SyscallNum = SYS_SETUID
SNR_SETRESUID SyscallNum = SYS_SETRESUID
SNR_GETRESUID SyscallNum = SYS_GETRESUID
SNR_SETRESGID SyscallNum = SYS_SETRESGID
SNR_GETRESGID SyscallNum = SYS_GETRESGID
SNR_SETFSUID SyscallNum = SYS_SETFSUID
SNR_SETFSGID SyscallNum = SYS_SETFSGID
SNR_TIMES SyscallNum = SYS_TIMES
SNR_SETPGID SyscallNum = SYS_SETPGID
SNR_GETPGID SyscallNum = SYS_GETPGID
SNR_GETSID SyscallNum = SYS_GETSID
SNR_SETSID SyscallNum = SYS_SETSID
SNR_GETGROUPS SyscallNum = SYS_GETGROUPS
SNR_SETGROUPS SyscallNum = SYS_SETGROUPS
SNR_UNAME SyscallNum = SYS_UNAME
SNR_SETHOSTNAME SyscallNum = SYS_SETHOSTNAME
SNR_SETDOMAINNAME SyscallNum = SYS_SETDOMAINNAME
SNR_GETRLIMIT SyscallNum = SYS_GETRLIMIT
SNR_SETRLIMIT SyscallNum = SYS_SETRLIMIT
SNR_GETRUSAGE SyscallNum = SYS_GETRUSAGE
SNR_UMASK SyscallNum = SYS_UMASK
SNR_PRCTL SyscallNum = SYS_PRCTL
SNR_GETCPU SyscallNum = SYS_GETCPU
SNR_GETTIMEOFDAY SyscallNum = SYS_GETTIMEOFDAY
SNR_SETTIMEOFDAY SyscallNum = SYS_SETTIMEOFDAY
SNR_ADJTIMEX SyscallNum = SYS_ADJTIMEX
SNR_GETPID SyscallNum = SYS_GETPID
SNR_GETPPID SyscallNum = SYS_GETPPID
SNR_GETUID SyscallNum = SYS_GETUID
SNR_GETEUID SyscallNum = SYS_GETEUID
SNR_GETGID SyscallNum = SYS_GETGID
SNR_GETEGID SyscallNum = SYS_GETEGID
SNR_GETTID SyscallNum = SYS_GETTID
SNR_SYSINFO SyscallNum = SYS_SYSINFO
SNR_MQ_OPEN SyscallNum = SYS_MQ_OPEN
SNR_MQ_UNLINK SyscallNum = SYS_MQ_UNLINK
SNR_MQ_TIMEDSEND SyscallNum = SYS_MQ_TIMEDSEND
SNR_MQ_TIMEDRECEIVE SyscallNum = SYS_MQ_TIMEDRECEIVE
SNR_MQ_NOTIFY SyscallNum = SYS_MQ_NOTIFY
SNR_MQ_GETSETATTR SyscallNum = SYS_MQ_GETSETATTR
SNR_MSGGET SyscallNum = SYS_MSGGET
SNR_MSGCTL SyscallNum = SYS_MSGCTL
SNR_MSGRCV SyscallNum = SYS_MSGRCV
SNR_MSGSND SyscallNum = SYS_MSGSND
SNR_SEMGET SyscallNum = SYS_SEMGET
SNR_SEMCTL SyscallNum = SYS_SEMCTL
SNR_SEMTIMEDOP SyscallNum = SYS_SEMTIMEDOP
SNR_SEMOP SyscallNum = SYS_SEMOP
SNR_SHMGET SyscallNum = SYS_SHMGET
SNR_SHMCTL SyscallNum = SYS_SHMCTL
SNR_SHMAT SyscallNum = SYS_SHMAT
SNR_SHMDT SyscallNum = SYS_SHMDT
SNR_SOCKET SyscallNum = SYS_SOCKET
SNR_SOCKETPAIR SyscallNum = SYS_SOCKETPAIR
SNR_BIND SyscallNum = SYS_BIND
SNR_LISTEN SyscallNum = SYS_LISTEN
SNR_ACCEPT SyscallNum = SYS_ACCEPT
SNR_CONNECT SyscallNum = SYS_CONNECT
SNR_GETSOCKNAME SyscallNum = SYS_GETSOCKNAME
SNR_GETPEERNAME SyscallNum = SYS_GETPEERNAME
SNR_SENDTO SyscallNum = SYS_SENDTO
SNR_RECVFROM SyscallNum = SYS_RECVFROM
SNR_SETSOCKOPT SyscallNum = SYS_SETSOCKOPT
SNR_GETSOCKOPT SyscallNum = SYS_GETSOCKOPT
SNR_SHUTDOWN SyscallNum = SYS_SHUTDOWN
SNR_SENDMSG SyscallNum = SYS_SENDMSG
SNR_RECVMSG SyscallNum = SYS_RECVMSG
SNR_READAHEAD SyscallNum = SYS_READAHEAD
SNR_BRK SyscallNum = SYS_BRK
SNR_MUNMAP SyscallNum = SYS_MUNMAP
SNR_MREMAP SyscallNum = SYS_MREMAP
SNR_ADD_KEY SyscallNum = SYS_ADD_KEY
SNR_REQUEST_KEY SyscallNum = SYS_REQUEST_KEY
SNR_KEYCTL SyscallNum = SYS_KEYCTL
SNR_CLONE SyscallNum = SYS_CLONE
SNR_EXECVE SyscallNum = SYS_EXECVE
SNR_MMAP SyscallNum = SYS_MMAP
SNR_FADVISE64 SyscallNum = SYS_FADVISE64
SNR_SWAPON SyscallNum = SYS_SWAPON
SNR_SWAPOFF SyscallNum = SYS_SWAPOFF
SNR_MPROTECT SyscallNum = SYS_MPROTECT
SNR_MSYNC SyscallNum = SYS_MSYNC
SNR_MLOCK SyscallNum = SYS_MLOCK
SNR_MUNLOCK SyscallNum = SYS_MUNLOCK
SNR_MLOCKALL SyscallNum = SYS_MLOCKALL
SNR_MUNLOCKALL SyscallNum = SYS_MUNLOCKALL
SNR_MINCORE SyscallNum = SYS_MINCORE
SNR_MADVISE SyscallNum = SYS_MADVISE
SNR_REMAP_FILE_PAGES SyscallNum = SYS_REMAP_FILE_PAGES
SNR_MBIND SyscallNum = SYS_MBIND
SNR_GET_MEMPOLICY SyscallNum = SYS_GET_MEMPOLICY
SNR_SET_MEMPOLICY SyscallNum = SYS_SET_MEMPOLICY
SNR_MIGRATE_PAGES SyscallNum = SYS_MIGRATE_PAGES
SNR_MOVE_PAGES SyscallNum = SYS_MOVE_PAGES
SNR_RT_TGSIGQUEUEINFO SyscallNum = SYS_RT_TGSIGQUEUEINFO
SNR_PERF_EVENT_OPEN SyscallNum = SYS_PERF_EVENT_OPEN
SNR_ACCEPT4 SyscallNum = SYS_ACCEPT4
SNR_RECVMMSG SyscallNum = SYS_RECVMMSG
SNR_WAIT4 SyscallNum = SYS_WAIT4
SNR_PRLIMIT64 SyscallNum = SYS_PRLIMIT64
SNR_FANOTIFY_INIT SyscallNum = SYS_FANOTIFY_INIT
SNR_FANOTIFY_MARK SyscallNum = SYS_FANOTIFY_MARK
SNR_NAME_TO_HANDLE_AT SyscallNum = SYS_NAME_TO_HANDLE_AT
SNR_OPEN_BY_HANDLE_AT SyscallNum = SYS_OPEN_BY_HANDLE_AT
SNR_CLOCK_ADJTIME SyscallNum = SYS_CLOCK_ADJTIME
SNR_SYNCFS SyscallNum = SYS_SYNCFS
SNR_SETNS SyscallNum = SYS_SETNS
SNR_SENDMMSG SyscallNum = SYS_SENDMMSG
SNR_PROCESS_VM_READV SyscallNum = SYS_PROCESS_VM_READV
SNR_PROCESS_VM_WRITEV SyscallNum = SYS_PROCESS_VM_WRITEV
SNR_KCMP SyscallNum = SYS_KCMP
SNR_FINIT_MODULE SyscallNum = SYS_FINIT_MODULE
SNR_SCHED_SETATTR SyscallNum = SYS_SCHED_SETATTR
SNR_SCHED_GETATTR SyscallNum = SYS_SCHED_GETATTR
SNR_RENAMEAT2 SyscallNum = SYS_RENAMEAT2
SNR_SECCOMP SyscallNum = SYS_SECCOMP
SNR_GETRANDOM SyscallNum = SYS_GETRANDOM
SNR_MEMFD_CREATE SyscallNum = SYS_MEMFD_CREATE
SNR_BPF SyscallNum = SYS_BPF
SNR_EXECVEAT SyscallNum = SYS_EXECVEAT
SNR_USERFAULTFD SyscallNum = SYS_USERFAULTFD
SNR_MEMBARRIER SyscallNum = SYS_MEMBARRIER
SNR_MLOCK2 SyscallNum = SYS_MLOCK2
SNR_COPY_FILE_RANGE SyscallNum = SYS_COPY_FILE_RANGE
SNR_PREADV2 SyscallNum = SYS_PREADV2
SNR_PWRITEV2 SyscallNum = SYS_PWRITEV2
SNR_PKEY_MPROTECT SyscallNum = SYS_PKEY_MPROTECT
SNR_PKEY_ALLOC SyscallNum = SYS_PKEY_ALLOC
SNR_PKEY_FREE SyscallNum = SYS_PKEY_FREE
SNR_STATX SyscallNum = SYS_STATX
SNR_IO_PGETEVENTS SyscallNum = SYS_IO_PGETEVENTS
SNR_RSEQ SyscallNum = SYS_RSEQ
SNR_KEXEC_FILE_LOAD SyscallNum = SYS_KEXEC_FILE_LOAD
SNR_PIDFD_SEND_SIGNAL SyscallNum = SYS_PIDFD_SEND_SIGNAL
SNR_IO_URING_SETUP SyscallNum = SYS_IO_URING_SETUP
SNR_IO_URING_ENTER SyscallNum = SYS_IO_URING_ENTER
SNR_IO_URING_REGISTER SyscallNum = SYS_IO_URING_REGISTER
SNR_OPEN_TREE SyscallNum = SYS_OPEN_TREE
SNR_MOVE_MOUNT SyscallNum = SYS_MOVE_MOUNT
SNR_FSOPEN SyscallNum = SYS_FSOPEN
SNR_FSCONFIG SyscallNum = SYS_FSCONFIG
SNR_FSMOUNT SyscallNum = SYS_FSMOUNT
SNR_FSPICK SyscallNum = SYS_FSPICK
SNR_PIDFD_OPEN SyscallNum = SYS_PIDFD_OPEN
SNR_CLONE3 SyscallNum = SYS_CLONE3
SNR_CLOSE_RANGE SyscallNum = SYS_CLOSE_RANGE
SNR_OPENAT2 SyscallNum = SYS_OPENAT2
SNR_PIDFD_GETFD SyscallNum = SYS_PIDFD_GETFD
SNR_FACCESSAT2 SyscallNum = SYS_FACCESSAT2
SNR_PROCESS_MADVISE SyscallNum = SYS_PROCESS_MADVISE
SNR_EPOLL_PWAIT2 SyscallNum = SYS_EPOLL_PWAIT2
SNR_MOUNT_SETATTR SyscallNum = SYS_MOUNT_SETATTR
SNR_QUOTACTL_FD SyscallNum = SYS_QUOTACTL_FD
SNR_LANDLOCK_CREATE_RULESET SyscallNum = SYS_LANDLOCK_CREATE_RULESET
SNR_LANDLOCK_ADD_RULE SyscallNum = SYS_LANDLOCK_ADD_RULE
SNR_LANDLOCK_RESTRICT_SELF SyscallNum = SYS_LANDLOCK_RESTRICT_SELF
SNR_MEMFD_SECRET SyscallNum = SYS_MEMFD_SECRET
SNR_PROCESS_MRELEASE SyscallNum = SYS_PROCESS_MRELEASE
SNR_FUTEX_WAITV SyscallNum = SYS_FUTEX_WAITV
SNR_SET_MEMPOLICY_HOME_NODE SyscallNum = SYS_SET_MEMPOLICY_HOME_NODE
SNR_CACHESTAT SyscallNum = SYS_CACHESTAT
SNR_FCHMODAT2 SyscallNum = SYS_FCHMODAT2
SNR_MAP_SHADOW_STACK SyscallNum = SYS_MAP_SHADOW_STACK
SNR_FUTEX_WAKE SyscallNum = SYS_FUTEX_WAKE
SNR_FUTEX_WAIT SyscallNum = SYS_FUTEX_WAIT
SNR_FUTEX_REQUEUE SyscallNum = SYS_FUTEX_REQUEUE
SNR_STATMOUNT SyscallNum = SYS_STATMOUNT
SNR_LISTMOUNT SyscallNum = SYS_LISTMOUNT
SNR_LSM_GET_SELF_ATTR SyscallNum = SYS_LSM_GET_SELF_ATTR
SNR_LSM_SET_SELF_ATTR SyscallNum = SYS_LSM_SET_SELF_ATTR
SNR_LSM_LIST_MODULES SyscallNum = SYS_LSM_LIST_MODULES
SNR_MSEAL SyscallNum = SYS_MSEAL
SNR_SETXATTRAT SyscallNum = SYS_SETXATTRAT
SNR_GETXATTRAT SyscallNum = SYS_GETXATTRAT
SNR_LISTXATTRAT SyscallNum = SYS_LISTXATTRAT
SNR_REMOVEXATTRAT SyscallNum = SYS_REMOVEXATTRAT
SNR_OPEN_TREE_ATTR SyscallNum = SYS_OPEN_TREE_ATTR
SNR_FILE_GETATTR SyscallNum = SYS_FILE_GETATTR
SNR_FILE_SETATTR SyscallNum = SYS_FILE_SETATTR
)

99
ext/syscall_test.go Normal file
View File

@@ -0,0 +1,99 @@
package ext_test
import (
"encoding/json"
"errors"
"math"
"reflect"
"syscall"
"testing"
"hakurei.app/ext"
)
func TestSchedPolicyJSON(t *testing.T) {
t.Parallel()
testCases := []struct {
policy ext.SchedPolicy
want string
encodeErr error
decodeErr error
}{
{ext.SCHED_NORMAL, `""`, nil, nil},
{ext.SCHED_FIFO, `"fifo"`, nil, nil},
{ext.SCHED_RR, `"rr"`, nil, nil},
{ext.SCHED_BATCH, `"batch"`, nil, nil},
{4, `"invalid policy 4"`, syscall.EINVAL, ext.InvalidSchedPolicyError("invalid policy 4")},
{ext.SCHED_IDLE, `"idle"`, nil, nil},
{ext.SCHED_DEADLINE, `"deadline"`, nil, nil},
{ext.SCHED_EXT, `"ext"`, nil, nil},
{math.MaxInt, `"iso"`, syscall.EINVAL, ext.InvalidSchedPolicyError("iso")},
}
for _, tc := range testCases {
name := tc.policy.String()
if tc.policy == ext.SCHED_NORMAL {
name = "normal"
}
t.Run(name, func(t *testing.T) {
t.Parallel()
got, err := json.Marshal(tc.policy)
if !errors.Is(err, tc.encodeErr) {
t.Fatalf("Marshal: error = %v, want %v", err, tc.encodeErr)
}
if err == nil && string(got) != tc.want {
t.Fatalf("Marshal: %s, want %s", string(got), tc.want)
}
var v ext.SchedPolicy
if err = json.Unmarshal([]byte(tc.want), &v); !reflect.DeepEqual(err, tc.decodeErr) {
t.Fatalf("Unmarshal: error = %v, want %v", err, tc.decodeErr)
}
if err == nil && v != tc.policy {
t.Fatalf("Unmarshal: %d, want %d", v, tc.policy)
}
})
}
}
func TestSchedPolicyMinMax(t *testing.T) {
t.Parallel()
testCases := []struct {
policy ext.SchedPolicy
min, max ext.Int
err error
}{
{ext.SCHED_NORMAL, 0, 0, nil},
{ext.SCHED_FIFO, 1, 99, nil},
{ext.SCHED_RR, 1, 99, nil},
{ext.SCHED_BATCH, 0, 0, nil},
{4, -1, -1, syscall.EINVAL},
{ext.SCHED_IDLE, 0, 0, nil},
{ext.SCHED_DEADLINE, 0, 0, nil},
{ext.SCHED_EXT, 0, 0, nil},
}
for _, tc := range testCases {
name := tc.policy.String()
if tc.policy == ext.SCHED_NORMAL {
name = "normal"
}
t.Run(name, func(t *testing.T) {
t.Parallel()
if priority, err := tc.policy.GetPriorityMax(); !reflect.DeepEqual(err, tc.err) {
t.Fatalf("GetPriorityMax: error = %v, want %v", err, tc.err)
} else if priority != tc.max {
t.Fatalf("GetPriorityMax: %d, want %d", priority, tc.max)
}
if priority, err := tc.policy.GetPriorityMin(); !reflect.DeepEqual(err, tc.err) {
t.Fatalf("GetPriorityMin: error = %v, want %v", err, tc.err)
} else if priority != tc.min {
t.Fatalf("GetPriorityMin: %d, want %d", priority, tc.min)
}
})
}
}

12
flake.lock generated
View File

@@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765384171, "lastModified": 1772985280,
"narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=", "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8", "rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,11 +23,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1765311797, "lastModified": 1772822230,
"narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=", "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b", "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@@ -99,7 +99,7 @@
hakurei = pkgs.pkgsStatic.callPackage ./package.nix { hakurei = pkgs.pkgsStatic.callPackage ./package.nix {
inherit (pkgs) inherit (pkgs)
# passthru.buildInputs # passthru.buildInputs
go go_1_26
clang clang
# nativeBuildInputs # nativeBuildInputs
@@ -182,7 +182,7 @@
let let
# this is used for interactive vm testing during development, where tests might be broken # this is used for interactive vm testing during development, where tests might be broken
package = self.packages.${pkgs.stdenv.hostPlatform.system}.hakurei.override { package = self.packages.${pkgs.stdenv.hostPlatform.system}.hakurei.override {
buildGoModule = previousArgs: pkgs.pkgsStatic.buildGoModule (previousArgs // { doCheck = false; }); buildGo126Module = previousArgs: pkgs.pkgsStatic.buildGo126Module (previousArgs // { doCheck = false; });
}; };
in in
{ {

2
go.mod
View File

@@ -1,3 +1,3 @@
module hakurei.app module hakurei.app
go 1.25 go 1.26

73
helper/deprecated.go
View File

@@ -1,73 +0,0 @@
// Package helper exposes the internal/helper package.
//
// Deprecated: This package will be removed in 0.4.
package helper
import (
"context"
"io"
"os"
"os/exec"
"time"
_ "unsafe" // for go:linkname
"hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/internal/helper"
"hakurei.app/message"
)
//go:linkname WaitDelay hakurei.app/internal/helper.WaitDelay
var WaitDelay time.Duration
const (
// HakureiHelper is set to 1 when args fd is enabled and 0 otherwise.
HakureiHelper = helper.HakureiHelper
// HakureiStatus is set to 1 when stat fd is enabled and 0 otherwise.
HakureiStatus = helper.HakureiStatus
)
type Helper = helper.Helper
// NewCheckedArgs returns a checked null-terminated argument writer for a copy of args.
//
//go:linkname NewCheckedArgs hakurei.app/internal/helper.NewCheckedArgs
func NewCheckedArgs(args ...string) (wt io.WriterTo, err error)
// MustNewCheckedArgs returns a checked null-terminated argument writer for a copy of args.
// If s contains a NUL byte this function panics instead of returning an error.
//
//go:linkname MustNewCheckedArgs hakurei.app/internal/helper.MustNewCheckedArgs
func MustNewCheckedArgs(args ...string) io.WriterTo
// NewDirect initialises a new direct Helper instance with wt as the null-terminated argument writer.
// Function argF returns an array of arguments passed directly to the child process.
//
//go:linkname NewDirect hakurei.app/internal/helper.NewDirect
func NewDirect(
ctx context.Context,
name string,
wt io.WriterTo,
stat bool,
argF func(argsFd, statFd int) []string,
cmdF func(cmd *exec.Cmd),
extraFiles []*os.File,
) Helper
// New initialises a Helper instance with wt as the null-terminated argument writer.
//
//go:linkname New hakurei.app/internal/helper.New
func New(
ctx context.Context,
msg message.Msg,
pathname *check.Absolute, name string,
wt io.WriterTo,
stat bool,
argF func(argsFd, statFd int) []string,
cmdF func(z *container.Container),
extraFiles []*os.File,
) Helper
// InternalHelperStub is an internal function but exported because it is cross-package;
// it is part of the implementation of the helper stub.
func InternalHelperStub() { helper.InternalHelperStub() }

63
helper/proc/deprecated.go
View File

@@ -1,63 +0,0 @@
// Deprecated: This package will be removed in 0.4.
package proc
import (
"context"
"io"
"os"
"os/exec"
"time"
_ "unsafe" // for go:linkname
"hakurei.app/internal/helper/proc"
)
//go:linkname FulfillmentTimeout hakurei.app/internal/helper/proc.FulfillmentTimeout
var FulfillmentTimeout time.Duration
// A File is an extra file with deferred initialisation.
type File = proc.File
// ExtraFilesPre is a linked list storing addresses of [os.File].
type ExtraFilesPre = proc.ExtraFilesPre
// Fulfill calls the [File.Fulfill] method on all files, starts cmd and blocks until all fulfillment completes.
//
//go:linkname Fulfill hakurei.app/internal/helper/proc.Fulfill
func Fulfill(ctx context.Context,
v *[]*os.File, start func() error,
files []File, extraFiles *ExtraFilesPre,
) (err error)
// InitFile initialises f as part of the slice extraFiles points to,
// and returns its final fd value.
//
//go:linkname InitFile hakurei.app/internal/helper/proc.InitFile
func InitFile(f File, extraFiles *ExtraFilesPre) (fd uintptr)
// BaseFile implements the Init method of the File interface and provides indirect access to extra file state.
type BaseFile = proc.BaseFile
//go:linkname ExtraFile hakurei.app/internal/helper/proc.ExtraFile
func ExtraFile(cmd *exec.Cmd, f *os.File) (fd uintptr)
//go:linkname ExtraFileSlice hakurei.app/internal/helper/proc.ExtraFileSlice
func ExtraFileSlice(extraFiles *[]*os.File, f *os.File) (fd uintptr)
// NewWriterTo returns a [File] that receives content from wt on fulfillment.
//
//go:linkname NewWriterTo hakurei.app/internal/helper/proc.NewWriterTo
func NewWriterTo(wt io.WriterTo) File
// NewStat returns a [File] implementing the behaviour
// of the receiving end of xdg-dbus-proxy stat fd.
//
//go:linkname NewStat hakurei.app/internal/helper/proc.NewStat
func NewStat(s *io.Closer) File
var (
//go:linkname ErrStatFault hakurei.app/internal/helper/proc.ErrStatFault
ErrStatFault error
//go:linkname ErrStatRead hakurei.app/internal/helper/proc.ErrStatRead
ErrStatRead error
)

144
hst/config.go
View File

@@ -6,96 +6,137 @@ import (
"strings" "strings"
"hakurei.app/container/check" "hakurei.app/container/check"
"hakurei.app/ext"
) )
// Config configures an application container, implemented in internal/app. // Config configures an application container.
type Config struct { type Config struct {
// Reverse-DNS style configured arbitrary identifier string. // Reverse-DNS style configured arbitrary identifier string.
// Passed to wayland security-context-v1 and used as part of defaults in dbus session proxy. //
// This value is passed as is to Wayland security-context-v1 and used as
// part of defaults in D-Bus session proxy. The zero value causes a default
// value to be derived from the container instance.
ID string `json:"id,omitempty"` ID string `json:"id,omitempty"`
// System services to make available in the container. // System services to make available in the container.
Enablements *Enablements `json:"enablements,omitempty"` Enablements *Enablements `json:"enablements,omitempty"`
// Session D-Bus proxy configuration. // Session D-Bus proxy configuration.
// If set to nil, session bus proxy assume built-in defaults. //
// Has no effect if [EDBus] but is not set in Enablements. The zero value
// assumes built-in defaults derived from ID.
SessionBus *BusConfig `json:"session_bus,omitempty"` SessionBus *BusConfig `json:"session_bus,omitempty"`
// System D-Bus proxy configuration. // System D-Bus proxy configuration.
// If set to nil, system bus proxy is disabled. //
// Has no effect if [EDBus] but is not set in Enablements. The zero value
// disables system bus proxy.
SystemBus *BusConfig `json:"system_bus,omitempty"` SystemBus *BusConfig `json:"system_bus,omitempty"`
// Direct access to wayland socket, no attempt is made to attach security-context-v1 // Direct access to Wayland socket, no attempt is made to attach
// and the bare socket is made available to the container. // security-context-v1 and the bare socket is made available to the
// container.
// //
// This option is unsupported and most likely enables full control over the Wayland // This option is unsupported and will most likely enable full control over
// session. Do not set this to true unless you are sure you know what you are doing. // the Wayland session from within the container. Do not set this to true
// unless you are sure you know what you are doing.
DirectWayland bool `json:"direct_wayland,omitempty"` DirectWayland bool `json:"direct_wayland,omitempty"`
// Direct access to the PipeWire socket established via SecurityContext::Create, no
// attempt is made to start the pipewire-pulse server. // Direct access to the PipeWire socket established via SecurityContext::Create,
// no attempt is made to start the pipewire-pulse server.
// //
// The SecurityContext machinery is fatally flawed, it blindly sets read and execute // The SecurityContext machinery is fatally flawed, it unconditionally sets
// bits on all objects for clients with the lowest achievable privilege level (by // read and execute bits on all objects for clients with the lowest achievable
// setting PW_KEY_ACCESS to "restricted"). This enables them to call any method // privilege level (by setting PW_KEY_ACCESS to "restricted" or by satisfying
// targeting any object, and since Registry::Destroy checks for the read and execute bit, // all conditions of [the /.flatpak-info hack]). This enables them to call
// allows the destruction of any object other than PW_ID_CORE as well. This behaviour // any method targeting any object, and since Registry::Destroy checks for
// is implemented separately in media-session and wireplumber, with the wireplumber // the read and execute bit, allows the destruction of any object other than
// implementation in Lua via an embedded Lua vm. In all known setups, wireplumber is // PW_ID_CORE as well.
// in use, and there is no known way to change its behaviour and set permissions
// differently without replacing the Lua script. Also, since PipeWire relies on these
// permissions to work, reducing them is not possible.
// //
// Currently, the only other sandboxed use case is flatpak, which is not aware of // This behaviour is implemented separately in media-session and wireplumber,
// PipeWire and blindly exposes the bare PulseAudio socket to the container (behaves // with the wireplumber implementation in Lua via an embedded Lua vm. In all
// like DirectPulse). This socket is backed by the pipewire-pulse compatibility daemon, // known setups, wireplumber is in use, and in that case, no option for
// which obtains client pid via the SO_PEERCRED option. The PipeWire daemon, pipewire-pulse // configuring this behaviour exists, without replacing the Lua script.
// daemon and the session manager daemon then separately performs the /.flatpak-info hack // Also, since PipeWire relies on these permissions to work, reducing them
// described in https://git.gensokyo.uk/security/hakurei/issues/21. Under such use case, // was never possible in the first place.
// since the client has no direct access to PipeWire, insecure parts of the protocol are
// obscured by pipewire-pulse simply not implementing them, and thus hiding the flaws
// described above.
// //
// Hakurei does not rely on the /.flatpak-info hack. Instead, a socket is sets up via // Currently, the only other sandboxed use case is flatpak, which is not
// SecurityContext. A pipewire-pulse server connected through it achieves the same // aware of PipeWire and blindly exposes the bare PulseAudio socket to the
// permissions as flatpak does via the /.flatpak-info hack and is maintained for the // container (behaves like DirectPulse). This socket is backed by the
// life of the container. // pipewire-pulse compatibility daemon, which obtains client pid via the
// SO_PEERCRED option. The PipeWire daemon, pipewire-pulse daemon and the
// session manager daemon then separately performs [the /.flatpak-info hack].
// Under such use case, since the client has no direct access to PipeWire,
// insecure parts of the protocol are obscured by the absence of an
// equivalent API in PulseAudio, or pipewire-pulse simply not implementing
// them.
//
// Hakurei does not rely on [the /.flatpak-info hack]. Instead, a socket is
// sets up via SecurityContext. A pipewire-pulse server connected through it
// achieves the same permissions as flatpak does via [the /.flatpak-info hack]
// and is maintained for the life of the container.
//
// This option is unsupported and enables a denial-of-service attack as the
// sandboxed client is able to destroy any client object and thus
// disconnecting them from PipeWire, or destroy the SecurityContext object,
// preventing any further container creation.
// //
// This option is unsupported and enables a denial-of-service attack as the sandboxed
// client is able to destroy any client object and thus disconnecting them from PipeWire,
// or destroy the SecurityContext object preventing any further container creation.
// Do not set this to true, it is insecure under any configuration. // Do not set this to true, it is insecure under any configuration.
DirectPipeWire bool `json:"direct_pipewire,omitempty"`
// Direct access to PulseAudio socket, no attempt is made to establish pipewire-pulse
// server via a PipeWire socket with a SecurityContext attached and the bare socket
// is made available to the container.
// //
// This option is unsupported and enables arbitrary code execution as the PulseAudio // [the /.flatpak-info hack]: https://git.gensokyo.uk/rosa/hakurei/issues/21
// server. Do not set this to true, it is insecure under any configuration. DirectPipeWire bool `json:"direct_pipewire,omitempty"`
// Direct access to PulseAudio socket, no attempt is made to establish
// pipewire-pulse server via a PipeWire socket with a SecurityContext
// attached, and the bare socket is made available to the container.
//
// This option is unsupported and enables arbitrary code execution as the
// PulseAudio server.
//
// Do not set this to true, it is insecure under any configuration.
DirectPulse bool `json:"direct_pulse,omitempty"` DirectPulse bool `json:"direct_pulse,omitempty"`
// Extra acl updates to perform before setuid. // Extra acl updates to perform before setuid.
ExtraPerms []ExtraPermConfig `json:"extra_perms,omitempty"` ExtraPerms []ExtraPermConfig `json:"extra_perms,omitempty"`
// Numerical application id, passed to hsu, used to derive init user namespace credentials. // Numerical application id, passed to hsu, used to derive init user
// namespace credentials.
Identity int `json:"identity"` Identity int `json:"identity"`
// Init user namespace supplementary groups inherited by all container processes. // Init user namespace supplementary groups inherited by all container processes.
Groups []string `json:"groups"` Groups []string `json:"groups"`
// Scheduling policy to set for the container.
//
// The zero value retains the current scheduling policy.
SchedPolicy ext.SchedPolicy `json:"sched_policy,omitempty"`
// Scheduling priority to set for the container.
//
// The zero value implies the minimum priority of the current SchedPolicy.
// Has no effect if SchedPolicy is zero.
SchedPriority ext.Int `json:"sched_priority,omitempty"`
// High level configuration applied to the underlying [container]. // High level configuration applied to the underlying [container].
Container *ContainerConfig `json:"container"` Container *ContainerConfig `json:"container"`
} }
var ( var (
// ErrConfigNull is returned by [Config.Validate] for an invalid configuration that contains a null value for any // ErrConfigNull is returned by [Config.Validate] for an invalid configuration
// field that must not be null. // that contains a null value for any field that must not be null.
ErrConfigNull = errors.New("unexpected null in config") ErrConfigNull = errors.New("unexpected null in config")
// ErrIdentityBounds is returned by [Config.Validate] for an out of bounds [Config.Identity] value. // ErrIdentityBounds is returned by [Config.Validate] for an out of bounds
// [Config.Identity] value.
ErrIdentityBounds = errors.New("identity out of bounds") ErrIdentityBounds = errors.New("identity out of bounds")
// ErrEnviron is returned by [Config.Validate] if an environment variable name contains '=' or NUL. // ErrSchedPolicyBounds is returned by [Config.Validate] for an out of bounds
// [Config.SchedPolicy] value.
ErrSchedPolicyBounds = errors.New("scheduling policy out of bounds")
// ErrEnviron is returned by [Config.Validate] if an environment variable
// name contains '=' or NUL.
ErrEnviron = errors.New("invalid environment variable name") ErrEnviron = errors.New("invalid environment variable name")
// ErrInsecure is returned by [Config.Validate] if the configuration is considered insecure. // ErrInsecure is returned by [Config.Validate] if the configuration is
// considered insecure.
ErrInsecure = errors.New("configuration is insecure") ErrInsecure = errors.New("configuration is insecure")
) )
@@ -112,6 +153,13 @@ func (config *Config) Validate() error {
Msg: "identity " + strconv.Itoa(config.Identity) + " out of range"} Msg: "identity " + strconv.Itoa(config.Identity) + " out of range"}
} }
if config.SchedPolicy < 0 || config.SchedPolicy > ext.SCHED_LAST {
return &AppError{Step: "validate configuration", Err: ErrSchedPolicyBounds,
Msg: "scheduling policy " +
strconv.Itoa(int(config.SchedPolicy)) +
" out of range"}
}
if err := config.SessionBus.CheckInterfaces("session"); err != nil { if err := config.SessionBus.CheckInterfaces("session"); err != nil {
return err return err
} }

4
hst/config_test.go
View File

@@ -22,6 +22,10 @@ func TestConfigValidate(t *testing.T) {
Msg: "identity -1 out of range"}}, Msg: "identity -1 out of range"}},
{"identity upper", &hst.Config{Identity: 10000}, &hst.AppError{Step: "validate configuration", Err: hst.ErrIdentityBounds, {"identity upper", &hst.Config{Identity: 10000}, &hst.AppError{Step: "validate configuration", Err: hst.ErrIdentityBounds,
Msg: "identity 10000 out of range"}}, Msg: "identity 10000 out of range"}},
{"sched lower", &hst.Config{SchedPolicy: -1}, &hst.AppError{Step: "validate configuration", Err: hst.ErrSchedPolicyBounds,
Msg: "scheduling policy -1 out of range"}},
{"sched upper", &hst.Config{SchedPolicy: 0xcafe}, &hst.AppError{Step: "validate configuration", Err: hst.ErrSchedPolicyBounds,
Msg: "scheduling policy 51966 out of range"}},
{"dbus session", &hst.Config{SessionBus: &hst.BusConfig{See: []string{""}}}, {"dbus session", &hst.Config{SessionBus: &hst.BusConfig{See: []string{""}}},
&hst.BadInterfaceError{Interface: "", Segment: "session"}}, &hst.BadInterfaceError{Interface: "", Segment: "session"}},
{"dbus system", &hst.Config{SystemBus: &hst.BusConfig{See: []string{""}}}, {"dbus system", &hst.Config{SystemBus: &hst.BusConfig{See: []string{""}}},

51
hst/container.go
View File

@@ -16,18 +16,20 @@ const PrivateTmp = "/.hakurei"
var AbsPrivateTmp = check.MustAbs(PrivateTmp) var AbsPrivateTmp = check.MustAbs(PrivateTmp)
const ( const (
// WaitDelayDefault is used when WaitDelay has its zero value. // WaitDelayDefault is used when WaitDelay has the zero value.
WaitDelayDefault = 5 * time.Second WaitDelayDefault = 5 * time.Second
// WaitDelayMax is used if WaitDelay exceeds its value. // WaitDelayMax is used when WaitDelay exceeds its value.
WaitDelayMax = 30 * time.Second WaitDelayMax = 30 * time.Second
) )
const ( const (
// ExitFailure is returned if the container fails to start. // ExitFailure is returned if the container fails to start.
ExitFailure = iota + 1 ExitFailure = iota + 1
// ExitCancel is returned if the container is terminated by a shim-directed signal which cancels its context. // ExitCancel is returned if the container is terminated by a shim-directed
// signal which cancels its context.
ExitCancel ExitCancel
// ExitOrphan is returned when the shim is orphaned before priv side delivers a signal. // ExitOrphan is returned when the shim is orphaned before priv side process
// delivers a signal.
ExitOrphan ExitOrphan
// ExitRequest is returned when the priv side process requests shim exit. // ExitRequest is returned when the priv side process requests shim exit.
@@ -38,10 +40,12 @@ const (
type Flags uintptr type Flags uintptr
const ( const (
// FMultiarch unblocks syscalls required for multiarch to work on applicable targets. // FMultiarch unblocks system calls required for multiarch to work on
// multiarch-enabled targets (amd64, arm64).
FMultiarch Flags = 1 << iota FMultiarch Flags = 1 << iota
// FSeccompCompat changes emitted seccomp filter programs to be identical to that of Flatpak. // FSeccompCompat changes emitted seccomp filter programs to be identical to
// that of Flatpak in enabled rulesets.
FSeccompCompat FSeccompCompat
// FDevel unblocks ptrace and friends. // FDevel unblocks ptrace and friends.
FDevel FDevel
@@ -54,12 +58,15 @@ const (
// FTty unblocks dangerous terminal I/O (faking input). // FTty unblocks dangerous terminal I/O (faking input).
FTty FTty
// FMapRealUID maps the target user uid to the privileged user uid in the container user namespace. // FMapRealUID maps the target user uid to the privileged user uid in the
// Some programs fail to connect to dbus session running as a different uid, // container user namespace.
// this option works around it by mapping priv-side caller uid in container. //
// Some programs fail to connect to dbus session running as a different uid,
// this option works around it by mapping priv-side caller uid in container.
FMapRealUID FMapRealUID
// FDevice mount /dev/ from the init mount namespace as-is in the container mount namespace. // FDevice mount /dev/ from the init mount namespace as is in the container
// mount namespace.
FDevice FDevice
// FShareRuntime shares XDG_RUNTIME_DIR between containers under the same identity. // FShareRuntime shares XDG_RUNTIME_DIR between containers under the same identity.
@@ -112,30 +119,37 @@ func (flags Flags) String() string {
} }
} }
// ContainerConfig describes the container configuration to be applied to an underlying [container]. // ContainerConfig describes the container configuration to be applied to an
// underlying [container]. It is validated by [Config.Validate].
type ContainerConfig struct { type ContainerConfig struct {
// Container UTS namespace hostname. // Container UTS namespace hostname.
Hostname string `json:"hostname,omitempty"` Hostname string `json:"hostname,omitempty"`
// Duration in nanoseconds to wait for after interrupting the initial process. // Duration in nanoseconds to wait for after interrupting the initial process.
// Defaults to [WaitDelayDefault] if zero, or [WaitDelayMax] if greater than [WaitDelayMax]. //
// Values lesser than zero is equivalent to zero, bypassing [WaitDelayDefault]. // Defaults to [WaitDelayDefault] if zero, or [WaitDelayMax] if greater than
// [WaitDelayMax]. Values lesser than zero is equivalent to zero, bypassing
// [WaitDelayDefault].
WaitDelay time.Duration `json:"wait_delay,omitempty"` WaitDelay time.Duration `json:"wait_delay,omitempty"`
// Initial process environment variables. // Initial process environment variables.
Env map[string]string `json:"env"` Env map[string]string `json:"env"`
/* Container mount points. // Container mount points.
//
If the first element targets /, it is inserted early and excluded from path hiding. */ // If the first element targets /, it is inserted early and excluded from
// path hiding. Otherwise, an anonymous instance of tmpfs is set up on /.
Filesystem []FilesystemConfigJSON `json:"filesystem"` Filesystem []FilesystemConfigJSON `json:"filesystem"`
// String used as the username of the emulated user, validated against the default NAME_REGEX from adduser. // String used as the username of the emulated user, validated against the
// default NAME_REGEX from adduser.
//
// Defaults to passwd name of target uid or chronos. // Defaults to passwd name of target uid or chronos.
Username string `json:"username,omitempty"` Username string `json:"username,omitempty"`
// Pathname of shell in the container filesystem to use for the emulated user. // Pathname of shell in the container filesystem to use for the emulated user.
Shell *check.Absolute `json:"shell"` Shell *check.Absolute `json:"shell"`
// Directory in the container filesystem to enter and use as the home directory of the emulated user. // Directory in the container filesystem to enter and use as the home
// directory of the emulated user.
Home *check.Absolute `json:"home"` Home *check.Absolute `json:"home"`
// Pathname to executable file in the container filesystem. // Pathname to executable file in the container filesystem.
@@ -148,6 +162,7 @@ type ContainerConfig struct {
} }
// ContainerConfigF is [ContainerConfig] stripped of its methods. // ContainerConfigF is [ContainerConfig] stripped of its methods.
//
// The [ContainerConfig.Flags] field does not survive a [json] round trip. // The [ContainerConfig.Flags] field does not survive a [json] round trip.
type ContainerConfigF ContainerConfig type ContainerConfigF ContainerConfig

46
hst/dbus.go
View File

@@ -5,8 +5,26 @@ import (
"strings" "strings"
) )
// BadInterfaceError is returned when Interface fails an undocumented check in xdg-dbus-proxy, // BadInterfaceError is returned when Interface fails an undocumented check in
// which would have cause a silent failure. // xdg-dbus-proxy, which would have cause a silent failure.
//
// xdg-dbus-proxy fails without output when this condition is not met:
//
// char *dot = strrchr (filter->interface, '.');
// if (dot != NULL)
// {
// *dot = 0;
// if (strcmp (dot + 1, "*") != 0)
// filter->member = g_strdup (dot + 1);
// }
//
// trim ".*" since they are removed before searching for '.':
//
// if (g_str_has_suffix (name, ".*"))
// {
// name[strlen (name) - 2] = 0;
// wildcard = TRUE;
// }
type BadInterfaceError struct { type BadInterfaceError struct {
// Interface is the offending interface string. // Interface is the offending interface string.
Interface string Interface string
@@ -19,7 +37,8 @@ func (e *BadInterfaceError) Error() string {
if e == nil { if e == nil {
return "<nil>" return "<nil>"
} }
return "bad interface string " + strconv.Quote(e.Interface) + " in " + e.Segment + " bus configuration" return "bad interface string " + strconv.Quote(e.Interface) +
" in " + e.Segment + " bus configuration"
} }
// BusConfig configures the xdg-dbus-proxy process. // BusConfig configures the xdg-dbus-proxy process.
@@ -76,31 +95,14 @@ func (c *BusConfig) Interfaces(yield func(string) bool) {
} }
} }
// CheckInterfaces checks for invalid interface strings based on an undocumented check in xdg-dbus-error, // CheckInterfaces checks for invalid interface strings based on an undocumented
// returning [BadInterfaceError] if one is encountered. // check in xdg-dbus-error, returning [BadInterfaceError] if one is encountered.
func (c *BusConfig) CheckInterfaces(segment string) error { func (c *BusConfig) CheckInterfaces(segment string) error {
if c == nil { if c == nil {
return nil return nil
} }
for iface := range c.Interfaces { for iface := range c.Interfaces {
/*
xdg-dbus-proxy fails without output when this condition is not met:
char *dot = strrchr (filter->interface, '.');
if (dot != NULL)
{
*dot = 0;
if (strcmp (dot + 1, "*") != 0)
filter->member = g_strdup (dot + 1);
}
trim ".*" since they are removed before searching for '.':
if (g_str_has_suffix (name, ".*"))
{
name[strlen (name) - 2] = 0;
wildcard = TRUE;
}
*/
if strings.IndexByte(strings.TrimSuffix(iface, ".*"), '.') == -1 { if strings.IndexByte(strings.TrimSuffix(iface, ".*"), '.') == -1 {
return &BadInterfaceError{iface, segment} return &BadInterfaceError{iface, segment}
} }

8
hst/enablement.go
View File

@@ -11,15 +11,17 @@ import (
type Enablement byte type Enablement byte
const ( const (
// EWayland exposes a wayland pathname socket via security-context-v1. // EWayland exposes a Wayland pathname socket via security-context-v1.
EWayland Enablement = 1 << iota EWayland Enablement = 1 << iota
// EX11 adds the target user via X11 ChangeHosts and exposes the X11 pathname socket. // EX11 adds the target user via X11 ChangeHosts and exposes the X11
// pathname socket.
EX11 EX11
// EDBus enables the per-container xdg-dbus-proxy daemon. // EDBus enables the per-container xdg-dbus-proxy daemon.
EDBus EDBus
// EPipeWire exposes a pipewire pathname socket via SecurityContext. // EPipeWire exposes a pipewire pathname socket via SecurityContext.
EPipeWire EPipeWire
// EPulse copies the PulseAudio cookie to [hst.PrivateTmp] and exposes the PulseAudio socket. // EPulse copies the PulseAudio cookie to [hst.PrivateTmp] and exposes the
// PulseAudio socket.
EPulse EPulse
// EM is a noop. // EM is a noop.

15
hst/fs.go
View File

@@ -24,7 +24,8 @@ type FilesystemConfig interface {
fmt.Stringer fmt.Stringer
} }
// The Ops interface enables [FilesystemConfig] to queue container ops without depending on the container package. // The Ops interface enables [FilesystemConfig] to queue container ops without
// depending on the container package.
type Ops interface { type Ops interface {
// Tmpfs appends an op that mounts tmpfs on a container path. // Tmpfs appends an op that mounts tmpfs on a container path.
Tmpfs(target *check.Absolute, size int, perm os.FileMode) Ops Tmpfs(target *check.Absolute, size int, perm os.FileMode) Ops
@@ -41,12 +42,15 @@ type Ops interface {
// Link appends an op that creates a symlink in the container filesystem. // Link appends an op that creates a symlink in the container filesystem.
Link(target *check.Absolute, linkName string, dereference bool) Ops Link(target *check.Absolute, linkName string, dereference bool) Ops
// Root appends an op that expands a directory into a toplevel bind mount mirror on container root. // Root appends an op that expands a directory into a toplevel bind mount
// mirror on container root.
Root(host *check.Absolute, flags int) Ops Root(host *check.Absolute, flags int) Ops
// Etc appends an op that expands host /etc into a toplevel symlink mirror with /etc semantics. // Etc appends an op that expands host /etc into a toplevel symlink mirror
// with /etc semantics.
Etc(host *check.Absolute, prefix string) Ops Etc(host *check.Absolute, prefix string) Ops
// Daemon appends an op that starts a daemon in the container and blocks until target appears. // Daemon appends an op that starts a daemon in the container and blocks
// until target appears.
Daemon(target, path *check.Absolute, args ...string) Ops Daemon(target, path *check.Absolute, args ...string) Ops
} }
@@ -61,7 +65,8 @@ type ApplyState struct {
// ErrFSNull is returned by [json] on encountering a null [FilesystemConfig] value. // ErrFSNull is returned by [json] on encountering a null [FilesystemConfig] value.
var ErrFSNull = errors.New("unexpected null in mount point") var ErrFSNull = errors.New("unexpected null in mount point")
// FSTypeError is returned when [ContainerConfig.Filesystem] contains an entry with invalid type. // FSTypeError is returned when [ContainerConfig.Filesystem] contains an entry
// with invalid type.
type FSTypeError string type FSTypeError string
func (f FSTypeError) Error() string { return fmt.Sprintf("invalid filesystem type %q", string(f)) } func (f FSTypeError) Error() string { return fmt.Sprintf("invalid filesystem type %q", string(f)) }

4
hst/fslink.go
View File

@@ -18,7 +18,9 @@ type FSLink struct {
Target *check.Absolute `json:"dst"` Target *check.Absolute `json:"dst"`
// Arbitrary linkname value store in the symlink. // Arbitrary linkname value store in the symlink.
Linkname string `json:"linkname"` Linkname string `json:"linkname"`
// Whether to treat Linkname as an absolute pathname and dereference before creating the link.
// Whether to treat Linkname as an absolute pathname and dereference before
// creating the link.
Dereference bool `json:"dereference,omitempty"` Dereference bool `json:"dereference,omitempty"`
} }

6
hst/fsoverlay.go
View File

@@ -19,9 +19,11 @@ type FSOverlay struct {
// Any filesystem, does not need to be on a writable filesystem, must not be nil. // Any filesystem, does not need to be on a writable filesystem, must not be nil.
Lower []*check.Absolute `json:"lower"` Lower []*check.Absolute `json:"lower"`
// The upperdir is normally on a writable filesystem, leave as nil to mount Lower readonly. // The upperdir is normally on a writable filesystem, leave as nil to mount
// Lower readonly.
Upper *check.Absolute `json:"upper,omitempty"` Upper *check.Absolute `json:"upper,omitempty"`
// The workdir needs to be an empty directory on the same filesystem as Upper, must not be nil if Upper is populated. // The workdir needs to be an empty directory on the same filesystem as
// Upper, must not be nil if Upper is populated.
Work *check.Absolute `json:"work,omitempty"` Work *check.Absolute `json:"work,omitempty"`
} }

60
hst/hst.go
View File

@@ -44,11 +44,13 @@ func (e *AppError) Message() string {
type Paths struct { type Paths struct {
// Temporary directory returned by [os.TempDir], usually equivalent to [fhs.AbsTmp]. // Temporary directory returned by [os.TempDir], usually equivalent to [fhs.AbsTmp].
TempDir *check.Absolute `json:"temp_dir"` TempDir *check.Absolute `json:"temp_dir"`
// Shared directory specific to the hsu userid, usually (`/tmp/hakurei.%d`, [Info.User]). // Shared directory specific to the hsu userid, usually
// (`/tmp/hakurei.%d`, [Info.User]).
SharePath *check.Absolute `json:"share_path"` SharePath *check.Absolute `json:"share_path"`
// Checked XDG_RUNTIME_DIR value, usually (`/run/user/%d`, uid). // Checked XDG_RUNTIME_DIR value, usually (`/run/user/%d`, uid).
RuntimePath *check.Absolute `json:"runtime_path"` RuntimePath *check.Absolute `json:"runtime_path"`
// Shared directory specific to the hsu userid located in RuntimePath, usually (`/run/user/%d/hakurei`, uid). // Shared directory specific to the hsu userid located in RuntimePath,
// usually (`/run/user/%d/hakurei`, uid).
RunDirPath *check.Absolute `json:"run_dir_path"` RunDirPath *check.Absolute `json:"run_dir_path"`
} }
@@ -74,10 +76,23 @@ func Template() *Config {
SessionBus: &BusConfig{ SessionBus: &BusConfig{
See: nil, See: nil,
Talk: []string{"org.freedesktop.Notifications", "org.freedesktop.FileManager1", "org.freedesktop.ScreenSaver", Talk: []string{
"org.freedesktop.secrets", "org.kde.kwalletd5", "org.kde.kwalletd6", "org.gnome.SessionManager"}, "org.freedesktop.Notifications",
Own: []string{"org.chromium.Chromium.*", "org.mpris.MediaPlayer2.org.chromium.Chromium.*", "org.freedesktop.FileManager1",
"org.mpris.MediaPlayer2.chromium.*"}, "org.freedesktop.ScreenSaver",
"org.freedesktop.secrets",
"org.kde.kwalletd5",
"org.kde.kwalletd6",
"org.gnome.SessionManager",
},
Own: []string{
"org.chromium.Chromium.*",
"org.mpris.MediaPlayer2.org.chromium.Chromium.*",
"org.mpris.MediaPlayer2.chromium.*",
},
Call: map[string]string{"org.freedesktop.portal.*": "*"}, Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"}, Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Log: false, Log: false,
@@ -112,7 +127,12 @@ func Template() *Config {
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT", "GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT",
}, },
Filesystem: []FilesystemConfigJSON{ Filesystem: []FilesystemConfigJSON{
{&FSBind{Target: fhs.AbsRoot, Source: fhs.AbsVarLib.Append("hakurei/base/org.debian"), Write: true, Special: true}}, {&FSBind{
Target: fhs.AbsRoot,
Source: fhs.AbsVarLib.Append("hakurei/base/org.debian"),
Write: true,
Special: true,
}},
{&FSBind{Target: fhs.AbsEtc, Source: fhs.AbsEtc, Special: true}}, {&FSBind{Target: fhs.AbsEtc, Source: fhs.AbsEtc, Special: true}},
{&FSEphemeral{Target: fhs.AbsTmp, Write: true, Perm: 0755}}, {&FSEphemeral{Target: fhs.AbsTmp, Write: true, Perm: 0755}},
{&FSOverlay{ {&FSOverlay{
@@ -121,11 +141,27 @@ func Template() *Config {
Upper: fhs.AbsVarLib.Append("hakurei/nix/u0/org.chromium.Chromium/rw-store/upper"), Upper: fhs.AbsVarLib.Append("hakurei/nix/u0/org.chromium.Chromium/rw-store/upper"),
Work: fhs.AbsVarLib.Append("hakurei/nix/u0/org.chromium.Chromium/rw-store/work"), Work: fhs.AbsVarLib.Append("hakurei/nix/u0/org.chromium.Chromium/rw-store/work"),
}}, }},
{&FSLink{Target: fhs.AbsRun.Append("current-system"), Linkname: "/run/current-system", Dereference: true}}, {&FSLink{
{&FSLink{Target: fhs.AbsRun.Append("opengl-driver"), Linkname: "/run/opengl-driver", Dereference: true}}, Target: fhs.AbsRun.Append("current-system"),
{&FSBind{Source: fhs.AbsVarLib.Append("hakurei/u0/org.chromium.Chromium"), Linkname: "/run/current-system",
Target: check.MustAbs("/data/data/org.chromium.Chromium"), Write: true, Ensure: true}}, Dereference: true,
{&FSBind{Source: fhs.AbsDev.Append("dri"), Device: true, Optional: true}}, }},
{&FSLink{
Target: fhs.AbsRun.Append("opengl-driver"),
Linkname: "/run/opengl-driver",
Dereference: true,
}},
{&FSBind{
Source: fhs.AbsVarLib.Append("hakurei/u0/org.chromium.Chromium"),
Target: check.MustAbs("/data/data/org.chromium.Chromium"),
Write: true,
Ensure: true,
}},
{&FSBind{
Source: fhs.AbsDev.Append("dri"),
Device: true,
Optional: true,
}},
}, },
Username: "chronos", Username: "chronos",

15
hst/instance.go
View File

@@ -12,10 +12,12 @@ import (
// An ID is a unique identifier held by a running hakurei container. // An ID is a unique identifier held by a running hakurei container.
type ID [16]byte type ID [16]byte
// ErrIdentifierLength is returned when encountering a [hex] representation of [ID] with unexpected length. // ErrIdentifierLength is returned when encountering a [hex] representation of
// [ID] with unexpected length.
var ErrIdentifierLength = errors.New("identifier string has unexpected length") var ErrIdentifierLength = errors.New("identifier string has unexpected length")
// IdentifierDecodeError is returned by [ID.UnmarshalText] to provide relevant error descriptions. // IdentifierDecodeError is returned by [ID.UnmarshalText] to provide relevant
// error descriptions.
type IdentifierDecodeError struct{ Err error } type IdentifierDecodeError struct{ Err error }
func (e IdentifierDecodeError) Unwrap() error { return e.Err } func (e IdentifierDecodeError) Unwrap() error { return e.Err }
@@ -23,7 +25,10 @@ func (e IdentifierDecodeError) Error() string {
var invalidByteError hex.InvalidByteError var invalidByteError hex.InvalidByteError
switch { switch {
case errors.As(e.Err, &invalidByteError): case errors.As(e.Err, &invalidByteError):
return fmt.Sprintf("got invalid byte %#U in identifier", rune(invalidByteError)) return fmt.Sprintf(
"got invalid byte %#U in identifier",
rune(invalidByteError),
)
case errors.Is(e.Err, hex.ErrLength): case errors.Is(e.Err, hex.ErrLength):
return "odd length identifier hex string" return "odd length identifier hex string"
@@ -41,7 +46,9 @@ func (a *ID) CreationTime() time.Time {
} }
// NewInstanceID creates a new unique [ID]. // NewInstanceID creates a new unique [ID].
func NewInstanceID(id *ID) error { return newInstanceID(id, uint64(time.Now().UnixNano())) } func NewInstanceID(id *ID) error {
return newInstanceID(id, uint64(time.Now().UnixNano()))
}
// newInstanceID creates a new unique [ID] with the specified timestamp. // newInstanceID creates a new unique [ID] with the specified timestamp.
func newInstanceID(id *ID, p uint64) error { func newInstanceID(id *ID, p uint64) error {

0
internal/azalea/azalea.bnf
View File

69
internal/azalea/azalea.go
View File

@@ -1,69 +0,0 @@
//go:generate gocc -a azalea.bnf
package azalea
import (
"io"
"io/fs"
"os"
"path/filepath"
"strconv"
"strings"
"hakurei.app/container/check"
)
type Parser struct {
Generator
}
func NewParser(gen Generator) *Parser {
return &Parser{
Generator: gen,
}
}
func (p Parser) Initialise() {
}
func (p Parser) Consume(ns string, file io.Reader) error {
return nil
}
// ConsumeDir walks a directory and consumes all Azalea source files within it and all its subdirectories, as long as they end with the .az extension.
func (p Parser) ConsumeDir(dir *check.Absolute) error {
ds := dir.String()
return filepath.WalkDir(ds, func(path string, d fs.DirEntry, err error) (e error) {
if err != nil {
return err
}
if d.IsDir() || !strings.HasSuffix(d.Name(), ".az") {
return
}
rel, e := filepath.Rel(ds, path)
ns := strings.TrimSuffix(rel, ".az")
f, e := os.Open(path)
return p.Consume(ns, f)
})
}
// ConsumeAll consumes all provided readers as Azalea source code, each given the namespace `r%d` where `%d` is the index of the reader in the provided arguments.
func (p Parser) ConsumeAll(in ...io.Reader) error {
for i, r := range in {
err := p.Consume("r"+strconv.FormatInt(int64(i), 10), r)
if err != nil {
return err
}
}
return nil
}
// ConsumeStrings consumes all provided strings as Azalea source code, each given the namespace `s%d` where `%d` is the index of the string in the provided arugments.
func (p Parser) ConsumeStrings(in ...string) error {
for i, s := range in {
err := p.Consume("s"+strconv.FormatInt(int64(i), 10), strings.NewReader(s))
if err != nil {
return err
}
}
return nil
}

36
internal/azalea/generator.go
View File

@@ -1,36 +0,0 @@
package azalea
import (
"io"
)
type Generator interface {
Finalise() (error, io.Writer)
}
type JsonGenerator struct {
t any
}
func NewJsonGenerator[T any]() JsonGenerator {
t := new(T)
return JsonGenerator{
t,
}
}
func (j *JsonGenerator) Finalise() (error, io.Writer) {
}
type PkgIRGenerator struct {
}
func NewPkgIRGenerator() PkgIRGenerator {
return PkgIRGenerator{}
}
func (p *PkgIRGenerator) Finalise() (error, io.Writer) {
}

186
internal/netlink/netlink.go Normal file
View File

@@ -0,0 +1,186 @@
// Package netlink is a partial implementation of the netlink protocol.
package netlink
import (
"fmt"
"os"
"sync"
"syscall"
"unsafe"
)
// AF_NETLINK socket is never shared
var (
nlPid uint32
nlPidOnce sync.Once
)
// getpid returns a cached pid value.
func getpid() uint32 {
nlPidOnce.Do(func() { nlPid = uint32(os.Getpid()) })
return nlPid
}
// A conn represents resources associated to a netlink socket.
type conn struct {
// AF_NETLINK socket.
fd int
// Kernel module or netlink group to communicate with.
family int
// Message sequence number.
seq uint32
// For pending outgoing message.
typ, flags uint16
// Outgoing position in buf.
pos int
// A page holding incoming and outgoing messages.
buf []byte
}
// dial returns the address of a newly connected conn of specified family.
func dial(family int) (*conn, error) {
var c conn
if fd, err := syscall.Socket(
syscall.AF_NETLINK,
syscall.SOCK_RAW|syscall.SOCK_CLOEXEC,
family,
); err != nil {
return nil, os.NewSyscallError("socket", err)
} else if err = syscall.Bind(fd, &syscall.SockaddrNetlink{
Family: syscall.AF_NETLINK,
Pid: getpid(),
}); err != nil {
_ = syscall.Close(fd)
return nil, os.NewSyscallError("bind", err)
} else {
c.fd, c.family = fd, family
}
c.pos = syscall.NLMSG_HDRLEN
c.buf = make([]byte, os.Getpagesize())
return &c, nil
}
// Close closes the underlying socket.
func (c *conn) Close() error {
if c.buf == nil {
return syscall.EINVAL
}
c.buf = nil
return syscall.Close(c.fd)
}
// Msg is type constraint for types sent over the wire via netlink.
//
// No pointer types or compound types containing pointers may appear here.
type Msg interface {
syscall.NlMsghdr | syscall.NlMsgerr |
syscall.IfAddrmsg | RtAttrMsg[InAddr] |
syscall.IfInfomsg
}
// As returns data as the specified netlink message type.
func As[M Msg](data []byte) *M {
var v M
if unsafe.Sizeof(v) != uintptr(len(data)) {
return nil
}
return (*M)(unsafe.Pointer(unsafe.SliceData(data)))
}
// add queues a value to be sent by conn.
func add[M Msg](c *conn, p *M) bool {
pos := c.pos
c.pos += int(unsafe.Sizeof(*p))
if c.pos > len(c.buf) {
c.pos = pos
return false
}
*(*M)(unsafe.Pointer(&c.buf[pos])) = *p
return true
}
// InconsistentError describes a reply from the kernel that is not consistent
// with the internal state tracked by this package.
type InconsistentError struct {
// Offending header.
syscall.NlMsghdr
// Expected message sequence.
Seq uint32
// Expected pid.
Pid uint32
}
func (*InconsistentError) Unwrap() error { return os.ErrInvalid }
func (e *InconsistentError) Error() string {
s := "netlink socket has inconsistent state"
switch {
case e.Seq != e.NlMsghdr.Seq:
s += fmt.Sprintf(": seq %d != %d", e.Seq, e.NlMsghdr.Seq)
case e.Pid != e.NlMsghdr.Pid:
s += fmt.Sprintf(": pid %d != %d", e.Pid, e.NlMsghdr.Pid)
}
return s
}
// pending returns the valid slice of buf and initialises pos.
func (c *conn) pending() []byte {
buf := c.buf[:c.pos]
c.pos = syscall.NLMSG_HDRLEN
*(*syscall.NlMsghdr)(unsafe.Pointer(unsafe.SliceData(buf))) = syscall.NlMsghdr{
Len: uint32(len(buf)),
Type: c.typ,
Flags: c.flags,
Seq: c.seq,
Pid: getpid(),
}
return buf
}
// Complete indicates the completion of a roundtrip.
type Complete struct{}
// Error returns a hardcoded string that should never be displayed to the user.
func (Complete) Error() string { return "returning from roundtrip" }
// Roundtrip sends the pending message and handles the reply.
func (c *conn) Roundtrip(f func(msg *syscall.NetlinkMessage) error) error {
if c.buf == nil {
return syscall.EINVAL
}
defer func() { c.seq++ }()
if err := syscall.Sendto(c.fd, c.pending(), 0, &syscall.SockaddrNetlink{
Family: syscall.AF_NETLINK,
}); err != nil {
return os.NewSyscallError("sendto", err)
}
for {
buf := c.buf
if n, _, err := syscall.Recvfrom(c.fd, buf, 0); err != nil {
return os.NewSyscallError("recvfrom", err)
} else if n < syscall.NLMSG_HDRLEN {
return syscall.EBADE
} else {
buf = buf[:n]
}
msgs, err := syscall.ParseNetlinkMessage(buf)
if err != nil {
return err
}
for _, msg := range msgs {
if msg.Header.Seq != c.seq || msg.Header.Pid != getpid() {
return &InconsistentError{msg.Header, c.seq, getpid()}
}
if err = f(&msg); err != nil {
if err == (Complete{}) {
return nil
}
return err
}
}
}
}

36
internal/netlink/netlink_test.go Normal file
View File

@@ -0,0 +1,36 @@
package netlink
import (
"os"
"syscall"
"testing"
)
func init() { nlPidOnce.Do(func() {}); nlPid = 1 }
type payloadTestCase struct {
name string
f func(c *conn)
want []byte
}
// checkPayload runs multiple payloadTestCase against a stub conn and checks
// the outgoing message written to its buffer page.
func checkPayload(t *testing.T, testCases []payloadTestCase) {
t.Helper()
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
c := conn{
pos: syscall.NLMSG_HDRLEN,
buf: make([]byte, os.Getpagesize()),
}
tc.f(&c)
if got := c.pending(); string(got) != string(tc.want) {
t.Errorf("pending: %#v, want %#v", got, tc.want)
}
})
}
}

132
internal/netlink/rtnl.go Normal file
View File

@@ -0,0 +1,132 @@
package netlink
import (
"syscall"
"unsafe"
)
// RouteConn represents a NETLINK_ROUTE socket.
type RouteConn struct{ *conn }
// DialRoute returns the address of a newly connected [RouteConn].
func DialRoute() (*RouteConn, error) {
c, err := dial(syscall.NETLINK_ROUTE)
if err != nil {
return nil, err
}
return &RouteConn{c}, nil
}
// rtnlConsume consumes a message from rtnetlink.
func rtnlConsume(msg *syscall.NetlinkMessage) error {
switch msg.Header.Type {
case syscall.NLMSG_DONE:
return Complete{}
case syscall.NLMSG_ERROR:
if e := As[syscall.NlMsgerr](msg.Data); e != nil {
if e.Error == 0 {
return Complete{}
}
return syscall.Errno(-e.Error)
}
return syscall.EBADE
default:
return nil
}
}
// InAddr is equivalent to struct in_addr.
type InAddr [4]byte
// RtAttrMsg holds syscall.RtAttr alongside its payload.
type RtAttrMsg[D any] struct {
syscall.RtAttr
Data D
}
// populate populates the Len field of the embedded syscall.RtAttr.
func (attr *RtAttrMsg[M]) populate() {
attr.Len = syscall.SizeofRtAttr + uint16(unsafe.Sizeof(attr.Data))
}
// writeIfAddrmsg writes an ifaddrmsg structure to conn.
func (c *RouteConn) writeIfAddrmsg(
typ, flags uint16,
msg *syscall.IfAddrmsg,
attrs ...RtAttrMsg[InAddr],
) bool {
c.typ, c.flags = typ, syscall.NLM_F_REQUEST|syscall.NLM_F_ACK|flags
if !add(c.conn, msg) {
return false
}
for _, attr := range attrs {
attr.populate()
if !add(c.conn, &attr) {
return false
}
}
return true
}
// SendIfAddrmsg sends an ifaddrmsg structure to rtnetlink.
func (c *RouteConn) SendIfAddrmsg(
typ, flags uint16,
msg *syscall.IfAddrmsg,
attrs ...RtAttrMsg[InAddr],
) error {
if !c.writeIfAddrmsg(typ, flags, msg, attrs...) {
return syscall.ENOMEM
}
return c.Roundtrip(rtnlConsume)
}
// writeNewaddrLo writes a RTM_NEWADDR message for the loopback address.
func (c *RouteConn) writeNewaddrLo(lo uint32) bool {
return c.writeIfAddrmsg(
syscall.RTM_NEWADDR,
syscall.NLM_F_CREATE|syscall.NLM_F_EXCL,
&syscall.IfAddrmsg{
Family: syscall.AF_INET,
Prefixlen: 8,
Flags: syscall.IFA_F_PERMANENT,
Scope: syscall.RT_SCOPE_HOST,
Index: lo,
},
RtAttrMsg[InAddr]{syscall.RtAttr{
Type: syscall.IFA_LOCAL,
}, InAddr{127, 0, 0, 1}},
RtAttrMsg[InAddr]{syscall.RtAttr{
Type: syscall.IFA_ADDRESS,
}, InAddr{127, 0, 0, 1}},
)
}
// SendNewaddrLo sends a RTM_NEWADDR message for the loopback address to the kernel.
func (c *RouteConn) SendNewaddrLo(lo uint32) error {
if !c.writeNewaddrLo(lo) {
return syscall.ENOMEM
}
return c.Roundtrip(rtnlConsume)
}
// writeIfInfomsg writes an ifinfomsg structure to conn.
func (c *RouteConn) writeIfInfomsg(
typ, flags uint16,
msg *syscall.IfInfomsg,
) bool {
c.typ, c.flags = typ, syscall.NLM_F_REQUEST|syscall.NLM_F_ACK|flags
return add(c.conn, msg)
}
// SendIfInfomsg sends an ifinfomsg structure to rtnetlink.
func (c *RouteConn) SendIfInfomsg(
typ, flags uint16,
msg *syscall.IfInfomsg,
) error {
if !c.writeIfInfomsg(typ, flags, msg) {
return syscall.ENOMEM
}
return c.Roundtrip(rtnlConsume)
}

62
internal/netlink/rtnl_test.go Normal file
View File

@@ -0,0 +1,62 @@
package netlink
import (
"syscall"
"testing"
)
func TestPayloadRTNETLINK(t *testing.T) {
t.Parallel()
checkPayload(t, []payloadTestCase{
{"RTM_NEWADDR lo", func(c *conn) {
(&RouteConn{c}).writeNewaddrLo(1)
}, []byte{
/* Len */ 0x28, 0, 0, 0,
/* Type */ 0x14, 0,
/* Flags */ 5, 6,
/* Seq */ 0, 0, 0, 0,
/* Pid */ 1, 0, 0, 0,
/* Family */ 2,
/* Prefixlen */ 8,
/* Flags */ 0x80,
/* Scope */ 0xfe,
/* Index */ 1, 0, 0, 0,
/* Len */ 8, 0,
/* Type */ 2, 0,
/* in_addr */ 127, 0, 0, 1,
/* Len */ 8, 0,
/* Type */ 1, 0,
/* in_addr */ 127, 0, 0, 1,
}},
{"RTM_NEWLINK", func(c *conn) {
c.seq++
(&RouteConn{c}).writeIfInfomsg(
syscall.RTM_NEWLINK, 0,
&syscall.IfInfomsg{
Family: syscall.AF_UNSPEC,
Index: 1,
Flags: syscall.IFF_UP,
Change: syscall.IFF_UP,
},
)
}, []byte{
/* Len */ 0x20, 0, 0, 0,
/* Type */ 0x10, 0,
/* Flags */ 5, 0,
/* Seq */ 1, 0, 0, 0,
/* Pid */ 1, 0, 0, 0,
/* Family */ 0,
/* pad */ 0,
/* Type */ 0, 0,
/* Index */ 1, 0, 0, 0,
/* Flags */ 1, 0, 0, 0,
/* Change */ 1, 0, 0, 0,
}},
})
}

1
internal/outcome/hsu.go
View File

@@ -38,6 +38,7 @@ func (h *Hsu) ensureDispatcher() {
} }
// ID returns the current user hsurc identifier. // ID returns the current user hsurc identifier.
//
// [ErrHsuAccess] is returned if the current user is not in hsurc. // [ErrHsuAccess] is returned if the current user is not in hsurc.
func (h *Hsu) ID() (int, error) { func (h *Hsu) ID() (int, error) {
h.ensureDispatcher() h.ensureDispatcher()

98
internal/outcome/outcome.go
View File

@@ -1,4 +1,5 @@
// Package outcome implements the outcome of the privileged and container sides of a hakurei container. // Package outcome implements the outcome of the privileged and container sides
// of a hakurei container.
package outcome package outcome
import ( import (
@@ -27,8 +28,9 @@ func Info() *hst.Info {
return &hi return &hi
} }
// envAllocSize is the initial size of the env map pre-allocated when the configured env map is nil. // envAllocSize is the initial size of the env map pre-allocated when the
// It should be large enough to fit all insertions by outcomeOp.toContainer. // configured env map is nil. It should be large enough to fit all insertions by
// outcomeOp.toContainer.
const envAllocSize = 1 << 6 const envAllocSize = 1 << 6
func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} } func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} }
@@ -43,7 +45,8 @@ func (s *stringPair[T]) unwrap() T { return s.v }
func (s *stringPair[T]) String() string { return s.s } func (s *stringPair[T]) String() string { return s.s }
// outcomeState is copied to the shim process and available while applying outcomeOp. // outcomeState is copied to the shim process and available while applying outcomeOp.
// This is transmitted from the priv side to the shim, so exported fields should be kept to a minimum. // This is transmitted from the priv side to the shim, so exported fields should
// be kept to a minimum.
type outcomeState struct { type outcomeState struct {
// Params only used by the shim process. Populated by populateEarly. // Params only used by the shim process. Populated by populateEarly.
Shim *shimParams Shim *shimParams
@@ -89,14 +92,25 @@ func (s *outcomeState) valid() bool {
s.Paths != nil s.Paths != nil
} }
// newOutcomeState returns the address of a new outcomeState with its exported fields populated via syscallDispatcher. // newOutcomeState returns the address of a new outcomeState with its exported
// fields populated via syscallDispatcher.
func newOutcomeState(k syscallDispatcher, msg message.Msg, id *hst.ID, config *hst.Config, hsu *Hsu) *outcomeState { func newOutcomeState(k syscallDispatcher, msg message.Msg, id *hst.ID, config *hst.Config, hsu *Hsu) *outcomeState {
s := outcomeState{ s := outcomeState{
Shim: &shimParams{PrivPID: k.getpid(), Verbose: msg.IsVerbose()}, Shim: &shimParams{
ID: id, PrivPID: k.getpid(),
Identity: config.Identity, Verbose: msg.IsVerbose(),
UserID: hsu.MustID(msg),
Paths: env.CopyPathsFunc(k.fatalf, k.tempdir, func(key string) string { v, _ := k.lookupEnv(key); return v }), SchedPolicy: config.SchedPolicy,
SchedPriority: config.SchedPriority,
},
ID: id,
Identity: config.Identity,
UserID: hsu.MustID(msg),
Paths: env.CopyPathsFunc(k.fatalf, k.tempdir, func(key string) string {
v, _ := k.lookupEnv(key)
return v
}),
Container: config.Container, Container: config.Container,
} }
@@ -121,6 +135,7 @@ func newOutcomeState(k syscallDispatcher, msg message.Msg, id *hst.ID, config *h
} }
// populateLocal populates unexported fields from transmitted exported fields. // populateLocal populates unexported fields from transmitted exported fields.
//
// These fields are cheaper to recompute per-process. // These fields are cheaper to recompute per-process.
func (s *outcomeState) populateLocal(k syscallDispatcher, msg message.Msg) error { func (s *outcomeState) populateLocal(k syscallDispatcher, msg message.Msg) error {
if !s.valid() || k == nil || msg == nil { if !s.valid() || k == nil || msg == nil {
@@ -136,7 +151,10 @@ func (s *outcomeState) populateLocal(k syscallDispatcher, msg message.Msg) error
s.id = &stringPair[hst.ID]{*s.ID, s.ID.String()} s.id = &stringPair[hst.ID]{*s.ID, s.ID.String()}
s.Copy(&s.sc, s.UserID) s.Copy(&s.sc, s.UserID)
msg.Verbosef("process share directory at %q, runtime directory at %q", s.sc.SharePath, s.sc.RunDirPath) msg.Verbosef(
"process share directory at %q, runtime directory at %q",
s.sc.SharePath, s.sc.RunDirPath,
)
s.identity = newInt(s.Identity) s.identity = newInt(s.Identity)
s.mapuid, s.mapgid = newInt(s.Mapuid), newInt(s.Mapgid) s.mapuid, s.mapgid = newInt(s.Mapuid), newInt(s.Mapgid)
@@ -146,17 +164,25 @@ func (s *outcomeState) populateLocal(k syscallDispatcher, msg message.Msg) error
} }
// instancePath returns a path formatted for outcomeStateSys.instance. // instancePath returns a path formatted for outcomeStateSys.instance.
//
// This method must only be called from outcomeOp.toContainer if // This method must only be called from outcomeOp.toContainer if
// outcomeOp.toSystem has already called outcomeStateSys.instance. // outcomeOp.toSystem has already called outcomeStateSys.instance.
func (s *outcomeState) instancePath() *check.Absolute { return s.sc.SharePath.Append(s.id.String()) } func (s *outcomeState) instancePath() *check.Absolute {
return s.sc.SharePath.Append(s.id.String())
}
// runtimePath returns a path formatted for outcomeStateSys.runtime. // runtimePath returns a path formatted for outcomeStateSys.runtime.
//
// This method must only be called from outcomeOp.toContainer if // This method must only be called from outcomeOp.toContainer if
// outcomeOp.toSystem has already called outcomeStateSys.runtime. // outcomeOp.toSystem has already called outcomeStateSys.runtime.
func (s *outcomeState) runtimePath() *check.Absolute { return s.sc.RunDirPath.Append(s.id.String()) } func (s *outcomeState) runtimePath() *check.Absolute {
return s.sc.RunDirPath.Append(s.id.String())
}
// outcomeStateSys wraps outcomeState and [system.I]. Used on the priv side only. // outcomeStateSys wraps outcomeState and [system.I]. Used on the priv side only.
// Implementations of outcomeOp must not access fields other than sys unless explicitly stated. //
// Implementations of outcomeOp must not access fields other than sys unless
// explicitly stated.
type outcomeStateSys struct { type outcomeStateSys struct {
// Whether XDG_RUNTIME_DIR is used post hsu. // Whether XDG_RUNTIME_DIR is used post hsu.
useRuntimeDir bool useRuntimeDir bool
@@ -219,6 +245,7 @@ func (state *outcomeStateSys) ensureRuntimeDir() {
} }
// instance returns the pathname to a process-specific directory within TMPDIR. // instance returns the pathname to a process-specific directory within TMPDIR.
//
// This directory must only hold entries bound to [system.Process]. // This directory must only hold entries bound to [system.Process].
func (state *outcomeStateSys) instance() *check.Absolute { func (state *outcomeStateSys) instance() *check.Absolute {
if state.sharePath != nil { if state.sharePath != nil {
@@ -230,6 +257,7 @@ func (state *outcomeStateSys) instance() *check.Absolute {
} }
// runtime returns the pathname to a process-specific directory within XDG_RUNTIME_DIR. // runtime returns the pathname to a process-specific directory within XDG_RUNTIME_DIR.
//
// This directory must only hold entries bound to [system.Process]. // This directory must only hold entries bound to [system.Process].
func (state *outcomeStateSys) runtime() *check.Absolute { func (state *outcomeStateSys) runtime() *check.Absolute {
if state.runtimeSharePath != nil { if state.runtimeSharePath != nil {
@@ -242,22 +270,29 @@ func (state *outcomeStateSys) runtime() *check.Absolute {
return state.runtimeSharePath return state.runtimeSharePath
} }
// outcomeStateParams wraps outcomeState and [container.Params]. Used on the shim side only. // outcomeStateParams wraps outcomeState and [container.Params].
//
// Used on the shim side only.
type outcomeStateParams struct { type outcomeStateParams struct {
// Overrides the embedded [container.Params] in [container.Container]. The Env field must not be used. // Overrides the embedded [container.Params] in [container.Container].
//
// The Env field must not be used.
params *container.Params params *container.Params
// Collapsed into the Env slice in [container.Params] by the final outcomeOp. // Collapsed into the Env slice in [container.Params] by the final outcomeOp.
env map[string]string env map[string]string
// Filesystems with the optional root sliced off if present. Populated by spParamsOp. // Filesystems with the optional root sliced off if present.
// Safe for use by spFilesystemOp. //
// Populated by spParamsOp. Safe for use by spFilesystemOp.
filesystem []hst.FilesystemConfigJSON filesystem []hst.FilesystemConfigJSON
// Inner XDG_RUNTIME_DIR default formatting of `/run/user/%d` via mapped uid. // Inner XDG_RUNTIME_DIR default formatting of `/run/user/%d` via mapped uid.
//
// Populated by spRuntimeOp. // Populated by spRuntimeOp.
runtimeDir *check.Absolute runtimeDir *check.Absolute
// Path to pipewire-pulse server. // Path to pipewire-pulse server.
//
// Populated by spPipeWireOp if DirectPipeWire is false. // Populated by spPipeWireOp if DirectPipeWire is false.
pipewirePulsePath *check.Absolute pipewirePulsePath *check.Absolute
@@ -265,25 +300,32 @@ type outcomeStateParams struct {
*outcomeState *outcomeState
} }
// errNotEnabled is returned by outcomeOp.toSystem and used internally to exclude an outcomeOp from transmission. // errNotEnabled is returned by outcomeOp.toSystem and used internally to
// exclude an outcomeOp from transmission.
var errNotEnabled = errors.New("op not enabled in the configuration") var errNotEnabled = errors.New("op not enabled in the configuration")
// An outcomeOp inflicts an outcome on [system.I] and contains enough information to // An outcomeOp inflicts an outcome on [system.I] and contains enough
// inflict it on [container.Params] in a separate process. // information to inflict it on [container.Params] in a separate process.
// An implementation of outcomeOp must store cross-process states in exported fields only. //
// An implementation of outcomeOp must store cross-process states in exported
// fields only.
type outcomeOp interface { type outcomeOp interface {
// toSystem inflicts the current outcome on [system.I] in the priv side process. // toSystem inflicts the current outcome on [system.I] in the priv side process.
toSystem(state *outcomeStateSys) error toSystem(state *outcomeStateSys) error
// toContainer inflicts the current outcome on [container.Params] in the shim process. // toContainer inflicts the current outcome on [container.Params] in the
// The implementation must not write to the Env field of [container.Params] as it will be overwritten // shim process.
// by flattened env map. //
// Implementations must not write to the Env field of [container.Params]
// as it will be overwritten by flattened env map.
toContainer(state *outcomeStateParams) error toContainer(state *outcomeStateParams) error
} }
// toSystem calls the outcomeOp.toSystem method on all outcomeOp implementations and populates shimParams.Ops. // toSystem calls the outcomeOp.toSystem method on all outcomeOp implementations
// This function assumes the caller has already called the Validate method on [hst.Config] // and populates shimParams.Ops.
// and checked that it returns nil. //
// This function assumes the caller has already called the Validate method on
// [hst.Config] and checked that it returns nil.
func (state *outcomeStateSys) toSystem() error { func (state *outcomeStateSys) toSystem() error {
if state.Shim == nil || state.Shim.Ops != nil { if state.Shim == nil || state.Shim.Ops != nil {
return newWithMessage("invalid ops state reached") return newWithMessage("invalid ops state reached")

53
internal/outcome/process.go
View File

@@ -30,7 +30,9 @@ const (
) )
// NewStore returns the address of a new instance of [store.Store]. // NewStore returns the address of a new instance of [store.Store].
func NewStore(sc *hst.Paths) *store.Store { return store.New(sc.SharePath.Append("state")) } func NewStore(sc *hst.Paths) *store.Store {
return store.New(sc.SharePath.Append("state"))
}
// main carries out outcome and terminates. main does not return. // main carries out outcome and terminates. main does not return.
func (k *outcome) main(msg message.Msg, identifierFd int) { func (k *outcome) main(msg message.Msg, identifierFd int) {
@@ -116,7 +118,11 @@ func (k *outcome) main(msg message.Msg, identifierFd int) {
processStatePrev, processStateCur = processStateCur, processState processStatePrev, processStateCur = processStateCur, processState
if !processTime.IsZero() && processStatePrev != processLifecycle { if !processTime.IsZero() && processStatePrev != processLifecycle {
msg.Verbosef("state %d took %.2f ms", processStatePrev, float64(time.Since(processTime).Nanoseconds())/1e6) msg.Verbosef(
"state %d took %.2f ms",
processStatePrev,
float64(time.Since(processTime).Nanoseconds())/1e6,
)
} }
processTime = time.Now() processTime = time.Now()
@@ -141,7 +147,10 @@ func (k *outcome) main(msg message.Msg, identifierFd int) {
case processCommit: case processCommit:
if isBeforeRevert { if isBeforeRevert {
perrorFatal(newWithMessage("invalid transition to commit state"), "commit", processLifecycle) perrorFatal(
newWithMessage("invalid transition to commit state"),
"commit", processLifecycle,
)
continue continue
} }
@@ -238,15 +247,26 @@ func (k *outcome) main(msg message.Msg, identifierFd int) {
case <-func() chan struct{} { case <-func() chan struct{} {
w := make(chan struct{}) w := make(chan struct{})
// this ties processLifecycle to ctx with the additional compensated timeout duration // This ties processLifecycle to ctx with the additional
// to allow transition to the next state on a locked up shim // compensated timeout duration to allow transition to the next
go func() { <-ctx.Done(); time.Sleep(k.state.Shim.WaitDelay + shimWaitTimeout); close(w) }() // state on a locked up shim.
go func() {
<-ctx.Done()
time.Sleep(k.state.Shim.WaitDelay + shimWaitTimeout)
close(w)
}()
return w return w
}(): }():
// this is only reachable when wait did not return within shimWaitTimeout, after its WaitDelay has elapsed. // This is only reachable when wait did not return within
// This is different from the container failing to terminate within its timeout period, as that is enforced // shimWaitTimeout, after its WaitDelay has elapsed. This is
// by the shim. This path is instead reached when there is a lockup in shim preventing it from completing. // different from the container failing to terminate within its
msg.GetLogger().Printf("process %d did not terminate", shimCmd.Process.Pid) // timeout period, as that is enforced by the shim. This path is
// instead reached when there is a lockup in shim preventing it
// from completing.
msg.GetLogger().Printf(
"process %d did not terminate",
shimCmd.Process.Pid,
)
} }
msg.Resume() msg.Resume()
@@ -271,8 +291,8 @@ func (k *outcome) main(msg message.Msg, identifierFd int) {
ec := system.Process ec := system.Process
if entries, _, err := handle.Entries(); err != nil { if entries, _, err := handle.Entries(); err != nil {
// it is impossible to continue from this point, // it is impossible to continue from this point, per-process
// per-process state will be reverted to limit damage // state will be reverted to limit damage
perror(err, "read store segment entries") perror(err, "read store segment entries")
} else { } else {
// accumulate enablements of remaining instances // accumulate enablements of remaining instances
@@ -295,7 +315,10 @@ func (k *outcome) main(msg message.Msg, identifierFd int) {
if n == 0 { if n == 0 {
ec |= system.User ec |= system.User
} else { } else {
msg.Verbosef("found %d instances, cleaning up without user-scoped operations", n) msg.Verbosef(
"found %d instances, cleaning up without user-scoped operations",
n,
)
} }
ec |= rt ^ (hst.EWayland | hst.EX11 | hst.EDBus | hst.EPulse) ec |= rt ^ (hst.EWayland | hst.EX11 | hst.EDBus | hst.EPulse)
if msg.IsVerbose() { if msg.IsVerbose() {
@@ -335,7 +358,9 @@ func (k *outcome) main(msg message.Msg, identifierFd int) {
// start starts the shim via cmd/hsu. // start starts the shim via cmd/hsu.
// //
// If successful, a [time.Time] value for [hst.State] is stored in the value pointed to by startTime. // If successful, a [time.Time] value for [hst.State] is stored in the value
// pointed to by startTime.
//
// The resulting [exec.Cmd] and write end of the shim setup pipe is returned. // The resulting [exec.Cmd] and write end of the shim setup pipe is returned.
func (k *outcome) start(ctx context.Context, msg message.Msg, func (k *outcome) start(ctx context.Context, msg message.Msg,
hsuPath *check.Absolute, hsuPath *check.Absolute,

36
internal/outcome/shim.go
View File

@@ -18,6 +18,7 @@ import (
"hakurei.app/container/fhs" "hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/pipewire" "hakurei.app/internal/pipewire"
"hakurei.app/message" "hakurei.app/message"
@@ -37,9 +38,12 @@ const (
shimMsgBadPID = C.HAKUREI_SHIM_BAD_PID shimMsgBadPID = C.HAKUREI_SHIM_BAD_PID
) )
// setupContSignal sets up the SIGCONT signal handler for the cross-uid shim exit hack. // setupContSignal sets up the SIGCONT signal handler for the cross-uid shim
// The signal handler is implemented in C, signals can be processed by reading from the returned reader. // exit hack.
// The returned function must be called after all signal processing concludes. //
// The signal handler is implemented in C, signals can be processed by reading
// from the returned reader. The returned function must be called after all
// signal processing concludes.
func setupContSignal(pid int) (io.ReadCloser, func(), error) { func setupContSignal(pid int) (io.ReadCloser, func(), error) {
if r, w, err := os.Pipe(); err != nil { if r, w, err := os.Pipe(); err != nil {
return nil, nil, err return nil, nil, err
@@ -51,22 +55,30 @@ func setupContSignal(pid int) (io.ReadCloser, func(), error) {
} }
} }
// shimEnv is the name of the environment variable storing decimal representation of // shimEnv is the name of the environment variable storing decimal representation
// setup pipe fd for [container.Receive]. // of setup pipe fd for [container.Receive].
const shimEnv = "HAKUREI_SHIM" const shimEnv = "HAKUREI_SHIM"
// shimParams is embedded in outcomeState and transmitted from priv side to shim. // shimParams is embedded in outcomeState and transmitted from priv side to shim.
type shimParams struct { type shimParams struct {
// Priv side pid, checked against ppid in signal handler for the syscall.SIGCONT hack. // Priv side pid, checked against ppid in signal handler for the
// syscall.SIGCONT hack.
PrivPID int PrivPID int
// Duration to wait for after the initial process receives os.Interrupt before the container is killed. // Duration to wait for after the initial process receives os.Interrupt
// before the container is killed.
//
// Limits are enforced on the priv side. // Limits are enforced on the priv side.
WaitDelay time.Duration WaitDelay time.Duration
// Verbosity pass through from [message.Msg]. // Verbosity pass through from [message.Msg].
Verbose bool Verbose bool
// Copied from [hst.Config].
SchedPolicy ext.SchedPolicy
// Copied from [hst.Config].
SchedPriority ext.Int
// Outcome setup ops, contains setup state. Populated by outcome.finalise. // Outcome setup ops, contains setup state. Populated by outcome.finalise.
Ops []outcomeOp Ops []outcomeOp
} }
@@ -77,7 +89,9 @@ func (p *shimParams) valid() bool { return p != nil && p.PrivPID > 0 }
// shimName is the prefix used by log.std in the shim process. // shimName is the prefix used by log.std in the shim process.
const shimName = "shim" const shimName = "shim"
// Shim is called by the main function of the shim process and runs as the unconstrained target user. // Shim is called by the main function of the shim process and runs as the
// unconstrained target user.
//
// Shim does not return. // Shim does not return.
func Shim(msg message.Msg) { func Shim(msg message.Msg) {
if msg == nil { if msg == nil {
@@ -131,7 +145,8 @@ func (sp *shimPrivate) destroy() {
} }
const ( const (
// shimPipeWireTimeout is the duration pipewire-pulse is allowed to run before its socket becomes available. // shimPipeWireTimeout is the duration pipewire-pulse is allowed to run
// before its socket becomes available.
shimPipeWireTimeout = 5 * time.Second shimPipeWireTimeout = 5 * time.Second
) )
@@ -262,6 +277,9 @@ func shimEntrypoint(k syscallDispatcher) {
cancelContainer.Store(&stop) cancelContainer.Store(&stop)
sp := shimPrivate{k: k, id: state.id} sp := shimPrivate{k: k, id: state.id}
z := container.New(ctx, msg) z := container.New(ctx, msg)
z.SetScheduler = state.Shim.SchedPolicy > 0
z.SchedPolicy = state.Shim.SchedPolicy
z.SchedPriority = state.Shim.SchedPriority
z.Params = *stateParams.params z.Params = *stateParams.params
z.Stdin, z.Stdout, z.Stderr = os.Stdin, os.Stdout, os.Stderr z.Stdin, z.Stdout, z.Stderr = os.Stdin, os.Stdout, os.Stderr

22
internal/outcome/spcontainer.go
View File

@@ -27,7 +27,9 @@ const varRunNscd = fhs.Var + "run/nscd"
func init() { gob.Register(new(spParamsOp)) } func init() { gob.Register(new(spParamsOp)) }
// spParamsOp initialises unordered fields of [container.Params] and the optional root filesystem. // spParamsOp initialises unordered fields of [container.Params] and the
// optional root filesystem.
//
// This outcomeOp is hardcoded to always run first. // This outcomeOp is hardcoded to always run first.
type spParamsOp struct { type spParamsOp struct {
// Value of $TERM, stored during toSystem. // Value of $TERM, stored during toSystem.
@@ -67,8 +69,8 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
state.params.Args = state.Container.Args state.params.Args = state.Container.Args
} }
// the container is canceled when shim is requested to exit or receives an interrupt or termination signal; // The container is cancelled when shim is requested to exit or receives an
// this behaviour is implemented in the shim // interrupt or termination signal. This behaviour is implemented in the shim.
state.params.ForwardCancel = state.Shim.WaitDelay > 0 state.params.ForwardCancel = state.Shim.WaitDelay > 0
if state.Container.Flags&hst.FMultiarch != 0 { if state.Container.Flags&hst.FMultiarch != 0 {
@@ -115,7 +117,8 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
} else { } else {
state.params.Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice) state.params.Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice)
} }
// /dev is mounted readonly later on, this prevents /dev/shm from going readonly with it // /dev is mounted readonly later on, this prevents /dev/shm from going
// readonly with it
state.params.Tmpfs(fhs.AbsDevShm, 0, 01777) state.params.Tmpfs(fhs.AbsDevShm, 0, 01777)
return nil return nil
@@ -123,7 +126,9 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
func init() { gob.Register(new(spFilesystemOp)) } func init() { gob.Register(new(spFilesystemOp)) }
// spFilesystemOp applies configured filesystems to [container.Params], excluding the optional root filesystem. // spFilesystemOp applies configured filesystems to [container.Params],
// excluding the optional root filesystem.
//
// This outcomeOp is hardcoded to always run last. // This outcomeOp is hardcoded to always run last.
type spFilesystemOp struct { type spFilesystemOp struct {
// Matched paths to cover. Stored during toSystem. // Matched paths to cover. Stored during toSystem.
@@ -297,8 +302,8 @@ func (s *spFilesystemOp) toContainer(state *outcomeStateParams) error {
return nil return nil
} }
// resolveRoot handles the root filesystem special case for [hst.FilesystemConfig] and additionally resolves autoroot // resolveRoot handles the root filesystem special case for [hst.FilesystemConfig]
// as it requires special handling during path hiding. // and additionally resolves autoroot as it requires special handling during path hiding.
func resolveRoot(c *hst.ContainerConfig) (rootfs hst.FilesystemConfig, filesystem []hst.FilesystemConfigJSON, autoroot *hst.FSBind) { func resolveRoot(c *hst.ContainerConfig) (rootfs hst.FilesystemConfig, filesystem []hst.FilesystemConfigJSON, autoroot *hst.FSBind) {
// root filesystem special case // root filesystem special case
filesystem = c.Filesystem filesystem = c.Filesystem
@@ -316,7 +321,8 @@ func resolveRoot(c *hst.ContainerConfig) (rootfs hst.FilesystemConfig, filesyste
return return
} }
// evalSymlinks calls syscallDispatcher.evalSymlinks but discards errors unwrapping to [fs.ErrNotExist]. // evalSymlinks calls syscallDispatcher.evalSymlinks but discards errors
// unwrapping to [fs.ErrNotExist].
func evalSymlinks(msg message.Msg, k syscallDispatcher, v *string) error { func evalSymlinks(msg message.Msg, k syscallDispatcher, v *string) error {
if p, err := k.evalSymlinks(*v); err != nil { if p, err := k.evalSymlinks(*v); err != nil {
if !errors.Is(err, fs.ErrNotExist) { if !errors.Is(err, fs.ErrNotExist) {

1
internal/outcome/spdbus.go
View File

@@ -12,6 +12,7 @@ import (
func init() { gob.Register(new(spDBusOp)) } func init() { gob.Register(new(spDBusOp)) }
// spDBusOp maintains an xdg-dbus-proxy instance for the container. // spDBusOp maintains an xdg-dbus-proxy instance for the container.
//
// Runs after spRuntimeOp. // Runs after spRuntimeOp.
type spDBusOp struct { type spDBusOp struct {
// Whether to bind the system bus socket. Populated during toSystem. // Whether to bind the system bus socket. Populated during toSystem.

5
internal/outcome/sppipewire.go
View File

@@ -13,9 +13,12 @@ const pipewirePulseName = "pipewire-pulse"
func init() { gob.Register(new(spPipeWireOp)) } func init() { gob.Register(new(spPipeWireOp)) }
// spPipeWireOp exports the PipeWire server to the container via SecurityContext. // spPipeWireOp exports the PipeWire server to the container via SecurityContext.
//
// Runs after spRuntimeOp. // Runs after spRuntimeOp.
type spPipeWireOp struct { type spPipeWireOp struct {
// Path to pipewire-pulse server. Populated during toSystem if DirectPipeWire is false. // Path to pipewire-pulse server.
//
// Populated during toSystem if DirectPipeWire is false.
CompatServerPath *check.Absolute CompatServerPath *check.Absolute
} }

49
internal/outcome/sppulse.go
View File

@@ -20,6 +20,7 @@ const pulseCookieSizeMax = 1 << 8
func init() { gob.Register(new(spPulseOp)) } func init() { gob.Register(new(spPulseOp)) }
// spPulseOp exports the PulseAudio server to the container. // spPulseOp exports the PulseAudio server to the container.
//
// Runs after spRuntimeOp. // Runs after spRuntimeOp.
type spPulseOp struct { type spPulseOp struct {
// PulseAudio cookie data, populated during toSystem if a cookie is present. // PulseAudio cookie data, populated during toSystem if a cookie is present.
@@ -37,24 +38,40 @@ func (s *spPulseOp) toSystem(state *outcomeStateSys) error {
if _, err := state.k.stat(pulseRuntimeDir.String()); err != nil { if _, err := state.k.stat(pulseRuntimeDir.String()); err != nil {
if !errors.Is(err, fs.ErrNotExist) { if !errors.Is(err, fs.ErrNotExist) {
return &hst.AppError{Step: fmt.Sprintf("access PulseAudio directory %q", pulseRuntimeDir), Err: err} return &hst.AppError{Step: fmt.Sprintf(
"access PulseAudio directory %q",
pulseRuntimeDir,
), Err: err}
} }
return newWithMessageError(fmt.Sprintf("PulseAudio directory %q not found", pulseRuntimeDir), err) return newWithMessageError(fmt.Sprintf(
"PulseAudio directory %q not found",
pulseRuntimeDir,
), err)
} }
if fi, err := state.k.stat(pulseSocket.String()); err != nil { if fi, err := state.k.stat(pulseSocket.String()); err != nil {
if !errors.Is(err, fs.ErrNotExist) { if !errors.Is(err, fs.ErrNotExist) {
return &hst.AppError{Step: fmt.Sprintf("access PulseAudio socket %q", pulseSocket), Err: err} return &hst.AppError{Step: fmt.Sprintf(
"access PulseAudio socket %q",
pulseSocket,
), Err: err}
} }
return newWithMessageError(fmt.Sprintf("PulseAudio directory %q found but socket does not exist", pulseRuntimeDir), err) return newWithMessageError(fmt.Sprintf(
"PulseAudio directory %q found but socket does not exist",
pulseRuntimeDir,
), err)
} else { } else {
if m := fi.Mode(); m&0o006 != 0o006 { if m := fi.Mode(); m&0o006 != 0o006 {
return newWithMessage(fmt.Sprintf("unexpected permissions on %q: %s", pulseSocket, m)) return newWithMessage(fmt.Sprintf(
"unexpected permissions on %q: %s",
pulseSocket, m,
))
} }
} }
// pulse socket is world writable and its parent directory DAC permissions prevents access; // PulseAudio socket is world writable and its parent directory DAC
// hard link to target-executable share directory to grant access // permissions prevents access. Hard link to target-executable share
// directory to grant access
state.sys.Link(pulseSocket, state.runtime().Append("pulse")) state.sys.Link(pulseSocket, state.runtime().Append("pulse"))
// load up to pulseCookieSizeMax bytes of pulse cookie for transmission to shim // load up to pulseCookieSizeMax bytes of pulse cookie for transmission to shim
@@ -62,7 +79,13 @@ func (s *spPulseOp) toSystem(state *outcomeStateSys) error {
return err return err
} else if a != nil { } else if a != nil {
s.Cookie = new([pulseCookieSizeMax]byte) s.Cookie = new([pulseCookieSizeMax]byte)
if s.CookieSize, err = loadFile(state.msg, state.k, "PulseAudio cookie", a.String(), s.Cookie[:]); err != nil { if s.CookieSize, err = loadFile(
state.msg,
state.k,
"PulseAudio cookie",
a.String(),
s.Cookie[:],
); err != nil {
return err return err
} }
} else { } else {
@@ -101,8 +124,9 @@ func (s *spPulseOp) commonPaths(state *outcomeState) (pulseRuntimeDir, pulseSock
return return
} }
// discoverPulseCookie attempts to discover the pathname of the PulseAudio cookie of the current user. // discoverPulseCookie attempts to discover the pathname of the PulseAudio
// If both returned pathname and error are nil, the cookie is likely unavailable and can be silently skipped. // cookie of the current user. If both returned pathname and error are nil, the
// cookie is likely unavailable and can be silently skipped.
func discoverPulseCookie(k syscallDispatcher) (*check.Absolute, error) { func discoverPulseCookie(k syscallDispatcher) (*check.Absolute, error) {
const paLocateStep = "locate PulseAudio cookie" const paLocateStep = "locate PulseAudio cookie"
@@ -186,7 +210,10 @@ func loadFile(
&os.PathError{Op: "stat", Path: pathname, Err: syscall.ENOMEM}, &os.PathError{Op: "stat", Path: pathname, Err: syscall.ENOMEM},
) )
} else if s < int64(n) { } else if s < int64(n) {
msg.Verbosef("%s at %q is %d bytes shorter than expected", description, pathname, int64(n)-s) msg.Verbosef(
"%s at %q is %d bytes shorter than expected",
description, pathname, int64(n)-s,
)
} else { } else {
msg.Verbosef("loading %d bytes from %q", n, pathname) msg.Verbosef("loading %d bytes from %q", n, pathname)
} }

4
internal/outcome/spruntime.go
View File

@@ -67,7 +67,9 @@ const (
// spRuntimeOp sets up XDG_RUNTIME_DIR inside the container. // spRuntimeOp sets up XDG_RUNTIME_DIR inside the container.
type spRuntimeOp struct { type spRuntimeOp struct {
// SessionType determines the value of envXDGSessionType. Populated during toSystem. // SessionType determines the value of envXDGSessionType.
//
// Populated during toSystem.
SessionType uintptr SessionType uintptr
} }

5
internal/outcome/spwayland.go
View File

@@ -12,9 +12,12 @@ import (
func init() { gob.Register(new(spWaylandOp)) } func init() { gob.Register(new(spWaylandOp)) }
// spWaylandOp exports the Wayland display server to the container. // spWaylandOp exports the Wayland display server to the container.
//
// Runs after spRuntimeOp. // Runs after spRuntimeOp.
type spWaylandOp struct { type spWaylandOp struct {
// Path to host wayland socket. Populated during toSystem if DirectWayland is true. // Path to host wayland socket.
//
// Populated during toSystem if DirectWayland is true.
SocketPath *check.Absolute SocketPath *check.Absolute
} }

5
internal/outcome/spx11.go
View File

@@ -50,7 +50,10 @@ func (s *spX11Op) toSystem(state *outcomeStateSys) error {
if socketPath != nil { if socketPath != nil {
if _, err := state.k.stat(socketPath.String()); err != nil { if _, err := state.k.stat(socketPath.String()); err != nil {
if !errors.Is(err, fs.ErrNotExist) { if !errors.Is(err, fs.ErrNotExist) {
return &hst.AppError{Step: fmt.Sprintf("access X11 socket %q", socketPath), Err: err} return &hst.AppError{Step: fmt.Sprintf(
"access X11 socket %q",
socketPath,
), Err: err}
} }
} else { } else {
state.sys.UpdatePermType(hst.EX11, socketPath, acl.Read, acl.Write, acl.Execute) state.sys.UpdatePermType(hst.EX11, socketPath, acl.Read, acl.Write, acl.Execute)

8
internal/pkg/exec.go
View File

@@ -20,6 +20,7 @@ import (
"hakurei.app/container/fhs" "hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -39,8 +40,8 @@ type ExecPath struct {
W bool W bool
} }
// SchedPolicy is the [container] scheduling policy. // SetSchedIdle is whether to set [std.SCHED_IDLE] scheduling priority.
var SchedPolicy int var SetSchedIdle bool
// PromoteLayers returns artifacts with identical-by-content layers promoted to // PromoteLayers returns artifacts with identical-by-content layers promoted to
// the highest priority instance, as if mounted via [ExecPath]. // the highest priority instance, as if mounted via [ExecPath].
@@ -413,7 +414,8 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
z.ParentPerm = 0700 z.ParentPerm = 0700
z.HostNet = hostNet z.HostNet = hostNet
z.Hostname = "cure" z.Hostname = "cure"
z.SchedPolicy = SchedPolicy z.SetScheduler = SetSchedIdle
z.SchedPolicy = ext.SCHED_IDLE
if z.HostNet { if z.HostNet {
z.Hostname = "cure-net" z.Hostname = "cure-net"
} }

4
internal/rosa/acl.go
View File

@@ -101,6 +101,10 @@ func init() {
Description: "Commands for Manipulating POSIX Access Control Lists", Description: "Commands for Manipulating POSIX Access Control Lists",
Website: "https://savannah.nongnu.org/projects/acl/", Website: "https://savannah.nongnu.org/projects/acl/",
Dependencies: P{
Attr,
},
ID: 16, ID: 16,
} }
} }

74
internal/rosa/all.go
View File

@@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt"
"net/http" "net/http"
"strconv" "strconv"
"sync" "sync"
@@ -19,8 +20,10 @@ const (
LLVMRuntimes LLVMRuntimes
LLVMClang LLVMClang
// EarlyInit is the Rosa OS initramfs init program. // EarlyInit is the Rosa OS init program.
EarlyInit EarlyInit
// ImageSystem is the Rosa OS /system image.
ImageSystem
// ImageInitramfs is the Rosa OS initramfs archive. // ImageInitramfs is the Rosa OS initramfs archive.
ImageInitramfs ImageInitramfs
@@ -109,21 +112,11 @@ const (
PkgConfig PkgConfig
Procps Procps
Python Python
PythonCfgv
PythonDiscovery
PythonDistlib
PythonFilelock
PythonIdentify
PythonIniConfig PythonIniConfig
PythonNodeenv
PythonPackaging PythonPackaging
PythonPlatformdirs
PythonPluggy PythonPluggy
PythonPreCommit
PythonPyTest PythonPyTest
PythonPyYAML
PythonPygments PythonPygments
PythonVirtualenv
QEMU QEMU
Rdfind Rdfind
Rsync Rsync
@@ -167,6 +160,36 @@ const (
PresetEnd PresetEnd
) )
// P represents multiple [PArtifact] and is stable through JSON.
type P []PArtifact
// MarshalJSON represents [PArtifact] by their [Metadata.Name].
func (s P) MarshalJSON() ([]byte, error) {
names := make([]string, len(s))
for i, p := range s {
names[i] = GetMetadata(p).Name
}
return json.Marshal(names)
}
// UnmarshalJSON resolves the value created by MarshalJSON back to [P].
func (s *P) UnmarshalJSON(data []byte) error {
var names []string
if err := json.Unmarshal(data, &names); err != nil {
return err
}
*s = make(P, len(names))
for i, name := range names {
if p, ok := ResolveName(name); !ok {
return fmt.Errorf("unknown artifact %q", name)
} else {
(*s)[i] = p
}
}
return nil
}
// Metadata is stage-agnostic information of a [PArtifact] not directly // Metadata is stage-agnostic information of a [PArtifact] not directly
// representable in the resulting [pkg.Artifact]. // representable in the resulting [pkg.Artifact].
type Metadata struct { type Metadata struct {
@@ -179,6 +202,9 @@ type Metadata struct {
// Project home page. // Project home page.
Website string `json:"website,omitempty"` Website string `json:"website,omitempty"`
// Runtime dependencies.
Dependencies P `json:"dependencies"`
// Project identifier on [Anitya]. // Project identifier on [Anitya].
// //
// [Anitya]: https://release-monitoring.org/ // [Anitya]: https://release-monitoring.org/
@@ -256,9 +282,10 @@ var (
artifactsM [PresetEnd]Metadata artifactsM [PresetEnd]Metadata
// artifacts stores the result of Metadata.f. // artifacts stores the result of Metadata.f.
artifacts [_toolchainEnd][len(artifactsM)]pkg.Artifact artifacts [_toolchainEnd][len(artifactsM)]struct {
// versions stores the version of [PArtifact]. a pkg.Artifact
versions [_toolchainEnd][len(artifactsM)]string v string
}
// artifactsOnce is for lazy initialisation of artifacts. // artifactsOnce is for lazy initialisation of artifacts.
artifactsOnce [_toolchainEnd][len(artifactsM)]sync.Once artifactsOnce [_toolchainEnd][len(artifactsM)]sync.Once
) )
@@ -266,20 +293,23 @@ var (
// GetMetadata returns [Metadata] of a [PArtifact]. // GetMetadata returns [Metadata] of a [PArtifact].
func GetMetadata(p PArtifact) *Metadata { return &artifactsM[p] } func GetMetadata(p PArtifact) *Metadata { return &artifactsM[p] }
// construct constructs a [pkg.Artifact] corresponding to a [PArtifact] once.
func (t Toolchain) construct(p PArtifact) {
artifactsOnce[t][p].Do(func() {
artifacts[t][p].a, artifacts[t][p].v = artifactsM[p].f(t)
})
}
// Load returns the resulting [pkg.Artifact] of [PArtifact]. // Load returns the resulting [pkg.Artifact] of [PArtifact].
func (t Toolchain) Load(p PArtifact) pkg.Artifact { func (t Toolchain) Load(p PArtifact) pkg.Artifact {
artifactsOnce[t][p].Do(func() { t.construct(p)
artifacts[t][p], versions[t][p] = artifactsM[p].f(t) return artifacts[t][p].a
})
return artifacts[t][p]
} }
// Version returns the version string of [PArtifact]. // Version returns the version string of [PArtifact].
func (t Toolchain) Version(p PArtifact) string { func (t Toolchain) Version(p PArtifact) string {
artifactsOnce[t][p].Do(func() { t.construct(p)
artifacts[t][p], versions[t][p] = artifactsM[p].f(t) return artifacts[t][p].v
})
return versions[t][p]
} }
// ResolveName returns a [PArtifact] by name. // ResolveName returns a [PArtifact] by name.

26
internal/rosa/curl.go
View File

@@ -4,24 +4,35 @@ import "hakurei.app/internal/pkg"
func (t Toolchain) newCurl() (pkg.Artifact, string) { func (t Toolchain) newCurl() (pkg.Artifact, string) {
const ( const (
version = "8.18.0" version = "8.19.0"
checksum = "YpOolP_sx1DIrCEJ3elgVAu0wTLDS-EZMZFvOP0eha7FaLueZUlEpuMwDzJNyi7i" checksum = "YHuVLVVp8q_Y7-JWpID5ReNjq2Zk6t7ArHB6ngQXilp_R5l3cubdxu3UKo-xDByv"
) )
return t.NewPackage("curl", version, pkg.NewHTTPGetTar( return t.NewPackage("curl", version, pkg.NewHTTPGetTar(
nil, "https://curl.se/download/curl-"+version+".tar.bz2", nil, "https://curl.se/download/curl-"+version+".tar.bz2",
mustDecode(checksum), mustDecode(checksum),
pkg.TarBzip2, pkg.TarBzip2,
), nil, &MakeHelper{ ), &PackageAttr{
// remove broken test
Writable: true,
ScriptEarly: `
chmod +w tests/data && rm tests/data/test459
`,
}, &MakeHelper{
Configure: [][2]string{ Configure: [][2]string{
{"with-openssl"}, {"with-openssl"},
{"with-ca-bundle", "/system/etc/ssl/certs/ca-bundle.crt"}, {"with-ca-bundle", "/system/etc/ssl/certs/ca-bundle.crt"},
{"disable-smb"},
}, },
Check: []string{ Check: []string{
"TFLAGS=-j256", `TFLAGS="-j$(expr "$(nproc)" '*' 2)"`,
"check", "test-nonflaky",
}, },
}, },
Perl, Perl,
Python,
PkgConfig,
Diffutils,
Libpsl, Libpsl,
OpenSSL, OpenSSL,
@@ -35,6 +46,11 @@ func init() {
Description: "command line tool and library for transferring data with URLs", Description: "command line tool and library for transferring data with URLs",
Website: "https://curl.se/", Website: "https://curl.se/",
Dependencies: P{
Libpsl,
OpenSSL,
},
ID: 381, ID: 381,
} }
} }

8
internal/rosa/elfutils.go
View File

@@ -46,6 +46,14 @@ func init() {
Description: "utilities and libraries to handle ELF files and DWARF data", Description: "utilities and libraries to handle ELF files and DWARF data",
Website: "https://sourceware.org/elfutils/", Website: "https://sourceware.org/elfutils/",
Dependencies: P{
Zlib,
Bzip2,
Zstd,
MuslFts,
MuslObstack,
},
ID: 5679, ID: 5679,
} }
} }

3
internal/rosa/fakeroot.go
View File

@@ -36,9 +36,6 @@ index f135ad9..85c784c 100644
// makes assumptions about /etc/passwd // makes assumptions about /etc/passwd
SkipCheck: true, SkipCheck: true,
}, },
M4,
Perl,
Autoconf,
Automake, Automake,
Libtool, Libtool,
PkgConfig, PkgConfig,

4
internal/rosa/fuse.go
View File

@@ -24,10 +24,6 @@ func (t Toolchain) newFuse() (pkg.Artifact, string) {
// this project uses pytest // this project uses pytest
SkipTest: true, SkipTest: true,
}, },
PythonIniConfig,
PythonPackaging,
PythonPluggy,
PythonPygments,
PythonPyTest, PythonPyTest,
KernelHeaders, KernelHeaders,

26
internal/rosa/git.go
View File

@@ -52,16 +52,18 @@ disable_test t2200-add-update
`GIT_PROVE_OPTS="--jobs 32 --failures"`, `GIT_PROVE_OPTS="--jobs 32 --failures"`,
"prove", "prove",
}, },
Install: `make \
"-j$(nproc)" \
DESTDIR=/work \
NO_INSTALL_HARDLINKS=1 \
install`,
}, },
Perl,
Diffutils, Diffutils,
M4,
Autoconf, Autoconf,
Gettext, Gettext,
Zlib, Zlib,
Curl, Curl,
OpenSSL,
Libexpat, Libexpat,
), version ), version
} }
@@ -73,6 +75,12 @@ func init() {
Description: "distributed version control system", Description: "distributed version control system",
Website: "https://www.git-scm.com/", Website: "https://www.git-scm.com/",
Dependencies: P{
Zlib,
Curl,
Libexpat,
},
ID: 5350, ID: 5350,
} }
} }
@@ -82,14 +90,10 @@ func (t Toolchain) NewViaGit(
name, url, rev string, name, url, rev string,
checksum pkg.Checksum, checksum pkg.Checksum,
) pkg.Artifact { ) pkg.Artifact {
return t.New(name+"-"+rev, 0, []pkg.Artifact{ return t.New(name+"-"+rev, 0, t.AppendPresets(nil,
t.Load(NSSCACert), NSSCACert,
t.Load(OpenSSL), Git,
t.Load(Libpsl), ), &checksum, nil, `
t.Load(Curl),
t.Load(Libexpat),
t.Load(Git),
}, &checksum, nil, `
git \ git \
-c advice.detachedHead=false \ -c advice.detachedHead=false \
clone \ clone \

41
internal/rosa/gnu.go
View File

@@ -117,6 +117,11 @@ func init() {
Description: "M4 macros to produce self-contained configure script", Description: "M4 macros to produce self-contained configure script",
Website: "https://www.gnu.org/software/autoconf/", Website: "https://www.gnu.org/software/autoconf/",
Dependencies: P{
M4,
Perl,
},
ID: 141, ID: 141,
} }
} }
@@ -143,8 +148,6 @@ test_disable '#!/bin/sh' t/distname.sh
test_disable '#!/bin/sh' t/pr9.sh test_disable '#!/bin/sh' t/pr9.sh
`, `,
}, (*MakeHelper)(nil), }, (*MakeHelper)(nil),
M4,
Perl,
Grep, Grep,
Gzip, Gzip,
Autoconf, Autoconf,
@@ -159,6 +162,10 @@ func init() {
Description: "a tool for automatically generating Makefile.in files", Description: "a tool for automatically generating Makefile.in files",
Website: "https://www.gnu.org/software/automake/", Website: "https://www.gnu.org/software/automake/",
Dependencies: P{
Autoconf,
},
ID: 144, ID: 144,
} }
} }
@@ -524,6 +531,11 @@ func init() {
Description: "the GNU square-wheel-reinvension of man pages", Description: "the GNU square-wheel-reinvension of man pages",
Website: "https://www.gnu.org/software/texinfo/", Website: "https://www.gnu.org/software/texinfo/",
Dependencies: P{
Perl,
Gawk,
},
ID: 4958, ID: 4958,
} }
} }
@@ -660,7 +672,6 @@ func (t Toolchain) newBC() (pkg.Artifact, string) {
Writable: true, Writable: true,
Chmod: true, Chmod: true,
}, (*MakeHelper)(nil), }, (*MakeHelper)(nil),
Perl,
Texinfo, Texinfo,
), version ), version
} }
@@ -762,6 +773,10 @@ func init() {
Description: "a shell tool for executing jobs in parallel using one or more computers", Description: "a shell tool for executing jobs in parallel using one or more computers",
Website: "https://www.gnu.org/software/parallel/", Website: "https://www.gnu.org/software/parallel/",
Dependencies: P{
Perl,
},
ID: 5448, ID: 5448,
} }
} }
@@ -839,6 +854,10 @@ func init() {
Description: "a C library for multiple-precision floating-point computations", Description: "a C library for multiple-precision floating-point computations",
Website: "https://www.mpfr.org/", Website: "https://www.mpfr.org/",
Dependencies: P{
GMP,
},
ID: 2019, ID: 2019,
} }
} }
@@ -854,7 +873,6 @@ func (t Toolchain) newMPC() (pkg.Artifact, string) {
mustDecode(checksum), mustDecode(checksum),
pkg.TarGzip, pkg.TarGzip,
), nil, (*MakeHelper)(nil), ), nil, (*MakeHelper)(nil),
GMP,
MPFR, MPFR,
), version ), version
} }
@@ -866,6 +884,10 @@ func init() {
Description: "a C library for the arithmetic of complex numbers", Description: "a C library for the arithmetic of complex numbers",
Website: "https://www.multiprecision.org/", Website: "https://www.multiprecision.org/",
Dependencies: P{
MPFR,
},
ID: 1667, ID: 1667,
} }
} }
@@ -1063,10 +1085,7 @@ ln -s system/lib /work/
}, },
Binutils, Binutils,
GMP,
MPFR,
MPC, MPC,
Zlib, Zlib,
Libucontext, Libucontext,
KernelHeaders, KernelHeaders,
@@ -1080,6 +1099,14 @@ func init() {
Description: "The GNU Compiler Collection", Description: "The GNU Compiler Collection",
Website: "https://www.gnu.org/software/gcc/", Website: "https://www.gnu.org/software/gcc/",
Dependencies: P{
Binutils,
MPC,
Zlib,
Libucontext,
},
ID: 6502, ID: 6502,
} }
} }

18
internal/rosa/go.go
View File

@@ -74,22 +74,8 @@ func (t Toolchain) newGoLatest() (pkg.Artifact, string) {
bootstrapExtra = append(bootstrapExtra, t.newGoBootstrap()) bootstrapExtra = append(bootstrapExtra, t.newGoBootstrap())
case "arm64": case "arm64":
bootstrapEnv = append(bootstrapEnv, bootstrapEnv = append(bootstrapEnv, "GOROOT_BOOTSTRAP=/system")
"GOROOT_BOOTSTRAP=/system", bootstrapExtra = t.AppendPresets(bootstrapExtra, gcc)
)
bootstrapExtra = append(bootstrapExtra,
t.Load(Binutils),
t.Load(GMP),
t.Load(MPFR),
t.Load(MPC),
t.Load(Zlib),
t.Load(Libucontext),
t.Load(gcc),
)
finalEnv = append(finalEnv, "CGO_ENABLED=0") finalEnv = append(finalEnv, "CGO_ENABLED=0")
default: default:

10
internal/rosa/gtk.go
View File

@@ -9,8 +9,8 @@ import (
func (t Toolchain) newGLib() (pkg.Artifact, string) { func (t Toolchain) newGLib() (pkg.Artifact, string) {
const ( const (
version = "2.87.3" version = "2.87.5"
checksum = "iKSLpzZZVfmAZZmqfO1y6uHdlIks4hzPWrqeUCp4ZeQjrPFA3aAa4OmrBYMNS-Si" checksum = "L5jurSfyCTlcSTfx-1RBHbNZPL0HnNQakmFXidgAV1JFu0lbytowCCBAALTp-WGc"
) )
return t.NewPackage("glib", version, pkg.NewHTTPGet( return t.NewPackage("glib", version, pkg.NewHTTPGet(
nil, "https://download.gnome.org/sources/glib/"+ nil, "https://download.gnome.org/sources/glib/"+
@@ -56,6 +56,12 @@ func init() {
Description: "the GNU library of miscellaneous stuff", Description: "the GNU library of miscellaneous stuff",
Website: "https://developer.gnome.org/glib/", Website: "https://developer.gnome.org/glib/",
Dependencies: P{
PCRE2,
Libffi,
Zlib,
},
ID: 10024, ID: 10024,
} }
} }

34
internal/rosa/hakurei.go
View File

@@ -15,29 +15,23 @@ echo
hostname = "" hostname = ""
} }
return t.New("hakurei"+suffix+"-"+hakureiVersion, 0, []pkg.Artifact{ return t.New("hakurei"+suffix+"-"+hakureiVersion, 0, t.AppendPresets(nil,
t.Load(Go), Go,
PkgConfig,
t.Load(Gzip), // dist tarball
t.Load(PkgConfig), Gzip,
t.Load(KernelHeaders), // statically linked
t.Load(Libseccomp), Libseccomp,
t.Load(ACL), ACL,
t.Load(Attr), Fuse,
t.Load(Fuse), XCB,
Wayland,
WaylandProtocols,
t.Load(Xproto), KernelHeaders,
t.Load(LibXau), ), nil, []string{
t.Load(XCBProto),
t.Load(XCB),
t.Load(Libffi),
t.Load(Libexpat),
t.Load(Libxml2),
t.Load(Wayland),
t.Load(WaylandProtocols),
}, nil, []string{
"CGO_ENABLED=1", "CGO_ENABLED=1",
"GOCACHE=/tmp/gocache", "GOCACHE=/tmp/gocache",
"CC=clang -O3 -Werror", "CC=clang -O3 -Werror",

Some files were not shown because too many files have changed in this diff Show More