security/hakurei
security/hakurei
6
3
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 8 Wiki Activity

container/seccomp/pnr: define pseudo syscalls
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 2m21s
Details
Test / Hakurei (push) Successful in 3m12s
Details
Test / Hpkg (push) Successful in 4m2s
Details
Test / Sandbox (race detector) (push) Successful in 4m5s
Details
Test / Hakurei (race detector) (push) Successful in 4m58s
Details
Test / Flake checks (push) Successful in 1m27s
Details

Browse Source 
This eliminates the cgo dependency from syscall lookup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-11-05 04:28:11 +09:00
parent c1399f5030
commit 54c0d6bf48
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 305 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

267
container/seccomp/pnr.go Normal file
View File

@ -0,0 +1,267 @@
// Code generated from include/seccomp-syscalls.h; DO NOT EDIT.
package seccomp
/*
* pseudo syscall definitions
*/
const (
/* socket syscalls */
__PNR_socket = -101
__PNR_bind = -102
__PNR_connect = -103
__PNR_listen = -104
__PNR_accept = -105
__PNR_getsockname = -106
__PNR_getpeername = -107
__PNR_socketpair = -108
__PNR_send = -109
__PNR_recv = -110
__PNR_sendto = -111
__PNR_recvfrom = -112
__PNR_shutdown = -113
__PNR_setsockopt = -114
__PNR_getsockopt = -115
__PNR_sendmsg = -116
__PNR_recvmsg = -117
__PNR_accept4 = -118
__PNR_recvmmsg = -119
__PNR_sendmmsg = -120
/* ipc syscalls */
__PNR_semop = -201
__PNR_semget = -202
__PNR_semctl = -203
__PNR_semtimedop = -204
__PNR_msgsnd = -211
__PNR_msgrcv = -212
__PNR_msgget = -213
__PNR_msgctl = -214
__PNR_shmat = -221
__PNR_shmdt = -222
__PNR_shmget = -223
__PNR_shmctl = -224
/* single syscalls */
__PNR_arch_prctl = -10001
__PNR_bdflush = -10002
__PNR_break = -10003
__PNR_chown32 = -10004
__PNR_epoll_ctl_old = -10005
__PNR_epoll_wait_old = -10006
__PNR_fadvise64_64 = -10007
__PNR_fchown32 = -10008
__PNR_fcntl64 = -10009
__PNR_fstat64 = -10010
__PNR_fstatat64 = -10011
__PNR_fstatfs64 = -10012
__PNR_ftime = -10013
__PNR_ftruncate64 = -10014
__PNR_getegid32 = -10015
__PNR_geteuid32 = -10016
__PNR_getgid32 = -10017
__PNR_getgroups32 = -10018
__PNR_getresgid32 = -10019
__PNR_getresuid32 = -10020
__PNR_getuid32 = -10021
__PNR_gtty = -10022
__PNR_idle = -10023
__PNR_ipc = -10024
__PNR_lchown32 = -10025
__PNR__llseek = -10026
__PNR_lock = -10027
__PNR_lstat64 = -10028
__PNR_mmap2 = -10029
__PNR_mpx = -10030
__PNR_newfstatat = -10031
__PNR__newselect = -10032
__PNR_nice = -10033
__PNR_oldfstat = -10034
__PNR_oldlstat = -10035
__PNR_oldolduname = -10036
__PNR_oldstat = -10037
__PNR_olduname = -10038
__PNR_prof = -10039
__PNR_profil = -10040
__PNR_readdir = -10041
__PNR_security = -10042
__PNR_sendfile64 = -10043
__PNR_setfsgid32 = -10044
__PNR_setfsuid32 = -10045
__PNR_setgid32 = -10046
__PNR_setgroups32 = -10047
__PNR_setregid32 = -10048
__PNR_setresgid32 = -10049
__PNR_setresuid32 = -10050
__PNR_setreuid32 = -10051
__PNR_setuid32 = -10052
__PNR_sgetmask = -10053
__PNR_sigaction = -10054
__PNR_signal = -10055
__PNR_sigpending = -10056
__PNR_sigprocmask = -10057
__PNR_sigreturn = -10058
__PNR_sigsuspend = -10059
__PNR_socketcall = -10060
__PNR_ssetmask = -10061
__PNR_stat64 = -10062
__PNR_statfs64 = -10063
__PNR_stime = -10064
__PNR_stty = -10065
__PNR_truncate64 = -10066
__PNR_tuxcall = -10067
__PNR_ugetrlimit = -10068
__PNR_ulimit = -10069
__PNR_umount = -10070
__PNR_vm86 = -10071
__PNR_vm86old = -10072
__PNR_waitpid = -10073
__PNR_create_module = -10074
__PNR_get_kernel_syms = -10075
__PNR_get_thread_area = -10076
__PNR_nfsservctl = -10077
__PNR_query_module = -10078
__PNR_set_thread_area = -10079
__PNR__sysctl = -10080
__PNR_uselib = -10081
__PNR_vserver = -10082
__PNR_arm_fadvise64_64 = -10083
__PNR_arm_sync_file_range = -10084
__PNR_pciconfig_iobase = -10086
__PNR_pciconfig_read = -10087
__PNR_pciconfig_write = -10088
__PNR_sync_file_range2 = -10089
__PNR_syscall = -10090
__PNR_afs_syscall = -10091
__PNR_fadvise64 = -10092
__PNR_getpmsg = -10093
__PNR_ioperm = -10094
__PNR_iopl = -10095
__PNR_migrate_pages = -10097
__PNR_modify_ldt = -10098
__PNR_putpmsg = -10099
__PNR_sync_file_range = -10100
__PNR_select = -10101
__PNR_vfork = -10102
__PNR_cachectl = -10103
__PNR_cacheflush = -10104
__PNR_sysmips = -10106
__PNR_timerfd = -10107
__PNR_time = -10108
__PNR_getrandom = -10109
__PNR_memfd_create = -10110
__PNR_kexec_file_load = -10111
__PNR_sysfs = -10145
__PNR_oldwait4 = -10146
__PNR_access = -10147
__PNR_alarm = -10148
__PNR_chmod = -10149
__PNR_chown = -10150
__PNR_creat = -10151
__PNR_dup2 = -10152
__PNR_epoll_create = -10153
__PNR_epoll_wait = -10154
__PNR_eventfd = -10155
__PNR_fork = -10156
__PNR_futimesat = -10157
__PNR_getdents = -10158
__PNR_getpgrp = -10159
__PNR_inotify_init = -10160
__PNR_lchown = -10161
__PNR_link = -10162
__PNR_lstat = -10163
__PNR_mkdir = -10164
__PNR_mknod = -10165
__PNR_open = -10166
__PNR_pause = -10167
__PNR_pipe = -10168
__PNR_poll = -10169
__PNR_readlink = -10170
__PNR_rename = -10171
__PNR_rmdir = -10172
__PNR_signalfd = -10173
__PNR_stat = -10174
__PNR_symlink = -10175
__PNR_unlink = -10176
__PNR_ustat = -10177
__PNR_utime = -10178
__PNR_utimes = -10179
__PNR_getrlimit = -10180
__PNR_mmap = -10181
__PNR_breakpoint = -10182
__PNR_set_tls = -10183
__PNR_usr26 = -10184
__PNR_usr32 = -10185
__PNR_multiplexer = -10186
__PNR_rtas = -10187
__PNR_spu_create = -10188
__PNR_spu_run = -10189
__PNR_swapcontext = -10190
__PNR_sys_debug_setcontext = -10191
__PNR_switch_endian = -10191
__PNR_get_mempolicy = -10192
__PNR_move_pages = -10193
__PNR_mbind = -10194
__PNR_set_mempolicy = -10195
__PNR_s390_runtime_instr = -10196
__PNR_s390_pci_mmio_read = -10197
__PNR_s390_pci_mmio_write = -10198
__PNR_membarrier = -10199
__PNR_userfaultfd = -10200
__PNR_pkey_mprotect = -10201
__PNR_pkey_alloc = -10202
__PNR_pkey_free = -10203
__PNR_get_tls = -10204
__PNR_s390_guarded_storage = -10205
__PNR_s390_sthyi = -10206
__PNR_subpage_prot = -10207
__PNR_statx = -10208
__PNR_io_pgetevents = -10209
__PNR_rseq = -10210
__PNR_setrlimit = -10211
__PNR_clock_adjtime64 = -10212
__PNR_clock_getres_time64 = -10213
__PNR_clock_gettime64 = -10214
__PNR_clock_nanosleep_time64 = -10215
__PNR_clock_settime64 = -10216
__PNR_clone3 = -10217
__PNR_fsconfig = -10218
__PNR_fsmount = -10219
__PNR_fsopen = -10220
__PNR_fspick = -10221
__PNR_futex_time64 = -10222
__PNR_io_pgetevents_time64 = -10223
__PNR_move_mount = -10224
__PNR_mq_timedreceive_time64 = -10225
__PNR_mq_timedsend_time64 = -10226
__PNR_open_tree = -10227
__PNR_pidfd_open = -10228
__PNR_pidfd_send_signal = -10229
__PNR_ppoll_time64 = -10230
__PNR_pselect6_time64 = -10231
__PNR_recvmmsg_time64 = -10232
__PNR_rt_sigtimedwait_time64 = -10233
__PNR_sched_rr_get_interval_time64 = -10234
__PNR_semtimedop_time64 = -10235
__PNR_timer_gettime64 = -10236
__PNR_timer_settime64 = -10237
__PNR_timerfd_gettime64 = -10238
__PNR_timerfd_settime64 = -10239
__PNR_utimensat_time64 = -10240
__PNR_ppoll = -10241
__PNR_renameat = -10242
__PNR_riscv_flush_icache = -10243
__PNR_memfd_secret = -10244
__PNR_map_shadow_stack = -10245
__PNR_fstat = -10246
__PNR_atomic_barrier = -10247
__PNR_atomic_cmpxchg_32 = -10248
__PNR_getpagesize = -10249
__PNR_riscv_hwprobe = -10250
__PNR_uretprobe = -10251
)

41
container/seccomp/syscall_extra_linux_amd64.go
View File

@ -1,12 +1,5 @@
package seccomp package seccomp
/*
#cgo linux pkg-config: --static libseccomp
#include <seccomp.h>
*/
import "C"
var syscallNumExtra = map[string]int{ var syscallNumExtra = map[string]int{
"umount": SYS_UMOUNT, "umount": SYS_UMOUNT,
"subpage_prot": SYS_SUBPAGE_PROT, "subpage_prot": SYS_SUBPAGE_PROT,
@ -28,21 +21,21 @@ var syscallNumExtra = map[string]int{
} }
const ( const (
SYS_UMOUNT = C.__SNR_umount SYS_UMOUNT = __PNR_umount
SYS_SUBPAGE_PROT = C.__SNR_subpage_prot SYS_SUBPAGE_PROT = __PNR_subpage_prot
SYS_SWITCH_ENDIAN = C.__SNR_switch_endian SYS_SWITCH_ENDIAN = __PNR_switch_endian
SYS_VM86 = C.__SNR_vm86 SYS_VM86 = __PNR_vm86
SYS_VM86OLD = C.__SNR_vm86old SYS_VM86OLD = __PNR_vm86old
SYS_CLOCK_ADJTIME64 = C.__SNR_clock_adjtime64 SYS_CLOCK_ADJTIME64 = __PNR_clock_adjtime64
SYS_CLOCK_SETTIME64 = C.__SNR_clock_settime64 SYS_CLOCK_SETTIME64 = __PNR_clock_settime64
SYS_CHOWN32 = C.__SNR_chown32 SYS_CHOWN32 = __PNR_chown32
SYS_FCHOWN32 = C.__SNR_fchown32 SYS_FCHOWN32 = __PNR_fchown32
SYS_LCHOWN32 = C.__SNR_lchown32 SYS_LCHOWN32 = __PNR_lchown32
SYS_SETGID32 = C.__SNR_setgid32 SYS_SETGID32 = __PNR_setgid32
SYS_SETGROUPS32 = C.__SNR_setgroups32 SYS_SETGROUPS32 = __PNR_setgroups32
SYS_SETREGID32 = C.__SNR_setregid32 SYS_SETREGID32 = __PNR_setregid32
SYS_SETRESGID32 = C.__SNR_setresgid32 SYS_SETRESGID32 = __PNR_setresgid32
SYS_SETRESUID32 = C.__SNR_setresuid32 SYS_SETRESUID32 = __PNR_setresuid32
SYS_SETREUID32 = C.__SNR_setreuid32 SYS_SETREUID32 = __PNR_setreuid32
SYS_SETUID32 = C.__SNR_setuid32 SYS_SETUID32 = __PNR_setuid32
) )

48
container/seccomp/syscall_extra_linux_arm64.go
View File

@ -1,11 +1,5 @@
package seccomp package seccomp
/*
#cgo linux pkg-config: --static libseccomp
#include <seccomp.h>
*/
import "C"
import "syscall" import "syscall"
const ( const (
@ -37,25 +31,25 @@ var syscallNumExtra = map[string]int{
} }
const ( const (
SYS_USELIB = C.__SNR_uselib SYS_USELIB = __PNR_uselib
SYS_CLOCK_ADJTIME64 = C.__SNR_clock_adjtime64 SYS_CLOCK_ADJTIME64 = __PNR_clock_adjtime64
SYS_CLOCK_SETTIME64 = C.__SNR_clock_settime64 SYS_CLOCK_SETTIME64 = __PNR_clock_settime64
SYS_UMOUNT = C.__SNR_umount SYS_UMOUNT = __PNR_umount
SYS_CHOWN = C.__SNR_chown SYS_CHOWN = __PNR_chown
SYS_CHOWN32 = C.__SNR_chown32 SYS_CHOWN32 = __PNR_chown32
SYS_FCHOWN32 = C.__SNR_fchown32 SYS_FCHOWN32 = __PNR_fchown32
SYS_LCHOWN = C.__SNR_lchown SYS_LCHOWN = __PNR_lchown
SYS_LCHOWN32 = C.__SNR_lchown32 SYS_LCHOWN32 = __PNR_lchown32
SYS_SETGID32 = C.__SNR_setgid32 SYS_SETGID32 = __PNR_setgid32
SYS_SETGROUPS32 = C.__SNR_setgroups32 SYS_SETGROUPS32 = __PNR_setgroups32
SYS_SETREGID32 = C.__SNR_setregid32 SYS_SETREGID32 = __PNR_setregid32
SYS_SETRESGID32 = C.__SNR_setresgid32 SYS_SETRESGID32 = __PNR_setresgid32
SYS_SETRESUID32 = C.__SNR_setresuid32 SYS_SETRESUID32 = __PNR_setresuid32
SYS_SETREUID32 = C.__SNR_setreuid32 SYS_SETREUID32 = __PNR_setreuid32
SYS_SETUID32 = C.__SNR_setuid32 SYS_SETUID32 = __PNR_setuid32
SYS_MODIFY_LDT = C.__SNR_modify_ldt SYS_MODIFY_LDT = __PNR_modify_ldt
SYS_SUBPAGE_PROT = C.__SNR_subpage_prot SYS_SUBPAGE_PROT = __PNR_subpage_prot
SYS_SWITCH_ENDIAN = C.__SNR_switch_endian SYS_SWITCH_ENDIAN = __PNR_switch_endian
SYS_VM86 = C.__SNR_vm86 SYS_VM86 = __PNR_vm86
SYS_VM86OLD = C.__SNR_vm86old SYS_VM86OLD = __PNR_vm86old
) )