security/hakurei
security/hakurei
6
3
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 8 Wiki Activity

container: add 386 constants
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 2m17s
Details
Test / Hakurei (push) Successful in 3m11s
Details
Test / Hpkg (push) Successful in 4m0s
Details
Test / Sandbox (race detector) (push) Successful in 4m16s
Details
Test / Hakurei (race detector) (push) Successful in 5m2s
Details
Test / Flake checks (push) Successful in 1m24s
Details

Browse Source 
While it is unlikely a use case for hakurei on i686 exists, it does not hurt to have this support.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-11-05 20:21:14 +09:00
parent 9fd97e71d0
commit 5c2b63a7f1
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
7 changed files with 630 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
container/seccomp/presets_386_test.go Normal file
View File

@ -0,0 +1,27 @@
package seccomp_test
import (
. "hakurei.app/container/seccomp"
. "hakurei.app/container/std"
)
var bpfExpected = bpfLookup{
{AllowMultiarch | AllowCAN |
AllowBluetooth, PresetExt |
PresetDenyNS | PresetDenyTTY | PresetDenyDevel |
PresetLinux32}: toHash(
"e67735d24caba42b6801e829ea4393727a36c5e37b8a51e5648e7886047e8454484ff06872aaef810799c29cbd0c1b361f423ad0ef518e33f68436372cc90eb1"),
{0, 0}: toHash(
"5dbcc08a4a1ccd8c12dd0cf6d9817ea6d4f40246e1db7a60e71a50111c4897d69f6fb6d710382d70c18910c2e4fa2d2aeb2daed835dd2fabe3f71def628ade59"),
{0, PresetExt}: toHash(
"d6c0f130dbb5c793d1c10f730455701875778138bd2d03ca009d674842fd97a10815a8c539b76b7801a73de19463938701216b756c053ec91cfe304cba04a0ed"),
{0, PresetStrict}: toHash(
"af7d7b66f2e83f9a850472170c1b83d1371426faa9d0dee4e85b179d3ec75ca92828cb8529eb3012b559497494b2eab4d4b140605e3a26c70dfdbe5efe33c105"),
{0, PresetDenyNS | PresetDenyTTY | PresetDenyDevel}: toHash(
"adfb4397e6eeae8c477d315d58204aae854d60071687b8df4c758e297780e02deee1af48328cef80e16e4d6ab1a66ef13e42247c3475cf447923f15cbc17a6a6"),
{0, PresetExt | PresetDenyDevel}: toHash(
"5d641321460cf54a7036a40a08e845082e1f6d65b9dee75db85ef179f2732f321b16aee2258b74273b04e0d24562e8b1e727930a7e787f41eb5c8aaa0bc22793"),
{0, PresetExt | PresetDenyNS | PresetDenyDevel}: toHash(
"b1f802d39de5897b1e4cb0e82a199f53df0a803ea88e2fd19491fb8c90387c9e2eaa7e323f565fecaa0202a579eb050531f22e6748e04cfd935b8faac35983ec"),
}

1
container/std/mksysnum_linux.pl
View File

@ -9,6 +9,7 @@ use POSIX ();
my $command = "mksysnum_linux.pl ". join(' ', @ARGV);
my $uname_arch = (POSIX::uname)[4];
my %syscall_cutoff_arch = (
"x86" => 340,
"x86_64" => 302,
"aarch64" => 281,
);

13
container/std/syscall_extra_linux_386.go Normal file
View File

@ -0,0 +1,13 @@
package std
var syscallNumExtra = map[string]int{
"kexec_file_load": SYS_KEXEC_FILE_LOAD,
"subpage_prot": SYS_SUBPAGE_PROT,
"switch_endian": SYS_SWITCH_ENDIAN,
}
const (
SYS_KEXEC_FILE_LOAD = __PNR_kexec_file_load
SYS_SUBPAGE_PROT = __PNR_subpage_prot
SYS_SWITCH_ENDIAN = __PNR_switch_endian
)

579
container/std/syscall_linux_386.go Normal file
View File

@ -0,0 +1,579 @@
// mksysnum_linux.pl /usr/include/asm/unistd_32.h
// Code generated by the command above; DO NOT EDIT.
package std
import . "syscall"
var syscallNum = map[string]int{
"restart_syscall": SYS_RESTART_SYSCALL,
"exit": SYS_EXIT,
"fork": SYS_FORK,
"read": SYS_READ,
"write": SYS_WRITE,
"open": SYS_OPEN,
"close": SYS_CLOSE,
"waitpid": SYS_WAITPID,
"creat": SYS_CREAT,
"link": SYS_LINK,
"unlink": SYS_UNLINK,
"execve": SYS_EXECVE,
"chdir": SYS_CHDIR,
"time": SYS_TIME,
"mknod": SYS_MKNOD,
"chmod": SYS_CHMOD,
"lchown": SYS_LCHOWN,
"break": SYS_BREAK,
"oldstat": SYS_OLDSTAT,
"lseek": SYS_LSEEK,
"getpid": SYS_GETPID,
"mount": SYS_MOUNT,
"umount": SYS_UMOUNT,
"setuid": SYS_SETUID,
"getuid": SYS_GETUID,
"stime": SYS_STIME,
"ptrace": SYS_PTRACE,
"alarm": SYS_ALARM,
"oldfstat": SYS_OLDFSTAT,
"pause": SYS_PAUSE,
"utime": SYS_UTIME,
"stty": SYS_STTY,
"gtty": SYS_GTTY,
"access": SYS_ACCESS,
"nice": SYS_NICE,
"ftime": SYS_FTIME,
"sync": SYS_SYNC,
"kill": SYS_KILL,
"rename": SYS_RENAME,
"mkdir": SYS_MKDIR,
"rmdir": SYS_RMDIR,
"dup": SYS_DUP,
"pipe": SYS_PIPE,
"times": SYS_TIMES,
"prof": SYS_PROF,
"brk": SYS_BRK,
"setgid": SYS_SETGID,
"getgid": SYS_GETGID,
"signal": SYS_SIGNAL,
"geteuid": SYS_GETEUID,
"getegid": SYS_GETEGID,
"acct": SYS_ACCT,
"umount2": SYS_UMOUNT2,
"lock": SYS_LOCK,
"ioctl": SYS_IOCTL,
"fcntl": SYS_FCNTL,
"mpx": SYS_MPX,
"setpgid": SYS_SETPGID,
"ulimit": SYS_ULIMIT,
"oldolduname": SYS_OLDOLDUNAME,
"umask": SYS_UMASK,
"chroot": SYS_CHROOT,
"ustat": SYS_USTAT,
"dup2": SYS_DUP2,
"getppid": SYS_GETPPID,
"getpgrp": SYS_GETPGRP,
"setsid": SYS_SETSID,
"sigaction": SYS_SIGACTION,
"sgetmask": SYS_SGETMASK,
"ssetmask": SYS_SSETMASK,
"setreuid": SYS_SETREUID,
"setregid": SYS_SETREGID,
"sigsuspend": SYS_SIGSUSPEND,
"sigpending": SYS_SIGPENDING,
"sethostname": SYS_SETHOSTNAME,
"setrlimit": SYS_SETRLIMIT,
"getrlimit": SYS_GETRLIMIT,
"getrusage": SYS_GETRUSAGE,
"gettimeofday": SYS_GETTIMEOFDAY,
"settimeofday": SYS_SETTIMEOFDAY,
"getgroups": SYS_GETGROUPS,
"setgroups": SYS_SETGROUPS,
"select": SYS_SELECT,
"symlink": SYS_SYMLINK,
"oldlstat": SYS_OLDLSTAT,
"readlink": SYS_READLINK,
"uselib": SYS_USELIB,
"swapon": SYS_SWAPON,
"reboot": SYS_REBOOT,
"readdir": SYS_READDIR,
"mmap": SYS_MMAP,
"munmap": SYS_MUNMAP,
"truncate": SYS_TRUNCATE,
"ftruncate": SYS_FTRUNCATE,
"fchmod": SYS_FCHMOD,
"fchown": SYS_FCHOWN,
"getpriority": SYS_GETPRIORITY,
"setpriority": SYS_SETPRIORITY,
"profil": SYS_PROFIL,
"statfs": SYS_STATFS,
"fstatfs": SYS_FSTATFS,
"ioperm": SYS_IOPERM,
"socketcall": SYS_SOCKETCALL,
"syslog": SYS_SYSLOG,
"setitimer": SYS_SETITIMER,
"getitimer": SYS_GETITIMER,
"stat": SYS_STAT,
"lstat": SYS_LSTAT,
"fstat": SYS_FSTAT,
"olduname": SYS_OLDUNAME,
"iopl": SYS_IOPL,
"vhangup": SYS_VHANGUP,
"idle": SYS_IDLE,
"vm86old": SYS_VM86OLD,
"wait4": SYS_WAIT4,
"swapoff": SYS_SWAPOFF,
"sysinfo": SYS_SYSINFO,
"ipc": SYS_IPC,
"fsync": SYS_FSYNC,
"sigreturn": SYS_SIGRETURN,
"clone": SYS_CLONE,
"setdomainname": SYS_SETDOMAINNAME,
"uname": SYS_UNAME,
"modify_ldt": SYS_MODIFY_LDT,
"adjtimex": SYS_ADJTIMEX,
"mprotect": SYS_MPROTECT,
"sigprocmask": SYS_SIGPROCMASK,
"create_module": SYS_CREATE_MODULE,
"init_module": SYS_INIT_MODULE,
"delete_module": SYS_DELETE_MODULE,
"get_kernel_syms": SYS_GET_KERNEL_SYMS,
"quotactl": SYS_QUOTACTL,
"getpgid": SYS_GETPGID,
"fchdir": SYS_FCHDIR,
"bdflush": SYS_BDFLUSH,
"sysfs": SYS_SYSFS,
"personality": SYS_PERSONALITY,
"afs_syscall": SYS_AFS_SYSCALL,
"setfsuid": SYS_SETFSUID,
"setfsgid": SYS_SETFSGID,
"_llseek": SYS__LLSEEK,
"getdents": SYS_GETDENTS,
"_newselect": SYS__NEWSELECT,
"flock": SYS_FLOCK,
"msync": SYS_MSYNC,
"readv": SYS_READV,
"writev": SYS_WRITEV,
"getsid": SYS_GETSID,
"fdatasync": SYS_FDATASYNC,
"_sysctl": SYS__SYSCTL,
"mlock": SYS_MLOCK,
"munlock": SYS_MUNLOCK,
"mlockall": SYS_MLOCKALL,
"munlockall": SYS_MUNLOCKALL,
"sched_setparam": SYS_SCHED_SETPARAM,
"sched_getparam": SYS_SCHED_GETPARAM,
"sched_setscheduler": SYS_SCHED_SETSCHEDULER,
"sched_getscheduler": SYS_SCHED_GETSCHEDULER,
"sched_yield": SYS_SCHED_YIELD,
"sched_get_priority_max": SYS_SCHED_GET_PRIORITY_MAX,
"sched_get_priority_min": SYS_SCHED_GET_PRIORITY_MIN,
"sched_rr_get_interval": SYS_SCHED_RR_GET_INTERVAL,
"nanosleep": SYS_NANOSLEEP,
"mremap": SYS_MREMAP,
"setresuid": SYS_SETRESUID,
"getresuid": SYS_GETRESUID,
"vm86": SYS_VM86,
"query_module": SYS_QUERY_MODULE,
"poll": SYS_POLL,
"nfsservctl": SYS_NFSSERVCTL,
"setresgid": SYS_SETRESGID,
"getresgid": SYS_GETRESGID,
"prctl": SYS_PRCTL,
"rt_sigreturn": SYS_RT_SIGRETURN,
"rt_sigaction": SYS_RT_SIGACTION,
"rt_sigprocmask": SYS_RT_SIGPROCMASK,
"rt_sigpending": SYS_RT_SIGPENDING,
"rt_sigtimedwait": SYS_RT_SIGTIMEDWAIT,
"rt_sigqueueinfo": SYS_RT_SIGQUEUEINFO,
"rt_sigsuspend": SYS_RT_SIGSUSPEND,
"pread64": SYS_PREAD64,
"pwrite64": SYS_PWRITE64,
"chown": SYS_CHOWN,
"getcwd": SYS_GETCWD,
"capget": SYS_CAPGET,
"capset": SYS_CAPSET,
"sigaltstack": SYS_SIGALTSTACK,
"sendfile": SYS_SENDFILE,
"getpmsg": SYS_GETPMSG,
"putpmsg": SYS_PUTPMSG,
"vfork": SYS_VFORK,
"ugetrlimit": SYS_UGETRLIMIT,
"mmap2": SYS_MMAP2,
"truncate64": SYS_TRUNCATE64,
"ftruncate64": SYS_FTRUNCATE64,
"stat64": SYS_STAT64,
"lstat64": SYS_LSTAT64,
"fstat64": SYS_FSTAT64,
"lchown32": SYS_LCHOWN32,
"getuid32": SYS_GETUID32,
"getgid32": SYS_GETGID32,
"geteuid32": SYS_GETEUID32,
"getegid32": SYS_GETEGID32,
"setreuid32": SYS_SETREUID32,
"setregid32": SYS_SETREGID32,
"getgroups32": SYS_GETGROUPS32,
"setgroups32": SYS_SETGROUPS32,
"fchown32": SYS_FCHOWN32,
"setresuid32": SYS_SETRESUID32,
"getresuid32": SYS_GETRESUID32,
"setresgid32": SYS_SETRESGID32,
"getresgid32": SYS_GETRESGID32,
"chown32": SYS_CHOWN32,
"setuid32": SYS_SETUID32,
"setgid32": SYS_SETGID32,
"setfsuid32": SYS_SETFSUID32,
"setfsgid32": SYS_SETFSGID32,
"pivot_root": SYS_PIVOT_ROOT,
"mincore": SYS_MINCORE,
"madvise": SYS_MADVISE,
"getdents64": SYS_GETDENTS64,
"fcntl64": SYS_FCNTL64,
"gettid": SYS_GETTID,
"readahead": SYS_READAHEAD,
"setxattr": SYS_SETXATTR,
"lsetxattr": SYS_LSETXATTR,
"fsetxattr": SYS_FSETXATTR,
"getxattr": SYS_GETXATTR,
"lgetxattr": SYS_LGETXATTR,
"fgetxattr": SYS_FGETXATTR,
"listxattr": SYS_LISTXATTR,
"llistxattr": SYS_LLISTXATTR,
"flistxattr": SYS_FLISTXATTR,
"removexattr": SYS_REMOVEXATTR,
"lremovexattr": SYS_LREMOVEXATTR,
"fremovexattr": SYS_FREMOVEXATTR,
"tkill": SYS_TKILL,
"sendfile64": SYS_SENDFILE64,
"futex": SYS_FUTEX,
"sched_setaffinity": SYS_SCHED_SETAFFINITY,
"sched_getaffinity": SYS_SCHED_GETAFFINITY,
"set_thread_area": SYS_SET_THREAD_AREA,
"get_thread_area": SYS_GET_THREAD_AREA,
"io_setup": SYS_IO_SETUP,
"io_destroy": SYS_IO_DESTROY,
"io_getevents": SYS_IO_GETEVENTS,
"io_submit": SYS_IO_SUBMIT,
"io_cancel": SYS_IO_CANCEL,
"fadvise64": SYS_FADVISE64,
"exit_group": SYS_EXIT_GROUP,
"lookup_dcookie": SYS_LOOKUP_DCOOKIE,
"epoll_create": SYS_EPOLL_CREATE,
"epoll_ctl": SYS_EPOLL_CTL,
"epoll_wait": SYS_EPOLL_WAIT,
"remap_file_pages": SYS_REMAP_FILE_PAGES,
"set_tid_address": SYS_SET_TID_ADDRESS,
"timer_create": SYS_TIMER_CREATE,
"timer_settime": SYS_TIMER_SETTIME,
"timer_gettime": SYS_TIMER_GETTIME,
"timer_getoverrun": SYS_TIMER_GETOVERRUN,
"timer_delete": SYS_TIMER_DELETE,
"clock_settime": SYS_CLOCK_SETTIME,
"clock_gettime": SYS_CLOCK_GETTIME,
"clock_getres": SYS_CLOCK_GETRES,
"clock_nanosleep": SYS_CLOCK_NANOSLEEP,
"statfs64": SYS_STATFS64,
"fstatfs64": SYS_FSTATFS64,
"tgkill": SYS_TGKILL,
"utimes": SYS_UTIMES,
"fadvise64_64": SYS_FADVISE64_64,
"vserver": SYS_VSERVER,
"mbind": SYS_MBIND,
"get_mempolicy": SYS_GET_MEMPOLICY,
"set_mempolicy": SYS_SET_MEMPOLICY,
"mq_open": SYS_MQ_OPEN,
"mq_unlink": SYS_MQ_UNLINK,
"mq_timedsend": SYS_MQ_TIMEDSEND,
"mq_timedreceive": SYS_MQ_TIMEDRECEIVE,
"mq_notify": SYS_MQ_NOTIFY,
"mq_getsetattr": SYS_MQ_GETSETATTR,
"kexec_load": SYS_KEXEC_LOAD,
"waitid": SYS_WAITID,
"add_key": SYS_ADD_KEY,
"request_key": SYS_REQUEST_KEY,
"keyctl": SYS_KEYCTL,
"ioprio_set": SYS_IOPRIO_SET,
"ioprio_get": SYS_IOPRIO_GET,
"inotify_init": SYS_INOTIFY_INIT,
"inotify_add_watch": SYS_INOTIFY_ADD_WATCH,
"inotify_rm_watch": SYS_INOTIFY_RM_WATCH,
"migrate_pages": SYS_MIGRATE_PAGES,
"openat": SYS_OPENAT,
"mkdirat": SYS_MKDIRAT,
"mknodat": SYS_MKNODAT,
"fchownat": SYS_FCHOWNAT,
"futimesat": SYS_FUTIMESAT,
"fstatat64": SYS_FSTATAT64,
"unlinkat": SYS_UNLINKAT,
"renameat": SYS_RENAMEAT,
"linkat": SYS_LINKAT,
"symlinkat": SYS_SYMLINKAT,
"readlinkat": SYS_READLINKAT,
"fchmodat": SYS_FCHMODAT,
"faccessat": SYS_FACCESSAT,
"pselect6": SYS_PSELECT6,
"ppoll": SYS_PPOLL,
"unshare": SYS_UNSHARE,
"set_robust_list": SYS_SET_ROBUST_LIST,
"get_robust_list": SYS_GET_ROBUST_LIST,
"splice": SYS_SPLICE,
"sync_file_range": SYS_SYNC_FILE_RANGE,
"tee": SYS_TEE,
"vmsplice": SYS_VMSPLICE,
"move_pages": SYS_MOVE_PAGES,
"getcpu": SYS_GETCPU,
"epoll_pwait": SYS_EPOLL_PWAIT,
"utimensat": SYS_UTIMENSAT,
"signalfd": SYS_SIGNALFD,
"timerfd_create": SYS_TIMERFD_CREATE,
"eventfd": SYS_EVENTFD,
"fallocate": SYS_FALLOCATE,
"timerfd_settime": SYS_TIMERFD_SETTIME,
"timerfd_gettime": SYS_TIMERFD_GETTIME,
"signalfd4": SYS_SIGNALFD4,
"eventfd2": SYS_EVENTFD2,
"epoll_create1": SYS_EPOLL_CREATE1,
"dup3": SYS_DUP3,
"pipe2": SYS_PIPE2,
"inotify_init1": SYS_INOTIFY_INIT1,
"preadv": SYS_PREADV,
"pwritev": SYS_PWRITEV,
"rt_tgsigqueueinfo": SYS_RT_TGSIGQUEUEINFO,
"perf_event_open": SYS_PERF_EVENT_OPEN,
"recvmmsg": __PNR_recvmmsg,
"fanotify_init": SYS_FANOTIFY_INIT,
"fanotify_mark": SYS_FANOTIFY_MARK,
"prlimit64": SYS_PRLIMIT64,
"name_to_handle_at": SYS_NAME_TO_HANDLE_AT,
"open_by_handle_at": SYS_OPEN_BY_HANDLE_AT,
"clock_adjtime": SYS_CLOCK_ADJTIME,
"syncfs": SYS_SYNCFS,
"sendmmsg": __PNR_sendmmsg,
"setns": SYS_SETNS,
"process_vm_readv": SYS_PROCESS_VM_READV,
"process_vm_writev": SYS_PROCESS_VM_WRITEV,
"kcmp": SYS_KCMP,
"finit_module": SYS_FINIT_MODULE,
"sched_setattr": SYS_SCHED_SETATTR,
"sched_getattr": SYS_SCHED_GETATTR,
"renameat2": SYS_RENAMEAT2,
"seccomp": SYS_SECCOMP,
"getrandom": SYS_GETRANDOM,
"memfd_create": SYS_MEMFD_CREATE,
"bpf": SYS_BPF,
"execveat": SYS_EXECVEAT,
"socket": __PNR_socket,
"socketpair": __PNR_socketpair,
"bind": __PNR_bind,
"connect": __PNR_connect,
"listen": __PNR_listen,
"accept4": __PNR_accept4,
"getsockopt": __PNR_getsockopt,
"setsockopt": __PNR_setsockopt,
"getsockname": __PNR_getsockname,
"getpeername": __PNR_getpeername,
"sendto": __PNR_sendto,
"sendmsg": __PNR_sendmsg,
"recvfrom": __PNR_recvfrom,
"recvmsg": __PNR_recvmsg,
"shutdown": __PNR_shutdown,
"userfaultfd": SYS_USERFAULTFD,
"membarrier": SYS_MEMBARRIER,
"mlock2": SYS_MLOCK2,
"copy_file_range": SYS_COPY_FILE_RANGE,
"preadv2": SYS_PREADV2,
"pwritev2": SYS_PWRITEV2,
"pkey_mprotect": SYS_PKEY_MPROTECT,
"pkey_alloc": SYS_PKEY_ALLOC,
"pkey_free": SYS_PKEY_FREE,
"statx": SYS_STATX,
"arch_prctl": SYS_ARCH_PRCTL,
"io_pgetevents": SYS_IO_PGETEVENTS,
"rseq": SYS_RSEQ,
"semget": __PNR_semget,
"semctl": __PNR_semctl,
"shmget": __PNR_shmget,
"shmctl": __PNR_shmctl,
"shmat": __PNR_shmat,
"shmdt": __PNR_shmdt,
"msgget": __PNR_msgget,
"msgsnd": __PNR_msgsnd,
"msgrcv": __PNR_msgrcv,
"msgctl": __PNR_msgctl,
"clock_gettime64": SYS_CLOCK_GETTIME64,
"clock_settime64": SYS_CLOCK_SETTIME64,
"clock_adjtime64": SYS_CLOCK_ADJTIME64,
"clock_getres_time64": SYS_CLOCK_GETRES_TIME64,
"clock_nanosleep_time64": SYS_CLOCK_NANOSLEEP_TIME64,
"timer_gettime64": SYS_TIMER_GETTIME64,
"timer_settime64": SYS_TIMER_SETTIME64,
"timerfd_gettime64": SYS_TIMERFD_GETTIME64,
"timerfd_settime64": SYS_TIMERFD_SETTIME64,
"utimensat_time64": SYS_UTIMENSAT_TIME64,
"pselect6_time64": SYS_PSELECT6_TIME64,
"ppoll_time64": SYS_PPOLL_TIME64,
"io_pgetevents_time64": SYS_IO_PGETEVENTS_TIME64,
"recvmmsg_time64": SYS_RECVMMSG_TIME64,
"mq_timedsend_time64": SYS_MQ_TIMEDSEND_TIME64,
"mq_timedreceive_time64": SYS_MQ_TIMEDRECEIVE_TIME64,
"semtimedop_time64": SYS_SEMTIMEDOP_TIME64,
"rt_sigtimedwait_time64": SYS_RT_SIGTIMEDWAIT_TIME64,
"futex_time64": SYS_FUTEX_TIME64,
"sched_rr_get_interval_time64": SYS_SCHED_RR_GET_INTERVAL_TIME64,
"pidfd_send_signal": SYS_PIDFD_SEND_SIGNAL,
"io_uring_setup": SYS_IO_URING_SETUP,
"io_uring_enter": SYS_IO_URING_ENTER,
"io_uring_register": SYS_IO_URING_REGISTER,
"open_tree": SYS_OPEN_TREE,
"move_mount": SYS_MOVE_MOUNT,
"fsopen": SYS_FSOPEN,
"fsconfig": SYS_FSCONFIG,
"fsmount": SYS_FSMOUNT,
"fspick": SYS_FSPICK,
"pidfd_open": SYS_PIDFD_OPEN,
"clone3": SYS_CLONE3,
"close_range": SYS_CLOSE_RANGE,
"openat2": SYS_OPENAT2,
"pidfd_getfd": SYS_PIDFD_GETFD,
"faccessat2": SYS_FACCESSAT2,
"process_madvise": SYS_PROCESS_MADVISE,
"epoll_pwait2": SYS_EPOLL_PWAIT2,
"mount_setattr": SYS_MOUNT_SETATTR,
"quotactl_fd": SYS_QUOTACTL_FD,
"landlock_create_ruleset": SYS_LANDLOCK_CREATE_RULESET,
"landlock_add_rule": SYS_LANDLOCK_ADD_RULE,
"landlock_restrict_self": SYS_LANDLOCK_RESTRICT_SELF,
"memfd_secret": SYS_MEMFD_SECRET,
"process_mrelease": SYS_PROCESS_MRELEASE,
"futex_waitv": SYS_FUTEX_WAITV,
"set_mempolicy_home_node": SYS_SET_MEMPOLICY_HOME_NODE,
"cachestat": SYS_CACHESTAT,
"fchmodat2": SYS_FCHMODAT2,
"map_shadow_stack": SYS_MAP_SHADOW_STACK,
"futex_wake": SYS_FUTEX_WAKE,
"futex_wait": SYS_FUTEX_WAIT,
"futex_requeue": SYS_FUTEX_REQUEUE,
"statmount": SYS_STATMOUNT,
"listmount": SYS_LISTMOUNT,
"lsm_get_self_attr": SYS_LSM_GET_SELF_ATTR,
"lsm_set_self_attr": SYS_LSM_SET_SELF_ATTR,
"lsm_list_modules": SYS_LSM_LIST_MODULES,
"mseal": SYS_MSEAL,
}
const (
SYS_NAME_TO_HANDLE_AT = 341
SYS_OPEN_BY_HANDLE_AT = 342
SYS_CLOCK_ADJTIME = 343
SYS_SYNCFS = 344
SYS_SENDMMSG = 345
SYS_SETNS = 346
SYS_PROCESS_VM_READV = 347
SYS_PROCESS_VM_WRITEV = 348
SYS_KCMP = 349
SYS_FINIT_MODULE = 350
SYS_SCHED_SETATTR = 351
SYS_SCHED_GETATTR = 352
SYS_RENAMEAT2 = 353
SYS_SECCOMP = 354
SYS_GETRANDOM = 355
SYS_MEMFD_CREATE = 356
SYS_BPF = 357
SYS_EXECVEAT = 358
SYS_SOCKET = 359
SYS_SOCKETPAIR = 360
SYS_BIND = 361
SYS_CONNECT = 362
SYS_LISTEN = 363
SYS_ACCEPT4 = 364
SYS_GETSOCKOPT = 365
SYS_SETSOCKOPT = 366
SYS_GETSOCKNAME = 367
SYS_GETPEERNAME = 368
SYS_SENDTO = 369
SYS_SENDMSG = 370
SYS_RECVFROM = 371
SYS_RECVMSG = 372
SYS_SHUTDOWN = 373
SYS_USERFAULTFD = 374
SYS_MEMBARRIER = 375
SYS_MLOCK2 = 376
SYS_COPY_FILE_RANGE = 377
SYS_PREADV2 = 378
SYS_PWRITEV2 = 379
SYS_PKEY_MPROTECT = 380
SYS_PKEY_ALLOC = 381
SYS_PKEY_FREE = 382
SYS_STATX = 383
SYS_ARCH_PRCTL = 384
SYS_IO_PGETEVENTS = 385
SYS_RSEQ = 386
SYS_SEMGET = 393
SYS_SEMCTL = 394
SYS_SHMGET = 395
SYS_SHMCTL = 396
SYS_SHMAT = 397
SYS_SHMDT = 398
SYS_MSGGET = 399
SYS_MSGSND = 400
SYS_MSGRCV = 401
SYS_MSGCTL = 402
SYS_CLOCK_GETTIME64 = 403
SYS_CLOCK_SETTIME64 = 404
SYS_CLOCK_ADJTIME64 = 405
SYS_CLOCK_GETRES_TIME64 = 406
SYS_CLOCK_NANOSLEEP_TIME64 = 407
SYS_TIMER_GETTIME64 = 408
SYS_TIMER_SETTIME64 = 409
SYS_TIMERFD_GETTIME64 = 410
SYS_TIMERFD_SETTIME64 = 411
SYS_UTIMENSAT_TIME64 = 412
SYS_PSELECT6_TIME64 = 413
SYS_PPOLL_TIME64 = 414
SYS_IO_PGETEVENTS_TIME64 = 416
SYS_RECVMMSG_TIME64 = 417
SYS_MQ_TIMEDSEND_TIME64 = 418
SYS_MQ_TIMEDRECEIVE_TIME64 = 419
SYS_SEMTIMEDOP_TIME64 = 420
SYS_RT_SIGTIMEDWAIT_TIME64 = 421
SYS_FUTEX_TIME64 = 422
SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
SYS_IO_URING_REGISTER = 427
SYS_OPEN_TREE = 428
SYS_MOVE_MOUNT = 429
SYS_FSOPEN = 430
SYS_FSCONFIG = 431
SYS_FSMOUNT = 432
SYS_FSPICK = 433
SYS_PIDFD_OPEN = 434
SYS_CLONE3 = 435
SYS_CLOSE_RANGE = 436
SYS_OPENAT2 = 437
SYS_PIDFD_GETFD = 438
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
SYS_MOUNT_SETATTR = 442
SYS_QUOTACTL_FD = 443
SYS_LANDLOCK_CREATE_RULESET = 444
SYS_LANDLOCK_ADD_RULE = 445
SYS_LANDLOCK_RESTRICT_SELF = 446
SYS_MEMFD_SECRET = 447
SYS_PROCESS_MRELEASE = 448
SYS_FUTEX_WAITV = 449
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
SYS_FUTEX_WAKE = 454
SYS_FUTEX_WAIT = 455
SYS_FUTEX_REQUEUE = 456
SYS_STATMOUNT = 457
SYS_LISTMOUNT = 458
SYS_LSM_GET_SELF_ATTR = 459
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
)

7
container/syscall_386.go Normal file
View File

@ -0,0 +1,7 @@
package container
const (
O_PATH = 0x200000
PR_SET_NO_NEW_PRIVS = 0x26
)

4
flake.nix
View File

@ -244,10 +244,10 @@
shellHook = "exec ${pkgs.writeShellScript "generate-syscall-table" ''
set -e
${pkgs.perl}/bin/perl \
container/seccomp/mksysnum_linux.pl \
container/std/mksysnum_linux.pl \
${pkgs.linuxHeaders}/include/asm/unistd_64.h | \
${pkgs.go}/bin/gofmt > \
container/seccomp/syscall_linux_${GOARCH.${system}}.go
container/std/syscall_linux_${GOARCH.${system}}.go
''}";
};
}

2
test/configuration.nix
View File

@ -84,7 +84,7 @@
virtualisation = {
# Hopefully reduces spurious test failures:
memorySize = 8192;
memorySize = if pkgs.hostPlatform.is32bit then 2046 else 8192;
qemu.options = [
# Need to switch to a different GPU driver than the default one (-vga std) so that Sway can launch: