diff --git a/flake.nix b/flake.nix index 717dea2..53db737 100644 --- a/flake.nix +++ b/flake.nix @@ -187,12 +187,14 @@ generateSyscallTable = pkgs.mkShell { # this should be made cross-platform via nix - shellHook = '' - exec ${pkgs.perl}/bin/perl \ + shellHook = "exec ${pkgs.writeShellScript "generate-syscall-table" '' + set -e + ${pkgs.perl}/bin/perl \ sandbox/seccomp/mksysnum_linux.pl \ - ${pkgs.linuxHeaders}/include/asm/unistd_64.h > \ + ${pkgs.linuxHeaders}/include/asm/unistd_64.h | \ + ${pkgs.go}/bin/gofmt > \ sandbox/seccomp/syscall_linux_amd64.go - ''; + ''}"; }; } ); diff --git a/sandbox/seccomp/syscall.go b/sandbox/seccomp/syscall.go new file mode 100644 index 0000000..36a988a --- /dev/null +++ b/sandbox/seccomp/syscall.go @@ -0,0 +1,28 @@ +package seccomp + +import "iter" + +// Syscalls returns an iterator over all wired syscalls. +func Syscalls() iter.Seq2[string, int] { + return func(yield func(string, int) bool) { + for name, num := range syscallNum { + if !yield(name, num) { + return + } + } + for name, num := range syscallNumExtra { + if !yield(name, num) { + return + } + } + } +} + +// SyscallResolveName resolves a syscall number from its string representation. +func SyscallResolveName(name string) (num int, ok bool) { + if num, ok = syscallNum[name]; ok { + return + } + num, ok = syscallNumExtra[name] + return +} diff --git a/sandbox/seccomp/syscall_test.go b/sandbox/seccomp/syscall_test.go index 81f470a..933f060 100644 --- a/sandbox/seccomp/syscall_test.go +++ b/sandbox/seccomp/syscall_test.go @@ -5,12 +5,16 @@ import ( ) func TestSyscallResolveName(t *testing.T) { - for name, want := range syscallNum { + for name, want := range Syscalls() { t.Run(name, func(t *testing.T) { if got := syscallResolveName(name); got != want { t.Errorf("syscallResolveName(%q) = %d, want %d", name, got, want) } + if got, ok := SyscallResolveName(name); !ok || got != want { + t.Errorf("SyscallResolveName(%q) = %d, want %d", + name, got, want) + } }) } }