upd: 2.3.3 -> 2.4.1 + cherry-picks from git master for better support of newest kernels

2025-02-24 02:02:49 +00:00 · 2019-11-01 00:49:50 +03:00 · 2019-11-01 00:49:50 +03:00 · 4e3e42b3ec
commit 4e3e42b3ec
parent d9f81cf461
6 changed files with 7023 additions and 6 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,2 +1,2 @@
 sources:
-  "libseccomp-2.3.3.tar.gz": 89b1f35447b1891a3051de979dc92ad9f7258b60
+  libseccomp-2.4.1.tar.gz: bd9932c1f208b6051c89a4253dc05ad0307338ec
--- a/5fc22428507ecea00ee9e2215d972777da9a99b6.patch
+++ b/5fc22428507ecea00ee9e2215d972777da9a99b6.patch
@ -0,0 +1,208 @@
+From 5fc22428507ecea00ee9e2215d972777da9a99b6 Mon Sep 17 00:00:00 2001
+From: Stephen Coleman <omegacoleman@gmail.com>
+Date: Sat, 22 Jun 2019 15:51:39 +0800
+Subject: [PATCH] arch: add support for io-uring related system calls in kernel
+ 5.1
+
+Signed-off-by: Stephen Coleman <omegacoleman@gmail.com>
+Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
+[PM: added the "arch:" subj prefix]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ src/arch-aarch64-syscalls.c   | 3 +++
+ src/arch-arm-syscalls.c       | 3 +++
+ src/arch-mips-syscalls.c      | 3 +++
+ src/arch-mips64-syscalls.c    | 3 +++
+ src/arch-mips64n32-syscalls.c | 3 +++
+ src/arch-parisc-syscalls.c    | 3 +++
+ src/arch-ppc-syscalls.c       | 3 +++
+ src/arch-ppc64-syscalls.c     | 3 +++
+ src/arch-s390-syscalls.c      | 3 +++
+ src/arch-s390x-syscalls.c     | 3 +++
+ src/arch-x32-syscalls.c       | 3 +++
+ src/arch-x86-syscalls.c       | 3 +++
+ src/arch-x86_64-syscalls.c    | 3 +++
+ 13 files changed, 39 insertions(+)
+
+diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
+index 351143c..90de283 100644
+--- a/src/arch-aarch64-syscalls.c
+++ b/src/arch-aarch64-syscalls.c
+@@ -171,6 +171,9 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
+ 	{ "io_pgetevents", 292 },
+ 	{ "io_setup", 0 },
+ 	{ "io_submit", 2 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 29 },
+ 	{ "ioperm", __PNR_ioperm },
+ 	{ "iopl", __PNR_iopl },
+diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
+index f543f65..a0dbd60 100644
+--- a/src/arch-arm-syscalls.c
+++ b/src/arch-arm-syscalls.c
+@@ -183,6 +183,9 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "io_pgetevents", (__SCMP_NR_BASE + 399) },
+ 	{ "io_setup", (__SCMP_NR_BASE + 243) },
+ 	{ "io_submit", (__SCMP_NR_BASE + 246) },
+	{ "io_uring_setup", (__SCMP_NR_BASE + 425) },
+	{ "io_uring_enter", (__SCMP_NR_BASE + 426) },
+	{ "io_uring_register", (__SCMP_NR_BASE + 427) },
+ 	{ "ioctl", (__SCMP_NR_BASE + 54) },
+ 	{ "ioperm", __PNR_ioperm },
+ 	{ "iopl", __PNR_iopl },
+diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
+index 670b92a..8706ae5 100644
+--- a/src/arch-mips-syscalls.c
+++ b/src/arch-mips-syscalls.c
+@@ -175,6 +175,9 @@ const struct arch_syscall_def mips_syscall_table[] = { \
+ 	{ "io_pgetevents", (__SCMP_NR_BASE + 368) },
+ 	{ "io_setup", (__SCMP_NR_BASE + 241) },
+ 	{ "io_submit", (__SCMP_NR_BASE + 244) },
+	{ "io_uring_setup", (__SCMP_NR_BASE + 425) },
+	{ "io_uring_enter", (__SCMP_NR_BASE + 426) },
+	{ "io_uring_register", (__SCMP_NR_BASE + 427) },
+ 	{ "ioctl", (__SCMP_NR_BASE + 54) },
+ 	{ "ioperm", (__SCMP_NR_BASE + 101) },
+ 	{ "iopl", (__SCMP_NR_BASE + 110) },
+diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
+index 454c681..b267072 100644
+--- a/src/arch-mips64-syscalls.c
+++ b/src/arch-mips64-syscalls.c
+@@ -175,6 +175,9 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
+ 	{ "io_pgetevents", (__SCMP_NR_BASE + 328) },
+ 	{ "io_setup", (__SCMP_NR_BASE + 200) },
+ 	{ "io_submit", (__SCMP_NR_BASE + 203) },
+	{ "io_uring_setup", (__SCMP_NR_BASE + 425) },
+	{ "io_uring_enter", (__SCMP_NR_BASE + 426) },
+	{ "io_uring_register", (__SCMP_NR_BASE + 427) },
+ 	{ "ioctl", (__SCMP_NR_BASE + 15) },
+ 	{ "ioperm", __PNR_ioperm },
+ 	{ "iopl", __PNR_iopl },
+diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
+index f5053fc..8af6b3e 100644
+--- a/src/arch-mips64n32-syscalls.c
+++ b/src/arch-mips64n32-syscalls.c
+@@ -175,6 +175,9 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
+ 	{ "io_pgetevents", (__SCMP_NR_BASE + 332) },
+ 	{ "io_setup", (__SCMP_NR_BASE + 200) },
+ 	{ "io_submit", (__SCMP_NR_BASE + 203) },
+	{ "io_uring_setup", (__SCMP_NR_BASE + 425) },
+	{ "io_uring_enter", (__SCMP_NR_BASE + 426) },
+	{ "io_uring_register", (__SCMP_NR_BASE + 427) },
+ 	{ "ioctl", (__SCMP_NR_BASE + 15) },
+ 	{ "ioperm", __PNR_ioperm },
+ 	{ "iopl", __PNR_iopl },
+diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c
+index 0c7ef42..8f19a03 100644
+--- a/src/arch-parisc-syscalls.c
+++ b/src/arch-parisc-syscalls.c
+@@ -155,6 +155,9 @@ const struct arch_syscall_def parisc_syscall_table[] = { \
+ 	{ "io_pgetevents", __PNR_io_pgetevents },
+ 	{ "io_setup",	215 },
+ 	{ "io_submit",	218 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl",	54 },
+ 	{ "ioperm",	__PNR_ioperm },
+ 	{ "iopl",	__PNR_iopl },
+diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
+index 7272a63..8275b38 100644
+--- a/src/arch-ppc-syscalls.c
+++ b/src/arch-ppc-syscalls.c
+@@ -172,6 +172,9 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
+ 	{ "io_pgetevents", 388 },
+ 	{ "io_setup", 227 },
+ 	{ "io_submit", 230 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 54 },
+ 	{ "ioperm", 101 },
+ 	{ "iopl", 110 },
+diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
+index c7ff0a1..2a8f387 100644
+--- a/src/arch-ppc64-syscalls.c
+++ b/src/arch-ppc64-syscalls.c
+@@ -172,6 +172,9 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "io_pgetevents", 388 },
+ 	{ "io_setup", 227 },
+ 	{ "io_submit", 230 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 54 },
+ 	{ "ioperm", 101 },
+ 	{ "iopl", 110 },
+diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c
+index a1403be..c2e3439 100644
+--- a/src/arch-s390-syscalls.c
+++ b/src/arch-s390-syscalls.c
+@@ -155,6 +155,9 @@ const struct arch_syscall_def s390_syscall_table[] = { \
+ 	{ "io_pgetevents", 382 },
+ 	{ "io_setup", 243 },
+ 	{ "io_submit", 246 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 54 },
+ 	{ "ioperm", 101 },
+ 	{ "iopl", __PNR_iopl },
+diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c
+index e22ccae..e0a39f1 100644
+--- a/src/arch-s390x-syscalls.c
+++ b/src/arch-s390x-syscalls.c
+@@ -155,6 +155,9 @@ const struct arch_syscall_def s390x_syscall_table[] = { \
+ 	{ "io_pgetevents", 382 },
+ 	{ "io_setup", 243 },
+ 	{ "io_submit", 246 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 54 },
+ 	{ "ioperm", __PNR_ioperm},
+ 	{ "iopl", __PNR_iopl },
+diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
+index 65f6418..f6b941b 100644
+--- a/src/arch-x32-syscalls.c
+++ b/src/arch-x32-syscalls.c
+@@ -171,6 +171,9 @@ const struct arch_syscall_def x32_syscall_table[] = { \
+ 	{ "io_pgetevents", (X32_SYSCALL_BIT + 333) },
+ 	{ "io_setup", (X32_SYSCALL_BIT + 543) },
+ 	{ "io_submit", (X32_SYSCALL_BIT + 544) },
+	{ "io_uring_setup", (X32_SYSCALL_BIT + 425) },
+	{ "io_uring_enter", (X32_SYSCALL_BIT + 426) },
+	{ "io_uring_register", (X32_SYSCALL_BIT + 427) },
+ 	{ "ioctl", (X32_SYSCALL_BIT + 514) },
+ 	{ "ioperm", (X32_SYSCALL_BIT + 173) },
+ 	{ "iopl", (X32_SYSCALL_BIT + 172) },
+diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
+index 1f4573b..5bd0ca2 100644
+--- a/src/arch-x86-syscalls.c
+++ b/src/arch-x86-syscalls.c
+@@ -171,6 +171,9 @@ const struct arch_syscall_def x86_syscall_table[] = { \
+ 	{ "io_pgetevents", 385 },
+ 	{ "io_setup", 245 },
+ 	{ "io_submit", 248 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 54 },
+ 	{ "ioperm", 101 },
+ 	{ "iopl", 110 },
+diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
+index b07700d..f7c8ce6 100644
+--- a/src/arch-x86_64-syscalls.c
+++ b/src/arch-x86_64-syscalls.c
+@@ -171,6 +171,9 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
+ 	{ "io_pgetevents", 333 },
+ 	{ "io_setup", 206 },
+ 	{ "io_submit", 209 },
+	{ "io_uring_setup", 425 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+ 	{ "ioctl", 16 },
+ 	{ "ioperm", 173 },
+ 	{ "iopl", 172 },
--- a/bf162816a6e42d7a40e54aadc18d1a98c34ca971.patch
+++ b/bf162816a6e42d7a40e54aadc18d1a98c34ca971.patch
--- a/bf747eb21e428c2b3ead6ebcca27951b681963a0.patch
+++ b/bf747eb21e428c2b3ead6ebcca27951b681963a0.patch
--- a/c95cdadef8746f9b4c714443e74e364f8fc7f10c.patch
+++ b/c95cdadef8746f9b4c714443e74e364f8fc7f10c.patch
@ -0,0 +1,28 @@
+From c95cdadef8746f9b4c714443e74e364f8fc7f10c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>
+Date: Tue, 8 Oct 2019 15:24:10 -0400
+Subject: [PATCH] build: ship seccomp-syscalls.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Without this, anything which includes "seccomp.h" will fail when using a build version of libseccomp.
+
+Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+[PM: tweaked the subject line]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ include/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/Makefile.am b/include/Makefile.am
+index ba3723f..d996128 100644
+--- a/include/Makefile.am
+++ b/include/Makefile.am
+@@ -16,4 +16,4 @@
+ # along with this library; if not, see <http://www.gnu.org/licenses>.
+ #
+ 
+-include_HEADERS = seccomp.h
+include_HEADERS = seccomp.h seccomp-syscalls.h
--- a/libseccomp.spec
+++ b/libseccomp.spec
@ -4,13 +4,18 @@

 Summary:	Enhanced seccomp library
 Name:		libseccomp
-Version:	2.3.3
-Release:	4
+Version:	2.4.1
+Release:	1
 License:	LGPLv2
 Group:		System/Libraries
-Source0:	https://github.com/seccomp/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
-URL:		https://github.com/seccomp/%{name}
-Requires:	kernel >= 3.5
+Url:		https://github.com/seccomp/libseccomp
+Source0:	https://github.com/seccomp/libseccomp/releases/download/v%{version}/%{name}-%{version}.tar.gz
+
+# cherry-picks from git master for better support of newest kernels
+Patch0:		bf162816a6e42d7a40e54aadc18d1a98c34ca971.patch
+Patch1:		c95cdadef8746f9b4c714443e74e364f8fc7f10c.patch
+Patch2:		5fc22428507ecea00ee9e2215d972777da9a99b6.patch
+Patch3:		bf747eb21e428c2b3ead6ebcca27951b681963a0.patch

 %description
 The libseccomp library provides an easy to use, platform independent,
@ -56,8 +61,10 @@ application developers.

 %prep
 %setup -q
+%apply_patches

 %build
+autoreconf -fi
 %configure2_5x
 %make

@ -83,6 +90,7 @@ rm -vf "%{buildroot}/%{_libdir}/libseccomp.a"
 %files -n %{develname}
 %doc LICENSE CREDITS README.md
 %{_includedir}/seccomp.h
+%{_includedir}/seccomp-syscalls.h
 %{_libdir}/libseccomp.so
 %{_libdir}/pkgconfig/libseccomp.pc
 %{_mandir}/man3/*