Displaying 4 results from an estimated 4 matches for "bpf_ret".
Did you mean:
bf_set
2017 Feb 13
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
...uct seccomp_data, args[(idx)])
+#elif __BYTE_ORDER == __BIG_ENDIAN
+#define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(_u32)
+#else
+#error "Unknown endianness"
+#endif
#define SC_DENY(_nr, _errno) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
@@ -82,9 +94,8 @@
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \
- /* load first syscall argument */ \
- BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
- offsetof(struct s...
2017 Mar 14
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
...llow ioctls for ICA crypto card on s390 */
> + SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK),
> + SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO),
> + SC_ALLOW_ARG(ioctl, 1, ICARSACRT),
> +#endif /* defined(__NR_ioctl) && defined(__s390__) */
>
> /* Default deny */
> BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
...r.c b/sandbox-seccomp-filter.c
index b6f6258..846bc08 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = {
#else
SC_ALLOW(sigprocmask),
#endif
+#ifdef __NR_getrandom
+ SC_ALLOW(getrandom),
+#endif
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
};
--
2.2.2
2017 Mar 03
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
On 03-03-2017 09:54, Petr Cerny wrote:
> Damien Miller wrote:
>> On Tue, 28 Feb 2017, Eduardo Barretto wrote:
>>
>>> On 13-02-2017 13:23, Eduardo Barretto wrote:
>>> > This patch enables specific ioctl calls for ICA crypto card on s390
>>> > platform. Without this patch, users using the IBMCA engine are not
>>> able
>>> > to