Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: clarify seccomp_rule_add syscall translation behavior #261

Closed
wants to merge 1 commit into from
Closed

RFE: clarify seccomp_rule_add syscall translation behavior #261

wants to merge 1 commit into from

Conversation

Xyene
Copy link
Contributor

@Xyene Xyene commented Jun 25, 2020

Refs #259.

@coveralls
Copy link

coveralls commented Jun 25, 2020
edited
Loading

Coverage Status

Coverage remained the same at 92.991% when pulling 3633794 on Xyene:syscall-translation-docs into 6b286c2 on seccomp:master.

pcmoore
pcmoore reviewed Jun 27, 2020
View reviewed changes
doc/man/man3/seccomp_rule_add.3 Outdated
.B __NR_syscall
values in a context containing non-native architectures, the syscall
corresponding to the value in the native architecture will be used in all
non-native architectures.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I not sure that reads quite right, how about the following?

... it is highly recommended to use the SCMP_SYS() macro instead, see the EXAMPLES section below. It is also important to remember that regardless of the architectures present in the filter, the syscall numbers passed to the libseccomp rule add functions should always be in the context of the native architecture.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Xyene what did you think of the substitute text above?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about the delay, I got DOS'd by real-life stuff -- I've committed a slightly reworded variant of your suggested text, emphasizing that libseccomp is performing some "interpreting" of the given syscall value.

@pcmoore pcmoore changed the title doc: clarify seccomp_rule_add syscall translation behavior RFE: clarify seccomp_rule_add syscall translation behavior Jun 27, 2020
@pcmoore pcmoore added this to the v2.5.0 milestone Jun 27, 2020
@Xyene
doc: clarify seccomp_rule_add syscall translation behavior
3633794 
libseccomp performs a translation step when adding a raw syscall value
to a multi-architecture filter. For instance, when adding __NR_open
(syscall value 2 on x86-64) to a filter containing x86 and x86-64 where
the native ABI is x86-64, the x86 BPF branch will use the value 5
(__NR_open on x86).

This commit adds explicit documentation for the translation step.

Refs seccomp#259.

Signed-off-by: Tudor Brindus <me@tbrindus.ca>
@pcmoore
Copy link
Member

pcmoore commented Jul 14, 2020

Thanks for getting back to this, I definitely understand competing priorities and I can assure you we appreciate the help regardless of where libseccomp falls in your personal priority list :)

This updated text looks good to me, any objections @drakenclimber?

@drakenclimber
Copy link
Member

Looks good to me 👍

Acked-by: Tom Hromatka <tom.hromatka@oracle.com>

@pcmoore
Copy link
Member

pcmoore commented Jul 14, 2020

Merged via fa6264b, thanks!

@pcmoore pcmoore closed this Jul 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcmoore pcmoore pcmoore left review comments

@drakenclimber drakenclimber drakenclimber approved these changes

Assignees
No one assigned
Labels
enhancement pending/review priority/low
Projects
None yet
Milestone
v2.5.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Xyene @coveralls @pcmoore @drakenclimber