Hi Adrian,
not to worry - there is no rush on this. I may have to debug this a
little more at the kernel level anyway (things like syscall redirection
does not work yet, and neither does setting a particular errno when
skipping a syscall). Plain syscall filtering does appear to work
however, and AFAIR that would be enough for your purpose.
None of my test systems are recent enough to allow compiling current
user space code, unfortunately.
Outdated user space might conntribute to some of the selftests failing,
so I could use a little help with that perhaps. I know Geert tried the
selftests independently some time ago, so I'll post my changes to the
selftest code and we'll see whether that improves the score.
Cheers,
Michael
Am 27.01.2022 um 22:09 schrieb John Paul Adrian Glaubitz:
Hi Michael!
On 1/27/22 08:41, Michael Schmitz wrote:
Patch 3 adds the test for TIF_SECCOMP thread info flag to call
into syscall_trace_enter() when seccomp syscall filtering
is active, which was missing from earlier versions (classic
MMU m68k only - need some help with the test for 68000 and
coldfire).
The previous version required the TIF_SYSCALL_TRACE
flag to be set for syscall filtering to work
The rest of the series remains unchanged from v9.
Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
(33 with the old version).
I hope you didn't waste too much effort on testing v8/v9, Adrian.
Should have a suitably large brown paper bag somewhere yet :-(
Sorry, I haven't found the time for the tests yet, I'm really busy at the
moment. If you want to test libsecomp, you can check it out from my Github,
then build it and run the testsuite.
See: https://github.com/glaubitz/libseccomp/tree/m68k
Adrian
