summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/syscalls')
-rw-r--r--pkg/sentry/syscalls/linux/linux64.go21
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go3
-rw-r--r--pkg/sentry/syscalls/linux/sys_thread.go4
3 files changed, 19 insertions, 9 deletions
diff --git a/pkg/sentry/syscalls/linux/linux64.go b/pkg/sentry/syscalls/linux/linux64.go
index 11bf81f88..13084c0ef 100644
--- a/pkg/sentry/syscalls/linux/linux64.go
+++ b/pkg/sentry/syscalls/linux/linux64.go
@@ -32,15 +32,19 @@ import (
const _AUDIT_ARCH_X86_64 = 0xc000003e
// AMD64 is a table of Linux amd64 syscall API with the corresponding syscall
-// numbers from Linux 3.11. The entries commented out are those syscalls we
+// numbers from Linux 4.4. The entries commented out are those syscalls we
// don't currently support.
var AMD64 = &kernel.SyscallTable{
OS: abi.Linux,
Arch: arch.AMD64,
Version: kernel.Version{
+ // Version 4.4 is chosen as a stable, longterm version of Linux, which
+ // guides the interface provided by this syscall table. The build
+ // version is that for a clean build with default kernel config, at 5
+ // minutes after v4.4 was tagged.
Sysname: "Linux",
- Release: "3.11.10",
- Version: "#1 SMP Fri Nov 29 10:47:50 PST 2013",
+ Release: "4.4",
+ Version: "#1 SMP Sun Jan 10 15:06:54 PST 2016",
},
AuditNumber: _AUDIT_ARCH_X86_64,
Table: map[uintptr]kernel.SyscallFn{
@@ -358,9 +362,18 @@ var AMD64 = &kernel.SyscallTable{
// 311: ProcessVmWritev, TODO may require cap_sys_ptrace
312: syscalls.CapError(linux.CAP_SYS_PTRACE), // Kcmp, requires cap_sys_ptrace
313: syscalls.CapError(linux.CAP_SYS_MODULE), // FinitModule, requires cap_sys_module
- // "Backports."
+ // 314: SchedSetattr, TODO, we have no scheduler
+ // 315: SchedGetattr, TODO, we have no scheduler
+ // 316: Renameat2, TODO
317: Seccomp,
318: GetRandom,
+ // 319: MemfdCreate, TODO
+ 320: syscalls.CapError(linux.CAP_SYS_BOOT), // KexecFileLoad, infeasible to support
+ 321: syscalls.CapError(linux.CAP_SYS_ADMIN), // Bpf, requires cap_sys_admin for all commands
+ // 322: Execveat, TODO
+ // 323: Userfaultfd, TODO
+ // 324: Membarrier, TODO
+ 325: syscalls.Error(nil), // Mlock2, TODO
},
Emulate: map[usermem.Addr]uintptr{
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index a70f35be0..89d21dd98 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -1140,9 +1140,6 @@ func mayLinkAt(t *kernel.Task, target *fs.Inode) error {
// always enabled, and thus imposes the following restrictions on hard
// links.
- // Technically Linux is more restrictive in 3.11.10 (requires CAP_FOWNER in
- // root user namespace); this is from the later f2ca379642d7 "namei: permit
- // linking with CAP_FOWNER in userns".
if target.CheckOwnership(t) {
// fs/namei.c:may_linkat: "Source inode owner (or CAP_FOWNER)
// can hardlink all they like."
diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go
index 820ca680e..9eed613a1 100644
--- a/pkg/sentry/syscalls/linux/sys_thread.go
+++ b/pkg/sentry/syscalls/linux/sys_thread.go
@@ -159,8 +159,8 @@ func clone(t *kernel.Task, flags int, stack usermem.Addr, parentTID usermem.Addr
}
// Clone implements linux syscall clone(2).
-// sys_clone has so many flavors. We implement the default one in the
-// current linux 3.11 x86_64:
+// sys_clone has so many flavors. We implement the default one in linux 3.11
+// x86_64:
// sys_clone(clone_flags, newsp, parent_tidptr, child_tidptr, tls_val)
func Clone(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) {
flags := int(args[0].Int())