diff options
Diffstat (limited to 'pkg/sentry/syscalls')
-rw-r--r-- | pkg/sentry/syscalls/linux/linux64.go | 21 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_file.go | 3 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_thread.go | 4 |
3 files changed, 19 insertions, 9 deletions
diff --git a/pkg/sentry/syscalls/linux/linux64.go b/pkg/sentry/syscalls/linux/linux64.go index 11bf81f88..13084c0ef 100644 --- a/pkg/sentry/syscalls/linux/linux64.go +++ b/pkg/sentry/syscalls/linux/linux64.go @@ -32,15 +32,19 @@ import ( const _AUDIT_ARCH_X86_64 = 0xc000003e // AMD64 is a table of Linux amd64 syscall API with the corresponding syscall -// numbers from Linux 3.11. The entries commented out are those syscalls we +// numbers from Linux 4.4. The entries commented out are those syscalls we // don't currently support. var AMD64 = &kernel.SyscallTable{ OS: abi.Linux, Arch: arch.AMD64, Version: kernel.Version{ + // Version 4.4 is chosen as a stable, longterm version of Linux, which + // guides the interface provided by this syscall table. The build + // version is that for a clean build with default kernel config, at 5 + // minutes after v4.4 was tagged. Sysname: "Linux", - Release: "3.11.10", - Version: "#1 SMP Fri Nov 29 10:47:50 PST 2013", + Release: "4.4", + Version: "#1 SMP Sun Jan 10 15:06:54 PST 2016", }, AuditNumber: _AUDIT_ARCH_X86_64, Table: map[uintptr]kernel.SyscallFn{ @@ -358,9 +362,18 @@ var AMD64 = &kernel.SyscallTable{ // 311: ProcessVmWritev, TODO may require cap_sys_ptrace 312: syscalls.CapError(linux.CAP_SYS_PTRACE), // Kcmp, requires cap_sys_ptrace 313: syscalls.CapError(linux.CAP_SYS_MODULE), // FinitModule, requires cap_sys_module - // "Backports." + // 314: SchedSetattr, TODO, we have no scheduler + // 315: SchedGetattr, TODO, we have no scheduler + // 316: Renameat2, TODO 317: Seccomp, 318: GetRandom, + // 319: MemfdCreate, TODO + 320: syscalls.CapError(linux.CAP_SYS_BOOT), // KexecFileLoad, infeasible to support + 321: syscalls.CapError(linux.CAP_SYS_ADMIN), // Bpf, requires cap_sys_admin for all commands + // 322: Execveat, TODO + // 323: Userfaultfd, TODO + // 324: Membarrier, TODO + 325: syscalls.Error(nil), // Mlock2, TODO }, Emulate: map[usermem.Addr]uintptr{ diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index a70f35be0..89d21dd98 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -1140,9 +1140,6 @@ func mayLinkAt(t *kernel.Task, target *fs.Inode) error { // always enabled, and thus imposes the following restrictions on hard // links. - // Technically Linux is more restrictive in 3.11.10 (requires CAP_FOWNER in - // root user namespace); this is from the later f2ca379642d7 "namei: permit - // linking with CAP_FOWNER in userns". if target.CheckOwnership(t) { // fs/namei.c:may_linkat: "Source inode owner (or CAP_FOWNER) // can hardlink all they like." diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go index 820ca680e..9eed613a1 100644 --- a/pkg/sentry/syscalls/linux/sys_thread.go +++ b/pkg/sentry/syscalls/linux/sys_thread.go @@ -159,8 +159,8 @@ func clone(t *kernel.Task, flags int, stack usermem.Addr, parentTID usermem.Addr } // Clone implements linux syscall clone(2). -// sys_clone has so many flavors. We implement the default one in the -// current linux 3.11 x86_64: +// sys_clone has so many flavors. We implement the default one in linux 3.11 +// x86_64: // sys_clone(clone_flags, newsp, parent_tidptr, child_tidptr, tls_val) func Clone(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { flags := int(args[0].Int()) |