packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add loongarch64 seccomp support

Browse Source
This commit is contained in:
zhaixiaojuan 2024-06-15 11:03:37 +08:00
parent db5aceb297
commit 5fc3d80af7
3 changed files with 158 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
patch/0040-add-loongarch64-seccomp-support.patch Normal file
View File

@ -0,0 +1,150 @@
diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go
index 2b15576..841f9d9 100644
--- a/libcontainer/seccomp/config.go
+++ b/libcontainer/seccomp/config.go
@@ -69,6 +69,7 @@ var archs = map[string]string{
"SCMP_ARCH_RISCV64": "riscv64",
"SCMP_ARCH_S390": "s390",
"SCMP_ARCH_S390X": "s390x",
+ "SCMP_ARCH_LOONGARCH64": "loong64",
}
// KnownArchs returns the list of the known archs.
diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go
index 6376512..391c319 100644
--- a/libcontainer/seccomp/patchbpf/enosys_linux.go
+++ b/libcontainer/seccomp/patchbpf/enosys_linux.go
@@ -75,6 +75,7 @@ const uint32_t C_AUDIT_ARCH_PPC64LE = AUDIT_ARCH_PPC64LE;
const uint32_t C_AUDIT_ARCH_S390 = AUDIT_ARCH_S390;
const uint32_t C_AUDIT_ARCH_S390X = AUDIT_ARCH_S390X;
const uint32_t C_AUDIT_ARCH_RISCV64 = AUDIT_ARCH_RISCV64;
+const uint32_t C_AUDIT_ARCH_LOONGARCH64 = AUDIT_ARCH_LOONGARCH64;
*/
import "C"
@@ -212,6 +213,8 @@ func archToNative(arch libseccomp.ScmpArch) (nativeArch, error) {
return nativeArch(C.C_AUDIT_ARCH_S390X), nil
case libseccomp.ArchRISCV64:
return nativeArch(C.C_AUDIT_ARCH_RISCV64), nil
+ case libseccomp.ArchLOONGARCH64:
+ return nativeArch(C.C_AUDIT_ARCH_LOONGARCH64), nil
default:
return invalidArch, fmt.Errorf("unknown architecture: %v", arch)
}
diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go
index e2d363a..a66fe35 100644
--- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go
+++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go
@@ -105,6 +105,7 @@ var testArches = []string{
"ppc64le",
"s390",
"s390x",
+ "loong64",
}
func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) {
diff --git a/libcontainer/system/syscall_linux_64.go b/libcontainer/system/syscall_linux_64.go
index 97f1ba0..5db345a 100644
--- a/libcontainer/system/syscall_linux_64.go
+++ b/libcontainer/system/syscall_linux_64.go
@@ -1,6 +1,6 @@
//go:build linux && (arm64 || amd64 || mips || mipsle || mips64 || mips64le || loong64 || ppc || ppc64 || ppc64le || riscv64 || s390x)
// +build linux
-// +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le riscv64 s390x
+// +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le riscv64 s390x loong64
package system
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
index 135f74a..e32af2f 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -643,6 +643,7 @@ const (
ArchPARISC Arch = "SCMP_ARCH_PARISC"
ArchPARISC64 Arch = "SCMP_ARCH_PARISC64"
ArchRISCV64 Arch = "SCMP_ARCH_RISCV64"
+ ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64"
)
// LinuxSeccompAction taken upon Seccomp rule match
diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go
index 8dad12f..2552394 100644
--- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go
+++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go
@@ -174,6 +174,8 @@ const (
ArchPARISC64
// ArchRISCV64 represents RISCV64
ArchRISCV64
+ // ArchLOONGARCH64 represents 64-bit LoongArch System syscalls
+ ArchLOONGARCH64
)
const (
@@ -305,6 +307,8 @@ func GetArchFromString(arch string) (ScmpArch, error) {
return ArchPARISC64, nil
case "riscv64":
return ArchRISCV64, nil
+ case "loongarch64", "loong64":
+ return ArchLOONGARCH64, nil
default:
return ArchInvalid, fmt.Errorf("cannot convert unrecognized string %q", arch)
}
@@ -351,6 +355,8 @@ func (a ScmpArch) String() string {
return "parisc64"
case ArchRISCV64:
return "riscv64"
+ case ArchLOONGARCH64:
+ return "loong64"
case ArchNative:
return "native"
case ArchInvalid:
diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
index df4dfb7..1997fb3 100644
--- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
+++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
@@ -68,6 +68,10 @@ const uint32_t C_ARCH_BAD = ARCH_BAD;
#define SCMP_ARCH_RISCV64 ARCH_BAD
#endif
+#ifndef SCMP_ARCH_LOONGARCH64
+#define SCMP_ARCH_LOONGARCH64 ARCH_BAD
+#endif
+
const uint32_t C_ARCH_NATIVE = SCMP_ARCH_NATIVE;
const uint32_t C_ARCH_X86 = SCMP_ARCH_X86;
const uint32_t C_ARCH_X86_64 = SCMP_ARCH_X86_64;
@@ -88,6 +92,7 @@ const uint32_t C_ARCH_S390X = SCMP_ARCH_S390X;
const uint32_t C_ARCH_PARISC = SCMP_ARCH_PARISC;
const uint32_t C_ARCH_PARISC64 = SCMP_ARCH_PARISC64;
const uint32_t C_ARCH_RISCV64 = SCMP_ARCH_RISCV64;
+const uint32_t C_ARCH_LOONGARCH64 = SCMP_ARCH_LOONGARCH64;
#ifndef SCMP_ACT_LOG
#define SCMP_ACT_LOG 0x7ffc0000U
@@ -291,7 +296,7 @@ const (
scmpError C.int = -1
// Comparison boundaries to check for architecture validity
archStart ScmpArch = ArchNative
- archEnd ScmpArch = ArchRISCV64
+ archEnd ScmpArch = ArchLOONGARCH64
// Comparison boundaries to check for action validity
actionStart ScmpAction = ActKillThread
actionEnd ScmpAction = ActKillProcess
@@ -551,6 +556,8 @@ func archFromNative(a C.uint32_t) (ScmpArch, error) {
return ArchPARISC64, nil
case C.C_ARCH_RISCV64:
return ArchRISCV64, nil
+ case C.C_ARCH_LOONGARCH64:
+ return ArchLOONGARCH64, nil
default:
return 0x0, fmt.Errorf("unrecognized architecture %#x", uint32(a))
}
@@ -597,6 +604,8 @@ func (a ScmpArch) toNative() C.uint32_t {
return C.C_ARCH_PARISC64
case ArchRISCV64:
return C.C_ARCH_RISCV64
+ case ArchLOONGARCH64:
+ return C.C_ARCH_LOONGARCH64
case ArchNative:
return C.C_ARCH_NATIVE
default:

8
runc.spec
View File

@ -3,7 +3,7 @@
Name: runc Name: runc
Version: 1.1.8 Version: 1.1.8
Release: 16 Release: 17
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
License: ASL 2.0 License: ASL 2.0
@ -57,6 +57,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
%{_bindir}/runc %{_bindir}/runc
%changelog %changelog
* Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 1.1.8-17
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add loongarch64 seccomp support
* Thu May 23 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-16 * Thu May 23 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-16
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

1
series.conf
View File

@ -36,3 +36,4 @@ patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch
patch/0037-runc-fix-CVE-2024-21626.patch patch/0037-runc-fix-CVE-2024-21626.patch
patch/0038-runc-check-cmd-exist.patch patch/0038-runc-check-cmd-exist.patch
patch/0039-runc-fix-CVE-2024-3154.patch patch/0039-runc-fix-CVE-2024-3154.patch
patch/0040-add-loongarch64-seccomp-support.patch