public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-04 22:35 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-04 22:35 UTC (permalink / raw
  To: gentoo-commits

commit:     e764984e75fd5a08a442bba0102ac8f0aac25051
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  4 22:19:58 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Mar  4 22:19:58 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/pax-utils.git;a=commit;h=e764984e

fix up autotool generation in dist targets

The script was generating autotools first, and then the man pages.  But the
autotool step requires the man pages in order to list them properly.  Flip
the order.

Also clean out the redundant check calls, and make `make dist` just create
the tarball as it's intended.

Reported-by: Christian Neukirchen <chneukirchen <AT> gmail.com>

 Makefile        | 10 +++-------
 make-tarball.sh | 25 ++++++++++++++++++-------
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/Makefile b/Makefile
index 8048d58..4e3da14 100644
--- a/Makefile
+++ b/Makefile
@@ -133,13 +133,9 @@ endif
 PN = pax-utils
 P = $(PN)-$(PV)
 dist:
-	./make-tarball.sh $(PV)
-distcheck: dist
-	rm -rf $(P)
-	tar xf $(P).tar.xz
-	$(MAKE) -C $(P)
-	$(MAKE) -C $(P) check
-	rm -rf $(P)
+	./make-tarball.sh $(DISTCHECK) $(PV)
+distcheck:
+	$(MAKE) dist DISTCHECK=--check
 
 -include .depend
 

diff --git a/make-tarball.sh b/make-tarball.sh
index 83caa75..e99c44d 100755
--- a/make-tarball.sh
+++ b/make-tarball.sh
@@ -12,6 +12,12 @@ v() { printf '\t%s\n' "$*"; "$@"; }
 
 : ${MAKE:=make}
 
+CHECK=false
+if [[ $1 == "--check" ]] ; then
+	CHECK=true
+	shift
+fi
+
 if [[ $# -ne 1 ]] ; then
 	die "Usage: $0 <ver>"
 fi
@@ -20,7 +26,7 @@ case $1 in
 snap) ver=$(date -u +%Y%m%d) ;;
 git) ver="HEAD" ;;
 *)
-	ver="v$1"
+	ver="v${1#v}"
 	if ! git describe --tags "${ver}" >&/dev/null ; then
 		die "Please create the tag first: git tag ${ver}"
 	fi
@@ -33,7 +39,12 @@ mkdir "${p}"
 
 einfo "Checking out clean git sources ..."
 git archive "${ver}" | tar xf - -C "${p}"
-cd "${p}"
+
+pushd "${p}" >/dev/null
+
+einfo "Building docs ..."
+echo "<releaseinfo>${ver#v}</releaseinfo>" > man/fragment/version
+make -C man
 
 einfo "Building autotools ..."
 sed -i "/^AC_INIT/s:git:${ver}:" configure.ac
@@ -41,15 +52,13 @@ sed -i "1iPV := ${ver}" Makefile
 LC_ALL=C ${MAKE} -s autotools >/dev/null
 rm -rf autom4te.cache
 
-einfo "Building docs ..."
-echo "<releaseinfo>${ver#v}</releaseinfo>" > man/fragment/version
-make -C man
-cd ..
+popd >/dev/null
 
 einfo "Generating tarball ..."
 tar cf - "${p}" | xz > "${p}".tar.xz
 rm -r "${p}"
-du -b "${p}".tar.*
+
+if ${CHECK} ; then
 
 einfo "Checking tarball (simple) ..."
 tar xf "${p}".tar.*
@@ -68,6 +77,8 @@ v ${MAKE} -s check
 popd >/dev/null
 rm -rf "${p}"
 
+fi
+
 echo
 einfo "All ready for distribution!"
 du -b "${p}".tar.*


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-06 11:52 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-06 11:52 UTC (permalink / raw
  To: gentoo-commits

commit:     c9de288a25db4a56428c0eb5623d7433b60a7807
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  6 11:52:13 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Mar  6 11:52:13 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c9de288a

README: update Fedora URL

Reported-by: Dominik Mierzejewski <rpm <AT> greysector.net>

 README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README b/README
index 462e5ad..43d485c 100644
--- a/README
+++ b/README
@@ -53,7 +53,7 @@ http://magog.se/crux/pax-utils/Pkgfile
 Maintainer: mattias@hedenskog.se
 
 (Fedora)
-https://admin.fedoraproject.org/pkgdb/acls/name/pax-utils
+https://apps.fedoraproject.org/packages/pax-utils
 Maintainer:  Dominik 'Rathann' Mierzejewski <rpm@greysector.net>
 
 (ArchLinux?)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-10  3:36 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-10  3:36 UTC (permalink / raw
  To: gentoo-commits

commit:     52d761bc07f59eed70b71c862bdf8a389172e294
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 10 03:35:51 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Mar 10 03:35:51 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=52d761bc

scanelf: respect QA_EXECSTACK for .note.GNU-stack sections

URL: https://bugs.gentoo.org/539606

 scanelf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scanelf.c b/scanelf.c
index 4db4c35..64c4fc8 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -475,6 +475,8 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 				continue; \
 			if (!strcmp(elf->data + offset, NOTE_GNU_STACK)) { \
 				if (multi_stack++) warnf("%s: multiple .note.GNU-stack's !?", elf->filename); \
+				if (file_matches_list(elf->filename, qa_execstack)) \
+					continue; \
 				flags = EGET(shdr[i].sh_flags); \
 				if (be_quiet && ((flags & check_flags) != check_flags)) \
 					continue; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-10  4:19 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-10  4:19 UTC (permalink / raw
  To: gentoo-commits

commit:     7609b76c57386b747cdc7dcb4ca440a472a38fbf
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 10 04:17:53 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Mar 10 04:17:53 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7609b76c

scanelf: fix off-by-one shdr validity check

If a section header is at the end of the file, we end up incorrectly
rejecting it due to a slightly restrictive validity check.

Also drop some redundant shdr checks -- these came from the helper
scanelf_file_get_symtabs, and that already makes sure to only return
valid section headers.

Reported-by: Dominik Mierzejewski <rpm <AT> greysector.net>

 paxelf.h  | 2 +-
 scanelf.c | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/paxelf.h b/paxelf.h
index 0610516..034e0d7 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -44,7 +44,7 @@ typedef struct {
 	 EGET(shdr->sh_type) != SHT_NOBITS && \
 	 EGET(shdr->sh_offset) < (uint64_t)elf->len && \
 	 EGET(shdr->sh_size) < (uint64_t)elf->len && \
-	 EGET(shdr->sh_offset) < elf->len - EGET(shdr->sh_size))
+	 EGET(shdr->sh_offset) <= elf->len - EGET(shdr->sh_size))
 
 /* prototypes */
 extern char *pax_short_hf_flags(unsigned long flags);

diff --git a/scanelf.c b/scanelf.c
index 64c4fc8..599e2ed 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1426,8 +1426,6 @@ static const char *scanelf_file_sym(elfobj *elf, char *found_sym)
 		Elf ## B ## _Word i, cnt = EGET(symtab->sh_entsize); \
 		char *symname; \
 		size_t ret_len = 0; \
-		if (!VALID_SHDR(elf, symtab) || !VALID_SHDR(elf, strtab)) \
-			goto break_out; \
 		if (cnt) \
 			cnt = EGET(symtab->sh_size) / cnt; \
 		for (i = 0; i < cnt; ++i) { \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-10  5:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-10  5:31 UTC (permalink / raw
  To: gentoo-commits

commit:     28ff31c61aca36ba43f1e12632fc5df123560a1a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 10 04:37:46 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Mar 10 04:37:46 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=28ff31c6

elf.h: sync with glibc

 elf.h    | 180 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 paxelf.c |  31 +----------
 2 files changed, 174 insertions(+), 37 deletions(-)

diff --git a/elf.h b/elf.h
index e904a2c..fda7585 100644
--- a/elf.h
+++ b/elf.h
@@ -1,5 +1,5 @@
 /* This file defines standard ELF types, structures, and macros.
-   Copyright (C) 1995-2014 Free Software Foundation, Inc.
+   Copyright (C) 1995-2015 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -262,6 +262,7 @@ typedef struct
 #define EM_ARCA 	109		/* Arca RISC Microprocessor */
 #define EM_UNICORE	110		/* Microprocessor series from PKU-Unity Ltd. */
 					/* and MPRC of Peking University */
+#define EM_ALTERA_NIOS2 113		/* Altera Nios II */
 #define EM_AARCH64	183		/* ARM AARCH64 */
 #define EM_TILEPRO	188		/* Tilera TILEPro */
 #define EM_MICROBLAZE	189		/* Xilinx MicroBlaze */
@@ -1396,6 +1397,7 @@ typedef struct
 #define EF_MIPS_64BIT_WHIRL	16
 #define EF_MIPS_ABI2		32
 #define EF_MIPS_ABI_ON32	64
+#define EF_MIPS_FP64		512  /* Uses FP64 (12 callee-saved).  */
 #define EF_MIPS_NAN2008	1024  /* Uses IEEE 754-2008 NaN encoding.  */
 #define EF_MIPS_ARCH		0xf0000000 /* MIPS architecture level.  */
 
@@ -1644,9 +1646,10 @@ typedef struct
 
 /* Legal values for p_type field of Elf32_Phdr.  */
 
-#define PT_MIPS_REGINFO	0x70000000	/* Register usage information */
-#define PT_MIPS_RTPROC  0x70000001	/* Runtime procedure table. */
-#define PT_MIPS_OPTIONS 0x70000002
+#define PT_MIPS_REGINFO	  0x70000000	/* Register usage information. */
+#define PT_MIPS_RTPROC	  0x70000001	/* Runtime procedure table. */
+#define PT_MIPS_OPTIONS	  0x70000002
+#define PT_MIPS_ABIFLAGS  0x70000003	/* FP mode requirement. */
 
 /* Special program header types.  */
 
@@ -1768,6 +1771,101 @@ typedef struct
 
 typedef Elf32_Addr Elf32_Conflict;
 
+typedef struct
+{
+  /* Version of flags structure.  */
+  Elf32_Half version;
+  /* The level of the ISA: 1-5, 32, 64.  */
+  unsigned char isa_level;
+  /* The revision of ISA: 0 for MIPS V and below, 1-n otherwise.  */
+  unsigned char isa_rev;
+  /* The size of general purpose registers.  */
+  unsigned char gpr_size;
+  /* The size of co-processor 1 registers.  */
+  unsigned char cpr1_size;
+  /* The size of co-processor 2 registers.  */
+  unsigned char cpr2_size;
+  /* The floating-point ABI.  */
+  unsigned char fp_abi;
+  /* Processor-specific extension.  */
+  Elf32_Word isa_ext;
+  /* Mask of ASEs used.  */
+  Elf32_Word ases;
+  /* Mask of general flags.  */
+  Elf32_Word flags1;
+  Elf32_Word flags2;
+} Elf_MIPS_ABIFlags_v0;
+
+/* Values for the register size bytes of an abi flags structure.  */
+
+#define MIPS_AFL_REG_NONE	0x00	 /* No registers.  */
+#define MIPS_AFL_REG_32		0x01	 /* 32-bit registers.  */
+#define MIPS_AFL_REG_64		0x02	 /* 64-bit registers.  */
+#define MIPS_AFL_REG_128	0x03	 /* 128-bit registers.  */
+
+/* Masks for the ases word of an ABI flags structure.  */
+
+#define MIPS_AFL_ASE_DSP	0x00000001 /* DSP ASE.  */
+#define MIPS_AFL_ASE_DSPR2	0x00000002 /* DSP R2 ASE.  */
+#define MIPS_AFL_ASE_EVA	0x00000004 /* Enhanced VA Scheme.  */
+#define MIPS_AFL_ASE_MCU	0x00000008 /* MCU (MicroController) ASE.  */
+#define MIPS_AFL_ASE_MDMX	0x00000010 /* MDMX ASE.  */
+#define MIPS_AFL_ASE_MIPS3D	0x00000020 /* MIPS-3D ASE.  */
+#define MIPS_AFL_ASE_MT		0x00000040 /* MT ASE.  */
+#define MIPS_AFL_ASE_SMARTMIPS	0x00000080 /* SmartMIPS ASE.  */
+#define MIPS_AFL_ASE_VIRT	0x00000100 /* VZ ASE.  */
+#define MIPS_AFL_ASE_MSA	0x00000200 /* MSA ASE.  */
+#define MIPS_AFL_ASE_MIPS16	0x00000400 /* MIPS16 ASE.  */
+#define MIPS_AFL_ASE_MICROMIPS	0x00000800 /* MICROMIPS ASE.  */
+#define MIPS_AFL_ASE_XPA	0x00001000 /* XPA ASE.  */
+#define MIPS_AFL_ASE_MASK	0x00001fff /* All ASEs.  */
+
+/* Values for the isa_ext word of an ABI flags structure.  */
+
+#define MIPS_AFL_EXT_XLR	  1   /* RMI Xlr instruction.  */
+#define MIPS_AFL_EXT_OCTEON2	  2   /* Cavium Networks Octeon2.  */
+#define MIPS_AFL_EXT_OCTEONP	  3   /* Cavium Networks OcteonP.  */
+#define MIPS_AFL_EXT_LOONGSON_3A  4   /* Loongson 3A.  */
+#define MIPS_AFL_EXT_OCTEON	  5   /* Cavium Networks Octeon.  */
+#define MIPS_AFL_EXT_5900	  6   /* MIPS R5900 instruction.  */
+#define MIPS_AFL_EXT_4650	  7   /* MIPS R4650 instruction.  */
+#define MIPS_AFL_EXT_4010	  8   /* LSI R4010 instruction.  */
+#define MIPS_AFL_EXT_4100	  9   /* NEC VR4100 instruction.  */
+#define MIPS_AFL_EXT_3900	  10  /* Toshiba R3900 instruction.  */
+#define MIPS_AFL_EXT_10000	  11  /* MIPS R10000 instruction.  */
+#define MIPS_AFL_EXT_SB1	  12  /* Broadcom SB-1 instruction.  */
+#define MIPS_AFL_EXT_4111	  13  /* NEC VR4111/VR4181 instruction.  */
+#define MIPS_AFL_EXT_4120	  14  /* NEC VR4120 instruction.  */
+#define MIPS_AFL_EXT_5400	  15  /* NEC VR5400 instruction.  */
+#define MIPS_AFL_EXT_5500	  16  /* NEC VR5500 instruction.  */
+#define MIPS_AFL_EXT_LOONGSON_2E  17  /* ST Microelectronics Loongson 2E.  */
+#define MIPS_AFL_EXT_LOONGSON_2F  18  /* ST Microelectronics Loongson 2F.  */
+
+/* Masks for the flags1 word of an ABI flags structure.  */
+#define MIPS_AFL_FLAGS1_ODDSPREG  1  /* Uses odd single-precision registers.  */
+
+/* Object attribute values.  */
+enum
+{
+  /* Not tagged or not using any ABIs affected by the differences.  */
+  Val_GNU_MIPS_ABI_FP_ANY = 0,
+  /* Using hard-float -mdouble-float.  */
+  Val_GNU_MIPS_ABI_FP_DOUBLE = 1,
+  /* Using hard-float -msingle-float.  */
+  Val_GNU_MIPS_ABI_FP_SINGLE = 2,
+  /* Using soft-float.  */
+  Val_GNU_MIPS_ABI_FP_SOFT = 3,
+  /* Using -mips32r2 -mfp64.  */
+  Val_GNU_MIPS_ABI_FP_OLD_64 = 4,
+  /* Using -mfpxx.  */
+  Val_GNU_MIPS_ABI_FP_XX = 5,
+  /* Using -mips32r2 -mfp64.  */
+  Val_GNU_MIPS_ABI_FP_64 = 6,
+  /* Using -mips32r2 -mfp64 -mno-odd-spreg.  */
+  Val_GNU_MIPS_ABI_FP_64A = 7,
+  /* Maximum allocated FP ABI value.  */
+  Val_GNU_MIPS_ABI_FP_MAX = 7
+};
 
 /* HPPA specific definitions.  */
 
@@ -2296,7 +2394,7 @@ typedef Elf32_Addr Elf32_Conflict;
 #define DT_PPC64_OPD	(DT_LOPROC + 1)
 #define DT_PPC64_OPDSZ	(DT_LOPROC + 2)
 #define DT_PPC64_OPT	(DT_LOPROC + 3)
-#define DT_PPC64_NUM    3
+#define DT_PPC64_NUM    4
 
 /* PowerPC64 specific values for the DT_PPC64_OPT Dyn entry.  */
 #define PPC64_OPT_TLS		1
@@ -2375,6 +2473,20 @@ typedef Elf32_Addr Elf32_Conflict;
 /* AArch64 relocs.  */
 
 #define R_AARCH64_NONE            0	/* No relocation.  */
+
+/* ILP32 AArch64 relocs.  */
+#define R_AARCH64_P32_ABS32		  1	/* Direct 32 bit.  */
+#define R_AARCH64_P32_COPY		180	/* Copy symbol at runtime.  */
+#define R_AARCH64_P32_GLOB_DAT		181	/* Create GOT entry.  */
+#define R_AARCH64_P32_JUMP_SLOT		182	/* Create PLT entry.  */
+#define R_AARCH64_P32_RELATIVE		183	/* Adjust by program base.  */
+#define R_AARCH64_P32_TLS_DTPMOD	184	/* Module number, 32 bit.  */
+#define R_AARCH64_P32_TLS_DTPREL	185	/* Module-relative offset, 32 bit.  */
+#define R_AARCH64_P32_TLS_TPREL		186	/* TP-relative offset, 32 bit.  */
+#define R_AARCH64_P32_TLSDESC		187	/* TLS Descriptor.  */
+#define R_AARCH64_P32_IRELATIVE		188	/* STT_GNU_IFUNC relocation. */
+
+/* LP64 AArch64 relocs.  */
 #define R_AARCH64_ABS64         257	/* Direct 64 bit. */
 #define R_AARCH64_ABS32         258	/* Direct 32 bit.  */
 #define R_AARCH64_ABS16		259	/* Direct 16-bit.  */
@@ -2492,9 +2604,9 @@ typedef Elf32_Addr Elf32_Conflict;
 #define R_AARCH64_GLOB_DAT     1025	/* Create GOT entry.  */
 #define R_AARCH64_JUMP_SLOT    1026	/* Create PLT entry.  */
 #define R_AARCH64_RELATIVE     1027	/* Adjust by program base.  */
-#define R_AARCH64_TLS_DTPMOD64 1028	/* Module number, 64 bit.  */
-#define R_AARCH64_TLS_DTPREL64 1029	/* Module-relative offset, 64 bit.  */
-#define R_AARCH64_TLS_TPREL64  1030	/* TP-relative offset, 64 bit.  */
+#define R_AARCH64_TLS_DTPMOD   1028	/* Module number, 64 bit.  */
+#define R_AARCH64_TLS_DTPREL   1029	/* Module-relative offset, 64 bit.  */
+#define R_AARCH64_TLS_TPREL    1030	/* TP-relative offset, 64 bit.  */
 #define R_AARCH64_TLSDESC      1031	/* TLS Descriptor.  */
 #define R_AARCH64_IRELATIVE	1032	/* STT_GNU_IFUNC relocation.  */
 
@@ -3145,6 +3257,58 @@ typedef Elf32_Addr Elf32_Conflict;
 #define R_MICROBLAZE_TLSGOTTPREL32	28	/* TLS Offset From Thread Pointer. */
 #define R_MICROBLAZE_TLSTPREL32 	29	/* TLS Offset From Thread Pointer. */
 
+/* Legal values for d_tag (dynamic entry type).  */
+#define DT_NIOS2_GP             0x70000002 /* Address of _gp.  */
+
+/* Nios II relocations.  */
+#define R_NIOS2_NONE		0	/* No reloc.  */
+#define R_NIOS2_S16		1	/* Direct signed 16 bit.  */
+#define R_NIOS2_U16		2	/* Direct unsigned 16 bit.  */
+#define R_NIOS2_PCREL16		3	/* PC relative 16 bit.  */
+#define R_NIOS2_CALL26		4	/* Direct call.  */
+#define R_NIOS2_IMM5		5	/* 5 bit constant expression.  */
+#define R_NIOS2_CACHE_OPX	6	/* 5 bit expression, shift 22.  */
+#define R_NIOS2_IMM6		7	/* 6 bit constant expression.  */
+#define R_NIOS2_IMM8		8	/* 8 bit constant expression.  */
+#define R_NIOS2_HI16		9	/* High 16 bit.  */
+#define R_NIOS2_LO16		10	/* Low 16 bit.  */
+#define R_NIOS2_HIADJ16		11	/* High 16 bit, adjusted.  */
+#define R_NIOS2_BFD_RELOC_32	12	/* 32 bit symbol value + addend.  */
+#define R_NIOS2_BFD_RELOC_16	13	/* 16 bit symbol value + addend.  */
+#define R_NIOS2_BFD_RELOC_8	14	/* 8 bit symbol value + addend.  */
+#define R_NIOS2_GPREL		15	/* 16 bit GP pointer offset.  */
+#define R_NIOS2_GNU_VTINHERIT	16	/* GNU C++ vtable hierarchy.  */
+#define R_NIOS2_GNU_VTENTRY	17	/* GNU C++ vtable member usage.  */
+#define R_NIOS2_UJMP		18	/* Unconditional branch.  */
+#define R_NIOS2_CJMP		19	/* Conditional branch.  */
+#define R_NIOS2_CALLR		20	/* Indirect call through register.  */
+#define R_NIOS2_ALIGN		21	/* Alignment requirement for
+					   linker relaxation.  */
+#define R_NIOS2_GOT16		22	/* 16 bit GOT entry.  */
+#define R_NIOS2_CALL16		23	/* 16 bit GOT entry for function.  */
+#define R_NIOS2_GOTOFF_LO	24	/* %lo of offset to GOT pointer.  */
+#define R_NIOS2_GOTOFF_HA	25	/* %hiadj of offset to GOT pointer.  */
+#define R_NIOS2_PCREL_LO	26	/* %lo of PC relative offset.  */
+#define R_NIOS2_PCREL_HA	27	/* %hiadj of PC relative offset.  */
+#define R_NIOS2_TLS_GD16	28	/* 16 bit GOT offset for TLS GD.  */
+#define R_NIOS2_TLS_LDM16	29	/* 16 bit GOT offset for TLS LDM.  */
+#define R_NIOS2_TLS_LDO16	30	/* 16 bit module relative offset.  */
+#define R_NIOS2_TLS_IE16	31	/* 16 bit GOT offset for TLS IE.  */
+#define R_NIOS2_TLS_LE16	32	/* 16 bit LE TP-relative offset.  */
+#define R_NIOS2_TLS_DTPMOD	33	/* Module number.  */
+#define R_NIOS2_TLS_DTPREL	34	/* Module-relative offset.  */
+#define R_NIOS2_TLS_TPREL	35	/* TP-relative offset.  */
+#define R_NIOS2_COPY		36	/* Copy symbol at runtime.  */
+#define R_NIOS2_GLOB_DAT	37	/* Create GOT entry.  */
+#define R_NIOS2_JUMP_SLOT	38	/* Create PLT entry.  */
+#define R_NIOS2_RELATIVE	39	/* Adjust by program base.  */
+#define R_NIOS2_GOTOFF		40	/* 16 bit offset to GOT pointer.  */
+#define R_NIOS2_CALL26_NOAT	41	/* Direct call in .noat section.  */
+#define R_NIOS2_GOT_LO		42	/* %lo() of GOT entry.  */
+#define R_NIOS2_GOT_HA		43	/* %hiadj() of GOT entry.  */
+#define R_NIOS2_CALL_LO		44	/* %lo() of function GOT entry.  */
+#define R_NIOS2_CALL_HA		45	/* %hiadj() of function GOT entry.  */
+
 /* TILEPro relocations.  */
 #define R_TILEPRO_NONE		0	/* No reloc */
 #define R_TILEPRO_32		1	/* Direct 32 bit */

diff --git a/paxelf.c b/paxelf.c
index bcc0251..2bafda4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -266,6 +266,7 @@ static pairtype elf_emtypes[] = {
 	QUERY(EM_SEP),
 	QUERY(EM_ARCA),
 	QUERY(EM_UNICORE),
+	QUERY(EM_ALTERA_NIOS2),
 	QUERY(EM_AARCH64),
 	QUERY(EM_TILEPRO),
 	QUERY(EM_MICROBLAZE),
@@ -367,6 +368,7 @@ static pairtype elf_dtypes[] = {
 	QUERY(DT_VERSYM),
 	QUERY(DT_RELACOUNT),
 	QUERY(DT_RELCOUNT),
+	QUERY(DT_FLAGS_1),
 	QUERY(DT_VERDEF),
 	QUERY(DT_VERDEFNUM),
 	QUERY(DT_VERNEED),
@@ -744,32 +746,3 @@ void *elf_findsecbyname(elfobj *elf, const char *name)
 
 	return ret;
 }
-
-#if 0
- # define ELFOSABI_NONE           0       /* UNIX System V ABI */
- # define ELFOSABI_SYSV           0       /* Alias.  */
- # define ELFOSABI_HPUX           1       /* HP-UX */
- # define ELFOSABI_NETBSD         2       /* NetBSD.  */
- # define ELFOSABI_LINUX          3       /* Linux.  */
- # define ELFOSABI_SOLARIS        6       /* Sun Solaris.  */
- # define ELFOSABI_AIX            7       /* IBM AIX.  */
- # define ELFOSABI_IRIX           8       /* SGI Irix.  */
- # define ELFOSABI_FREEBSD        9       /* FreeBSD.  */
- # define ELFOSABI_TRU64          10      /* Compaq TRU64 UNIX.  */
- # define ELFOSABI_MODESTO        11      /* Novell Modesto.  */
- # define ELFOSABI_OPENBSD        12      /* OpenBSD.  */
- # define ELFOSABI_ARM            97      /* ARM */
- # define ELFOSABI_STANDALONE     255     /* Standalone (embedded) application */
-
- /* These 3 ABIs should be in elf.h but are not.
-  * http://www.caldera.com/developers/gabi/latest/ch4.eheader.html#generic_osabi_values
-  */
-
- # define ELFOSABI_OPENVMS 13     /* OpenVMS */
- # define ELFOSABI_NSK     14     /* Hewlett-Packard Non-Stop Kernel */
- # define ELFOSABI_AROS    15     /* Amiga Research OS */
-
- #4 reserved for IA32 GNU Mach/Hurd
- #5 reserved for 86Open common IA32 ABI
-
-#endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-10  5:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-10  5:31 UTC (permalink / raw
  To: gentoo-commits

commit:     8115dc905a772153a1cebaf06ca4f0ba2e257caa
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 10 05:24:38 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Mar 10 05:24:38 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8115dc90

lddtree.py: dereference the interp symlink to handle desynced ABIs better

On aarch64/s390x, the interp is always placed in /lib/ while the libs are
normally placed in /lib64/.  If the interp is a symlink (which it normally
is here), then dereference it to locate the lib paths automatically.  This
also fixes up some bad lstrip logic in the /usr path expansion.

We could update lddtree.sh with a similar fix, but it would take more work
as it doesn't have the readlink helper to properly walk symlinks according
to an alternative root.  Plus, it already uses strings to try and extract
the paths the ldso was compiled against, and that seems to work in these
cases.

Reported-by: Jakub Čajka <jcajka <AT> redhat.com>
URL: https://bugzilla.redhat.com/1162184

 lddtree.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 4d1b15e..c284182 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -372,15 +372,25 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
         interp = bstr(segment.get_interp_name())
         dbg(debug, '  interp           =', interp)
         ret['interp'] = normpath(root + interp)
+        real_interp = readlink(ret['interp'], root, prefixed=True)
         ret['libs'][os.path.basename(interp)] = {
             'path': ret['interp'],
-            'realpath': readlink(ret['interp'], root, prefixed=True),
+            'realpath': real_interp,
             'needed': [],
         }
-        # XXX: Should read it and scan for /lib paths.
+        # XXX: Could read it and scan for /lib paths.
+        # If the interp is a symlink, lets follow it on the assumption that it
+        # is in this path purely for ABI reasons, and the distro is using a
+        # different (probably more correct) path.  This can come up in some
+        # multilib situations like s390x where /lib64/ contains all the native
+        # libraries, but /lib/ld64.so.1 is the interp hardcoded in gcc, so the
+        # ld64.so.1 is really a symlink to ../lib64/ld64.so.1.  In the multiarch
+        # setup, it'll be /lib/ld64.so.1 -> /lib/s390x-linux-gnu/ld64.so.1.
+        # That is why we use |real_interp| here instead of |interp|.
         ldpaths['interp'] = [
-            normpath(root + os.path.dirname(interp)),
-            normpath(root + prefix + '/usr' + os.path.dirname(interp).lstrip(prefix)),
+            os.path.dirname(real_interp),
+            normpath(root + prefix + '/usr/' + os.path.dirname(
+                real_interp)[len(root) + len(prefix):]),
         ]
         dbg(debug, '  ldpaths[interp]  =', ldpaths['interp'])
         break


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-29 20:07 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-29 20:07 UTC (permalink / raw
  To: gentoo-commits

commit:     2b082492cbe31270c7a74f1127a3433091b43db6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 14 06:41:20 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Mar 14 06:44:32 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2b082492

scanelf: handle more corrupt elf symbol tables

 scanelf.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 599e2ed..a50b6e4 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -461,8 +461,9 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 		Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
 		uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
 		Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
-		if (shstrndx >= elf->len - sizeof(*strtbl) || !VALID_SHDR(elf, strtbl)) \
-			goto skip_this_shdr##B; \
+		if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \
+		    !VALID_SHDR(elf, strtbl)) \
+			goto corrupt_shdr; \
 		/* let's flag -w/+x object files since the final ELF will most likely \
 		 * need write access to the stack (who doesn't !?).  so the combined \
 		 * output will bring in +w automatically and that's bad. \
@@ -489,7 +490,6 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 				break; \
 			} \
 		} \
-		skip_this_shdr##B: \
 		if (!multi_stack) { \
 			if (file_matches_list(elf->filename, qa_execstack)) \
 				return NULL; \
@@ -506,6 +506,10 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 		return NULL;
 	else
 		return ret;
+
+ corrupt_shdr:
+	warnf("%s: section table is corrupt", elf->filename);
+	return NULL;
 }
 
 /*


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-29 20:07 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-29 20:07 UTC (permalink / raw
  To: gentoo-commits

commit:     f664177eae4181dfbd919063fa4a17bf1baac087
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 29 19:28:10 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Mar 29 19:28:10 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f664177e

build: link against gnulib

URL: https://bugs.gentoo.org/544730

 Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index 9f51139..57aecfa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -13,7 +13,7 @@ libpaxutils_la_SOURCES = \
 	paxinc.c \
 	paxmacho.c \
 	xfuncs.c
-LDADD = libpaxutils.la
+LDADD = libpaxutils.la $(top_builddir)/autotools/gnulib/libgnu.a
 
 bin_SCRIPTS = lddtree symtree
 bin_PROGRAMS = scanelf dumpelf pspax scanmacho


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-03-29 20:07 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-03-29 20:07 UTC (permalink / raw
  To: gentoo-commits

commit:     7d364f3f20e74aab152288d92cef1e0bba513240
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 29 19:36:08 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Mar 29 19:36:08 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7d364f3f

scanelf: add paren to quiet new gcc-5 warning

Newer gcc versions throw a warning on code that is written how we want
(comparing the result of !strcmp to a variable).  Add a set of paren to
make gcc happy.

scanelf.c: In function 'scanelf_file_needed_lib':
scanelf.c:1083:43: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
        if (!strcmp(find_lib_name, needed) == invert) \
                                           ^

 scanelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index a50b6e4..7219f1c 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1080,7 +1080,7 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 							int invert = 1; \
 							if (find_lib_name[0] == '!') \
 								invert = 0, ++find_lib_name; \
-							if (!strcmp(find_lib_name, needed) == invert) \
+							if ((!strcmp(find_lib_name, needed)) == invert) \
 								++matched; \
 						} \
 						\


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-05-24  3:22 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-05-24  3:22 UTC (permalink / raw
  To: gentoo-commits

commit:     2c9a448d892901e084103896bd15f34d1e12c430
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun May 24 03:21:58 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun May 24 03:21:58 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2c9a448d

README: update Gentoo links

 README | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README b/README
index 43d485c..4026140 100644
--- a/README
+++ b/README
@@ -1,6 +1,6 @@
-HOMEPAGE: http://hardened.gentoo.org/pax-utils.xml
-GIT: git clone git://git.overlays.gentoo.org/proj/pax-utils.git
-VIEWVCS: http://git.overlays.gentoo.org/gitweb/?p=proj/pax-utils.git
+HOMEPAGE: https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
+GIT: git clone git://anongit.gentoo.org/proj/pax-utils.git
+VIEWVCS: https://gitweb.gentoo.org/proj/pax-utils.git/
 
 pax-utils is a small set of various PaX aware and related utilities for 
 ELF binaries. It was written for ELF Q/A on Gentoo systems but can be 
@@ -22,8 +22,8 @@ see the homepage at http://pax.grsecurity.net/
 == LINKS ==
 
 (Gentoo)
-http://www.gentoo.org/proj/en/hardened/pax-utils.xml
-http://git.overlays.gentoo.org/gitweb/?p=proj/pax-utils.git
+https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
+https://gitweb.gentoo.org/proj/pax-utils.git/
 Maintainer: solar@gentoo.org,vapier@gentoo.org
 
 (openSUSE)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-07-13  9:14 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-07-13  9:14 UTC (permalink / raw
  To: gentoo-commits

commit:     fa5ae8d08656c784c41818b298aa9321458b15ce
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 13 08:48:03 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jul 13 08:48:03 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=fa5ae8d0

scanelf: include filename/details in all ar related messages

When scanelf runs on a directory tree, it might issue an error message
about invalid data because of one of the files in there.  Trying to then
track down that file is kind of a pain, so make things more explicit.

 paxinc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/paxinc.c b/paxinc.c
index b9a196b..f2ce3c5 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -40,7 +40,7 @@ archive_handle *ar_open(const char *filename)
 	archive_handle *ret;
 
 	if ((fd=open(filename, O_RDONLY)) == -1)
-		err("Could not open '%s'", filename);
+		errp("%s: could not open", filename);
 
 	ret = ar_open_fd(filename, fd);
 	if (ret == NULL)
@@ -76,13 +76,13 @@ close_and_ret:
 	}
 
 	if ((ret.buf.formatted.magic[0] != '`') || (ret.buf.formatted.magic[1] != '\n')) {
-		warn("Invalid ar entry");
+		warn("%s: invalid ar entry", ar->filename);
 		goto close_and_ret;
 	}
 
 	if (ret.buf.formatted.name[0] == '/' && ret.buf.formatted.name[1] == '/') {
 		if (ar->extfn != NULL) {
-			warn("Duplicate GNU extended filename section");
+			warn("%s: Duplicate GNU extended filename section", ar->filename);
 			goto close_and_ret;
 		}
 		len = atoi(ret.buf.formatted.size);
@@ -112,7 +112,7 @@ close_and_ret:
 	} else if (s[0] == '/' && s[1] >= '0' && s[1] <= '9') {
 		/* GNU extended filename */
 		if (ar->extfn == NULL) {
-			warn("GNU extended filename without special data section");
+			warn("%s: GNU extended filename without special data section", ar->filename);
 			goto close_and_ret;
 		}
 		s = ar->extfn + atoi(s + 1);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-07-13  9:14 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-07-13  9:14 UTC (permalink / raw
  To: gentoo-commits

commit:     b9e102a371169f2aec0b9945c6450b9576a95012
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  4 05:04:07 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  4 05:04:07 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b9e102a3

lddtree.py: convert to arparse

 lddtree.py | 184 ++++++++++++++++++++++++++++++-------------------------------
 1 file changed, 91 insertions(+), 93 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index c284182..645cfd1 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -9,13 +9,42 @@
 
 This does not work like `ldd` in that we do not execute/load code (only read
 files on disk), and we should the ELFs as a tree rather than a flat list.
+
+Paths may be globs that lddtree will take care of expanding.
+Useful when you want to glob a path under the ROOT path.
+
+When using the --root option, all paths are implicitly prefixed by that.
+  e.g. lddtree -R /my/magic/root /bin/bash
+This will load up the ELF found at /my/magic/root/bin/bash and then resolve
+all libraries via that path.  If you wish to actually read /bin/bash (and
+so use the ROOT path as an alternative library tree), you can specify the
+--no-auto-root option.
+
+When pairing --root with --copy-to-tree, the ROOT path will be stripped.
+  e.g. lddtree -R /my/magic/root --copy-to-tree /foo /bin/bash
+You will see /foo/bin/bash and /foo/lib/libc.so.6 and not paths like
+/foo/my/magic/root/bin/bash.  If you want that, you'll have to manually
+add the ROOT path to the output path.
+
+The --bindir and --libdir flags are used to normalize the output subdirs
+when used with --copy-to-tree.
+  e.g. lddtree --copy-to-tree /foo /bin/bash /usr/sbin/lspci /usr/bin/lsof
+This will mirror the input paths in the output.  So you will end up with
+/foo/bin/bash and /foo/usr/sbin/lspci and /foo/usr/bin/lsof.  Similarly,
+the libraries needed will be scattered among /foo/lib/ and /foo/usr/lib/
+and perhaps other paths (like /foo/lib64/ and /usr/lib/gcc/...).  You can
+collapse all that down into nice directory structure.
+  e.g. lddtree --copy-to-tree /foo /bin/bash /usr/sbin/lspci /usr/bin/lsof \\
+               --bindir /bin --libdir /lib
+This will place bash, lspci, and lsof into /foo/bin/.  All the libraries
+they need will be placed into /foo/lib/ only.
 """
 
 from __future__ import print_function
 
+import argparse
 import glob
 import errno
-import optparse
 import os
 import shutil
 import sys
@@ -451,13 +480,9 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
   return ret
 
 
-def _NormalizePath(option, _opt, value, parser):
-  setattr(parser.values, option.dest, normpath(value))
-
-
-def _ShowVersion(_option, _opt, _value, _parser):
-  print('lddtree by Mike Frysinger <vapier@gentoo.org>')
-  sys.exit(0)
+class _NormalizePathAction(argparse.Action):
+  def __call__(self, parser, namespace, values, option_string=None):
+    setattr(namespace, self.dest, normpath(values))
 
 
 def _ActionShow(options, elf):
@@ -590,91 +615,64 @@ def _ActionCopy(options, elf):
 
 
 def main(argv):
-  parser = optparse.OptionParser("""%prog [options] <ELFs>
-
-Display ELF dependencies as a tree
-
-<ELFs> can be globs that lddtree will take care of expanding.
-Useful when you want to glob a path under the ROOT path.
-
-When using the --root option, all paths are implicitly prefixed by that.
-  e.g. lddtree -R /my/magic/root /bin/bash
-This will load up the ELF found at /my/magic/root/bin/bash and then resolve
-all libraries via that path.  If you wish to actually read /bin/bash (and
-so use the ROOT path as an alternative library tree), you can specify the
---no-auto-root option.
-
-When pairing --root with --copy-to-tree, the ROOT path will be stripped.
-  e.g. lddtree -R /my/magic/root --copy-to-tree /foo /bin/bash
-You will see /foo/bin/bash and /foo/lib/libc.so.6 and not paths like
-/foo/my/magic/root/bin/bash.  If you want that, you'll have to manually
-add the ROOT path to the output path.
-
-The --bindir and --libdir flags are used to normalize the output subdirs
-when used with --copy-to-tree.
-  e.g. lddtree --copy-to-tree /foo /bin/bash /usr/sbin/lspci /usr/bin/lsof
-This will mirror the input paths in the output.  So you will end up with
-/foo/bin/bash and /foo/usr/sbin/lspci and /foo/usr/bin/lsof.  Similarly,
-the libraries needed will be scattered among /foo/lib/ and /foo/usr/lib/
-and perhaps other paths (like /foo/lib64/ and /usr/lib/gcc/...).  You can
-collapse all that down into nice directory structure.
-  e.g. lddtree --copy-to-tree /foo /bin/bash /usr/sbin/lspci /usr/bin/lsof \\
-               --bindir /bin --libdir /lib
-This will place bash, lspci, and lsof into /foo/bin/.  All the libraries
-they need will be placed into /foo/lib/ only.""")
-  parser.add_option('-a', '--all',
-                    action='store_true', default=False,
-                    help='Show all duplicated dependencies')
-  parser.add_option('-R', '--root',
-                    default=os.environ.get('ROOT', ''), type='string',
-                    action='callback', callback=_NormalizePath,
-                    help='Search for all files/dependencies in ROOT')
-  parser.add_option('-P', '--prefix',
-                    default=os.environ.get(
-                        'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type='string',
-                    action='callback', callback=_NormalizePath,
-                    help='Specify EPREFIX for binaries (for Gentoo Prefix)')
-  parser.add_option('--no-auto-root',
-                    dest='auto_root', action='store_false', default=True,
-                    help='Do not automatically prefix input ELFs with ROOT')
-  parser.add_option('-l', '--list',
-                    action='store_true', default=False,
-                    help='Display output in a simple list (easy for copying)')
-  parser.add_option('-x', '--debug',
-                    action='store_true', default=False,
-                    help='Run with debugging')
-  parser.add_option('-v', '--verbose',
-                    action='store_true', default=False,
-                    help='Be verbose')
-  parser.add_option('--skip-non-elfs',
-                    action='store_true', default=False,
-                    help='Skip plain (non-ELF) files instead of warning')
-  parser.add_option('-V', '--version',
-                    action='callback', callback=_ShowVersion,
-                    help='Show version information')
-
-  group = optparse.OptionGroup(parser, 'Copying options')
-  group.add_option('--copy-to-tree',
-                   dest='dest', default=None, type='string',
-                   action='callback', callback=_NormalizePath,
-                   help='Copy all files to the specified tree')
-  group.add_option('--bindir',
-                   default=None, type='string',
-                   action='callback', callback=_NormalizePath,
-                   help='Dir to store all ELFs specified on the command line')
-  group.add_option('--libdir',
-                   default=None, type='string',
-                   action='callback', callback=_NormalizePath,
-                   help='Dir to store all ELF libs')
-  group.add_option('--generate-wrappers',
-                   action='store_true', default=False,
-                   help='Wrap executable ELFs with scripts for local ldso')
-  group.add_option('--copy-non-elfs',
-                   action='store_true', default=False,
-                   help='Copy over plain (non-ELF) files instead of warn+ignore')
-  parser.add_option_group(group)
-
-  (options, paths) = parser.parse_args(argv)
+  parser = argparse.ArgumentParser(
+      description=__doc__,
+      formatter_class=argparse.RawDescriptionHelpFormatter)
+  parser.add_argument('-a', '--all',
+                      action='store_true', default=False,
+                      help='Show all duplicated dependencies')
+  parser.add_argument('-R', '--root',
+                      default=os.environ.get('ROOT', ''), type=str,
+                      action=_NormalizePathAction,
+                      help='Search for all files/dependencies in ROOT')
+  parser.add_argument('-P', '--prefix',
+                      default=os.environ.get(
+                          'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type=str,
+                      action=_NormalizePathAction,
+                      help='Specify EPREFIX for binaries (for Gentoo Prefix)')
+  parser.add_argument('--no-auto-root',
+                      dest='auto_root', action='store_false', default=True,
+                      help='Do not automatically prefix input ELFs with ROOT')
+  parser.add_argument('-l', '--list',
+                      action='store_true', default=False,
+                      help='Display output in a simple list (easy for copying)')
+  parser.add_argument('-x', '--debug',
+                      action='store_true', default=False,
+                      help='Run with debugging')
+  parser.add_argument('-v', '--verbose',
+                      action='store_true', default=False,
+                      help='Be verbose')
+  parser.add_argument('--skip-non-elfs',
+                      action='store_true', default=False,
+                      help='Skip plain (non-ELF) files instead of warning')
+  parser.add_argument('-V', '--version',
+                      action='version',
+                      version='lddtree by Mike Frysinger <vapier@gentoo.org>',
+                      help='Show version information')
+  parser.add_argument('path', nargs='+')
+
+  group = parser.add_argument_group('Copying options')
+  group.add_argument('--copy-to-tree',
+                     dest='dest', default=None, type=str,
+                     action=_NormalizePathAction,
+                     help='Copy all files to the specified tree')
+  group.add_argument('--bindir',
+                     default=None, type=str,
+                     action=_NormalizePathAction,
+                     help='Dir to store all ELFs specified on the command line')
+  group.add_argument('--libdir',
+                     default=None, type=str,
+                     action=_NormalizePathAction,
+                     help='Dir to store all ELF libs')
+  group.add_argument('--generate-wrappers',
+                     action='store_true', default=False,
+                     help='Wrap executable ELFs with scripts for local ldso')
+  group.add_argument('--copy-non-elfs',
+                     action='store_true', default=False,
+                     help='Copy over plain (non-ELF) files instead of warn+ignore')
+
+  options = parser.parse_args(argv)
+  paths = options.path
 
   if options.root != '/':
     options.root += '/'


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-07-13  9:14 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-07-13  9:14 UTC (permalink / raw
  To: gentoo-commits

commit:     9daf7217a29e8542ad80672a3b82ae1b8c497321
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 13 08:59:13 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jul 13 08:59:13 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9daf7217

scanelf: do not warn about invalid archive entries by default

It's not uncommon for embedded toolchains or random targets to create
their own spin on the archive format.  Rather than complain about all
of these by default, put it behind the -v flag.  It's not like people
can do anything about this normally anyways.

URL: https://bugs.gentoo.org/428464

 paxinc.c    | 12 ++++++++----
 paxinc.h    |  5 +++--
 scanelf.c   |  2 +-
 scanmacho.c |  2 +-
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/paxinc.c b/paxinc.c
index f2ce3c5..64a7f3b 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -17,7 +17,7 @@ char do_reverse_endian;
 
 #define AR_MAGIC "!<arch>"
 #define AR_MAGIC_SIZE (sizeof(AR_MAGIC)-1) /* dont count null byte */
-archive_handle *ar_open_fd(const char *filename, int fd)
+archive_handle *ar_open_fd(const char *filename, int fd, bool verbose)
 {
 	static archive_handle ret;
 	char buf[AR_MAGIC_SIZE];
@@ -26,6 +26,7 @@ archive_handle *ar_open_fd(const char *filename, int fd)
 	ret.fd = fd;
 	ret.skip = 0;
 	ret.extfn = NULL;
+	ret.verbose = verbose;
 
 	if (read(ret.fd, buf, AR_MAGIC_SIZE) != AR_MAGIC_SIZE)
 		return NULL;
@@ -34,7 +35,7 @@ archive_handle *ar_open_fd(const char *filename, int fd)
 
 	return &ret;
 }
-archive_handle *ar_open(const char *filename)
+archive_handle *ar_open(const char *filename, bool verbose)
 {
 	int fd;
 	archive_handle *ret;
@@ -42,7 +43,7 @@ archive_handle *ar_open(const char *filename)
 	if ((fd=open(filename, O_RDONLY)) == -1)
 		errp("%s: could not open", filename);
 
-	ret = ar_open_fd(filename, fd);
+	ret = ar_open_fd(filename, fd, verbose);
 	if (ret == NULL)
 		close(fd);
 
@@ -76,7 +77,10 @@ close_and_ret:
 	}
 
 	if ((ret.buf.formatted.magic[0] != '`') || (ret.buf.formatted.magic[1] != '\n')) {
-		warn("%s: invalid ar entry", ar->filename);
+		/* When dealing with corrupt or random embedded cross-compilers, they might
+		 * be abusing the archive format; only complain when in verbose mode. */
+		if (ar->verbose)
+			warn("%s: invalid ar entry", ar->filename);
 		goto close_and_ret;
 	}
 

diff --git a/paxinc.h b/paxinc.h
index 003877d..0a8e08a 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -37,6 +37,7 @@ typedef struct {
 	const char *filename;
 	size_t skip;
 	char *extfn;
+	bool verbose;
 } archive_handle;
 #else
 typedef void archive_handle;
@@ -63,8 +64,8 @@ typedef struct {
 	} buf;
 #endif
 } archive_member;
-archive_handle *ar_open_fd(const char *filename, int fd);
-archive_handle *ar_open(const char *filename);
+archive_handle *ar_open_fd(const char *filename, int fd, bool verbose);
+archive_handle *ar_open(const char *filename, bool verbose);
 archive_member *ar_next(archive_handle *);
 
 const char *strfileperms(const char *fname);

diff --git a/scanelf.c b/scanelf.c
index 7219f1c..82ab626 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1717,7 +1717,7 @@ static int scanelf_archive(const char *filename, int fd, size_t len)
 	char *ar_buffer;
 	elfobj *elf;
 
-	ar = ar_open_fd(filename, fd);
+	ar = ar_open_fd(filename, fd, be_verbose);
 	if (ar == NULL)
 		return 1;
 

diff --git a/scanmacho.c b/scanmacho.c
index a36aed4..f8c4d89 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -383,7 +383,7 @@ static int scanmacho_archive(const char *filename, int fd, size_t len)
 	fatobj *fobj;
 	fatobj *walk;
 
-	ar = ar_open_fd(filename, fd);
+	ar = ar_open_fd(filename, fd, be_verbose);
 	if (ar == NULL)
 		return 1;
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-18 14:38 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-18 14:38 UTC (permalink / raw
  To: gentoo-commits

commit:     ca9a45b96c1f73cb0c9f28095954fdcce0c87cd9
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 02:25:10 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 02:25:10 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ca9a45b9

use __typeof__ instead of typeof to build with stricter standards

 paxmacho.h | 2 +-
 porting.h  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/paxmacho.h b/paxmacho.h
index 41ab43a..48ac854 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -14,7 +14,7 @@
 
 #include "macho.h"
 
-#define MGET(swapped, value) (swapped ? (typeof(value))bswap_32(value) : value)
+#define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) : value)
 #define MOBJGET(obj, member) MGET((obj)->swapped, (obj)->member)
 
 typedef struct _fatobj {

diff --git a/porting.h b/porting.h
index 32d4171..5bbaa77 100644
--- a/porting.h
+++ b/porting.h
@@ -124,7 +124,7 @@
 #endif
 
 #define _minmax(x, y, op) \
-	({ typeof(x) __x = (x); typeof(y) __y = (y); (__x op __y ? __x : __y); })
+	({ __typeof__(x) __x = (x); __typeof__(y) __y = (y); (__x op __y ? __x : __y); })
 #if !defined(min)
 # define min(x, y) _minmax(x, y, <)
 #endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-18 14:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-18 14:39 UTC (permalink / raw
  To: gentoo-commits

commit:     cf374052a31b6d396eae288dce46df604a953209
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 18 14:38:42 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Aug 18 14:38:57 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cf374052

build: use pkg-config for libcap settings

 Makefile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 4e3da14..4b0f862 100644
--- a/Makefile
+++ b/Makefile
@@ -40,9 +40,13 @@ INS_DATA  := install -m644
 #CFLAGS   += -DEBUG -g
 #LDFLAGS  += -pie
 
+PKG_CONFIG ?= pkg-config
+
 ifeq ($(USE_CAP),yes)
-CPPFLAGS-pspax.c += -DWANT_SYSCAP
-LIBS-pspax       += -lcap
+LIBCAPS_CFLAGS := $(shell $(PKG_CONFIG) --cflags libcap)
+LIBCAPS_LIBS   := $(shell $(PKG_CONFIG) --libs libcap)
+CPPFLAGS-pspax.c += $(LIBCAPS_CFLAGS) -DWANT_SYSCAP
+LIBS-pspax       += $(LIBCAPS_LIBS)
 endif
 
 ifdef PV


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-18 15:35 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-18 15:35 UTC (permalink / raw
  To: gentoo-commits

commit:     51d892de53b850467de615774c2d26de007db649
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 18 15:09:28 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Aug 18 15:11:42 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=51d892de

debug: improve cleanup logic

Always set up the cleanup symbol and use it at C time rather than CPP.

We can delete the warning code since we clean those strings up now.

Add ASAN support so LSAN doesn't complain either.

Fix a bug in the leak checking when the -F flag is used -- normally we
don't allocate that string but set it to one of the argv constants.

 porting.h | 11 +++++++++--
 scanelf.c | 53 ++++++++++++++++++++++++++---------------------------
 2 files changed, 35 insertions(+), 29 deletions(-)

diff --git a/porting.h b/porting.h
index 5bbaa77..1f989d2 100644
--- a/porting.h
+++ b/porting.h
@@ -16,7 +16,6 @@
 #endif
 
 #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(*arr))
-#undef __PAX_UTILS_CLEANUP
 
 #include <assert.h>
 #include <ctype.h>
@@ -66,12 +65,20 @@
 # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG ""
 #endif
 
+#undef PAX_UTILS_CLEANUP
 /* bounds checking code will fart on free(NULL) even though that
  * is valid usage.  So let's wrap it if need be.
  */
 #ifdef __BOUNDS_CHECKING_ON
 # define free(ptr) do { if (ptr) free(ptr); } while (0)
-# define __PAX_UTILS_CLEANUP
+# define PAX_UTILS_CLEANUP 1
+#endif
+/* LSAN (Leak Sanitizer) will complain about things we leak. */
+#ifdef __SANITIZE_ADDRESS__
+# define PAX_UTILS_CLEANUP 1
+#endif
+#ifndef PAX_UTILS_CLEANUP
+# define PAX_UTILS_CLEANUP 0
 #endif
 
 /* Few arches can safely do unaligned accesses */

diff --git a/scanelf.c b/scanelf.c
index 82ab626..8232ccd 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -2264,7 +2264,10 @@ static int parseargs(int argc, char *argv[])
 			break;
 		case 'F': {
 			if (out_format) warn("You prob don't want to specify -F twice");
-			out_format = optarg;
+			if (PAX_UTILS_CLEANUP)
+				out_format = xstrdup(optarg);
+			else
+				out_format = optarg;
 			break;
 		}
 		case 'z': {
@@ -2478,26 +2481,26 @@ static int parseargs(int argc, char *argv[])
 		ret = scanelf_dir(search_path);
 	}
 
-#ifdef __PAX_UTILS_CLEANUP
-	/* clean up */
-	xarrayfree(ldpaths);
-	xarrayfree(find_sym_arr);
-	xarrayfree(find_lib_arr);
-	xarrayfree(find_section_arr);
-	free(find_sym);
-	free(find_lib);
-	free(find_section);
-	{
-		size_t n;
-		regex_t *preg;
-		array_for_each(find_sym_regex_arr, n, preg)
-			regfree(preg);
-		xarrayfree(find_sym_regex_arr);
-	}
+	if (PAX_UTILS_CLEANUP) {
+		/* clean up */
+		xarrayfree(ldpaths);
+		xarrayfree(find_sym_arr);
+		xarrayfree(find_lib_arr);
+		xarrayfree(find_section_arr);
+		free(find_sym);
+		free(find_lib);
+		free(find_section);
+		{
+			size_t n;
+			regex_t *preg;
+			array_for_each(find_sym_regex_arr, n, preg)
+				regfree(preg);
+			xarrayfree(find_sym_regex_arr);
+		}
 
-	if (ldcache != 0)
-		munmap(ldcache, ldcache_size);
-#endif
+		if (ldcache != 0)
+			munmap(ldcache, ldcache_size);
+	}
 
 	return ret;
 }
@@ -2544,15 +2547,16 @@ static void parseenv(void)
 	qa_wx_load = get_split_env("QA_WX_LOAD");
 }
 
-#ifdef __PAX_UTILS_CLEANUP
 static void cleanup(void)
 {
+	if (!PAX_UTILS_CLEANUP)
+		return;
+
 	free(out_format);
 	free(qa_textrels);
 	free(qa_execstack);
 	free(qa_wx_load);
 }
-#endif
 
 int main(int argc, char *argv[])
 {
@@ -2562,12 +2566,7 @@ int main(int argc, char *argv[])
 	parseenv();
 	ret = parseargs(argc, argv);
 	fclose(stdout);
-#ifdef __PAX_UTILS_CLEANUP
 	cleanup();
-	warn("The calls to add/delete heap should be off:\n"
-	     "\t- 1 due to the out_buffer not being freed in scanelf_fileat()\n"
-	     "\t- 1 per QA_TEXTRELS/QA_EXECSTACK/QA_WX_LOAD");
-#endif
 	return ret;
 }
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-18 15:35 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-18 15:35 UTC (permalink / raw
  To: gentoo-commits

commit:     0afc2ccf29578316d9d2d434b7b0690ee01c33f1
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 18 15:26:58 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Aug 18 15:28:40 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0afc2ccf

scanelf: fix memory leak with the -s option

Most of the scan functions return constant strings, but the symbol lookup
returns an allocated string since it can have arbitrary entries (multiple
symbol matches), so make sure we free it.

 scanelf.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 8232ccd..2591e92 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1411,7 +1411,7 @@ scanelf_match_symname(elfobj *elf, char *found_sym, char **ret, size_t *ret_len,
 	*found_sym = 1;
 }
 
-static const char *scanelf_file_sym(elfobj *elf, char *found_sym)
+static char *scanelf_file_sym(elfobj *elf, char *found_sym)
 {
 	char *ret;
 	void *symtab_void, *strtab_void;
@@ -1458,17 +1458,23 @@ static const char *scanelf_file_sym(elfobj *elf, char *found_sym)
 		FIND_SYM(64)
 	}
 
-	if (be_wewy_wewy_quiet) return NULL;
+	if (be_wewy_wewy_quiet) {
+		free(ret);
+		return NULL;
+	}
 
 	if (*find_sym != '*' && *found_sym)
 		return ret;
+	else
+		free(ret);
 	if (be_quiet)
 		return NULL;
 	else
-		return " - ";
+		return xstrdup(" - ");
 
  break_out:
 	warnf("%s: corrupt ELF symbols", elf->filename);
+	free(ret);
 	return NULL;
 }
 
@@ -1583,6 +1589,7 @@ static int scanelf_elfobj(elfobj *elf)
 
 	/* dump all the good stuff */
 	for (i = 0; out_format[i]; ++i) {
+		char *allocated;
 		const char *out;
 		const char *tmp;
 		static char ubuf[sizeof(unsigned long)*2];
@@ -1591,7 +1598,7 @@ static int scanelf_elfobj(elfobj *elf)
 			continue;
 		}
 
-		out = NULL;
+		out = allocated = NULL;
 		be_wewy_wewy_quiet = (out_format[i] == '#');
 		be_semi_verbose = (out_format[i] == '+');
 		switch (out_format[++i]) {
@@ -1639,7 +1646,7 @@ static int scanelf_elfobj(elfobj *elf)
 		case 'i': out = scanelf_file_interp(elf, &found_interp); break;
 		case 'b': out = scanelf_file_bind(elf, &found_bind); break;
 		case 'S': out = scanelf_file_soname(elf, &found_soname); break;
-		case 's': out = scanelf_file_sym(elf, &found_sym); break;
+		case 's': out = allocated = scanelf_file_sym(elf, &found_sym); break;
 		case 'k': out = scanelf_file_sections(elf, &found_section); break;
 		case 'a': out = get_elfemtype(elf); break;
 		case 'I': out = get_elfosabi(elf); break;
@@ -1647,8 +1654,10 @@ static int scanelf_elfobj(elfobj *elf)
 		case 'Z': snprintf(ubuf, sizeof(ubuf), "%lu", (unsigned long)elf->len); out = ubuf; break;;
 		default: warnf("'%c' has no scan code?", out_format[i]);
 		}
-		if (out)
+		if (out) {
 			xstrcat(&out_buffer, out, &out_len);
+			free(allocated);
+		}
 	}
 
 #define FOUND_SOMETHING() \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-18 15:56 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-18 15:56 UTC (permalink / raw
  To: gentoo-commits

commit:     ce30b2e7fe993585f950ae9c1d2f230e6ad52724
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 18 15:40:50 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Aug 18 15:40:50 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ce30b2e7

build: use pkg-config for libcap settings

 configure.ac | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index c5fbc0f..c3591ff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -11,14 +11,16 @@ AM_PROG_CC_C_O
 AM_PROG_AR
 AC_USE_SYSTEM_EXTENSIONS
 LT_INIT
+PKG_PROG_PKG_CONFIG
 
 gl_EARLY
 gl_INIT
 
 AC_ARG_WITH([caps], [AS_HELP_STRING([--with-caps], [build with capabilities])])
 AS_IF([test "x$with_caps" = "xyes"], [
-	CPPFLAGS="$CPPFLAGS -DWANT_SYSCAP"
-	LIBS="$LIBS -lcap"
+	PKG_CHECK_MODULES(LIBCAP, libcap)
+	CPPFLAGS="$CPPFLAGS $LIBCAP_CFLAGS -DWANT_SYSCAP"
+	LIBS="$LIBS $LIBCAP_LIBS"
 ])
 
 AC_ARG_WITH([python], [AS_HELP_STRING([--with-python], [use lddtree.py])])


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-20 13:32 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-20 13:32 UTC (permalink / raw
  To: gentoo-commits

commit:     0fccfd92e7de1c339cfa11d40f3c51969424a4c3
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 20 11:40:10 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 11:40:49 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0fccfd92

avoid using \n with warn macros

These already append a newline for us, so don't want two of them.

 paxelf.c    | 2 +-
 scanelf.c   | 2 +-
 scanmacho.c | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index 2bafda4..b0ba144 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -697,7 +697,7 @@ char *pax_short_pf_flags(unsigned long flags)
 	    ((flags & PF_RANDEXEC) && (flags & PF_NORANDEXEC)) || \
 	    ((flags & PF_EMUTRAMP) && (flags & PF_NOEMUTRAMP)) || \
 	    ((flags & PF_RANDMMAP) && (flags & PF_NORANDMMAP)))
-		warn("inconsistent state detected.  flags=%lX\n", flags);
+		warn("inconsistent state detected.  flags=%lX", flags);
 
 	return buffer;
 }

diff --git a/scanelf.c b/scanelf.c
index 2591e92..99192b2 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1842,7 +1842,7 @@ static int scanelf_dirat(int dir_fd, const char *path)
 
 		len = strlen(dentry->d_name);
 		if (len + pathlen + 1 >= sizeof(buf)) {
-			warnf("Skipping '%s%s': len > sizeof(buf); %zu > %zu\n",
+			warnf("Skipping '%s%s': len > sizeof(buf); %zu > %zu",
 			      path, dentry->d_name, len + pathlen + 1, sizeof(buf));
 			continue;
 		}

diff --git a/scanmacho.c b/scanmacho.c
index f8c4d89..ee713f9 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -472,8 +472,8 @@ static int scanmacho_dir(const char *path)
 			continue;
 		len = (pathlen + 1 + strlen(dentry->d_name) + 1);
 		if (len >= sizeof(buf)) {
-			warnf("Skipping '%s': len > sizeof(buf); %lu > %lu\n", path,
-			      (unsigned long)len, (unsigned long)sizeof(buf));
+			warnf("Skipping '%s': len > sizeof(buf); %zu > %zu",
+			      path, len, sizeof(buf));
 			continue;
 		}
 		snprintf(buf, sizeof(buf), "%s%s%s", path, (path[pathlen-1] == '/') ? "" : "/", dentry->d_name);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-20 14:33 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-20 14:33 UTC (permalink / raw
  To: gentoo-commits

commit:     ef15f6016726ad3e06db747f188bd9db9d5ffb71
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 20 14:29:39 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 14:29:39 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ef15f601

lddtree.sh: fix interp handling when doing a full listing

On Debian multiarch systems, the ldso path is symlinked to a different
search path (and the main path isn't searched at all).  When listing the
deps of an ELF which links against the ldso, we end up showing the ldso
being loaded by two different paths:

$ ./lddtree.sh -a /bin/bash
bash => /bin/bash (interpreter => /lib64/ld-linux-x86-64.so.2)
    libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
            ld-linux-x86-64.so.2 => /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
...

Fix the output to show that ld-linux-x86-64.so.2 was located at the same
path as the original interpreter as that better matches the runtime ldso
behavior.

$ ./lddtree.sh -a /bin/bash
bash => /bin/bash (interpreter => /lib64/ld-linux-x86-64.so.2)
    libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
            ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2

Reported-by: Tomasz Buchert <tomasz <AT> debian.org>

 lddtree.sh | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/lddtree.sh b/lddtree.sh
index 07be7ab..8e6501f 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -126,7 +126,7 @@ find_elf() {
 show_elf() {
 	local elf=$1 indent=$2 parent_elfs=$3
 	local rlib lib libs
-	local interp resolved
+	local resolved
 	find_elf "${elf}"
 	resolved=${_find_elf}
 	elf=${elf##*/}
@@ -143,6 +143,8 @@ show_elf() {
 		printf "${resolved:-not found}"
 	fi
 	if [[ ${indent} -eq 0 ]] ; then
+		local elf_specs interp full_interp
+
 		elf_specs=$(elf_specs "${resolved}")
 		interp=$(scanelf -qF '#F%i' "${resolved}")
 		[[ -n ${interp} ]] && interp="${ROOT}${interp#/}"
@@ -159,6 +161,7 @@ show_elf() {
 				sed -nr -e "/^\/.*lib/{s|^/?|${ROOT}|;s|/$||;s|/?:/?|\n${ROOT}|g;p}"
 			)
 		fi
+		full_interp=${interp}
 		interp=${interp##*/}
 		# If we are in non-list mode, then we want to show the "duplicate" interp
 		# lines -- first the header (interp=>xxx), and then the DT_NEEDED line to
@@ -183,8 +186,19 @@ show_elf() {
 		# No need for leading comma w/my_allhits as we guarantee it always
 		# starts with one due to the way we append the value above.
 		[[ ${my_allhits}, == *,${lib},* ]] && continue
-		find_elf "${lib}" "${resolved}"
-		rlib=${_find_elf}
+		# If the interp is being linked against directly, re-use the existing
+		# full path rather than perform a search for it.  When systems symlink
+		# the interp to a diff location, we might locate a different path, and
+		# displaying both doesn't make sense as it doesn't match the runtime --
+		# the ldso won't load another copy of ldso into memory from the search
+		# path, it'll re-use the existing copy that was loaded from the full
+		# hardcoded path.
+		if [[ ${lib} == "${interp}" ]] ; then
+			rlib=${full_interp}
+		else
+			find_elf "${lib}" "${resolved}"
+			rlib=${_find_elf}
+		fi
 		show_elf "${rlib:-${lib}}" $((indent + 4)) "${parent_elfs}"
 	done
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-20 14:33 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-20 14:33 UTC (permalink / raw
  To: gentoo-commits

commit:     5e8a1d49de38f60c3ffd8a9122636b463ec9e438
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 20 14:18:16 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 14:18:16 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5e8a1d49

lddtree.py: fix glob handling w/ld.so.conf

glibc's glob handling of ld.so.conf includes ends up sorting the results
(since the glob func sorts by default), but python does not.  We need to
sort things explicitly ourselves.

Reported-by: Tomasz Buchert <tomasz <AT> debian.org>

 lddtree.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 9330295..100f475 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -233,7 +233,11 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
           else:
             line = os.path.dirname(ldso_conf) + '/' + line
           dbg(debug, '%s  glob: %s' % (dbg_pfx, line))
-          for path in glob.glob(line):
+          # ldconfig in glibc uses glob() which returns entries sorted according
+          # to LC_COLLATE.  Further, ldconfig does not reset that but respects
+          # the active env settings (which might be a mistake).  Python does not
+          # sort its results by default though, so do it ourselves.
+          for path in sorted(glob.glob(line)):
             paths += ParseLdSoConf(path, root=root, debug=debug, _first=False)
         else:
           paths += [normpath(root + line)]


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-20 14:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-20 14:39 UTC (permalink / raw
  To: gentoo-commits

commit:     a743806ea4868371cf182f783fdcfbf1b1f98202
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 02:58:37 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 14:38:35 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a743806e

security: leverage namespaces to restrict the runtime a bit

In practice this isn't terribly useful as people aren't attacking these
tools, but might as well be paranoid.

It'd be nice to use mount & net namespaces too, but they're way too slow.

 Makefile    |  2 +-
 Makefile.am |  3 +++
 dumpelf.c   |  1 +
 paxinc.h    |  1 +
 porting.h   |  1 +
 pspax.c     |  4 +++
 scanelf.c   |  5 ++++
 scanmacho.c |  1 +
 security.c  | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 security.h  | 29 ++++++++++++++++++++
 10 files changed, 135 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index ba3b6a2..ac5e9cc 100644
--- a/Makefile
+++ b/Makefile
@@ -61,7 +61,7 @@ ELF_TARGETS  = scanelf dumpelf $(shell echo | $(CC) -dM -E - | grep -q __svr4__
 ELF_OBJS     = paxelf.o
 MACH_TARGETS = scanmacho
 MACH_OBJS    = paxmacho.o
-COMMON_OBJS  = paxinc.o xfuncs.o
+COMMON_OBJS  = paxinc.o security.o xfuncs.o
 TARGETS      = $(ELF_TARGETS) $(MACH_TARGETS)
 SCRIPTS_SH   = lddtree symtree
 SCRIPTS_PY   = lddtree

diff --git a/Makefile.am b/Makefile.am
index 5db3f75..e42dce4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -12,6 +12,7 @@ libpaxutils_la_SOURCES = \
 	paxelf.c \
 	paxinc.c \
 	paxmacho.c \
+	security.c \
 	xfuncs.c
 LDADD = libpaxutils.la $(top_builddir)/autotools/gnulib/libgnu.a
 
@@ -84,6 +85,8 @@ EXTRA_DIST += \
 	pspax.c \
 	scanelf.c \
 	scanmacho.c \
+	security.c \
+	security.h \
 	symtree.sh \
 	tests/Makefile \
 	tests/lddtree/Makefile \

diff --git a/dumpelf.c b/dumpelf.c
index 3035b24..e9b1771 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -384,6 +384,7 @@ static void parseargs(int argc, char *argv[])
 
 int main(int argc, char *argv[])
 {
+	security_init(false);
 	if (argc < 2)
 		usage(EXIT_FAILURE);
 	parseargs(argc, argv);

diff --git a/paxinc.h b/paxinc.h
index 0a8e08a..a8d6d9b 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -13,6 +13,7 @@
 
 #include "porting.h"
 #include "xfuncs.h"
+#include "security.h"
 
 #ifndef VERSION
 # define VERSION "git"

diff --git a/porting.h b/porting.h
index 1f989d2..9dea528 100644
--- a/porting.h
+++ b/porting.h
@@ -29,6 +29,7 @@
 #include <limits.h>
 #include <pwd.h>
 #include <regex.h>
+#include <sched.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>

diff --git a/pspax.c b/pspax.c
index e27b7eb..c64472c 100644
--- a/pspax.c
+++ b/pspax.c
@@ -535,6 +535,10 @@ int main(int argc, char *argv[])
 {
 	char *name = NULL;
 
+	/* We unshare pidns but don't actually enter it.  That means
+	 * we still get to scan /proc, but just not fork children.  */
+	security_init(false);
+
 	color_init(false);
 	parseargs(argc, argv);
 

diff --git a/scanelf.c b/scanelf.c
index 99192b2..7e3b077 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -2472,6 +2472,10 @@ static int parseargs(int argc, char *argv[])
 	}
 	if (be_verbose > 2) printf("Format: %s\n", out_format);
 
+	/* Now lock down the pidns since we know whether we'll be forking. */
+	if (!show_textrels || !be_verbose)
+		security_init_pid();
+
 	/* now lets actually do the scanning */
 	if (load_cache_config)
 		load_ld_cache_config(__PAX_UTILS_DEFAULT_LD_CACHE_CONFIG);
@@ -2570,6 +2574,7 @@ static void cleanup(void)
 int main(int argc, char *argv[])
 {
 	int ret;
+	security_init(true);
 	if (argc < 2)
 		usage(EXIT_FAILURE);
 	parseenv();

diff --git a/scanmacho.c b/scanmacho.c
index ee713f9..5a0afd5 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -764,6 +764,7 @@ static int parseargs(int argc, char *argv[])
 int main(int argc, char *argv[])
 {
 	int ret;
+	security_init(false);
 	if (argc < 2)
 		usage(EXIT_FAILURE);
 	color_init(false);

diff --git a/security.c b/security.c
new file mode 100644
index 0000000..9b48a9a
--- /dev/null
+++ b/security.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2015 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+#include "paxinc.h"
+
+#ifdef __linux__
+
+#ifdef __SANITIZE_ADDRESS__
+/* ASAN does some weird stuff. */
+# define ALLOW_PIDNS 0
+#else
+# define ALLOW_PIDNS 1
+#endif
+
+static int ns_unshare(int flags)
+{
+	int flag, ret = 0;
+
+	/* Try to oneshot it.  Maybe we'll get lucky! */
+	if (unshare(flags) == 0)
+		return flags;
+	/* No access at all, so don't waste time below. */
+	else if (errno == EPERM)
+		return ret;
+
+	/*
+	 * We have to run these one permission at a time because if any are
+	 * not supported (too old a kernel, or it's disabled), then all of
+	 * them will be rejected and we won't know which one is a problem.
+	 */
+
+	/* First the ones that work against the current process.  */
+	flag = 1;
+	while (flags) {
+		if (flags & flag) {
+			if (unshare(flag) == 0)
+				ret |= flag;
+			flags &= ~flag;
+		}
+		flag <<= 1;
+	}
+
+	return ret;
+}
+
+void security_init_pid(void)
+{
+	int flags;
+
+	if (!ALLOW_PIDNS)
+		return;
+
+	flags = ns_unshare(CLONE_NEWPID);
+	if (USE_SLOW_SECURITY) {
+		if (flags & CLONE_NEWPID)
+			if (vfork() == 0)
+				_exit(0);
+	}
+}
+
+void security_init(bool allow_forking)
+{
+	int flags;
+
+	if (!ALLOW_PIDNS)
+		allow_forking = true;
+
+	/* None of the pax tools need access to these features. */
+	flags = CLONE_NEWIPC | CLONE_NEWUTS;
+	/* Would be nice to leverage mount/net ns, but they're just way too slow. */
+	if (USE_SLOW_SECURITY)
+		flags |= CLONE_NEWNET | CLONE_NEWNS;
+	if (!allow_forking)
+		flags |= CLONE_NEWPID;
+	flags = ns_unshare(flags);
+
+	if (USE_SLOW_SECURITY) {
+		/* We spawn one child and kill it so the kernel will fail in the future. */
+		if (flags & CLONE_NEWPID)
+			if (vfork() == 0)
+				_exit(0);
+	}
+}
+
+#endif

diff --git a/security.h b/security.h
new file mode 100644
index 0000000..c93ec3e
--- /dev/null
+++ b/security.h
@@ -0,0 +1,29 @@
+/* Various security related features.
+ *
+ * Copyright 2015 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+#ifndef _PAX_SECURITY_H
+#define _PAX_SECURITY_H
+
+/* Whether to enable features that significantly impact speed. */
+#ifdef SLOW_SECURITY
+# define USE_SLOW_SECURITY 1
+#else
+# define USE_SLOW_SECURITY 0
+#endif
+
+#ifdef __linux__
+/* Lock down the runtime; allow_forking controls whether to use a pidns. */
+void security_init(bool allow_forking);
+/* Disable forking; usable only when allow_forking above was true. */
+void security_init_pid(void);
+#else
+static inline void security_init(bool allow_forking) {}
+static inline void security_init_pid(void) {}
+#endif
+
+#endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-20 14:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-20 14:39 UTC (permalink / raw
  To: gentoo-commits

commit:     d6fcdb53ed7341f25db859516fa0383fca95eb1d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 18 14:50:45 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 14:38:40 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d6fcdb53

security: use seccomp to lock ourselves down

This has a minor speed hit (a few milliseconds), but otherwise provides
a decent balance.

 Makefile     |   7 +++
 configure.ac |   7 +++
 security.c   | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 161 insertions(+)

diff --git a/Makefile b/Makefile
index ac5e9cc..3abfee7 100644
--- a/Makefile
+++ b/Makefile
@@ -49,6 +49,13 @@ CPPFLAGS-pspax.c += $(LIBCAPS_CFLAGS) -DWANT_SYSCAP
 LIBS-pspax       += $(LIBCAPS_LIBS)
 endif
 
+ifeq ($(USE_SECCOMP),yes)
+LIBSECCOMP_CFLAGS := $(shell $(PKG_CONFIG) --cflags libseccomp)
+LIBSECCOMP_LIBS   := $(shell $(PKG_CONFIG) --libs libseccomp)
+override CPPFLAGS += $(LIBSECCOMP_CFLAGS) -DWANT_SECCOMP
+LIBS              += $(LIBSECCOMP_LIBS)
+endif
+
 ifdef PV
 override CPPFLAGS  += -DVERSION=\"$(PV)\"
 else

diff --git a/configure.ac b/configure.ac
index c3591ff..327d9b8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,6 +26,13 @@ AS_IF([test "x$with_caps" = "xyes"], [
 AC_ARG_WITH([python], [AS_HELP_STRING([--with-python], [use lddtree.py])])
 AM_CONDITIONAL([USE_PYTHON], [test "x$with_python" = "xyes"])
 
+AC_ARG_WITH([seccomp], [AS_HELP_STRING([--with-seccomp], [build with seccomp])])
+AS_IF([test "x$with_seccomp" = "xyes"], [
+	PKG_CHECK_MODULES(LIBSECCOMP, libseccomp)
+	CPPFLAGS="$CPPFLAGS $LIBSECCOMP_CFLAGS -DWANT_SECCOMP"
+	LIBS="$LIBS $LIBSECCOMP_LIBS"
+])
+
 AX_CFLAGS_WARN_ALL
 AC_DEFUN([PT_CHECK_CFLAG],[AX_CHECK_COMPILER_FLAGS([$1],[CFLAGS="$CFLAGS $1"])])
 m4_foreach_w([flag], [

diff --git a/security.c b/security.c
index 3012212..333524a 100644
--- a/security.c
+++ b/security.c
@@ -16,6 +16,151 @@
 # define ALLOW_PIDNS 1
 #endif
 
+#ifdef WANT_SECCOMP
+# include <seccomp.h>
+
+/* Simple helper to add all of the syscalls in an array. */
+static int pax_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num)
+{
+	static uint8_t prio;
+	size_t i;
+	for (i = 0; i < num; ++i) {
+		if (syscalls[i] < 0)
+			continue;
+
+		if (seccomp_syscall_priority(ctx, syscalls[i], prio++) < 0) {
+			warnp("seccomp_syscall_priority failed");
+			return -1;
+		}
+		if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) < 0) {
+			warnp("seccomp_rule_add failed");
+			return -1;
+		}
+	}
+	return 0;
+}
+#define pax_seccomp_rules_add(ctx, syscalls) pax_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
+
+static void pax_seccomp_init(bool allow_forking)
+{
+	/* Order determines priority (first == lowest prio).  */
+	int base_syscalls[] = {
+		/* We write the most w/scanelf.  */
+		SCMP_SYS(write),
+
+		/* Then the stat family of functions.  */
+		SCMP_SYS(newfstatat),
+#ifdef __NR_fstat
+		SCMP_SYS(fstat),
+#endif
+		SCMP_SYS(fstat64),
+#ifdef __NR_fstatat
+		SCMP_SYS(fstatat),
+#endif
+		SCMP_SYS(fstatat64),
+		SCMP_SYS(lstat),
+		SCMP_SYS(lstat64),
+		SCMP_SYS(stat),
+		SCMP_SYS(stat64),
+
+		/* Then the fd close func.  */
+		SCMP_SYS(close),
+
+		/* Then fd open family of functions.  */
+		SCMP_SYS(open),
+#ifdef __NR_openat
+		SCMP_SYS(openat),
+#endif
+
+		/* Then the memory mapping functions.  */
+		SCMP_SYS(mmap),
+		SCMP_SYS(mmap2),
+		SCMP_SYS(munmap),
+
+		/* Then the directory reading functions.  */
+		SCMP_SYS(getdents),
+#ifdef __NR_getdents64
+		SCMP_SYS(getdents64),
+#endif
+
+		/* Then the file reading functions.  */
+#ifdef __NR_pread
+		SCMP_SYS(pread),
+#endif
+#ifdef __NR_pread64
+		SCMP_SYS(pread64),
+#endif
+		SCMP_SYS(read),
+
+		/* Then the fd manipulation functions.  */
+#ifdef __NR_fcntl
+		SCMP_SYS(fcntl),
+#endif
+		SCMP_SYS(fcntl64),
+
+		/* After this point, just sort the list alphabetically.  */
+		SCMP_SYS(access),
+		SCMP_SYS(brk),
+		SCMP_SYS(capget),
+		SCMP_SYS(chdir),
+		SCMP_SYS(exit),
+		SCMP_SYS(exit_group),
+		SCMP_SYS(faccessat),
+		SCMP_SYS(fchdir),
+		SCMP_SYS(getpid),
+		SCMP_SYS(gettid),
+		SCMP_SYS(ioctl),
+#ifdef __NR_lseek
+		SCMP_SYS(lseek),
+#endif
+		SCMP_SYS(_llseek),
+		SCMP_SYS(mprotect),
+
+		/* Syscalls listed because of sandbox.  */
+		SCMP_SYS(readlink),
+	};
+	int fork_syscalls[] = {
+		SCMP_SYS(clone),
+		SCMP_SYS(execve),
+		SCMP_SYS(fork),
+		SCMP_SYS(rt_sigaction),
+		SCMP_SYS(rt_sigprocmask),
+		SCMP_SYS(unshare),
+		SCMP_SYS(vfork),
+		SCMP_SYS(wait4),
+		SCMP_SYS(waitid),
+		SCMP_SYS(waitpid),
+	};
+	scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);
+	if (!ctx) {
+		warnp("seccomp_init failed");
+		return;
+	}
+
+	if (pax_seccomp_rules_add(ctx, base_syscalls) < 0)
+		goto done;
+
+	if (allow_forking)
+		if (pax_seccomp_rules_add(ctx, fork_syscalls) < 0)
+			goto done;
+
+	/* We already called prctl. */
+	seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
+
+#ifndef __SANITIZE_ADDRESS__
+	/* ASAN does some weird stuff. */
+	if (seccomp_load(ctx) < 0)
+		warnp("seccomp_load failed");
+#endif
+
+ done:
+	seccomp_release(ctx);
+}
+
+#else
+# define pax_seccomp_init(allow_forking)
+#endif
+
 static int ns_unshare(int flags)
 {
 	int flag, ret = 0;
@@ -93,6 +238,8 @@ void security_init(bool allow_forking)
 			if (vfork() == 0)
 				_exit(0);
 	}
+
+	pax_seccomp_init(allow_forking);
 }
 
 #endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-20 14:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-20 14:39 UTC (permalink / raw
  To: gentoo-commits

commit:     bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 17 22:18:39 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 14:38:38 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bdf41eb2

security: lock down privs a bit via prctl

Should prevent accidentally running set*id programs less of a problem.

 porting.h  | 4 ++++
 security.c | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/porting.h b/porting.h
index 9dea528..c93f0f8 100644
--- a/porting.h
+++ b/porting.h
@@ -42,6 +42,10 @@
 #if !defined(__FreeBSD__) && !defined(__OpenBSD__)
 # include <alloca.h>
 #endif
+#if defined(__linux__)
+# include <sys/prctl.h>
+# include <linux/securebits.h>
+#endif
 #if defined(__GLIBC__) || defined(__UCLIBC__)
 # include <byteswap.h>
 # include <endian.h>

diff --git a/security.c b/security.c
index 9b48a9a..3012212 100644
--- a/security.c
+++ b/security.c
@@ -69,6 +69,15 @@ void security_init(bool allow_forking)
 	if (!ALLOW_PIDNS)
 		allow_forking = true;
 
+	/* Drop all possible caps for us and our children.  */
+	prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	prctl(PR_SET_SECUREBITS,
+		SECBIT_KEEP_CAPS_LOCKED |
+		SECBIT_NO_SETUID_FIXUP |
+		SECBIT_NO_SETUID_FIXUP_LOCKED |
+		SECBIT_NOROOT |
+		SECBIT_NOROOT_LOCKED, 0, 0, 0);
+
 	/* None of the pax tools need access to these features. */
 	flags = CLONE_NEWIPC | CLONE_NEWUTS;
 	/* Would be nice to leverage mount/net ns, but they're just way too slow. */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-24 21:22 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-24 21:22 UTC (permalink / raw
  To: gentoo-commits

commit:     6e0e8409258389b39a7e33484d39adf5b0543694
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 24 20:32:29 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Aug 24 20:32:29 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6e0e8409

security: clean up syscall ifdefs

We don't need to check for ifdefs on syscalls as libseccomp handles stubs
for us.  They make sure the SCMP_SYS macros are a superset across all of
the supported architectures.

 security.c | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/security.c b/security.c
index 333524a..ccecb90 100644
--- a/security.c
+++ b/security.c
@@ -50,13 +50,8 @@ static void pax_seccomp_init(bool allow_forking)
 
 		/* Then the stat family of functions.  */
 		SCMP_SYS(newfstatat),
-#ifdef __NR_fstat
 		SCMP_SYS(fstat),
-#endif
 		SCMP_SYS(fstat64),
-#ifdef __NR_fstatat
-		SCMP_SYS(fstatat),
-#endif
 		SCMP_SYS(fstatat64),
 		SCMP_SYS(lstat),
 		SCMP_SYS(lstat64),
@@ -68,9 +63,7 @@ static void pax_seccomp_init(bool allow_forking)
 
 		/* Then fd open family of functions.  */
 		SCMP_SYS(open),
-#ifdef __NR_openat
 		SCMP_SYS(openat),
-#endif
 
 		/* Then the memory mapping functions.  */
 		SCMP_SYS(mmap),
@@ -79,23 +72,14 @@ static void pax_seccomp_init(bool allow_forking)
 
 		/* Then the directory reading functions.  */
 		SCMP_SYS(getdents),
-#ifdef __NR_getdents64
 		SCMP_SYS(getdents64),
-#endif
 
 		/* Then the file reading functions.  */
-#ifdef __NR_pread
-		SCMP_SYS(pread),
-#endif
-#ifdef __NR_pread64
 		SCMP_SYS(pread64),
-#endif
 		SCMP_SYS(read),
 
 		/* Then the fd manipulation functions.  */
-#ifdef __NR_fcntl
 		SCMP_SYS(fcntl),
-#endif
 		SCMP_SYS(fcntl64),
 
 		/* After this point, just sort the list alphabetically.  */
@@ -110,9 +94,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(getpid),
 		SCMP_SYS(gettid),
 		SCMP_SYS(ioctl),
-#ifdef __NR_lseek
 		SCMP_SYS(lseek),
-#endif
 		SCMP_SYS(_llseek),
 		SCMP_SYS(mprotect),
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-24 21:22 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-24 21:22 UTC (permalink / raw
  To: gentoo-commits

commit:     bcb6683c56d9646e12881a6b59bc740e6004e663
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 24 21:20:21 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Aug 24 21:20:59 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bcb6683c

security: add a debug handler for seccomp

If a bad syscall is hit, it can be hard to track down.  Add a debug mode
that people can enable to get useful error messages showing the failure.

URL: https://bugs.gentoo.org/558482

 porting.h  |  3 +++
 security.c | 27 ++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/porting.h b/porting.h
index c93f0f8..1107b4e 100644
--- a/porting.h
+++ b/porting.h
@@ -30,6 +30,7 @@
 #include <pwd.h>
 #include <regex.h>
 #include <sched.h>
+#include <signal.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -217,4 +218,6 @@
 # define O_CLOEXEC 0
 #endif
 
+#define __unused__ __attribute__((__unused__))
+
 #endif /* _PORTING_H */

diff --git a/security.c b/security.c
index ccecb90..a62c798 100644
--- a/security.c
+++ b/security.c
@@ -41,6 +41,28 @@ static int pax_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num
 }
 #define pax_seccomp_rules_add(ctx, syscalls) pax_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
 
+static void
+pax_seccomp_sigal(__unused__ int signo, siginfo_t *info, __unused__ void *context)
+{
+	warn("seccomp violated: syscall %i", info->si_syscall);
+	fflush(stderr);
+#ifdef si_syscall
+	warn("  syscall = %s",
+		seccomp_syscall_resolve_num_arch(seccomp_arch_native(), info->si_syscall));
+#endif
+	kill(getpid(), SIGSYS);
+	_exit(1);
+}
+
+static void pax_seccomp_signal_init(void)
+{
+	struct sigaction act;
+	sigemptyset(&act.sa_mask);
+	act.sa_sigaction = pax_seccomp_sigal,
+	act.sa_flags = SA_SIGINFO | SA_RESETHAND;
+	sigaction(SIGSYS, &act, NULL);
+}
+
 static void pax_seccomp_init(bool allow_forking)
 {
 	/* Order determines priority (first == lowest prio).  */
@@ -113,7 +135,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(waitid),
 		SCMP_SYS(waitpid),
 	};
-	scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);
+	scmp_filter_ctx ctx = seccomp_init(USE_DEBUG ? SCMP_ACT_TRAP : SCMP_ACT_KILL);
 	if (!ctx) {
 		warnp("seccomp_init failed");
 		return;
@@ -129,6 +151,9 @@ static void pax_seccomp_init(bool allow_forking)
 	/* We already called prctl. */
 	seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
 
+	if (USE_DEBUG)
+		pax_seccomp_signal_init();
+
 #ifndef __SANITIZE_ADDRESS__
 	/* ASAN does some weird stuff. */
 	if (seccomp_load(ctx) < 0)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-24 21:22 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-24 21:22 UTC (permalink / raw
  To: gentoo-commits

commit:     9d0a60f489c17e47e08aa5ec09da8d7049e402ea
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 24 21:19:41 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Aug 24 21:19:41 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9d0a60f4

build: add plumbing for building w/debug code

For cases where we want extra debug messages, add some debug knobs.
This will be used in a follow up commit to make it easier to triage
seccomp failures.

 Makefile     | 8 ++++----
 configure.ac | 5 +++++
 paxinc.h     | 6 ++++++
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 3abfee7..26cc9d4 100644
--- a/Makefile
+++ b/Makefile
@@ -36,10 +36,6 @@ MKDIR     := mkdir -p
 INS_EXE   := install -m755
 INS_DATA  := install -m644
 
-# Some fun settings
-#CFLAGS   += -DEBUG -g
-#LDFLAGS  += -pie
-
 PKG_CONFIG ?= pkg-config
 
 ifeq ($(USE_CAP),yes)
@@ -49,6 +45,10 @@ CPPFLAGS-pspax.c += $(LIBCAPS_CFLAGS) -DWANT_SYSCAP
 LIBS-pspax       += $(LIBCAPS_LIBS)
 endif
 
+ifeq ($(USE_DEBUG),yes)
+override CPPFLAGS += -DEBUG
+endif
+
 ifeq ($(USE_SECCOMP),yes)
 LIBSECCOMP_CFLAGS := $(shell $(PKG_CONFIG) --cflags libseccomp)
 LIBSECCOMP_LIBS   := $(shell $(PKG_CONFIG) --libs libseccomp)

diff --git a/configure.ac b/configure.ac
index 327d9b8..3b4de91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,6 +23,11 @@ AS_IF([test "x$with_caps" = "xyes"], [
 	LIBS="$LIBS $LIBCAP_LIBS"
 ])
 
+AC_ARG_WITH([debug], [AS_HELP_STRING([--with-debug], [enable debug code])])
+AS_IF([test "x$with_debug" = "xyes"], [
+	CPPFLAGS="$CPPFLAGS -DEBUG"
+])
+
 AC_ARG_WITH([python], [AS_HELP_STRING([--with-python], [use lddtree.py])])
 AM_CONDITIONAL([USE_PYTHON], [test "x$with_python" = "xyes"])
 

diff --git a/paxinc.h b/paxinc.h
index a8d6d9b..e687b3a 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -22,6 +22,12 @@
 # define VCSID "<unknown>"
 #endif
 
+#ifdef EBUG
+# define USE_DEBUG 1
+#else
+# define USE_DEBUG 0
+#endif
+
 /* ELF love */
 #include "elf.h"
 #include "paxelf.h"


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-26  6:29 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-26  6:29 UTC (permalink / raw
  To: gentoo-commits

commit:     c39a557a2b53f6fea61117d9b0d90ea51a738d6b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 26 06:27:27 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Aug 26 06:27:27 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c39a557a

security: whitelist fakeroot syscalls

Until we get a bit more dynamic here, whitelist the IPC syscalls that
fakeroot uses since it is available via portage FEATURES.

URL: https://bugs.gentoo.org/558482

 security.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/security.c b/security.c
index a62c798..1fa64a0 100644
--- a/security.c
+++ b/security.c
@@ -122,6 +122,13 @@ static void pax_seccomp_init(bool allow_forking)
 
 		/* Syscalls listed because of sandbox.  */
 		SCMP_SYS(readlink),
+
+		/* Syscalls listed because of fakeroot.  */
+		SCMP_SYS(msgget),
+		SCMP_SYS(msgrcv),
+		SCMP_SYS(msgsnd),
+		SCMP_SYS(semget),
+		SCMP_SYS(semop),
 	};
 	int fork_syscalls[] = {
 		SCMP_SYS(clone),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-08-28  0:33 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-08-28  0:33 UTC (permalink / raw
  To: gentoo-commits

commit:     6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 28 00:29:10 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Aug 28 00:29:10 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6fa4f469

security: do not warn when seccomp is disabled in the kernel

If the seccomp feature is disabled in the kernel, we'll get back
EINVAL from the prctl call.  There's no simple way to differentiate
between a real EINVAL (bad filter args), so we'll just assume that
libseccomp knows what it is doing.

Reported-by: Piotr Karbowski <piotr.karbowski <AT> gmail.com>
URL: https://bugs.gentoo.org/558414

 security.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/security.c b/security.c
index 1fa64a0..af264ae 100644
--- a/security.c
+++ b/security.c
@@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking)
 
 #ifndef __SANITIZE_ADDRESS__
 	/* ASAN does some weird stuff. */
-	if (seccomp_load(ctx) < 0)
-		warnp("seccomp_load failed");
+	if (seccomp_load(ctx) < 0) {
+		/* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */
+		if (errno != EINVAL)
+			warnp("seccomp_load failed");
+	}
 #endif
 
  done:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-09-12  4:17 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-09-12  4:17 UTC (permalink / raw
  To: gentoo-commits

commit:     ee6925b66697de51d6aa9ecfde56a95129150035
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 12 03:56:23 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Sep 12 03:56:23 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ee6925b6

security: whitelist dup syscalls

These are used by freopen internally, so whitelist them all.
They're pretty benign at any rate.

 security.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security.c b/security.c
index af264ae..da881e8 100644
--- a/security.c
+++ b/security.c
@@ -109,6 +109,9 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(brk),
 		SCMP_SYS(capget),
 		SCMP_SYS(chdir),
+		SCMP_SYS(dup),
+		SCMP_SYS(dup2),
+		SCMP_SYS(dup3),
 		SCMP_SYS(exit),
 		SCMP_SYS(exit_group),
 		SCMP_SYS(faccessat),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-09-19  6:27 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-09-19  6:27 UTC (permalink / raw
  To: gentoo-commits

commit:     9575f819a56b7bc4cb501fb63185b43084b66bd5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 19 06:17:45 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Sep 19 06:17:45 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9575f819

security: fix build on systems w/out si_syscall

Make sure we do not try to use si_syscall when it isn't available.

URL: https://bugs.gentoo.org/560098

 security.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security.c b/security.c
index af06dcb..8776a80 100644
--- a/security.c
+++ b/security.c
@@ -44,11 +44,14 @@ static int pax_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num
 static void
 pax_seccomp_sigal(__unused__ int signo, siginfo_t *info, __unused__ void *context)
 {
+#ifdef si_syscall
 	warn("seccomp violated: syscall %i", info->si_syscall);
 	fflush(stderr);
-#ifdef si_syscall
 	warn("  syscall = %s",
 		seccomp_syscall_resolve_num_arch(seccomp_arch_native(), info->si_syscall));
+	fflush(stderr);
+#else
+	warn("seccomp violated: syscall unknown (no si_syscall)");
 #endif
 	kill(getpid(), SIGSYS);
 	_exit(1);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-09-19  6:27 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-09-19  6:27 UTC (permalink / raw
  To: gentoo-commits

commit:     1f7a936b5cd7673275540ef73fdeb29fba821a15
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 19 05:08:46 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Sep 19 05:08:46 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f7a936b

security: whitelist the futex syscall

When building with openmp, often libpthread is linked in and code
automatically generated using it.  That means lower mutexes end up
calling the futex syscall.  This isn't just when pax-utils is built
with openmp, but it also applies when libraries it links with are
built with openmp.

Reported-by: florianmey <AT> gmx.de
URL: https://bugs.gentoo.org/559814

 security.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security.c b/security.c
index da881e8..af06dcb 100644
--- a/security.c
+++ b/security.c
@@ -123,6 +123,9 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(_llseek),
 		SCMP_SYS(mprotect),
 
+		/* Syscalls listed because of compiler settings.  */
+		SCMP_SYS(futex),
+
 		/* Syscalls listed because of sandbox.  */
 		SCMP_SYS(readlink),
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-10-08 20:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-10-08 20:31 UTC (permalink / raw
  To: gentoo-commits

commit:     a7ec3aa9a1024144486ccee3165665eb4c46420c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  8 20:31:02 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Oct  8 20:31:02 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a7ec3aa9

porting: fix android builds

 porting.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/porting.h b/porting.h
index 1107b4e..c0d5ebc 100644
--- a/porting.h
+++ b/porting.h
@@ -47,7 +47,7 @@
 # include <sys/prctl.h>
 # include <linux/securebits.h>
 #endif
-#if defined(__GLIBC__) || defined(__UCLIBC__)
+#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__ANDROID__)
 # include <byteswap.h>
 # include <endian.h>
 #elif defined(__FreeBSD__)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-10-26  4:35 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-10-26  4:35 UTC (permalink / raw
  To: gentoo-commits

commit:     353a328d1dc503bb2952f6c37b0fe6ad47fc5478
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 04:22:28 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 04:22:28 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=353a328d

security: whitelist the getcwd syscall

This might be run by the sandbox.

Reported-by: Markus Oehme <oehme.markus <AT> gmx.de>
URL: https://bugs.gentoo.org/562206

 security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security.c b/security.c
index 8776a80..ba74bee 100644
--- a/security.c
+++ b/security.c
@@ -131,6 +131,7 @@ static void pax_seccomp_init(bool allow_forking)
 
 		/* Syscalls listed because of sandbox.  */
 		SCMP_SYS(readlink),
+		SCMP_SYS(getcwd),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-11-26  8:43 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-11-26  8:43 UTC (permalink / raw
  To: gentoo-commits

commit:     335e3c30ebd98959a53c22b12b17f907d7def48c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 26 08:41:47 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Nov 26 08:41:47 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=335e3c30

xarray: move ele update to after bounds check

Even though we don't use the loaded ele value until after we check
the bounds of the counter, it makes ASAN unhappy, and might cause
a load of invalid memory.

URL: https://bugs.gentoo.org/553368
Reported-by: Hanno Boeck <hanno <AT> gentoo.org>

 xfuncs.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/xfuncs.h b/xfuncs.h
index 82f5da0..61577ec 100644
--- a/xfuncs.h
+++ b/xfuncs.h
@@ -27,10 +27,14 @@ void xarraypush(array_t *array, const void *ele, size_t ele_len);
 #define xarraypush_str(arr, ele) xarraypush(arr, ele, strlen(ele) + 1 /*NUL*/)
 void xarrayfree(array_t *array);
 #define xrealloc_array(ptr, size, ele_size) xrealloc(ptr, (size) * (ele_size))
+/* The assignment after the check is unfortunate as we do a non-NULL check (we
+ * already do not permit pushing of NULL pointers), but we can't put it in the
+ * increment phase as that will cause a load beyond the bounds of valid memory.
+ */
 #define array_for_each(arr, n, ele) \
 	for (n = 0, ele = array_cnt(arr) ? arr->eles[n] : NULL; \
-	     n < array_cnt(arr); \
-	     ele = arr->eles[++n])
+	     n < array_cnt(arr) && (ele = arr->eles[n]); \
+	     ++n)
 #define array_init_decl { .eles = NULL, .num = 0, }
 #define array_cnt(arr) (arr)->num
 char *array_flatten_str(array_t *array);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-12 22:45 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-12 22:45 UTC (permalink / raw
  To: gentoo-commits

commit:     81658ac5842906a286373096691a5f8e3ad6aa2d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 21:33:07 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 21:33:07 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81658ac5

dumpelf: handle corrupt dynamic tags

URL: https://bugs.gentoo.org/567956
Reported-by: Brian Carpenter <brian.carpenter <AT> gmail.com>

 dumpelf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dumpelf.c b/dumpelf.c
index fe0001b..4675904 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -138,6 +138,10 @@ static void dumpelf(const char *filename, long file_cnt)
 		Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \
 		i = 0; \
 		do { \
+			if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
+				printf(" /* invalid dynamic tags ! */ "); \
+				break; \
+			} \
 			dump_dyn(elf, dyn++, i++); \
 		} while (EGET(dyn->d_tag) != DT_NULL); \
 		}


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-12 22:45 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-12 22:45 UTC (permalink / raw
  To: gentoo-commits

commit:     61ee81b90f679cc47bcb0e237e9373a4e0f4e04b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 21:29:57 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 21:29:57 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=61ee81b9

dumpelf: handle corrupt section headers

URL: https://bugs.gentoo.org/567954
Reported-by: Brian Carpenter <brian.carpenter <AT> gmail.com>

 dumpelf.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/dumpelf.c b/dumpelf.c
index 0f15382..fe0001b 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -102,9 +102,19 @@ static void dumpelf(const char *filename, long file_cnt)
 		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
 		uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
-		Elf ## B ## _Off offset = EGET(shdr[shstrndx].sh_offset); \
+		Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
+		Elf ## B ## _Off offset; \
 		uint16_t shnum = EGET(ehdr->e_shnum); \
+		if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) { \
+			printf(" /* corrupt section header strings table ! */ "); \
+			goto break_out_shdr; \
+		} \
+		offset = EGET(strtbl->sh_offset); \
 		for (i = 0; i < shnum; ++i, ++shdr) \
+			if (!VALID_SHDR(elf, shdr)) { \
+				printf(" /* corrupt section headers ! */ "); \
+				break; \
+			} \
 			dump_shdr(elf, shdr, i, elf->vdata + offset + EGET(shdr->sh_name)); \
 		}
 		DUMP_SHDRS(32)
@@ -112,6 +122,7 @@ static void dumpelf(const char *filename, long file_cnt)
 	} else {
 		printf(" /* no section headers ! */ ");
 	}
+ break_out_shdr:
 	printf("},\n");
 
 	/* finish the namespace struct and start the abitrary ones */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-12 22:45 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-12 22:45 UTC (permalink / raw
  To: gentoo-commits

commit:     c6a0c552339026b7379099c02592b07712264d06
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 21:26:25 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 21:26:25 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c6a0c552

dumpelf: reset dynamic phdr pointer with every elf

When dumping multiple ELFs, the dynamic phdr pointer might be left
pointing to memory from the previous ELF.  Make sure we clear it at
the start of every run.

 dumpelf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dumpelf.c b/dumpelf.c
index e9b1771..0f15382 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -28,7 +28,7 @@ static void parseargs(int argc, char *argv[]);
 static char be_verbose = 0;
 
 /* misc dynamic tag caches */
-static void *phdr_dynamic_void = NULL;
+static void *phdr_dynamic_void;
 
 /* dump all internal elf info */
 static void dumpelf(const char *filename, long file_cnt)
@@ -40,6 +40,8 @@ static void dumpelf(const char *filename, long file_cnt)
 	if ((elf = readelf(filename)) == NULL)
 		return;
 
+	phdr_dynamic_void = NULL;
+
 	printf("#include <elf.h>\n");
 
 	printf(


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-12 22:45 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-12 22:45 UTC (permalink / raw
  To: gentoo-commits

commit:     f8d5d7cfc5ee2d89e0524e7906f3c0d029d26bd7
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 22:03:05 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 22:03:05 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f8d5d7cf

dumpelf: constify pointers

 dumpelf.c | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 4675904..5617f33 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -12,14 +12,14 @@ const char argv0[] = "dumpelf";
 
 /* prototypes */
 static void dumpelf(const char *filename, long file_cnt);
-static void dump_ehdr(elfobj *elf, void *ehdr);
-static void dump_phdr(elfobj *elf, void *phdr, long phdr_cnt);
-static void dump_shdr(elfobj *elf, void *shdr, long shdr_cnt, char *name);
-static void dump_dyn(elfobj *elf, void *dyn, long dyn_cnt);
+static void dump_ehdr(elfobj *elf, const void *ehdr);
+static void dump_phdr(elfobj *elf, const void *phdr, long phdr_cnt);
+static void dump_shdr(elfobj *elf, const void *shdr, long shdr_cnt, const char *name);
+static void dump_dyn(elfobj *elf, const void *dyn, long dyn_cnt);
 #if 0
-static void dump_sym(elfobj *elf, void *sym);
-static void dump_rel(elfobj *elf, void *rel);
-static void dump_rela(elfobj *elf, void *rela);
+static void dump_sym(elfobj *elf, const void *sym);
+static void dump_rel(elfobj *elf, const void *rel);
+static void dump_rela(elfobj *elf, const void *rela);
 #endif
 static void usage(int status);
 static void parseargs(int argc, char *argv[]);
@@ -28,7 +28,7 @@ static void parseargs(int argc, char *argv[]);
 static char be_verbose = 0;
 
 /* misc dynamic tag caches */
-static void *phdr_dynamic_void;
+static const void *phdr_dynamic_void;
 
 /* dump all internal elf info */
 static void dumpelf(const char *filename, long file_cnt)
@@ -81,8 +81,8 @@ static void dumpelf(const char *filename, long file_cnt)
 	if (elf->phdr) {
 #define DUMP_PHDRS(B) \
 		if (elf->elf_class == ELFCLASS ## B) { \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+		const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+		const Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 		uint16_t phnum = EGET(ehdr->e_phnum); \
 		for (i = 0; i < phnum; ++i, ++phdr) \
 			dump_phdr(elf, phdr, i); \
@@ -99,10 +99,10 @@ static void dumpelf(const char *filename, long file_cnt)
 	if (elf->shdr) {
 #define DUMP_SHDRS(B) \
 		if (elf->elf_class == ELFCLASS ## B) { \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
+		const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+		const Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
 		uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
-		Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
+		const Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
 		Elf ## B ## _Off offset; \
 		uint16_t shnum = EGET(ehdr->e_shnum); \
 		if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) { \
@@ -134,8 +134,8 @@ static void dumpelf(const char *filename, long file_cnt)
 	if (phdr_dynamic_void) {
 #define DUMP_DYNS(B) \
 		if (elf->elf_class == ELFCLASS ## B) { \
-		Elf ## B ## _Phdr *phdr = phdr_dynamic_void; \
-		Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \
+		const Elf ## B ## _Phdr *phdr = phdr_dynamic_void; \
+		const Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \
 		i = 0; \
 		do { \
 			if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
@@ -155,11 +155,11 @@ static void dumpelf(const char *filename, long file_cnt)
 	/* get out of here */
 	unreadelf(elf);
 }
-static void dump_ehdr(elfobj *elf, void *ehdr_void)
+static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 {
 #define DUMP_EHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (ehdr_void); \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (ehdr_void); \
 	printf(".ehdr = {\n"); \
 	printf("\t.e_ident = { /* (EI_NIDENT bytes) */\n" \
 	       "\t\t/* [%i] EI_MAG:        */ 0x%X,'%c','%c','%c',\n" \
@@ -198,11 +198,11 @@ static void dump_ehdr(elfobj *elf, void *ehdr_void)
 	DUMP_EHDR(32)
 	DUMP_EHDR(64)
 }
-static void dump_phdr(elfobj *elf, void *phdr_void, long phdr_cnt)
+static void dump_phdr(elfobj *elf, const void *phdr_void, long phdr_cnt)
 {
 #define DUMP_PHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (phdr_void); \
+	const Elf ## B ## _Phdr *phdr = PHDR ## B (phdr_void); \
 	switch (EGET(phdr->p_type)) { \
 	case PT_DYNAMIC: phdr_dynamic_void = phdr_void; break; \
 	} \
@@ -220,12 +220,12 @@ static void dump_phdr(elfobj *elf, void *phdr_void, long phdr_cnt)
 	DUMP_PHDR(32)
 	DUMP_PHDR(64)
 }
-static void dump_shdr(elfobj *elf, void *shdr_void, long shdr_cnt, char *name)
+static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const char *name)
 {
 	unsigned long i;
 #define DUMP_SHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Shdr *shdr = SHDR ## B (shdr_void); \
+	const Elf ## B ## _Shdr *shdr = SHDR ## B (shdr_void); \
 	uint32_t type = EGET(shdr->sh_type); \
 	uint ## B ## _t size = EGET(shdr->sh_size); \
 	printf("/* Section Header #%li '%s' 0x%lX */\n{\n", \
@@ -308,11 +308,11 @@ static void dump_shdr(elfobj *elf, void *shdr_void, long shdr_cnt, char *name)
 	DUMP_SHDR(32)
 	DUMP_SHDR(64)
 }
-static void dump_dyn(elfobj *elf, void *dyn_void, long dyn_cnt)
+static void dump_dyn(elfobj *elf, const void *dyn_void, long dyn_cnt)
 {
 #define DUMP_DYN(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Dyn *dyn = dyn_void; \
+	const Elf ## B ## _Dyn *dyn = dyn_void; \
 	unsigned long tag = EGET(dyn->d_tag); \
 	printf("/* Dynamic tag #%li '%s' 0x%lX */\n{\n", \
 	       dyn_cnt, get_elfdtype(tag), (unsigned long)dyn_void - (unsigned long)elf->data); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-12 22:45 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-12 22:45 UTC (permalink / raw
  To: gentoo-commits

commit:     871ce9d5e16d289bc1547781fe209086ea771e32
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 22:08:19 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 22:08:19 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=871ce9d5

dumpelf: handle invalid section names

 dumpelf.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/dumpelf.c b/dumpelf.c
index 5617f33..8abad61 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -223,6 +223,13 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, long phdr_cnt)
 static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const char *name)
 {
 	unsigned long i;
+
+	/* Make sure the string is valid. */
+	if ((void *)name >= elf->data_end)
+		name = "<corrupt>";
+	else if (memchr(name, 0, elf->len - (name - elf->data)) == NULL)
+		name = "<corrupt>";
+
 #define DUMP_SHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
 	const Elf ## B ## _Shdr *shdr = SHDR ## B (shdr_void); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-12 22:45 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-12 22:45 UTC (permalink / raw
  To: gentoo-commits

commit:     d4b9d92c41d34bd8716ba9cd964dcad87e235bf0
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 22:41:38 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 22:41:38 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d4b9d92c

scanelf: improve string table check a bit

The readelf helper will validate e_shnum for us, so re-use that
check to make sure the e_shstrndx field is within range too.

 scanelf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 7e3b077..57c5156 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -461,15 +461,15 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 		Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
 		uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
 		Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
-		if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \
-		    !VALID_SHDR(elf, strtbl)) \
+		uint16_t shnum = EGET(ehdr->e_shnum); \
+		if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) \
 			goto corrupt_shdr; \
 		/* let's flag -w/+x object files since the final ELF will most likely \
 		 * need write access to the stack (who doesn't !?).  so the combined \
 		 * output will bring in +w automatically and that's bad. \
 		 */ \
 		check_flags = /*SHF_WRITE|*/SHF_EXECINSTR; \
-		for (i = 0; i < EGET(ehdr->e_shnum); ++i) { \
+		for (i = 0; i < shnum; ++i) { \
 			if (EGET(shdr[i].sh_type) != SHT_PROGBITS) continue; \
 			offset = EGET(strtbl->sh_offset) + EGET(shdr[i].sh_name); \
 			if (offset >= elf->len - sizeof(NOTE_GNU_STACK)) \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-17  3:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-17  3:24 UTC (permalink / raw
  To: gentoo-commits

commit:     82c7079bc6f79c9972e4bf1a056afe998894e693
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 17 01:15:01 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 01:15:01 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=82c7079b

gitignore: add generated scripts

 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 4e0d5fa..6e0a530 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,8 +35,10 @@ Makefile.in
 stamp-h1
 
 /dumpelf
+/lddtree
 /pspax
 /scanelf
 /scanmacho
+/symtree
 
 /man/*.1


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-17  3:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-17  3:24 UTC (permalink / raw
  To: gentoo-commits

commit:     e409c177e2f92714012b7c0199f631173f4e6066
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 17 01:14:22 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 01:14:22 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e409c177

build: update autotools build to pass distcheck

 Makefile    | 2 +-
 Makefile.am | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 6375315..b9be199 100644
--- a/Makefile
+++ b/Makefile
@@ -160,7 +160,7 @@ check test:
 #
 GEN_MARK_START = \# @@@ GEN START @@@ \#
 GEN_MARK_END   = \# @@@ GEN END @@@ \#
-EXTRA_DIST     = $(shell git ls-files)
+EXTRA_DIST     = $(shell git ls-files | grep -v ^travis/)
 autotools-update:
 	$(MAKE) -C man -j
 	sed -i.tmp '/^$(GEN_MARK_START)$$/,/^$(GEN_MARK_END)$$/d' Makefile.am

diff --git a/Makefile.am b/Makefile.am
index e42dce4..82bc3a5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -18,6 +18,7 @@ LDADD = libpaxutils.la $(top_builddir)/autotools/gnulib/libgnu.a
 
 bin_SCRIPTS = lddtree symtree
 bin_PROGRAMS = scanelf dumpelf pspax scanmacho
+CLEANFILES = $(bin_SCRIPTS)
 
 if USE_PYTHON
 lddtree: lddtree.py
@@ -46,11 +47,12 @@ EXTRA_DIST = autotools/m4/gnulib-cache.m4
 dist_man_MANS += \
 	man/dumpelf.1 \
 	man/pspax.1 \
-	man/scanmacho.1 \
-	man/scanelf.1
+	man/scanelf.1 \
+	man/scanmacho.1
 EXTRA_DIST += \
 	.depend \
 	.gitignore \
+	.travis.yml \
 	BUGS \
 	COPYING \
 	Makefile \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-17  3:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-17  3:24 UTC (permalink / raw
  To: gentoo-commits

commit:     146fe9fb4ece2294e9233947aea1826f585dc3c9
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 17 00:28:00 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 00:28:00 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=146fe9fb

build: defer man page expansion

The $(wildcard) inside the rule is expanded before the `make man` step,
so if the man pages don't already exist, we don't get the latest list.
Defer the expansion to the shell step so it's always up-to-date.

 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index b3782a6..6375315 100644
--- a/Makefile
+++ b/Makefile
@@ -168,7 +168,7 @@ autotools-update:
 	( \
 		echo "$(GEN_MARK_START)"; \
 		printf 'dist_man_MANS +='; \
-		printf ' \\\n\t%s' $(wildcard man/*.1); \
+		printf ' \\\n\t%s' `printf '%s\n' man/*.1 | LC_ALL=C sort`; \
 		echo; \
 		printf 'EXTRA_DIST +='; \
 		printf ' \\\n\t%s' $(EXTRA_DIST); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-17  3:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-17  3:24 UTC (permalink / raw
  To: gentoo-commits

commit:     dbf8ea54cb9bfb309dde721cde4ccec594da2010
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 17 02:22:41 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 02:22:41 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=dbf8ea54

build: pull in ax macros recursively

Make sure we also get the files that the ax macros themselves need.

 autogen.sh | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/autogen.sh b/autogen.sh
index 3d49418..f552d22 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -40,10 +40,28 @@ v --fold="gnulib-tool" gnulib-tool \
 
 # not everyone has sys-devel/autoconf-archive installed
 v tar xf travis/autotools.tar.xz
-for macro in $(grep -o '\<AX[A-Z_]*\>' configure.ac | sort -u) ; do
-	if m4=$(grep -rl "\[${macro}\]" /usr/share/aclocal/) ; then
-		v cp $m4 ${m4dir}/
+has() { [[ " ${*:2} " == *" $1 "* ]] ; }
+import_ax() {
+	local macro content m4 lm4s=()
+	content=$(sed -e '/^[[:space:]]*#/d' -e 's:\<dnl\>.*::' "$@")
+	for macro in $(echo "${content}" | grep -o '\<AX[A-Z_]*\>' | sort -u) ; do
+		for m4 in $(grep -rl "\[${macro}\]" /usr/share/aclocal/) ; do
+			has ${m4} "${m4s[@]}" || lm4s+=( ${m4} )
+		done
+	done
+	if [[ ${#lm4s[@]} -gt 0 ]] ; then
+		cp -v `printf '%s\n' ${lm4s[@]} | sort -u` autotools/m4/
+		m4s+=( "${lm4s[@]}" )
 	fi
+}
+m4s=()
+import_ax configure.ac
+curr=1
+new=0
+while [[ ${curr} -ne ${new} ]] ; do
+	curr=${#m4s[@]}
+	import_ax autotools/m4/ax_*.m4
+	new=${#m4s[@]}
 done
 
 export AUTOMAKE="automake --foreign"


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2015-12-19 19:41 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2015-12-19 19:41 UTC (permalink / raw
  To: gentoo-commits

commit:     2f8d27e7f8afbe29b47a6c5617f6ef915443bc28
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 19:20:43 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 19:20:43 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2f8d27e7

README: convert to markdown

It's still human readable, but also renders better on systems like github.

 README    | 60 ------------------------------------------------
 README.md | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 60 deletions(-)

diff --git a/README b/README
deleted file mode 100644
index 4026140..0000000
--- a/README
+++ /dev/null
@@ -1,60 +0,0 @@
-HOMEPAGE: https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
-GIT: git clone git://anongit.gentoo.org/proj/pax-utils.git
-VIEWVCS: https://gitweb.gentoo.org/proj/pax-utils.git/
-
-pax-utils is a small set of various PaX aware and related utilities for 
-ELF binaries. It was written for ELF Q/A on Gentoo systems but can be 
-used on any distro.
-
-Note: to rebuild the man-pages, you will need xmlto and the docbook-xml-dtd
-      packages installed on your system.
-
-== INSTALL ==
-
-make install
-
-You don't need PaX to use the pax-utils. Infact the only thing they 
-really have in common is that pax-utils was initially written to aid in 
-deploying PaX systems so it includes support for PT_PAX_FLAGS and the 
-deprecated but still in use EI_PAX flags. For more information about PaX 
-see the homepage at http://pax.grsecurity.net/
-
-== LINKS ==
-
-(Gentoo)
-https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
-https://gitweb.gentoo.org/proj/pax-utils.git/
-Maintainer: solar@gentoo.org,vapier@gentoo.org
-
-(openSUSE)
-https://build.opensuse.org/package/show?package=pax-utils&project=openSUSE%3AFactory
-Maintainer: ludwig.nussel@suse.de
-
-(Ubuntu)
-http://packages.ubuntu.com/edgy/devel/pax-utils
-Maintainer: john.r.moser@gmail.com
-
-(Debian)
-http://packages.debian.org/unstable/misc/pax-utils
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388200
-Maintainer: rdenis@simphalempin.com
-
-(FreeBSD)
-http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=pax-utils
-http://www.freshports.org/sysutils/pax-utils/
-http://archive.netbsd.se/?ml=freebsd-cvs-all&a=2006-08&m=2311441
-Maintainer: sbz@FreeBSD.org
-
-(OpenEmedded)
-http://www.openembedded.org/filebrowser/org.openembedded.dev/packages/pax-utils
-
-(Crux)
-http://magog.se/crux/pax-utils/Pkgfile
-Maintainer: mattias@hedenskog.se
-
-(Fedora)
-https://apps.fedoraproject.org/packages/pax-utils
-Maintainer:  Dominik 'Rathann' Mierzejewski <rpm@greysector.net>
-
-(ArchLinux?)
-

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..4913455
--- /dev/null
+++ b/README.md
@@ -0,0 +1,78 @@
+# ELF/PaX Utilities
+
+| What     | How                                                   |
+| -------- | ----------------------------------------------------- |
+| HOMEPAGE | https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities   |
+| GIT      | git clone git://anongit.gentoo.org/proj/pax-utils.git |
+| VIEWVCS  | https://gitweb.gentoo.org/proj/pax-utils.git/         |
+| STATUS   | [![Build Status](https://travis-ci.org/gentoo/pax-utils.svg?branch=master)](https://travis-ci.org/gentoo/pax-utils) |
+
+pax-utils is a small set of utilities for peforming Q/A (mostly security)
+checks on systems (most notably, `scanelf`).  It is focused on the ELF
+format, but does include a Mach-O helper too for OS X systems.
+
+While heavily integrated into Gentoo's build system, it can be used on any
+distro as it is a generic toolset.
+
+Originally focused only on [PaX](https://pax.grsecurity.net/), it has been
+expanded to be generally security focused.  It still has a good number of
+PaX helpers for people interested in that.
+
+## Building
+
+Just run `make`.  This should work on any recent POSIX compliant system.
+
+Note: To rebuild the man-pages, you will need xmlto and the docbook-xml-dtd
+      packages installed on your system.
+
+## Installation
+
+`make install`
+
+You don't need PaX to use the pax-utils. Infact the only thing they
+really have in common is that pax-utils was initially written to aid in
+deploying PaX systems so it includes support for PT_PAX_FLAGS and the
+deprecated but still in use EI_PAX flags. For more information about PaX
+see the homepage at http://pax.grsecurity.net/
+
+## Links
+
+If you include pax-utils in your distro, feel free to send an update for this.
+
+##### Gentoo
+ * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
+ * https://gitweb.gentoo.org/proj/pax-utils.git/
+ * Maintainer: Mike Frysinger <vapier@gentoo.org>, Ned Ludd <solar@gentoo.org>
+
+##### openSUSE
+ * https://build.opensuse.org/package/show?package=pax-utils&project=openSUSE%3AFactory
+ * Maintainer: ludwig.nussel@suse.de
+
+##### Ubuntu
+ * http://packages.ubuntu.com/edgy/devel/pax-utils
+ * Maintainer: john.r.moser@gmail.com
+
+##### Debian
+ * http://packages.debian.org/unstable/misc/pax-utils
+ * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388200
+ * Maintainer: rdenis@simphalempin.com
+
+##### FreeBSD
+ * http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=pax-utils
+ * http://www.freshports.org/sysutils/pax-utils/
+ * http://archive.netbsd.se/?ml=freebsd-cvs-all&a=2006-08&m=2311441
+ * Maintainer: sbz@FreeBSD.org
+
+##### OpenEmedded
+ * http://www.openembedded.org/filebrowser/org.openembedded.dev/packages/pax-utils
+
+##### Crux
+ * http://magog.se/crux/pax-utils/Pkgfile
+ * Maintainer: mattias@hedenskog.se
+
+##### Fedora
+ * https://apps.fedoraproject.org/packages/pax-utils
+ * Maintainer: Dominik 'Rathann' Mierzejewski <rpm@greysector.net>
+
+##### ArchLinux
+ * https://www.archlinux.org/packages/community/x86_64/pax-utils/


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-01-02  3:52 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-01-02  3:52 UTC (permalink / raw
  To: gentoo-commits

commit:     fcf61ab5c969c0e385031cc36956505c1c66c7b7
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  2 03:51:56 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Jan  2 03:51:56 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=fcf61ab5

build: add a clang static analyzer check

 Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Makefile b/Makefile
index b9be199..b09c3b0 100644
--- a/Makefile
+++ b/Makefile
@@ -89,6 +89,9 @@ debug: clean
 	@-chpax  -permsx $(ELF_TARGETS)
 	@-paxctl -permsx $(ELF_TARGETS)
 
+analyze: clean
+	scan-build $(MAKE) all
+
 fuzz: clean
 	$(MAKE) AFL_HARDEN=1 CC=afl-gcc all
 	@rm -rf findings


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-01-02 15:26 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-01-02 15:26 UTC (permalink / raw
  To: gentoo-commits

commit:     26a5965e9cef652e755b45175c424fa117d7b87e
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  2 15:26:17 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Jan  2 15:26:17 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=26a5965e

build: include -Wmisleading-indentation when available

 Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index b09c3b0..f6fc827 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,8 @@ _WFLAGS   := \
 	-Wdeclaration-after-statement \
 	-Wextra \
 	-Wsequence-point \
-	-Wstrict-overflow
+	-Wstrict-overflow \
+	-Wmisleading-indentation
 WFLAGS    := -Wall -Wunused -Wimplicit -Wshadow -Wformat=2 \
              -Wmissing-declarations -Wmissing-prototypes -Wwrite-strings \
              -Wbad-function-cast -Wnested-externs -Wcomment -Winline \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-01-03 22:01 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-01-03 22:01 UTC (permalink / raw
  To: gentoo-commits

commit:     9b36cb0609e6553f2c89c0b5909aa8c6482f9c7f
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  3 21:32:47 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jan  3 21:32:47 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9b36cb06

dumpelf: improve decoding

- push down section header validity checks (previous one was too strict)
- fix section header walking (was missing braces in for loop)
- dump all of the pad bytes in the elf header
- expand program header output and decode/explain more fields
- use uintptr_t for doing pointer math
- handle SHT_NOBITS better

 dumpelf.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 76 insertions(+), 26 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 8abad61..d765164 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -111,10 +111,7 @@ static void dumpelf(const char *filename, long file_cnt)
 		} \
 		offset = EGET(strtbl->sh_offset); \
 		for (i = 0; i < shnum; ++i, ++shdr) \
-			if (!VALID_SHDR(elf, shdr)) { \
-				printf(" /* corrupt section headers ! */ "); \
-				break; \
-			} \
+			/* Don't use VALID_SHDR as we want to decode the fields */ \
 			dump_shdr(elf, shdr, i, elf->vdata + offset + EGET(shdr->sh_name)); \
 		}
 		DUMP_SHDRS(32)
@@ -155,6 +152,7 @@ static void dumpelf(const char *filename, long file_cnt)
 	/* get out of here */
 	unreadelf(elf);
 }
+
 static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 {
 #define DUMP_EHDR(B) \
@@ -168,8 +166,7 @@ static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 	       "\t\t/* [%i] EI_VERSION:    */ %i , /* (%s) */\n" \
 	       "\t\t/* [%i] EI_OSABI:      */ %i , /* (%s) */\n" \
 	       "\t\t/* [%i] EI_ABIVERSION: */ %i ,\n" \
-	       "\t\t/* [%i] EI_PAD:        */ 0x%02X /* x %i bytes */\n" \
-	       /* "\t\t/ [%i] EI_BRAND:      / 0x%02X\n" */ \
+	       "\t\t/* [%i-%i] EI_PAD:     */ 0x%X, 0x%X, 0x%X, 0x%X, 0x%X, 0x%X, 0x%X,\n" \
 	       "\t},\n", \
 	       EI_MAG0, (unsigned int)ehdr->e_ident[EI_MAG0], ehdr->e_ident[EI_MAG1], ehdr->e_ident[EI_MAG2], ehdr->e_ident[EI_MAG3], \
 	       EI_CLASS, (int)ehdr->e_ident[EI_CLASS], get_elfeitype(EI_CLASS, ehdr->e_ident[EI_CLASS]), \
@@ -177,18 +174,25 @@ static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 	       EI_VERSION, (int)ehdr->e_ident[EI_VERSION], get_elfeitype(EI_VERSION, ehdr->e_ident[EI_VERSION]), \
 	       EI_OSABI, (int)ehdr->e_ident[EI_OSABI], get_elfeitype(EI_OSABI, ehdr->e_ident[EI_OSABI]), \
 	       EI_ABIVERSION, (int)ehdr->e_ident[EI_ABIVERSION], \
-	       EI_PAD, (unsigned int)ehdr->e_ident[EI_PAD], EI_NIDENT - EI_PAD \
-	       /* EI_BRAND, ehdr->e_ident[EI_BRAND] */ \
+	       EI_PAD, EI_NIDENT - 1, \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 0], \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 1], \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 2], \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 3], \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 4], \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 5], \
+	         (unsigned int)ehdr->e_ident[EI_PAD + 6] \
 	); \
 	printf("\t.e_type      = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_type), get_elfetype(elf)); \
 	printf("\t.e_machine   = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_machine), get_elfemtype(elf)); \
-	printf("\t.e_version   = %-10i ,\n", (int)EGET(ehdr->e_version)); \
-	printf("\t.e_entry     = 0x%-8lX ,\n", (unsigned long)EGET(ehdr->e_entry)); \
+	printf("\t.e_version   = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_version), get_elfeitype(EI_VERSION, EGET(ehdr->e_version))); \
+	printf("\t.e_entry     = 0x%-8lX , /* (start address at runtime) */\n", (unsigned long)EGET(ehdr->e_entry)); \
 	printf("\t.e_phoff     = %-10li , /* (bytes into file) */\n", (unsigned long)EGET(ehdr->e_phoff)); \
 	printf("\t.e_shoff     = %-10li , /* (bytes into file) */\n", (unsigned long)EGET(ehdr->e_shoff)); \
 	printf("\t.e_flags     = 0x%-8X ,\n", (unsigned int)EGET(ehdr->e_flags)); \
 	printf("\t.e_ehsize    = %-10i , /* (bytes) */\n", (int)EGET(ehdr->e_ehsize)); \
 	printf("\t.e_phentsize = %-10i , /* (bytes) */\n", (int)EGET(ehdr->e_phentsize)); \
+	/* TODO: Handle PN_XNUM */ \
 	printf("\t.e_phnum     = %-10i , /* (program headers) */\n", (int)EGET(ehdr->e_phnum)); \
 	printf("\t.e_shentsize = %-10i , /* (bytes) */\n", (int)EGET(ehdr->e_shentsize)); \
 	printf("\t.e_shnum     = %-10i , /* (section headers) */\n", (int)EGET(ehdr->e_shnum)); \
@@ -198,28 +202,63 @@ static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 	DUMP_EHDR(32)
 	DUMP_EHDR(64)
 }
+
+static const char *dump_p_flags(uint32_t type, uint32_t flags)
+{
+	static char buf[1024];
+	char *p = buf;
+	p[0] = p[1] = p[2] = '\0';
+
+	if (flags & PF_R)
+		p = stpcpy(p, " | PF_R");
+	if (flags & PF_W)
+		p = stpcpy(p, " | PF_W");
+	if (flags & PF_X)
+		p = stpcpy(p, " | PF_X");
+	flags &= ~(PF_R | PF_W | PF_X);
+
+	switch (type) {
+	case PT_PAX_FLAGS:
+#define X(b) if (flags & b) { p = stpcpy(p, " | " #b); flags &= ~b; }
+		X(PF_PAGEEXEC) X(PF_NOPAGEEXEC)
+		X(PF_SEGMEXEC) X(PF_NOSEGMEXEC)
+		X(PF_MPROTECT) X(PF_NOMPROTECT)
+		X(PF_RANDEXEC) X(PF_NORANDEXEC)
+		X(PF_EMUTRAMP) X(PF_NOEMUTRAMP)
+		X(PF_RANDMMAP) X(PF_NORANDMMAP)
+#undef X
+		break;
+	}
+
+	if (flags)
+		sprintf(p, " | 0x%X", flags);
+
+	return buf + 3;
+}
 static void dump_phdr(elfobj *elf, const void *phdr_void, long phdr_cnt)
 {
 #define DUMP_PHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
 	const Elf ## B ## _Phdr *phdr = PHDR ## B (phdr_void); \
-	switch (EGET(phdr->p_type)) { \
+	uint32_t p_type = EGET(phdr->p_type); \
+	switch (p_type) { \
 	case PT_DYNAMIC: phdr_dynamic_void = phdr_void; break; \
 	} \
-	printf("/* Program Header #%li 0x%lX */\n{\n", phdr_cnt, (unsigned long)phdr_void - (unsigned long)elf->data); \
-	printf("\t.p_type   = %-10li , /* [%s] */\n", (long)EGET(phdr->p_type), get_elfptype(EGET(phdr->p_type))); \
-	printf("\t.p_offset = %-10li ,\n", (long)EGET(phdr->p_offset)); \
-	printf("\t.p_vaddr  = 0x%-8lX ,\n", (unsigned long)EGET(phdr->p_vaddr)); \
-	printf("\t.p_paddr  = 0x%-8lX ,\n", (unsigned long)EGET(phdr->p_paddr)); \
-	printf("\t.p_filesz = %-10li ,\n", (long)EGET(phdr->p_filesz)); \
-	printf("\t.p_memsz  = %-10li ,\n", (long)EGET(phdr->p_memsz)); \
-	printf("\t.p_flags  = %-10li ,\n", (long)EGET(phdr->p_flags)); \
-	printf("\t.p_align  = %-10li\n", (long)EGET(phdr->p_align)); \
+	printf("/* Program Header #%li 0x%lX */\n{\n", phdr_cnt, (uintptr_t)phdr_void - (uintptr_t)elf->data); \
+	printf("\t.p_type   = %-10li , /* [%s] */\n", (long)p_type, get_elfptype(p_type)); \
+	printf("\t.p_offset = %-10li , /* (bytes into file) */\n", (long)EGET(phdr->p_offset)); \
+	printf("\t.p_vaddr  = 0x%-8lX , /* (virtual addr at runtime) */\n", (unsigned long)EGET(phdr->p_vaddr)); \
+	printf("\t.p_paddr  = 0x%-8lX , /* (physical addr at runtime) */\n", (unsigned long)EGET(phdr->p_paddr)); \
+	printf("\t.p_filesz = %-10li , /* (bytes in file) */\n", (long)EGET(phdr->p_filesz)); \
+	printf("\t.p_memsz  = %-10li , /* (bytes in mem at runtime) */\n", (long)EGET(phdr->p_memsz)); \
+	printf("\t.p_flags  = 0x%-8lX , /* %s */\n", (unsigned long)EGET(phdr->p_flags), dump_p_flags(p_type, EGET(phdr->p_flags))); \
+	printf("\t.p_align  = %-10li , /* (min mem alignment in bytes) */\n", (long)EGET(phdr->p_align)); \
 	printf("},\n"); \
 	}
 	DUMP_PHDR(32)
 	DUMP_PHDR(64)
 }
+
 static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const char *name)
 {
 	unsigned long i;
@@ -233,22 +272,31 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const c
 #define DUMP_SHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
 	const Elf ## B ## _Shdr *shdr = SHDR ## B (shdr_void); \
+	Elf ## B ## _Off offset = EGET(shdr->sh_offset); \
 	uint32_t type = EGET(shdr->sh_type); \
 	uint ## B ## _t size = EGET(shdr->sh_size); \
+	\
 	printf("/* Section Header #%li '%s' 0x%lX */\n{\n", \
-	       shdr_cnt, name, (unsigned long)shdr_void - (unsigned long)elf->data); \
+	       shdr_cnt, name, (uintptr_t)shdr_void - (uintptr_t)elf->data); \
 	printf("\t.sh_name      = %-10i ,\n", (int)EGET(shdr->sh_name)); \
 	printf("\t.sh_type      = %-10i , /* [%s] */\n", (int)EGET(shdr->sh_type), get_elfshttype(type)); \
 	printf("\t.sh_flags     = %-10li ,\n", (long)EGET(shdr->sh_flags)); \
 	printf("\t.sh_addr      = 0x%-8lX ,\n", (unsigned long)EGET(shdr->sh_addr)); \
-	printf("\t.sh_offset    = %-10i , /* (bytes) */\n", (int)EGET(shdr->sh_offset)); \
-	printf("\t.sh_size      = %-10li , /* (bytes) */\n", (long)EGET(shdr->sh_size)); \
+	printf("\t.sh_offset    = %-10li , /* (bytes) */\n", (long)offset); \
+	printf("\t.sh_size      = %-10lu , /* (bytes) */\n", (unsigned long)size); \
 	printf("\t.sh_link      = %-10i ,\n", (int)EGET(shdr->sh_link)); \
 	printf("\t.sh_info      = %-10i ,\n", (int)EGET(shdr->sh_info)); \
 	printf("\t.sh_addralign = %-10li ,\n", (long)EGET(shdr->sh_addralign)); \
 	printf("\t.sh_entsize   = %-10li\n", (long)EGET(shdr->sh_entsize)); \
-	if (size && be_verbose) { \
-		void *vdata = elf->vdata + EGET(shdr->sh_offset); \
+	\
+	if (type == SHT_NOBITS) { \
+		/* Special case so we can do valid check next. */ \
+		if (be_verbose) \
+			printf("\t/* NOBITS sections do not occupy the file. */\n"); \
+	} else if (!(offset < (uint64_t)elf->len && size < (uint64_t)elf->len && offset <= elf->len - size)) { \
+		printf(" /* corrupt section header ! */ "); \
+	} else if (size && be_verbose) { \
+		void *vdata = elf->vdata + offset; \
 		unsigned char *data = vdata; \
 		switch (type) { \
 		case SHT_PROGBITS: { \
@@ -258,6 +306,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const c
 			} \
 			if (strcmp(name, ".comment") != 0) \
 				break; \
+			break; \
 		} \
 		case SHT_STRTAB: { \
 			char b; \
@@ -315,6 +364,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const c
 	DUMP_SHDR(32)
 	DUMP_SHDR(64)
 }
+
 static void dump_dyn(elfobj *elf, const void *dyn_void, long dyn_cnt)
 {
 #define DUMP_DYN(B) \
@@ -322,7 +372,7 @@ static void dump_dyn(elfobj *elf, const void *dyn_void, long dyn_cnt)
 	const Elf ## B ## _Dyn *dyn = dyn_void; \
 	unsigned long tag = EGET(dyn->d_tag); \
 	printf("/* Dynamic tag #%li '%s' 0x%lX */\n{\n", \
-	       dyn_cnt, get_elfdtype(tag), (unsigned long)dyn_void - (unsigned long)elf->data); \
+	       dyn_cnt, get_elfdtype(tag), (uintptr_t)dyn_void - (uintptr_t)elf->data); \
 	printf("\t.d_tag     = 0x%-8lX ,\n", tag); \
 	printf("\t.d_un      = {\n"); \
 	printf("\t\t.d_val = 0x%-8lX ,\n", (unsigned long)EGET(dyn->d_un.d_val)); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-01-03 22:23 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-01-03 22:23 UTC (permalink / raw
  To: gentoo-commits

commit:     3d813940e752cc3b9a230086013501d9453d2167
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  3 22:15:39 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jan  3 22:15:39 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=3d813940

paxelf: switch low level elf helpers to unsigned ints

Avoid using signed types when working with unsigned elf fields.

 paxelf.c | 28 +++++++++++++---------------
 paxelf.h |  6 +++---
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index b0ba144..ff385c5 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -15,11 +15,13 @@
 #define QUERY(n) { #n, n }
 typedef const struct {
 	const char *str;
-	int value;
+	/* We use unsigned int as we assume it's at least 32 bits.  This covers
+	   all our uses so far as they have been limited to that size.  */
+	unsigned int value;
 } pairtype;
-static inline const char *find_pairtype(pairtype *pt, int type)
+static inline const char *find_pairtype(pairtype *pt, unsigned int type)
 {
-	int i;
+	size_t i;
 	for (i = 0; pt[i].str; ++i)
 		if (type == pt[i].value)
 			return pt[i].str;
@@ -84,14 +86,12 @@ static pairtype elf_etypes[] = {
 	{ 0, 0 }
 };
 
-int get_etype(elfobj *elf)
+unsigned int get_etype(elfobj *elf)
 {
-	int type;
 	if (elf->elf_class == ELFCLASS32)
-		type = EGET(EHDR32(elf->ehdr)->e_type);
+		return EGET(EHDR32(elf->ehdr)->e_type);
 	else
-		type = EGET(EHDR64(elf->ehdr)->e_type);
-	return type;
+		return EGET(EHDR64(elf->ehdr)->e_type);
 }
 
 const char *get_elfetype(elfobj *elf)
@@ -162,10 +162,10 @@ void print_etypes(FILE *stream)
 		fprintf(stream, "\n");
 }
 
-int etype_lookup(const char *str)
+unsigned int etype_lookup(const char *str)
 {
 	if (*str == 'E') {
-		int i;
+		size_t i;
 		for (i = 0; elf_etypes[i].str; ++i) {
 			if (strcmp(str, elf_etypes[i].str) == 0)
 				return elf_etypes[i].value;
@@ -275,14 +275,12 @@ static pairtype elf_emtypes[] = {
 	{ 0, 0 }
 };
 
-int get_emtype(elfobj *elf)
+unsigned int get_emtype(elfobj *elf)
 {
-	int type;
 	if (elf->elf_class == ELFCLASS32)
-		type = EGET(EHDR32(elf->ehdr)->e_machine);
+		return EGET(EHDR32(elf->ehdr)->e_machine);
 	else
-		type = EGET(EHDR64(elf->ehdr)->e_machine);
-	return type;
+		return EGET(EHDR64(elf->ehdr)->e_machine);
 }
 
 const char *get_elfemtype(elfobj *elf)

diff --git a/paxelf.h b/paxelf.h
index 034e0d7..4beec93 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -70,10 +70,10 @@ extern const char *get_elfstbtype(int type);
 extern const char *get_elfstvtype(int type);
 extern const char *get_elfstttype(int type);
 extern void *elf_findsecbyname(elfobj *elf, const char *name);
-extern int get_etype(elfobj *elf);
-extern int get_emtype(elfobj *elf);
+extern unsigned int get_etype(elfobj *elf);
+extern unsigned int get_emtype(elfobj *elf);
 extern void print_etypes(FILE *);
-extern int etype_lookup(const char *);
+extern unsigned int etype_lookup(const char *);
 
 /* PaX flags (to be read in elfhdr.e_flags) */
 #define HF_PAX_PAGEEXEC      1   /* 0: Paging based non-exec pages */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-01-03 22:23 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-01-03 22:23 UTC (permalink / raw
  To: gentoo-commits

commit:     579c7f16f20a531d47ef3cde14815ed0aa03f94e
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  3 22:22:48 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jan  3 22:22:48 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=579c7f16

paxelf: add a helper for accessing e_flags

 paxelf.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index ff385c5..a353e57 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -108,6 +108,15 @@ const char *get_endian(elfobj *elf)
 	}
 }
 
+/* translate elf EF_ defines -- tricky as it's based on EM_ */
+static unsigned int get_eflags(elfobj *elf)
+{
+	if (elf->elf_class == ELFCLASS32)
+		return EGET(EHDR32(elf->ehdr)->e_flags);
+	else
+		return EGET(EHDR64(elf->ehdr)->e_flags);
+}
+
 static int arm_eabi_poker(elfobj *elf)
 {
 	unsigned int emachine, eflags;
@@ -115,16 +124,11 @@ static int arm_eabi_poker(elfobj *elf)
 	if (ELFOSABI_NONE != elf->data[EI_OSABI])
 		return -1;
 
-	if (elf->elf_class == ELFCLASS32) {
-		emachine = EHDR32(elf->ehdr)->e_machine;
-		eflags = EHDR32(elf->ehdr)->e_flags;
-	} else {
-		emachine = EHDR64(elf->ehdr)->e_machine;
-		eflags = EHDR64(elf->ehdr)->e_flags;
-	}
+	emachine = get_emtype(elf);
+	eflags = get_eflags(elf);
 
-	if (EGET(emachine) == EM_ARM)
-		return EF_ARM_EABI_VERSION(EGET(eflags)) >> 24;
+	if (emachine == EM_ARM)
+		return EF_ARM_EABI_VERSION(eflags) >> 24;
 	else
 		return -1;
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-01-28 22:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-01-28 22:42 UTC (permalink / raw
  To: gentoo-commits

commit:     320b76139ae04eea3cbe74c424cda489bbf61882
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Jan 28 22:38:43 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 28 22:38:43 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=320b7613

lddtree: handle exceptions thrown when parsing other ELFs

We have a top level exception handler for catching ELF errors, but if we
hit a problem with a dependency, we end up diagnosing it as a problem in
the first ELF.  e.g. If "foo" is linked against "libc.so", and "libc.so"
is a linker script, when we try to read the libc.so ELF, it fails, and
we end up saying:
  lddtree: warning: foo: Magic number does not match

This makes no sense because "foo" is a proper ELF with the right magic,
and we end up halting the whole parsing process.  Now we show:
  lddtree: warning: /usr/lib/libc.so: Magic number does not match
  foo (interpreter => /some/interp)
      libc.so => None

 lddtree.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 100f475..e663d32 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -338,9 +338,12 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
 
     if os.path.exists(target):
       with open(target, 'rb') as f:
-        libelf = ELFFile(f)
-        if CompatibleELFs(elf, libelf):
-          return (target, path)
+        try:
+          libelf = ELFFile(f)
+          if CompatibleELFs(elf, libelf):
+            return (target, path)
+        except exceptions.ELFError as e:
+          warn('%s: %s' % (target, e))
 
   return (None, None)
 
@@ -475,8 +478,11 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
           'needed': [],
       }
       if fullpath:
-        lret = ParseELF(realpath, root, prefix, ldpaths, display=fullpath,
-                        debug=debug, _first=False, _all_libs=_all_libs)
+        try:
+          lret = ParseELF(realpath, root, prefix, ldpaths, display=fullpath,
+                          debug=debug, _first=False, _all_libs=_all_libs)
+        except exceptions.ELFError as e:
+          warn('%s: %s' % (realpath, e))
         _all_libs[lib]['needed'] = lret['needed']
 
     del elf


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-02-10 18:54 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-02-10 18:54 UTC (permalink / raw
  To: gentoo-commits

commit:     636c3d42a64a248945ca4c68f5fef605cc55f423
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 10 18:51:40 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Feb 10 18:51:40 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=636c3d42

security: allow more read/write syscalls

Some C libraries might use these functions in different ways.  Since they
are fairly harmless to use, just whitelist all the read/write variants.

URL: https://bugs.gentoo.org/571128
Reported-by: Vladimir Lushnikov <vladimir <AT> vladimir.lu>
Reported-by: Mias van Klei <miasvanklei <AT> gmail.com>

 security.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security.c b/security.c
index ba74bee..b635ccf 100644
--- a/security.c
+++ b/security.c
@@ -72,6 +72,9 @@ static void pax_seccomp_init(bool allow_forking)
 	int base_syscalls[] = {
 		/* We write the most w/scanelf.  */
 		SCMP_SYS(write),
+		SCMP_SYS(writev),
+		SCMP_SYS(pwrite64),
+		SCMP_SYS(pwritev),
 
 		/* Then the stat family of functions.  */
 		SCMP_SYS(newfstatat),
@@ -102,6 +105,8 @@ static void pax_seccomp_init(bool allow_forking)
 		/* Then the file reading functions.  */
 		SCMP_SYS(pread64),
 		SCMP_SYS(read),
+		SCMP_SYS(readv),
+		SCMP_SYS(preadv),
 
 		/* Then the fd manipulation functions.  */
 		SCMP_SYS(fcntl),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-02-10 19:41 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-02-10 19:41 UTC (permalink / raw
  To: gentoo-commits

commit:     4f80ea1b35779e3de107e959f8b4d2e9a17d6955
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 10 19:16:43 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Feb 10 19:16:43 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4f80ea1b

build: update README->README.md name

 Makefile    | 2 +-
 Makefile.am | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index f6fc827..91b1536 100644
--- a/Makefile
+++ b/Makefile
@@ -142,7 +142,7 @@ ifneq ($(USE_PYTHON),no)
 	for py in $(SCRIPTS_PY) ; do $(INS_EXE) $$py.py $(PREFIX)/bin/$$py || exit $$? ; done
 endif
 	$(INS_EXE) $(TARGETS) $(PREFIX)/bin/
-	$(INS_DATA) README BUGS TODO $(PKGDOCDIR)/
+	$(INS_DATA) README.md BUGS TODO $(PKGDOCDIR)/
 	$(INS_DATA) $(MPAGES) $(MANDIR)/man1/
 
 PN = pax-utils

diff --git a/Makefile.am b/Makefile.am
index 82bc3a5..0c1945a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,7 +57,7 @@ EXTRA_DIST += \
 	COPYING \
 	Makefile \
 	Makefile.am \
-	README \
+	README.md \
 	TODO \
 	autogen.sh \
 	configure.ac \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-03-03 21:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-03-03 21:15 UTC (permalink / raw
  To: gentoo-commits

commit:     4941a742dcd35d80d16fc96906cd022e03a3799b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Mar  3 21:10:26 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Mar  3 21:10:26 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4941a742

security: whitelist readlinkat

Newer arches omit readlink entirely (like aarch64).

Reported-by: Steev Klimaszewski <steev <AT> gentoo.org>

 security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security.c b/security.c
index b635ccf..8019860 100644
--- a/security.c
+++ b/security.c
@@ -136,6 +136,7 @@ static void pax_seccomp_init(bool allow_forking)
 
 		/* Syscalls listed because of sandbox.  */
 		SCMP_SYS(readlink),
+		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
 
 		/* Syscalls listed because of fakeroot.  */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-05-31 22:27 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-05-31 22:27 UTC (permalink / raw
  To: gentoo-commits

commit:     ae82ef5e27c8935a8f503e991710597254b86647
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri May 13 22:28:18 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri May 13 22:28:18 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ae82ef5e

lddtree: always inhibit the cache

Make sure that the wrapped binaries don't use the host's ld.so.cache.
This probably shouldn't show up since we're using --library-path, but
in case that doesn't stop things, explicitly disable the search.

 lddtree.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lddtree.py b/lddtree.py
index e663d32..3971a9a 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -162,6 +162,7 @@ basedir=${base%%/*}
 exec \
   "${basedir}/%(interp)s" \
   --library-path "%(libpaths)s" \
+  --inhibit-cache \
   --inhibit-rpath '' \
   "${base}.elf" \
   "$@"


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     56905522dfd178685b6225c6be89560cb02c445c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 00:37:04 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 00:37:04 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=56905522

pspax: rewrite core loop to use *at funcs

This makes the code a bit simpler & robust.

 pspax.c | 228 ++++++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 128 insertions(+), 100 deletions(-)

diff --git a/pspax.c b/pspax.c
index c64472c..67b7678 100644
--- a/pspax.c
+++ b/pspax.c
@@ -40,20 +40,47 @@ static pid_t show_pid = 0;
 static uid_t show_uid = (uid_t)-1;
 static gid_t show_gid = (gid_t)-1;
 
-static FILE *proc_fopen(pid_t pid, const char *file)
+static int proc_open(int pfd, const char *file)
 {
-	char path[__PAX_UTILS_PATH_MAX];
-	snprintf(path, sizeof(path), PROC_DIR "/%u/%s", pid, file);
-	path[sizeof(path) - 1] = '\0';
-	return fopen(path, "r");
+	return openat(pfd, file, O_RDONLY|O_CLOEXEC);
 }
 
-static char *get_proc_name_cmdline(pid_t pid)
+static FILE *proc_fopen(int pfd, const char *file)
+{
+	int fd;
+	FILE *fp;
+
+	fd = proc_open(pfd, file);
+	if (fd == -1)
+		return NULL;
+
+	fp = fdopen(fd, "re");
+	if (fp == NULL)
+		close(fd);
+
+	return fp;
+}
+
+static elfobj *proc_readelf(int pfd)
+{
+	int fd;
+	elfobj *elf;
+
+	fd = proc_open(pfd, "exe");
+	if (fd == -1)
+		return NULL;
+
+	elf = readelf_fd("proc/exe", fd, 0);
+	close(fd);
+	return elf;
+}
+
+static char *get_proc_name_cmdline(int pfd)
 {
 	FILE *fp;
 	static char str[1024];
 
-	fp = proc_fopen(pid, "cmdline");
+	fp = proc_fopen(pfd, "cmdline");
 	if (fp == NULL)
 		return NULL;
 
@@ -64,15 +91,15 @@ static char *get_proc_name_cmdline(pid_t pid)
 	return (str);
 }
 
-static char *get_proc_name(pid_t pid)
+static char *get_proc_name(int pfd)
 {
 	FILE *fp;
 	static char str[BUFSIZ];
 
 	if (wide_output)
-		return get_proc_name_cmdline(pid);
+		return get_proc_name_cmdline(pfd);
 
-	fp = proc_fopen(pid, "stat");
+	fp = proc_fopen(pfd, "stat");
 	if (fp == NULL)
 		return NULL;
 
@@ -90,12 +117,12 @@ static char *get_proc_name(pid_t pid)
 	return (str+1);
 }
 
-static int get_proc_maps(pid_t pid)
+static int get_proc_maps(int pfd)
 {
 	FILE *fp;
 	static char str[BUFSIZ];
 
-	if ((fp = proc_fopen(pid, "maps")) == NULL)
+	if ((fp = proc_fopen(pfd, "maps")) == NULL)
 		return -1;
 
 	while (fgets(str, sizeof(str), fp)) {
@@ -126,12 +153,12 @@ static int get_proc_maps(pid_t pid)
 	return 0;
 }
 
-static int print_executable_mappings(pid_t pid)
+static int print_executable_mappings(int pfd)
 {
 	FILE *fp;
 	static char str[BUFSIZ];
 
-	if ((fp = proc_fopen(pid, "maps")) == NULL)
+	if ((fp = proc_fopen(pfd, "maps")) == NULL)
 		return -1;
 
 	while (fgets(str, sizeof(str), fp)) {
@@ -169,28 +196,24 @@ static int print_executable_mappings(pid_t pid)
 # define NOTE_TO_SELF
 #endif
 
-static struct passwd *get_proc_passwd(pid_t pid)
+static struct passwd *get_proc_passwd(int pfd)
 {
 	struct stat st;
-	struct passwd *pwd;
-	char path[__PAX_UTILS_PATH_MAX];
-
-	snprintf(path, sizeof(path), PROC_DIR "/%u/stat", pid);
+	struct passwd *pwd = NULL;
 
-	if (stat(path, &st) != -1)
-		if ((pwd = getpwuid(st.st_uid)) != NULL)
-			return pwd;
+	if (fstatat(pfd, "stat", &st, AT_SYMLINK_NOFOLLOW) != -1)
+		pwd = getpwuid(st.st_uid);
 
-	return NULL;
+	return pwd;
 }
 
-static char *get_proc_status(pid_t pid, const char *name)
+static char *get_proc_status(int pfd, const char *name)
 {
 	FILE *fp;
 	size_t len;
 	static char str[BUFSIZ];
 
-	if ((fp = proc_fopen(pid, "status")) == NULL)
+	if ((fp = proc_fopen(pfd, "status")) == NULL)
 		return NULL;
 
 	len = strlen(name);
@@ -208,13 +231,13 @@ static char *get_proc_status(pid_t pid, const char *name)
 	return NULL;
 }
 
-static char *get_pid_attr(pid_t pid)
+static char *get_pid_attr(int pfd)
 {
 	FILE *fp;
 	char *p;
 	static char buf[BUFSIZ];
 
-	if ((fp = proc_fopen(pid, "attr/current")) == NULL)
+	if ((fp = proc_fopen(pfd, "attr/current")) == NULL)
 		return NULL;
 
 	if (fgets(buf, sizeof(buf), fp) != NULL)
@@ -225,13 +248,13 @@ static char *get_pid_attr(pid_t pid)
 	return buf;
 }
 
-static char *get_pid_addr(pid_t pid)
+static char *get_pid_addr(int pfd)
 {
 	FILE *fp;
 	char *p;
 	static char buf[BUFSIZ];
 
-	if ((fp = proc_fopen(pid, "ipaddr")) == NULL)
+	if ((fp = proc_fopen(pfd, "ipaddr")) == NULL)
 		return NULL;
 
 	if (fgets(buf, sizeof(buf), fp) != NULL)
@@ -242,15 +265,15 @@ static char *get_pid_addr(pid_t pid)
 	return buf;
 }
 
-static const char *get_proc_type(pid_t pid)
+static const char *get_proc_type(int pfd)
 {
-	char fname[32];
 	elfobj *elf;
 	const char *ret;
 
-	snprintf(fname, sizeof(fname), PROC_DIR "/%u/exe", pid);
-	if ((elf = readelf(fname)) == NULL)
+	elf = proc_readelf(pfd);
+	if (elf == NULL)
 		return NULL;
+
 	ret = get_elfetype(elf);
 	unreadelf(elf);
 	return ret;
@@ -290,15 +313,15 @@ static char *scanelf_file_phdr(elfobj *elf)
 	return ret;
 }
 /* we scan the elf file two times when the -e flag is given. But we don't need -e very often so big deal */
-static const char *get_proc_phdr(pid_t pid)
+static const char *get_proc_phdr(int pfd)
 {
-	char fname[32];
 	elfobj *elf;
 	const char *ret;
 
-	snprintf(fname, sizeof(fname), PROC_DIR "/%u/exe", pid);
-	if ((elf = readelf(fname)) == NULL)
+	elf = proc_readelf(pfd);
+	if (elf == NULL)
 		return NULL;
+
 	ret = scanelf_file_phdr(elf);
 	unreadelf(elf);
 	return ret;
@@ -312,9 +335,9 @@ static void pspax(const char *find_name)
 	pid_t ppid = show_pid;
 	int have_attr, have_addr, wx;
 	struct passwd *pwd;
-	struct stat st;
 	const char *pax, *type, *name, *attr, *addr;
 	char *caps;
+	int pfd;
 	WRAP_SYSCAP(ssize_t length; cap_t cap_d;)
 
 	WRAP_SYSCAP(cap_d = cap_init());
@@ -339,76 +362,81 @@ static void pspax(const char *find_name)
 			have_addr ? "IPADDR" : "", show_phdr ? "STACK LOAD" : "");
 
 	while ((de = readdir(dir))) {
-		errno = 0;
-		stat(de->d_name, &st);
-		if ((errno != ENOENT) && (errno != EACCES)) {
-			pid = (pid_t) atoi((char *) basename((char *) de->d_name));
-			if (find_name && pid) {
-				char *str = get_proc_name(pid);
-				if (!str)
-					continue;
-				if (strcmp(str, find_name) != 0)
-					pid = 0;
-			}
-			if (((ppid > 0) && (pid != ppid)) || !pid)
-				continue;
+		/* Check the name first if it's an int as it's faster. */
+		pid = atoi(de->d_name);
+		if (pid == 0)
+			continue;
 
-			wx = get_proc_maps(pid);
+		/* Get an open handle so the kernel won't reap on us later. */
+		pfd = open(de->d_name, O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY);
+		if (pfd == -1)
+			continue;
 
-			if (noexec != writeexec) {
-				if ((wx == 1) && (writeexec != wx))
-					goto next_pid;
+		if (find_name && pid) {
+			char *str = get_proc_name(pfd);
+			if (!str)
+				goto next_pid;
+			if (strcmp(str, find_name) != 0)
+				pid = 0;
+		}
+		if (ppid > 0 && pid != ppid)
+			goto next_pid;
 
-				if ((wx == 0) && writeexec)
-					goto next_pid;
-			}
+		wx = get_proc_maps(pfd);
 
-			pwd  = get_proc_passwd(pid);
-			pax  = get_proc_status(pid, "PAX");
-			type = get_proc_type(pid);
-			name = get_proc_name(pid);
-			attr = (have_attr ? get_pid_attr(pid) : NULL);
-			addr = (have_addr ? get_pid_addr(pid) : NULL);
-
-			if (pwd) {
-				if (show_uid != (uid_t)-1)
-					if (pwd->pw_uid != show_uid)
-						continue;
-
-				if (show_gid != (gid_t)-1)
-					if (pwd->pw_gid != show_gid)
-						continue;
-			}
+		if (noexec != writeexec) {
+			if (wx == 1 && writeexec != wx)
+				goto next_pid;
 
-			/* this is a non-POSIX function */
-			caps = NULL;
-			WRAP_SYSCAP(capgetp(pid, cap_d));
-			WRAP_SYSCAP(caps = cap_to_text(cap_d, &length));
-
-			if (pwd && strlen(pwd->pw_name) >= 8)
-				pwd->pw_name[8] = 0;
-
-			if (show_all || type) {
-				printf("%-8s %-6d %-6s %-4s %-10s %-16s %-4s %s %s %s\n",
-				       pwd  ? pwd->pw_name : "--------",
-				       pid,
-				       pax  ? pax  : "---",
-				       (wx == 1) ? "w|x" : (wx == -1) ? "---" : "w^x",
-				       type ? type : "-------",
-				       name ? name : "-----",
-				       caps ? caps : " = ",
-				       attr ? attr : "",
-				       addr ? addr : "",
-				       show_phdr ? get_proc_phdr(pid) : "");
-				if (verbose && wx)
-					print_executable_mappings(pid);
-			}
+			if (wx == 0 && writeexec)
+				goto next_pid;
+		}
 
-			WRAP_SYSCAP(if (caps) cap_free(caps));
+		pwd  = get_proc_passwd(pfd);
+		pax  = get_proc_status(pfd, "PAX");
+		type = get_proc_type(pfd);
+		name = get_proc_name(pfd);
+		attr = (have_attr ? get_pid_attr(pfd) : NULL);
+		addr = (have_addr ? get_pid_addr(pfd) : NULL);
 
-		next_pid:
-			continue;
+		if (pwd) {
+			if (show_uid != (uid_t)-1)
+				if (pwd->pw_uid != show_uid)
+					goto next_pid;
+
+			if (show_gid != (gid_t)-1)
+				if (pwd->pw_gid != show_gid)
+					goto next_pid;
+		}
+
+		/* this is a non-POSIX function */
+		caps = NULL;
+		WRAP_SYSCAP(capgetp(pfd, cap_d));
+		WRAP_SYSCAP(caps = cap_to_text(cap_d, &length));
+
+		if (pwd && strlen(pwd->pw_name) >= 8)
+			pwd->pw_name[8] = 0;
+
+		if (show_all || type) {
+			printf("%-8s %-6d %-6s %-4s %-10s %-16s %-4s %s %s %s\n",
+			       pwd  ? pwd->pw_name : "--------",
+			       pid,
+			       pax  ? pax  : "---",
+			       (wx == 1) ? "w|x" : (wx == -1) ? "---" : "w^x",
+			       type ? type : "-------",
+			       name ? name : "-----",
+			       caps ? caps : " = ",
+			       attr ? attr : "",
+			       addr ? addr : "",
+			       show_phdr ? get_proc_phdr(pfd) : "");
+			if (verbose && wx)
+				print_executable_mappings(pfd);
 		}
+
+		WRAP_SYSCAP(if (caps) cap_free(caps));
+
+ next_pid:
+		close(pfd);
 	}
 	closedir(dir);
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     18961bf5da982bfd7142fcd0fc150cc02dbc4b56
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 19 21:01:34 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jun 19 21:01:34 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=18961bf5

scanmacho: check stat return value

 scanmacho.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scanmacho.c b/scanmacho.c
index 5a0afd5..30ee730 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -415,7 +415,8 @@ static int scanmacho_file(const char *filename, const struct stat *st_cache)
 	if (S_ISLNK(st->st_mode)) {
 		if (!scan_symlink)
 			return 1;
-		stat(filename, &symlink_st);
+		if (stat(filename, &symlink_st))
+			return 1;
 		st = &symlink_st;
 	}
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     4c6b85b04291c96c45cdccf7cb9147f9307e3218
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 02:58:10 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 02:58:10 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4c6b85b0

paxmacho: fix mem leak when reading macho files

 paxmacho.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/paxmacho.c b/paxmacho.c
index 84aeb86..090fc18 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -247,7 +247,7 @@ fatobj *readmacho_buffer(const char *filename, char *buffer, size_t buffer_len)
 
 	/* make sure we have enough bytes to scan */
 	if (ret->len <= sizeof(struct fat_header))
-		return NULL;
+		goto fail;
 
 	fhdr = ret->data;
 	/* Check what kind of file this is.  Unfortunately we don't have
@@ -276,14 +276,14 @@ fatobj *readmacho_buffer(const char *filename, char *buffer, size_t buffer_len)
 		 * beware of corrupt files and Java bytecode which shares
 		 * the same magic with us :( */
 		if (sizeof(struct fat_arch) * narchs > bufleft)
-			return NULL;
+			goto fail;
 
 		for (i = 1; i <= narchs; i++) {
 			farch = (struct fat_arch *)dptr;
 			offset = MGET(swapped, farch->offset);
 			if (offset + sizeof(struct mach_header) >= bufleft ||
 					read_mach_header(fobj, ret->data + offset) == 0)
-				return NULL;
+				goto fail;
 			if (i < narchs) {
 				fobj = fobj->next = xzalloc(sizeof(*fobj));
 				/* filename and size are necessary for printing */
@@ -300,11 +300,15 @@ fatobj *readmacho_buffer(const char *filename, char *buffer, size_t buffer_len)
 		/* simple Mach-O file, treat as single arch FAT file */
 		if (ret->len < sizeof(struct mach_header) ||
 				read_mach_header(ret, ret->data) == 0)
-			return NULL;
+			goto fail;
 		ret->next = NULL;
 	}
 
 	return ret;
+
+ fail:
+	free(ret);
+	return NULL;
 }
 
 /* undo the readmacho() stuff */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     75ab6c592861c877e8b9b477170b46c4e8922b2a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 02:59:29 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 02:59:29 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=75ab6c59

pspax: fix file leakage when reading the command line

 pspax.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pspax.c b/pspax.c
index 67b7678..c10688f 100644
--- a/pspax.c
+++ b/pspax.c
@@ -88,6 +88,8 @@ static char *get_proc_name_cmdline(int pfd)
 		fclose(fp);
 		return NULL;
 	}
+	fclose(fp);
+
 	return (str);
 }
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     b07684452f66d01de62dc6f4052a3fa8f81b34b9
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 19 21:01:04 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jun 19 21:01:04 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b0768445

paxmacho: tweak case fall through style

This makes coverity happy by ignoring the missing break statement here.

 paxmacho.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/paxmacho.c b/paxmacho.c
index 985507d..84aeb86 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -164,6 +164,7 @@ inline static uint32_t read_mach_header(fatobj *fobj, void *addr)
 	switch (mhdr->magic) {
 		case MH_CIGAM:
 			fobj->swapped = 1;
+			/* fall through */
 		case MH_MAGIC:
 			/* 32-bits */
 			fobj->ismach64 = 0;
@@ -172,6 +173,7 @@ inline static uint32_t read_mach_header(fatobj *fobj, void *addr)
 			return mhdr->magic;
 		case MH_CIGAM_64:
 			fobj->swapped = 1;
+			/* fall through */
 		case MH_MAGIC_64:
 			/* 64-bits */
 			fobj->ismach64 = 1;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     0feba3c91ca51bc68f5ba8688c91f772d81cb0ce
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:02:15 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:02:15 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0feba3c9

paxmacho: simplify readmacho a bit

The readmacho_fd helper will already use fstat on the fd if we pass in a
length of 0, so let that work rather than do stat/open since there is a
minor race there.

 paxmacho.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/paxmacho.c b/paxmacho.c
index 090fc18..142af6e 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -189,16 +189,12 @@ inline static uint32_t read_mach_header(fatobj *fobj, void *addr)
  * arch. */
 fatobj *readmacho(const char *filename)
 {
-	struct stat st;
 	int fd;
 
-	if (stat(filename, &st) == -1)
-		return NULL;
-
 	if ((fd = open(filename, O_RDONLY)) == -1)
 		return NULL;
 
-	return readmacho_fd(filename, fd, st.st_size);
+	return readmacho_fd(filename, fd, 0);
 }
 
 fatobj *readmacho_fd(const char *filename, int fd, size_t len)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     ac373d7fa13ca22ff8db50bd147aa8ef4aeef4e3
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 02:59:49 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 02:59:49 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ac373d7f

scanelf: enable cleanup for coverity

 porting.h | 4 ++++
 scanelf.c | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/porting.h b/porting.h
index c0d5ebc..2d79f28 100644
--- a/porting.h
+++ b/porting.h
@@ -83,6 +83,10 @@
 #ifdef __SANITIZE_ADDRESS__
 # define PAX_UTILS_CLEANUP 1
 #endif
+/* Coverity catches some things we leak on purpose. */
+#ifdef __COVERITY__
+# define PAX_UTILS_CLEANUP 1
+#endif
 #ifndef PAX_UTILS_CLEANUP
 # define PAX_UTILS_CLEANUP 0
 #endif

diff --git a/scanelf.c b/scanelf.c
index 57c5156..1f3e356 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -2569,6 +2569,9 @@ static void cleanup(void)
 	free(qa_textrels);
 	free(qa_execstack);
 	free(qa_wx_load);
+
+	if (root_fd != AT_FDCWD)
+		close(root_fd);
 }
 
 int main(int argc, char *argv[])


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     f2b83d5bfd9904ad32cb6f2f5bd42fea07f8fddd
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:06:17 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:06:17 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f2b83d5b

paxelf: use fstat instead of stat && open

This fixes a minor race condition.

 paxelf.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index a353e57..5b6fe24 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -629,19 +629,19 @@ elfobj *_readelf(const char *filename, int read_only)
 	struct stat st;
 	int fd;
 
-	if (stat(filename, &st) == -1)
-		return NULL;
-
 	if ((fd = open(filename, (read_only ? O_RDONLY : O_RDWR))) == -1)
 		return NULL;
 
-	/* make sure we have enough bytes to scan e_ident */
-	if (st.st_size <= EI_NIDENT) {
-close_fd_and_return:
+	if (fstat(fd, &st) == -1) {
+ close_fd_and_return:
 		close(fd);
 		return NULL;
 	}
 
+	/* make sure we have enough bytes to scan e_ident */
+	if (st.st_size <= EI_NIDENT)
+		goto close_fd_and_return;
+
 	ret = readelf_fd(filename, fd, st.st_size);
 	if (ret == NULL)
 		goto close_fd_and_return;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     548c5db10349d6a5ee3d8dbe1da14e55655ca530
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:04:07 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:04:07 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=548c5db1

paxmacho: fix readmacho fd leakage on error

If the readmacho_fd helper returns an error for any reason,
we don't close the fd.  Add logic to handle that scenario.

 paxmacho.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/paxmacho.c b/paxmacho.c
index 142af6e..638453a 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -190,11 +190,15 @@ inline static uint32_t read_mach_header(fatobj *fobj, void *addr)
 fatobj *readmacho(const char *filename)
 {
 	int fd;
+	fatobj *ret;
 
 	if ((fd = open(filename, O_RDONLY)) == -1)
 		return NULL;
 
-	return readmacho_fd(filename, fd, 0);
+	ret = readmacho_fd(filename, fd, 0);
+	if (ret == NULL)
+		close(fd);
+	return ret;
 }
 
 fatobj *readmacho_fd(const char *filename, int fd, size_t len)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     0091a602c3f8b37b9a8a2948e92b6c7e62beb18a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:00:58 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:00:58 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0091a602

ar: make sure name is always NUL terminated

 paxinc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/paxinc.c b/paxinc.c
index 64a7f3b..bd13ec4 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -123,6 +123,7 @@ close_and_ret:
 	}
 
 	snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
+	ret.name[sizeof(ret.name) - 1] = '\0';
 	if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
 		*s = '\0';
 	ret.date = atoi(ret.buf.formatted.date);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     5000f8ea9c3519fc4e028ab050a58b1f314b2633
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:07:12 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:07:12 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5000f8ea

scanelf: use strcpy to make coverity happy

We know ret is always 7 bytes, and pax_short_hf_flags always returns 7
bytes (including a NUL terminator), so use strcpy to keep coverity from
throwing a warning about missing NUL.

 scanelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 1f3e356..42fe4c5 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -391,7 +391,7 @@ static char *scanelf_file_pax(elfobj *elf, char *found_pax)
 			*found_pax = 1;
 			return (be_wewy_wewy_quiet ? NULL : paxflags);
 		}
-		strncpy(ret, paxflags, sizeof(ret));
+		strcpy(ret, paxflags);
 	}
 
 	if (be_wewy_wewy_quiet || (be_quiet && !shown))


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:22 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:22 UTC (permalink / raw
  To: gentoo-commits

commit:     a17419af271edc0edabe79cb6c9616fafcf15bfd
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:19:40 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:19:40 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a17419af

scanelf: avoid leaking root_fd when multiple --root args are passed

 scanelf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scanelf.c b/scanelf.c
index 42fe4c5..3f33d89 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -2350,6 +2350,8 @@ static int parseargs(int argc, char *argv[])
 		case 'I': show_osabi = 1; break;
 		case 'Y': show_eabi = 1; break;
 		case 128:
+			if (root_fd != AT_FDCWD)
+				close(root_fd);
 			root_fd = open(optarg, O_RDONLY|O_CLOEXEC);
 			if (root_fd == -1)
 				err("Could not open root: %s", optarg);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  3:22 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  3:22 UTC (permalink / raw
  To: gentoo-commits

commit:     107cf9e4c69a1e5add5be2e31e3134493f0cac8a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:20:58 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:20:58 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=107cf9e4

scanelf: avoid leaking out_format when multiple --format args are passed

 scanelf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 3f33d89..7190301 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -2272,7 +2272,8 @@ static int parseargs(int argc, char *argv[])
 			xarraypush_str(find_lib_arr, optarg);
 			break;
 		case 'F': {
-			if (out_format) warn("You prob don't want to specify -F twice");
+			if (out_format)
+				free(out_format);
 			if (PAX_UTILS_CLEANUP)
 				out_format = xstrdup(optarg);
 			else


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  4:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  4:03 UTC (permalink / raw
  To: gentoo-commits

commit:     f773cce6933381a48a84638471bb2c50bfbd4f4f
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 04:01:16 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 04:01:16 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f773cce6

scanelf: fix out_format leak fix

 scanelf.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 7190301..5a765b5 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -2272,11 +2272,10 @@ static int parseargs(int argc, char *argv[])
 			xarraypush_str(find_lib_arr, optarg);
 			break;
 		case 'F': {
-			if (out_format)
+			if (PAX_UTILS_CLEANUP) {
 				free(out_format);
-			if (PAX_UTILS_CLEANUP)
 				out_format = xstrdup(optarg);
-			else
+			} else
 				out_format = optarg;
 			break;
 		}


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20  4:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20  4:03 UTC (permalink / raw
  To: gentoo-commits

commit:     2635cfd8efbbdda134c0b7ec2cd97588a01e295b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 03:59:56 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 03:59:56 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2635cfd8

porting: add O_PATH fallback too

 porting.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/porting.h b/porting.h
index 2d79f28..8f2694b 100644
--- a/porting.h
+++ b/porting.h
@@ -221,6 +221,9 @@
 #ifndef O_CLOEXEC
 # define O_CLOEXEC 0
 #endif
+#ifndef O_PATH
+# define O_PATH 0
+#endif
 
 #define __unused__ __attribute__((__unused__))
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-06-20 17:46 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-06-20 17:46 UTC (permalink / raw
  To: gentoo-commits

commit:     e73183f42ef1b3915fca02fe3da044986c4cf98b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 17:45:05 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 17:45:05 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e73183f4

ar: make sure file name is always NUL terminated

 paxinc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/paxinc.c b/paxinc.c
index bd13ec4..068aa60 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -109,9 +109,10 @@ close_and_ret:
 			if (read(ar->fd, ret.buf.formatted.name, len) != len)
 				goto close_and_ret;
 		} else {
-			s = alloca(sizeof(char) * len);
+			s = alloca(sizeof(char) * len + 1);
 			if (read(ar->fd, s, len) != len)
 				goto close_and_ret;
+			s[len] = '\0';
 		}
 	} else if (s[0] == '/' && s[1] >= '0' && s[1] <= '9') {
 		/* GNU extended filename */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-08 20:47 Mike Gilbert
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Gilbert @ 2016-11-08 20:47 UTC (permalink / raw
  To: gentoo-commits

commit:     6557b1512ebfda508345e032e09ed85789c16c98
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  8 20:37:27 2016 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Nov  8 20:39:23 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6557b151

lddtree.py: work around pyelftools API change

Section names now get returned as strings rather than bytes. See
108eaea9 upstream.

Bug: https://bugs.gentoo.org/599082

 lddtree.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lddtree.py b/lddtree.py
index 3971a9a..8480248 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -72,6 +72,8 @@ def dbg(debug, *args, **kwargs):
 
 def bstr(buf):
   """Decode the byte string into a string"""
+  if isinstance(buf, str):
+      return buf
   return buf.decode('utf-8')
 
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-12  7:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-12  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     c2604c2b909f903efd1b2c924b380e81d8459ec9
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 25 08:19:44 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 07:10:08 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c2604c2b

paxldso: switch from a static sized path buffer to dynamic

We keep the buffer around to avoid the malloc overhead between calls,
and we should really only need to grow it once or twice.  This way we
work with an sized lib path and not just the static limit.

 paxldso.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index 67f317c..61d7962 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -17,6 +17,9 @@
 static void *ldcache = NULL;
 static size_t ldcache_size = 0;
 
+static char *ldso_cache_buf = NULL;
+static size_t ldso_cache_buf_size = 0;
+
 /* Defines can be seen in glibc's sysdeps/generic/ldconfig.h */
 #define LDSO_CACHE_MAGIC "ld.so-"
 #define LDSO_CACHE_MAGIC_LEN (sizeof LDSO_CACHE_MAGIC -1)
@@ -45,8 +48,8 @@ static size_t ldcache_size = 0;
 char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 {
 	int fd;
+	char *ret = NULL;
 	char *strs;
-	static char buf[__PAX_UTILS_PATH_MAX] = "";
 	const char *cachefile = root_rel_path("/etc/ld.so.cache");
 	struct stat st;
 
@@ -92,6 +95,9 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 			ldcache = NULL;
 			return NULL;
 		}
+
+		ldso_cache_buf_size = 4096;
+		ldso_cache_buf = xrealloc(ldso_cache_buf, ldso_cache_buf_size);
 	} else
 		header = ldcache;
 
@@ -99,6 +105,9 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 	strs = (char *) &libent[header->nlibs];
 
 	for (fd = 0; fd < header->nlibs; ++fd) {
+		const char *lib;
+		size_t lib_len;
+
 		/* This should be more fine grained, but for now we assume that
 		 * diff arches will not be cached together, and we ignore the
 		 * the different multilib mips cases.
@@ -112,17 +121,26 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 			continue;
 
 		/* Return first hit because that is how the ldso rolls */
-		strncpy(buf, strs + libent[fd].liboffset, sizeof(buf));
+		lib = strs + libent[fd].liboffset;
+		lib_len = strlen(lib) + 1;
+		if (lib_len > ldso_cache_buf_size) {
+			ldso_cache_buf = xrealloc(ldso_cache_buf, ldso_cache_buf_size + 4096);
+			ldso_cache_buf_size += 4096;
+		}
+		memcpy(ldso_cache_buf, lib, lib_len);
+		ret = ldso_cache_buf;
 		break;
 	}
 
-	return buf;
+	return ret;
 }
 
 #endif
 
 static void ldso_cache_cleanup(void)
 {
+	free(ldso_cache_buf);
+
 	if (ldcache != NULL)
 		munmap(ldcache, ldcache_size);
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-12  7:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-12  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     9ae5c22341a0484319c15d12cae1a46835c48379
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 24 18:39:46 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 07:10:03 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9ae5c223

split out ld.so.cache & ld.so.conf parsing logic

These are getting a bit big & unwieldy for keeping inlined in scanelf.
Split them out to a dedicated file instead.

 Makefile    |   2 +-
 Makefile.am |   3 +
 paxinc.h    |   1 +
 paxldso.c   | 297 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 paxldso.h   |  69 ++++++++++++++
 scanelf.c   | 270 +-----------------------------------------------------
 6 files changed, 374 insertions(+), 268 deletions(-)

diff --git a/Makefile b/Makefile
index 91b1536..569e924 100644
--- a/Makefile
+++ b/Makefile
@@ -66,7 +66,7 @@ override CPPFLAGS  += -DVCSID='"$(VCSID)"'
 
 ####################################################################
 ELF_TARGETS  = scanelf dumpelf $(shell echo | $(CC) -dM -E - | grep -q __svr4__ || echo pspax)
-ELF_OBJS     = paxelf.o
+ELF_OBJS     = paxelf.o paxldso.o
 MACH_TARGETS = scanmacho
 MACH_OBJS    = paxmacho.o
 COMMON_OBJS  = paxinc.o security.o xfuncs.o

diff --git a/Makefile.am b/Makefile.am
index 0c1945a..a2c02d9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,6 +11,7 @@ libpaxutils_la_LDFLAGS = -no-undefined
 libpaxutils_la_SOURCES = \
 	paxelf.c \
 	paxinc.c \
+	paxldso.c \
 	paxmacho.c \
 	security.c \
 	xfuncs.c
@@ -81,6 +82,8 @@ EXTRA_DIST += \
 	paxelf.h \
 	paxinc.c \
 	paxinc.h \
+	paxldso.c \
+	paxldso.h \
 	paxmacho.c \
 	paxmacho.h \
 	porting.h \

diff --git a/paxinc.h b/paxinc.h
index f761b2e..82f7d1f 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -31,6 +31,7 @@
 /* ELF love */
 #include "elf.h"
 #include "paxelf.h"
+#include "paxldso.h"
 
 /* Mach-O love */
 #include "macho.h"

diff --git a/paxldso.c b/paxldso.c
new file mode 100644
index 0000000..638db77
--- /dev/null
+++ b/paxldso.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2003-2016 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
+ * Copyright 2004-2016 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+#include "paxinc.h"
+
+/*
+ * ld.so.cache logic
+ */
+
+#if PAX_LDSO_CACHE
+
+static void *ldcache = NULL;
+static size_t ldcache_size = 0;
+
+/* Defines can be seen in glibc's sysdeps/generic/ldconfig.h */
+#define LDSO_CACHE_MAGIC "ld.so-"
+#define LDSO_CACHE_MAGIC_LEN (sizeof LDSO_CACHE_MAGIC -1)
+#define LDSO_CACHE_VER "1.7.0"
+#define LDSO_CACHE_VER_LEN (sizeof LDSO_CACHE_VER -1)
+#define FLAG_ANY            -1
+#define FLAG_TYPE_MASK      0x00ff
+#define FLAG_LIBC4          0x0000
+#define FLAG_ELF            0x0001
+#define FLAG_ELF_LIBC5      0x0002
+#define FLAG_ELF_LIBC6      0x0003
+#define FLAG_REQUIRED_MASK  0xff00
+#define FLAG_SPARC_LIB64    0x0100
+#define FLAG_IA64_LIB64     0x0200
+#define FLAG_X8664_LIB64    0x0300
+#define FLAG_S390_LIB64     0x0400
+#define FLAG_POWERPC_LIB64  0x0500
+#define FLAG_MIPS64_LIBN32  0x0600
+#define FLAG_MIPS64_LIBN64  0x0700
+#define FLAG_X8664_LIBX32   0x0800
+#define FLAG_ARM_LIBHF      0x0900
+#define FLAG_AARCH64_LIB64  0x0a00
+
+#if defined(__GLIBC__) || defined(__UCLIBC__)
+
+char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
+{
+	int fd;
+	char *strs;
+	static char buf[__PAX_UTILS_PATH_MAX] = "";
+	const char *cachefile = root_rel_path("/etc/ld.so.cache");
+	struct stat st;
+
+	typedef struct {
+		char magic[LDSO_CACHE_MAGIC_LEN];
+		char version[LDSO_CACHE_VER_LEN];
+		int nlibs;
+	} header_t;
+	header_t *header;
+
+	typedef struct {
+		int flags;
+		int sooffset;
+		int liboffset;
+	} libentry_t;
+	libentry_t *libent;
+
+	if (fname == NULL)
+		return NULL;
+
+	if (ldcache == NULL) {
+		if (fstatat(root_fd, cachefile, &st, 0))
+			return NULL;
+
+		fd = openat(root_fd, cachefile, O_RDONLY);
+		if (fd == -1)
+			return NULL;
+
+		/* cache these values so we only map/unmap the cache file once */
+		ldcache_size = st.st_size;
+		header = ldcache = mmap(0, ldcache_size, PROT_READ, MAP_SHARED, fd, 0);
+		close(fd);
+
+		if (ldcache == MAP_FAILED) {
+			ldcache = NULL;
+			return NULL;
+		}
+
+		if (memcmp(header->magic, LDSO_CACHE_MAGIC, LDSO_CACHE_MAGIC_LEN) ||
+		    memcmp(header->version, LDSO_CACHE_VER, LDSO_CACHE_VER_LEN))
+		{
+			munmap(ldcache, ldcache_size);
+			ldcache = NULL;
+			return NULL;
+		}
+	} else
+		header = ldcache;
+
+	libent = ldcache + sizeof(header_t);
+	strs = (char *) &libent[header->nlibs];
+
+	for (fd = 0; fd < header->nlibs; ++fd) {
+		/* This should be more fine grained, but for now we assume that
+		 * diff arches will not be cached together, and we ignore the
+		 * the different multilib mips cases.
+		 */
+		if (elf->elf_class == ELFCLASS64 && !(libent[fd].flags & FLAG_REQUIRED_MASK))
+			continue;
+		if (elf->elf_class == ELFCLASS32 && (libent[fd].flags & FLAG_REQUIRED_MASK))
+			continue;
+
+		if (strcmp(fname, strs + libent[fd].sooffset) != 0)
+			continue;
+
+		/* Return first hit because that is how the ldso rolls */
+		strncpy(buf, strs + libent[fd].liboffset, sizeof(buf));
+		break;
+	}
+
+	return buf;
+}
+
+#elif defined(__NetBSD__)
+
+char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
+{
+	static char buf[__PAX_UTILS_PATH_MAX] = "";
+	static struct stat st;
+	size_t n;
+	char *ldpath;
+
+	array_for_each(ldpath, n, ldpath) {
+		if ((unsigned) snprintf(buf, sizeof(buf), "%s/%s", ldpath, fname) >= sizeof(buf))
+			continue; /* if the pathname is too long, or something went wrong, ignore */
+
+		if (stat(buf, &st) != 0)
+			continue; /* if the lib doesn't exist in *ldpath, look further */
+
+		/* NetBSD doesn't actually do sanity checks, it just loads the file
+		 * and if that doesn't work, continues looking in other directories.
+		 * This cannot easily be safely emulated, unfortunately. For now,
+		 * just assume that if it exists, it's a valid library. */
+
+		return buf;
+	}
+
+	/* not found in any path */
+	return NULL;
+}
+
+#endif
+
+static void ldso_cache_cleanup(void)
+{
+	if (ldcache != NULL)
+		munmap(ldcache, ldcache_size);
+}
+
+#else
+# define ldso_cache_cleanup()
+#endif /* PAX_LDSO_CACHE */
+
+/*
+ * ld.so.conf logic
+ */
+
+#if PAX_LDSO_CONFIG
+
+static array_t _ldpaths = array_init_decl;
+array_t *ldpaths = &_ldpaths;
+
+#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
+
+int ldso_config_load(const char *fname)
+{
+	FILE *fp = NULL;
+	char *p, *path;
+	size_t len;
+	int curr_fd = -1;
+
+	fp = fopenat_r(root_fd, root_rel_path(fname));
+	if (fp == NULL)
+		return -1;
+
+	path = NULL;
+	len = 0;
+	while (getline(&path, &len, fp) != -1) {
+		if ((p = strrchr(path, '\r')) != NULL)
+			*p = 0;
+		if ((p = strchr(path, '\n')) != NULL)
+			*p = 0;
+
+		/* recursive includes of the same file will make this segfault. */
+		if ((memcmp(path, "include", 7) == 0) && isblank(path[7])) {
+			glob_t gl;
+			size_t x;
+			const char *gpath;
+
+			/* re-use existing path buffer ... need to be creative */
+			if (path[8] != '/')
+				gpath = memcpy(path + 3, "/etc/", 5);
+			else
+				gpath = path + 8;
+			if (root_fd != AT_FDCWD) {
+				if (curr_fd == -1) {
+					curr_fd = open(".", O_RDONLY|O_CLOEXEC);
+					if (fchdir(root_fd))
+						errp("unable to change to root dir");
+				}
+				gpath = root_rel_path(gpath);
+			}
+
+			if (glob(gpath, 0, NULL, &gl) == 0) {
+				for (x = 0; x < gl.gl_pathc; ++x) {
+					/* try to avoid direct loops */
+					if (strcmp(gl.gl_pathv[x], fname) == 0)
+						continue;
+					ldso_config_load(gl.gl_pathv[x]);
+				}
+				globfree(&gl);
+			}
+
+			/* failed globs are ignored by glibc */
+			continue;
+		}
+
+		if (*path != '/')
+			continue;
+
+		xarraypush_str(ldpaths, path);
+	}
+	free(path);
+
+	fclose(fp);
+
+	if (curr_fd != -1) {
+		if (fchdir(curr_fd))
+			{/* don't care */}
+		close(curr_fd);
+	}
+
+	return 0;
+}
+
+#elif defined(__FreeBSD__) || defined(__DragonFly__)
+
+int ldso_config_load(const char *fname)
+{
+	FILE *fp = NULL;
+	char *b = NULL, *p;
+	struct elfhints_hdr hdr;
+
+	fp = fopenat_r(root_fd, root_rel_path(fname));
+	if (fp == NULL)
+		return -1;
+
+	if (fread(&hdr, 1, sizeof(hdr), fp) != sizeof(hdr) ||
+	    hdr.magic != ELFHINTS_MAGIC || hdr.version != 1 ||
+	    fseek(fp, hdr.strtab + hdr.dirlist, SEEK_SET) == -1)
+	{
+		fclose(fp);
+		return -1;
+	}
+
+	b = xmalloc(hdr.dirlistlen + 1);
+	if (fread(b, 1, hdr.dirlistlen+1, fp) != hdr.dirlistlen+1) {
+		fclose(fp);
+		free(b);
+		return -1;
+	}
+
+	while ((p = strsep(&b, ":"))) {
+		if (*p == '\0')
+			continue;
+		xarraypush_str(ldpaths, p);
+	}
+
+	free(b);
+	fclose(fp);
+	return 0;
+}
+
+#endif
+
+static void ldso_config_cleanup(void)
+{
+	xarrayfree(ldpaths);
+}
+
+#else
+# define ldso_config_cleanup()
+#endif /* PAX_LDSO_CONFIG */
+
+void paxldso_cleanup(void)
+{
+	ldso_cache_cleanup();
+	ldso_config_cleanup();
+}

diff --git a/paxldso.h b/paxldso.h
new file mode 100644
index 0000000..2fdc540
--- /dev/null
+++ b/paxldso.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003-2016 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
+ * Copyright 2004-2016 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+#ifndef _PAX_LDSO_H
+#define _PAX_LDSO_H
+
+/*
+ * ld.so.cache logic
+ */
+
+#if !defined(__GLIBC__) && \
+    !defined(__UCLIBC__) && \
+    !defined(__NetBSD__)
+# ifdef __ELF__
+#  warning Cache support not implemented for your target
+# endif
+# define PAX_LDSO_CACHE 0
+#else
+# define PAX_LDSO_CACHE 1
+#endif
+
+#if PAX_LDSO_CACHE
+extern char *ldso_cache_lookup_lib(elfobj *elf, const char *fname);
+#else
+static inline char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
+{
+	return NULL;
+}
+#endif
+
+/*
+ * ld.so.conf logic
+ */
+
+#if !defined(__GLIBC__) && \
+    !defined(__UCLIBC__) && \
+    !defined(__NetBSD__) && \
+    !defined(__FreeBSD__) && \
+    !defined(__DragonFly__)
+# ifdef __ELF__
+#  warning Cache config support not implemented for your target
+# endif
+# define PAX_LDSO_CONFIG 0
+#else
+# define PAX_LDSO_CONFIG 1
+#endif
+
+#if PAX_LDSO_CONFIG
+extern array_t *ldpaths;
+extern int ldso_config_load(const char *fname);
+#else
+static inline int ldso_config_load(const char *fname)
+{
+	return 0;
+}
+#endif
+
+#if PAX_LDSO_CACHE || PAX_LDSO_CONFIG
+extern void paxldso_cleanup(void);
+#else
+# define paxldso_cleanup()
+#endif
+
+#endif

diff --git a/scanelf.c b/scanelf.c
index 89c9695..171093a 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -17,7 +17,6 @@ static int file_matches_list(const char *filename, char **matchlist);
 
 /* variables to control behavior */
 static array_t _match_etypes = array_init_decl, *match_etypes = &_match_etypes;
-static array_t _ldpaths = array_init_decl, *ldpaths = &_ldpaths;
 static char scan_ldpath = 0;
 static char scan_envpath = 0;
 static char scan_symlink = 1;
@@ -63,8 +62,6 @@ static char **qa_wx_load = NULL;
 
 static int match_bits = 0;
 static unsigned int match_perms = 0;
-static void *ldcache = NULL;
-static size_t ldcache_size = 0;
 static unsigned long setpax = 0UL;
 
 static const char *objdump;
@@ -833,144 +830,6 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 		xstrcat(ret, "  -  ", ret_len);
 }
 
-/* Defines can be seen in glibc's sysdeps/generic/ldconfig.h */
-#define LDSO_CACHE_MAGIC "ld.so-"
-#define LDSO_CACHE_MAGIC_LEN (sizeof LDSO_CACHE_MAGIC -1)
-#define LDSO_CACHE_VER "1.7.0"
-#define LDSO_CACHE_VER_LEN (sizeof LDSO_CACHE_VER -1)
-#define FLAG_ANY            -1
-#define FLAG_TYPE_MASK      0x00ff
-#define FLAG_LIBC4          0x0000
-#define FLAG_ELF            0x0001
-#define FLAG_ELF_LIBC5      0x0002
-#define FLAG_ELF_LIBC6      0x0003
-#define FLAG_REQUIRED_MASK  0xff00
-#define FLAG_SPARC_LIB64    0x0100
-#define FLAG_IA64_LIB64     0x0200
-#define FLAG_X8664_LIB64    0x0300
-#define FLAG_S390_LIB64     0x0400
-#define FLAG_POWERPC_LIB64  0x0500
-#define FLAG_MIPS64_LIBN32  0x0600
-#define FLAG_MIPS64_LIBN64  0x0700
-#define FLAG_X8664_LIBX32   0x0800
-#define FLAG_ARM_LIBHF      0x0900
-#define FLAG_AARCH64_LIB64  0x0a00
-
-#if defined(__GLIBC__) || defined(__UCLIBC__)
-
-static char *lookup_cache_lib(elfobj *elf, const char *fname)
-{
-	int fd;
-	char *strs;
-	static char buf[__PAX_UTILS_PATH_MAX] = "";
-	const char *cachefile = root_rel_path("/etc/ld.so.cache");
-	struct stat st;
-
-	typedef struct {
-		char magic[LDSO_CACHE_MAGIC_LEN];
-		char version[LDSO_CACHE_VER_LEN];
-		int nlibs;
-	} header_t;
-	header_t *header;
-
-	typedef struct {
-		int flags;
-		int sooffset;
-		int liboffset;
-	} libentry_t;
-	libentry_t *libent;
-
-	if (fname == NULL)
-		return NULL;
-
-	if (ldcache == NULL) {
-		if (fstatat(root_fd, cachefile, &st, 0))
-			return NULL;
-
-		fd = openat(root_fd, cachefile, O_RDONLY);
-		if (fd == -1)
-			return NULL;
-
-		/* cache these values so we only map/unmap the cache file once */
-		ldcache_size = st.st_size;
-		header = ldcache = mmap(0, ldcache_size, PROT_READ, MAP_SHARED, fd, 0);
-		close(fd);
-
-		if (ldcache == MAP_FAILED) {
-			ldcache = NULL;
-			return NULL;
-		}
-
-		if (memcmp(header->magic, LDSO_CACHE_MAGIC, LDSO_CACHE_MAGIC_LEN) ||
-		    memcmp(header->version, LDSO_CACHE_VER, LDSO_CACHE_VER_LEN))
-		{
-			munmap(ldcache, ldcache_size);
-			ldcache = NULL;
-			return NULL;
-		}
-	} else
-		header = ldcache;
-
-	libent = ldcache + sizeof(header_t);
-	strs = (char *) &libent[header->nlibs];
-
-	for (fd = 0; fd < header->nlibs; ++fd) {
-		/* This should be more fine grained, but for now we assume that
-		 * diff arches will not be cached together, and we ignore the
-		 * the different multilib mips cases.
-		 */
-		if (elf->elf_class == ELFCLASS64 && !(libent[fd].flags & FLAG_REQUIRED_MASK))
-			continue;
-		if (elf->elf_class == ELFCLASS32 && (libent[fd].flags & FLAG_REQUIRED_MASK))
-			continue;
-
-		if (strcmp(fname, strs + libent[fd].sooffset) != 0)
-			continue;
-
-		/* Return first hit because that is how the ldso rolls */
-		strncpy(buf, strs + libent[fd].liboffset, sizeof(buf));
-		break;
-	}
-
-	return buf;
-}
-
-#elif defined(__NetBSD__)
-static char *lookup_cache_lib(elfobj *elf, const char *fname)
-{
-	static char buf[__PAX_UTILS_PATH_MAX] = "";
-	static struct stat st;
-	size_t n;
-	char *ldpath;
-
-	array_for_each(ldpath, n, ldpath) {
-		if ((unsigned) snprintf(buf, sizeof(buf), "%s/%s", ldpath, fname) >= sizeof(buf))
-			continue; /* if the pathname is too long, or something went wrong, ignore */
-
-		if (stat(buf, &st) != 0)
-			continue; /* if the lib doesn't exist in *ldpath, look further */
-
-		/* NetBSD doesn't actually do sanity checks, it just loads the file
-		 * and if that doesn't work, continues looking in other directories.
-		 * This cannot easily be safely emulated, unfortunately. For now,
-		 * just assume that if it exists, it's a valid library. */
-
-		return buf;
-	}
-
-	/* not found in any path */
-	return NULL;
-}
-#else
-#ifdef __ELF__
-#warning Cache support not implemented for your target
-#endif
-static char *lookup_cache_lib(elfobj *elf, const char *fname)
-{
-	return NULL;
-}
-#endif
-
 static char *lookup_config_lib(const char *fname)
 {
 	static char buf[__PAX_UTILS_PATH_MAX] = "";
@@ -1036,7 +895,7 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 								if ((p = lookup_config_lib(needed)) != NULL) \
 									needed = p; \
 							} else if (use_ldcache) { \
-								if ((p = lookup_cache_lib(elf, needed)) != NULL) \
+								if ((p = ldso_cache_lookup_lib(elf, needed)) != NULL) \
 									needed = p; \
 							} \
 							xstrcat(ret, needed, ret_len); \
@@ -1865,134 +1724,13 @@ static int scanelf_from_file(const char *filename)
 	return ret;
 }
 
-#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
-
-static int _load_ld_cache_config(const char *fname)
-{
-	FILE *fp = NULL;
-	char *p, *path;
-	size_t len;
-	int curr_fd = -1;
-
-	fp = fopenat_r(root_fd, root_rel_path(fname));
-	if (fp == NULL)
-		return -1;
-
-	path = NULL;
-	len = 0;
-	while (getline(&path, &len, fp) != -1) {
-		if ((p = strrchr(path, '\r')) != NULL)
-			*p = 0;
-		if ((p = strchr(path, '\n')) != NULL)
-			*p = 0;
-
-		/* recursive includes of the same file will make this segfault. */
-		if ((memcmp(path, "include", 7) == 0) && isblank(path[7])) {
-			glob_t gl;
-			size_t x;
-			const char *gpath;
-
-			/* re-use existing path buffer ... need to be creative */
-			if (path[8] != '/')
-				gpath = memcpy(path + 3, "/etc/", 5);
-			else
-				gpath = path + 8;
-			if (root_fd != AT_FDCWD) {
-				if (curr_fd == -1) {
-					curr_fd = open(".", O_RDONLY|O_CLOEXEC);
-					if (fchdir(root_fd))
-						errp("unable to change to root dir");
-				}
-				gpath = root_rel_path(gpath);
-			}
-
-			if (glob(gpath, 0, NULL, &gl) == 0) {
-				for (x = 0; x < gl.gl_pathc; ++x) {
-					/* try to avoid direct loops */
-					if (strcmp(gl.gl_pathv[x], fname) == 0)
-						continue;
-					_load_ld_cache_config(gl.gl_pathv[x]);
-				}
-				globfree(&gl);
-			}
-
-			/* failed globs are ignored by glibc */
-			continue;
-		}
-
-		if (*path != '/')
-			continue;
-
-		xarraypush_str(ldpaths, path);
-	}
-	free(path);
-
-	fclose(fp);
-
-	if (curr_fd != -1) {
-		if (fchdir(curr_fd))
-			{/* don't care */}
-		close(curr_fd);
-	}
-
-	return 0;
-}
-
-#elif defined(__FreeBSD__) || defined(__DragonFly__)
-
-static int _load_ld_cache_config(const char *fname)
-{
-	FILE *fp = NULL;
-	char *b = NULL, *p;
-	struct elfhints_hdr hdr;
-
-	fp = fopenat_r(root_fd, root_rel_path(fname));
-	if (fp == NULL)
-		return -1;
-
-	if (fread(&hdr, 1, sizeof(hdr), fp) != sizeof(hdr) ||
-	    hdr.magic != ELFHINTS_MAGIC || hdr.version != 1 ||
-	    fseek(fp, hdr.strtab + hdr.dirlist, SEEK_SET) == -1)
-	{
-		fclose(fp);
-		return -1;
-	}
-
-	b = xmalloc(hdr.dirlistlen + 1);
-	if (fread(b, 1, hdr.dirlistlen+1, fp) != hdr.dirlistlen+1) {
-		fclose(fp);
-		free(b);
-		return -1;
-	}
-
-	while ((p = strsep(&b, ":"))) {
-		if (*p == '\0')
-			continue;
-		xarraypush_str(ldpaths, p);
-	}
-
-	free(b);
-	fclose(fp);
-	return 0;
-}
-
-#else
-#ifdef __ELF__
-#warning Cache config support not implemented for your target
-#endif
-static int _load_ld_cache_config(const char *fname)
-{
-	return 0;
-}
-#endif
-
 static void load_ld_cache_config(const char *fname)
 {
 	bool scan_l, scan_ul, scan_ull;
 	size_t n;
 	const char *ldpath;
 
-	_load_ld_cache_config(fname);
+	ldso_config_load(fname);
 
 	scan_l = scan_ul = scan_ull = false;
 	array_for_each(ldpaths, n, ldpath) {
@@ -2469,7 +2207,6 @@ static int parseargs(int argc, char *argv[])
 
 	if (PAX_UTILS_CLEANUP) {
 		/* clean up */
-		xarrayfree(ldpaths);
 		xarrayfree(find_sym_arr);
 		xarrayfree(find_lib_arr);
 		xarrayfree(find_section_arr);
@@ -2484,8 +2221,7 @@ static int parseargs(int argc, char *argv[])
 			xarrayfree(find_sym_regex_arr);
 		}
 
-		if (ldcache != 0)
-			munmap(ldcache, ldcache_size);
+		paxldso_cleanup();
 	}
 
 	return ret;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-12  7:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-12  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     c9842726b9464772147fe5f5e9e7f912f36f4a8a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 25 08:27:27 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 07:10:09 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c9842726

paxldso: clean up local vars & types a bit

Use the same types (unsigned-vs-signed) as glibc's cache code, and move
relevant variables down into the scope where they're used rather than
putting all of them in the top func scope.

Should be no real functional changes here.

 paxldso.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index 61d7962..5ea0bfc 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -47,23 +47,21 @@ static size_t ldso_cache_buf_size = 0;
 
 char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 {
-	int fd;
+	unsigned int nlib;
 	char *ret = NULL;
 	char *strs;
-	const char *cachefile = root_rel_path("/etc/ld.so.cache");
-	struct stat st;
 
 	typedef struct {
 		char magic[LDSO_CACHE_MAGIC_LEN];
 		char version[LDSO_CACHE_VER_LEN];
-		int nlibs;
+		unsigned int nlibs;
 	} header_t;
 	header_t *header;
 
 	typedef struct {
 		int flags;
-		int sooffset;
-		int liboffset;
+		unsigned int sooffset;
+		unsigned int liboffset;
 	} libentry_t;
 	libentry_t *libent;
 
@@ -71,6 +69,10 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 		return NULL;
 
 	if (ldcache == NULL) {
+		int fd;
+		const char *cachefile = root_rel_path("/etc/ld.so.cache");
+		struct stat st;
+
 		if (fstatat(root_fd, cachefile, &st, 0))
 			return NULL;
 
@@ -104,7 +106,7 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 	libent = ldcache + sizeof(header_t);
 	strs = (char *) &libent[header->nlibs];
 
-	for (fd = 0; fd < header->nlibs; ++fd) {
+	for (nlib = 0; nlib < header->nlibs; ++nlib) {
 		const char *lib;
 		size_t lib_len;
 
@@ -112,16 +114,16 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 		 * diff arches will not be cached together, and we ignore the
 		 * the different multilib mips cases.
 		 */
-		if (elf->elf_class == ELFCLASS64 && !(libent[fd].flags & FLAG_REQUIRED_MASK))
+		if (elf->elf_class == ELFCLASS64 && !(libent[nlib].flags & FLAG_REQUIRED_MASK))
 			continue;
-		if (elf->elf_class == ELFCLASS32 && (libent[fd].flags & FLAG_REQUIRED_MASK))
+		if (elf->elf_class == ELFCLASS32 && (libent[nlib].flags & FLAG_REQUIRED_MASK))
 			continue;
 
-		if (strcmp(fname, strs + libent[fd].sooffset) != 0)
+		if (strcmp(fname, strs + libent[nlib].sooffset) != 0)
 			continue;
 
 		/* Return first hit because that is how the ldso rolls */
-		lib = strs + libent[fd].liboffset;
+		lib = strs + libent[nlib].liboffset;
 		lib_len = strlen(lib) + 1;
 		if (lib_len > ldso_cache_buf_size) {
 			ldso_cache_buf = xrealloc(ldso_cache_buf, ldso_cache_buf_size + 4096);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-12  7:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-12  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     02ab226f7ff6bcc4a5943c1c7e5aef3ccebc33e3
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 25 08:17:58 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 07:10:04 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=02ab226f

paxldso: delete netbsd cache logic

This doesn't actually parse the cache file, it walks the registered
ld.so.conf paths.  Since common code takes care of that via with the
--use-ldpaths option, delete the duplicate ldpath logic.

 paxldso.c | 28 ----------------------------
 paxldso.h |  3 +--
 2 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index 638db77..67f317c 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -119,34 +119,6 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 	return buf;
 }
 
-#elif defined(__NetBSD__)
-
-char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
-{
-	static char buf[__PAX_UTILS_PATH_MAX] = "";
-	static struct stat st;
-	size_t n;
-	char *ldpath;
-
-	array_for_each(ldpath, n, ldpath) {
-		if ((unsigned) snprintf(buf, sizeof(buf), "%s/%s", ldpath, fname) >= sizeof(buf))
-			continue; /* if the pathname is too long, or something went wrong, ignore */
-
-		if (stat(buf, &st) != 0)
-			continue; /* if the lib doesn't exist in *ldpath, look further */
-
-		/* NetBSD doesn't actually do sanity checks, it just loads the file
-		 * and if that doesn't work, continues looking in other directories.
-		 * This cannot easily be safely emulated, unfortunately. For now,
-		 * just assume that if it exists, it's a valid library. */
-
-		return buf;
-	}
-
-	/* not found in any path */
-	return NULL;
-}
-
 #endif
 
 static void ldso_cache_cleanup(void)

diff --git a/paxldso.h b/paxldso.h
index 2fdc540..bbf8852 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -14,8 +14,7 @@
  */
 
 #if !defined(__GLIBC__) && \
-    !defined(__UCLIBC__) && \
-    !defined(__NetBSD__)
+    !defined(__UCLIBC__)
 # ifdef __ELF__
 #  warning Cache support not implemented for your target
 # endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-12  7:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-12  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     e21ad3cd0055f90cc01f43d7a7357d1fabdbc5fa
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 24 18:38:53 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 07:10:03 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e21ad3cd

split out fs related helper funcs as lib code

This way we can use the funcs in other modules.  It makes scanelf
a little bigger (~1k), but shouldn't be a big deal overall.

 paxinc.c  | 31 +++++++++++++++++++++++++++++++
 paxinc.h  |  5 +++++
 scanelf.c | 29 -----------------------------
 3 files changed, 36 insertions(+), 29 deletions(-)

diff --git a/paxinc.c b/paxinc.c
index 068aa60..64a3069 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -167,3 +167,34 @@ void color_init(bool disable)
 	if (disable)
 		NORM = RED = YELLOW = "";
 }
+
+/* File system helpers. */
+int root_fd = AT_FDCWD;
+
+FILE *fopenat_r(int dir_fd, const char *path)
+{
+	int fd = openat(dir_fd, path, O_RDONLY|O_CLOEXEC);
+	if (fd == -1)
+		return NULL;
+	return fdopen(fd, "re");
+}
+
+const char *root_rel_path(const char *path)
+{
+	/*
+	 * openat() will ignore the dirfd if path starts with
+	 * a /, so consume all of that noise
+	 *
+	 * XXX: we don't handle relative paths like ../ that
+	 * break out of the --root option, but for now, just
+	 * don't do that :P.
+	 */
+	if (root_fd != AT_FDCWD) {
+		while (*path == '/')
+			++path;
+		if (*path == '\0')
+			path = ".";
+	}
+
+	return path;
+}

diff --git a/paxinc.h b/paxinc.h
index e687b3a..f761b2e 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -123,4 +123,9 @@ extern const char argv0[];
 #define errf(fmt, args...) _err(warnf, fmt, ## args)
 #define errp(fmt, args...) _err(warnp, fmt , ## args)
 
+/* File system helper functions. */
+extern int root_fd;
+FILE *fopenat_r(int dir_fd, const char *path);
+const char *root_rel_path(const char *path);
+
 #endif /* _PAX_INC_H */

diff --git a/scanelf.c b/scanelf.c
index 5a765b5..89c9695 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -60,7 +60,6 @@ static char use_ldpath = 0;
 static char **qa_textrels = NULL;
 static char **qa_execstack = NULL;
 static char **qa_wx_load = NULL;
-static int root_fd = AT_FDCWD;
 
 static int match_bits = 0;
 static unsigned int match_perms = 0;
@@ -131,34 +130,6 @@ static const char *which(const char *fname, const char *envvar)
 	return NULL;
 }
 
-static FILE *fopenat_r(int dir_fd, const char *path)
-{
-	int fd = openat(dir_fd, path, O_RDONLY|O_CLOEXEC);
-	if (fd == -1)
-		return NULL;
-	return fdopen(fd, "re");
-}
-
-static const char *root_rel_path(const char *path)
-{
-	/*
-	 * openat() will ignore the dirfd if path starts with
-	 * a /, so consume all of that noise
-	 *
-	 * XXX: we don't handle relative paths like ../ that
-	 * break out of the --root option, but for now, just
-	 * don't do that :P.
-	 */
-	if (root_fd != AT_FDCWD) {
-		while (*path == '/')
-			++path;
-		if (*path == '\0')
-			path = ".";
-	}
-
-	return path;
-}
-
 /* sub-funcs for scanelf_fileat() */
 static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 {


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-12  7:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-12  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     e20faa493f9dd326f7bc0fbf2c0abe1a4fdae0e4
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 27 04:47:39 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 07:10:13 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e20faa49

paxldso: properly decode the flags bits in the cache

This fixes handling of multiple ABIs for a single arch like x86/x86_64/x32
or mips o32/n32/n64.  It also fixes decoding of arm float libs.

 paxldso.c | 148 +++++++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 114 insertions(+), 34 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index 5ea0bfc..2227387 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -20,30 +20,121 @@ static size_t ldcache_size = 0;
 static char *ldso_cache_buf = NULL;
 static size_t ldso_cache_buf_size = 0;
 
+#if defined(__GLIBC__) || defined(__UCLIBC__)
+
 /* Defines can be seen in glibc's sysdeps/generic/ldconfig.h */
-#define LDSO_CACHE_MAGIC "ld.so-"
-#define LDSO_CACHE_MAGIC_LEN (sizeof LDSO_CACHE_MAGIC -1)
-#define LDSO_CACHE_VER "1.7.0"
-#define LDSO_CACHE_VER_LEN (sizeof LDSO_CACHE_VER -1)
-#define FLAG_ANY            -1
-#define FLAG_TYPE_MASK      0x00ff
-#define FLAG_LIBC4          0x0000
-#define FLAG_ELF            0x0001
-#define FLAG_ELF_LIBC5      0x0002
-#define FLAG_ELF_LIBC6      0x0003
-#define FLAG_REQUIRED_MASK  0xff00
-#define FLAG_SPARC_LIB64    0x0100
-#define FLAG_IA64_LIB64     0x0200
-#define FLAG_X8664_LIB64    0x0300
-#define FLAG_S390_LIB64     0x0400
-#define FLAG_POWERPC_LIB64  0x0500
-#define FLAG_MIPS64_LIBN32  0x0600
-#define FLAG_MIPS64_LIBN64  0x0700
-#define FLAG_X8664_LIBX32   0x0800
-#define FLAG_ARM_LIBHF      0x0900
-#define FLAG_AARCH64_LIB64  0x0a00
+#define LDSO_CACHE_MAGIC             "ld.so-"
+#define LDSO_CACHE_MAGIC_LEN         (sizeof LDSO_CACHE_MAGIC -1)
+#define LDSO_CACHE_VER               "1.7.0"
+#define LDSO_CACHE_VER_LEN           (sizeof LDSO_CACHE_VER -1)
+#define FLAG_ANY                     -1
+#define FLAG_TYPE_MASK               0x00ff
+#define FLAG_LIBC4                   0x0000
+#define FLAG_ELF                     0x0001
+#define FLAG_ELF_LIBC5               0x0002
+#define FLAG_ELF_LIBC6               0x0003
+#define FLAG_REQUIRED_MASK           0xff00
+#define FLAG_SPARC_LIB64             0x0100
+#define FLAG_IA64_LIB64              0x0200
+#define FLAG_X8664_LIB64             0x0300
+#define FLAG_S390_LIB64              0x0400
+#define FLAG_POWERPC_LIB64           0x0500
+#define FLAG_MIPS64_LIBN32           0x0600
+#define FLAG_MIPS64_LIBN64           0x0700
+#define FLAG_X8664_LIBX32            0x0800
+#define FLAG_ARM_LIBHF               0x0900
+#define FLAG_AARCH64_LIB64           0x0a00
+#define FLAG_ARM_LIBSF               0x0b00
+#define FLAG_MIPS_LIB32_NAN2008      0x0c00
+#define FLAG_MIPS64_LIBN32_NAN2008   0x0d00
+#define FLAG_MIPS64_LIBN64_NAN2008   0x0e00
+
+typedef struct {
+	int flags;
+	unsigned int sooffset;
+	unsigned int liboffset;
+} libentry_t;
+
+static bool is_compatible(elfobj *elf, libentry_t *libent)
+{
+	int flags = libent->flags & FLAG_REQUIRED_MASK;
+
+	/* We assume that ((flags & FLAG_TYPE_MASK) == FLAG_ELF_LIBC6)
+	 * since anything older is very very old and no one cares.
+	 *
+	 * Otherwise we really only need to check here for cases where
+	 * an arch has more than one ABI per bitsize (e.g. x86, x32, and
+	 * x86_64).  The default case should be fine otherwise.
+	 */
+
+	if (elf->elf_class == ELFCLASS32) {
+		Elf32_Ehdr *ehdr = EHDR32(elf->ehdr);
+
+		switch (EGET(ehdr->e_machine)) {
+		case EM_AARCH64:
+			break;
+		case EM_ARM:
+			if ((flags == FLAG_ARM_LIBHF && (ehdr->e_flags & EF_ARM_ABI_FLOAT_HARD)) ||
+			    (flags == FLAG_ARM_LIBSF && (ehdr->e_flags & EF_ARM_ABI_FLOAT_SOFT)) ||
+			    (flags == 0 && !(ehdr->e_flags & (EF_ARM_ABI_FLOAT_HARD | EF_ARM_ABI_FLOAT_SOFT))))
+				return true;
+			break;
+		case EM_IA_64:
+			break;
+		case EM_MIPS: {
+			int ef_flags = (ehdr->e_flags & (EF_MIPS_ABI2 | EF_MIPS_NAN2008));
+			if ((flags == 0 && ef_flags == 0) ||
+			    (flags == FLAG_MIPS64_LIBN32 && ef_flags == EF_MIPS_ABI2) ||
+			    (flags == FLAG_MIPS_LIB32_NAN2008 && ef_flags == EF_MIPS_NAN2008) ||
+			    (flags == FLAG_MIPS64_LIBN32_NAN2008 && ef_flags == (EF_MIPS_ABI2 | EF_MIPS_NAN2008)))
+				return true;
+			break;
+		}
+		case EM_X86_64:
+			if (flags == FLAG_X8664_LIBX32)
+				return true;
+			break;
+		default:
+			/* A sane enough default. */
+			if (flags == 0)
+				return true;
+			break;
+		}
+	} else {
+		Elf64_Ehdr *ehdr = EHDR64(elf->ehdr);
+
+		switch (EGET(ehdr->e_machine)) {
+		case EM_AARCH64:
+			if (flags == FLAG_AARCH64_LIB64)
+				return true;
+			break;
+		case EM_ARM:
+			break;
+		case EM_IA_64:
+			if (flags == FLAG_IA64_LIB64)
+				return true;
+			break;
+		case EM_MIPS: {
+			int ef_flags = (ehdr->e_flags & EF_MIPS_NAN2008);
+			if ((flags == FLAG_MIPS64_LIBN64 && ef_flags == 0) ||
+			    (flags == FLAG_MIPS64_LIBN64_NAN2008 && ef_flags == EF_MIPS_NAN2008))
+				return true;
+			break;
+		}
+		case EM_X86_64:
+			if (flags == FLAG_X8664_LIB64)
+				return true;
+			break;
+		default:
+			/* A sane enough default. */
+			if (flags != 0)
+				return true;
+			break;
+		}
+	}
 
-#if defined(__GLIBC__) || defined(__UCLIBC__)
+	return false;
+}
 
 char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 {
@@ -58,11 +149,6 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 	} header_t;
 	header_t *header;
 
-	typedef struct {
-		int flags;
-		unsigned int sooffset;
-		unsigned int liboffset;
-	} libentry_t;
 	libentry_t *libent;
 
 	if (fname == NULL)
@@ -110,13 +196,7 @@ char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 		const char *lib;
 		size_t lib_len;
 
-		/* This should be more fine grained, but for now we assume that
-		 * diff arches will not be cached together, and we ignore the
-		 * the different multilib mips cases.
-		 */
-		if (elf->elf_class == ELFCLASS64 && !(libent[nlib].flags & FLAG_REQUIRED_MASK))
-			continue;
-		if (elf->elf_class == ELFCLASS32 && (libent[nlib].flags & FLAG_REQUIRED_MASK))
+		if (!is_compatible(elf, &libent[nlib]))
 			continue;
 
 		if (strcmp(fname, strs + libent[nlib].sooffset) != 0)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-14 14:57 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-14 14:57 UTC (permalink / raw
  To: gentoo-commits

commit:     abd7ee6dce8fe692897ac9201301c7c2038cecf6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 14 14:57:01 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Nov 14 14:57:01 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=abd7ee6d

paxldso: fix building when ldso support is disabled

 paxldso.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/paxldso.c b/paxldso.c
index 2227387..93eaf97 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -362,8 +362,10 @@ static void ldso_config_cleanup(void)
 # define ldso_config_cleanup()
 #endif /* PAX_LDSO_CONFIG */
 
+#ifndef paxldso_cleanup
 void paxldso_cleanup(void)
 {
 	ldso_cache_cleanup();
 	ldso_config_cleanup();
 }
+#endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-15  4:02 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-15  4:02 UTC (permalink / raw
  To: gentoo-commits

commit:     061efe12b5e1f15341b30088588513e1855eab77
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 04:02:34 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 04:02:34 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=061efe12

paxldso: fix unused arg warnings when support is disabled

 paxldso.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/paxldso.h b/paxldso.h
index 1517e5e..16cbbac 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -26,7 +26,7 @@
 #if PAX_LDSO_CACHE
 extern char *ldso_cache_lookup_lib(elfobj *elf, const char *fname);
 #else
-static inline char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
+static inline char *ldso_cache_lookup_lib(__unused__ elfobj *elf, __unused__ const char *fname)
 {
 	return NULL;
 }
@@ -54,7 +54,7 @@ extern array_t *ldpaths;
 #if PAX_LDSO_CONFIG
 extern int ldso_config_load(const char *fname);
 #else
-static inline int ldso_config_load(const char *fname)
+static inline int ldso_config_load(__unused__ const char *fname)
 {
 	return 0;
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-15  4:02 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-15  4:02 UTC (permalink / raw
  To: gentoo-commits

commit:     7aeb66e8ab261007a95fd0fee0f573d6aede496d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 04:01:07 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 04:01:07 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7aeb66e8

paxldso: always expose ldpaths array

This fixes building when ldso config logic is unavailable since consumers
(like scanelf) always attempt to walk the array.  Changing the code to be
an empty array by default so it won't suck up too much space when support
isn't available.

 paxldso.c | 4 ++--
 paxldso.h | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index 93eaf97..ce64e6c 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -235,11 +235,11 @@ static void ldso_cache_cleanup(void)
  * ld.so.conf logic
  */
 
-#if PAX_LDSO_CONFIG
-
 static array_t _ldpaths = array_init_decl;
 array_t *ldpaths = &_ldpaths;
 
+#if PAX_LDSO_CONFIG
+
 #if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
 
 int ldso_config_load(const char *fname)

diff --git a/paxldso.h b/paxldso.h
index bbf8852..1517e5e 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -49,8 +49,9 @@ static inline char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
 # define PAX_LDSO_CONFIG 1
 #endif
 
-#if PAX_LDSO_CONFIG
+/* Consumers refer to ldpaths directly, so can't hide its def. */
 extern array_t *ldpaths;
+#if PAX_LDSO_CONFIG
 extern int ldso_config_load(const char *fname);
 #else
 static inline int ldso_config_load(const char *fname)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2016-11-27  3:43 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2016-11-27  3:43 UTC (permalink / raw
  To: gentoo-commits

commit:     add37310501935585d26ab99e191b3841be9e926
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 17 05:49:22 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Nov 17 05:49:22 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=add37310

dumpelf: clean up types all over the place

Rather than blindly cast everything to unsigned long (which doesn't work
when working with 64-bit ELFs on a 32-bit host), use the proper types in
all the printf statements.

 dumpelf.c | 175 +++++++++++++++++++++++++++++++-------------------------------
 paxelf.h  |   2 +-
 porting.h |   1 +
 3 files changed, 90 insertions(+), 88 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index d765164..d95a161 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -11,11 +11,11 @@ const char argv0[] = "dumpelf";
 #include "paxinc.h"
 
 /* prototypes */
-static void dumpelf(const char *filename, long file_cnt);
+static void dumpelf(const char *filename, size_t file_cnt);
 static void dump_ehdr(elfobj *elf, const void *ehdr);
-static void dump_phdr(elfobj *elf, const void *phdr, long phdr_cnt);
-static void dump_shdr(elfobj *elf, const void *shdr, long shdr_cnt, const char *name);
-static void dump_dyn(elfobj *elf, const void *dyn, long dyn_cnt);
+static void dump_phdr(elfobj *elf, const void *phdr, size_t phdr_cnt);
+static void dump_shdr(elfobj *elf, const void *shdr, size_t shdr_cnt, const char *name);
+static void dump_dyn(elfobj *elf, const void *dyn, size_t dyn_cnt);
 #if 0
 static void dump_sym(elfobj *elf, const void *sym);
 static void dump_rel(elfobj *elf, const void *rel);
@@ -31,10 +31,10 @@ static char be_verbose = 0;
 static const void *phdr_dynamic_void;
 
 /* dump all internal elf info */
-static void dumpelf(const char *filename, long file_cnt)
+static void dumpelf(const char *filename, size_t file_cnt)
 {
 	elfobj *elf;
-	unsigned long i, b;
+	size_t i, b;
 
 	/* verify this is real ELF */
 	if ((elf = readelf(filename)) == NULL)
@@ -48,9 +48,9 @@ static void dumpelf(const char *filename, long file_cnt)
 		"\n"
 		"/*\n"
 		" * ELF dump of '%s'\n"
-		" *     %li (0x%lX) bytes\n"
+		" *     %ji (0x%jX) bytes\n"
 		" */\n\n",
-		filename, (unsigned long)elf->len, (unsigned long)elf->len);
+		filename, elf->len, elf->len);
 
 	/* setup the struct to namespace this elf */
 #define MAKE_STRUCT(B) \
@@ -58,16 +58,16 @@ static void dumpelf(const char *filename, long file_cnt)
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	b = B; \
 	printf( \
-		"Elf%1$i_Dyn dumpedelf_dyn_%2$li[];\n" \
+		"Elf%1$i_Dyn dumpedelf_dyn_%2$zu[];\n" \
 		"struct {\n" \
 		"\tElf%1$i_Ehdr ehdr;\n" \
-		"\tElf%1$i_Phdr phdrs[%3$li];\n" \
-		"\tElf%1$i_Shdr shdrs[%4$li];\n" \
+		"\tElf%1$i_Phdr phdrs[%3$u];\n" \
+		"\tElf%1$i_Shdr shdrs[%4$u];\n" \
 		"\tElf%1$i_Dyn *dyns;\n" \
-		"} dumpedelf_%2$li = {\n\n", \
+		"} dumpedelf_%2$zu = {\n\n", \
 		B, file_cnt, \
-		(long)EGET(ehdr->e_phnum), \
-		(long)EGET(ehdr->e_shnum) \
+		(uint16_t)EGET(ehdr->e_phnum), \
+		(uint16_t)EGET(ehdr->e_shnum) \
 	); \
 	}
 	MAKE_STRUCT(32)
@@ -123,11 +123,11 @@ static void dumpelf(const char *filename, long file_cnt)
 	printf("},\n");
 
 	/* finish the namespace struct and start the abitrary ones */
-	printf("\n.dyns = dumpedelf_dyn_%li,\n", file_cnt);
+	printf("\n.dyns = dumpedelf_dyn_%zu,\n", file_cnt);
 	printf("};\n");
 
 	/* start the arbitrary structs */
-	printf("Elf%lu_Dyn dumpedelf_dyn_%li[] = {\n", b, file_cnt);
+	printf("Elf%zu_Dyn dumpedelf_dyn_%zu[] = {\n", b, file_cnt);
 	if (phdr_dynamic_void) {
 #define DUMP_DYNS(B) \
 		if (elf->elf_class == ELFCLASS ## B) { \
@@ -161,42 +161,42 @@ static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 	printf(".ehdr = {\n"); \
 	printf("\t.e_ident = { /* (EI_NIDENT bytes) */\n" \
 	       "\t\t/* [%i] EI_MAG:        */ 0x%X,'%c','%c','%c',\n" \
-	       "\t\t/* [%i] EI_CLASS:      */ %i , /* (%s) */\n" \
-	       "\t\t/* [%i] EI_DATA:       */ %i , /* (%s) */\n" \
-	       "\t\t/* [%i] EI_VERSION:    */ %i , /* (%s) */\n" \
-	       "\t\t/* [%i] EI_OSABI:      */ %i , /* (%s) */\n" \
-	       "\t\t/* [%i] EI_ABIVERSION: */ %i ,\n" \
+	       "\t\t/* [%i] EI_CLASS:      */ %u , /* (%s) */\n" \
+	       "\t\t/* [%i] EI_DATA:       */ %u , /* (%s) */\n" \
+	       "\t\t/* [%i] EI_VERSION:    */ %u , /* (%s) */\n" \
+	       "\t\t/* [%i] EI_OSABI:      */ %u , /* (%s) */\n" \
+	       "\t\t/* [%i] EI_ABIVERSION: */ %u ,\n" \
 	       "\t\t/* [%i-%i] EI_PAD:     */ 0x%X, 0x%X, 0x%X, 0x%X, 0x%X, 0x%X, 0x%X,\n" \
 	       "\t},\n", \
-	       EI_MAG0, (unsigned int)ehdr->e_ident[EI_MAG0], ehdr->e_ident[EI_MAG1], ehdr->e_ident[EI_MAG2], ehdr->e_ident[EI_MAG3], \
-	       EI_CLASS, (int)ehdr->e_ident[EI_CLASS], get_elfeitype(EI_CLASS, ehdr->e_ident[EI_CLASS]), \
-	       EI_DATA, (int)ehdr->e_ident[EI_DATA], get_elfeitype(EI_DATA, ehdr->e_ident[EI_DATA]), \
-	       EI_VERSION, (int)ehdr->e_ident[EI_VERSION], get_elfeitype(EI_VERSION, ehdr->e_ident[EI_VERSION]), \
-	       EI_OSABI, (int)ehdr->e_ident[EI_OSABI], get_elfeitype(EI_OSABI, ehdr->e_ident[EI_OSABI]), \
-	       EI_ABIVERSION, (int)ehdr->e_ident[EI_ABIVERSION], \
+	       EI_MAG0, ehdr->e_ident[EI_MAG0], ehdr->e_ident[EI_MAG1], ehdr->e_ident[EI_MAG2], ehdr->e_ident[EI_MAG3], \
+	       EI_CLASS, ehdr->e_ident[EI_CLASS], get_elfeitype(EI_CLASS, ehdr->e_ident[EI_CLASS]), \
+	       EI_DATA, ehdr->e_ident[EI_DATA], get_elfeitype(EI_DATA, ehdr->e_ident[EI_DATA]), \
+	       EI_VERSION, ehdr->e_ident[EI_VERSION], get_elfeitype(EI_VERSION, ehdr->e_ident[EI_VERSION]), \
+	       EI_OSABI, ehdr->e_ident[EI_OSABI], get_elfeitype(EI_OSABI, ehdr->e_ident[EI_OSABI]), \
+	       EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION], \
 	       EI_PAD, EI_NIDENT - 1, \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 0], \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 1], \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 2], \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 3], \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 4], \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 5], \
-	         (unsigned int)ehdr->e_ident[EI_PAD + 6] \
+	         ehdr->e_ident[EI_PAD + 0], \
+	         ehdr->e_ident[EI_PAD + 1], \
+	         ehdr->e_ident[EI_PAD + 2], \
+	         ehdr->e_ident[EI_PAD + 3], \
+	         ehdr->e_ident[EI_PAD + 4], \
+	         ehdr->e_ident[EI_PAD + 5], \
+	         ehdr->e_ident[EI_PAD + 6] \
 	); \
-	printf("\t.e_type      = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_type), get_elfetype(elf)); \
-	printf("\t.e_machine   = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_machine), get_elfemtype(elf)); \
-	printf("\t.e_version   = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_version), get_elfeitype(EI_VERSION, EGET(ehdr->e_version))); \
-	printf("\t.e_entry     = 0x%-8lX , /* (start address at runtime) */\n", (unsigned long)EGET(ehdr->e_entry)); \
-	printf("\t.e_phoff     = %-10li , /* (bytes into file) */\n", (unsigned long)EGET(ehdr->e_phoff)); \
-	printf("\t.e_shoff     = %-10li , /* (bytes into file) */\n", (unsigned long)EGET(ehdr->e_shoff)); \
-	printf("\t.e_flags     = 0x%-8X ,\n", (unsigned int)EGET(ehdr->e_flags)); \
-	printf("\t.e_ehsize    = %-10i , /* (bytes) */\n", (int)EGET(ehdr->e_ehsize)); \
-	printf("\t.e_phentsize = %-10i , /* (bytes) */\n", (int)EGET(ehdr->e_phentsize)); \
+	printf("\t.e_type      = %-10u , /* (%s) */\n", (uint16_t)EGET(ehdr->e_type), get_elfetype(elf)); \
+	printf("\t.e_machine   = %-10u , /* (%s) */\n", (uint16_t)EGET(ehdr->e_machine), get_elfemtype(elf)); \
+	printf("\t.e_version   = %-10u , /* (%s) */\n", (uint32_t)EGET(ehdr->e_version), get_elfeitype(EI_VERSION, EGET(ehdr->e_version))); \
+	printf("\t.e_entry     = 0x%-8"PRIX64" , /* (start address at runtime) */\n", EGET(ehdr->e_entry)); \
+	printf("\t.e_phoff     = %-10"PRIi64" , /* (bytes into file) */\n", EGET(ehdr->e_phoff)); \
+	printf("\t.e_shoff     = %-10"PRIi64" , /* (bytes into file) */\n", EGET(ehdr->e_shoff)); \
+	printf("\t.e_flags     = 0x%-8X ,\n", (uint32_t)EGET(ehdr->e_flags)); \
+	printf("\t.e_ehsize    = %-10u , /* (bytes) */\n", (uint16_t)EGET(ehdr->e_ehsize)); \
+	printf("\t.e_phentsize = %-10u , /* (bytes) */\n", (uint16_t)EGET(ehdr->e_phentsize)); \
 	/* TODO: Handle PN_XNUM */ \
-	printf("\t.e_phnum     = %-10i , /* (program headers) */\n", (int)EGET(ehdr->e_phnum)); \
-	printf("\t.e_shentsize = %-10i , /* (bytes) */\n", (int)EGET(ehdr->e_shentsize)); \
-	printf("\t.e_shnum     = %-10i , /* (section headers) */\n", (int)EGET(ehdr->e_shnum)); \
-	printf("\t.e_shstrndx  = %-10i\n", (int)EGET(ehdr->e_shstrndx)); \
+	printf("\t.e_phnum     = %-10u , /* (program headers) */\n", (uint16_t)EGET(ehdr->e_phnum)); \
+	printf("\t.e_shentsize = %-10u , /* (bytes) */\n", (uint16_t)EGET(ehdr->e_shentsize)); \
+	printf("\t.e_shnum     = %-10u , /* (section headers) */\n", (uint16_t)EGET(ehdr->e_shnum)); \
+	printf("\t.e_shstrndx  = %-10u\n", (uint16_t)EGET(ehdr->e_shstrndx)); \
 	printf("},\n"); \
 	}
 	DUMP_EHDR(32)
@@ -235,7 +235,7 @@ static const char *dump_p_flags(uint32_t type, uint32_t flags)
 
 	return buf + 3;
 }
-static void dump_phdr(elfobj *elf, const void *phdr_void, long phdr_cnt)
+static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 {
 #define DUMP_PHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
@@ -244,24 +244,25 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, long phdr_cnt)
 	switch (p_type) { \
 	case PT_DYNAMIC: phdr_dynamic_void = phdr_void; break; \
 	} \
-	printf("/* Program Header #%li 0x%lX */\n{\n", phdr_cnt, (uintptr_t)phdr_void - (uintptr_t)elf->data); \
-	printf("\t.p_type   = %-10li , /* [%s] */\n", (long)p_type, get_elfptype(p_type)); \
-	printf("\t.p_offset = %-10li , /* (bytes into file) */\n", (long)EGET(phdr->p_offset)); \
-	printf("\t.p_vaddr  = 0x%-8lX , /* (virtual addr at runtime) */\n", (unsigned long)EGET(phdr->p_vaddr)); \
-	printf("\t.p_paddr  = 0x%-8lX , /* (physical addr at runtime) */\n", (unsigned long)EGET(phdr->p_paddr)); \
-	printf("\t.p_filesz = %-10li , /* (bytes in file) */\n", (long)EGET(phdr->p_filesz)); \
-	printf("\t.p_memsz  = %-10li , /* (bytes in mem at runtime) */\n", (long)EGET(phdr->p_memsz)); \
-	printf("\t.p_flags  = 0x%-8lX , /* %s */\n", (unsigned long)EGET(phdr->p_flags), dump_p_flags(p_type, EGET(phdr->p_flags))); \
-	printf("\t.p_align  = %-10li , /* (min mem alignment in bytes) */\n", (long)EGET(phdr->p_align)); \
+	printf("/* Program Header #%zu 0x%tX */\n{\n", \
+	       phdr_cnt, (uintptr_t)phdr_void - elf->udata); \
+	printf("\t.p_type   = %-10u , /* [%s] */\n", p_type, get_elfptype(p_type)); \
+	printf("\t.p_offset = %-10"PRIi64" , /* (bytes into file) */\n", EGET(phdr->p_offset)); \
+	printf("\t.p_vaddr  = 0x%-8"PRIX64" , /* (virtual addr at runtime) */\n", EGET(phdr->p_vaddr)); \
+	printf("\t.p_paddr  = 0x%-8"PRIX64" , /* (physical addr at runtime) */\n", EGET(phdr->p_paddr)); \
+	printf("\t.p_filesz = %-10"PRIu64" , /* (bytes in file) */\n", EGET(phdr->p_filesz)); \
+	printf("\t.p_memsz  = %-10"PRIu64" , /* (bytes in mem at runtime) */\n", EGET(phdr->p_memsz)); \
+	printf("\t.p_flags  = 0x%-8X , /* %s */\n", (uint32_t)EGET(phdr->p_flags), dump_p_flags(p_type, EGET(phdr->p_flags))); \
+	printf("\t.p_align  = %-10"PRIu64" , /* (min mem alignment in bytes) */\n", EGET(phdr->p_align)); \
 	printf("},\n"); \
 	}
 	DUMP_PHDR(32)
 	DUMP_PHDR(64)
 }
 
-static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const char *name)
+static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const char *name)
 {
-	unsigned long i;
+	size_t i;
 
 	/* Make sure the string is valid. */
 	if ((void *)name >= elf->data_end)
@@ -276,18 +277,18 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const c
 	uint32_t type = EGET(shdr->sh_type); \
 	uint ## B ## _t size = EGET(shdr->sh_size); \
 	\
-	printf("/* Section Header #%li '%s' 0x%lX */\n{\n", \
-	       shdr_cnt, name, (uintptr_t)shdr_void - (uintptr_t)elf->data); \
-	printf("\t.sh_name      = %-10i ,\n", (int)EGET(shdr->sh_name)); \
-	printf("\t.sh_type      = %-10i , /* [%s] */\n", (int)EGET(shdr->sh_type), get_elfshttype(type)); \
-	printf("\t.sh_flags     = %-10li ,\n", (long)EGET(shdr->sh_flags)); \
-	printf("\t.sh_addr      = 0x%-8lX ,\n", (unsigned long)EGET(shdr->sh_addr)); \
-	printf("\t.sh_offset    = %-10li , /* (bytes) */\n", (long)offset); \
-	printf("\t.sh_size      = %-10lu , /* (bytes) */\n", (unsigned long)size); \
-	printf("\t.sh_link      = %-10i ,\n", (int)EGET(shdr->sh_link)); \
-	printf("\t.sh_info      = %-10i ,\n", (int)EGET(shdr->sh_info)); \
-	printf("\t.sh_addralign = %-10li ,\n", (long)EGET(shdr->sh_addralign)); \
-	printf("\t.sh_entsize   = %-10li\n", (long)EGET(shdr->sh_entsize)); \
+	printf("/* Section Header #%zu '%s' 0x%tX */\n{\n", \
+	       shdr_cnt, name, (uintptr_t)shdr_void - elf->udata); \
+	printf("\t.sh_name      = %-10u ,\n", (uint32_t)EGET(shdr->sh_name)); \
+	printf("\t.sh_type      = %-10u , /* [%s] */\n", (uint32_t)EGET(shdr->sh_type), get_elfshttype(type)); \
+	printf("\t.sh_flags     = %-10"PRIu64" ,\n", EGET(shdr->sh_flags)); \
+	printf("\t.sh_addr      = 0x%-8"PRIX64" ,\n", EGET(shdr->sh_addr)); \
+	printf("\t.sh_offset    = %-10"PRIi64" , /* (bytes) */\n", (uint64_t)offset); \
+	printf("\t.sh_size      = %-10"PRIu64" , /* (bytes) */\n", (uint64_t)size); \
+	printf("\t.sh_link      = %-10u ,\n", (uint32_t)EGET(shdr->sh_link)); \
+	printf("\t.sh_info      = %-10u ,\n", (uint32_t)EGET(shdr->sh_info)); \
+	printf("\t.sh_addralign = %-10"PRIu64" ,\n", (uint64_t)EGET(shdr->sh_addralign)); \
+	printf("\t.sh_entsize   = %-10"PRIu64"\n", (uint64_t)EGET(shdr->sh_entsize)); \
 	\
 	if (type == SHT_NOBITS) { \
 		/* Special case so we can do valid check next. */ \
@@ -331,13 +332,13 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const c
 			Elf##B##_Sym *sym = vdata; \
 			printf("\n\t/%c section dump:\n", '*'); \
 			for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \
-				printf("\t * Elf%i_Sym sym%li = {\n", B, (long)i); \
-				printf("\t * \t.st_name  = %i,\n", (unsigned int)EGET(sym->st_name)); \
-				printf("\t * \t.st_value = 0x%lX,\n", (unsigned long)EGET(sym->st_value)); \
-				printf("\t * \t.st_size  = %li, (bytes)\n", (unsigned long)EGET(sym->st_size)); \
-				printf("\t * \t.st_info  = %i,\n", (unsigned int)EGET(sym->st_info)); \
-				printf("\t * \t.st_other = %i,\n", (unsigned int)EGET(sym->st_other)); \
-				printf("\t * \t.st_shndx = %li\n", (unsigned long)EGET(sym->st_shndx)); \
+				printf("\t * Elf%i_Sym sym%zu = {\n", B, i); \
+				printf("\t * \t.st_name  = %u,\n", (uint32_t)EGET(sym->st_name)); \
+				printf("\t * \t.st_value = 0x%"PRIX64",\n", EGET(sym->st_value)); \
+				printf("\t * \t.st_size  = %"PRIu64", (bytes)\n", EGET(sym->st_size)); \
+				printf("\t * \t.st_info  = %u,\n", (unsigned char)EGET(sym->st_info)); \
+				printf("\t * \t.st_other = %u,\n", (unsigned char)EGET(sym->st_other)); \
+				printf("\t * \t.st_shndx = %u\n", (uint16_t)EGET(sym->st_shndx)); \
 				printf("\t * };\n"); \
 				++sym; \
 			} \
@@ -365,18 +366,18 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, long shdr_cnt, const c
 	DUMP_SHDR(64)
 }
 
-static void dump_dyn(elfobj *elf, const void *dyn_void, long dyn_cnt)
+static void dump_dyn(elfobj *elf, const void *dyn_void, size_t dyn_cnt)
 {
 #define DUMP_DYN(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
 	const Elf ## B ## _Dyn *dyn = dyn_void; \
-	unsigned long tag = EGET(dyn->d_tag); \
-	printf("/* Dynamic tag #%li '%s' 0x%lX */\n{\n", \
-	       dyn_cnt, get_elfdtype(tag), (uintptr_t)dyn_void - (uintptr_t)elf->data); \
-	printf("\t.d_tag     = 0x%-8lX ,\n", tag); \
+	int64_t tag = EGET(dyn->d_tag); \
+	printf("/* Dynamic tag #%zu '%s' 0x%tX */\n{\n", \
+	       dyn_cnt, get_elfdtype(tag), (uintptr_t)dyn_void - elf->udata); \
+	printf("\t.d_tag     = 0x%-8"PRIX64" ,\n", tag); \
 	printf("\t.d_un      = {\n"); \
-	printf("\t\t.d_val = 0x%-8lX ,\n", (unsigned long)EGET(dyn->d_un.d_val)); \
-	printf("\t\t.d_ptr = 0x%-8lX ,\n", (unsigned long)EGET(dyn->d_un.d_val)); \
+	printf("\t\t.d_val = 0x%-8"PRIX64" ,\n", EGET(dyn->d_un.d_val)); \
+	printf("\t\t.d_ptr = 0x%-8"PRIX64" ,\n", EGET(dyn->d_un.d_val)); \
 	printf("\t},\n"); \
 	printf("},\n"); \
 	}
@@ -403,7 +404,7 @@ static const char * const opts_help[] = {
 /* display usage and exit */
 static void usage(int status)
 {
-	int i;
+	size_t i;
 	printf("* Dump internal ELF structure\n\n"
 	       "Usage: %s <file1> [file2 fileN ...]\n\n", argv0);
 	printf("Options:\n");
@@ -449,7 +450,7 @@ static void parseargs(int argc, char *argv[])
 		err("Nothing to dump !?");
 
 	{
-	long file_cnt = 0;
+	size_t file_cnt = 0;
 
 	while (optind < argc)
 		dumpelf(argv[optind++], file_cnt++);

diff --git a/paxelf.h b/paxelf.h
index 4beec93..aa34ca6 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -15,7 +15,7 @@ typedef struct {
 	void *phdr;
 	void *shdr;
 	void *_data;
-	union { void *ehdr, *vdata; char *data; };
+	union { void *ehdr, *vdata; char *data; uintptr_t udata; };
 	void *data_end;
 	char elf_class;
 	off_t len;

diff --git a/porting.h b/porting.h
index 8f2694b..1c04337 100644
--- a/porting.h
+++ b/porting.h
@@ -35,6 +35,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <time.h>
 #include <unistd.h>
 #include <sys/mman.h>
 #include <sys/stat.h>


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     2eb852129394f97dae89c0ff1f9f48637edcb0e9
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 25 06:30:32 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Nov 25 06:30:32 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2eb85212

scanelf: rewrite textrels decoder to use program segments

Previously, we only looked at the section name ".text".  This fails when
other names are used, or when the section headers are incomplete.  Since
the runtime only looks at program headers, change the code to match.

 scanelf.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 88 insertions(+), 28 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 2a7c0ce..9c52ced 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -572,8 +572,8 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
  */
 static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *found_textrel)
 {
-	unsigned long s, r, rmax;
-	void *symtab_void, *strtab_void, *text_void;
+	unsigned long r, rmax;
+	void *symtab_void, *strtab_void;
 
 	if (!show_textrels) return NULL;
 
@@ -582,32 +582,87 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	if (!*found_textrel) return NULL;
 
 	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
-	text_void = elf_findsecbyname(elf, ".text");
 
 #define SHOW_TEXTRELS(B) \
+	size_t i; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
+	Elf ## B ## _Phdr *phdr; \
+	Elf ## B ## _Off offset; \
 	Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
 	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
-	Elf ## B ## _Shdr *text = SHDR ## B (text_void); \
-	Elf ## B ## _Addr vaddr = EGET(text->sh_addr); \
-	uint ## B ## _t memsz = EGET(text->sh_size); \
 	Elf ## B ## _Rel *rel; \
 	Elf ## B ## _Rela *rela; \
-	/* search the section headers for relocations */ \
-	for (s = 0; s < EGET(ehdr->e_shnum); ++s) { \
-		uint32_t sh_type = EGET(shdr[s].sh_type); \
-		if (sh_type == SHT_REL) { \
-			rel = REL ## B (elf->vdata + EGET(shdr[s].sh_offset)); \
-			rela = NULL; \
-			rmax = EGET(shdr[s].sh_size) / sizeof(*rel); \
-		} else if (sh_type == SHT_RELA) { \
-			rel = NULL; \
-			rela = RELA ## B (elf->vdata + EGET(shdr[s].sh_offset)); \
-			rmax = EGET(shdr[s].sh_size) / sizeof(*rela); \
-		} else \
+	Elf ## B ## _Dyn *dyn, *drel, *drelsz, *drelent, *dpltrel; \
+	uint32_t pltrel; \
+	\
+	/* Find the dynamic headers */ \
+	phdr = scanelf_file_get_pt_dynamic(elf); \
+	if (phdr == NULL) \
+		break; \
+	offset = EGET(phdr->p_offset); \
+	\
+	/* Walk all the dynamic tags to find relocation info */ \
+	dyn = DYN ## B (elf->vdata + offset); \
+	drel = drelsz = drelent = dpltrel = NULL; \
+	while (EGET(dyn->d_tag) != DT_NULL) { \
+		switch (EGET(dyn->d_tag)) { \
+		case DT_REL: \
+		case DT_RELA: \
+			drel = dyn; \
+			break; \
+		case DT_RELSZ: \
+		case DT_RELASZ: \
+			drelsz = dyn; \
+			break; \
+		case DT_RELENT: \
+		case DT_RELAENT: \
+			drelent = dyn; \
+			break; \
+		case DT_PLTREL: \
+			dpltrel = dyn; \
+			break; \
+		} \
+		++dyn; \
+	} \
+	if (!drel || !drelsz || !drelent || !dpltrel) { \
+		warnf("ELF is missing relocation information"); \
+		break; \
+	} \
+	switch (EGET(dpltrel->d_un.d_val)) { \
+	case DT_REL: \
+		rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
+		rela = NULL; \
+		pltrel = DT_REL; \
+		break; \
+	case DT_RELA: \
+		rel = NULL; \
+		rela = RELA##B(elf->vdata + EGET(drel->d_un.d_val)); \
+		pltrel = DT_RELA; \
+		break; \
+	default: \
+		warn("Unknown relocation type"); \
+		rel = NULL; \
+		rela = NULL; \
+		break; \
+	} \
+	if (!rel && !rela) \
+		break; \
+	rmax = EGET(drelsz->d_un.d_val) / EGET(drelent->d_un.d_val); \
+	\
+	/* search the program segments for relocations */ \
+	phdr = PHDR ## B(elf->phdr); \
+	for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
+		Elf ## B ## _Addr vaddr = EGET(phdr[i].p_vaddr); \
+		uint ## B ## _t memsz = EGET(phdr[i].p_memsz); \
+		\
+		/* Only care about loadable segments. */ \
+		if (EGET(phdr[i].p_type) != PT_LOAD) \
 			continue; \
-		/* now see if any of the relocs are in the .text */ \
+		/* Only care about executable segments. */ \
+		if ((EGET(phdr[i].p_flags) & PF_X) != PF_X) \
+			continue; \
+		\
+		/* now see if any of the relocs touch this segment */ \
 		for (r = 0; r < rmax; ++r) { \
 			unsigned long sym_max; \
 			Elf ## B ## _Addr offset_tmp; \
@@ -615,7 +670,7 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 			Elf ## B ## _Sym *sym; \
 			Elf ## B ## _Addr r_offset; \
 			uint ## B ## _t r_info; \
-			if (sh_type == SHT_REL) { \
+			if (pltrel == DT_REL) { \
 				r_offset = EGET(rel[r].r_offset); \
 				r_info = EGET(rel[r].r_info); \
 			} else { \
@@ -641,7 +696,9 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 			sym_max = EGET(symtab->sh_size) / EGET(symtab->sh_entsize); \
 			/* show the raw details about this reloc */ \
 			printf("  %s: ", elf->base_filename); \
-			if (sym && sym->st_name) \
+			if (!strtab) \
+				printf("(missing symbols)"); \
+			else if (sym && sym->st_name) \
 				printf("%s", elf->data + EGET(strtab->sh_offset) + EGET(sym->st_name)); \
 			else \
 				printf("(memory/data?)"); \
@@ -659,11 +716,14 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 			} \
 			printf(" in "); \
 			if (func && func->st_name) { \
-				const char *func_name = elf->data + EGET(strtab->sh_offset) + EGET(func->st_name); \
-				if (r_offset > EGET(func->st_size)) \
-					printf("(optimized out: previous %s)", func_name); \
-				else \
-					printf("%s", func_name); \
+				if (strtab) { \
+					const char *func_name = elf->data + EGET(strtab->sh_offset) + EGET(func->st_name); \
+					if (r_offset > EGET(func->st_size)) \
+						printf("(optimized out: previous %s)", func_name); \
+					else \
+						printf("%s", func_name); \
+				} else \
+					printf("(missing symbols)"); \
 			} else \
 				printf("(optimized out)"); \
 			printf(" [0x%lX]\n", (unsigned long)offset_tmp); \
@@ -690,7 +750,7 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 			} \
 		} \
 	}
-	if (symtab_void && strtab_void && text_void && elf->shdr)
+	if (symtab_void && elf->phdr)
 		SCANELF_ELF_SIZED(SHOW_TEXTRELS);
 	if (!*found_textrels)
 		warnf("ELF %s has TEXTREL markings but doesnt appear to have any real TEXTREL's !?", elf->filename);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     66e7f671db0d1ed6af31844610e6408d111789e3
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 23 23:36:37 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Nov 23 23:36:37 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=66e7f671

scanelf: unify some boiler plate logic with ELF-sized macros

Shouldn't be any functional changes here, just making life easier for
adding more macros like this.

 scanelf.c | 115 +++++++++++++++++++++++---------------------------------------
 1 file changed, 42 insertions(+), 73 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 171093a..71288fc 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -66,6 +66,19 @@ static unsigned long setpax = 0UL;
 
 static const char *objdump;
 
+/* Boiler plate wrapper for expanding ELF macros for specific ELF sizes. */
+#define _SCANELF_IF_ELF_SIZE(B, x) \
+	do { \
+		if (elf->elf_class == ELFCLASS ## B) { \
+			x(B); \
+		} \
+	} while (0)
+#define SCANELF_ELF_SIZED(x) \
+	do { \
+		_SCANELF_IF_ELF_SIZE(32, x); \
+		_SCANELF_IF_ELF_SIZE(64, x); \
+	} while (0)
+
 /* Find the path to a file by name.  Note: we do not currently handle the
  * empty path element correctly (should behave by searching $PWD). */
 static const char *which(const char *fname, const char *envvar)
@@ -149,7 +162,6 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	 * as they are generated in sync.  Trying to mix them won't work.
 	 */
 #define GET_SYMTABS(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 	Elf ## B ## _Shdr *esymtab = symtab; \
 	Elf ## B ## _Shdr *estrtab = strtab; \
 	Elf ## B ## _Shdr *edynsym = dynsym; \
@@ -182,10 +194,8 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 		return; \
 	} else { \
 		*sym = *str = NULL; \
-	} \
 	}
-	GET_SYMTABS(32)
-	GET_SYMTABS(64)
+	SCANELF_ELF_SIZED(GET_SYMTABS);
 
 	if (*sym && *str)
 		return;
@@ -195,10 +205,7 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	 * reconstruct the section header info out of the dynamic
 	 * tags so we can see what symbols this guy uses at runtime.
 	 */
-	if (!elf->phdr)
-		return;
 #define GET_SYMTABS_DT(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 	size_t i; \
 	static Elf ## B ## _Shdr sym_shdr, str_shdr; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
@@ -300,10 +307,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 			ESET(str_shdr.sh_offset, offset + (vstr - vaddr)); \
 			*str = &str_shdr; \
 		} \
-	} \
 	}
-	GET_SYMTABS_DT(32)
-	GET_SYMTABS_DT(64)
+	if (elf->phdr)
+		SCANELF_ELF_SIZED(GET_SYMTABS_DT);
 	return;
 
  corrupt_hash:
@@ -320,9 +326,7 @@ static char *scanelf_file_pax(elfobj *elf, char *found_pax)
 	shown = 0;
 	memset(&ret, 0, sizeof(ret));
 
-	if (elf->phdr) {
 #define SHOW_PAX(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
@@ -338,11 +342,9 @@ static char *scanelf_file_pax(elfobj *elf, char *found_pax)
 		*found_pax = 1; \
 		++shown; \
 		break; \
-	} \
-	}
-	SHOW_PAX(32)
-	SHOW_PAX(64)
 	}
+	if (elf->phdr)
+		SCANELF_ELF_SIZED(SHOW_PAX);
 
 	/* Note: We do not support setting EI_PAX if not PT_PAX_FLAGS
 	 * was found.  This is known to break ELFs on glibc systems,
@@ -383,7 +385,6 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 
 #define NOTE_GNU_STACK ".note.GNU-stack"
 #define SHOW_PHDR(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Off offset; \
 	uint32_t flags, check_flags; \
@@ -465,10 +466,8 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 			shown = 1; \
 			memcpy(ret, "!WX", 3); \
 		} \
-	} \
 	}
-	SHOW_PHDR(32)
-	SHOW_PHDR(64)
+	SCANELF_ELF_SIZED(SHOW_PHDR);
 
 	if (be_wewy_wewy_quiet || (be_quiet && !shown))
 		return NULL;
@@ -493,9 +492,7 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 
 	if (file_matches_list(elf->filename, qa_textrels)) return NULL;
 
-	if (elf->phdr) {
 #define SHOW_TEXTREL(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 	Elf ## B ## _Dyn *dyn; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -513,10 +510,9 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 			} \
 			++dyn; \
 		} \
-	} }
-	SHOW_TEXTREL(32)
-	SHOW_TEXTREL(64)
 	}
+	if (elf->phdr)
+		SCANELF_ELF_SIZED(SHOW_TEXTREL);
 
 	if (be_quiet || be_wewy_wewy_quiet)
 		return NULL;
@@ -543,9 +539,7 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
 	text_void = elf_findsecbyname(elf, ".text");
 
-	if (symtab_void && strtab_void && text_void && elf->shdr) {
 #define SHOW_TEXTRELS(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
 	Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
@@ -650,10 +644,9 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 				free(sysbuf); \
 			} \
 		} \
-	} }
-	SHOW_TEXTRELS(32)
-	SHOW_TEXTRELS(64)
 	}
+	if (symtab_void && strtab_void && text_void && elf->shdr)
+		SCANELF_ELF_SIZED(SHOW_TEXTRELS);
 	if (!*found_textrels)
 		warnf("ELF %s has TEXTREL markings but doesnt appear to have any real TEXTREL's !?", elf->filename);
 
@@ -696,9 +689,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 	strtbl_void = elf_findsecbyname(elf, ".dynstr");
 	rpath = runpath = NULL;
 
-	if (elf->phdr && strtbl_void) {
 #define SHOW_RPATH(B) \
-		if (elf->elf_class == ELFCLASS ## B) { \
 		Elf ## B ## _Dyn *dyn; \
 		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -806,10 +797,9 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 				} \
 				++dyn; \
 			} \
-		} }
-		SHOW_RPATH(32)
-		SHOW_RPATH(64)
-	}
+		}
+	if (elf->phdr && strtbl_void)
+		SCANELF_ELF_SIZED(SHOW_RPATH);
 
 	if (be_wewy_wewy_quiet) return;
 
@@ -861,9 +851,7 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 
 	strtbl_void = elf_findsecbyname(elf, ".dynstr");
 
-	if (elf->phdr && strtbl_void) {
 #define SHOW_NEEDED(B) \
-		if (elf->elf_class == ELFCLASS ## B) { \
 		Elf ## B ## _Dyn *dyn; \
 		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -922,9 +910,9 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 				} \
 				++dyn; \
 			} \
-		} }
-		SHOW_NEEDED(32)
-		SHOW_NEEDED(64)
+		}
+	if (elf->phdr && strtbl_void) {
+		SCANELF_ELF_SIZED(SHOW_NEEDED);
 		if (op == 0 && !*found_needed && be_verbose)
 			warn("ELF lacks DT_NEEDED sections: %s", elf->filename);
 	}
@@ -940,7 +928,6 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 	if (elf->phdr) {
 		/* Walk all the program headers to find the PT_INTERP */
 #define SHOW_PT_INTERP(B) \
-		if (elf->elf_class == ELFCLASS ## B) { \
 			size_t i; \
 			Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 			Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -949,23 +936,17 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 					offset = EGET(phdr[i].p_offset); \
 					break; \
 				} \
-			} \
-		}
-		SHOW_PT_INTERP(32)
-		SHOW_PT_INTERP(64)
+			}
+		SCANELF_ELF_SIZED(SHOW_PT_INTERP);
 	} else if (elf->shdr) {
 		/* Use the section headers to find it */
 		void *strtbl_void = elf_findsecbyname(elf, ".interp");
 
 #define SHOW_INTERP(B) \
-		if (elf->elf_class == ELFCLASS ## B) { \
 			Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-			offset = EGET(strtbl->sh_offset); \
-		}
-		if (strtbl_void) {
-			SHOW_INTERP(32)
-			SHOW_INTERP(64)
-		}
+			offset = EGET(strtbl->sh_offset);
+		if (strtbl_void)
+			SCANELF_ELF_SIZED(SHOW_INTERP);
 	}
 
 	/* Validate the pointer even if we don't use it in output */
@@ -992,7 +973,6 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 	if (!elf->phdr) return NULL;
 
 #define SHOW_BIND(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 		Elf ## B ## _Dyn *dyn; \
 		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -1013,10 +993,8 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 				} \
 				++dyn; \
 			} \
-		} \
-	}
-	SHOW_BIND(32)
-	SHOW_BIND(64)
+		}
+	SCANELF_ELF_SIZED(SHOW_BIND);
 
 	if (be_wewy_wewy_quiet) return NULL;
 
@@ -1038,9 +1016,7 @@ static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 
 	strtbl_void = elf_findsecbyname(elf, ".dynstr");
 
-	if (elf->phdr && strtbl_void) {
 #define SHOW_SONAME(B) \
-		if (elf->elf_class == ELFCLASS ## B) { \
 		Elf ## B ## _Dyn *dyn; \
 		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -1067,10 +1043,9 @@ static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 				} \
 				++dyn; \
 			} \
-		} }
-		SHOW_SONAME(32)
-		SHOW_SONAME(64)
-	}
+		}
+	if (elf->phdr && strtbl_void)
+		SCANELF_ELF_SIZED(SHOW_SONAME);
 
 	return NULL;
 }
@@ -1253,7 +1228,6 @@ static char *scanelf_file_sym(elfobj *elf, char *found_sym)
 
 	if (symtab_void && strtab_void) {
 #define FIND_SYM(B) \
-		if (elf->elf_class == ELFCLASS ## B) { \
 		Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
 		Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 		Elf ## B ## _Sym *sym = SYM ## B (elf->vdata + EGET(symtab->sh_offset)); \
@@ -1282,10 +1256,8 @@ static char *scanelf_file_sym(elfobj *elf, char *found_sym)
 				                      EGET(sym->st_size)); \
 			} \
 			++sym; \
-		} \
 		}
-		FIND_SYM(32)
-		FIND_SYM(64)
+		SCANELF_ELF_SIZED(FIND_SYM);
 	}
 
 	if (be_wewy_wewy_quiet) {
@@ -1314,7 +1286,6 @@ static const char *scanelf_file_sections(elfobj *elf, char *found_section)
 		 return NULL;
 
 #define FIND_SECTION(B) \
-	if (elf->elf_class == ELFCLASS ## B) { \
 		size_t matched, n; \
 		int invert; \
 		const char *section_name; \
@@ -1329,10 +1300,8 @@ static const char *scanelf_file_sections(elfobj *elf, char *found_section)
 		} \
 		\
 		if (matched == array_cnt(find_section_arr)) \
-			*found_section = 1; \
-	}
-	FIND_SECTION(32)
-	FIND_SECTION(64)
+			*found_section = 1;
+	SCANELF_ELF_SIZED(FIND_SECTION);
 
 	if (be_wewy_wewy_quiet)
 		return NULL;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     2a5f0969cf769005a1b716c832fa4a9c642d7dd6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 21 06:59:50 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Jan 21 06:59:50 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2a5f0969

travis: drop pyelftools install

They aren't available apparently, and it seems like Travis has made
it a failure now rather than being ignored.

 .travis.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 37b90c3..f8b90cf 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -29,7 +29,5 @@ addons:
     - autoconf-archive
     - gnulib
     - xmlto
-    - python-pyelftools
-    - python3-pyelftools
 
 script: ./travis/main.sh


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     ba31869401a628a7f0167ea51ade7254c58714d8
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 25 05:40:39 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Nov 25 05:40:39 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ba318694

scanelf: add helper funcs for looking up program headers

 scanelf.c | 404 ++++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 222 insertions(+), 182 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 5632527..2a7c0ce 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -140,6 +140,55 @@ static const char *which(const char *fname, const char *envvar)
 	return NULL;
 }
 
+/*
+ * Return the index into the program header table for the |p_type| segment.
+ * Useful only when there is one instance of a particular type.
+ */
+static ssize_t scanelf_file_find_phdr(elfobj *elf, uint32_t p_type)
+{
+	ssize_t ret = -1;
+
+#define FIND_PT_TYPE(B) \
+	size_t i; \
+	Elf##B##_Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	Elf##B##_Phdr *phdr = PHDR ## B (elf->phdr); \
+	\
+	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
+		if (EGET(phdr[i].p_type) != p_type) \
+			continue; \
+		\
+		if (ret == -1) \
+			ret = i; \
+		else \
+			warnf("ELF has more than one %s segment !?", get_elfptype(p_type)); \
+	}
+	if (elf->phdr)
+		SCANELF_ELF_SIZED(FIND_PT_TYPE);
+
+	return ret;
+}
+
+static void *scanelf_file_get_pt_dynamic(elfobj *elf)
+{
+	ssize_t i = scanelf_file_find_phdr(elf, PT_DYNAMIC);
+	if (i == -1)
+		return NULL;
+
+#define CHECK_PT_DYNAMIC(B) \
+	Elf##B##_Phdr *phdr = &PHDR##B(elf->phdr)[i]; \
+	Elf##B##_Off offset; \
+	\
+	if (EGET(phdr->p_filesz) == 0) \
+		break; \
+	offset = EGET(phdr->p_offset); \
+	if (offset >= elf->len - sizeof(Elf##B##_Dyn)) \
+		break; \
+	return phdr;
+	SCANELF_ELF_SIZED(CHECK_PT_DYNAMIC);
+
+	return NULL;
+}
+
 /* sub-funcs for scanelf_fileat() */
 static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 {
@@ -209,7 +258,7 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	size_t i; \
 	static Elf ## B ## _Shdr sym_shdr, str_shdr; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Addr vsym, vstr, vhash, vgnu_hash; \
 	Elf ## B ## _Dyn *dyn; \
 	Elf ## B ## _Off offset; \
@@ -218,28 +267,24 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	vsym = vstr = vhash = vgnu_hash = 0; \
 	memset(&sym_shdr, 0, sizeof(sym_shdr)); \
 	memset(&str_shdr, 0, sizeof(str_shdr)); \
-	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-		if (EGET(phdr[i].p_type) != PT_DYNAMIC) \
-			continue; \
-		\
-		offset = EGET(phdr[i].p_offset); \
-		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) \
-			continue; \
-		\
-		dyn = DYN ## B (elf->vdata + offset); \
-		while (EGET(dyn->d_tag) != DT_NULL) { \
-			switch (EGET(dyn->d_tag)) { \
-			case DT_SYMTAB:   vsym = EGET(dyn->d_un.d_val); break; \
-			case DT_SYMENT:   sym_shdr.sh_entsize = dyn->d_un.d_val; break; \
-			case DT_STRTAB:   vstr = EGET(dyn->d_un.d_val); break; \
-			case DT_STRSZ:    str_shdr.sh_size = dyn->d_un.d_val; break; \
-			case DT_HASH:     vhash = EGET(dyn->d_un.d_val); break; \
-			/*case DT_GNU_HASH: vgnu_hash = EGET(dyn->d_un.d_val); break;*/ \
-			} \
-			++dyn; \
+	\
+	/* Find the dynamic headers */ \
+	phdr = scanelf_file_get_pt_dynamic(elf); \
+	if (phdr == NULL) \
+		break; \
+	offset = EGET(phdr->p_offset); \
+	\
+	dyn = DYN ## B (elf->vdata + offset); \
+	while (EGET(dyn->d_tag) != DT_NULL) { \
+		switch (EGET(dyn->d_tag)) { \
+		case DT_SYMTAB:   vsym = EGET(dyn->d_un.d_val); break; \
+		case DT_SYMENT:   sym_shdr.sh_entsize = dyn->d_un.d_val; break; \
+		case DT_STRTAB:   vstr = EGET(dyn->d_un.d_val); break; \
+		case DT_STRSZ:    str_shdr.sh_size = dyn->d_un.d_val; break; \
+		case DT_HASH:     vhash = EGET(dyn->d_un.d_val); break; \
+		/*case DT_GNU_HASH: vgnu_hash = EGET(dyn->d_un.d_val); break;*/ \
 		} \
-		if (vsym && vstr) \
-			break; \
+		++dyn; \
 	} \
 	if (!vsym || !vstr || !(vhash || vgnu_hash)) \
 		return; \
@@ -486,7 +531,6 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 {
 	static const char *ret = "TEXTREL";
-	unsigned long i;
 
 	if (!show_textrel && !show_textrels) return NULL;
 
@@ -494,22 +538,23 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 
 #define SHOW_TEXTREL(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Off offset; \
-	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
-		offset = EGET(phdr[i].p_offset); \
-		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-		dyn = DYN ## B (elf->vdata + offset); \
-		while (EGET(dyn->d_tag) != DT_NULL) { \
-			if (EGET(dyn->d_tag) == DT_TEXTREL) { /*dyn->d_tag != DT_FLAGS)*/ \
-				*found_textrel = 1; \
-				/*if (dyn->d_un.d_val & DF_TEXTREL)*/ \
-				return (be_wewy_wewy_quiet ? NULL : ret); \
-			} \
-			++dyn; \
+	\
+	/* Find the dynamic headers */ \
+	phdr = scanelf_file_get_pt_dynamic(elf); \
+	if (phdr == NULL) \
+		break; \
+	offset = EGET(phdr->p_offset); \
+	\
+	dyn = DYN ## B (elf->vdata + offset); \
+	while (EGET(dyn->d_tag) != DT_NULL) { \
+		if (EGET(dyn->d_tag) == DT_TEXTREL) { /*dyn->d_tag != DT_FLAGS)*/ \
+			*found_textrel = 1; \
+			/*if (dyn->d_un.d_val & DF_TEXTREL)*/ \
+			return (be_wewy_wewy_quiet ? NULL : ret); \
 		} \
+		++dyn; \
 	}
 	if (elf->phdr)
 		SCANELF_ELF_SIZED(SHOW_TEXTREL);
@@ -680,7 +725,6 @@ static void rpath_security_checks(elfobj *elf, char *item, const char *dt_type)
 }
 static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len)
 {
-	unsigned long i;
 	char *rpath, *runpath, **r;
 	void *strtbl_void;
 
@@ -691,112 +735,111 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 
 #define SHOW_RPATH(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
 	Elf ## B ## _Off offset; \
 	Elf ## B ## _Xword word; \
-	/* Scan all the program headers */ \
-	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-		/* Just scan dynamic headers */ \
-		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
-		offset = EGET(phdr[i].p_offset); \
-		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-		/* Just scan dynamic RPATH/RUNPATH headers */ \
-		dyn = DYN ## B (elf->vdata + offset); \
-		while ((word=EGET(dyn->d_tag)) != DT_NULL) { \
-			if (word == DT_RPATH) { \
-				r = &rpath; \
-			} else if (word == DT_RUNPATH) { \
-				r = &runpath; \
-			} else { \
-				++dyn; \
-				continue; \
+	\
+	/* Find the dynamic headers */ \
+	phdr = scanelf_file_get_pt_dynamic(elf); \
+	if (phdr == NULL) \
+		break; \
+	offset = EGET(phdr->p_offset); \
+	\
+	/* Just scan dynamic RPATH/RUNPATH headers */ \
+	dyn = DYN ## B (elf->vdata + offset); \
+	while ((word=EGET(dyn->d_tag)) != DT_NULL) { \
+		if (word == DT_RPATH) { \
+			r = &rpath; \
+		} else if (word == DT_RUNPATH) { \
+			r = &runpath; \
+		} else { \
+			++dyn; \
+			continue; \
+		} \
+		/* Verify the memory is somewhat sane */ \
+		offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+		if (offset < (Elf ## B ## _Off)elf->len) { \
+			if (*r) warn("ELF has multiple %s's !?", get_elfdtype(word)); \
+			*r = elf->data + offset; \
+			/* cache the length in case we need to nuke this section later on */ \
+			if (fix_elf) \
+				offset = strlen(*r); \
+			/* If quiet, don't output paths in ld.so.conf */ \
+			if (be_quiet) { \
+				size_t len; \
+				char *start, *end; \
+				/* note that we only 'chop' off leading known paths. */ \
+				/* since *r is read-only memory, we can only move the ptr forward. */ \
+				start = *r; \
+				/* scan each path in : delimited list */ \
+				while (start) { \
+					rpath_security_checks(elf, start, get_elfdtype(word)); \
+					end = strchr(start, ':'); \
+					len = (end ? abs(end - start) : strlen(start)); \
+					if (use_ldcache) { \
+						size_t n; \
+						const char *ldpath; \
+						array_for_each(ldpaths, n, ldpath) \
+							if (!strncmp(ldpath, start, len) && !ldpath[len]) { \
+								*r = end; \
+								/* corner case ... if RPATH reads "/usr/lib:", we want \
+								 * to show ':' rather than '' */ \
+								if (end && end[1] != '\0') \
+									(*r)++; \
+								break; \
+							} \
+					} \
+					if (!*r || !end) \
+						break; \
+					else \
+						start = start + len + 1; \
+				} \
 			} \
-			/* Verify the memory is somewhat sane */ \
-			offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-			if (offset < (Elf ## B ## _Off)elf->len) { \
-				if (*r) warn("ELF has multiple %s's !?", get_elfdtype(word)); \
-				*r = elf->data + offset; \
-				/* cache the length in case we need to nuke this section later on */ \
-				if (fix_elf) \
-					offset = strlen(*r); \
-				/* If quiet, don't output paths in ld.so.conf */ \
-				if (be_quiet) { \
-					size_t len; \
+			if (*r) { \
+				if (fix_elf > 2 || (fix_elf && **r == '\0')) { \
+					/* just nuke it */ \
+					nuke_it##B: \
+					memset(*r, 0x00, offset); \
+					*r = NULL; \
+					ESET(dyn->d_tag, DT_DEBUG); \
+					ESET(dyn->d_un.d_ptr, 0); \
+				} else if (fix_elf) { \
+					/* try to clean "bad" paths */ \
+					size_t len, tmpdir_len; \
 					char *start, *end; \
-					/* note that we only 'chop' off leading known paths. */ \
-					/* since *r is read-only memory, we can only move the ptr forward. */ \
+					const char *tmpdir; \
 					start = *r; \
-					/* scan each path in : delimited list */ \
-					while (start) { \
-						rpath_security_checks(elf, start, get_elfdtype(word)); \
+					tmpdir = (getenv("TMPDIR") ? : "."); \
+					tmpdir_len = strlen(tmpdir); \
+					while (1) { \
 						end = strchr(start, ':'); \
-						len = (end ? abs(end - start) : strlen(start)); \
-						if (use_ldcache) { \
-							size_t n; \
-							const char *ldpath; \
-							array_for_each(ldpaths, n, ldpath) \
-								if (!strncmp(ldpath, start, len) && !ldpath[len]) { \
-									*r = end; \
-									/* corner case ... if RPATH reads "/usr/lib:", we want \
-									 * to show ':' rather than '' */ \
-									if (end && end[1] != '\0') \
-										(*r)++; \
-									break; \
-								} \
+						if (start == end) { \
+							eat_this_path##B: \
+							len = strlen(end); \
+							memmove(start, end+1, len); \
+							start[len-1] = '\0'; \
+							end = start - 1; \
+						} else if (tmpdir && !strncmp(start, tmpdir, tmpdir_len)) { \
+							if (!end) { \
+								if (start == *r) \
+									goto nuke_it##B; \
+								*--start = '\0'; \
+							} else \
+								goto eat_this_path##B; \
 						} \
-						if (!*r || !end) \
+						if (!end) \
 							break; \
-						else \
-							start = start + len + 1; \
+						start = end + 1; \
 					} \
+					if (**r == '\0') \
+						goto nuke_it##B; \
 				} \
-				if (*r) { \
-					if (fix_elf > 2 || (fix_elf && **r == '\0')) { \
-						/* just nuke it */ \
-						nuke_it##B: \
-						memset(*r, 0x00, offset); \
-						*r = NULL; \
-						ESET(dyn->d_tag, DT_DEBUG); \
-						ESET(dyn->d_un.d_ptr, 0); \
-					} else if (fix_elf) { \
-						/* try to clean "bad" paths */ \
-						size_t len, tmpdir_len; \
-						char *start, *end; \
-						const char *tmpdir; \
-						start = *r; \
-						tmpdir = (getenv("TMPDIR") ? : "."); \
-						tmpdir_len = strlen(tmpdir); \
-						while (1) { \
-							end = strchr(start, ':'); \
-							if (start == end) { \
-								eat_this_path##B: \
-								len = strlen(end); \
-								memmove(start, end+1, len); \
-								start[len-1] = '\0'; \
-								end = start - 1; \
-							} else if (tmpdir && !strncmp(start, tmpdir, tmpdir_len)) { \
-								if (!end) { \
-									if (start == *r) \
-										goto nuke_it##B; \
-									*--start = '\0'; \
-								} else \
-									goto eat_this_path##B; \
-							} \
-							if (!end) \
-								break; \
-							start = end + 1; \
-						} \
-						if (**r == '\0') \
-							goto nuke_it##B; \
-					} \
-					if (*r) \
-						*found_rpath = 1; \
-				} \
+				if (*r) \
+					*found_rpath = 1; \
 			} \
-			++dyn; \
 		} \
+		++dyn; \
 	}
 	if (elf->phdr && strtbl_void)
 		SCANELF_ELF_SIZED(SHOW_RPATH);
@@ -837,7 +880,6 @@ static char *lookup_config_lib(const char *fname)
 
 static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char *found_lib, int op, char **ret, size_t *ret_len)
 {
-	unsigned long i;
 	char *needed;
 	void *strtbl_void;
 	char *p;
@@ -853,63 +895,61 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 
 #define SHOW_NEEDED(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
 	Elf ## B ## _Off offset; \
 	size_t matched = 0; \
-	/* Walk all the program headers to find the PT_DYNAMIC */ \
-	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) \
-			continue; \
-		offset = EGET(phdr[i].p_offset); \
-		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) \
-			continue; \
-		/* Walk all the dynamic tags to find NEEDED entries */ \
-		dyn = DYN ## B (elf->vdata + offset); \
-		while (EGET(dyn->d_tag) != DT_NULL) { \
-			if (EGET(dyn->d_tag) == DT_NEEDED) { \
-				offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-				if (offset >= (Elf ## B ## _Off)elf->len) { \
-					++dyn; \
-					continue; \
-				} \
-				needed = elf->data + offset; \
-				if (op == 0) { \
-					/* -n -> print all entries */ \
-					if (!be_wewy_wewy_quiet) { \
-						if (*found_needed) xchrcat(ret, ',', ret_len); \
-						if (use_ldpath) { \
-							if ((p = lookup_config_lib(needed)) != NULL) \
-								needed = p; \
-						} else if (use_ldcache) { \
-							if ((p = ldso_cache_lookup_lib(elf, needed)) != NULL) \
-								needed = p; \
-						} \
-						xstrcat(ret, needed, ret_len); \
-					} \
-					*found_needed = 1; \
-				} else { \
-					/* -N -> print matching entries */ \
-					size_t n; \
-					const char *find_lib_name; \
-					\
-					array_for_each(find_lib_arr, n, find_lib_name) { \
-						int invert = 1; \
-						if (find_lib_name[0] == '!') \
-							invert = 0, ++find_lib_name; \
-						if ((!strcmp(find_lib_name, needed)) == invert) \
-							++matched; \
-					} \
-					\
-					if (matched == array_cnt(find_lib_arr)) { \
-						*found_lib = 1; \
-						return (be_wewy_wewy_quiet ? NULL : find_lib); \
+	\
+	/* Find the dynamic headers */ \
+	phdr = scanelf_file_get_pt_dynamic(elf); \
+	if (phdr == NULL) \
+		break; \
+	offset = EGET(phdr->p_offset); \
+	\
+	/* Walk all the dynamic tags to find NEEDED entries */ \
+	dyn = DYN ## B (elf->vdata + offset); \
+	while (EGET(dyn->d_tag) != DT_NULL) { \
+		if (EGET(dyn->d_tag) == DT_NEEDED) { \
+			offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+			if (offset >= (Elf ## B ## _Off)elf->len) { \
+				++dyn; \
+				continue; \
+			} \
+			needed = elf->data + offset; \
+			if (op == 0) { \
+				/* -n -> print all entries */ \
+				if (!be_wewy_wewy_quiet) { \
+					if (*found_needed) xchrcat(ret, ',', ret_len); \
+					if (use_ldpath) { \
+						if ((p = lookup_config_lib(needed)) != NULL) \
+							needed = p; \
+					} else if (use_ldcache) { \
+						if ((p = ldso_cache_lookup_lib(elf, needed)) != NULL) \
+							needed = p; \
 					} \
+					xstrcat(ret, needed, ret_len); \
+				} \
+				*found_needed = 1; \
+			} else { \
+				/* -N -> print matching entries */ \
+				size_t n; \
+				const char *find_lib_name; \
+				\
+				array_for_each(find_lib_arr, n, find_lib_name) { \
+					int invert = 1; \
+					if (find_lib_name[0] == '!') \
+						invert = 0, ++find_lib_name; \
+					if ((!strcmp(find_lib_name, needed)) == invert) \
+						++matched; \
+				} \
+				\
+				if (matched == array_cnt(find_lib_arr)) { \
+					*found_lib = 1; \
+					return (be_wewy_wewy_quiet ? NULL : find_lib); \
 				} \
 			} \
-			++dyn; \
 		} \
+		++dyn; \
 	}
 	if (elf->phdr && strtbl_void) {
 		SCANELF_ELF_SIZED(SHOW_NEEDED);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     fe581f7555f39140cbfac05d8fbccc1ef25eba0e
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 27 03:36:49 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Nov 27 03:36:49 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=fe581f75

scanmacho: fix 126 byte limit on -E option

 scanmacho.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scanmacho.c b/scanmacho.c
index 30ee730..71b1593 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -25,7 +25,7 @@ static void usage(int status);
 static int parseargs(int argc, char *argv[]);
 
 /* variables to control behavior */
-static char match_etypes[126] = "";
+static const char *match_etypes = NULL;
 static char scan_envpath = 0;
 static char scan_symlink = 1;
 static char scan_archives = 0;
@@ -348,7 +348,7 @@ static int scanmacho_fat(const char *filename, int fd, size_t len)
 		default:
 			break;
 	}
-	if (strlen(match_etypes)) {
+	if (match_etypes) {
 		char sbuf[128];
 		char ftype[32];
 
@@ -640,7 +640,7 @@ static int parseargs(int argc, char *argv[])
 			from_file = optarg;
 			break;
 		case 'E':
-			strncpy(match_etypes, optarg, sizeof(match_etypes));
+			match_etypes = optarg;
 			break;
 		case 'M':
 			match_bits = atoi(optarg);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     5e9d4e12714a20e25f233caa6c7246d0802a2a76
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 23 23:36:17 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Nov 23 23:36:17 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5e9d4e12

dumpelf: add support for prelink sections

 dumpelf.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/dumpelf.c b/dumpelf.c
index 066a239..6b2458a 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -324,6 +324,24 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 	DUMP_PHDR(64)
 }
 
+static const char *timestamp(uint64_t stamp)
+{
+	/* This doesn't work when run on a 32-bit host with 32-bit time_t beyond
+	 * beyond 2038, but we'll worry about that later.
+	 */
+	static char buf[20];
+	time_t t;
+	struct tm *tm;
+
+	t = stamp;
+	tm = gmtime(&t);
+	snprintf (buf, sizeof(buf), "%04u-%02u-%02u %02u:%02u:%02u",
+		tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
+		tm->tm_hour, tm->tm_min, tm->tm_sec);
+
+	return buf;
+}
+
 static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const char *section_name)
 {
 	size_t i;
@@ -412,6 +430,22 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 		case SHT_NOTE: \
 			dump_notes(elf, B, vdata, vdata + EGET(shdr->sh_size)); \
 			break; \
+		case SHT_GNU_LIBLIST: { \
+			Elf##B##_Lib *lib = vdata; \
+			printf("\n\t/%c section dump:\n", '*'); \
+			for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \
+				printf("\t * Elf%i_Lib lib%zu = {\n", B, i); \
+				printf("\t * \t.l_name       = %"PRIu64",\n", EGET(lib->l_name)); \
+				printf("\t * \t.l_time_stamp = 0x%"PRIX64", (%s)\n", \
+				       EGET(lib->l_time_stamp), timestamp(EGET(lib->l_time_stamp))); \
+				printf("\t * \t.l_checksum   = 0x%"PRIX64",\n", EGET(lib->l_checksum)); \
+				printf("\t * \t.l_version    = %"PRIu64",\n", EGET(lib->l_version)); \
+				printf("\t * \t.l_flags      = 0x%"PRIX64"\n", EGET(lib->l_flags)); \
+				printf("\t * };\n"); \
+				++lib; \
+			} \
+			printf("\t */\n"); \
+		} \
 		default: { \
 			if (be_verbose <= 1) \
 				break; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     71c10be3f18e5d9a702503947173191a202db01a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 21 07:08:22 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Jan 21 07:08:22 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=71c10be3

security: fix building on much older systems

Basically wrap all defines in ifdefs or add fallback stubs.

URL: https://bugs.gentoo.org/606184

 security.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/security.c b/security.c
index 8019860..a86f375 100644
--- a/security.c
+++ b/security.c
@@ -9,6 +9,23 @@
 
 #ifdef __linux__
 
+/* Older versions of Linux might not have these. */
+#ifndef CLONE_NEWIPC
+#define CLONE_NEWIPC 0
+#endif
+#ifndef CLONE_NEWNET
+#define CLONE_NEWNET 0
+#endif
+#ifndef CLONE_NEWNS
+#define CLONE_NEWNS 0
+#endif
+#ifndef CLONE_NEWPID
+#define CLONE_NEWPID 0
+#endif
+#ifndef CLONE_NEWUTS
+#define CLONE_NEWUTS 0
+#endif
+
 #ifdef __SANITIZE_ADDRESS__
 /* ASAN does some weird stuff. */
 # define ALLOW_PIDNS 0
@@ -229,7 +246,7 @@ void security_init_pid(void)
 {
 	int flags;
 
-	if (!ALLOW_PIDNS)
+	if (!ALLOW_PIDNS || CLONE_NEWPID == 0)
 		return;
 
 	flags = ns_unshare(CLONE_NEWPID);
@@ -248,13 +265,19 @@ void security_init(bool allow_forking)
 		allow_forking = true;
 
 	/* Drop all possible caps for us and our children.  */
+#ifdef PR_SET_NO_NEW_PRIVS /* New to linux-3.5 */
 	prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+#endif
+#ifdef PR_SET_SECUREBITS /* New to linux-2.6.26 */
+# ifdef SECBIT_KEEP_CAPS_LOCKED /* New to linux-2.6.33 (all SECBIT_xxx) */
 	prctl(PR_SET_SECUREBITS,
 		SECBIT_KEEP_CAPS_LOCKED |
 		SECBIT_NO_SETUID_FIXUP |
 		SECBIT_NO_SETUID_FIXUP_LOCKED |
 		SECBIT_NOROOT |
 		SECBIT_NOROOT_LOCKED, 0, 0, 0);
+# endif
+#endif
 
 	/* None of the pax tools need access to these features. */
 	flags = CLONE_NEWIPC | CLONE_NEWUTS;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     3c5938e7d4064541eab1d5e02de61237e05a1699
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 23 23:35:58 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Nov 23 23:35:58 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=3c5938e7

dumpelf: add support for dumping notes

 dumpelf.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 paxelf.c  | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++
 paxelf.h  |  1 +
 paxinc.h  |  6 +++++
 4 files changed, 151 insertions(+), 9 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index d95a161..066a239 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -14,7 +14,7 @@ const char argv0[] = "dumpelf";
 static void dumpelf(const char *filename, size_t file_cnt);
 static void dump_ehdr(elfobj *elf, const void *ehdr);
 static void dump_phdr(elfobj *elf, const void *phdr, size_t phdr_cnt);
-static void dump_shdr(elfobj *elf, const void *shdr, size_t shdr_cnt, const char *name);
+static void dump_shdr(elfobj *elf, const void *shdr, size_t shdr_cnt, const char *section_name);
 static void dump_dyn(elfobj *elf, const void *dyn, size_t dyn_cnt);
 #if 0
 static void dump_sym(elfobj *elf, const void *sym);
@@ -203,6 +203,56 @@ static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 	DUMP_EHDR(64)
 }
 
+static void dump_notes(elfobj *elf, size_t B, const void *memory, const void *memory_end)
+{
+	/* While normally we'd worry about Elf32_Nhdr vs Elf64_Nhdr, in the ELF
+	 * world, the two structs are exactly the same.  So avoid ugly CPP.
+	 */
+	size_t i;
+	const void *ndata = memory;
+	const char *name;
+	const unsigned char *desc;
+	uint32_t namesz, descsz;
+	const Elf32_Nhdr *note;
+	/* The first few bytes are the same between 32 & 64 bit ELFs. */
+	uint16_t e_type = EGET(((const Elf32_Ehdr *)elf->ehdr)->e_type);
+
+	if (memory_end > elf->data_end) {
+		printf("\n\t/%c note section is corrupt */\n", '*');
+		return;
+	}
+
+	printf("\n\t/%c note section dump:\n", '*');
+	for (i = 0; ndata < memory_end; ++i) {
+		note = ndata;
+		namesz = EGET(note->n_namesz);
+		descsz = EGET(note->n_descsz);
+		name = namesz ? ndata + sizeof(*note) : "";
+		desc = descsz ? ndata + sizeof(*note) + ALIGN_UP(namesz, 4) : "";
+		ndata += sizeof(*note) + ALIGN_UP(namesz, 4) + ALIGN_UP(descsz, 4);
+
+		if (ndata > memory_end) {
+			printf("\tNote is corrupt\n");
+			break;
+		}
+
+		printf("\t * Elf%zu_Nhdr note%zu = {\n", B, i);
+		printf("\t * \t.n_namesz = %u, (bytes) [%s]\n", namesz, name);
+		printf("\t * \t.n_descsz = %u, (bytes)", descsz);
+		if (descsz) {
+			printf(" [ ");
+			for (i = 0; i < descsz; ++i)
+				printf("%.2X ", desc[i]);
+			printf("]");
+		}
+		printf("\n");
+		printf("\t * \t.n_type   = %"PRIX64", [%s]\n",
+		       EGET(note->n_type), get_elfnttype(e_type, name, EGET(note->n_type)));
+		printf("\t * };\n");
+	}
+	printf("\t */\n");
+}
+
 static const char *dump_p_flags(uint32_t type, uint32_t flags)
 {
 	static char buf[1024];
@@ -240,6 +290,8 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 #define DUMP_PHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
 	const Elf ## B ## _Phdr *phdr = PHDR ## B (phdr_void); \
+	Elf ## B ## _Off offset = EGET(phdr->p_offset); \
+	void *vdata = elf->vdata + offset; \
 	uint32_t p_type = EGET(phdr->p_type); \
 	switch (p_type) { \
 	case PT_DYNAMIC: phdr_dynamic_void = phdr_void; break; \
@@ -254,21 +306,33 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 	printf("\t.p_memsz  = %-10"PRIu64" , /* (bytes in mem at runtime) */\n", EGET(phdr->p_memsz)); \
 	printf("\t.p_flags  = 0x%-8X , /* %s */\n", (uint32_t)EGET(phdr->p_flags), dump_p_flags(p_type, EGET(phdr->p_flags))); \
 	printf("\t.p_align  = %-10"PRIu64" , /* (min mem alignment in bytes) */\n", EGET(phdr->p_align)); \
+	\
+	if ((off_t)EGET(phdr->p_offset) > elf->len) { \
+		printf("\t/* Warning: Program segment is corrupt. */\n"); \
+		goto done##B; \
+	} \
+	\
+	switch (p_type) { \
+	case PT_NOTE: \
+		dump_notes(elf, B, vdata, vdata + EGET(phdr->p_filesz)); \
+		break; \
+	} \
+ done##B: \
 	printf("},\n"); \
 	}
 	DUMP_PHDR(32)
 	DUMP_PHDR(64)
 }
 
-static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const char *name)
+static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const char *section_name)
 {
 	size_t i;
 
 	/* Make sure the string is valid. */
-	if ((void *)name >= elf->data_end)
-		name = "<corrupt>";
-	else if (memchr(name, 0, elf->len - (name - elf->data)) == NULL)
-		name = "<corrupt>";
+	if ((void *)section_name >= elf->data_end)
+		section_name = "<corrupt>";
+	else if (memchr(section_name, 0, elf->len - (section_name - elf->data)) == NULL)
+		section_name = "<corrupt>";
 
 #define DUMP_SHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
@@ -278,7 +342,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 	uint ## B ## _t size = EGET(shdr->sh_size); \
 	\
 	printf("/* Section Header #%zu '%s' 0x%tX */\n{\n", \
-	       shdr_cnt, name, (uintptr_t)shdr_void - elf->udata); \
+	       shdr_cnt, section_name, (uintptr_t)shdr_void - elf->udata); \
 	printf("\t.sh_name      = %-10u ,\n", (uint32_t)EGET(shdr->sh_name)); \
 	printf("\t.sh_type      = %-10u , /* [%s] */\n", (uint32_t)EGET(shdr->sh_type), get_elfshttype(type)); \
 	printf("\t.sh_flags     = %-10"PRIu64" ,\n", EGET(shdr->sh_flags)); \
@@ -301,11 +365,11 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 		unsigned char *data = vdata; \
 		switch (type) { \
 		case SHT_PROGBITS: { \
-			if (strcmp(name, ".interp") == 0) { \
+			if (strcmp(section_name, ".interp") == 0) { \
 				printf("\n\t/* ELF interpreter: %s */\n", data); \
 				break; \
 			} \
-			if (strcmp(name, ".comment") != 0) \
+			if (strcmp(section_name, ".comment") != 0) \
 				break; \
 			break; \
 		} \
@@ -345,6 +409,9 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 			printf("\t */\n"); \
 			break; \
 		} \
+		case SHT_NOTE: \
+			dump_notes(elf, B, vdata, vdata + EGET(shdr->sh_size)); \
+			break; \
 		default: { \
 			if (be_verbose <= 1) \
 				break; \

diff --git a/paxelf.c b/paxelf.c
index 5b6fe24..c614e2d 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -480,6 +480,74 @@ const char *get_elfshntype(int type)
 	return find_pairtype(elf_shntypes, type);
 }
 
+/* translate elf NT_ defines */
+static pairtype elf_nttypes_GNU[] = {
+	QUERY(NT_GNU_ABI_TAG),
+	QUERY(NT_GNU_HWCAP),
+	QUERY(NT_GNU_BUILD_ID),
+	QUERY(NT_GNU_GOLD_VERSION),
+	{ 0, 0 }
+};
+static pairtype elf_nttypes_core[] = {
+	QUERY(NT_PRSTATUS),
+	QUERY(NT_FPREGSET),
+	QUERY(NT_PRPSINFO),
+	QUERY(NT_PRXREG),
+	QUERY(NT_TASKSTRUCT),
+	QUERY(NT_PLATFORM),
+	QUERY(NT_AUXV),
+	QUERY(NT_GWINDOWS),
+	QUERY(NT_ASRS),
+	QUERY(NT_PSTATUS),
+	QUERY(NT_PSINFO),
+	QUERY(NT_PRCRED),
+	QUERY(NT_UTSNAME),
+	QUERY(NT_LWPSTATUS),
+	QUERY(NT_LWPSINFO),
+	QUERY(NT_PRFPXREG),
+	QUERY(NT_SIGINFO),
+	QUERY(NT_FILE),
+	QUERY(NT_PRXFPREG),
+	QUERY(NT_PPC_VMX),
+	QUERY(NT_PPC_SPE),
+	QUERY(NT_PPC_VSX),
+	QUERY(NT_386_TLS),
+	QUERY(NT_386_IOPERM),
+	QUERY(NT_X86_XSTATE),
+	QUERY(NT_S390_HIGH_GPRS),
+	QUERY(NT_S390_TIMER),
+	QUERY(NT_S390_TODCMP),
+	QUERY(NT_S390_TODPREG),
+	QUERY(NT_S390_CTRS),
+	QUERY(NT_S390_PREFIX),
+	QUERY(NT_S390_LAST_BREAK),
+	QUERY(NT_S390_SYSTEM_CALL),
+	QUERY(NT_S390_TDB),
+	QUERY(NT_ARM_VFP),
+	QUERY(NT_ARM_TLS),
+	QUERY(NT_ARM_HW_BREAK),
+	QUERY(NT_ARM_HW_WATCH),
+	{ 0, 0 }
+};
+static pairtype elf_nttypes_fallback[] = {
+	QUERY(NT_VERSION),
+	{ 0, 0 }
+};
+const char *get_elfnttype(uint16_t e_type, const char *name, int type)
+{
+	if (name) {
+		if (!strcmp(name, "GNU"))
+			return find_pairtype(elf_nttypes_GNU, type);
+
+		/* Unknown extension, so just fallback to common ones. */
+	}
+
+	if (e_type == ET_CORE)
+		return find_pairtype(elf_nttypes_core, type);
+	else
+		return find_pairtype(elf_nttypes_fallback, type);
+}
+
 /* Read an ELF into memory */
 #define IS_ELF_BUFFER(buff) \
 	(buff[EI_MAG0] == ELFMAG0 && \

diff --git a/paxelf.h b/paxelf.h
index aa34ca6..56fa9f3 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -69,6 +69,7 @@ extern const char *get_elfshttype(int type);
 extern const char *get_elfstbtype(int type);
 extern const char *get_elfstvtype(int type);
 extern const char *get_elfstttype(int type);
+extern const char *get_elfnttype(uint16_t e_type, const char *name, int type);
 extern void *elf_findsecbyname(elfobj *elf, const char *name);
 extern unsigned int get_etype(elfobj *elf);
 extern unsigned int get_emtype(elfobj *elf);

diff --git a/paxinc.h b/paxinc.h
index 82f7d1f..6d433b9 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -102,6 +102,12 @@ const char *strfileperms(const char *fname);
 		} else { errf("ESET failed :( (size(Y) == %i)", (int)sizeof(Y)); } \
 	} while (0)
 
+/* alignment helpers */
+#define ALIGN_DOWN(base, size) ((base) & -((__typeof__(base)) (size)))
+#define ALIGN_UP(base, size)   ALIGN_DOWN((base) + (size) - 1, (size))
+#define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size)))
+#define PTR_ALIGN_UP(base, size)   ((__typeof__(base))ALIGN_UP  ((uintptr_t)(base), (size)))
+
 /* helper functions for showing errors */
 extern const char *NORM, *RED, *YELLOW;
 void color_init(bool disable);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-22 17:59 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-22 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     b091c4764133a1eab7921809f3b4aee938faa194
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 24 00:01:18 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Nov 24 00:01:18 2016 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b091c476

scanelf: standardize macro indentation levels

The style for indentation of ELF macros has drifted over time.
Realign them all to follow the same style.  No functional changes.

 scanelf.c | 509 +++++++++++++++++++++++++++++++-------------------------------
 1 file changed, 254 insertions(+), 255 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 71288fc..5632527 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -690,114 +690,114 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 	rpath = runpath = NULL;
 
 #define SHOW_RPATH(B) \
-		Elf ## B ## _Dyn *dyn; \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
-		Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-		Elf ## B ## _Off offset; \
-		Elf ## B ## _Xword word; \
-		/* Scan all the program headers */ \
-		for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-			/* Just scan dynamic headers */ \
-			if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
-			offset = EGET(phdr[i].p_offset); \
-			if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-			/* Just scan dynamic RPATH/RUNPATH headers */ \
-			dyn = DYN ## B (elf->vdata + offset); \
-			while ((word=EGET(dyn->d_tag)) != DT_NULL) { \
-				if (word == DT_RPATH) { \
-					r = &rpath; \
-				} else if (word == DT_RUNPATH) { \
-					r = &runpath; \
-				} else { \
-					++dyn; \
-					continue; \
+	Elf ## B ## _Dyn *dyn; \
+	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+	Elf ## B ## _Off offset; \
+	Elf ## B ## _Xword word; \
+	/* Scan all the program headers */ \
+	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
+		/* Just scan dynamic headers */ \
+		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
+		offset = EGET(phdr[i].p_offset); \
+		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
+		/* Just scan dynamic RPATH/RUNPATH headers */ \
+		dyn = DYN ## B (elf->vdata + offset); \
+		while ((word=EGET(dyn->d_tag)) != DT_NULL) { \
+			if (word == DT_RPATH) { \
+				r = &rpath; \
+			} else if (word == DT_RUNPATH) { \
+				r = &runpath; \
+			} else { \
+				++dyn; \
+				continue; \
+			} \
+			/* Verify the memory is somewhat sane */ \
+			offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+			if (offset < (Elf ## B ## _Off)elf->len) { \
+				if (*r) warn("ELF has multiple %s's !?", get_elfdtype(word)); \
+				*r = elf->data + offset; \
+				/* cache the length in case we need to nuke this section later on */ \
+				if (fix_elf) \
+					offset = strlen(*r); \
+				/* If quiet, don't output paths in ld.so.conf */ \
+				if (be_quiet) { \
+					size_t len; \
+					char *start, *end; \
+					/* note that we only 'chop' off leading known paths. */ \
+					/* since *r is read-only memory, we can only move the ptr forward. */ \
+					start = *r; \
+					/* scan each path in : delimited list */ \
+					while (start) { \
+						rpath_security_checks(elf, start, get_elfdtype(word)); \
+						end = strchr(start, ':'); \
+						len = (end ? abs(end - start) : strlen(start)); \
+						if (use_ldcache) { \
+							size_t n; \
+							const char *ldpath; \
+							array_for_each(ldpaths, n, ldpath) \
+								if (!strncmp(ldpath, start, len) && !ldpath[len]) { \
+									*r = end; \
+									/* corner case ... if RPATH reads "/usr/lib:", we want \
+									 * to show ':' rather than '' */ \
+									if (end && end[1] != '\0') \
+										(*r)++; \
+									break; \
+								} \
+						} \
+						if (!*r || !end) \
+							break; \
+						else \
+							start = start + len + 1; \
+					} \
 				} \
-				/* Verify the memory is somewhat sane */ \
-				offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-				if (offset < (Elf ## B ## _Off)elf->len) { \
-					if (*r) warn("ELF has multiple %s's !?", get_elfdtype(word)); \
-					*r = elf->data + offset; \
-					/* cache the length in case we need to nuke this section later on */ \
-					if (fix_elf) \
-						offset = strlen(*r); \
-					/* If quiet, don't output paths in ld.so.conf */ \
-					if (be_quiet) { \
-						size_t len; \
+				if (*r) { \
+					if (fix_elf > 2 || (fix_elf && **r == '\0')) { \
+						/* just nuke it */ \
+						nuke_it##B: \
+						memset(*r, 0x00, offset); \
+						*r = NULL; \
+						ESET(dyn->d_tag, DT_DEBUG); \
+						ESET(dyn->d_un.d_ptr, 0); \
+					} else if (fix_elf) { \
+						/* try to clean "bad" paths */ \
+						size_t len, tmpdir_len; \
 						char *start, *end; \
-						/* note that we only 'chop' off leading known paths. */ \
-						/* since *r is read-only memory, we can only move the ptr forward. */ \
+						const char *tmpdir; \
 						start = *r; \
-						/* scan each path in : delimited list */ \
-						while (start) { \
-							rpath_security_checks(elf, start, get_elfdtype(word)); \
+						tmpdir = (getenv("TMPDIR") ? : "."); \
+						tmpdir_len = strlen(tmpdir); \
+						while (1) { \
 							end = strchr(start, ':'); \
-							len = (end ? abs(end - start) : strlen(start)); \
-							if (use_ldcache) { \
-								size_t n; \
-								const char *ldpath; \
-								array_for_each(ldpaths, n, ldpath) \
-									if (!strncmp(ldpath, start, len) && !ldpath[len]) { \
-										*r = end; \
-										/* corner case ... if RPATH reads "/usr/lib:", we want \
-										 * to show ':' rather than '' */ \
-										if (end && end[1] != '\0') \
-											(*r)++; \
-										break; \
-									} \
+							if (start == end) { \
+								eat_this_path##B: \
+								len = strlen(end); \
+								memmove(start, end+1, len); \
+								start[len-1] = '\0'; \
+								end = start - 1; \
+							} else if (tmpdir && !strncmp(start, tmpdir, tmpdir_len)) { \
+								if (!end) { \
+									if (start == *r) \
+										goto nuke_it##B; \
+									*--start = '\0'; \
+								} else \
+									goto eat_this_path##B; \
 							} \
-							if (!*r || !end) \
+							if (!end) \
 								break; \
-							else \
-								start = start + len + 1; \
+							start = end + 1; \
 						} \
+						if (**r == '\0') \
+							goto nuke_it##B; \
 					} \
-					if (*r) { \
-						if (fix_elf > 2 || (fix_elf && **r == '\0')) { \
-							/* just nuke it */ \
-							nuke_it##B: \
-							memset(*r, 0x00, offset); \
-							*r = NULL; \
-							ESET(dyn->d_tag, DT_DEBUG); \
-							ESET(dyn->d_un.d_ptr, 0); \
-						} else if (fix_elf) { \
-							/* try to clean "bad" paths */ \
-							size_t len, tmpdir_len; \
-							char *start, *end; \
-							const char *tmpdir; \
-							start = *r; \
-							tmpdir = (getenv("TMPDIR") ? : "."); \
-							tmpdir_len = strlen(tmpdir); \
-							while (1) { \
-								end = strchr(start, ':'); \
-								if (start == end) { \
-									eat_this_path##B: \
-									len = strlen(end); \
-									memmove(start, end+1, len); \
-									start[len-1] = '\0'; \
-									end = start - 1; \
-								} else if (tmpdir && !strncmp(start, tmpdir, tmpdir_len)) { \
-									if (!end) { \
-										if (start == *r) \
-											goto nuke_it##B; \
-										*--start = '\0'; \
-									} else \
-										goto eat_this_path##B; \
-								} \
-								if (!end) \
-									break; \
-								start = end + 1; \
-							} \
-							if (**r == '\0') \
-								goto nuke_it##B; \
-						} \
-						if (*r) \
-							*found_rpath = 1; \
-					} \
+					if (*r) \
+						*found_rpath = 1; \
 				} \
-				++dyn; \
 			} \
-		}
+			++dyn; \
+		} \
+	}
 	if (elf->phdr && strtbl_void)
 		SCANELF_ELF_SIZED(SHOW_RPATH);
 
@@ -852,65 +852,65 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 	strtbl_void = elf_findsecbyname(elf, ".dynstr");
 
 #define SHOW_NEEDED(B) \
-		Elf ## B ## _Dyn *dyn; \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
-		Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-		Elf ## B ## _Off offset; \
-		size_t matched = 0; \
-		/* Walk all the program headers to find the PT_DYNAMIC */ \
-		for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-			if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) \
-				continue; \
-			offset = EGET(phdr[i].p_offset); \
-			if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) \
-				continue; \
-			/* Walk all the dynamic tags to find NEEDED entries */ \
-			dyn = DYN ## B (elf->vdata + offset); \
-			while (EGET(dyn->d_tag) != DT_NULL) { \
-				if (EGET(dyn->d_tag) == DT_NEEDED) { \
-					offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-					if (offset >= (Elf ## B ## _Off)elf->len) { \
-						++dyn; \
-						continue; \
-					} \
-					needed = elf->data + offset; \
-					if (op == 0) { \
-						/* -n -> print all entries */ \
-						if (!be_wewy_wewy_quiet) { \
-							if (*found_needed) xchrcat(ret, ',', ret_len); \
-							if (use_ldpath) { \
-								if ((p = lookup_config_lib(needed)) != NULL) \
-									needed = p; \
-							} else if (use_ldcache) { \
-								if ((p = ldso_cache_lookup_lib(elf, needed)) != NULL) \
-									needed = p; \
-							} \
-							xstrcat(ret, needed, ret_len); \
-						} \
-						*found_needed = 1; \
-					} else { \
-						/* -N -> print matching entries */ \
-						size_t n; \
-						const char *find_lib_name; \
-						\
-						array_for_each(find_lib_arr, n, find_lib_name) { \
-							int invert = 1; \
-							if (find_lib_name[0] == '!') \
-								invert = 0, ++find_lib_name; \
-							if ((!strcmp(find_lib_name, needed)) == invert) \
-								++matched; \
-						} \
-						\
-						if (matched == array_cnt(find_lib_arr)) { \
-							*found_lib = 1; \
-							return (be_wewy_wewy_quiet ? NULL : find_lib); \
+	Elf ## B ## _Dyn *dyn; \
+	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+	Elf ## B ## _Off offset; \
+	size_t matched = 0; \
+	/* Walk all the program headers to find the PT_DYNAMIC */ \
+	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
+		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) \
+			continue; \
+		offset = EGET(phdr[i].p_offset); \
+		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) \
+			continue; \
+		/* Walk all the dynamic tags to find NEEDED entries */ \
+		dyn = DYN ## B (elf->vdata + offset); \
+		while (EGET(dyn->d_tag) != DT_NULL) { \
+			if (EGET(dyn->d_tag) == DT_NEEDED) { \
+				offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+				if (offset >= (Elf ## B ## _Off)elf->len) { \
+					++dyn; \
+					continue; \
+				} \
+				needed = elf->data + offset; \
+				if (op == 0) { \
+					/* -n -> print all entries */ \
+					if (!be_wewy_wewy_quiet) { \
+						if (*found_needed) xchrcat(ret, ',', ret_len); \
+						if (use_ldpath) { \
+							if ((p = lookup_config_lib(needed)) != NULL) \
+								needed = p; \
+						} else if (use_ldcache) { \
+							if ((p = ldso_cache_lookup_lib(elf, needed)) != NULL) \
+								needed = p; \
 						} \
+						xstrcat(ret, needed, ret_len); \
+					} \
+					*found_needed = 1; \
+				} else { \
+					/* -N -> print matching entries */ \
+					size_t n; \
+					const char *find_lib_name; \
+					\
+					array_for_each(find_lib_arr, n, find_lib_name) { \
+						int invert = 1; \
+						if (find_lib_name[0] == '!') \
+							invert = 0, ++find_lib_name; \
+						if ((!strcmp(find_lib_name, needed)) == invert) \
+							++matched; \
+					} \
+					\
+					if (matched == array_cnt(find_lib_arr)) { \
+						*found_lib = 1; \
+						return (be_wewy_wewy_quiet ? NULL : find_lib); \
 					} \
 				} \
-				++dyn; \
 			} \
-		}
+			++dyn; \
+		} \
+	}
 	if (elf->phdr && strtbl_void) {
 		SCANELF_ELF_SIZED(SHOW_NEEDED);
 		if (op == 0 && !*found_needed && be_verbose)
@@ -928,23 +928,23 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 	if (elf->phdr) {
 		/* Walk all the program headers to find the PT_INTERP */
 #define SHOW_PT_INTERP(B) \
-			size_t i; \
-			Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-			Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
-			for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
-				if (EGET(phdr[i].p_type) == PT_INTERP) { \
-					offset = EGET(phdr[i].p_offset); \
-					break; \
-				} \
-			}
+		size_t i; \
+		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+		for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
+			if (EGET(phdr[i].p_type) == PT_INTERP) { \
+				offset = EGET(phdr[i].p_offset); \
+				break; \
+			} \
+		}
 		SCANELF_ELF_SIZED(SHOW_PT_INTERP);
 	} else if (elf->shdr) {
 		/* Use the section headers to find it */
 		void *strtbl_void = elf_findsecbyname(elf, ".interp");
 
 #define SHOW_INTERP(B) \
-			Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-			offset = EGET(strtbl->sh_offset);
+		Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+		offset = EGET(strtbl->sh_offset);
 		if (strtbl_void)
 			SCANELF_ELF_SIZED(SHOW_INTERP);
 	}
@@ -973,27 +973,27 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 	if (!elf->phdr) return NULL;
 
 #define SHOW_BIND(B) \
-		Elf ## B ## _Dyn *dyn; \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
-		Elf ## B ## _Off offset; \
-		for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-			if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
-			dynamic = true; \
-			offset = EGET(phdr[i].p_offset); \
-			if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-			dyn = DYN ## B (elf->vdata + offset); \
-			while (EGET(dyn->d_tag) != DT_NULL) { \
-				if (EGET(dyn->d_tag) == DT_BIND_NOW || \
-				   (EGET(dyn->d_tag) == DT_FLAGS && EGET(dyn->d_un.d_val) & DF_BIND_NOW)) \
-				{ \
-					if (be_quiet) return NULL; \
-					*found_bind = 1; \
-					return (char *)(be_wewy_wewy_quiet ? NULL : "NOW"); \
-				} \
-				++dyn; \
+	Elf ## B ## _Dyn *dyn; \
+	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Off offset; \
+	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
+		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
+		dynamic = true; \
+		offset = EGET(phdr[i].p_offset); \
+		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
+		dyn = DYN ## B (elf->vdata + offset); \
+		while (EGET(dyn->d_tag) != DT_NULL) { \
+			if (EGET(dyn->d_tag) == DT_BIND_NOW || \
+			   (EGET(dyn->d_tag) == DT_FLAGS && EGET(dyn->d_un.d_val) & DF_BIND_NOW)) \
+			{ \
+				if (be_quiet) return NULL; \
+				*found_bind = 1; \
+				return (char *)(be_wewy_wewy_quiet ? NULL : "NOW"); \
 			} \
-		}
+			++dyn; \
+		} \
+	}
 	SCANELF_ELF_SIZED(SHOW_BIND);
 
 	if (be_wewy_wewy_quiet) return NULL;
@@ -1017,33 +1017,33 @@ static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 	strtbl_void = elf_findsecbyname(elf, ".dynstr");
 
 #define SHOW_SONAME(B) \
-		Elf ## B ## _Dyn *dyn; \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
-		Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-		Elf ## B ## _Off offset; \
-		/* only look for soname in shared objects */ \
-		if (EGET(ehdr->e_type) != ET_DYN) \
-			return NULL; \
-		for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-			if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
-			offset = EGET(phdr[i].p_offset); \
-			if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-			dyn = DYN ## B (elf->vdata + offset); \
-			while (EGET(dyn->d_tag) != DT_NULL) { \
-				if (EGET(dyn->d_tag) == DT_SONAME) { \
-					offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-					if (offset >= (Elf ## B ## _Off)elf->len) { \
-						++dyn; \
-						continue; \
-					} \
-					soname = elf->data + offset; \
-					*found_soname = 1; \
-					return (be_wewy_wewy_quiet ? NULL : soname); \
+	Elf ## B ## _Dyn *dyn; \
+	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+	Elf ## B ## _Off offset; \
+	/* only look for soname in shared objects */ \
+	if (EGET(ehdr->e_type) != ET_DYN) \
+		return NULL; \
+	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
+		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
+		offset = EGET(phdr[i].p_offset); \
+		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
+		dyn = DYN ## B (elf->vdata + offset); \
+		while (EGET(dyn->d_tag) != DT_NULL) { \
+			if (EGET(dyn->d_tag) == DT_SONAME) { \
+				offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+				if (offset >= (Elf ## B ## _Off)elf->len) { \
+					++dyn; \
+					continue; \
 				} \
-				++dyn; \
+				soname = elf->data + offset; \
+				*found_soname = 1; \
+				return (be_wewy_wewy_quiet ? NULL : soname); \
 			} \
-		}
+			++dyn; \
+		} \
+	}
 	if (elf->phdr && strtbl_void)
 		SCANELF_ELF_SIZED(SHOW_SONAME);
 
@@ -1226,39 +1226,38 @@ static char *scanelf_file_sym(elfobj *elf, char *found_sym)
 
 	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
 
-	if (symtab_void && strtab_void) {
 #define FIND_SYM(B) \
-		Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
-		Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
-		Elf ## B ## _Sym *sym = SYM ## B (elf->vdata + EGET(symtab->sh_offset)); \
-		Elf ## B ## _Word i, cnt = EGET(symtab->sh_entsize); \
-		char *symname; \
-		size_t ret_len = 0; \
-		if (cnt) \
-			cnt = EGET(symtab->sh_size) / cnt; \
-		for (i = 0; i < cnt; ++i) { \
-			if ((void *)sym >= elf->data_end - sizeof(*sym)) \
-				goto break_out;	\
-			if (sym->st_name) { \
-				/* make sure the symbol name is in acceptable memory range */ \
-				symname = elf->data + EGET(strtab->sh_offset) + EGET(sym->st_name); \
-				if (EGET(sym->st_name) >= (uint64_t)elf->len || \
-				    EGET(strtab->sh_offset) + EGET(sym->st_name) >= (uint64_t)elf->len || \
-				    !memchr(symname, 0, elf->len - EGET(strtab->sh_offset) + EGET(sym->st_name))) \
-					goto break_out; \
-				scanelf_match_symname(elf, found_sym, \
-				                      &ret, &ret_len, symname, \
-				                      ELF##B##_ST_TYPE(EGET(sym->st_info)), \
-				                      ELF##B##_ST_BIND(EGET(sym->st_info)), \
-				                      ELF##B##_ST_VISIBILITY(EGET(sym->st_other)), \
-				                      EGET(sym->st_shndx), \
-				/* st_size can be 64bit, but no one is really that big, so screw em */ \
-				                      EGET(sym->st_size)); \
-			} \
-			++sym; \
-		}
-		SCANELF_ELF_SIZED(FIND_SYM);
+	Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
+	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
+	Elf ## B ## _Sym *sym = SYM ## B (elf->vdata + EGET(symtab->sh_offset)); \
+	Elf ## B ## _Word i, cnt = EGET(symtab->sh_entsize); \
+	char *symname; \
+	size_t ret_len = 0; \
+	if (cnt) \
+		cnt = EGET(symtab->sh_size) / cnt; \
+	for (i = 0; i < cnt; ++i) { \
+		if ((void *)sym >= elf->data_end - sizeof(*sym)) \
+			goto break_out;	\
+		if (sym->st_name) { \
+			/* make sure the symbol name is in acceptable memory range */ \
+			symname = elf->data + EGET(strtab->sh_offset) + EGET(sym->st_name); \
+			if (EGET(sym->st_name) >= (uint64_t)elf->len || \
+			    EGET(strtab->sh_offset) + EGET(sym->st_name) >= (uint64_t)elf->len || \
+			    !memchr(symname, 0, elf->len - EGET(strtab->sh_offset) + EGET(sym->st_name))) \
+				goto break_out; \
+			scanelf_match_symname(elf, found_sym, \
+			                      &ret, &ret_len, symname, \
+			                      ELF##B##_ST_TYPE(EGET(sym->st_info)), \
+			                      ELF##B##_ST_BIND(EGET(sym->st_info)), \
+			                      ELF##B##_ST_VISIBILITY(EGET(sym->st_other)), \
+			                      EGET(sym->st_shndx), \
+			/* st_size can be 64bit, but no one is really that big, so screw em */ \
+			                      EGET(sym->st_size)); \
+		} \
+		++sym; \
 	}
+	if (symtab_void && strtab_void)
+		SCANELF_ELF_SIZED(FIND_SYM);
 
 	if (be_wewy_wewy_quiet) {
 		free(ret);
@@ -1286,21 +1285,21 @@ static const char *scanelf_file_sections(elfobj *elf, char *found_section)
 		 return NULL;
 
 #define FIND_SECTION(B) \
-		size_t matched, n; \
-		int invert; \
-		const char *section_name; \
-		Elf ## B ## _Shdr *section; \
-		\
-		matched = 0; \
-		array_for_each(find_section_arr, n, section_name) { \
-			invert = (*section_name == '!' ? 1 : 0); \
-			section = SHDR ## B (elf_findsecbyname(elf, section_name + invert)); \
-			if ((section == NULL && invert) || (section != NULL && !invert)) \
-				++matched; \
-		} \
-		\
-		if (matched == array_cnt(find_section_arr)) \
-			*found_section = 1;
+	size_t matched, n; \
+	int invert; \
+	const char *section_name; \
+	Elf ## B ## _Shdr *section; \
+	\
+	matched = 0; \
+	array_for_each(find_section_arr, n, section_name) { \
+		invert = (*section_name == '!' ? 1 : 0); \
+		section = SHDR ## B (elf_findsecbyname(elf, section_name + invert)); \
+		if ((section == NULL && invert) || (section != NULL && !invert)) \
+			++matched; \
+	} \
+	\
+	if (matched == array_cnt(find_section_arr)) \
+		*found_section = 1;
 	SCANELF_ELF_SIZED(FIND_SECTION);
 
 	if (be_wewy_wewy_quiet)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-24  6:50 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-24  6:50 UTC (permalink / raw
  To: gentoo-commits

commit:     0fa69c398bad7bda3486b713e995be01847126d1
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 23 23:48:12 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jan 23 23:48:12 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0fa69c39

scanelf: change abs() to a size_t cast

The point of using abs here was to avoid a signed-vs-unsigned warning,
but it doesn't actually work because abs() returns a signed integer.
Since we always know end is larger than start, cast the result to a
size_t instead.

 scanelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 9c52ced..2729d0f 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -836,7 +836,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 				while (start) { \
 					rpath_security_checks(elf, start, get_elfdtype(word)); \
 					end = strchr(start, ':'); \
-					len = (end ? abs(end - start) : strlen(start)); \
+					len = (end ? (size_t)(end - start) : strlen(start)); \
 					if (use_ldcache) { \
 						size_t n; \
 						const char *ldpath; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-24  6:50 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-24  6:50 UTC (permalink / raw
  To: gentoo-commits

commit:     248f21bc40c850b470b6128de00a3437587f9293
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 02:42:41 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 02:42:41 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=248f21bc

scanelf: switch all string table lookups to scanelf_file_get_symtabs

We don't care about the .strtab-vs-.dynstr, but we do want to fall
back to tables that can only be found via dynamic tags and program
headers.

 scanelf.c | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index ceec26d..9695276 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -767,16 +767,16 @@ static void rpath_security_checks(elfobj *elf, char *item, const char *dt_type)
 static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len)
 {
 	char *rpath, *runpath, **r;
-	void *strtbl_void;
+	void *symtab_void, *strtab_void;
 
 	if (!show_rpath) return;
 
-	strtbl_void = elf_findsecbyname(elf, ".dynstr");
+	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
 	rpath = runpath = NULL;
 
 #define SHOW_RPATH(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	Elf ## B ## _Off offset; \
 	Elf ## B ## _Xword word; \
 	\
@@ -791,7 +791,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 			continue; \
 		} \
 		/* Verify the memory is somewhat sane */ \
-		offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+		offset = EGET(strtab->sh_offset) + EGET(dyn->d_un.d_ptr); \
 		if (offset < (Elf ## B ## _Off)elf->len) { \
 			if (*r) warn("ELF has multiple %s's !?", get_elfdtype(word)); \
 			*r = elf->data + offset; \
@@ -873,7 +873,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 			} \
 		} \
 	}
-	if (elf->phdr && strtbl_void)
+	if (elf->phdr && strtab_void)
 		SCANELF_ELF_SIZED(SHOW_RPATH);
 
 	if (be_wewy_wewy_quiet) return;
@@ -913,7 +913,7 @@ static char *lookup_config_lib(const char *fname)
 static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char *found_lib, int op, char **ret, size_t *ret_len)
 {
 	char *needed;
-	void *strtbl_void;
+	void *symtab_void, *strtab_void;
 	char *p;
 
 	/*
@@ -923,17 +923,17 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 	if ((op == 0 && !show_needed) || (op == 1 && !find_lib))
 		return NULL;
 
-	strtbl_void = elf_findsecbyname(elf, ".dynstr");
+	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
 
 #define SHOW_NEEDED(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	size_t matched = 0; \
 	\
 	/* Walk all the dynamic tags to find NEEDED entries */ \
 	scanelf_dt_for_each(B, elf, dyn) { \
 		if (EGET(dyn->d_tag) == DT_NEEDED) { \
-			Elf ## B ## _Off offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+			Elf ## B ## _Off offset = EGET(strtab->sh_offset) + EGET(dyn->d_un.d_ptr); \
 			if (offset >= (Elf ## B ## _Off)elf->len) \
 				continue; \
 			needed = elf->data + offset; \
@@ -971,7 +971,7 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 			} \
 		} \
 	}
-	if (elf->phdr && strtbl_void) {
+	if (elf->phdr && strtab_void) {
 		SCANELF_ELF_SIZED(SHOW_NEEDED);
 		if (op == 0 && !*found_needed && be_verbose)
 			warn("ELF lacks DT_NEEDED sections: %s", elf->filename);
@@ -987,7 +987,7 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 
 	if (elf->phdr) {
 		/* Walk all the program headers to find the PT_INTERP */
-#define SHOW_PT_INTERP(B) \
+#define GET_PT_INTERP(B) \
 		size_t i; \
 		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
@@ -997,16 +997,16 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 				break; \
 			} \
 		}
-		SCANELF_ELF_SIZED(SHOW_PT_INTERP);
+		SCANELF_ELF_SIZED(GET_PT_INTERP);
 	} else if (elf->shdr) {
 		/* Use the section headers to find it */
-		void *strtbl_void = elf_findsecbyname(elf, ".interp");
+		void *section = elf_findsecbyname(elf, ".interp");
 
-#define SHOW_INTERP(B) \
-		Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-		offset = EGET(strtbl->sh_offset);
-		if (strtbl_void)
-			SCANELF_ELF_SIZED(SHOW_INTERP);
+#define GET_INTERP(B) \
+		Elf ## B ## _Shdr *shdr = SHDR ## B (section); \
+		offset = EGET(shdr->sh_offset);
+		if (section)
+			SCANELF_ELF_SIZED(GET_INTERP);
 	}
 
 	/* Validate the pointer even if we don't use it in output */
@@ -1059,16 +1059,16 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 {
 	char *soname;
-	void *strtbl_void;
+	void *symtab_void, *strtab_void;
 
 	if (!show_soname) return NULL;
 
-	strtbl_void = elf_findsecbyname(elf, ".dynstr");
+	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
 
 #define SHOW_SONAME(B) \
 	Elf ## B ## _Dyn *dyn; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
+	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	\
 	/* only look for soname in shared objects */ \
 	if (EGET(ehdr->e_type) != ET_DYN) \
@@ -1076,7 +1076,7 @@ static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 	\
 	scanelf_dt_for_each(B, elf, dyn) { \
 		if (EGET(dyn->d_tag) == DT_SONAME) { \
-			Elf ## B ## _Off offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+			Elf ## B ## _Off offset = EGET(strtab->sh_offset) + EGET(dyn->d_un.d_ptr); \
 			if (offset >= (Elf ## B ## _Off)elf->len) \
 				continue; \
 			soname = elf->data + offset; \
@@ -1084,7 +1084,7 @@ static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 			return (be_wewy_wewy_quiet ? NULL : soname); \
 		} \
 	}
-	if (elf->phdr && strtbl_void)
+	if (elf->phdr && strtab_void)
 		SCANELF_ELF_SIZED(SHOW_SONAME);
 
 	return NULL;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-24  6:50 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-24  6:50 UTC (permalink / raw
  To: gentoo-commits

commit:     95e5489534ac9e9324c5096286899b688e19ae00
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 02:25:20 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 02:25:20 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=95e54895

scanelf: add helper for walking dynamic tags

We have many loops that operate on dynamic tags which all crash when
given an ELF with a corrupt dynamic table.  Add a helper to walk the
table so we can centralize bounds checking in one place.

Reported-by: Agostino Sarubbo <ago <AT> gentoo.org>

 scanelf.c | 131 +++++++++++++++++---------------------------------------------
 1 file changed, 35 insertions(+), 96 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 52c436a..ceec26d 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -189,6 +189,14 @@ static void *scanelf_file_get_pt_dynamic(elfobj *elf)
 	return NULL;
 }
 
+#define scanelf_dt_for_each(B, elf, dyn) \
+	{ \
+		Elf##B##_Phdr *_phdr = scanelf_file_get_pt_dynamic(elf); \
+		dyn = (_phdr == NULL) ? elf->data_end : DYN##B(elf->vdata + EGET(_phdr->p_offset)); \
+	} \
+	--dyn; \
+	while ((void *)++dyn < elf->data_end - sizeof(*dyn) && EGET(dyn->d_tag) != DT_NULL)
+
 /* sub-funcs for scanelf_fileat() */
 static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 {
@@ -258,10 +266,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	size_t i; \
 	static Elf ## B ## _Shdr sym_shdr, str_shdr; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr; \
+	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	Elf ## B ## _Addr vsym, vstr, vhash, vgnu_hash; \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Off doffset; \
 	\
 	/* lookup symbols used at runtime with DT_SYMTAB / DT_STRTAB */ \
 	vsym = vstr = vhash = vgnu_hash = 0; \
@@ -269,13 +276,7 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	memset(&str_shdr, 0, sizeof(str_shdr)); \
 	\
 	/* Find the dynamic headers */ \
-	phdr = scanelf_file_get_pt_dynamic(elf); \
-	if (phdr == NULL) \
-		break; \
-	doffset = EGET(phdr->p_offset); \
-	\
-	dyn = DYN ## B (elf->vdata + doffset); \
-	while (EGET(dyn->d_tag) != DT_NULL) { \
+	scanelf_dt_for_each(B, elf, dyn) { \
 		switch (EGET(dyn->d_tag)) { \
 		case DT_SYMTAB:   vsym = EGET(dyn->d_un.d_val); break; \
 		case DT_SYMENT:   sym_shdr.sh_entsize = dyn->d_un.d_val; break; \
@@ -284,13 +285,11 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 		case DT_HASH:     vhash = EGET(dyn->d_un.d_val); break; \
 		/*case DT_GNU_HASH: vgnu_hash = EGET(dyn->d_un.d_val); break;*/ \
 		} \
-		++dyn; \
 	} \
 	if (!vsym || !vstr || !(vhash || vgnu_hash)) \
 		return; \
 	\
 	/* calc offset into the ELF by finding the load addr of the syms */ \
-	phdr = PHDR ## B (elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
 		Elf ## B ## _Addr vaddr = EGET(phdr[i].p_vaddr); \
 		Elf ## B ## _Addr filesz = EGET(phdr[i].p_filesz); \
@@ -539,23 +538,13 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 
 #define SHOW_TEXTREL(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Phdr *phdr; \
-	Elf ## B ## _Off offset; \
-	\
-	/* Find the dynamic headers */ \
-	phdr = scanelf_file_get_pt_dynamic(elf); \
-	if (phdr == NULL) \
-		break; \
-	offset = EGET(phdr->p_offset); \
 	\
-	dyn = DYN ## B (elf->vdata + offset); \
-	while (EGET(dyn->d_tag) != DT_NULL) { \
+	scanelf_dt_for_each(B, elf, dyn) { \
 		if (EGET(dyn->d_tag) == DT_TEXTREL) { /*dyn->d_tag != DT_FLAGS)*/ \
 			*found_textrel = 1; \
 			/*if (dyn->d_un.d_val & DF_TEXTREL)*/ \
 			return (be_wewy_wewy_quiet ? NULL : ret); \
 		} \
-		++dyn; \
 	}
 	if (elf->phdr)
 		SCANELF_ELF_SIZED(SHOW_TEXTREL);
@@ -588,7 +577,6 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	size_t i; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Phdr *phdr; \
-	Elf ## B ## _Off offset; \
 	Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
 	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	Elf ## B ## _Rel *rel; \
@@ -596,16 +584,9 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	Elf ## B ## _Dyn *dyn, *drel, *drelsz, *drelent, *dpltrel; \
 	uint32_t pltrel; \
 	\
-	/* Find the dynamic headers */ \
-	phdr = scanelf_file_get_pt_dynamic(elf); \
-	if (phdr == NULL) \
-		break; \
-	offset = EGET(phdr->p_offset); \
-	\
 	/* Walk all the dynamic tags to find relocation info */ \
-	dyn = DYN ## B (elf->vdata + offset); \
 	drel = drelsz = drelent = dpltrel = NULL; \
-	while (EGET(dyn->d_tag) != DT_NULL) { \
+	scanelf_dt_for_each(B, elf, dyn) { \
 		switch (EGET(dyn->d_tag)) { \
 		case DT_REL: \
 		case DT_RELA: \
@@ -623,7 +604,6 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 			dpltrel = dyn; \
 			break; \
 		} \
-		++dyn; \
 	} \
 	if (!drel || !drelsz || !drelent || !dpltrel) { \
 		warnf("ELF is missing relocation information"); \
@@ -796,26 +776,18 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 
 #define SHOW_RPATH(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
 	Elf ## B ## _Off offset; \
 	Elf ## B ## _Xword word; \
 	\
-	/* Find the dynamic headers */ \
-	phdr = scanelf_file_get_pt_dynamic(elf); \
-	if (phdr == NULL) \
-		break; \
-	offset = EGET(phdr->p_offset); \
-	\
 	/* Just scan dynamic RPATH/RUNPATH headers */ \
-	dyn = DYN ## B (elf->vdata + offset); \
-	while ((word=EGET(dyn->d_tag)) != DT_NULL) { \
+	scanelf_dt_for_each(B, elf, dyn) { \
+		word = EGET(dyn->d_tag); \
 		if (word == DT_RPATH) { \
 			r = &rpath; \
 		} else if (word == DT_RUNPATH) { \
 			r = &runpath; \
 		} else { \
-			++dyn; \
 			continue; \
 		} \
 		/* Verify the memory is somewhat sane */ \
@@ -900,7 +872,6 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 					*found_rpath = 1; \
 			} \
 		} \
-		++dyn; \
 	}
 	if (elf->phdr && strtbl_void)
 		SCANELF_ELF_SIZED(SHOW_RPATH);
@@ -956,26 +927,15 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 
 #define SHOW_NEEDED(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-	Elf ## B ## _Off offset; \
 	size_t matched = 0; \
 	\
-	/* Find the dynamic headers */ \
-	phdr = scanelf_file_get_pt_dynamic(elf); \
-	if (phdr == NULL) \
-		break; \
-	offset = EGET(phdr->p_offset); \
-	\
 	/* Walk all the dynamic tags to find NEEDED entries */ \
-	dyn = DYN ## B (elf->vdata + offset); \
-	while (EGET(dyn->d_tag) != DT_NULL) { \
+	scanelf_dt_for_each(B, elf, dyn) { \
 		if (EGET(dyn->d_tag) == DT_NEEDED) { \
-			offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-			if (offset >= (Elf ## B ## _Off)elf->len) { \
-				++dyn; \
+			Elf ## B ## _Off offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+			if (offset >= (Elf ## B ## _Off)elf->len) \
 				continue; \
-			} \
 			needed = elf->data + offset; \
 			if (op == 0) { \
 				/* -n -> print all entries */ \
@@ -1010,7 +970,6 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 				} \
 			} \
 		} \
-		++dyn; \
 	}
 	if (elf->phdr && strtbl_void) {
 		SCANELF_ELF_SIZED(SHOW_NEEDED);
@@ -1066,7 +1025,6 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 }
 static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 {
-	unsigned long i;
 	struct stat s;
 	bool dynamic = false;
 
@@ -1075,24 +1033,15 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 
 #define SHOW_BIND(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
-	Elf ## B ## _Off offset; \
-	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
+	\
+	scanelf_dt_for_each(B, elf, dyn) { \
 		dynamic = true; \
-		offset = EGET(phdr[i].p_offset); \
-		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-		dyn = DYN ## B (elf->vdata + offset); \
-		while (EGET(dyn->d_tag) != DT_NULL) { \
-			if (EGET(dyn->d_tag) == DT_BIND_NOW || \
-			   (EGET(dyn->d_tag) == DT_FLAGS && EGET(dyn->d_un.d_val) & DF_BIND_NOW)) \
-			{ \
-				if (be_quiet) return NULL; \
-				*found_bind = 1; \
-				return (char *)(be_wewy_wewy_quiet ? NULL : "NOW"); \
-			} \
-			++dyn; \
+		if (EGET(dyn->d_tag) == DT_BIND_NOW || \
+		    (EGET(dyn->d_tag) == DT_FLAGS && EGET(dyn->d_un.d_val) & DF_BIND_NOW)) { \
+			if (be_quiet) \
+				return NULL; \
+			*found_bind = 1; \
+			return (char *)(be_wewy_wewy_quiet ? NULL : "NOW"); \
 		} \
 	}
 	SCANELF_ELF_SIZED(SHOW_BIND);
@@ -1109,7 +1058,6 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 }
 static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 {
-	unsigned long i;
 	char *soname;
 	void *strtbl_void;
 
@@ -1120,29 +1068,20 @@ static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 #define SHOW_SONAME(B) \
 	Elf ## B ## _Dyn *dyn; \
 	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	Elf ## B ## _Shdr *strtbl = SHDR ## B (strtbl_void); \
-	Elf ## B ## _Off offset; \
+	\
 	/* only look for soname in shared objects */ \
 	if (EGET(ehdr->e_type) != ET_DYN) \
 		return NULL; \
-	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
-		if (EGET(phdr[i].p_type) != PT_DYNAMIC || EGET(phdr[i].p_filesz) == 0) continue; \
-		offset = EGET(phdr[i].p_offset); \
-		if (offset >= elf->len - sizeof(Elf ## B ## _Dyn)) continue; \
-		dyn = DYN ## B (elf->vdata + offset); \
-		while (EGET(dyn->d_tag) != DT_NULL) { \
-			if (EGET(dyn->d_tag) == DT_SONAME) { \
-				offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
-				if (offset >= (Elf ## B ## _Off)elf->len) { \
-					++dyn; \
-					continue; \
-				} \
-				soname = elf->data + offset; \
-				*found_soname = 1; \
-				return (be_wewy_wewy_quiet ? NULL : soname); \
-			} \
-			++dyn; \
+	\
+	scanelf_dt_for_each(B, elf, dyn) { \
+		if (EGET(dyn->d_tag) == DT_SONAME) { \
+			Elf ## B ## _Off offset = EGET(strtbl->sh_offset) + EGET(dyn->d_un.d_ptr); \
+			if (offset >= (Elf ## B ## _Off)elf->len) \
+				continue; \
+			soname = elf->data + offset; \
+			*found_soname = 1; \
+			return (be_wewy_wewy_quiet ? NULL : soname); \
 		} \
 	}
 	if (elf->phdr && strtbl_void)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-24  6:50 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-24  6:50 UTC (permalink / raw
  To: gentoo-commits

commit:     82fc8ce64f61445c52e5c9a4d5ac294b6af7c92d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 02:13:03 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 02:13:03 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=82fc8ce6

scanelf: fix offset checking when looking up symbols via hash

A number of refactors hid bugs here in that the first offset value
here would be left over from earlier code.  Localize the code a bit
to try and keep that from happening again.

We also reload phdr since this loop expects to walk the whole table.

 scanelf.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 2729d0f..52c436a 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -261,7 +261,7 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	Elf ## B ## _Phdr *phdr; \
 	Elf ## B ## _Addr vsym, vstr, vhash, vgnu_hash; \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Off offset; \
+	Elf ## B ## _Off doffset; \
 	\
 	/* lookup symbols used at runtime with DT_SYMTAB / DT_STRTAB */ \
 	vsym = vstr = vhash = vgnu_hash = 0; \
@@ -272,9 +272,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	phdr = scanelf_file_get_pt_dynamic(elf); \
 	if (phdr == NULL) \
 		break; \
-	offset = EGET(phdr->p_offset); \
+	doffset = EGET(phdr->p_offset); \
 	\
-	dyn = DYN ## B (elf->vdata + offset); \
+	dyn = DYN ## B (elf->vdata + doffset); \
 	while (EGET(dyn->d_tag) != DT_NULL) { \
 		switch (EGET(dyn->d_tag)) { \
 		case DT_SYMTAB:   vsym = EGET(dyn->d_un.d_val); break; \
@@ -290,15 +290,16 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 		return; \
 	\
 	/* calc offset into the ELF by finding the load addr of the syms */ \
+	phdr = PHDR ## B (elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
 		Elf ## B ## _Addr vaddr = EGET(phdr[i].p_vaddr); \
 		Elf ## B ## _Addr filesz = EGET(phdr[i].p_filesz); \
+		Elf ## B ## _Off offset = EGET(phdr[i].p_offset); \
 		Elf ## B ## _Off hash_offset = offset + (vhash - vaddr); \
 		\
 		if (EGET(phdr[i].p_type) != PT_LOAD) \
 			continue; \
 		\
-		offset = EGET(phdr[i].p_offset); \
 		if (offset >= (uint64_t)elf->len) \
 			goto corrupt_hash; \
 		if (filesz >= (uint64_t)elf->len) \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-24 20:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-24 20:39 UTC (permalink / raw
  To: gentoo-commits

commit:     277b33961e9e794ad039d22e1b9186d38d9e0aea
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 20:24:53 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 20:24:53 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=277b3396

TODO: drop fixed issues and add some new ones

 TODO | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/TODO b/TODO
index ded1158..3c9968c 100644
--- a/TODO
+++ b/TODO
@@ -9,17 +9,10 @@ care though ?  this would be an issue if:
  - object being analyzed is 64bit
  - object has symbols which is larger than 32bits
 
-scanelf does not check offsets of DT's when scanning PT_DYNAMIC ... if a bogus
-ELF had a PHDR of type PT_DYNAMIC which claimed to be of size say 1 and had an
-offset just shy of the end of the file, we'll probably crash ...
-
 dumpelf does not do string checking in very very verbose mode.  it assumes the
 strings are sane when dumping the sections.  only way around this is to check
 everything single byte and print it out a character at a time ... sucks ...
 
-we look at the section named ".text" for TEXTRELs when we should look at the
-PT_LOAD program headers which are marked Executable.
-
 we don't handle versioned symbols well.  take an ELF with debugging and do:
 	scanelf -s '' elf
 notice that glibc symbols generally have version info.  then search for that:
@@ -34,3 +27,7 @@ allow digging into ARM_ATTRIBUTES (.ARM.attributes) sections
 scanelf should look at the dynamic table for rpath/needed/soname entries instead
 of requiring section headers and looking up by section names.  need to implement
 support for GNU_HASH first though so we can get the string table sizes.
+
+rewrite elf->e_shnum handling.  if it's 0 (SH_UNDEF), then the size is
+contained in the sh_size of the first section header at index 0.  add a
+source code check too.


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-01-24 20:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-01-24 20:39 UTC (permalink / raw
  To: gentoo-commits

commit:     6a73ea4e32cc6ff6d1814048368b7b75da626565
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 20:22:26 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 20:22:26 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6a73ea4e

scanelf: revert back to looking at .dynstr directly

The rpath/needed/soname strings are only listed in .dynstr, so trying
to locate them in .strtab fails.  Which means using the lookup helper
breaks behavior on non-stripped files.

 TODO      |  4 ++++
 scanelf.c | 27 +++++++++++++++++++++------
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/TODO b/TODO
index be2d0a2..ded1158 100644
--- a/TODO
+++ b/TODO
@@ -30,3 +30,7 @@ allow digging into ARM_ATTRIBUTES (.ARM.attributes) sections
 	- need info on the section layout
 	- figure out how to integrate cleanly (target-independent driller)
 	http://sourceware.org/binutils/docs/as/GNU-Object-Attributes.html
+
+scanelf should look at the dynamic table for rpath/needed/soname entries instead
+of requiring section headers and looking up by section names.  need to implement
+support for GNU_HASH first though so we can get the string table sizes.

diff --git a/scanelf.c b/scanelf.c
index 9695276..79ce59c 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -767,11 +767,16 @@ static void rpath_security_checks(elfobj *elf, char *item, const char *dt_type)
 static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len)
 {
 	char *rpath, *runpath, **r;
-	void *symtab_void, *strtab_void;
+	void *strtab_void;
 
 	if (!show_rpath) return;
 
-	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
+	/*
+	 * TODO: Switch to the string table found via dynamic tags.
+	 * Note: We can't use scanelf_file_get_symtabs as these strings are
+	 *       *only* found in dynstr and not in .strtab.
+	 */
+	strtab_void = elf_findsecbyname(elf, ".dynstr");
 	rpath = runpath = NULL;
 
 #define SHOW_RPATH(B) \
@@ -913,7 +918,7 @@ static char *lookup_config_lib(const char *fname)
 static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char *found_lib, int op, char **ret, size_t *ret_len)
 {
 	char *needed;
-	void *symtab_void, *strtab_void;
+	void *strtab_void;
 	char *p;
 
 	/*
@@ -923,7 +928,12 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 	if ((op == 0 && !show_needed) || (op == 1 && !find_lib))
 		return NULL;
 
-	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
+	/*
+	 * TODO: Switch to the string table found via dynamic tags.
+	 * Note: We can't use scanelf_file_get_symtabs as these strings are
+	 *       *only* found in dynstr and not in .strtab.
+	 */
+	strtab_void = elf_findsecbyname(elf, ".dynstr");
 
 #define SHOW_NEEDED(B) \
 	Elf ## B ## _Dyn *dyn; \
@@ -1059,11 +1069,16 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 static char *scanelf_file_soname(elfobj *elf, char *found_soname)
 {
 	char *soname;
-	void *symtab_void, *strtab_void;
+	void *strtab_void;
 
 	if (!show_soname) return NULL;
 
-	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
+	/*
+	 * TODO: Switch to the string table found via dynamic tags.
+	 * Note: We can't use scanelf_file_get_symtabs as these strings are
+	 *       *only* found in dynstr and not in .strtab.
+	 */
+	strtab_void = elf_findsecbyname(elf, ".dynstr");
 
 #define SHOW_SONAME(B) \
 	Elf ## B ## _Dyn *dyn; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-01 23:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-01 23:08 UTC (permalink / raw
  To: gentoo-commits

commit:     10a9643d90a1ba6058a66066803fac6cf43f6917
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  1 22:40:09 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Feb  1 22:40:09 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=10a9643d

dumpelf: check for invalid notes

Handle cases where the size fields would overflow the additions.

URL: https://bugs.gentoo.org/607898
Reported-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dumpelf.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index a9c6e05..60c78a3 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -209,6 +209,7 @@ static void dump_notes(elfobj *elf, size_t B, const void *memory, const void *me
 	 * world, the two structs are exactly the same.  So avoid ugly CPP.
 	 */
 	size_t i;
+	bool corrupt = false;
 	const void *ndata = memory;
 	const char *name;
 	const unsigned char *desc;
@@ -223,23 +224,31 @@ static void dump_notes(elfobj *elf, size_t B, const void *memory, const void *me
 	}
 
 	printf("\n\t/%c note section dump:\n", '*');
-	for (i = 0; ndata < memory_end; ++i) {
+	for (i = 0; ndata < memory_end && !corrupt; ++i) {
 		note = ndata;
 		namesz = EGET(note->n_namesz);
 		descsz = EGET(note->n_descsz);
-		name = namesz ? ndata + sizeof(*note) : "";
-		desc = descsz ? ndata + sizeof(*note) + ALIGN_UP(namesz, 4) : "";
+		if (namesz > elf->len || descsz > elf->len)
+			corrupt = true;
+		name = namesz ? ndata + sizeof(*note) : NULL;
+		desc = descsz ? ndata + sizeof(*note) + ALIGN_UP(namesz, 4) : NULL;
 		ndata += sizeof(*note) + ALIGN_UP(namesz, 4) + ALIGN_UP(descsz, 4);
 
-		if (ndata > memory_end) {
+		if (ndata > memory_end)
+			corrupt = true;
+		if (corrupt) {
+			name = NULL;
+			desc = NULL;
 			printf("\tNote is corrupt\n");
-			break;
 		}
 
 		printf("\t * Elf%zu_Nhdr note%zu = {\n", B, i);
-		printf("\t * \t.n_namesz = %u, (bytes) [%s]\n", namesz, name);
+		printf("\t * \t.n_namesz = %u, (bytes)", namesz);
+		if (name)
+			printf(" [%s]", name);
+		printf("\n");
 		printf("\t * \t.n_descsz = %u, (bytes)", descsz);
-		if (descsz) {
+		if (desc) {
 			printf(" [ ");
 			for (i = 0; i < descsz; ++i)
 				printf("%.2X ", desc[i]);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-01 23:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-01 23:08 UTC (permalink / raw
  To: gentoo-commits

commit:     4609f57a690b4a5670baeb93167dab5300d07d4e
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  1 19:29:10 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Feb  1 19:29:10 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4609f57a

dumpelf: check for invalid section entry sizes

URL: https://bugs.gentoo.org/607894
Reported-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dumpelf.c | 50 ++++++++++++++++++++++++++++----------------------
 1 file changed, 28 insertions(+), 22 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 6b2458a..44da3ee 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -413,17 +413,20 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 		case SHT_DYNSYM: { \
 			Elf##B##_Sym *sym = vdata; \
 			printf("\n\t/%c section dump:\n", '*'); \
-			for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \
-				printf("\t * Elf%i_Sym sym%zu = {\n", B, i); \
-				printf("\t * \t.st_name  = %u,\n", (uint32_t)EGET(sym->st_name)); \
-				printf("\t * \t.st_value = 0x%"PRIX64",\n", EGET(sym->st_value)); \
-				printf("\t * \t.st_size  = %"PRIu64", (bytes)\n", EGET(sym->st_size)); \
-				printf("\t * \t.st_info  = %u,\n", (unsigned char)EGET(sym->st_info)); \
-				printf("\t * \t.st_other = %u,\n", (unsigned char)EGET(sym->st_other)); \
-				printf("\t * \t.st_shndx = %u\n", (uint16_t)EGET(sym->st_shndx)); \
-				printf("\t * };\n"); \
-				++sym; \
-			} \
+			if (EGET(shdr->sh_entsize) < sizeof(*sym)) \
+				printf(" /* corrupt section ! */ "); \
+			else \
+				for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \
+					printf("\t * Elf%i_Sym sym%zu = {\n", B, i); \
+					printf("\t * \t.st_name  = %u,\n", (uint32_t)EGET(sym->st_name)); \
+					printf("\t * \t.st_value = 0x%"PRIX64",\n", EGET(sym->st_value)); \
+					printf("\t * \t.st_size  = %"PRIu64", (bytes)\n", EGET(sym->st_size)); \
+					printf("\t * \t.st_info  = %u,\n", (unsigned char)EGET(sym->st_info)); \
+					printf("\t * \t.st_other = %u,\n", (unsigned char)EGET(sym->st_other)); \
+					printf("\t * \t.st_shndx = %u\n", (uint16_t)EGET(sym->st_shndx)); \
+					printf("\t * };\n"); \
+					++sym; \
+				} \
 			printf("\t */\n"); \
 			break; \
 		} \
@@ -433,17 +436,20 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 		case SHT_GNU_LIBLIST: { \
 			Elf##B##_Lib *lib = vdata; \
 			printf("\n\t/%c section dump:\n", '*'); \
-			for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \
-				printf("\t * Elf%i_Lib lib%zu = {\n", B, i); \
-				printf("\t * \t.l_name       = %"PRIu64",\n", EGET(lib->l_name)); \
-				printf("\t * \t.l_time_stamp = 0x%"PRIX64", (%s)\n", \
-				       EGET(lib->l_time_stamp), timestamp(EGET(lib->l_time_stamp))); \
-				printf("\t * \t.l_checksum   = 0x%"PRIX64",\n", EGET(lib->l_checksum)); \
-				printf("\t * \t.l_version    = %"PRIu64",\n", EGET(lib->l_version)); \
-				printf("\t * \t.l_flags      = 0x%"PRIX64"\n", EGET(lib->l_flags)); \
-				printf("\t * };\n"); \
-				++lib; \
-			} \
+			if (EGET(shdr->sh_entsize) < sizeof(*lib)) \
+				printf(" /* corrupt section ! */ "); \
+			else \
+				for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \
+					printf("\t * Elf%i_Lib lib%zu = {\n", B, i); \
+					printf("\t * \t.l_name       = %"PRIu64",\n", EGET(lib->l_name)); \
+					printf("\t * \t.l_time_stamp = 0x%"PRIX64", (%s)\n", \
+					       EGET(lib->l_time_stamp), timestamp(EGET(lib->l_time_stamp))); \
+					printf("\t * \t.l_checksum   = 0x%"PRIX64",\n", EGET(lib->l_checksum)); \
+					printf("\t * \t.l_version    = %"PRIu64",\n", EGET(lib->l_version)); \
+					printf("\t * \t.l_flags      = 0x%"PRIX64"\n", EGET(lib->l_flags)); \
+					printf("\t * };\n"); \
+					++lib; \
+				} \
 			printf("\t */\n"); \
 		} \
 		default: { \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-01 23:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-01 23:08 UTC (permalink / raw
  To: gentoo-commits

commit:     18ded0e30ee5a84260cceb80d818b9c21ade4c76
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  1 20:05:09 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Feb  1 20:05:09 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=18ded0e3

dumpelf: check for invalid program headers

URL: https://bugs.gentoo.org/607896
Reported-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dumpelf.c | 8 ++++----
 paxelf.h  | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 44da3ee..a9c6e05 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -293,9 +293,6 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 	Elf ## B ## _Off offset = EGET(phdr->p_offset); \
 	void *vdata = elf->vdata + offset; \
 	uint32_t p_type = EGET(phdr->p_type); \
-	switch (p_type) { \
-	case PT_DYNAMIC: phdr_dynamic_void = phdr_void; break; \
-	} \
 	printf("/* Program Header #%zu 0x%tX */\n{\n", \
 	       phdr_cnt, (uintptr_t)phdr_void - elf->udata); \
 	printf("\t.p_type   = %-10u , /* [%s] */\n", p_type, get_elfptype(p_type)); \
@@ -307,12 +304,15 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 	printf("\t.p_flags  = 0x%-8X , /* %s */\n", (uint32_t)EGET(phdr->p_flags), dump_p_flags(p_type, EGET(phdr->p_flags))); \
 	printf("\t.p_align  = %-10"PRIu64" , /* (min mem alignment in bytes) */\n", EGET(phdr->p_align)); \
 	\
-	if ((off_t)EGET(phdr->p_offset) > elf->len) { \
+	if (!VALID_PHDR(elf, phdr)) { \
 		printf("\t/* Warning: Program segment is corrupt. */\n"); \
 		goto done##B; \
 	} \
 	\
 	switch (p_type) { \
+	case PT_DYNAMIC: \
+		phdr_dynamic_void = phdr_void; \
+		break; \
 	case PT_NOTE: \
 		dump_notes(elf, B, vdata, vdata + EGET(phdr->p_filesz)); \
 		break; \

diff --git a/paxelf.h b/paxelf.h
index 56fa9f3..90b283c 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -45,6 +45,11 @@ typedef struct {
 	 EGET(shdr->sh_offset) < (uint64_t)elf->len && \
 	 EGET(shdr->sh_size) < (uint64_t)elf->len && \
 	 EGET(shdr->sh_offset) <= elf->len - EGET(shdr->sh_size))
+#define VALID_PHDR(elf, phdr) \
+	(phdr && \
+	 EGET(phdr->p_filesz) < (uint64_t)elf->len && \
+	 EGET(phdr->p_offset) < (uint64_t)elf->len && \
+	 EGET(phdr->p_filesz) <= elf->len - EGET(phdr->p_offset))
 
 /* prototypes */
 extern char *pax_short_hf_flags(unsigned long flags);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-11  7:06 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-11  7:06 UTC (permalink / raw
  To: gentoo-commits

commit:     e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 11 06:54:49 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 11 06:54:49 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e577c5b7

scanelf: check range of hash bucket

Make sure we don't walk off the end of the ELF with a corrupt hash table.

URL: https://bugs.gentoo.org/608766
Reported-by: Agostino Sarubbo <ago <AT> gentoo.org>

 scanelf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 79ce59c..70856f3 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -332,7 +332,8 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 				if (!buckets[b]) \
 					continue; \
 				for (sym_idx = buckets[b], chained = 0; \
-				     sym_idx < nchains && sym_idx && chained <= nchains; \
+				     (sym_idx < nchains && sym_idx && chained <= nchains && \
+				      (void *)&chains[sym_idx] + sizeof(*chains) < elf->data_end); \
 				     sym_idx = chains[sym_idx], ++chained) { \
 					if (max_sym_idx < sym_idx) \
 						max_sym_idx = sym_idx; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-16 21:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-16 21:24 UTC (permalink / raw
  To: gentoo-commits

commit:     61c7be050d2cda96d13fc69b31efeb2c4bffebd5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 16 21:24:02 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Feb 16 21:24:02 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=61c7be05

lddtree: move parser logic into a func

This keeps the main func a bit cleaner.

 lddtree.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index d1ec9e9..2bfaaae 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -641,8 +641,8 @@ def _ActionCopy(options, elf):
         outdir=options.bindir)
 
 
-def main(argv):
-  """The main entry point!"""
+def GetParser():
+  """Get a CLI parser."""
   parser = argparse.ArgumentParser(
       description=__doc__,
       formatter_class=argparse.RawDescriptionHelpFormatter)
@@ -699,6 +699,12 @@ def main(argv):
                      action='store_true', default=False,
                      help='Copy over plain (non-ELF) files instead of warn+ignore')
 
+  return parser
+
+
+def main(argv):
+  """The main entry point!"""
+  parser = GetParser()
   options = parser.parse_args(argv)
   paths = options.path
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-16 21:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-16 21:24 UTC (permalink / raw
  To: gentoo-commits

commit:     e97d33dc96730d91c2070f2dc9aab8477dd0445a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 16 21:21:38 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Feb 16 21:21:38 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e97d33dc

pylint: add a helper to keep python code clean

Fix up some lddtree logic at the same time so it's warning free.

 .pylintrc  | 34 ++++++++++++++++++++++++++++++++++
 lddtree.py | 16 +++++++++++-----
 pylint     | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 94 insertions(+), 5 deletions(-)

diff --git a/.pylintrc b/.pylintrc
new file mode 100644
index 0000000..b58abfa
--- /dev/null
+++ b/.pylintrc
@@ -0,0 +1,34 @@
+[MESSAGES CONTROL]
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifier separated by comma (,) or put this option
+# multiple times (only on the command line, not in the configuration file where
+# it should appear only once).
+disable=
+	too-many-lines,
+	too-many-branches,
+	too-many-statements,
+	too-few-public-methods,
+	too-many-instance-attributes,
+	too-many-public-methods,
+	too-many-locals,
+	too-many-arguments,
+	locally-enabled,
+	locally-disabled,
+	fixme,
+	invalid-name,
+
+[REPORTS]
+reports=no
+
+[FORMAT]
+max-line-length=80
+indent-string='  '
+
+[SIMILARITIES]
+min-similarity-lines=20
+
+[VARIABLES]
+dummy-variables-rgx=_
+
+[DESIGN]
+max-parents=10

diff --git a/lddtree.py b/lddtree.py
index 8480248..d1ec9e9 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,4 +1,5 @@
 #!/usr/bin/python
+# -*- coding: utf-8 -*-
 # Copyright 2012-2014 Gentoo Foundation
 # Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>
 # Copyright 2012-2014 The Chromium OS Authors
@@ -73,7 +74,7 @@ def dbg(debug, *args, **kwargs):
 def bstr(buf):
   """Decode the byte string into a string"""
   if isinstance(buf, str):
-      return buf
+    return buf
   return buf.decode('utf-8')
 
 
@@ -351,6 +352,8 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
   return (None, None)
 
 
+# We abuse the _all_libs state.  We probably shouldn't, but we do currently.
+# pylint: disable=dangerous-default-value
 def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[]},
              display=None, debug=False, _first=True, _all_libs={}):
   """Parse the ELF dependency tree of the specified file
@@ -491,6 +494,7 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
     del elf
 
   return ret
+# pylint: enable=dangerous-default-value
 
 
 class _NormalizePathAction(argparse.Action):
@@ -608,7 +612,7 @@ def _ActionCopy(options, elf):
   # Similarly, we should provide an option for automatically copying over
   # the libnsl.so and libnss_*.so libraries, as well as an open ended list
   # for known libs that get loaded (e.g. curl will dlopen(libresolv)).
-  libpaths = set()
+  uniq_libpaths = set()
   for lib in elf['libs']:
     libdata = elf['libs'][lib]
     path = libdata['realpath']
@@ -616,17 +620,18 @@ def _ActionCopy(options, elf):
       warn('could not locate library: %s' % lib)
       continue
     if not options.libdir:
-      libpaths.add(_StripRoot(os.path.dirname(path)))
+      uniq_libpaths.add(_StripRoot(os.path.dirname(path)))
     _copy(path, libdata['path'], outdir=options.libdir)
 
   if not options.libdir:
-    libpaths = list(libpaths)
+    libpaths = list(uniq_libpaths)
     if elf['runpath']:
       libpaths = elf['runpath'] + libpaths
     else:
       libpaths = elf['rpath'] + libpaths
   else:
-    libpaths.add(options.libdir)
+    uniq_libpaths.add(options.libdir)
+    libpaths = list(uniq_libpaths)
 
   # We don't bother to copy this as ParseElf adds the interp to the 'libs',
   # so it was already copied in the libs loop above.
@@ -637,6 +642,7 @@ def _ActionCopy(options, elf):
 
 
 def main(argv):
+  """The main entry point!"""
   parser = argparse.ArgumentParser(
       description=__doc__,
       formatter_class=argparse.RawDescriptionHelpFormatter)

diff --git a/pylint b/pylint
new file mode 100755
index 0000000..0098e06
--- /dev/null
+++ b/pylint
@@ -0,0 +1,49 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+"""Run pylint with the right settings."""
+
+from __future__ import print_function
+
+import os
+import sys
+
+
+def find_all_modules(source_root):
+  """Locate all python modules in the tree for scanning"""
+  ret = []
+
+  for root, _dirs, files in os.walk(source_root, topdown=False):
+    # Add all of the .py modules in the tree.
+    ret += [os.path.join(root, x) for x in files if x.endswith('.py')]
+
+  # Add the main scripts that don't end in .py.
+  ret += [os.path.join(source_root, x) for x in ('pylint',)]
+
+  return ret
+
+
+def main(argv):
+  """The main entry point"""
+  source_root = os.path.dirname(os.path.realpath(__file__))
+
+  if not argv:
+    argv = find_all_modules(source_root)
+
+  pympath = source_root
+  pythonpath = os.environ.get('PYTHONPATH')
+  if pythonpath is None:
+    pythonpath = pympath
+  else:
+    pythonpath = pympath + ':' + pythonpath
+  os.environ['PYTHONPATH'] = pythonpath
+
+  pylintrc = os.path.join(source_root, '.pylintrc')
+  cmd = ['pylint', '--rcfile', pylintrc]
+  os.execvp(cmd[0], cmd + argv)
+
+
+if __name__ == '__main__':
+  sys.exit(main(sys.argv[1:]))


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-02-16 21:24 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-02-16 21:24 UTC (permalink / raw
  To: gentoo-commits

commit:     858939ea6ad63f1acb4ec74bba705c197a67d559
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 11 07:20:33 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 11 07:20:33 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=858939ea

add helper for checking memory/elf ranges

Less likely to screw up the logic this way.

 dumpelf.c |  2 +-
 paxelf.h  | 12 +++++-------
 scanelf.c | 30 +++++++++++++-----------------
 3 files changed, 19 insertions(+), 25 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 60c78a3..6ba37fc 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -385,7 +385,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 		/* Special case so we can do valid check next. */ \
 		if (be_verbose) \
 			printf("\t/* NOBITS sections do not occupy the file. */\n"); \
-	} else if (!(offset < (uint64_t)elf->len && size < (uint64_t)elf->len && offset <= elf->len - size)) { \
+	} else if (!VALID_RANGE(elf, offset, size)) { \
 		printf(" /* corrupt section header ! */ "); \
 	} else if (size && be_verbose) { \
 		void *vdata = elf->vdata + offset; \

diff --git a/paxelf.h b/paxelf.h
index 90b283c..9d609b8 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -39,17 +39,15 @@ typedef struct {
 #define SYM32(ptr) ((Elf32_Sym *)(ptr))
 #define SYM64(ptr) ((Elf64_Sym *)(ptr))
 
+#define VALID_RANGE(elf, offset, size) \
+	((uint64_t)(size) <= (uint64_t)elf->len && \
+	 (uint64_t)(offset) <= (uint64_t)elf->len - (uint64_t)(size))
 #define VALID_SHDR(elf, shdr) \
 	(shdr && \
 	 EGET(shdr->sh_type) != SHT_NOBITS && \
-	 EGET(shdr->sh_offset) < (uint64_t)elf->len && \
-	 EGET(shdr->sh_size) < (uint64_t)elf->len && \
-	 EGET(shdr->sh_offset) <= elf->len - EGET(shdr->sh_size))
+	 VALID_RANGE(elf, EGET(shdr->sh_offset), EGET(shdr->sh_size)))
 #define VALID_PHDR(elf, phdr) \
-	(phdr && \
-	 EGET(phdr->p_filesz) < (uint64_t)elf->len && \
-	 EGET(phdr->p_offset) < (uint64_t)elf->len && \
-	 EGET(phdr->p_filesz) <= elf->len - EGET(phdr->p_offset))
+	(phdr && VALID_RANGE(elf, EGET(phdr->p_offset), EGET(phdr->p_filesz)))
 
 /* prototypes */
 extern char *pax_short_hf_flags(unsigned long flags);

diff --git a/scanelf.c b/scanelf.c
index 70856f3..ddd7722 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -181,7 +181,7 @@ static void *scanelf_file_get_pt_dynamic(elfobj *elf)
 	if (EGET(phdr->p_filesz) == 0) \
 		break; \
 	offset = EGET(phdr->p_offset); \
-	if (offset >= elf->len - sizeof(Elf##B##_Dyn)) \
+	if (!VALID_RANGE(elf, offset, sizeof(Elf##B##_Dyn))) \
 		break; \
 	return phdr;
 	SCANELF_ELF_SIZED(CHECK_PT_DYNAMIC);
@@ -299,11 +299,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 		if (EGET(phdr[i].p_type) != PT_LOAD) \
 			continue; \
 		\
-		if (offset >= (uint64_t)elf->len) \
+		if (!VALID_RANGE(elf, offset, filesz)) \
 			goto corrupt_hash; \
-		if (filesz >= (uint64_t)elf->len) \
-			goto corrupt_hash; \
-		if (hash_offset + (sizeof(Elf32_Word) * 4) > (uint64_t)elf->len) \
+		if (!VALID_RANGE(elf, hash_offset, sizeof(Elf32_Word) * 4)) \
 			goto corrupt_hash; \
 		\
 		if (vhash >= vaddr && vhash < vaddr + filesz) { \
@@ -317,15 +315,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 			Elf32_Word sym_idx; \
 			Elf32_Word chained; \
 			\
-			if (hash_offset >= (uint64_t)elf->len) \
-				goto corrupt_hash; \
-			if (nbuckets >= UINT32_MAX / 4) \
-				goto corrupt_hash; \
-			if (nchains >= UINT32_MAX / 4) \
-				goto corrupt_hash; \
-			if (nbuckets * 4 > elf->len - offset) \
+			if (!VALID_RANGE(elf, offset, nbuckets * 4)) \
 				goto corrupt_hash; \
-			if (nchains * 4 > elf->len - offset) \
+			if (!VALID_RANGE(elf, offset, nchains * 4)) \
 				goto corrupt_hash; \
 			\
 			for (b = 0; b < nbuckets; ++b) { \
@@ -345,13 +337,17 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 		} \
 		\
 		if (vsym >= vaddr && vsym < vaddr + filesz) { \
+			Elf##B##_Shdr *shdr = &sym_shdr; \
 			ESET(sym_shdr.sh_offset, offset + (vsym - vaddr)); \
-			*sym = &sym_shdr; \
+			if (VALID_SHDR(elf, shdr)) \
+				*sym = shdr; \
 		} \
 		\
 		if (vstr >= vaddr && vstr < vaddr + filesz) { \
+			Elf##B##_Shdr *shdr = &str_shdr; \
 			ESET(str_shdr.sh_offset, offset + (vstr - vaddr)); \
-			*str = &str_shdr; \
+			if (VALID_SHDR(elf, shdr)) \
+				*str = shdr; \
 		} \
 	}
 	if (elf->phdr)
@@ -487,7 +483,7 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro,
 		for (i = 0; i < shnum; ++i) { \
 			if (EGET(shdr[i].sh_type) != SHT_PROGBITS) continue; \
 			offset = EGET(strtbl->sh_offset) + EGET(shdr[i].sh_name); \
-			if (offset >= elf->len - sizeof(NOTE_GNU_STACK)) \
+			if (!VALID_RANGE(elf, offset, sizeof(NOTE_GNU_STACK))) \
 				continue; \
 			if (!strcmp(elf->data + offset, NOTE_GNU_STACK)) { \
 				if (multi_stack++) warnf("%s: multiple .note.GNU-stack's !?", elf->filename); \
@@ -1505,7 +1501,7 @@ static int scanelf_elfobj(elfobj *elf)
 		case 'a': out = get_elfemtype(elf); break;
 		case 'I': out = get_elfosabi(elf); break;
 		case 'Y': out = get_elf_eabi(elf); break;
-		case 'Z': snprintf(ubuf, sizeof(ubuf), "%lu", (unsigned long)elf->len); out = ubuf; break;;
+		case 'Z': snprintf(ubuf, sizeof(ubuf), "%"PRIu64, (uint64_t)elf->len); out = ubuf; break;;
 		default: warnf("'%c' has no scan code?", out_format[i]);
 		}
 		if (out) {


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-03-14  7:19 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2017-03-14  7:19 UTC (permalink / raw
  To: gentoo-commits

commit:     4358729342fd859b7099ae9f2d2274e677bdd306
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:07:15 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Mar  3 20:07:15 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=43587293

paxelf: constify pax_short_* helpers

 paxelf.c  | 6 +++---
 paxelf.h  | 6 +++---
 scanelf.c | 5 ++---
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index c614e2d..c082178 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -726,7 +726,7 @@ void unreadelf(elfobj *elf)
 	free(elf);
 }
 
-char *pax_short_hf_flags(unsigned long flags)
+const char *pax_short_hf_flags(unsigned long flags)
 {
 	static char buffer[7];
 
@@ -746,7 +746,7 @@ char *pax_short_hf_flags(unsigned long flags)
  * lower case: explicitly disabled
  * upper case: explicitly enabled
  *      -    : default */
-char *pax_short_pf_flags(unsigned long flags)
+const char *pax_short_pf_flags(unsigned long flags)
 {
 	static char buffer[7];
 
@@ -772,7 +772,7 @@ char *pax_short_pf_flags(unsigned long flags)
 	return buffer;
 }
 
-char *gnu_short_stack_flags(unsigned long flags)
+const char *gnu_short_stack_flags(unsigned long flags)
 {
 	static char buffer[4];
 

diff --git a/paxelf.h b/paxelf.h
index 9d609b8..a82ca80 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -50,9 +50,9 @@ typedef struct {
 	(phdr && VALID_RANGE(elf, EGET(phdr->p_offset), EGET(phdr->p_filesz)))
 
 /* prototypes */
-extern char *pax_short_hf_flags(unsigned long flags);
-extern char *pax_short_pf_flags(unsigned long flags);
-extern char *gnu_short_stack_flags(unsigned long flags);
+extern const char *pax_short_hf_flags(unsigned long flags);
+extern const char *pax_short_pf_flags(unsigned long flags);
+extern const char *gnu_short_stack_flags(unsigned long flags);
 extern elfobj *readelf_buffer(const char *filename, void *buffer, size_t buffer_len);
 extern elfobj *_readelf_fd(const char *filename, int fd, size_t len, int read_only);
 #define readelf_fd(filename, fd, len) _readelf_fd(filename, fd, len, 1)

diff --git a/scanelf.c b/scanelf.c
index ddd7722..1ead891 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -358,7 +358,7 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	warn("%s: ELF hash table is corrupt", elf->filename);
 }
 
-static char *scanelf_file_pax(elfobj *elf, char *found_pax)
+static const char *scanelf_file_pax(elfobj *elf, char *found_pax)
 {
 	static char ret[7];
 	unsigned long i, shown;
@@ -397,8 +397,7 @@ static char *scanelf_file_pax(elfobj *elf, char *found_pax)
 
 	/* fall back to EI_PAX if no PT_PAX was found */
 	if (!*ret) {
-		static char *paxflags;
-		paxflags = pax_short_hf_flags(EI_PAX_FLAGS(elf));
+		const char *paxflags = pax_short_hf_flags(EI_PAX_FLAGS(elf));
 		if (!be_quiet || (be_quiet && EI_PAX_FLAGS(elf))) {
 			*found_pax = 1;
 			return (be_wewy_wewy_quiet ? NULL : paxflags);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-09-18  7:06 Fabian Groffen
  0 siblings, 0 replies; 253+ messages in thread
From: Fabian Groffen @ 2017-09-18  7:06 UTC (permalink / raw
  To: gentoo-commits

commit:     720becce1314db8c0af8442650f496d972475327
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 19 09:34:41 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Sep 18 07:05:20 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=720becce

scanelf: fix out-of-bounds access in ia64

commit 2eb852129394f97dae89c0ff1f9f48637edcb0e9
slightly changed decoder and added unchecked
read from elf header:

```
       switch (EGET(dpltrel->d_un.d_val)) { \
       case DT_REL: \
               rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
```

On ia64 'EGET(drel->d_un.d_val)' returns absolute address:

```
    $ dumpelf bug/luatex
    ...
    /* Dynamic tag #31 'DT_RELA' 0x97E310 */
    {
        .d_tag     = 0x7        ,
        .d_un      = {
                .d_val = 0x4000000000031C30 ,
                .d_ptr = 0x4000000000031C30 ,
        },
    },
```

That causes 'scanelf' crash on binaries like 'luatex'.

This change restores check and loudly skips such sections:
    scanelf: bug/luatex: DT_RELA is out of file range

Bug: https://bugs.gentoo.org/624356
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 scanelf.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/scanelf.c b/scanelf.c
index 1ead891..a054408 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -607,11 +607,23 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	} \
 	switch (EGET(dpltrel->d_un.d_val)) { \
 	case DT_REL: \
+		if (!VALID_RANGE(elf, EGET(drel->d_un.d_val), sizeof (drel->d_un.d_val))) { \
+			rel = NULL; \
+			rela = NULL; \
+			warn("%s: DT_REL is out of file range", elf->filename); \
+			break; \
+		} \
 		rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
 		rela = NULL; \
 		pltrel = DT_REL; \
 		break; \
 	case DT_RELA: \
+		if (!VALID_RANGE(elf, EGET(drel->d_un.d_val), sizeof (drel->d_un.d_val))) { \
+			rel = NULL; \
+			rela = NULL; \
+			warn("%s: DT_RELA is out of file range", elf->filename); \
+			break; \
+		} \
 		rel = NULL; \
 		rela = RELA##B(elf->vdata + EGET(drel->d_un.d_val)); \
 		pltrel = DT_RELA; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-09-18  9:27 Fabian Groffen
  0 siblings, 0 replies; 253+ messages in thread
From: Fabian Groffen @ 2017-09-18  9:27 UTC (permalink / raw
  To: gentoo-commits

commit:     a4cdcedcc3dd7eba9b0e8e6dc392b047971ca6c5
Author:     Michael Haubenwallner <michael.haubenwallner <AT> ssi-schaefer <DOT> com>
AuthorDate: Tue Mar 14 13:44:34 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Sep 18 09:26:52 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a4cdcedc

autogen.sh: add gnulib modules for Solaris

Need gnulib modules stpcpy, euidaccess for Solaris 10, where euidaccess
uses eaccess when available, probably via LIB_EACCESS.

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 Makefile.am | 2 +-
 autogen.sh  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index a2c02d9..79e5ed1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,7 @@ libpaxutils_la_SOURCES = \
 	paxmacho.c \
 	security.c \
 	xfuncs.c
-LDADD = libpaxutils.la $(top_builddir)/autotools/gnulib/libgnu.a
+LDADD = libpaxutils.la $(top_builddir)/autotools/gnulib/libgnu.a $(LIB_EACCESS)
 
 bin_SCRIPTS = lddtree symtree
 bin_PROGRAMS = scanelf dumpelf pspax scanmacho

diff --git a/autogen.sh b/autogen.sh
index f552d22..42e8a8c 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -13,6 +13,7 @@ fi
 PATH=/usr/local/src/gnu/gnulib:${PATH}
 mods="
 	alloca
+	euidaccess
 	faccessat
 	fdopendir
 	fstatat
@@ -25,6 +26,7 @@ mods="
 	readlinkat
 	renameat
 	stat-time
+	stpcpy
 	strcasestr-simple
 	strncat
 	symlinkat


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2017-09-18  9:27 Fabian Groffen
  0 siblings, 0 replies; 253+ messages in thread
From: Fabian Groffen @ 2017-09-18  9:27 UTC (permalink / raw
  To: gentoo-commits

commit:     8b242e9fde2fa6fdccaa31b3c99f92e04fe2bcd3
Author:     Michael Haubenwallner <michael.haubenwallner <AT> ssi-schaefer <DOT> com>
AuthorDate: Tue Apr 18 14:18:01 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Sep 18 09:25:02 2017 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8b242e9f

check for linux/securebits.h, missing on Linux 2.6.32

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 configure.ac | 2 ++
 porting.h    | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 3b4de91..a22e11a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -62,6 +62,8 @@ m4_foreach_w([flag], [
 	AX_CHECK_COMPILE_FLAG(flag, AS_VAR_APPEND([CFLAGS], " flag"))
 ])
 
+AC_CHECK_HEADERS([linux/securebits.h])
+
 AC_CONFIG_FILES([
 	Makefile
 	autotools/gnulib/Makefile

diff --git a/porting.h b/porting.h
index 1c04337..636e862 100644
--- a/porting.h
+++ b/porting.h
@@ -46,7 +46,9 @@
 #endif
 #if defined(__linux__)
 # include <sys/prctl.h>
-# include <linux/securebits.h>
+# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECUREBITS_H)
+#  include <linux/securebits.h>
+# endif
 #endif
 #if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__ANDROID__)
 # include <byteswap.h>


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-02-24 10:16 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2018-02-24 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     e7b8f34f4557d7071a955ccab813ec41aeeb966b
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 18 20:10:45 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 20:10:45 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e7b8f34f

scanelf.c: fix TEXTREL parsing for files with non-zero load address

In bug #566118 scanelf failed to decode TEXTRELs on gcc binaries
where program headers have absolute addresses:

    $ dumpelf ia64_bug_gcc/cc1plus
    /* Dynamic tag #25 'DT_RELA' 0x2099518 */
    {
        .d_tag     = 0x7        ,
        .d_un      = {
                .d_val = 0x4000000000104B08 ,
                .d_ptr = 0x4000000000104B08 ,
        },
    },
    /* Section Header #8 '.rela.dyn' 0x20AA610 */
    {
        .sh_type      = 4          , /* [SHT_RELA] */
        .sh_addr      = 0x4000000000104B08 ,
        .sh_offset    = 1067784    , /* (bytes) */
    },

Before the change scanelf assumed DT_RELA.d_ptr is
a relative offset. This is not true in general case
but good-enough for DSOs as they have zero load address.

This change extends the check for executables.
To make addresses relative again we find load address
of first byte from program header with 'p_offset'.

    /* Program Header #2 0xB0 */
    {
        .p_type   = 1          , /* [PT_LOAD] */
        .p_offset = 0          , /* (bytes into file) */
        .p_vaddr  = 0x4000000000000000 , /* (virtual addr at runtime) */
        .p_paddr  = 0x4000000000000000 , /* (physical addr at runtime) */
    },

Bug: https://bugs.gentoo.org/566118
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 scanelf.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index a054408..530edfb 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -579,6 +579,8 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	Elf ## B ## _Rela *rela; \
 	Elf ## B ## _Dyn *dyn, *drel, *drelsz, *drelent, *dpltrel; \
 	uint32_t pltrel; \
+	Elf ## B ## _Addr load_address = 0; \
+	Elf ## B ## _Addr file_offset; \
 	\
 	/* Walk all the dynamic tags to find relocation info */ \
 	drel = drelsz = drelent = dpltrel = NULL; \
@@ -605,27 +607,40 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 		warnf("ELF is missing relocation information"); \
 		break; \
 	} \
+	phdr = PHDR ## B(elf->phdr); \
+	/* Lookup load base: byte 0 is mapped at load_address */ \
+	for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
+		/* Only care about loadable segments. */ \
+		if (EGET(phdr[i].p_type) != PT_LOAD) \
+			continue; \
+		/* We search for the first program header to map into memory */ \
+		if (EGET(phdr[i].p_offset) != 0) \
+			continue; \
+		load_address = EGET(phdr[i].p_vaddr); \
+	} \
 	switch (EGET(dpltrel->d_un.d_val)) { \
 	case DT_REL: \
-		if (!VALID_RANGE(elf, EGET(drel->d_un.d_val), sizeof (drel->d_un.d_val))) { \
+		file_offset = EGET(drel->d_un.d_val) - load_address; \
+		if (!VALID_RANGE(elf, file_offset, sizeof (drel->d_un.d_val))) { \
 			rel = NULL; \
 			rela = NULL; \
 			warn("%s: DT_REL is out of file range", elf->filename); \
 			break; \
 		} \
-		rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
+		rel = REL##B(elf->vdata + file_offset); \
 		rela = NULL; \
 		pltrel = DT_REL; \
 		break; \
 	case DT_RELA: \
-		if (!VALID_RANGE(elf, EGET(drel->d_un.d_val), sizeof (drel->d_un.d_val))) { \
+		file_offset = EGET(drel->d_un.d_val) - load_address; \
+		if (!VALID_RANGE(elf, file_offset, sizeof (drel->d_un.d_val))) { \
 			rel = NULL; \
 			rela = NULL; \
 			warn("%s: DT_RELA is out of file range", elf->filename); \
 			break; \
 		} \
 		rel = NULL; \
-		rela = RELA##B(elf->vdata + EGET(drel->d_un.d_val)); \
+		rela = RELA##B(elf->vdata + file_offset); \
 		pltrel = DT_RELA; \
 		break; \
 	default: \
@@ -639,7 +654,6 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	rmax = EGET(drelsz->d_un.d_val) / EGET(drelent->d_un.d_val); \
 	\
 	/* search the program segments for relocations */ \
-	phdr = PHDR ## B(elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
 		Elf ## B ## _Addr vaddr = EGET(phdr[i].p_vaddr); \
 		uint ## B ## _t memsz = EGET(phdr[i].p_memsz); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07  4:44 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07  4:44 UTC (permalink / raw
  To: gentoo-commits

commit:     868f108fcb37217fad22c46638a2d8b556186152
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:14:26 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 04:41:30 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=868f108f

paxelf: constify elf_findsecbyname

We need to also constify scanelf_file_get_symtabs due to cascading
const markings.

 paxelf.c  |  8 ++++----
 paxelf.h  |  2 +-
 scanelf.c | 42 +++++++++++++++++++++---------------------
 3 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index c082178..913c6a5 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -784,11 +784,11 @@ const char *gnu_short_stack_flags(unsigned long flags)
 	return buffer;
 }
 
-void *elf_findsecbyname(elfobj *elf, const char *name)
+const void *elf_findsecbyname(elfobj *elf, const char *name)
 {
 	unsigned int i;
-	char *shdr_name;
-	void *ret = NULL;
+	const char *shdr_name;
+	const void *ret = NULL;
 
 	if (elf->shdr == NULL) return NULL;
 
@@ -808,7 +808,7 @@ void *elf_findsecbyname(elfobj *elf, const char *name)
 		shdr_name = elf->data + offset; \
 		if (!strcmp(shdr_name, name)) { \
 			if (ret) warnf("Multiple '%s' sections !?", name); \
-			ret = (void*)&(shdr[i]); \
+			ret = &shdr[i]; \
 		} \
 	} }
 	FINDSEC(32)

diff --git a/paxelf.h b/paxelf.h
index a82ca80..f08839b 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -73,7 +73,7 @@ extern const char *get_elfstbtype(int type);
 extern const char *get_elfstvtype(int type);
 extern const char *get_elfstttype(int type);
 extern const char *get_elfnttype(uint16_t e_type, const char *name, int type);
-extern void *elf_findsecbyname(elfobj *elf, const char *name);
+extern const void *elf_findsecbyname(elfobj *elf, const char *name);
 extern unsigned int get_etype(elfobj *elf);
 extern unsigned int get_emtype(elfobj *elf);
 extern void print_etypes(FILE *);

diff --git a/scanelf.c b/scanelf.c
index 7095c96..01c730e 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -198,16 +198,16 @@ static void *scanelf_file_get_pt_dynamic(elfobj *elf)
 	while ((void *)++dyn < elf->data_end - sizeof(*dyn) && EGET(dyn->d_tag) != DT_NULL)
 
 /* sub-funcs for scanelf_fileat() */
-static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
+static void scanelf_file_get_symtabs(elfobj *elf, const void **sym, const void **str)
 {
 	/* find the best SHT_DYNSYM and SHT_STRTAB sections */
 
 	/* debug sections */
-	void *symtab = elf_findsecbyname(elf, ".symtab");
-	void *strtab = elf_findsecbyname(elf, ".strtab");
+	const void *symtab = elf_findsecbyname(elf, ".symtab");
+	const void *strtab = elf_findsecbyname(elf, ".strtab");
 	/* runtime sections */
-	void *dynsym = elf_findsecbyname(elf, ".dynsym");
-	void *dynstr = elf_findsecbyname(elf, ".dynstr");
+	const void *dynsym = elf_findsecbyname(elf, ".dynsym");
+	const void *dynstr = elf_findsecbyname(elf, ".dynstr");
 
 	/*
 	 * If the sections are marked NOBITS, then they don't exist, so we just
@@ -219,10 +219,10 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 	 * as they are generated in sync.  Trying to mix them won't work.
 	 */
 #define GET_SYMTABS(B) \
-	Elf ## B ## _Shdr *esymtab = symtab; \
-	Elf ## B ## _Shdr *estrtab = strtab; \
-	Elf ## B ## _Shdr *edynsym = dynsym; \
-	Elf ## B ## _Shdr *edynstr = dynstr; \
+	const Elf ## B ## _Shdr *esymtab = symtab; \
+	const Elf ## B ## _Shdr *estrtab = strtab; \
+	const Elf ## B ## _Shdr *edynsym = dynsym; \
+	const Elf ## B ## _Shdr *edynstr = dynstr; \
 	\
 	if (!VALID_SHDR(elf, esymtab)) \
 		symtab = NULL; \
@@ -265,10 +265,10 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 #define GET_SYMTABS_DT(B) \
 	size_t i; \
 	static Elf ## B ## _Shdr sym_shdr, str_shdr; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	Elf ## B ## _Addr vsym, vstr, vhash, vgnu_hash; \
-	Elf ## B ## _Dyn *dyn; \
+	const Elf ## B ## _Dyn *dyn; \
 	\
 	/* lookup symbols used at runtime with DT_SYMTAB / DT_STRTAB */ \
 	vsym = vstr = vhash = vgnu_hash = 0; \
@@ -307,11 +307,11 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 		if (vhash >= vaddr && vhash < vaddr + filesz) { \
 			/* Scan the hash table to see how many entries we have */ \
 			Elf32_Word max_sym_idx = 0; \
-			Elf32_Word *hashtbl = elf->vdata + hash_offset; \
+			const Elf32_Word *hashtbl = elf->vdata + hash_offset; \
 			Elf32_Word b, nbuckets = EGET(hashtbl[0]); \
 			Elf32_Word nchains = EGET(hashtbl[1]); \
-			Elf32_Word *buckets = &hashtbl[2]; \
-			Elf32_Word *chains = &buckets[nbuckets]; \
+			const Elf32_Word *buckets = &hashtbl[2]; \
+			const Elf32_Word *chains = &buckets[nbuckets]; \
 			Elf32_Word sym_idx; \
 			Elf32_Word chained; \
 			\
@@ -559,7 +559,7 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *found_textrel)
 {
 	unsigned long r, rmax;
-	void *symtab_void, *strtab_void;
+	const void *symtab_void, *strtab_void;
 
 	if (!show_textrels) return NULL;
 
@@ -789,7 +789,7 @@ static void rpath_security_checks(elfobj *elf, const char *item, const char *dt_
 static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len)
 {
 	char *rpath, *runpath, **r;
-	void *strtab_void;
+	const void *strtab_void;
 
 	if (!show_rpath) return;
 
@@ -940,7 +940,7 @@ static char *lookup_config_lib(const char *fname)
 static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char *found_lib, int op, char **ret, size_t *ret_len)
 {
 	const char *needed;
-	void *strtab_void;
+	const void *strtab_void;
 	char *p;
 
 	/*
@@ -1032,7 +1032,7 @@ static const char *scanelf_file_interp(elfobj *elf, char *found_interp)
 		SCANELF_ELF_SIZED(GET_PT_INTERP);
 	} else if (elf->shdr) {
 		/* Use the section headers to find it */
-		void *section = elf_findsecbyname(elf, ".interp");
+		const void *section = elf_findsecbyname(elf, ".interp");
 
 #define GET_INTERP(B) \
 		Elf ## B ## _Shdr *shdr = SHDR ## B (section); \
@@ -1091,7 +1091,7 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 static const char *scanelf_file_soname(elfobj *elf, char *found_soname)
 {
 	const char *soname;
-	void *strtab_void;
+	const void *strtab_void;
 
 	if (!show_soname) return NULL;
 
@@ -1296,7 +1296,7 @@ scanelf_match_symname(elfobj *elf, char *found_sym, char **ret, size_t *ret_len,
 static char *scanelf_file_sym(elfobj *elf, char *found_sym)
 {
 	char *ret;
-	void *symtab_void, *strtab_void;
+	const void *symtab_void, *strtab_void;
 
 	if (!find_sym) return NULL;
 	ret = NULL;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07  4:44 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07  4:44 UTC (permalink / raw
  To: gentoo-commits

commit:     df28fc345a31b9c329b95b1cb4666c49ad37d8d2
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:09:32 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 04:41:30 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=df28fc34

scanelf: constify rpath_security_checks

 scanelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 530edfb..16f712f 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -761,7 +761,7 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
 	return NULL;
 }
 
-static void rpath_security_checks(elfobj *elf, char *item, const char *dt_type)
+static void rpath_security_checks(elfobj *elf, const char *item, const char *dt_type)
 {
 	struct stat st;
 	switch (*item) {


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07  4:44 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07  4:44 UTC (permalink / raw
  To: gentoo-commits

commit:     f76827ef097d155a65e4536ee34c5d5f3b3635d3
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:10:27 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 04:41:30 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f76827ef

scanelf: constify most scanelf_file_* helpers

Just house keeping -- all of these pointers are already used as const mem.

 scanelf.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 16f712f..7095c96 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -411,7 +411,7 @@ static const char *scanelf_file_pax(elfobj *elf, char *found_pax)
 		return ret;
 }
 
-static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, char *found_load)
+static const char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, char *found_load)
 {
 	static char ret[12];
 	char *found;
@@ -556,7 +556,7 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
  * Should rewrite this to check PT_LOAD sections that are marked
  * Executable rather than the section named '.text'.
  */
-static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *found_textrel)
+static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *found_textrel)
 {
 	unsigned long r, rmax;
 	void *symtab_void, *strtab_void;
@@ -939,7 +939,7 @@ static char *lookup_config_lib(const char *fname)
 
 static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char *found_lib, int op, char **ret, size_t *ret_len)
 {
-	char *needed;
+	const char *needed;
 	void *strtab_void;
 	char *p;
 
@@ -1011,7 +1011,7 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 
 	return NULL;
 }
-static char *scanelf_file_interp(elfobj *elf, char *found_interp)
+static const char *scanelf_file_interp(elfobj *elf, char *found_interp)
 {
 	uint64_t offset = 0;
 
@@ -1043,7 +1043,7 @@ static char *scanelf_file_interp(elfobj *elf, char *found_interp)
 
 	/* Validate the pointer even if we don't use it in output */
 	if (offset && offset <= (uint64_t)elf->len) {
-		char *interp = elf->data + offset;
+		const char *interp = elf->data + offset;
 
 		/* If it isn't a C pointer, it's garbage */
 		if (memchr(interp, 0, elf->len - offset)) {
@@ -1088,9 +1088,9 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 		return dynamic ? "LAZY" : "STATIC";
 	}
 }
-static char *scanelf_file_soname(elfobj *elf, char *found_soname)
+static const char *scanelf_file_soname(elfobj *elf, char *found_soname)
 {
-	char *soname;
+	const char *soname;
 	void *strtab_void;
 
 	if (!show_soname) return NULL;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     3361e7f62bccabc396b4e298cbb2ddebedb8855f
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:26:24 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 04:41:30 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=3361e7f6

build: support clang a bit better

Use the -Werror=unknown-warning-option option if available so clang
will reject some of the extra -W flags we add ourselves.

 Makefile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 569e924..c906311 100644
--- a/Makefile
+++ b/Makefile
@@ -2,13 +2,15 @@
 # Distributed under the terms of the GNU General Public License v2
 ####################################################################
 
-check_gcc = $(shell if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \
+check_compiler = \
+	$(shell if $(CC) $(WUNKNOWN) $(1) -S -o /dev/null -xc /dev/null >/dev/null 2>&1; \
 	then echo "$(1)"; else echo "$(2)"; fi)
-check_gcc_many = $(foreach flag,$(1),$(call check_gcc,$(flag)))
+check_compiler_many = $(foreach flag,$(1),$(call check_compiler,$(flag)))
 
 ####################################################################
 # Avoid CC overhead when installing
 ifneq ($(MAKECMDGOALS),install)
+WUNKNOWN  := $(call check_compiler,-Werror=unknown-warning-option)
 _WFLAGS   := \
 	-Wdeclaration-after-statement \
 	-Wextra \
@@ -19,7 +21,7 @@ WFLAGS    := -Wall -Wunused -Wimplicit -Wshadow -Wformat=2 \
              -Wmissing-declarations -Wmissing-prototypes -Wwrite-strings \
              -Wbad-function-cast -Wnested-externs -Wcomment -Winline \
              -Wchar-subscripts -Wcast-align -Wno-format-nonliteral \
-             $(call check_gcc_many,$(_WFLAGS))
+             $(call check_compiler_many,$(_WFLAGS))
 endif
 
 CFLAGS    ?= -O2 -pipe
@@ -86,7 +88,7 @@ DEBUG_FLAGS = \
 	-fsanitize=leak \
 	-fsanitize=undefined
 debug: clean
-	$(MAKE) CFLAGS="$(CFLAGS) -g3 -ggdb $(call check_gcc_many,$(DEBUG_FLAGS))" all
+	$(MAKE) CFLAGS="$(CFLAGS) -g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS))" all
 	@-chpax  -permsx $(ELF_TARGETS)
 	@-paxctl -permsx $(ELF_TARGETS)
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     7ae5fd56ba14071dc2ea51b3e205259932fe0a61
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:35:25 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 04:41:30 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7ae5fd56

paxldso: constify elf structs

 paxldso.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index ce64e6c..0cb7b01 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -68,7 +68,7 @@ static bool is_compatible(elfobj *elf, libentry_t *libent)
 	 */
 
 	if (elf->elf_class == ELFCLASS32) {
-		Elf32_Ehdr *ehdr = EHDR32(elf->ehdr);
+		const Elf32_Ehdr *ehdr = EHDR32(elf->ehdr);
 
 		switch (EGET(ehdr->e_machine)) {
 		case EM_AARCH64:
@@ -101,7 +101,7 @@ static bool is_compatible(elfobj *elf, libentry_t *libent)
 			break;
 		}
 	} else {
-		Elf64_Ehdr *ehdr = EHDR64(elf->ehdr);
+		const Elf64_Ehdr *ehdr = EHDR64(elf->ehdr);
 
 		switch (EGET(ehdr->e_machine)) {
 		case EM_AARCH64:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     54ba3a5d38687d66f9b52971b3d7460d7da54df9
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 20:34:35 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 04:41:30 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=54ba3a5d

pspax: constify all the pointers

 pspax.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/pspax.c b/pspax.c
index c10688f..52bdd8d 100644
--- a/pspax.c
+++ b/pspax.c
@@ -75,7 +75,7 @@ static elfobj *proc_readelf(int pfd)
 	return elf;
 }
 
-static char *get_proc_name_cmdline(int pfd)
+static const char *get_proc_name_cmdline(int pfd)
 {
 	FILE *fp;
 	static char str[1024];
@@ -93,7 +93,7 @@ static char *get_proc_name_cmdline(int pfd)
 	return (str);
 }
 
-static char *get_proc_name(int pfd)
+static const char *get_proc_name(int pfd)
 {
 	FILE *fp;
 	static char str[BUFSIZ];
@@ -198,10 +198,10 @@ static int print_executable_mappings(int pfd)
 # define NOTE_TO_SELF
 #endif
 
-static struct passwd *get_proc_passwd(int pfd)
+static const struct passwd *get_proc_passwd(int pfd)
 {
 	struct stat st;
-	struct passwd *pwd = NULL;
+	const struct passwd *pwd = NULL;
 
 	if (fstatat(pfd, "stat", &st, AT_SYMLINK_NOFOLLOW) != -1)
 		pwd = getpwuid(st.st_uid);
@@ -209,7 +209,7 @@ static struct passwd *get_proc_passwd(int pfd)
 	return pwd;
 }
 
-static char *get_proc_status(int pfd, const char *name)
+static const char *get_proc_status(int pfd, const char *name)
 {
 	FILE *fp;
 	size_t len;
@@ -233,7 +233,7 @@ static char *get_proc_status(int pfd, const char *name)
 	return NULL;
 }
 
-static char *get_pid_attr(int pfd)
+static const char *get_pid_attr(int pfd)
 {
 	FILE *fp;
 	char *p;
@@ -250,7 +250,7 @@ static char *get_pid_attr(int pfd)
 	return buf;
 }
 
-static char *get_pid_addr(int pfd)
+static const char *get_pid_addr(int pfd)
 {
 	FILE *fp;
 	char *p;
@@ -281,7 +281,7 @@ static const char *get_proc_type(int pfd)
 	return ret;
 }
 
-static char *scanelf_file_phdr(elfobj *elf)
+static const char *scanelf_file_phdr(elfobj *elf)
 {
 	static char ret[8];
 	unsigned long i, off, multi_stack, multi_load;
@@ -294,8 +294,8 @@ static char *scanelf_file_phdr(elfobj *elf)
 	uint32_t flags;
 #define SHOW_PHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
 		if (EGET(phdr[i].p_type) == PT_GNU_STACK) { \
 			if (multi_stack++) warnf("%s: multiple PT_GNU_STACK's !?", elf->filename); \
@@ -336,7 +336,7 @@ static void pspax(const char *find_name)
 	pid_t pid;
 	pid_t ppid = show_pid;
 	int have_attr, have_addr, wx;
-	struct passwd *pwd;
+	const struct passwd *pwd;
 	const char *pax, *type, *name, *attr, *addr;
 	char *caps;
 	int pfd;
@@ -375,7 +375,7 @@ static void pspax(const char *find_name)
 			continue;
 
 		if (find_name && pid) {
-			char *str = get_proc_name(pfd);
+			const char *str = get_proc_name(pfd);
 			if (!str)
 				goto next_pid;
 			if (strcmp(str, find_name) != 0)
@@ -504,8 +504,8 @@ static void usage(int status)
 static void parseargs(int argc, char *argv[])
 {
 	int flag;
-	struct passwd *pwd = NULL;
-	struct  group *gwd = NULL;
+	const struct passwd *pwd = NULL;
+	const struct  group *gwd = NULL;
 
 	opterr = 0;
 	while ((flag=getopt_long(argc, argv, PARSE_FLAGS, long_opts, NULL)) != -1) {
@@ -563,7 +563,7 @@ static void parseargs(int argc, char *argv[])
 
 int main(int argc, char *argv[])
 {
-	char *name = NULL;
+	const char *name = NULL;
 
 	/* We unshare pidns but don't actually enter it.  That means
 	 * we still get to scan /proc, but just not fork children.  */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     5e0d247c72ce34e41520b93e3dd752fb75cf20a4
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 21:34:45 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 14:05:50 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5e0d247c

paxelf: constify elfobj pointer in helpers

This helper funcs only read data, so mark elfobj as const.

 paxelf.c | 20 ++++++++++----------
 paxelf.h | 16 ++++++++--------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index 9609cc1..59f50fd 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -86,7 +86,7 @@ static pairtype elf_etypes[] = {
 	{ 0, 0 }
 };
 
-unsigned int get_etype(elfobj *elf)
+unsigned int get_etype(const elfobj *elf)
 {
 	if (elf->elf_class == ELFCLASS32)
 		return EGET(EHDR32(elf->ehdr)->e_type);
@@ -94,12 +94,12 @@ unsigned int get_etype(elfobj *elf)
 		return EGET(EHDR64(elf->ehdr)->e_type);
 }
 
-const char *get_elfetype(elfobj *elf)
+const char *get_elfetype(const elfobj *elf)
 {
 	return find_pairtype(elf_etypes, get_etype(elf));
 }
 
-const char *get_endian(elfobj *elf)
+const char *get_endian(const elfobj *elf)
 {
 	switch (elf->data[EI_DATA]) {
 		case ELFDATA2LSB: return "LE";
@@ -109,7 +109,7 @@ const char *get_endian(elfobj *elf)
 }
 
 /* translate elf EF_ defines -- tricky as it's based on EM_ */
-static unsigned int get_eflags(elfobj *elf)
+static unsigned int get_eflags(const elfobj *elf)
 {
 	if (elf->elf_class == ELFCLASS32)
 		return EGET(EHDR32(elf->ehdr)->e_flags);
@@ -117,7 +117,7 @@ static unsigned int get_eflags(elfobj *elf)
 		return EGET(EHDR64(elf->ehdr)->e_flags);
 }
 
-static int arm_eabi_poker(elfobj *elf)
+static int arm_eabi_poker(const elfobj *elf)
 {
 	unsigned int emachine, eflags;
 
@@ -133,7 +133,7 @@ static int arm_eabi_poker(elfobj *elf)
 		return -1;
 }
 
-const char *get_elf_eabi(elfobj *elf)
+const char *get_elf_eabi(const elfobj *elf)
 {
 	static char buf[26];
 	int eabi = arm_eabi_poker(elf);
@@ -144,7 +144,7 @@ const char *get_elf_eabi(elfobj *elf)
 	return buf;
 }
 
-const char *get_elfosabi(elfobj *elf)
+const char *get_elfosabi(const elfobj *elf)
 {
 	const char *str = get_elfeitype(EI_OSABI, elf->data[EI_OSABI]);
 	if (strncmp(str, "ELFOSABI_", 9) == 0)
@@ -279,7 +279,7 @@ static pairtype elf_emtypes[] = {
 	{ 0, 0 }
 };
 
-unsigned int get_emtype(elfobj *elf)
+unsigned int get_emtype(const elfobj *elf)
 {
 	if (elf->elf_class == ELFCLASS32)
 		return EGET(EHDR32(elf->ehdr)->e_machine);
@@ -287,7 +287,7 @@ unsigned int get_emtype(elfobj *elf)
 		return EGET(EHDR64(elf->ehdr)->e_machine);
 }
 
-const char *get_elfemtype(elfobj *elf)
+const char *get_elfemtype(const elfobj *elf)
 {
 	return find_pairtype(elf_emtypes, get_emtype(elf));
 }
@@ -784,7 +784,7 @@ const char *gnu_short_stack_flags(unsigned long flags)
 	return buffer;
 }
 
-const void *elf_findsecbyname(elfobj *elf, const char *name)
+const void *elf_findsecbyname(const elfobj *elf, const char *name)
 {
 	unsigned int i;
 	const char *shdr_name;

diff --git a/paxelf.h b/paxelf.h
index f08839b..0742c40 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -60,11 +60,11 @@ extern elfobj *_readelf(const char *filename, int read_only);
 #define readelf(filename) _readelf(filename, 1)
 extern void unreadelf(elfobj *elf);
 extern const char *get_elfeitype(int ei_type, int type);
-extern const char *get_elfetype(elfobj *elf);
-extern const char *get_endian(elfobj *elf);
-extern const char *get_elfosabi(elfobj *elf);
-extern const char *get_elf_eabi(elfobj *elf);
-extern const char *get_elfemtype(elfobj *elf);
+extern const char *get_elfetype(const elfobj *elf);
+extern const char *get_endian(const elfobj *elf);
+extern const char *get_elfosabi(const elfobj *elf);
+extern const char *get_elf_eabi(const elfobj *elf);
+extern const char *get_elfemtype(const elfobj *elf);
 extern const char *get_elfptype(int type);
 extern const char *get_elfdtype(int type);
 extern const char *get_elfshntype(int type);
@@ -73,9 +73,9 @@ extern const char *get_elfstbtype(int type);
 extern const char *get_elfstvtype(int type);
 extern const char *get_elfstttype(int type);
 extern const char *get_elfnttype(uint16_t e_type, const char *name, int type);
-extern const void *elf_findsecbyname(elfobj *elf, const char *name);
-extern unsigned int get_etype(elfobj *elf);
-extern unsigned int get_emtype(elfobj *elf);
+extern const void *elf_findsecbyname(const elfobj *elf, const char *name);
+extern unsigned int get_etype(const elfobj *elf);
+extern unsigned int get_emtype(const elfobj *elf);
 extern void print_etypes(FILE *);
 extern unsigned int etype_lookup(const char *);
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     6d18d3218193e1d34e8a7efb075465babc50d7a2
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 21:31:54 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 14:05:49 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6d18d321

paxelf: constify misc pointers

Mark internal pointers as const that we don't modify anywhere.

 paxelf.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index 913c6a5..9609cc1 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -616,7 +616,7 @@ free_elf_and_return:
 #define READELF_HEADER(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
 		char invalid; \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+		const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Off size; \
 		/* verify program header */ \
 		invalid = 0; \
@@ -794,9 +794,9 @@ const void *elf_findsecbyname(elfobj *elf, const char *name)
 
 #define FINDSEC(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
-	Elf ## B ## _Shdr *strtbl; \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
+	const Elf ## B ## _Shdr *strtbl; \
 	Elf ## B ## _Off offset; \
 	uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
 	uint16_t shnum = EGET(ehdr->e_shnum); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     9c0ec154d782795daa3b7d2ae273bbda2b36ae83
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 21:41:41 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 14:05:50 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9c0ec154

scanelf: use asprintf instead of manual malloc/sprintf

This makes the code a bit nicer to deal with.  For portable targets,
we already include asprintf from gnulib.

 scanelf.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 01c730e..6dcc51e 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -733,19 +733,21 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 			if (be_verbose && objdump) { \
 				Elf ## B ## _Addr end_addr = offset_tmp + EGET(func->st_size); \
 				char *sysbuf; \
-				size_t syslen; \
-				const char sysfmt[] = "%s -r -R -d -w -l --start-address=0x%lX --stop-address=0x%lX %s | grep --color -i -C 3 '.*[[:space:]]%lX:[[:space:]]*R_.*'\n"; \
-				syslen = sizeof(sysfmt) + strlen(objdump) + strlen(elf->filename) + 3 * sizeof(unsigned long) + 1; \
-				sysbuf = xmalloc(syslen); \
+				int ret; \
 				if (end_addr < r_offset) \
 					/* not uncommon when things are optimized out */ \
 					end_addr = r_offset + 0x100; \
-				snprintf(sysbuf, syslen, sysfmt, \
+				ret = asprintf( \
+					&sysbuf, \
+					"%s -r -R -d -w -l --start-address=0x%lX --stop-address=0x%lX %s | " \
+					"grep --color -i -C 3 '.*[[:space:]]%lX:[[:space:]]*R_.*'\n", \
 					objdump, \
 					(unsigned long)offset_tmp, \
 					(unsigned long)end_addr, \
 					elf->filename, \
 					(unsigned long)r_offset); \
+				if (ret < 0) \
+					errp("asprintf() failed"); \
 				fflush(stdout); \
 				if (system(sysbuf)) {/* don't care */} \
 				fflush(stdout); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     7853dba4ac9405793cc5275fd38c722b1cba2978
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  4 21:36:29 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 14:05:50 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7853dba4

paxelf: constify elfobj pointers

We rarely need to modify the memory from our input ELFs, so constify all
the buffers.  We end up having to cast away the const in the "fix" paths
in scanelf (which is a bit ugly), but otherwise everything else works.

 paxelf.c  |  4 ++--
 paxelf.h  | 15 ++++++++++-----
 scanelf.c | 30 ++++++++++++++++++------------
 3 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/paxelf.c b/paxelf.c
index 59f50fd..dea3757 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -558,7 +558,7 @@ const char *get_elfnttype(uint16_t e_type, const char *name, int type)
 	((buff[EI_CLASS] == ELFCLASS32 || buff[EI_CLASS] == ELFCLASS64) && \
 	 (buff[EI_DATA] == ELFDATA2LSB || buff[EI_DATA] == ELFDATA2MSB) && \
 	 (buff[EI_VERSION] == EV_CURRENT))
-elfobj *readelf_buffer(const char *filename, void *buffer, size_t buffer_len)
+elfobj *readelf_buffer(const char *filename, const void *buffer, size_t buffer_len)
 {
 	elfobj *elf;
 
@@ -720,7 +720,7 @@ elfobj *_readelf(const char *filename, int read_only)
 /* undo the readelf() stuff */
 void unreadelf(elfobj *elf)
 {
-	if (elf->is_mmap) munmap(elf->vdata, elf->len);
+	if (elf->is_mmap) munmap((void *)elf->vdata, elf->len);
 	if (elf->fd != -1) close(elf->fd);
 	if (!__PAX_UNALIGNED_OK) free(elf->_data);
 	free(elf);

diff --git a/paxelf.h b/paxelf.h
index 0742c40..f252969 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -12,11 +12,16 @@
 #define _PAX_ELF_H
 
 typedef struct {
-	void *phdr;
-	void *shdr;
+	const void *phdr;
+	const void *shdr;
+	/* When we need to duplicate the ELF buffer for alignment. */
 	void *_data;
-	union { void *ehdr, *vdata; char *data; uintptr_t udata; };
-	void *data_end;
+	union {
+		const void *ehdr, *vdata;
+		const char *data;
+		uintptr_t udata;
+	};
+	const void *data_end;
 	char elf_class;
 	off_t len;
 	int fd;
@@ -53,7 +58,7 @@ typedef struct {
 extern const char *pax_short_hf_flags(unsigned long flags);
 extern const char *pax_short_pf_flags(unsigned long flags);
 extern const char *gnu_short_stack_flags(unsigned long flags);
-extern elfobj *readelf_buffer(const char *filename, void *buffer, size_t buffer_len);
+extern elfobj *readelf_buffer(const char *filename, const void *buffer, size_t buffer_len);
 extern elfobj *_readelf_fd(const char *filename, int fd, size_t len, int read_only);
 #define readelf_fd(filename, fd, len) _readelf_fd(filename, fd, len, 1)
 extern elfobj *_readelf(const char *filename, int read_only);

diff --git a/scanelf.c b/scanelf.c
index 7936e3c..440a193 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -370,13 +370,14 @@ static const char *scanelf_file_pax(elfobj *elf, char *found_pax)
 
 #define SHOW_PAX(B) \
 	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+	const Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
 		if (EGET(phdr[i].p_type) != PT_PAX_FLAGS) \
 			continue; \
 		if (fix_elf && setpax) { \
 			/* set the paxctl flags */ \
-			ESET(phdr[i].p_flags, setpax); \
+			Elf ## B ## _Phdr *wphdr = (void *)&phdr[i]; \
+			ESET(wphdr->p_flags, setpax); \
 		} \
 		if (be_quiet && (EGET(phdr[i].p_flags) == (PF_NOEMUTRAMP | PF_NORANDEXEC))) \
 			continue; \
@@ -430,7 +431,7 @@ static const char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_
 	Elf ## B ## _Off offset; \
 	uint32_t flags, check_flags; \
 	if (elf->phdr != NULL) { \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+		const Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 		for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
 			if (EGET(phdr[i].p_type) == PT_GNU_STACK) { \
 				if (multi_stack++) \
@@ -458,7 +459,8 @@ static const char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_
 			if (be_quiet && ((flags & check_flags) != check_flags)) \
 				continue; \
 			if ((EGET(phdr[i].p_type) != PT_LOAD) && (fix_elf && ((flags & PF_X) != flags))) { \
-				ESET(phdr[i].p_flags, flags & (PF_X ^ (size_t)-1)); \
+				Elf ## B ## _Phdr *wphdr = (void *)&phdr[i]; \
+				ESET(wphdr->p_flags, flags & (PF_X ^ (size_t)-1)); \
 				ret[3] = ret[7] = '!'; \
 				flags = EGET(phdr[i].p_flags); \
 			} \
@@ -790,7 +792,7 @@ static void rpath_security_checks(elfobj *elf, const char *item, const char *dt_
 }
 static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len)
 {
-	char *rpath, *runpath, **r;
+	const char *rpath, *runpath, **r;
 	const void *strtab_void;
 
 	if (!show_rpath) return;
@@ -804,7 +806,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 	rpath = runpath = NULL;
 
 #define SHOW_RPATH(B) \
-	Elf ## B ## _Dyn *dyn; \
+	const Elf ## B ## _Dyn *dyn; \
 	const Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	Elf ## B ## _Off offset; \
 	Elf ## B ## _Xword word; \
@@ -830,7 +832,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 			/* If quiet, don't output paths in ld.so.conf */ \
 			if (be_quiet) { \
 				size_t len; \
-				char *start, *end; \
+				const char *start, *end; \
 				/* note that we only 'chop' off leading known paths. */ \
 				/* since *r is read-only memory, we can only move the ptr forward. */ \
 				start = *r; \
@@ -861,17 +863,21 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 			if (*r) { \
 				if (fix_elf > 2 || (fix_elf && **r == '\0')) { \
 					/* just nuke it */ \
-					nuke_it##B: \
-					memset(*r, 0x00, offset); \
+					nuke_it##B: { \
+					/* We have to cast away the const. \
+					 * We know we mapped the backing memory as writable. */ \
+					Elf ## B ## _Dyn *wdyn = (void *)dyn; \
+					memset((void *)*r, 0x00, offset); \
 					*r = NULL; \
-					ESET(dyn->d_tag, DT_DEBUG); \
-					ESET(dyn->d_un.d_ptr, 0); \
+					ESET(wdyn->d_tag, DT_DEBUG); \
+					ESET(wdyn->d_un.d_ptr, 0); \
+					} \
 				} else if (fix_elf) { \
 					/* try to clean "bad" paths */ \
 					size_t len, tmpdir_len; \
 					char *start, *end; \
 					const char *tmpdir; \
-					start = *r; \
+					start = (void *)*r; \
 					tmpdir = (getenv("TMPDIR") ? : "."); \
 					tmpdir_len = strlen(tmpdir); \
 					while (1) { \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     a109e4867c86638c2c7612e20fe37e5aafc139bc
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  4 20:36:07 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 14:05:50 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a109e486

scanelf: add general const markings to Elf pointers

 scanelf.c | 72 +++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 6dcc51e..7936e3c 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -150,8 +150,8 @@ static ssize_t scanelf_file_find_phdr(elfobj *elf, uint32_t p_type)
 
 #define FIND_PT_TYPE(B) \
 	size_t i; \
-	Elf##B##_Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf##B##_Phdr *phdr = PHDR ## B (elf->phdr); \
+	const Elf##B##_Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf##B##_Phdr *phdr = PHDR ## B (elf->phdr); \
 	\
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
 		if (EGET(phdr[i].p_type) != p_type) \
@@ -168,14 +168,14 @@ static ssize_t scanelf_file_find_phdr(elfobj *elf, uint32_t p_type)
 	return ret;
 }
 
-static void *scanelf_file_get_pt_dynamic(elfobj *elf)
+static const void *scanelf_file_get_pt_dynamic(elfobj *elf)
 {
 	ssize_t i = scanelf_file_find_phdr(elf, PT_DYNAMIC);
 	if (i == -1)
 		return NULL;
 
 #define CHECK_PT_DYNAMIC(B) \
-	Elf##B##_Phdr *phdr = &PHDR##B(elf->phdr)[i]; \
+	const Elf##B##_Phdr *phdr = &PHDR##B(elf->phdr)[i]; \
 	Elf##B##_Off offset; \
 	\
 	if (EGET(phdr->p_filesz) == 0) \
@@ -191,7 +191,7 @@ static void *scanelf_file_get_pt_dynamic(elfobj *elf)
 
 #define scanelf_dt_for_each(B, elf, dyn) \
 	{ \
-		Elf##B##_Phdr *_phdr = scanelf_file_get_pt_dynamic(elf); \
+		const Elf##B##_Phdr *_phdr = scanelf_file_get_pt_dynamic(elf); \
 		dyn = (_phdr == NULL) ? elf->data_end : DYN##B(elf->vdata + EGET(_phdr->p_offset)); \
 	} \
 	--dyn; \
@@ -337,14 +337,14 @@ static void scanelf_file_get_symtabs(elfobj *elf, const void **sym, const void *
 		} \
 		\
 		if (vsym >= vaddr && vsym < vaddr + filesz) { \
-			Elf##B##_Shdr *shdr = &sym_shdr; \
+			const Elf##B##_Shdr *shdr = &sym_shdr; \
 			ESET(sym_shdr.sh_offset, offset + (vsym - vaddr)); \
 			if (VALID_SHDR(elf, shdr)) \
 				*sym = shdr; \
 		} \
 		\
 		if (vstr >= vaddr && vstr < vaddr + filesz) { \
-			Elf##B##_Shdr *shdr = &str_shdr; \
+			const Elf##B##_Shdr *shdr = &str_shdr; \
 			ESET(str_shdr.sh_offset, offset + (vstr - vaddr)); \
 			if (VALID_SHDR(elf, shdr)) \
 				*str = shdr; \
@@ -369,7 +369,7 @@ static const char *scanelf_file_pax(elfobj *elf, char *found_pax)
 	memset(&ret, 0, sizeof(ret));
 
 #define SHOW_PAX(B) \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 	for (i = 0; i < EGET(ehdr->e_phnum); i++) { \
 		if (EGET(phdr[i].p_type) != PT_PAX_FLAGS) \
@@ -426,7 +426,7 @@ static const char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_
 
 #define NOTE_GNU_STACK ".note.GNU-stack"
 #define SHOW_PHDR(B) \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	Elf ## B ## _Off offset; \
 	uint32_t flags, check_flags; \
 	if (elf->phdr != NULL) { \
@@ -468,9 +468,9 @@ static const char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_
 		} \
 	} else if (elf->shdr != NULL) { \
 		/* no program headers which means this is prob an object file */ \
-		Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
+		const Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
 		uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
-		Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
+		const Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
 		uint16_t shnum = EGET(ehdr->e_shnum); \
 		if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) \
 			goto corrupt_shdr; \
@@ -533,7 +533,7 @@ static const char *scanelf_file_textrel(elfobj *elf, char *found_textrel)
 	if (file_matches_list(elf->filename, qa_textrels)) return NULL;
 
 #define SHOW_TEXTREL(B) \
-	Elf ## B ## _Dyn *dyn; \
+	const Elf ## B ## _Dyn *dyn; \
 	\
 	scanelf_dt_for_each(B, elf, dyn) { \
 		if (EGET(dyn->d_tag) == DT_TEXTREL) { /*dyn->d_tag != DT_FLAGS)*/ \
@@ -571,13 +571,13 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 
 #define SHOW_TEXTRELS(B) \
 	size_t i; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Phdr *phdr; \
-	Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
-	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
-	Elf ## B ## _Rel *rel; \
-	Elf ## B ## _Rela *rela; \
-	Elf ## B ## _Dyn *dyn, *drel, *drelsz, *drelent, *dpltrel; \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Phdr *phdr; \
+	const Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
+	const Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
+	const Elf ## B ## _Rel *rel; \
+	const Elf ## B ## _Rela *rela; \
+	const Elf ## B ## _Dyn *dyn, *drel, *drelsz, *drelent, *dpltrel; \
 	uint32_t pltrel; \
 	Elf ## B ## _Addr load_address = 0; \
 	Elf ## B ## _Addr file_offset; \
@@ -669,8 +669,8 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 		for (r = 0; r < rmax; ++r) { \
 			unsigned long sym_max; \
 			Elf ## B ## _Addr offset_tmp; \
-			Elf ## B ## _Sym *func; \
-			Elf ## B ## _Sym *sym; \
+			const Elf ## B ## _Sym *func; \
+			const Elf ## B ## _Sym *sym; \
 			Elf ## B ## _Addr r_offset; \
 			uint ## B ## _t r_info; \
 			if (pltrel == DT_REL) { \
@@ -805,7 +805,7 @@ static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_
 
 #define SHOW_RPATH(B) \
 	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
+	const Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	Elf ## B ## _Off offset; \
 	Elf ## B ## _Xword word; \
 	\
@@ -960,8 +960,8 @@ static const char *scanelf_file_needed_lib(elfobj *elf, char *found_needed, char
 	strtab_void = elf_findsecbyname(elf, ".dynstr");
 
 #define SHOW_NEEDED(B) \
-	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
+	const Elf ## B ## _Dyn *dyn; \
+	const Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	size_t matched = 0; \
 	\
 	/* Walk all the dynamic tags to find NEEDED entries */ \
@@ -1023,8 +1023,8 @@ static const char *scanelf_file_interp(elfobj *elf, char *found_interp)
 		/* Walk all the program headers to find the PT_INTERP */
 #define GET_PT_INTERP(B) \
 		size_t i; \
-		Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-		Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
+		const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+		const Elf ## B ## _Phdr *phdr = PHDR ## B (elf->phdr); \
 		for (i = 0; i < EGET(ehdr->e_phnum); ++i) { \
 			if (EGET(phdr[i].p_type) == PT_INTERP) { \
 				offset = EGET(phdr[i].p_offset); \
@@ -1037,7 +1037,7 @@ static const char *scanelf_file_interp(elfobj *elf, char *found_interp)
 		const void *section = elf_findsecbyname(elf, ".interp");
 
 #define GET_INTERP(B) \
-		Elf ## B ## _Shdr *shdr = SHDR ## B (section); \
+		const Elf ## B ## _Shdr *shdr = SHDR ## B (section); \
 		offset = EGET(shdr->sh_offset);
 		if (section)
 			SCANELF_ELF_SIZED(GET_INTERP);
@@ -1066,7 +1066,7 @@ static const char *scanelf_file_bind(elfobj *elf, char *found_bind)
 	if (!elf->phdr) return NULL;
 
 #define SHOW_BIND(B) \
-	Elf ## B ## _Dyn *dyn; \
+	const Elf ## B ## _Dyn *dyn; \
 	\
 	scanelf_dt_for_each(B, elf, dyn) { \
 		dynamic = true; \
@@ -1105,9 +1105,9 @@ static const char *scanelf_file_soname(elfobj *elf, char *found_soname)
 	strtab_void = elf_findsecbyname(elf, ".dynstr");
 
 #define SHOW_SONAME(B) \
-	Elf ## B ## _Dyn *dyn; \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
-	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
+	const Elf ## B ## _Dyn *dyn; \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
 	\
 	/* only look for soname in shared objects */ \
 	if (EGET(ehdr->e_type) != ET_DYN) \
@@ -1306,11 +1306,11 @@ static char *scanelf_file_sym(elfobj *elf, char *found_sym)
 	scanelf_file_get_symtabs(elf, &symtab_void, &strtab_void);
 
 #define FIND_SYM(B) \
-	Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
-	Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
-	Elf ## B ## _Sym *sym = SYM ## B (elf->vdata + EGET(symtab->sh_offset)); \
+	const Elf ## B ## _Shdr *symtab = SHDR ## B (symtab_void); \
+	const Elf ## B ## _Shdr *strtab = SHDR ## B (strtab_void); \
+	const Elf ## B ## _Sym *sym = SYM ## B (elf->vdata + EGET(symtab->sh_offset)); \
 	Elf ## B ## _Word i, cnt = EGET(symtab->sh_entsize); \
-	char *symname; \
+	const char *symname; \
 	size_t ret_len = 0; \
 	if (cnt) \
 		cnt = EGET(symtab->sh_size) / cnt; \
@@ -1367,7 +1367,7 @@ static const char *scanelf_file_sections(elfobj *elf, char *found_section)
 	size_t matched, n; \
 	int invert; \
 	const char *section_name; \
-	Elf ## B ## _Shdr *section; \
+	const Elf ## B ## _Shdr *section; \
 	\
 	matched = 0; \
 	array_for_each(find_section_arr, n, section_name) { \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-06-07 14:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2018-06-07 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     5dffe6dcfa021c0621fb7e6c76812f9c08747039
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  3 21:29:52 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 14:05:49 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5dffe6dc

dumpelf: constify misc pointers

Mark all possible pointers const since we don't modify anything.

 dumpelf.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 6ba37fc..405beba 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -55,7 +55,7 @@ static void dumpelf(const char *filename, size_t file_cnt)
 	/* setup the struct to namespace this elf */
 #define MAKE_STRUCT(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
-	Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
+	const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 	b = B; \
 	printf( \
 		"Elf%1$i_Dyn dumpedelf_dyn_%2$zu[];\n" \
@@ -300,7 +300,7 @@ static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 	if (elf->elf_class == ELFCLASS ## B) { \
 	const Elf ## B ## _Phdr *phdr = PHDR ## B (phdr_void); \
 	Elf ## B ## _Off offset = EGET(phdr->p_offset); \
-	void *vdata = elf->vdata + offset; \
+	const void *vdata = elf->vdata + offset; \
 	uint32_t p_type = EGET(phdr->p_type); \
 	printf("/* Program Header #%zu 0x%tX */\n{\n", \
 	       phdr_cnt, (uintptr_t)phdr_void - elf->udata); \
@@ -356,7 +356,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 	size_t i;
 
 	/* Make sure the string is valid. */
-	if ((void *)section_name >= elf->data_end)
+	if ((const void *)section_name >= elf->data_end)
 		section_name = "<corrupt>";
 	else if (memchr(section_name, 0, elf->len - (section_name - elf->data)) == NULL)
 		section_name = "<corrupt>";
@@ -388,8 +388,8 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 	} else if (!VALID_RANGE(elf, offset, size)) { \
 		printf(" /* corrupt section header ! */ "); \
 	} else if (size && be_verbose) { \
-		void *vdata = elf->vdata + offset; \
-		unsigned char *data = vdata; \
+		const void *vdata = elf->vdata + offset; \
+		const unsigned char *data = vdata; \
 		switch (type) { \
 		case SHT_PROGBITS: { \
 			if (strcmp(section_name, ".interp") == 0) { \
@@ -420,7 +420,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 			break; \
 		} \
 		case SHT_DYNSYM: { \
-			Elf##B##_Sym *sym = vdata; \
+			const Elf##B##_Sym *sym = vdata; \
 			printf("\n\t/%c section dump:\n", '*'); \
 			if (EGET(shdr->sh_entsize) < sizeof(*sym)) \
 				printf(" /* corrupt section ! */ "); \
@@ -443,7 +443,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 			dump_notes(elf, B, vdata, vdata + EGET(shdr->sh_size)); \
 			break; \
 		case SHT_GNU_LIBLIST: { \
-			Elf##B##_Lib *lib = vdata; \
+			const Elf##B##_Lib *lib = vdata; \
 			printf("\n\t/%c section dump:\n", '*'); \
 			if (EGET(shdr->sh_entsize) < sizeof(*lib)) \
 				printf(" /* corrupt section ! */ "); \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2018-11-19 22:20 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2018-11-19 22:20 UTC (permalink / raw
  To: gentoo-commits

commit:     2acc5c3278354f56c70f9f48e66eb0203d5e8370
Author:     Oleksandr Natalenko <oleksandr <AT> natalenko <DOT> name>
AuthorDate: Sat Nov 17 14:43:09 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Nov 19 22:19:54 2018 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2acc5c32

lddtree.py: use errno properly

os.errno interface is removed [1], thus should not be used. In fact, it
is not used in other places of lddtree.py, so fix this one too, because
it breaks --copy-to-tree on systems with Python 3.7.

[1] https://bugs.python.org/issue33666

Bug: https://bugs.gentoo.org/671522
Signed-off-by: Oleksandr Natalenko <oleksandr <AT> natalenko.name>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 2bfaaae..66f5e01 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -122,7 +122,7 @@ def makedirs(path):
   try:
     os.makedirs(path)
   except OSError as e:
-    if e.errno != os.errno.EEXIST:
+    if e.errno != errno.EEXIST:
       raise
 
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2019-01-14 22:53 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2019-01-14 22:53 UTC (permalink / raw
  To: gentoo-commits

commit:     519f07f7f3bdb29382a0f1491f6fce0a07bbc4fc
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 14 22:35:29 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Jan 14 22:35:29 2019 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=519f07f7

security.c: whitelist ipc() syscall for fakeroot on ppc64 and friends

On amd64 and friends msgget() and similar syscalls are standalone syscalls.
On i386 and friends msgget() is a subcall of ipc() syscall.

This makes fakechroot break 'scanelf' as:
    $ LANG=C  fakeroot scanelf -t /bin/bash
    /usr/bin/fakeroot: line 178:  6820 Bad system call (core dumped)

The change whitelists ipc() call which allows all sysv syscalls, namely:
- semop, semget, semctl, semtimedop
- msgsnd, msgrcv, msgget, msgctl
- shmat, shmdt, shmget, shmctl

Reported-and-fixed-by: Samuel Holland
Bug: https://bugs.gentoo.org/675378
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 security.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/security.c b/security.c
index a86f375..78e04d4 100644
--- a/security.c
+++ b/security.c
@@ -162,6 +162,12 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(msgsnd),
 		SCMP_SYS(semget),
 		SCMP_SYS(semop),
+		/*
+		 * Some targets like ppc and i386 implement the above
+		 * syscall as subcalls via ipc() syscall.
+		 * https://bugs.gentoo.org/675378
+		 */
+		SCMP_SYS(ipc),
 	};
 	int fork_syscalls[] = {
 		SCMP_SYS(clone),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-02-16 10:17 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-02-16 10:17 UTC (permalink / raw
  To: gentoo-commits

commit:     badf3b23a4d17bfcd87cb855916d321c81868565
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 16 10:16:30 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Feb 16 10:16:30 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=badf3b23

dumpelf.c: add missing break when decoding SHT_GNU_LIBLIST

Detected by gcc-10 as:
```
dumpelf.c: In function 'dump_shdr':
dumpelf.c:462:4: warning: this statement may fall through [-Wimplicit-fallthrough=]
  462 |    printf("\t */\n"); \
      |    ^~~~~~~~~~~~~~~~~
```

Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dumpelf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dumpelf.c b/dumpelf.c
index 405beba..bc634f0 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -460,6 +460,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 					++lib; \
 				} \
 			printf("\t */\n"); \
+			break; \
 		} \
 		default: { \
 			if (be_verbose <= 1) \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-02-16 10:48 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-02-16 10:48 UTC (permalink / raw
  To: gentoo-commits

commit:     10d0713996478d544853f08b18c09d4b73d52d58
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 16 10:43:35 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Feb 16 10:43:35 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=10d07139

security.c: allow 'semtimedop' in seccomp sandbox (glibc-2.31)

glibc-2.31 switched semop() libc implementation from semop() to semtimedop()
in https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=765cdd0bffd77960a
("sysvipc: Implement semop based on semtimedop")

This caused pax-utils to fail under fakeroot as:

```
$ fakeroot scanelf -yqRBF '#k%F' -k '.symtab' /bin/bash
.../usr/bin/fakeroot: line 178: 103268 Bad system call ...

Program terminated with signal SIGSYS, Bad system call.
33      ../sysdeps/unix/sysv/linux/semtimedop.c: No such file or directory.
(gdb) bt
(gdb)
```

The change whitelists 'semtimedop' syscall.

Reported-by: Patrick McLean
Bug: https://bugs.gentoo.org/709794
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security.c b/security.c
index 78e04d4..c91e514 100644
--- a/security.c
+++ b/security.c
@@ -162,6 +162,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(msgsnd),
 		SCMP_SYS(semget),
 		SCMP_SYS(semop),
+		SCMP_SYS(semtimedop),
 		/*
 		 * Some targets like ppc and i386 implement the above
 		 * syscall as subcalls via ipc() syscall.


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-02-16 10:50 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-02-16 10:50 UTC (permalink / raw
  To: gentoo-commits

commit:     9ff8905cd95a43b9efd59a2d770a63428b171fe1
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 16 10:50:13 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Feb 16 10:50:13 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9ff8905c

lddtree.py: resolve python location through PATH

This allows running testsuite as-is on prefix.

Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 66f5e01..240418e 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
 # Copyright 2012-2014 Gentoo Foundation
 # Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-02-16 10:57 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-02-16 10:57 UTC (permalink / raw
  To: gentoo-commits

commit:     064415e877eb4e6db8e048899acf73eec3a0c059
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 16 10:56:38 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Feb 16 10:56:38 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=064415e8

Makefile.am: refresh against current gnulib

Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 Makefile.am | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 79e5ed1..f369f86 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -53,6 +53,7 @@ dist_man_MANS += \
 EXTRA_DIST += \
 	.depend \
 	.gitignore \
+	.pylintrc \
 	.travis.yml \
 	BUGS \
 	COPYING \
@@ -88,6 +89,7 @@ EXTRA_DIST += \
 	paxmacho.h \
 	porting.h \
 	pspax.c \
+	pylint \
 	scanelf.c \
 	scanmacho.c \
 	security.c \
@@ -95,10 +97,10 @@ EXTRA_DIST += \
 	symtree.sh \
 	tests/Makefile \
 	tests/lddtree/Makefile \
-	tests/lddtree/dotest.cmp \
-	tests/lddtree/dotest.py \
-	tests/lddtree/dotest.sfx \
-	tests/lddtree/dotest.sh \
+	tests/lddtree/dotest-cmp \
+	tests/lddtree/dotest-py \
+	tests/lddtree/dotest-sfx \
+	tests/lddtree/dotest-sh \
 	tests/lib.sh \
 	tests/scanelf/Makefile \
 	tests/scanelf/dotest \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-03-18 23:39 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-03-18 23:39 UTC (permalink / raw
  To: gentoo-commits

commit:     33f047637d8bc3c5d3d3faa37a8ad5b3f8825213
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 23:37:19 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 23:37:19 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=33f04763

scanelf.c: don't srash in -v mode on non-functions

Fix crash when running in verbose mode on bad files:
$ ./scanelf -T -v gdb

The file is taken from bug #713082.

Bug: https://bugs.gentoo.org/713082
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 scanelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 440a193..f99aa19 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -732,7 +732,7 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 			} else \
 				printf("(optimized out)"); \
 			printf(" [0x%lX]\n", (unsigned long)offset_tmp); \
-			if (be_verbose && objdump) { \
+			if (be_verbose && objdump && func) { \
 				Elf ## B ## _Addr end_addr = offset_tmp + EGET(func->st_size); \
 				char *sysbuf; \
 				int ret; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-03-19  0:00 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-03-19  0:00 UTC (permalink / raw
  To: gentoo-commits

commit:     79489b3450faac9ffcc0ffc55d57dacdfed897be
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 23:57:30 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 23:57:30 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=79489b34

scanelf.c: be more verbose at saying what all the addresses mean

Print out relocation type and explain addresses:

```
$ ./scanelf -T -v gdb
 TYPE   TEXTRELS FILE
  gdb: (memory/data?) [r_offset=0x0] r_type=0 in (optimized out?) [closest_prev_sym=0x0]
  gdb: (memory/data?) [r_offset=0x0] r_type=0 in (optimized out?) [closest_prev_sym=0x0]
  gdb: (memory/data?) [r_offset=0x0] r_type=0 in (optimized out?) [closest_prev_sym=0x0]
  gdb: (memory/data?) [r_offset=0x0] r_type=0 in (optimized out?) [closest_prev_sym=0x0]
  gdb: (memory/data?) [r_offset=0x0] r_type=0 in (optimized out?) [closest_prev_sym=0x0]
  gdb: (memory/data?) [r_offset=0x0] r_type=0 in (optimized out?) [closest_prev_sym=0x0]
```

Note: it's now more obvious that suspicious relocations are not real
and just zero-initialized leftovers of R_*_NONE type.

Bug: https://bugs.gentoo.org/713082
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 scanelf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index f99aa19..c2bda35 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -707,7 +707,8 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 				printf("%s", elf->data + EGET(strtab->sh_offset) + EGET(sym->st_name)); \
 			else \
 				printf("(memory/data?)"); \
-			printf(" [0x%lX]", (unsigned long)r_offset); \
+			printf(" [r_offset=0x%lX]", (unsigned long)r_offset); \
+			printf(" r_type=%lu", (unsigned long)ELF ## B ## _ST_TYPE(r_info)); \
 			/* now try to find the closest symbol that this rel is probably in */ \
 			sym = SYM ## B (elf->vdata + EGET(symtab->sh_offset)); \
 			func = NULL; \
@@ -730,8 +731,8 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 				} else \
 					printf("(missing symbols)"); \
 			} else \
-				printf("(optimized out)"); \
-			printf(" [0x%lX]\n", (unsigned long)offset_tmp); \
+				printf("(optimized out?)"); \
+			printf(" [closest_prev_sym=0x%lX]\n", (unsigned long)offset_tmp); \
 			if (be_verbose && objdump && func) { \
 				Elf ## B ## _Addr end_addr = offset_tmp + EGET(func->st_size); \
 				char *sysbuf; \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-03-26 17:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2020-03-26 17:09 UTC (permalink / raw
  To: gentoo-commits

commit:     f3771c85733121119db11be6424c8f46e21a288e
Author:     Manoj Gupta <manojgupta <AT> google <DOT> com>
AuthorDate: Sun Nov 17 03:05:42 2019 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Mar 26 17:09:11 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f3771c85

lddtree: Put ldso interpreter library path at end

Put ldso interpreter library path at end of libpaths search.
It is supposed to be a final fallback path in case library
search was incomplete.

As a side effect, it currently mitigates the incorrect
libbfd being loaded for aarch64 standalone toolchain.

Bug: https://crbug.com/917193
Reviewed-on: https://crrev.com/c/1920643
Signed-off-by: Manoj Gupta <manojgupta <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index f453d13..6e57a99 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -147,7 +147,8 @@ def GenerateLdsoWrapper(root, path, interp, libpaths=()):
   """
   basedir = os.path.dirname(path)
   interp_dir, interp_name = os.path.split(interp)
-  libpaths = dedupe([interp_dir] + list(libpaths))
+  # Add ldso interpreter dir to end of libpaths as a fallback library path.
+  libpaths = dedupe(list(libpaths) + [interp_dir])
   replacements = {
       'interp': os.path.join(os.path.relpath(interp_dir, basedir),
                              interp_name),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-03-26 17:09 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2020-03-26 17:09 UTC (permalink / raw
  To: gentoo-commits

commit:     36a01e9729cb7c54ce0c0c91095cf0b01c70f656
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Mar 26 16:55:52 2020 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Mar 26 17:09:02 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=36a01e97

pylintrc: enable more warnings

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .pylintrc  | 27 +++++++++++++++++++++++++++
 lddtree.py |  2 +-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/.pylintrc b/.pylintrc
index b58abfa..cf1379d 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -1,3 +1,16 @@
+[MASTER]
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+	pylint.extensions.bad_builtin,
+	pylint.extensions.check_elif,
+	pylint.extensions.docstyle,
+	pylint.extensions.emptystring,
+	pylint.extensions.overlapping_exceptions,
+	pylint.extensions.redefined_variable_type,
+
+jobs=0
+
 [MESSAGES CONTROL]
 # Disable the message, report, category or checker with the given id(s). You
 # can either give multiple identifier separated by comma (,) or put this option
@@ -19,11 +32,20 @@ disable=
 
 [REPORTS]
 reports=no
+score=no
 
 [FORMAT]
 max-line-length=80
 indent-string='  '
 
+[BASIC]
+bad-functions=
+	exit,
+	filter,
+	input,
+	map,
+	quit,
+
 [SIMILARITIES]
 min-similarity-lines=20
 
@@ -32,3 +54,8 @@ dummy-variables-rgx=_
 
 [DESIGN]
 max-parents=10
+
+[IMPORTS]
+deprecated-modules=
+	mox,
+	optparse,

diff --git a/lddtree.py b/lddtree.py
index 240418e..f453d13 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -195,7 +195,7 @@ def ParseLdPaths(str_ldpaths, root='', path=None):
   """
   ldpaths = []
   for ldpath in str_ldpaths.split(':'):
-    if ldpath == '':
+    if not ldpath:
       # The ldso treats "" paths as $PWD.
       ldpath = os.getcwd()
     elif '$ORIGIN' in ldpath:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-03-26 19:27 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2020-03-26 19:27 UTC (permalink / raw
  To: gentoo-commits

commit:     ee99e15a4f736fa57ce5877d7c8edab8ef85368f
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Mar 26 18:31:53 2020 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Mar 26 18:31:53 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ee99e15a

pylint: load python via $PATH

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pylint | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pylint b/pylint
index 0098e06..965537d 100755
--- a/pylint
+++ b/pylint
@@ -1,6 +1,6 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 """Run pylint with the right settings."""


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-04-06 18:00 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-04-06 18:00 UTC (permalink / raw
  To: gentoo-commits

commit:     b624f3ad5c41dfd246f5b31f02e843874850b49d
Author:     Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
AuthorDate: Mon Apr  6 03:00:02 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Apr  6 18:00:30 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b624f3ad

Add RISC-V to the list of architectures in ELF

Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 elf.h    | 3 ++-
 paxelf.c | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/elf.h b/elf.h
index fda7585..3627066 100644
--- a/elf.h
+++ b/elf.h
@@ -267,7 +267,8 @@ typedef struct
 #define EM_TILEPRO	188		/* Tilera TILEPro */
 #define EM_MICROBLAZE	189		/* Xilinx MicroBlaze */
 #define EM_TILEGX	191		/* Tilera TILE-Gx */
-#define EM_NUM		192
+#define EM_RISCV	243		/* RISC-V */
+#define EM_NUM		244
 
 /* If it is necessary to assign new unofficial EM_* values, please
    pick large random numbers (0x8523, 0xa7f2, etc.) to minimize the

diff --git a/paxelf.c b/paxelf.c
index dea3757..bbd38bf 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -276,6 +276,7 @@ static pairtype elf_emtypes[] = {
 	QUERY(EM_MICROBLAZE),
 	QUERY(EM_TILEGX),
 	QUERY(EM_ALPHA),
+	QUERY(EM_RISCV),
 	{ 0, 0 }
 };
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-04-13 10:41 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-04-13 10:41 UTC (permalink / raw
  To: gentoo-commits

commit:     686bd1cb140fa13652b4a0a209d616865b9265bc
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 13 10:36:13 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Apr 13 10:36:13 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=686bd1cb

security.c: allow 'statx' in seccomp sandbox (musl-1.1.24)

musl-1.1.24 starting from dfc81828f7ab41da08f744c
"implement fstatat with SYS_statx, conditional on undersized kstat time"

changed fstatat() to use statx().

This caused scanelf to crash under seccomp sandbox.

The change whitelists 'statx' syscall.

Bug: https://bugs.gentoo.org/717300
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security.c b/security.c
index c91e514..ab8a499 100644
--- a/security.c
+++ b/security.c
@@ -102,6 +102,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(lstat64),
 		SCMP_SYS(stat),
 		SCMP_SYS(stat64),
+		SCMP_SYS(statx),
 
 		/* Then the fd close func.  */
 		SCMP_SYS(close),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-08-14 22:17 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-08-14 22:17 UTC (permalink / raw
  To: gentoo-commits

commit:     9206a1f79eee279e4171bd2146fc70bff133cb31
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 22:13:32 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 22:13:32 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9206a1f7

lddtree.sh: drop /lib extraction heuristics

Avoid using 'strings' to extract libpaths.
Let's use hardcoded fallback values unconditionally
until we get more robust way to fetch default libpath.

Reported-by: Kent Fredric
Bug: https://bugs.gentoo.org/736601
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 lddtree.sh | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/lddtree.sh b/lddtree.sh
index 96163e3..b05ce19 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -118,7 +118,7 @@ find_elf() {
 			check_paths "${elf}" "${c_ldso_paths[@]}" && return 0
 		fi
 
-		check_paths "${elf}" ${lib_paths_ldso:-${lib_paths_fallback}} && return 0
+		check_paths "${elf}" ${lib_paths_fallback} && return 0
 	fi
 	return 1
 }
@@ -154,13 +154,6 @@ show_elf() {
 		else
 			printf " (interpreter => ${interp:-none})"
 		fi
-		if [[ -r ${interp} ]] ; then
-			# Extract the default lib paths out of the ldso.
-			lib_paths_ldso=$(
-				strings "${interp}" | \
-				sed -nr -e "/^\/.*lib/{s|^/?|${ROOT}|;s|/$||;s|/?:/?|\n${ROOT}|g;p}"
-			)
-		fi
 		full_interp=${interp}
 		interp=${interp##*/}
 		# If we are in non-list mode, then we want to show the "duplicate" interp
@@ -235,7 +228,6 @@ ${SET_X} && set -x
 
 ret=0
 for elf ; do
-	unset lib_paths_ldso
 	unset c_last_needed_by
 	if ${AUTO_ROOT} && [[ ${elf} == /* ]] ; then
 		elf="${ROOT}${elf#/}"


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-10-05 17:46 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-10-05 17:46 UTC (permalink / raw
  To: gentoo-commits

commit:     502af75f9a367f5a7fb916055bb53caedd4f1267
Author:     Georg Brandl <georg <AT> python <DOT> org>
AuthorDate: Mon Oct  5 16:36:37 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Oct  5 17:45:37 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=502af75f

Fix typo in module docstring

Closes: https://github.com/gentoo/pax-utils/pull/4
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 6e57a99..141195b 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -9,7 +9,7 @@
 """Read the ELF dependency tree and show it
 
 This does not work like `ldd` in that we do not execute/load code (only read
-files on disk), and we should the ELFs as a tree rather than a flat list.
+files on disk), and we show the ELFs as a tree rather than a flat list.
 
 Paths may be globs that lddtree will take care of expanding.
 Useful when you want to glob a path under the ROOT path.


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2020-12-20 19:53 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2020-12-20 19:53 UTC (permalink / raw
  To: gentoo-commits

commit:     49aec7e90e01bc4693e3f9bc976dd417e2d2247e
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 20 19:52:04 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Dec 20 19:52:04 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=49aec7e9

BUGS: update email addresses

Reported-by: Leah Neukirchen <leah <AT> vuxu.org>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 BUGS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/BUGS b/BUGS
index 2df43a4..29bf5ce 100644
--- a/BUGS
+++ b/BUGS
@@ -14,5 +14,6 @@ REPORTING BUGS
 --------------
 
 e-mail us:
-solar@gentoo.org
+slyfox@gentoo.org
 vapier@gentoo.org
+toolchain@gentoo.org


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-01-01 14:08 Fabian Groffen
  0 siblings, 0 replies; 253+ messages in thread
From: Fabian Groffen @ 2021-01-01 14:08 UTC (permalink / raw
  To: gentoo-commits

commit:     48ab29bc4227b69c55eb50190ecf73d569c114e9
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  1 14:05:34 2021 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jan  1 14:05:34 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=48ab29bc

{,pax}macho: add support for arm64 arch

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 macho.h    | 3 ++-
 paxmacho.c | 7 +++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/macho.h b/macho.h
index 09caba1..7457473 100644
--- a/macho.h
+++ b/macho.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2012 Gentoo Foundation
+ * Copyright 2008-2021 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  */
 
@@ -128,6 +128,7 @@ struct mach_header_64
 /* cputype */
 #define CPU_TYPE_POWERPC64  (CPU_TYPE_POWERPC | CPU_ARCH_ABI64)
 #define CPU_TYPE_X86_64     (CPU_TYPE_I386 | CPU_ARCH_ABI64)
+#define CPU_TYPE_ARM64      (CPU_TYPE_ARM | CPU_ARCH_ABI64)
 
 struct load_command
 {

diff --git a/paxmacho.c b/paxmacho.c
index 638453a..74f02da 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -1,10 +1,10 @@
 /*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2021 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
  * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
- *           2008-2012 Fabian Groffen  - <grobian@gentoo.org>
+ *           2008-2021 Fabian Groffen  - <grobian@gentoo.org>
  */
 
 #include "paxinc.h"
@@ -17,6 +17,7 @@ static const char STR_PPC64[]   = "ppc64";
 static const char STR_I386[]    = "i386";
 static const char STR_X86_64[]  = "x86_64";
 static const char STR_ARM[]     = "arm"; /* iPhone */
+static const char STR_ARM64[]   = "arm64"; /* Apple M1 */
 static const char STR_UNKNOWN[] = "unknown";
 
 #define QUERY(n) { #n, n }
@@ -95,6 +96,7 @@ static pairtype macho_cputype[] = {
 	QUERY(CPU_TYPE_ARM),
 	QUERY(CPU_TYPE_POWERPC64),
 	QUERY(CPU_TYPE_X86_64),
+	QUERY(CPU_TYPE_ARM64),
 	{ 0, 0 }
 };
 const char *get_machocputype(fatobj *fobj)
@@ -383,6 +385,7 @@ const char *get_machomtype(fatobj *fobj)
 		case CPU_TYPE_ARM:       return STR_ARM;
 		case CPU_TYPE_POWERPC64: return STR_PPC64;
 		case CPU_TYPE_X86_64:    return STR_X86_64;
+		case CPU_TYPE_ARM64:     return STR_ARM64;
 		default:                 return STR_UNKNOWN;
 	}
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-01-01 14:08 Fabian Groffen
  0 siblings, 0 replies; 253+ messages in thread
From: Fabian Groffen @ 2021-01-01 14:08 UTC (permalink / raw
  To: gentoo-commits

commit:     8a389efbb1b504de7964ab093af1d528da7ebf3b
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  1 14:06:22 2021 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jan  1 14:06:22 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8a389efb

scanmacho: add support for dumping UUIDs

Add flag -U/--uuid to dump the object's UUID.

(This is in particular useful when comparing against TextAPI stubs,
.tbd files.)

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 macho.h     |  6 ++++++
 scanmacho.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/macho.h b/macho.h
index 7457473..79da151 100644
--- a/macho.h
+++ b/macho.h
@@ -258,6 +258,12 @@ struct rpath_command {
     union lc_str path;
 };
 
+struct uuid_command {
+    uint32_t cmd;
+    uint32_t cmdsize;
+    uint8_t uuid[16];
+};
+
 struct fat_header
 {
 	uint32_t magic;

diff --git a/scanmacho.c b/scanmacho.c
index 71b1593..e2aa485 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -1,12 +1,12 @@
 /*
- * Copyright 2008-2012 Gentoo Foundation
+ * Copyright 2008-2021 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * based on scanelf by:
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
  * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
  * for Darwin specific fun:
- *           2008-2013 Fabian Groffen  - <grobian@gentoo.org>
+ *           2008-2021 Fabian Groffen  - <grobian@gentoo.org>
  */
 
 const char argv0[] = "scanmacho";
@@ -37,6 +37,7 @@ static char show_rpath = 0;
 static char show_needed = 0;
 static char show_interp = 0;
 static char show_bind = 0;
+static char show_uuid = 0;
 static char show_soname = 0;
 static char show_banner = 1;
 static char show_endian = 0;
@@ -181,18 +182,54 @@ static char *macho_file_soname(fatobj *fobj, char *found_soname)
 	return NULL;
 }
 
+static char *macho_file_uuid(fatobj *fobj, char *found_uuid)
+{
+	loadcmd *lcmd;
+	uint32_t lc_uuid;
+	static char uuid_buf[32 + 4 + 1];
+
+	if (!show_uuid)
+		return NULL;
+
+	lcmd = firstloadcmd(fobj);
+	lc_uuid = MGET(fobj->swapped, LC_UUID);
+
+	do {
+		if (lcmd->lcmd->cmd == lc_uuid) {
+			struct uuid_command *ucmd = lcmd->data;
+			unsigned char *uuid;
+			uuid = (unsigned char *)(ucmd->uuid);
+			*found_uuid = 1;
+			free(lcmd);
+			if (be_wewy_wewy_quiet)
+				return NULL;
+			snprintf(uuid_buf, sizeof(uuid_buf),
+					"%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-"
+					"%02x%02x%02x%02x%02x%02x",
+					uuid[0], uuid[1], uuid[2], uuid[3],
+					uuid[4], uuid[5],
+					uuid[6], uuid[7],
+					uuid[8], uuid[9],
+					uuid[10], uuid[11], uuid[12], uuid[13], uuid[14], uuid[15]);
+			return uuid_buf;
+		}
+	} while (nextloadcmd(lcmd));
+
+	return NULL;
+}
+
 /* scan a macho file and show all the fun stuff */
 #define prints(str) ({ ssize_t ret = write(fileno(stdout), str, strlen(str)); ret; })
 static int scanmacho_fatobj(fatobj *fobj)
 {
 	unsigned long i;
 	char found_rpath, found_needed, found_interp, found_soname,
-		 found_lib, found_file;
+		 found_lib, found_file, found_uuid;
 	static char *out_buffer = NULL;
 	static size_t out_len;
 
 	found_rpath = found_needed = found_interp = found_soname = \
-	found_lib = found_file = 0;
+	found_lib = found_file = found_uuid = 0;
 
 	if (be_verbose > 2)
 		printf("%s: scanning file {%s,%s}\n", fobj->filename,
@@ -228,6 +265,7 @@ static int scanmacho_fatobj(fatobj *fobj)
 			case 'b': prints("FLAGS "); break;
 			case 'Z': prints("SIZE "); break;
 			case 'S': prints("INSTALLNAME "); break;
+			case 'U': prints("UUID "); break;
 			case 'N': prints("LIB "); break;
 			case 'a': prints("ARCH "); break;
 			case 'O': prints("PERM "); break;
@@ -293,6 +331,7 @@ static int scanmacho_fatobj(fatobj *fobj)
 		case 'i': out = macho_file_interp(fobj, &found_interp); break;
 		case 'b': get_machomhflags(fobj, &out_buffer, &out_len); break;
 		case 'S': out = macho_file_soname(fobj, &found_soname); break;
+		case 'U': out = macho_file_uuid(fobj, &found_uuid); break;
 		case 'a': out = get_machomtype(fobj); break;
 		case 'Z': snprintf(ubuf, sizeof(ubuf), "%llu", (unsigned long long int)fobj->len); out = ubuf; break;;
 		default: warnf("'%c' has no scan code?", out_format[i]);
@@ -532,8 +571,8 @@ static void scanmacho_envpath(void)
 	free(path);
 }
 
-/* usage / invocation handling functions */ /* Free Flags: c d e j k l s t u w x z G H I J K L P Q T U W X Y */
-#define PARSE_FLAGS "pRmyArnibSN:gE:M:DO:ZaqvF:f:o:CBhV"
+/* usage / invocation handling functions */ /* Free Flags: c d e j k l s t u w x z G H I J K L P Q T W X Y */
+#define PARSE_FLAGS "pRmyArnibSUN:gE:M:DO:ZaqvF:f:o:CBhV"
 #define a_argument required_argument
 static struct option const long_opts[] = {
 	{"path",      no_argument, NULL, 'p'},
@@ -546,6 +585,7 @@ static struct option const long_opts[] = {
 	{"interp",    no_argument, NULL, 'i'},
 	{"bind",      no_argument, NULL, 'b'},
 	{"soname",    no_argument, NULL, 'S'},
+	{"uuid",      no_argument, NULL, 'U'},
 	{"lib",        a_argument, NULL, 'N'},
 	{"gmatch",    no_argument, NULL, 'g'},
 	{"etype",      a_argument, NULL, 'E'},
@@ -577,6 +617,7 @@ static const char * const opts_help[] = {
 	"Print LC_LOAD_DYLINKER information (ELF: INTERP)",
 	"Print flags from mach_header (ELF: BIND)",
 	"Print LC_ID_DYLIB information (ELF: SONAME)",
+	"Print LC_UUID information",
 	"Find a specified library",
 	"Use strncmp to match libraries. (use with -N)",
 	"Print only Mach-O files matching mach_header\n"
@@ -678,6 +719,7 @@ static int parseargs(int argc, char *argv[])
 		case 'i': show_interp = 1; break;
 		case 'b': show_bind = 1; break;
 		case 'S': show_soname = 1; break;
+		case 'U': show_uuid = 1; break;
 		case 'q': be_quiet = 1; break;
 		case 'v': be_verbose = (be_verbose % 20) + 1; break;
 		case 'a': show_perms = show_endian = show_bind = 1; break;
@@ -717,6 +759,7 @@ static int parseargs(int argc, char *argv[])
 			case 'i': show_interp = 1; break;
 			case 'b': show_bind = 1; break;
 			case 'S': show_soname = 1; break;
+			case 'U': show_uuid = 1; break;
 			default:
 				err("Invalid format specifier '%c' (byte %i)",
 				    out_format[i], i+1);
@@ -738,6 +781,7 @@ static int parseargs(int argc, char *argv[])
 		if (show_interp)   xstrcat(&out_format, "%i ", &fmt_len);
 		if (show_bind)     xstrcat(&out_format, "%b ", &fmt_len);
 		if (show_soname)   xstrcat(&out_format, "%S ", &fmt_len);
+		if (show_uuid)     xstrcat(&out_format, "%U ", &fmt_len);
 		if (find_lib)      xstrcat(&out_format, "%N ", &fmt_len);
 		if (!be_quiet)     xstrcat(&out_format, "%F ", &fmt_len);
 	}


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-02-03 19:46 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-02-03 19:46 UTC (permalink / raw
  To: gentoo-commits

commit:     e2378b8c6bef5d94805444797e7fe35c07f54783
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 19:44:37 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 19:44:37 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e2378b8c

security.c: allow faccessat2 syscall in seccomt filters

Under glibc-2.33 sandox uses faccessat2 to stat symlinks.

Reported-by: Cănărău Constantin
Bug: https://bugs.gentoo.org/768435
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security.c b/security.c
index ab8a499..8315023 100644
--- a/security.c
+++ b/security.c
@@ -156,6 +156,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(readlink),
 		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
+		SCMP_SYS(faccessat2),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-02-03 20:17 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-02-03 20:17 UTC (permalink / raw
  To: gentoo-commits

commit:     e6bcbe9913d50e55c6208171778352eee6b6d399
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 20:11:49 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 20:16:43 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e6bcbe99

Revert "security.c: allow faccessat2 syscall in seccomt filters"

libseccomp does not yet provide faccessat2. I tested the commit
without seccomp enabled.

This reverts commit e2378b8c6bef5d94805444797e7fe35c07f54783.

Bug: https://bugs.gentoo.org/768435
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 security.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security.c b/security.c
index 8315023..ab8a499 100644
--- a/security.c
+++ b/security.c
@@ -156,7 +156,6 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(readlink),
 		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
-		SCMP_SYS(faccessat2),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-02-03 20:41 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-02-03 20:41 UTC (permalink / raw
  To: gentoo-commits

commit:     3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 20:40:12 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 20:40:12 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=3c57b08c

security.c: allow faccessat2 syscall in seccomt filters (take 2)

Under glibc-2.33 sandox uses faccessat2 to stat symlinks.

Unfortunately libseccomp does not yet provide syscall definition
for faccessat2. Define it locally.

Reported-by: Cănărău Constantin
Bug: https://bugs.gentoo.org/768435
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 security.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security.c b/security.c
index ab8a499..802e586 100644
--- a/security.c
+++ b/security.c
@@ -156,6 +156,11 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(readlink),
 		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
+		#ifndef __SNR_faccessat2
+		/* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */
+		#    define __SNR_faccessat2 __NR_faccessat2
+		#endif
+		SCMP_SYS(faccessat2),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-02-04 18:51 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-02-04 18:51 UTC (permalink / raw
  To: gentoo-commits

commit:     abf2a4a77305e9c2a9f5500712edba89b8f95ed5
Author:     OBATA Akio <obache <AT> wizdas <DOT> com>
AuthorDate: Thu Feb  4 18:50:36 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Feb  4 18:50:36 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=abf2a4a7

glob is used in paxldso.c for NetBSD too, but glob.h is not included in
porting.h for NetBSD.

Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 porting.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/porting.h b/porting.h
index 636e862..17bbbbc 100644
--- a/porting.h
+++ b/porting.h
@@ -61,7 +61,7 @@
 # include <machine/endian.h>
 #endif
 
-#if defined(__GLIBC__) || defined(__UCLIBC__)
+#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
 # include <glob.h>
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-02-26 11:51 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-02-26 11:51 UTC (permalink / raw
  To: gentoo-commits

commit:     b93a9c64ca2a19e1b9b97f66a4425c0ed7e4cd22
Author:     David Lamparter <equinox <AT> diac24 <DOT> net>
AuthorDate: Fri Feb 26 08:48:58 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Feb 26 11:50:22 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b93a9c64

pspax: replace deprecated capgetp()

This doesn't actually show any process having any capabilities for some
reason; everything lists "=ep".  Not sure what's going on there, but
capgetp() is marked as deprecated anyways, and cap_get_pid() seems to
actually work correctly.

Signed-off-by: David Lamparter <equinox <AT> diac24.net>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 pspax.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pspax.c b/pspax.c
index 52bdd8d..6094882 100644
--- a/pspax.c
+++ b/pspax.c
@@ -413,7 +413,7 @@ static void pspax(const char *find_name)
 
 		/* this is a non-POSIX function */
 		caps = NULL;
-		WRAP_SYSCAP(capgetp(pfd, cap_d));
+		WRAP_SYSCAP(cap_d = cap_get_pid(pid));
 		WRAP_SYSCAP(caps = cap_to_text(cap_d, &length));
 
 		if (pwd && strlen(pwd->pw_name) >= 8)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  0:48 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  0:48 UTC (permalink / raw
  To: gentoo-commits

commit:     9a9adbf228320fdc135ad1457bb8bf586c71279c
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Mar 26 18:32:57 2020 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Apr 15 23:10:24 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9a9adbf2

pylintrc: adjust python code to 4 space indent

This aligns with the latest Google/PEP standards.
This doesn't add any pylint warnings as we've been disabling long
lines in here for a long time.  We don't do any other reformatting
to try and cut down on git log/diff noise.

Looking at this with --word-diff=color shows only whitespace changes.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .pylintrc  |    2 +-
 lddtree.py | 1270 ++++++++++++++++++++++++++++++------------------------------
 pylint     |   46 +--
 3 files changed, 659 insertions(+), 659 deletions(-)

diff --git a/.pylintrc b/.pylintrc
index cf1379d..577641f 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -36,7 +36,7 @@ score=no
 
 [FORMAT]
 max-line-length=80
-indent-string='  '
+indent-string = '    '
 
 [BASIC]
 bad-functions=

diff --git a/lddtree.py b/lddtree.py
index 141195b..cdb3f1c 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -55,107 +55,107 @@ from elftools.common import exceptions
 
 
 def warn(msg, prefix='warning'):
-  """Write |msg| to stderr with a |prefix| before it"""
-  print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr)
+    """Write |msg| to stderr with a |prefix| before it"""
+    print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr)
 
 
 def err(msg, status=1):
-  """Write |msg| to stderr and exit with |status|"""
-  warn(msg, prefix='error')
-  sys.exit(status)
+    """Write |msg| to stderr and exit with |status|"""
+    warn(msg, prefix='error')
+    sys.exit(status)
 
 
 def dbg(debug, *args, **kwargs):
-  """Pass |args| and |kwargs| to print() when |debug| is True"""
-  if debug:
-    print(*args, **kwargs)
+    """Pass |args| and |kwargs| to print() when |debug| is True"""
+    if debug:
+        print(*args, **kwargs)
 
 
 def bstr(buf):
-  """Decode the byte string into a string"""
-  if isinstance(buf, str):
-    return buf
-  return buf.decode('utf-8')
+    """Decode the byte string into a string"""
+    if isinstance(buf, str):
+        return buf
+    return buf.decode('utf-8')
 
 
 def normpath(path):
-  """Normalize a path
+    """Normalize a path
 
-  Python's os.path.normpath() doesn't handle some cases:
-    // -> //
-    //..// -> //
-    //..//..// -> ///
-  """
-  return os.path.normpath(path).replace('//', '/')
+    Python's os.path.normpath() doesn't handle some cases:
+      // -> //
+      //..// -> //
+      //..//..// -> ///
+    """
+    return os.path.normpath(path).replace('//', '/')
 
 
 def readlink(path, root, prefixed=False):
-  """Like os.readlink(), but relative to a |root|
+    """Like os.readlink(), but relative to a |root|
 
-  This does not currently handle the pathological case:
-    /lib/foo.so -> ../../../../../../../foo.so
-  This relies on the .. entries in / to point to itself.
+    This does not currently handle the pathological case:
+      /lib/foo.so -> ../../../../../../../foo.so
+    This relies on the .. entries in / to point to itself.
 
-  Args:
-    path: The symlink to read
-    root: The path to use for resolving absolute symlinks
-    prefixed: When False, the |path| must not have |root| prefixed to it, nor
-              will the return value have |root| prefixed.  When True, |path|
-              must have |root| prefixed, and the return value will have |root|
-              added.
+    Args:
+      path: The symlink to read
+      root: The path to use for resolving absolute symlinks
+      prefixed: When False, the |path| must not have |root| prefixed to it, nor
+          will the return value have |root| prefixed.  When True, |path|
+          must have |root| prefixed, and the return value will have |root|
+          added.
 
-  Returns:
-    A fully resolved symlink path
-  """
-  root = root.rstrip('/')
-  if prefixed:
-    path = path[len(root):]
+    Returns:
+      A fully resolved symlink path
+    """
+    root = root.rstrip('/')
+    if prefixed:
+        path = path[len(root):]
 
-  while os.path.islink(root + path):
-    path = os.path.join(os.path.dirname(path), os.readlink(root + path))
+    while os.path.islink(root + path):
+        path = os.path.join(os.path.dirname(path), os.readlink(root + path))
 
-  return normpath((root + path) if prefixed else path)
+    return normpath((root + path) if prefixed else path)
 
 
 def makedirs(path):
-  """Like os.makedirs(), but ignore EEXIST errors"""
-  try:
-    os.makedirs(path)
-  except OSError as e:
-    if e.errno != errno.EEXIST:
-      raise
+    """Like os.makedirs(), but ignore EEXIST errors"""
+    try:
+        os.makedirs(path)
+    except OSError as e:
+        if e.errno != errno.EEXIST:
+            raise
 
 
 def dedupe(items):
-  """Remove all duplicates from |items| (keeping order)"""
-  seen = {}
-  return [seen.setdefault(x, x) for x in items if x not in seen]
+    """Remove all duplicates from |items| (keeping order)"""
+    seen = {}
+    return [seen.setdefault(x, x) for x in items if x not in seen]
 
 
 def GenerateLdsoWrapper(root, path, interp, libpaths=()):
-  """Generate a shell script wrapper which uses local ldso to run the ELF
-
-  Since we cannot rely on the host glibc (or other libraries), we need to
-  execute the local packaged ldso directly and tell it where to find our
-  copies of libraries.
-
-  Args:
-    root: The root tree to generate scripts inside of
-    path: The full path (inside |root|) to the program to wrap
-    interp: The ldso interpreter that we need to execute
-    libpaths: Extra lib paths to search for libraries
-  """
-  basedir = os.path.dirname(path)
-  interp_dir, interp_name = os.path.split(interp)
-  # Add ldso interpreter dir to end of libpaths as a fallback library path.
-  libpaths = dedupe(list(libpaths) + [interp_dir])
-  replacements = {
-      'interp': os.path.join(os.path.relpath(interp_dir, basedir),
-                             interp_name),
-      'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
-                            for p in libpaths]),
-  }
-  wrapper = """#!/bin/sh
+    """Generate a shell script wrapper which uses local ldso to run the ELF
+
+    Since we cannot rely on the host glibc (or other libraries), we need to
+    execute the local packaged ldso directly and tell it where to find our
+    copies of libraries.
+
+    Args:
+      root: The root tree to generate scripts inside of
+      path: The full path (inside |root|) to the program to wrap
+      interp: The ldso interpreter that we need to execute
+      libpaths: Extra lib paths to search for libraries
+    """
+    basedir = os.path.dirname(path)
+    interp_dir, interp_name = os.path.split(interp)
+    # Add ldso interpreter dir to end of libpaths as a fallback library path.
+    libpaths = dedupe(list(libpaths) + [interp_dir])
+    replacements = {
+        'interp': os.path.join(os.path.relpath(interp_dir, basedir),
+                               interp_name),
+        'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
+                              for p in libpaths]),
+    }
+    wrapper = """#!/bin/sh
 if ! base=$(realpath "$0" 2>/dev/null); then
   case $0 in
   /*) base=$0;;
@@ -171,635 +171,635 @@ exec \
   "${base}.elf" \
   "$@"
 """
-  wrappath = root + path
-  os.rename(wrappath, wrappath + '.elf')
-  with open(wrappath, 'w') as f:
-    f.write(wrapper % replacements)
-  os.chmod(wrappath, 0o0755)
+    wrappath = root + path
+    os.rename(wrappath, wrappath + '.elf')
+    with open(wrappath, 'w') as f:
+        f.write(wrapper % replacements)
+    os.chmod(wrappath, 0o0755)
 
 
 def ParseLdPaths(str_ldpaths, root='', path=None):
-  """Parse the colon-delimited list of paths and apply ldso rules to each
-
-  Note the special handling as dictated by the ldso:
-   - Empty paths are equivalent to $PWD
-   - $ORIGIN is expanded to the path of the given file
-   - (TODO) $LIB and friends
-
-  Args:
-    str_ldpaths: A colon-delimited string of paths
-    root: The path to prepend to all paths found
-    path: The object actively being parsed (used for $ORIGIN)
-
-  Returns:
-    list of processed paths
-  """
-  ldpaths = []
-  for ldpath in str_ldpaths.split(':'):
-    if not ldpath:
-      # The ldso treats "" paths as $PWD.
-      ldpath = os.getcwd()
-    elif '$ORIGIN' in ldpath:
-      ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path))
-    else:
-      ldpath = root + ldpath
-    ldpaths.append(normpath(ldpath))
-  return dedupe(ldpaths)
+    """Parse the colon-delimited list of paths and apply ldso rules to each
+
+    Note the special handling as dictated by the ldso:
+     - Empty paths are equivalent to $PWD
+     - $ORIGIN is expanded to the path of the given file
+     - (TODO) $LIB and friends
+
+    Args:
+      str_ldpaths: A colon-delimited string of paths
+      root: The path to prepend to all paths found
+      path: The object actively being parsed (used for $ORIGIN)
+
+    Returns:
+      list of processed paths
+    """
+    ldpaths = []
+    for ldpath in str_ldpaths.split(':'):
+        if not ldpath:
+            # The ldso treats "" paths as $PWD.
+            ldpath = os.getcwd()
+        elif '$ORIGIN' in ldpath:
+            ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path))
+        else:
+            ldpath = root + ldpath
+        ldpaths.append(normpath(ldpath))
+    return dedupe(ldpaths)
 
 
 def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
-  """Load all the paths from a given ldso config file
-
-  This should handle comments, whitespace, and "include" statements.
-
-  Args:
-    ldso_conf: The file to scan
-    root: The path to prepend to all paths found
-    debug: Enable debug output
-    _first: Recursive use only; is this the first ELF ?
-
-  Returns:
-    list of paths found
-  """
-  paths = []
-
-  dbg_pfx = '' if _first else '  '
-  try:
-    dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf))
-    with open(ldso_conf) as f:
-      for line in f.readlines():
-        line = line.split('#', 1)[0].strip()
-        if not line:
-          continue
-        if line.startswith('include '):
-          line = line[8:]
-          if line[0] == '/':
-            line = root + line.lstrip('/')
-          else:
-            line = os.path.dirname(ldso_conf) + '/' + line
-          dbg(debug, '%s  glob: %s' % (dbg_pfx, line))
-          # ldconfig in glibc uses glob() which returns entries sorted according
-          # to LC_COLLATE.  Further, ldconfig does not reset that but respects
-          # the active env settings (which might be a mistake).  Python does not
-          # sort its results by default though, so do it ourselves.
-          for path in sorted(glob.glob(line)):
-            paths += ParseLdSoConf(path, root=root, debug=debug, _first=False)
-        else:
-          paths += [normpath(root + line)]
-  except IOError as e:
-    if e.errno != errno.ENOENT:
-      warn(e)
+    """Load all the paths from a given ldso config file
+
+    This should handle comments, whitespace, and "include" statements.
 
-  if _first:
-    # XXX: Load paths from ldso itself.
-    # Remove duplicate entries to speed things up.
-    paths = dedupe(paths)
+    Args:
+      ldso_conf: The file to scan
+      root: The path to prepend to all paths found
+      debug: Enable debug output
+      _first: Recursive use only; is this the first ELF ?
 
-  return paths
+    Returns:
+      list of paths found
+    """
+    paths = []
+
+    dbg_pfx = '' if _first else '  '
+    try:
+        dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf))
+        with open(ldso_conf) as f:
+            for line in f.readlines():
+                line = line.split('#', 1)[0].strip()
+                if not line:
+                    continue
+                if line.startswith('include '):
+                    line = line[8:]
+                    if line[0] == '/':
+                        line = root + line.lstrip('/')
+                    else:
+                        line = os.path.dirname(ldso_conf) + '/' + line
+                    dbg(debug, '%s  glob: %s' % (dbg_pfx, line))
+                    # ldconfig in glibc uses glob() which returns entries sorted according
+                    # to LC_COLLATE.  Further, ldconfig does not reset that but respects
+                    # the active env settings (which might be a mistake).  Python does not
+                    # sort its results by default though, so do it ourselves.
+                    for path in sorted(glob.glob(line)):
+                        paths += ParseLdSoConf(path, root=root, debug=debug, _first=False)
+                else:
+                    paths += [normpath(root + line)]
+    except IOError as e:
+        if e.errno != errno.ENOENT:
+            warn(e)
+
+    if _first:
+        # XXX: Load paths from ldso itself.
+        # Remove duplicate entries to speed things up.
+        paths = dedupe(paths)
+
+    return paths
 
 
 def LoadLdpaths(root='/', prefix='', debug=False):
-  """Load linker paths from common locations
-
-  This parses the ld.so.conf and LD_LIBRARY_PATH env var.
-
-  Args:
-    root: The root tree to prepend to paths
-    prefix: The path under |root| to search
-    debug: Enable debug output
-
-  Returns:
-    dict containing library paths to search
-  """
-  ldpaths = {
-      'conf': [],
-      'env': [],
-      'interp': [],
-  }
-
-  # Load up $LD_LIBRARY_PATH.
-  ldpaths['env'] = []
-  env_ldpath = os.environ.get('LD_LIBRARY_PATH')
-  if not env_ldpath is None:
-    if root != '/':
-      warn('ignoring LD_LIBRARY_PATH due to ROOT usage')
-    else:
-      # XXX: If this contains $ORIGIN, we probably have to parse this
-      # on a per-ELF basis so it can get turned into the right thing.
-      ldpaths['env'] = ParseLdPaths(env_ldpath, path='')
+    """Load linker paths from common locations
+
+    This parses the ld.so.conf and LD_LIBRARY_PATH env var.
+
+    Args:
+      root: The root tree to prepend to paths
+      prefix: The path under |root| to search
+      debug: Enable debug output
+
+    Returns:
+      dict containing library paths to search
+    """
+    ldpaths = {
+        'conf': [],
+        'env': [],
+        'interp': [],
+    }
 
-  # Load up /etc/ld.so.conf.
-  ldpaths['conf'] = ParseLdSoConf(root + prefix + '/etc/ld.so.conf', root=root,
-                                  debug=debug)
+    # Load up $LD_LIBRARY_PATH.
+    ldpaths['env'] = []
+    env_ldpath = os.environ.get('LD_LIBRARY_PATH')
+    if not env_ldpath is None:
+        if root != '/':
+            warn('ignoring LD_LIBRARY_PATH due to ROOT usage')
+        else:
+            # XXX: If this contains $ORIGIN, we probably have to parse this
+            # on a per-ELF basis so it can get turned into the right thing.
+            ldpaths['env'] = ParseLdPaths(env_ldpath, path='')
+
+    # Load up /etc/ld.so.conf.
+    ldpaths['conf'] = ParseLdSoConf(root + prefix + '/etc/ld.so.conf', root=root,
+                                    debug=debug)
 
-  return ldpaths
+    return ldpaths
 
 
 def CompatibleELFs(elf1, elf2):
-  """See if two ELFs are compatible
+    """See if two ELFs are compatible
 
-  This compares the aspects of the ELF to see if they're compatible:
-  bit size, endianness, machine type, and operating system.
+    This compares the aspects of the ELF to see if they're compatible:
+    bit size, endianness, machine type, and operating system.
 
-  Args:
-    elf1: an ELFFile object
-    elf2: an ELFFile object
+    Args:
+      elf1: an ELFFile object
+      elf2: an ELFFile object
 
-  Returns:
-    True if compatible, False otherwise
-  """
-  osabis = frozenset([e.header['e_ident']['EI_OSABI'] for e in (elf1, elf2)])
-  compat_sets = (
-      frozenset('ELFOSABI_%s' % x for x in ('NONE', 'SYSV', 'GNU', 'LINUX',)),
-  )
-  return ((len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets)) and
-          elf1.elfclass == elf2.elfclass and
-          elf1.little_endian == elf2.little_endian and
-          elf1.header['e_machine'] == elf2.header['e_machine'])
+    Returns:
+      True if compatible, False otherwise
+    """
+    osabis = frozenset([e.header['e_ident']['EI_OSABI'] for e in (elf1, elf2)])
+    compat_sets = (
+        frozenset('ELFOSABI_%s' % x for x in ('NONE', 'SYSV', 'GNU', 'LINUX',)),
+    )
+    return ((len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets)) and
+            elf1.elfclass == elf2.elfclass and
+            elf1.little_endian == elf2.little_endian and
+            elf1.header['e_machine'] == elf2.header['e_machine'])
 
 
 def FindLib(elf, lib, ldpaths, root='/', debug=False):
-  """Try to locate a |lib| that is compatible to |elf| in the given |ldpaths|
-
-  Args:
-    elf: The elf which the library should be compatible with (ELF wise)
-    lib: The library (basename) to search for
-    ldpaths: A list of paths to search
-    root: The root path to resolve symlinks
-    debug: Enable debug output
-
-  Returns:
-    Tuple of the full path to the desired library and the real path to it
-  """
-  dbg(debug, '  FindLib(%s)' % lib)
-
-  for ldpath in ldpaths:
-    path = os.path.join(ldpath, lib)
-    target = readlink(path, root, prefixed=True)
-    if path != target:
-      dbg(debug, '    checking: %s -> %s' % (path, target))
-    else:
-      dbg(debug, '    checking:', path)
+    """Try to locate a |lib| that is compatible to |elf| in the given |ldpaths|
+
+    Args:
+      elf: The elf which the library should be compatible with (ELF wise)
+      lib: The library (basename) to search for
+      ldpaths: A list of paths to search
+      root: The root path to resolve symlinks
+      debug: Enable debug output
+
+    Returns:
+      Tuple of the full path to the desired library and the real path to it
+    """
+    dbg(debug, '  FindLib(%s)' % lib)
+
+    for ldpath in ldpaths:
+        path = os.path.join(ldpath, lib)
+        target = readlink(path, root, prefixed=True)
+        if path != target:
+            dbg(debug, '    checking: %s -> %s' % (path, target))
+        else:
+            dbg(debug, '    checking:', path)
 
-    if os.path.exists(target):
-      with open(target, 'rb') as f:
-        try:
-          libelf = ELFFile(f)
-          if CompatibleELFs(elf, libelf):
-            return (target, path)
-        except exceptions.ELFError as e:
-          warn('%s: %s' % (target, e))
+        if os.path.exists(target):
+            with open(target, 'rb') as f:
+                try:
+                    libelf = ELFFile(f)
+                    if CompatibleELFs(elf, libelf):
+                        return (target, path)
+                except exceptions.ELFError as e:
+                    warn('%s: %s' % (target, e))
 
-  return (None, None)
+    return (None, None)
 
 
 # We abuse the _all_libs state.  We probably shouldn't, but we do currently.
 # pylint: disable=dangerous-default-value
 def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[]},
              display=None, debug=False, _first=True, _all_libs={}):
-  """Parse the ELF dependency tree of the specified file
+    """Parse the ELF dependency tree of the specified file
 
-  Args:
-    path: The ELF to scan
-    root: The root tree to prepend to paths; this applies to interp and rpaths
+    Args:
+      path: The ELF to scan
+      root: The root tree to prepend to paths; this applies to interp and rpaths
           only as |path| and |ldpaths| are expected to be prefixed already
-    prefix: The path under |root| to search
-    ldpaths: dict containing library paths to search; should have the keys:
-             conf, env, interp
-    display: The path to show rather than |path|
-    debug: Enable debug output
-    _first: Recursive use only; is this the first ELF ?
-    _all_libs: Recursive use only; dict of all libs we've seen
-
-  Returns:
-    a dict containing information about all the ELFs; e.g.
-    {
-      'interp': '/lib64/ld-linux.so.2',
-      'needed': ['libc.so.6', 'libcurl.so.4',],
-      'libs': {
-        'libc.so.6': {
-          'path': '/lib64/libc.so.6',
-          'needed': [],
-        },
-        'libcurl.so.4': {
-          'path': '/usr/lib64/libcurl.so.4',
-          'needed': ['libc.so.6', 'librt.so.1',],
+      prefix: The path under |root| to search
+      ldpaths: dict containing library paths to search; should have the keys:
+          conf, env, interp
+      display: The path to show rather than |path|
+      debug: Enable debug output
+      _first: Recursive use only; is this the first ELF ?
+      _all_libs: Recursive use only; dict of all libs we've seen
+
+    Returns:
+      a dict containing information about all the ELFs; e.g.
+      {
+        'interp': '/lib64/ld-linux.so.2',
+        'needed': ['libc.so.6', 'libcurl.so.4',],
+        'libs': {
+          'libc.so.6': {
+            'path': '/lib64/libc.so.6',
+            'needed': [],
+          },
+          'libcurl.so.4': {
+            'path': '/usr/lib64/libcurl.so.4',
+            'needed': ['libc.so.6', 'librt.so.1',],
+          },
         },
-      },
-    }
-  """
-  if _first:
-    _all_libs = {}
-    ldpaths = ldpaths.copy()
-  ret = {
-      'interp': None,
-      'path': path if display is None else display,
-      'realpath': path,
-      'needed': [],
-      'rpath': [],
-      'runpath': [],
-      'libs': _all_libs,
-  }
-
-  dbg(debug, 'ParseELF(%s)' % path)
-
-  with open(path, 'rb') as f:
-    elf = ELFFile(f)
-
-    # If this is the first ELF, extract the interpreter.
+      }
+    """
     if _first:
-      for segment in elf.iter_segments():
-        if segment.header.p_type != 'PT_INTERP':
-          continue
-
-        interp = bstr(segment.get_interp_name())
-        dbg(debug, '  interp           =', interp)
-        ret['interp'] = normpath(root + interp)
-        real_interp = readlink(ret['interp'], root, prefixed=True)
-        ret['libs'][os.path.basename(interp)] = {
-            'path': ret['interp'],
-            'realpath': real_interp,
-            'needed': [],
-        }
-        # XXX: Could read it and scan for /lib paths.
-        # If the interp is a symlink, lets follow it on the assumption that it
-        # is in this path purely for ABI reasons, and the distro is using a
-        # different (probably more correct) path.  This can come up in some
-        # multilib situations like s390x where /lib64/ contains all the native
-        # libraries, but /lib/ld64.so.1 is the interp hardcoded in gcc, so the
-        # ld64.so.1 is really a symlink to ../lib64/ld64.so.1.  In the multiarch
-        # setup, it'll be /lib/ld64.so.1 -> /lib/s390x-linux-gnu/ld64.so.1.
-        # That is why we use |real_interp| here instead of |interp|.
-        ldpaths['interp'] = [
-            os.path.dirname(real_interp),
-            normpath(root + prefix + '/usr/' + os.path.dirname(
-                real_interp)[len(root) + len(prefix):]),
-        ]
-        dbg(debug, '  ldpaths[interp]  =', ldpaths['interp'])
-        break
-
-    # Parse the ELF's dynamic tags.
-    libs = []
-    rpaths = []
-    runpaths = []
-    for segment in elf.iter_segments():
-      if segment.header.p_type != 'PT_DYNAMIC':
-        continue
-
-      for t in segment.iter_tags():
-        if t.entry.d_tag == 'DT_RPATH':
-          rpaths = ParseLdPaths(bstr(t.rpath), root=root, path=path)
-        elif t.entry.d_tag == 'DT_RUNPATH':
-          runpaths = ParseLdPaths(bstr(t.runpath), root=root, path=path)
-        elif t.entry.d_tag == 'DT_NEEDED':
-          libs.append(bstr(t.needed))
-      if runpaths:
-        # If both RPATH and RUNPATH are set, only the latter is used.
-        rpaths = []
+        _all_libs = {}
+        ldpaths = ldpaths.copy()
+    ret = {
+        'interp': None,
+        'path': path if display is None else display,
+        'realpath': path,
+        'needed': [],
+        'rpath': [],
+        'runpath': [],
+        'libs': _all_libs,
+    }
 
-      # XXX: We assume there is only one PT_DYNAMIC.  This is
-      # probably fine since the runtime ldso does the same.
-      break
-    if _first:
-      # Propagate the rpaths used by the main ELF since those will be
-      # used at runtime to locate things.
-      ldpaths['rpath'] = rpaths
-      ldpaths['runpath'] = runpaths
-      dbg(debug, '  ldpaths[rpath]   =', rpaths)
-      dbg(debug, '  ldpaths[runpath] =', runpaths)
-    ret['rpath'] = rpaths
-    ret['runpath'] = runpaths
-    ret['needed'] = libs
-
-    # Search for the libs this ELF uses.
-    all_ldpaths = None
-    for lib in libs:
-      if lib in _all_libs:
-        continue
-      if all_ldpaths is None:
-        all_ldpaths = rpaths + ldpaths['rpath'] + ldpaths['env'] + runpaths + ldpaths['runpath'] + ldpaths['conf'] + ldpaths['interp']
-      realpath, fullpath = FindLib(elf, lib, all_ldpaths, root, debug=debug)
-      _all_libs[lib] = {
-          'realpath': realpath,
-          'path': fullpath,
-          'needed': [],
-      }
-      if fullpath:
-        try:
-          lret = ParseELF(realpath, root, prefix, ldpaths, display=fullpath,
-                          debug=debug, _first=False, _all_libs=_all_libs)
-        except exceptions.ELFError as e:
-          warn('%s: %s' % (realpath, e))
-        _all_libs[lib]['needed'] = lret['needed']
+    dbg(debug, 'ParseELF(%s)' % path)
+
+    with open(path, 'rb') as f:
+        elf = ELFFile(f)
+
+        # If this is the first ELF, extract the interpreter.
+        if _first:
+            for segment in elf.iter_segments():
+                if segment.header.p_type != 'PT_INTERP':
+                    continue
+
+                interp = bstr(segment.get_interp_name())
+                dbg(debug, '  interp           =', interp)
+                ret['interp'] = normpath(root + interp)
+                real_interp = readlink(ret['interp'], root, prefixed=True)
+                ret['libs'][os.path.basename(interp)] = {
+                    'path': ret['interp'],
+                    'realpath': real_interp,
+                    'needed': [],
+                }
+                # XXX: Could read it and scan for /lib paths.
+                # If the interp is a symlink, lets follow it on the assumption that it
+                # is in this path purely for ABI reasons, and the distro is using a
+                # different (probably more correct) path.  This can come up in some
+                # multilib situations like s390x where /lib64/ contains all the native
+                # libraries, but /lib/ld64.so.1 is the interp hardcoded in gcc, so the
+                # ld64.so.1 is really a symlink to ../lib64/ld64.so.1.  In the multiarch
+                # setup, it'll be /lib/ld64.so.1 -> /lib/s390x-linux-gnu/ld64.so.1.
+                # That is why we use |real_interp| here instead of |interp|.
+                ldpaths['interp'] = [
+                    os.path.dirname(real_interp),
+                    normpath(root + prefix + '/usr/' + os.path.dirname(
+                        real_interp)[len(root) + len(prefix):]),
+                ]
+                dbg(debug, '  ldpaths[interp]  =', ldpaths['interp'])
+                break
+
+        # Parse the ELF's dynamic tags.
+        libs = []
+        rpaths = []
+        runpaths = []
+        for segment in elf.iter_segments():
+            if segment.header.p_type != 'PT_DYNAMIC':
+                continue
+
+            for t in segment.iter_tags():
+                if t.entry.d_tag == 'DT_RPATH':
+                    rpaths = ParseLdPaths(bstr(t.rpath), root=root, path=path)
+                elif t.entry.d_tag == 'DT_RUNPATH':
+                    runpaths = ParseLdPaths(bstr(t.runpath), root=root, path=path)
+                elif t.entry.d_tag == 'DT_NEEDED':
+                    libs.append(bstr(t.needed))
+            if runpaths:
+                # If both RPATH and RUNPATH are set, only the latter is used.
+                rpaths = []
+
+            # XXX: We assume there is only one PT_DYNAMIC.  This is
+            # probably fine since the runtime ldso does the same.
+            break
+        if _first:
+            # Propagate the rpaths used by the main ELF since those will be
+            # used at runtime to locate things.
+            ldpaths['rpath'] = rpaths
+            ldpaths['runpath'] = runpaths
+            dbg(debug, '  ldpaths[rpath]   =', rpaths)
+            dbg(debug, '  ldpaths[runpath] =', runpaths)
+        ret['rpath'] = rpaths
+        ret['runpath'] = runpaths
+        ret['needed'] = libs
+
+        # Search for the libs this ELF uses.
+        all_ldpaths = None
+        for lib in libs:
+            if lib in _all_libs:
+                continue
+            if all_ldpaths is None:
+                all_ldpaths = rpaths + ldpaths['rpath'] + ldpaths['env'] + runpaths + ldpaths['runpath'] + ldpaths['conf'] + ldpaths['interp']
+            realpath, fullpath = FindLib(elf, lib, all_ldpaths, root, debug=debug)
+            _all_libs[lib] = {
+                'realpath': realpath,
+                'path': fullpath,
+                'needed': [],
+            }
+            if fullpath:
+                try:
+                    lret = ParseELF(realpath, root, prefix, ldpaths, display=fullpath,
+                                    debug=debug, _first=False, _all_libs=_all_libs)
+                except exceptions.ELFError as e:
+                    warn('%s: %s' % (realpath, e))
+                _all_libs[lib]['needed'] = lret['needed']
 
-    del elf
+        del elf
 
-  return ret
+    return ret
 # pylint: enable=dangerous-default-value
 
 
 class _NormalizePathAction(argparse.Action):
-  def __call__(self, parser, namespace, values, option_string=None):
-    setattr(namespace, self.dest, normpath(values))
+    def __call__(self, parser, namespace, values, option_string=None):
+        setattr(namespace, self.dest, normpath(values))
 
 
 def _ActionShow(options, elf):
-  """Show the dependency tree for this ELF"""
-  def _show(lib, depth):
-    chain_libs.append(lib)
-    fullpath = elf['libs'][lib]['path']
+    """Show the dependency tree for this ELF"""
+    def _show(lib, depth):
+        chain_libs.append(lib)
+        fullpath = elf['libs'][lib]['path']
+        if options.list:
+            print(fullpath or lib)
+        else:
+            print('%s%s => %s' % ('    ' * depth, lib, fullpath))
+
+        new_libs = []
+        for lib in elf['libs'][lib]['needed']:
+            if lib in chain_libs:
+                if not options.list:
+                    print('%s%s => !!! circular loop !!!' % ('    ' * depth, lib))
+                continue
+            if options.all or not lib in shown_libs:
+                shown_libs.add(lib)
+                new_libs.append(lib)
+
+        for lib in new_libs:
+            _show(lib, depth + 1)
+        chain_libs.pop()
+
+    shown_libs = set(elf['needed'])
+    new_libs = elf['needed'][:]
+    chain_libs = []
+    interp = elf['interp']
+    if interp:
+        lib = os.path.basename(interp)
+        shown_libs.add(lib)
+        # If we are in non-list mode, then we want to show the "duplicate" interp
+        # lines -- first the header (interp=>xxx), and then the DT_NEEDED line to
+        # show that the ELF is directly linked against the interp.
+        # If we're in list mode though, we only want to show the interp once.
+        # Unless of course we have the --all flag active, then we show everything.
+        if not options.all and options.list and lib in new_libs:
+            new_libs.remove(lib)
     if options.list:
-      print(fullpath or lib)
+        print(elf['path'])
+        if not interp is None:
+            print(interp)
     else:
-      print('%s%s => %s' % ('    ' * depth, lib, fullpath))
-
-    new_libs = []
-    for lib in elf['libs'][lib]['needed']:
-      if lib in chain_libs:
-        if not options.list:
-          print('%s%s => !!! circular loop !!!' % ('    ' * depth, lib))
-        continue
-      if options.all or not lib in shown_libs:
-        shown_libs.add(lib)
-        new_libs.append(lib)
-
+        print('%s (interpreter => %s)' % (elf['path'], interp))
     for lib in new_libs:
-      _show(lib, depth + 1)
-    chain_libs.pop()
-
-  shown_libs = set(elf['needed'])
-  new_libs = elf['needed'][:]
-  chain_libs = []
-  interp = elf['interp']
-  if interp:
-    lib = os.path.basename(interp)
-    shown_libs.add(lib)
-    # If we are in non-list mode, then we want to show the "duplicate" interp
-    # lines -- first the header (interp=>xxx), and then the DT_NEEDED line to
-    # show that the ELF is directly linked against the interp.
-    # If we're in list mode though, we only want to show the interp once.
-    # Unless of course we have the --all flag active, then we show everything.
-    if not options.all and options.list and lib in new_libs:
-      new_libs.remove(lib)
-  if options.list:
-    print(elf['path'])
-    if not interp is None:
-      print(interp)
-  else:
-    print('%s (interpreter => %s)' % (elf['path'], interp))
-  for lib in new_libs:
-    _show(lib, 1)
+        _show(lib, 1)
 
 
 def _ActionCopy(options, elf):
-  """Copy the ELF and its dependencies to a destination tree"""
-  def _StripRoot(path):
-    return path[len(options.root) - 1:]
-
-  def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(),
-            outdir=None):
-    if realsrc is None:
-      return
+    """Copy the ELF and its dependencies to a destination tree"""
+    def _StripRoot(path):
+        return path[len(options.root) - 1:]
 
-    if wrapit:
-      # Static ELFs don't need to be wrapped.
-      if not elf['interp']:
-        wrapit = False
+    def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(),
+              outdir=None):
+        if realsrc is None:
+            return
 
-    striproot = _StripRoot if striproot else lambda x: x
+        if wrapit:
+            # Static ELFs don't need to be wrapped.
+            if not elf['interp']:
+                wrapit = False
 
-    if outdir:
-      subdst = os.path.join(outdir, os.path.basename(src))
-    else:
-      subdst = striproot(src)
-    dst = options.dest + subdst
+        striproot = _StripRoot if striproot else lambda x: x
 
-    try:
-      # See if they're the same file.
-      nstat = os.stat(dst + ('.elf' if wrapit else ''))
-      ostat = os.stat(realsrc)
-      for field in ('mode', 'mtime', 'size'):
-        if getattr(ostat, 'st_' + field) != \
-           getattr(nstat, 'st_' + field):
-          break
-      else:
-        return
-    except OSError as e:
-      if e.errno != errno.ENOENT:
-        raise
+        if outdir:
+            subdst = os.path.join(outdir, os.path.basename(src))
+        else:
+            subdst = striproot(src)
+        dst = options.dest + subdst
 
-    if options.verbose:
-      print('%s -> %s' % (src, dst))
+        try:
+            # See if they're the same file.
+            nstat = os.stat(dst + ('.elf' if wrapit else ''))
+            ostat = os.stat(realsrc)
+            for field in ('mode', 'mtime', 'size'):
+                if getattr(ostat, 'st_' + field) != \
+                   getattr(nstat, 'st_' + field):
+                    break
+            else:
+                return
+        except OSError as e:
+            if e.errno != errno.ENOENT:
+                raise
+
+        if options.verbose:
+            print('%s -> %s' % (src, dst))
+
+        makedirs(os.path.dirname(dst))
+        try:
+            shutil.copy2(realsrc, dst)
+        except IOError:
+            os.unlink(dst)
+            shutil.copy2(realsrc, dst)
+
+        if wrapit:
+            if options.verbose:
+                print('generate wrapper %s' % (dst,))
+
+            if options.libdir:
+                interp = os.path.join(options.libdir, os.path.basename(elf['interp']))
+            else:
+                interp = _StripRoot(elf['interp'])
+            GenerateLdsoWrapper(options.dest, subdst, interp, libpaths)
+
+    # XXX: We should automatically import libgcc_s.so whenever libpthread.so
+    # is copied over (since we know it can be dlopen-ed by NPTL at runtime).
+    # Similarly, we should provide an option for automatically copying over
+    # the libnsl.so and libnss_*.so libraries, as well as an open ended list
+    # for known libs that get loaded (e.g. curl will dlopen(libresolv)).
+    uniq_libpaths = set()
+    for lib in elf['libs']:
+        libdata = elf['libs'][lib]
+        path = libdata['realpath']
+        if path is None:
+            warn('could not locate library: %s' % lib)
+            continue
+        if not options.libdir:
+            uniq_libpaths.add(_StripRoot(os.path.dirname(path)))
+        _copy(path, libdata['path'], outdir=options.libdir)
 
-    makedirs(os.path.dirname(dst))
-    try:
-      shutil.copy2(realsrc, dst)
-    except IOError:
-      os.unlink(dst)
-      shutil.copy2(realsrc, dst)
-
-    if wrapit:
-      if options.verbose:
-        print('generate wrapper %s' % (dst,))
-
-      if options.libdir:
-        interp = os.path.join(options.libdir, os.path.basename(elf['interp']))
-      else:
-        interp = _StripRoot(elf['interp'])
-      GenerateLdsoWrapper(options.dest, subdst, interp, libpaths)
-
-  # XXX: We should automatically import libgcc_s.so whenever libpthread.so
-  # is copied over (since we know it can be dlopen-ed by NPTL at runtime).
-  # Similarly, we should provide an option for automatically copying over
-  # the libnsl.so and libnss_*.so libraries, as well as an open ended list
-  # for known libs that get loaded (e.g. curl will dlopen(libresolv)).
-  uniq_libpaths = set()
-  for lib in elf['libs']:
-    libdata = elf['libs'][lib]
-    path = libdata['realpath']
-    if path is None:
-      warn('could not locate library: %s' % lib)
-      continue
     if not options.libdir:
-      uniq_libpaths.add(_StripRoot(os.path.dirname(path)))
-    _copy(path, libdata['path'], outdir=options.libdir)
-
-  if not options.libdir:
-    libpaths = list(uniq_libpaths)
-    if elf['runpath']:
-      libpaths = elf['runpath'] + libpaths
+        libpaths = list(uniq_libpaths)
+        if elf['runpath']:
+            libpaths = elf['runpath'] + libpaths
+        else:
+            libpaths = elf['rpath'] + libpaths
     else:
-      libpaths = elf['rpath'] + libpaths
-  else:
-    uniq_libpaths.add(options.libdir)
-    libpaths = list(uniq_libpaths)
+        uniq_libpaths.add(options.libdir)
+        libpaths = list(uniq_libpaths)
 
-  # We don't bother to copy this as ParseElf adds the interp to the 'libs',
-  # so it was already copied in the libs loop above.
-  #_copy(elf['interp'], outdir=options.libdir)
-  _copy(elf['realpath'], elf['path'], striproot=options.auto_root,
-        wrapit=options.generate_wrappers, libpaths=libpaths,
-        outdir=options.bindir)
+    # We don't bother to copy this as ParseElf adds the interp to the 'libs',
+    # so it was already copied in the libs loop above.
+    #_copy(elf['interp'], outdir=options.libdir)
+    _copy(elf['realpath'], elf['path'], striproot=options.auto_root,
+          wrapit=options.generate_wrappers, libpaths=libpaths,
+          outdir=options.bindir)
 
 
 def GetParser():
-  """Get a CLI parser."""
-  parser = argparse.ArgumentParser(
-      description=__doc__,
-      formatter_class=argparse.RawDescriptionHelpFormatter)
-  parser.add_argument('-a', '--all',
-                      action='store_true', default=False,
-                      help='Show all duplicated dependencies')
-  parser.add_argument('-R', '--root',
-                      default=os.environ.get('ROOT', ''), type=str,
-                      action=_NormalizePathAction,
-                      help='Search for all files/dependencies in ROOT')
-  parser.add_argument('-P', '--prefix',
-                      default=os.environ.get(
-                          'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type=str,
-                      action=_NormalizePathAction,
-                      help='Specify EPREFIX for binaries (for Gentoo Prefix)')
-  parser.add_argument('--no-auto-root',
-                      dest='auto_root', action='store_false', default=True,
-                      help='Do not automatically prefix input ELFs with ROOT')
-  parser.add_argument('-l', '--list',
-                      action='store_true', default=False,
-                      help='Display output in a simple list (easy for copying)')
-  parser.add_argument('-x', '--debug',
-                      action='store_true', default=False,
-                      help='Run with debugging')
-  parser.add_argument('-v', '--verbose',
-                      action='store_true', default=False,
-                      help='Be verbose')
-  parser.add_argument('--skip-non-elfs',
-                      action='store_true', default=False,
-                      help='Skip plain (non-ELF) files instead of warning')
-  parser.add_argument('-V', '--version',
-                      action='version',
-                      version='lddtree by Mike Frysinger <vapier@gentoo.org>',
-                      help='Show version information')
-  parser.add_argument('path', nargs='+')
-
-  group = parser.add_argument_group('Copying options')
-  group.add_argument('--copy-to-tree',
-                     dest='dest', default=None, type=str,
-                     action=_NormalizePathAction,
-                     help='Copy all files to the specified tree')
-  group.add_argument('--bindir',
-                     default=None, type=str,
-                     action=_NormalizePathAction,
-                     help='Dir to store all ELFs specified on the command line')
-  group.add_argument('--libdir',
-                     default=None, type=str,
-                     action=_NormalizePathAction,
-                     help='Dir to store all ELF libs')
-  group.add_argument('--generate-wrappers',
-                     action='store_true', default=False,
-                     help='Wrap executable ELFs with scripts for local ldso')
-  group.add_argument('--copy-non-elfs',
-                     action='store_true', default=False,
-                     help='Copy over plain (non-ELF) files instead of warn+ignore')
-
-  return parser
+    """Get a CLI parser."""
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter)
+    parser.add_argument('-a', '--all',
+                        action='store_true', default=False,
+                        help='Show all duplicated dependencies')
+    parser.add_argument('-R', '--root',
+                        default=os.environ.get('ROOT', ''), type=str,
+                        action=_NormalizePathAction,
+                        help='Search for all files/dependencies in ROOT')
+    parser.add_argument('-P', '--prefix',
+                        default=os.environ.get(
+                            'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type=str,
+                        action=_NormalizePathAction,
+                        help='Specify EPREFIX for binaries (for Gentoo Prefix)')
+    parser.add_argument('--no-auto-root',
+                        dest='auto_root', action='store_false', default=True,
+                        help='Do not automatically prefix input ELFs with ROOT')
+    parser.add_argument('-l', '--list',
+                        action='store_true', default=False,
+                        help='Display output in a simple list (easy for copying)')
+    parser.add_argument('-x', '--debug',
+                        action='store_true', default=False,
+                        help='Run with debugging')
+    parser.add_argument('-v', '--verbose',
+                        action='store_true', default=False,
+                        help='Be verbose')
+    parser.add_argument('--skip-non-elfs',
+                        action='store_true', default=False,
+                        help='Skip plain (non-ELF) files instead of warning')
+    parser.add_argument('-V', '--version',
+                        action='version',
+                        version='lddtree by Mike Frysinger <vapier@gentoo.org>',
+                        help='Show version information')
+    parser.add_argument('path', nargs='+')
+
+    group = parser.add_argument_group('Copying options')
+    group.add_argument('--copy-to-tree',
+                       dest='dest', default=None, type=str,
+                       action=_NormalizePathAction,
+                       help='Copy all files to the specified tree')
+    group.add_argument('--bindir',
+                       default=None, type=str,
+                       action=_NormalizePathAction,
+                       help='Dir to store all ELFs specified on the command line')
+    group.add_argument('--libdir',
+                       default=None, type=str,
+                       action=_NormalizePathAction,
+                       help='Dir to store all ELF libs')
+    group.add_argument('--generate-wrappers',
+                       action='store_true', default=False,
+                       help='Wrap executable ELFs with scripts for local ldso')
+    group.add_argument('--copy-non-elfs',
+                       action='store_true', default=False,
+                       help='Copy over plain (non-ELF) files instead of warn+ignore')
+
+    return parser
 
 
 def main(argv):
-  """The main entry point!"""
-  parser = GetParser()
-  options = parser.parse_args(argv)
-  paths = options.path
-
-  if options.root != '/':
-    options.root += '/'
-  if options.prefix == '@''GENTOO_PORTAGE_EPREFIX''@':
-    options.prefix = ''
-
-  if options.bindir and options.bindir[0] != '/':
-    parser.error('--bindir accepts absolute paths only')
-  if options.libdir and options.libdir[0] != '/':
-    parser.error('--libdir accepts absolute paths only')
-
-  if options.skip_non_elfs and options.copy_non_elfs:
-    parser.error('pick one handler for non-ELFs: skip or copy')
-
-  dbg(options.debug, 'root =', options.root)
-  if options.dest:
-    dbg(options.debug, 'dest =', options.dest)
-  if not paths:
-    err('missing ELF files to scan')
-
-  ldpaths = LoadLdpaths(options.root, options.prefix, debug=options.debug)
-  dbg(options.debug, 'ldpaths[conf] =', ldpaths['conf'])
-  dbg(options.debug, 'ldpaths[env]  =', ldpaths['env'])
-
-  # Process all the files specified.
-  ret = 0
-  for path in paths:
-    dbg(options.debug, 'argv[x]       =', path)
-    # Only auto-prefix the path if the ELF is absolute.
-    # If it's a relative path, the user most likely wants
-    # the local path.
-    if options.auto_root and path.startswith('/'):
-      path = options.root + path.lstrip('/')
-      dbg(options.debug, '  +auto-root  =', path)
-
-    matched = False
-    for p in glob.iglob(path):
-      # Once we've processed the globs, resolve the symlink.  This way you can
-      # operate on a path that is an absolute symlink itself.  e.g.:
-      #   $ ln -sf /bin/bash $PWD/root/bin/sh
-      #   $ lddtree --root $PWD/root /bin/sh
-      # First we'd turn /bin/sh into $PWD/root/bin/sh, then we want to resolve
-      # the symlink to $PWD/root/bin/bash rather than a plain /bin/bash.
-      dbg(options.debug, '  globbed     =', p)
-      if not path.startswith('/'):
-        realpath = os.path.realpath(path)
-      elif options.auto_root:
-        realpath = readlink(p, options.root, prefixed=True)
-      else:
-        realpath = path
-      if path != realpath:
-        dbg(options.debug, '  resolved    =', realpath)
-
-      matched = True
-      try:
-        elf = ParseELF(realpath, options.root, options.prefix, ldpaths,
-                       display=p, debug=options.debug)
-      except exceptions.ELFError as e:
-        if options.skip_non_elfs:
-          continue
-        # XXX: Ugly.  Should unify with _Action* somehow.
-        if options.dest is not None and options.copy_non_elfs:
-          if os.path.exists(p):
-            elf = {
-                'interp': None,
-                'libs': [],
-                'runpath': [],
-                'rpath': [],
-                'path': p,
-                'realpath': realpath,
-            }
-            _ActionCopy(options, elf)
-            continue
-        ret = 1
-        warn('%s: %s' % (p, e))
-        continue
-      except IOError as e:
-        ret = 1
-        warn('%s: %s' % (p, e))
-        continue
-
-      if options.dest is None:
-        _ActionShow(options, elf)
-      else:
-        _ActionCopy(options, elf)
-
-    if not matched:
-      ret = 1
-      warn('%s: did not match any paths' % (path,))
-
-  return ret
+    """The main entry point!"""
+    parser = GetParser()
+    options = parser.parse_args(argv)
+    paths = options.path
+
+    if options.root != '/':
+        options.root += '/'
+    if options.prefix == '@''GENTOO_PORTAGE_EPREFIX''@':
+        options.prefix = ''
+
+    if options.bindir and options.bindir[0] != '/':
+        parser.error('--bindir accepts absolute paths only')
+    if options.libdir and options.libdir[0] != '/':
+        parser.error('--libdir accepts absolute paths only')
+
+    if options.skip_non_elfs and options.copy_non_elfs:
+        parser.error('pick one handler for non-ELFs: skip or copy')
+
+    dbg(options.debug, 'root =', options.root)
+    if options.dest:
+        dbg(options.debug, 'dest =', options.dest)
+    if not paths:
+        err('missing ELF files to scan')
+
+    ldpaths = LoadLdpaths(options.root, options.prefix, debug=options.debug)
+    dbg(options.debug, 'ldpaths[conf] =', ldpaths['conf'])
+    dbg(options.debug, 'ldpaths[env]  =', ldpaths['env'])
+
+    # Process all the files specified.
+    ret = 0
+    for path in paths:
+        dbg(options.debug, 'argv[x]       =', path)
+        # Only auto-prefix the path if the ELF is absolute.
+        # If it's a relative path, the user most likely wants
+        # the local path.
+        if options.auto_root and path.startswith('/'):
+            path = options.root + path.lstrip('/')
+            dbg(options.debug, '  +auto-root  =', path)
+
+        matched = False
+        for p in glob.iglob(path):
+            # Once we've processed the globs, resolve the symlink.  This way you can
+            # operate on a path that is an absolute symlink itself.  e.g.:
+            #   $ ln -sf /bin/bash $PWD/root/bin/sh
+            #   $ lddtree --root $PWD/root /bin/sh
+            # First we'd turn /bin/sh into $PWD/root/bin/sh, then we want to resolve
+            # the symlink to $PWD/root/bin/bash rather than a plain /bin/bash.
+            dbg(options.debug, '  globbed     =', p)
+            if not path.startswith('/'):
+                realpath = os.path.realpath(path)
+            elif options.auto_root:
+                realpath = readlink(p, options.root, prefixed=True)
+            else:
+                realpath = path
+            if path != realpath:
+                dbg(options.debug, '  resolved    =', realpath)
+
+            matched = True
+            try:
+                elf = ParseELF(realpath, options.root, options.prefix, ldpaths,
+                               display=p, debug=options.debug)
+            except exceptions.ELFError as e:
+                if options.skip_non_elfs:
+                    continue
+                # XXX: Ugly.  Should unify with _Action* somehow.
+                if options.dest is not None and options.copy_non_elfs:
+                    if os.path.exists(p):
+                        elf = {
+                            'interp': None,
+                            'libs': [],
+                            'runpath': [],
+                            'rpath': [],
+                            'path': p,
+                            'realpath': realpath,
+                        }
+                        _ActionCopy(options, elf)
+                        continue
+                ret = 1
+                warn('%s: %s' % (p, e))
+                continue
+            except IOError as e:
+                ret = 1
+                warn('%s: %s' % (p, e))
+                continue
+
+            if options.dest is None:
+                _ActionShow(options, elf)
+            else:
+                _ActionCopy(options, elf)
+
+        if not matched:
+            ret = 1
+            warn('%s: did not match any paths' % (path,))
+
+    return ret
 
 
 if __name__ == '__main__':
-  sys.exit(main(sys.argv[1:]))
+    sys.exit(main(sys.argv[1:]))

diff --git a/pylint b/pylint
index 965537d..38d77a2 100755
--- a/pylint
+++ b/pylint
@@ -12,38 +12,38 @@ import sys
 
 
 def find_all_modules(source_root):
-  """Locate all python modules in the tree for scanning"""
-  ret = []
+    """Locate all python modules in the tree for scanning"""
+    ret = []
 
-  for root, _dirs, files in os.walk(source_root, topdown=False):
-    # Add all of the .py modules in the tree.
-    ret += [os.path.join(root, x) for x in files if x.endswith('.py')]
+    for root, _dirs, files in os.walk(source_root, topdown=False):
+        # Add all of the .py modules in the tree.
+        ret += [os.path.join(root, x) for x in files if x.endswith('.py')]
 
-  # Add the main scripts that don't end in .py.
-  ret += [os.path.join(source_root, x) for x in ('pylint',)]
+    # Add the main scripts that don't end in .py.
+    ret += [os.path.join(source_root, x) for x in ('pylint',)]
 
-  return ret
+    return ret
 
 
 def main(argv):
-  """The main entry point"""
-  source_root = os.path.dirname(os.path.realpath(__file__))
+    """The main entry point"""
+    source_root = os.path.dirname(os.path.realpath(__file__))
 
-  if not argv:
-    argv = find_all_modules(source_root)
+    if not argv:
+        argv = find_all_modules(source_root)
 
-  pympath = source_root
-  pythonpath = os.environ.get('PYTHONPATH')
-  if pythonpath is None:
-    pythonpath = pympath
-  else:
-    pythonpath = pympath + ':' + pythonpath
-  os.environ['PYTHONPATH'] = pythonpath
+    pympath = source_root
+    pythonpath = os.environ.get('PYTHONPATH')
+    if pythonpath is None:
+        pythonpath = pympath
+    else:
+        pythonpath = pympath + ':' + pythonpath
+    os.environ['PYTHONPATH'] = pythonpath
 
-  pylintrc = os.path.join(source_root, '.pylintrc')
-  cmd = ['pylint', '--rcfile', pylintrc]
-  os.execvp(cmd[0], cmd + argv)
+    pylintrc = os.path.join(source_root, '.pylintrc')
+    cmd = ['pylint', '--rcfile', pylintrc]
+    os.execvp(cmd[0], cmd + argv)
 
 
 if __name__ == '__main__':
-  sys.exit(main(sys.argv[1:]))
+    sys.exit(main(sys.argv[1:]))


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  0:48 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  0:48 UTC (permalink / raw
  To: gentoo-commits

commit:     8e182fd12056c7d3703c517e3d43cecf98bb7060
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Mar 26 19:16:27 2020 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Apr 15 23:12:55 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8e182fd1

lddtree: re-enable long line checks

Adjust our line length to be 100 cols.  This matches what the code has
largely been using already, and it fits better with modern systems.
People can still write to 80 cols as makes sense, but we'll consider
that a soft limit with 100 cols as the upper hard limit.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .pylintrc  | 2 +-
 lddtree.py | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.pylintrc b/.pylintrc
index 577641f..b86319b 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -35,7 +35,7 @@ reports=no
 score=no
 
 [FORMAT]
-max-line-length=80
+max-line-length = 100
 indent-string = '    '
 
 [BASIC]

diff --git a/lddtree.py b/lddtree.py
index cdb3f1c..3420b7d 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -4,7 +4,6 @@
 # Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>
 # Copyright 2012-2014 The Chromium OS Authors
 # Use of this source code is governed by a BSD-style license (BSD-3)
-# pylint: disable=C0301
 
 """Read the ELF dependency tree and show it
 
@@ -477,7 +476,13 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
             if lib in _all_libs:
                 continue
             if all_ldpaths is None:
-                all_ldpaths = rpaths + ldpaths['rpath'] + ldpaths['env'] + runpaths + ldpaths['runpath'] + ldpaths['conf'] + ldpaths['interp']
+                all_ldpaths = (
+                    rpaths + ldpaths['rpath'] +
+                    ldpaths['env'] +
+                    runpaths + ldpaths['runpath'] +
+                    ldpaths['conf'] +
+                    ldpaths['interp']
+                )
             realpath, fullpath = FindLib(elf, lib, all_ldpaths, root, debug=debug)
             _all_libs[lib] = {
                 'realpath': realpath,


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  1:56 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  1:56 UTC (permalink / raw
  To: gentoo-commits

commit:     6912679ba7a2fe42f13244dff537fa8338050c2c
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 01:27:56 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 01:37:31 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6912679b

lddtree: don't crash when interp is missing

Easy way to reproduce is to copy a cross-compile ELF like:
$ ./lddtree.py --copy-to-tree $PWD/foo /usr/share/qemu/s390-ccw.img
lddtree.py: warning: /usr/share/qemu/s390-ccw.img: [Errno 2] No such file or directory: '/lib/ld64.so.1'

We have checks for missing libs already, but interps are full paths
and thus bypass the resolution logic.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index b65c3f2..e3dafda 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -589,8 +589,14 @@ def _ActionCopy(options, elf):
         os.makedirs(os.path.dirname(dst), exist_ok=True)
         try:
             shutil.copy2(realsrc, dst)
+        except FileNotFoundError as e:
+            warn(f'{elf["path"]}: {e}')
+            return
         except IOError:
-            os.unlink(dst)
+            try:
+                os.unlink(dst)
+            except FileNotFoundError:
+                pass
             shutil.copy2(realsrc, dst)
 
         if wrapit:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  1:56 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  1:56 UTC (permalink / raw
  To: gentoo-commits

commit:     7748284a8002b4d3cf44cc0cd24738aebeb8b548
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 01:13:13 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 01:13:13 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7748284a

lddtree: require Python 3.6+

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 3420b7d..b65c3f2 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-# -*- coding: utf-8 -*-
 # Copyright 2012-2014 Gentoo Foundation
 # Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>
 # Copyright 2012-2014 The Chromium OS Authors
@@ -40,8 +39,6 @@ This will place bash, lspci, and lsof into /foo/bin/.  All the libraries
 they need will be placed into /foo/lib/ only.
 """
 
-from __future__ import print_function
-
 import argparse
 import glob
 import errno
@@ -49,6 +46,8 @@ import os
 import shutil
 import sys
 
+assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}'
+
 from elftools.elf.elffile import ELFFile
 from elftools.common import exceptions
 
@@ -116,15 +115,6 @@ def readlink(path, root, prefixed=False):
     return normpath((root + path) if prefixed else path)
 
 
-def makedirs(path):
-    """Like os.makedirs(), but ignore EEXIST errors"""
-    try:
-        os.makedirs(path)
-    except OSError as e:
-        if e.errno != errno.EEXIST:
-            raise
-
-
 def dedupe(items):
     """Remove all duplicates from |items| (keeping order)"""
     seen = {}
@@ -596,7 +586,7 @@ def _ActionCopy(options, elf):
         if options.verbose:
             print('%s -> %s' % (src, dst))
 
-        makedirs(os.path.dirname(dst))
+        os.makedirs(os.path.dirname(dst), exist_ok=True)
         try:
             shutil.copy2(realsrc, dst)
         except IOError:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  3:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  3:39 UTC (permalink / raw
  To: gentoo-commits

commit:     816065b7964ef8ad5a65f1a92190a2f5ff4b3744
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 03:24:07 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 03:24:07 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=816065b7

lddtree: use ldso's --argv0 when available

Newer glibc has a --argv0 option in current releases to explicitly
set argv[0].  This is useful for the generated shell wrappers as we
need to rename it (with an .elf suffix) and that can either confuse
the output or break tools that inspect their argv[0] strictly.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 7ec04fa..6be4fdd 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -43,6 +43,7 @@ import argparse
 import functools
 import glob
 import errno
+import mmap
 import os
 import shutil
 import sys
@@ -123,6 +124,18 @@ def dedupe(items):
     return [seen.setdefault(x, x) for x in items if x not in seen]
 
 
+@functools.lru_cache(maxsize=None)
+def interp_supports_argv0(interp) -> bool:
+    """See whether |interp| supports the --argv0 option.
+
+    Starting with glibc-2.33, the ldso supports --argv0 to override argv[0].
+    """
+    print(interp)
+    with open(interp, 'rb') as fp:
+        with mmap.mmap(fp.fileno(), 0, prot=mmap.PROT_READ) as mm:
+            return mm.find(b'--argv0') >= 0
+
+
 def GenerateLdsoWrapper(root, path, interp, libpaths=()):
     """Generate a shell script wrapper which uses local ldso to run the ELF
 
@@ -145,6 +158,7 @@ def GenerateLdsoWrapper(root, path, interp, libpaths=()):
                                interp_name),
         'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
                               for p in libpaths]),
+        'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(interp) else '',
     }
     wrapper = """#!/bin/sh
 if ! base=$(realpath "$0" 2>/dev/null); then
@@ -154,12 +168,13 @@ if ! base=$(realpath "$0" 2>/dev/null); then
   esac
 fi
 basedir=${base%%/*}
-exec \
-  "${basedir}/%(interp)s" \
-  --library-path "%(libpaths)s" \
-  --inhibit-cache \
-  --inhibit-rpath '' \
-  "${base}.elf" \
+exec \\
+  "${basedir}/%(interp)s" \\
+  %(argv0_arg)s \\
+  --library-path "%(libpaths)s" \\
+  --inhibit-cache \\
+  --inhibit-rpath '' \\
+  "${base}.elf" \\
   "$@"
 """
     wrappath = root + path


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  3:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  3:39 UTC (permalink / raw
  To: gentoo-commits

commit:     ea2721570e1993b0f1ffc3a9b6b9d9aaa7ad22c9
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 03:23:43 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 03:23:43 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ea272157

lddtree: apply functools cache to some repeated filesystem calls

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lddtree.py b/lddtree.py
index e3dafda..7ec04fa 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -40,6 +40,7 @@ they need will be placed into /foo/lib/ only.
 """
 
 import argparse
+import functools
 import glob
 import errno
 import os
@@ -87,6 +88,7 @@ def normpath(path):
     return os.path.normpath(path).replace('//', '/')
 
 
+@functools.lru_cache(maxsize=None)
 def readlink(path, root, prefixed=False):
     """Like os.readlink(), but relative to a |root|
 
@@ -167,6 +169,7 @@ exec \
     os.chmod(wrappath, 0o0755)
 
 
+@functools.lru_cache(maxsize=None)
 def ParseLdPaths(str_ldpaths, root='', path=None):
     """Parse the colon-delimited list of paths and apply ldso rules to each
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16  3:41 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16  3:41 UTC (permalink / raw
  To: gentoo-commits

commit:     cb5da5f0f8ca714a552b70f201ace2eb24f0d2b1
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 03:24:07 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 03:24:07 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cb5da5f0

lddtree: use ldso's --argv0 when available

Newer glibc has a --argv0 option in current releases to explicitly
set argv[0].  This is useful for the generated shell wrappers as we
need to rename it (with an .elf suffix) and that can either confuse
the output or break tools that inspect their argv[0] strictly.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 7ec04fa..fae39e0 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -43,6 +43,7 @@ import argparse
 import functools
 import glob
 import errno
+import mmap
 import os
 import shutil
 import sys
@@ -123,6 +124,17 @@ def dedupe(items):
     return [seen.setdefault(x, x) for x in items if x not in seen]
 
 
+@functools.lru_cache(maxsize=None)
+def interp_supports_argv0(interp) -> bool:
+    """See whether |interp| supports the --argv0 option.
+
+    Starting with glibc-2.33, the ldso supports --argv0 to override argv[0].
+    """
+    with open(interp, 'rb') as fp:
+        with mmap.mmap(fp.fileno(), 0, prot=mmap.PROT_READ) as mm:
+            return mm.find(b'--argv0') >= 0
+
+
 def GenerateLdsoWrapper(root, path, interp, libpaths=()):
     """Generate a shell script wrapper which uses local ldso to run the ELF
 
@@ -145,6 +157,7 @@ def GenerateLdsoWrapper(root, path, interp, libpaths=()):
                                interp_name),
         'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
                               for p in libpaths]),
+        'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(interp) else '',
     }
     wrapper = """#!/bin/sh
 if ! base=$(realpath "$0" 2>/dev/null); then
@@ -154,12 +167,13 @@ if ! base=$(realpath "$0" 2>/dev/null); then
   esac
 fi
 basedir=${base%%/*}
-exec \
-  "${basedir}/%(interp)s" \
-  --library-path "%(libpaths)s" \
-  --inhibit-cache \
-  --inhibit-rpath '' \
-  "${base}.elf" \
+exec \\
+  "${basedir}/%(interp)s" \\
+  %(argv0_arg)s \\
+  --library-path "%(libpaths)s" \\
+  --inhibit-cache \\
+  --inhibit-rpath '' \\
+  "${base}.elf" \\
   "$@"
 """
     wrappath = root + path


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 15:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 15:08 UTC (permalink / raw
  To: gentoo-commits

commit:     080a59e801e121ebadc3e1e170e57ca27de15876
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 14:49:56 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 14:49:56 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=080a59e8

lddtree: handle relative ldpaths

Tweak the ldpath logic to handle all relative paths relative to the
cwd instead of the root.  Such ELFs are uncommon and weird, but not
invalid, so might as well.

Bug: https://bugs.gentoo.org/653586
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index cd068f6..d91e729 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -184,7 +184,7 @@ exec \\
 
 
 @functools.lru_cache(maxsize=None)
-def ParseLdPaths(str_ldpaths, root='', path=None):
+def ParseLdPaths(str_ldpaths, root='', cwd=None, path=None):
     """Parse the colon-delimited list of paths and apply ldso rules to each
 
     Note the special handling as dictated by the ldso:
@@ -195,23 +195,34 @@ def ParseLdPaths(str_ldpaths, root='', path=None):
     Args:
       str_ldpaths: A colon-delimited string of paths
       root: The path to prepend to all paths found
+      cwd: The path to resolve relative paths against (defaults to getcwd()).
       path: The object actively being parsed (used for $ORIGIN)
 
     Returns:
       list of processed paths
     """
+    if cwd is None:
+        cwd = os.getcwd()
+
     ldpaths = []
     for ldpath in str_ldpaths.split(':'):
-        if not ldpath:
-            # The ldso treats "" paths as $PWD.
-            ldpath = os.getcwd()
-        elif '$ORIGIN' in ldpath:
+        # Expand placeholders first.
+        if '$ORIGIN' in ldpath:
             ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path))
         elif '${ORIGIN}' in ldpath:
             ldpath = ldpath.replace('${ORIGIN}', os.path.dirname(path))
+
+        # Expand relative paths if needed.  These don't make sense in general,
+        # but that doesn't stop people from using them.  As such, root prefix
+        # doesn't make sense with it either.
+        if not ldpath.startswith('/'):
+            # NB: The ldso treats "" paths as cwd too.
+            ldpath = os.path.join(cwd, ldpath)
         else:
             ldpath = root + ldpath
+
         ldpaths.append(normpath(ldpath))
+
     return dedupe(ldpaths)
 
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 15:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 15:08 UTC (permalink / raw
  To: gentoo-commits

commit:     8d2fa4fe36cf525bc5a16ec176d0fbe79cfab8e6
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 15:06:08 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 15:06:08 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8d2fa4fe

lddtree: add --cwd option

Rather than rely on ambient environmental settings (the cwd), allow
users to override the cwd explicitly when processing paths.

Bug: https://bugs.gentoo.org/653586
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 50 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index d91e729..b8fde0c 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -277,13 +277,14 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
     return paths
 
 
-def LoadLdpaths(root='/', prefix='', debug=False):
+def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
     """Load linker paths from common locations
 
     This parses the ld.so.conf and LD_LIBRARY_PATH env var.
 
     Args:
       root: The root tree to prepend to paths
+      cwd: The path to resolve relative paths against
       prefix: The path under |root| to search
       debug: Enable debug output
 
@@ -305,7 +306,7 @@ def LoadLdpaths(root='/', prefix='', debug=False):
         else:
             # XXX: If this contains $ORIGIN, we probably have to parse this
             # on a per-ELF basis so it can get turned into the right thing.
-            ldpaths['env'] = ParseLdPaths(env_ldpath, path='')
+            ldpaths['env'] = ParseLdPaths(env_ldpath, cwd=cwd, path='')
 
     # Load up /etc/ld.so.conf.
     ldpaths['conf'] = ParseLdSoConf(root + prefix + '/etc/ld.so.conf', root=root,
@@ -374,7 +375,8 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
 
 # We abuse the _all_libs state.  We probably shouldn't, but we do currently.
 # pylint: disable=dangerous-default-value
-def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[]},
+def ParseELF(path, root='/', cwd=None, prefix='',
+             ldpaths={'conf':[], 'env':[], 'interp':[]},
              display=None, debug=False, _first=True, _all_libs={}):
     """Parse the ELF dependency tree of the specified file
 
@@ -382,6 +384,7 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
       path: The ELF to scan
       root: The root tree to prepend to paths; this applies to interp and rpaths
           only as |path| and |ldpaths| are expected to be prefixed already
+      cwd: The path to resolve relative paths against.
       prefix: The path under |root| to search
       ldpaths: dict containing library paths to search; should have the keys:
           conf, env, interp
@@ -467,9 +470,9 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
 
             for t in segment.iter_tags():
                 if t.entry.d_tag == 'DT_RPATH':
-                    rpaths = ParseLdPaths(bstr(t.rpath), root=root, path=path)
+                    rpaths = ParseLdPaths(bstr(t.rpath), root=root, cwd=cwd, path=path)
                 elif t.entry.d_tag == 'DT_RUNPATH':
-                    runpaths = ParseLdPaths(bstr(t.runpath), root=root, path=path)
+                    runpaths = ParseLdPaths(bstr(t.runpath), root=root, cwd=cwd, path=path)
                 elif t.entry.d_tag == 'DT_NEEDED':
                     libs.append(bstr(t.needed))
             if runpaths:
@@ -511,7 +514,7 @@ def ParseELF(path, root='/', prefix='', ldpaths={'conf':[], 'env':[], 'interp':[
             }
             if fullpath:
                 try:
-                    lret = ParseELF(realpath, root, prefix, ldpaths, display=fullpath,
+                    lret = ParseELF(realpath, root, cwd, prefix, ldpaths, display=fullpath,
                                     debug=debug, _first=False, _all_libs=_all_libs)
                 except exceptions.ELFError as e:
                     warn('%s: %s' % (realpath, e))
@@ -681,18 +684,6 @@ def GetParser():
     parser.add_argument('-a', '--all',
                         action='store_true', default=False,
                         help='Show all duplicated dependencies')
-    parser.add_argument('-R', '--root',
-                        default=os.environ.get('ROOT', ''), type=str,
-                        action=_NormalizePathAction,
-                        help='Search for all files/dependencies in ROOT')
-    parser.add_argument('-P', '--prefix',
-                        default=os.environ.get(
-                            'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type=str,
-                        action=_NormalizePathAction,
-                        help='Specify EPREFIX for binaries (for Gentoo Prefix)')
-    parser.add_argument('--no-auto-root',
-                        dest='auto_root', action='store_false', default=True,
-                        help='Do not automatically prefix input ELFs with ROOT')
     parser.add_argument('-l', '--list',
                         action='store_true', default=False,
                         help='Display output in a simple list (easy for copying)')
@@ -711,6 +702,23 @@ def GetParser():
                         help='Show version information')
     parser.add_argument('path', nargs='+')
 
+    group = parser.add_argument_group('Path options')
+    group.add_argument('-R', '--root',
+                       default=os.environ.get('ROOT', ''), type=str,
+                       action=_NormalizePathAction,
+                       help='Search for all files/dependencies in ROOT')
+    group.add_argument('--no-auto-root',
+                       dest='auto_root', action='store_false', default=True,
+                       help='Do not automatically prefix input ELFs with ROOT')
+    group.add_argument('-C', '--cwd',
+                       default=os.getcwd(), type=str, action=_NormalizePathAction,
+                       help='Path to resolve relative paths against')
+    group.add_argument('-P', '--prefix',
+                       default=os.environ.get(
+                           'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type=str,
+                       action=_NormalizePathAction,
+                       help='Specify EPREFIX for binaries (for Gentoo Prefix)')
+
     group = parser.add_argument_group('Copying options')
     group.add_argument('--copy-to-tree',
                        dest='dest', default=None, type=str,
@@ -754,12 +762,14 @@ def main(argv):
         parser.error('pick one handler for non-ELFs: skip or copy')
 
     dbg(options.debug, 'root =', options.root)
+    dbg(options.debug, 'cwd =', options.cwd)
     if options.dest:
         dbg(options.debug, 'dest =', options.dest)
     if not paths:
         err('missing ELF files to scan')
 
-    ldpaths = LoadLdpaths(options.root, options.prefix, debug=options.debug)
+    ldpaths = LoadLdpaths(options.root, cwd=options.cwd, prefix=options.prefix,
+                          debug=options.debug)
     dbg(options.debug, 'ldpaths[conf] =', ldpaths['conf'])
     dbg(options.debug, 'ldpaths[env]  =', ldpaths['env'])
 
@@ -794,7 +804,7 @@ def main(argv):
 
             matched = True
             try:
-                elf = ParseELF(realpath, options.root, options.prefix, ldpaths,
+                elf = ParseELF(realpath, options.root, options.cwd, options.prefix, ldpaths,
                                display=p, debug=options.debug)
             except exceptions.ELFError as e:
                 if options.skip_non_elfs:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 15:08 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 15:08 UTC (permalink / raw
  To: gentoo-commits

commit:     583af0f01ece9c63042a8a12bac11aaa53faa19b
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 14:37:46 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 14:37:46 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=583af0f0

lddtree: handle ${ORIGIN} like $ORIGIN

Bug: https://bugs.gentoo.org/653586
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 ++
 lddtree.sh | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index fae39e0..cd068f6 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -207,6 +207,8 @@ def ParseLdPaths(str_ldpaths, root='', path=None):
             ldpath = os.getcwd()
         elif '$ORIGIN' in ldpath:
             ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path))
+        elif '${ORIGIN}' in ldpath:
+            ldpath = ldpath.replace('${ORIGIN}', os.path.dirname(path))
         else:
             ldpath = root + ldpath
         ldpaths.append(normpath(ldpath))

diff --git a/lddtree.sh b/lddtree.sh
index b05ce19..5271dae 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -73,7 +73,7 @@ find_elf() {
 		if [[ ${c_last_needed_by} != ${needed_by} ]] ; then
 			c_last_needed_by=${needed_by}
 			c_last_needed_by_rpaths=$(scanelf -qF '#F%r' "${needed_by}" | \
-				sed -e 's|:| |g' -e "s:[$]ORIGIN:${needed_by%/*}:")
+				sed -E -e 's|:| |g' -e "s:[$](ORIGIN|\{ORIGIN\}):${needed_by%/*}:")
 		fi
 		check_paths "${elf}" ${c_last_needed_by_rpaths} && return 0
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 19:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 19:03 UTC (permalink / raw
  To: gentoo-commits

commit:     c68cfa4e47d59e9903509a1d90da178a982eb27e
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 18:59:55 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 18:59:55 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c68cfa4e

paxldso: add support for "new" glibc cache format

Glibc has supported a "new" cache format for a while now (almost 20
years), but since it generated both, we didn't bother to implement
it, only relying on the old cache format.  With glibc-2.32+ though,
it now only outputs the new format.

Rework the code so we support the old, new, and compat cache formats
(where the new format is appended to the old one).

Bug: https://bugs.gentoo.org/739014
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 paxldso.c | 235 +++++++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 179 insertions(+), 56 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index d89210d..150f490 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -14,19 +14,28 @@
 
 #if PAX_LDSO_CACHE
 
-static void *ldcache = NULL;
+/* Memory region containing a specific cache. Will be a subset of the mmap. */
+static const void *ldcache = NULL;
 static size_t ldcache_size = 0;
 
+/* Entire memory mapped cache file. */
+static void *ldcache_mmap_base = NULL;
+static size_t ldcache_mmap_size = 0;
+
 static char *ldso_cache_buf = NULL;
 static size_t ldso_cache_buf_size = 0;
 
 #if defined(__GLIBC__) || defined(__UCLIBC__)
 
 /* Defines can be seen in glibc's sysdeps/generic/ldconfig.h */
-#define LDSO_CACHE_MAGIC             "ld.so-"
-#define LDSO_CACHE_MAGIC_LEN         (sizeof LDSO_CACHE_MAGIC -1)
-#define LDSO_CACHE_VER               "1.7.0"
-#define LDSO_CACHE_VER_LEN           (sizeof LDSO_CACHE_VER -1)
+#define LDSO_CACHE_MAGIC_OLD         "ld.so-"
+#define LDSO_CACHE_MAGIC_OLD_LEN     (sizeof LDSO_CACHE_MAGIC_OLD - 1)
+#define LDSO_CACHE_VER_OLD           "1.7.0"
+#define LDSO_CACHE_VER_OLD_LEN       (sizeof LDSO_CACHE_VER_OLD - 1)
+#define LDSO_CACHE_MAGIC_NEW         "glibc-ld.so.cache"
+#define LDSO_CACHE_MAGIC_NEW_LEN     (sizeof LDSO_CACHE_MAGIC_NEW - 1)
+#define LDSO_CACHE_VER_NEW           "1.1"
+#define LDSO_CACHE_VER_NEW_LEN       (sizeof LDSO_CACHE_VER_NEW - 1)
 #define FLAG_ANY                     -1
 #define FLAG_TYPE_MASK               0x00ff
 #define FLAG_LIBC4                   0x0000
@@ -48,14 +57,45 @@ static size_t ldso_cache_buf_size = 0;
 #define FLAG_MIPS_LIB32_NAN2008      0x0c00
 #define FLAG_MIPS64_LIBN32_NAN2008   0x0d00
 #define FLAG_MIPS64_LIBN64_NAN2008   0x0e00
+#define FLAG_RISCV_FLOAT_ABI_SOFT    0x0f00
+#define FLAG_RISCV_FLOAT_ABI_DOUBLE  0x1000
 
 typedef struct {
 	int flags;
 	unsigned int sooffset;
 	unsigned int liboffset;
-} libentry_t;
+} libentry_old_t;
+
+typedef struct {
+	const char magic[LDSO_CACHE_MAGIC_OLD_LEN];
+	const char version[LDSO_CACHE_VER_OLD_LEN];
+	unsigned int nlibs;
+	libentry_old_t libs[0];
+} header_old_t;
+
+typedef struct {
+	int32_t flags;
+	uint32_t sooffset;
+	uint32_t liboffset;
+	uint32_t osversion;
+	uint64_t hwcap;
+} libentry_new_t;
 
-static bool is_compatible(elfobj *elf, libentry_t *libent)
+typedef struct {
+	const char magic[LDSO_CACHE_MAGIC_NEW_LEN];
+	const char version[LDSO_CACHE_VER_NEW_LEN];
+	uint32_t nlibs;
+	uint32_t len_strings;
+	uint8_t flags;
+	uint8_t _pad_flags[3];
+	uint32_t extension_offset;
+	uint32_t _pad_ext[3];
+	libentry_new_t libs[0];
+} header_new_t;
+
+static bool ldcache_is_new;
+
+static bool is_compatible(elfobj *elf, const libentry_old_t *libent)
 {
 	int flags = libent->flags & FLAG_REQUIRED_MASK;
 
@@ -136,74 +176,124 @@ static bool is_compatible(elfobj *elf, libentry_t *libent)
 	return false;
 }
 
-char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
+static void ldso_cache_load(void)
 {
-	unsigned int nlib;
-	char *ret = NULL;
-	char *strs;
+	int fd;
+	const char *cachefile;
+	struct stat st;
+	const header_old_t *header_old;
+	const header_new_t *header_new;
 
-	typedef struct {
-		char magic[LDSO_CACHE_MAGIC_LEN];
-		char version[LDSO_CACHE_VER_LEN];
-		unsigned int nlibs;
-	} header_t;
-	header_t *header;
+	if (ldcache_mmap_base != NULL)
+		return;
 
-	libentry_t *libent;
+	cachefile = root_rel_path(ldcache_path);
 
-	if (fname == NULL)
-		return NULL;
+	if (fstatat(root_fd, cachefile, &st, 0))
+		return;
 
-	if (ldcache == NULL) {
-		int fd;
-		const char *cachefile = root_rel_path(ldcache_path);
-		struct stat st;
+	fd = openat(root_fd, cachefile, O_RDONLY);
+	if (fd == -1)
+		return;
 
-		if (fstatat(root_fd, cachefile, &st, 0))
-			return NULL;
+	/* cache these values so we only map/unmap the cache file once */
+	ldcache_mmap_size = st.st_size;
+	ldcache_mmap_base = mmap(0, ldcache_mmap_size, PROT_READ, MAP_SHARED, fd, 0);
+	close(fd);
 
-		fd = openat(root_fd, cachefile, O_RDONLY);
-		if (fd == -1)
-			return NULL;
-
-		/* cache these values so we only map/unmap the cache file once */
-		ldcache_size = st.st_size;
-		header = ldcache = mmap(0, ldcache_size, PROT_READ, MAP_SHARED, fd, 0);
-		close(fd);
+	if (ldcache_mmap_base == MAP_FAILED) {
+		ldcache_mmap_base = NULL;
+		return;
+	}
 
-		if (ldcache == MAP_FAILED) {
-			ldcache = NULL;
-			return NULL;
+	ldcache_size = ldcache_mmap_size;
+	ldcache = ldcache_mmap_base;
+	header_old = ldcache;
+	header_new = ldcache;
+#define memeq(mem1, mem2) (memcmp(mem1, mem2, sizeof(mem2) - 1) == 0)
+	if (memeq(header_new->magic, LDSO_CACHE_MAGIC_NEW) &&
+	    memeq(header_new->version, LDSO_CACHE_VER_NEW)) {
+		ldcache_is_new = true;
+	} else if (memeq(header_old->magic, LDSO_CACHE_MAGIC_OLD) &&
+	           memeq(header_old->version, LDSO_CACHE_VER_OLD)) {
+		/* See if the new cache format is appended after the old cache. */
+		uintptr_t end =
+			(uintptr_t)ldcache + sizeof(header_old_t) +
+			(header_old->nlibs * sizeof(libentry_old_t));
+		header_new = (const void *)ALIGN_UP(end, __alignof__(header_new_t));
+		if (memeq(header_new->magic, LDSO_CACHE_MAGIC_NEW) &&
+		    memeq(header_new->version, LDSO_CACHE_VER_NEW)) {
+			ldcache_is_new = true;
+			ldcache_size -= ((uintptr_t)header_new - (uintptr_t)ldcache);
+			ldcache = header_new;
+		} else {
+			ldcache_is_new = false;
 		}
+	} else {
+		munmap(ldcache_mmap_base, ldcache_mmap_size);
+		ldcache_mmap_base = NULL;
+		return;
+	}
+#undef memq
 
-		if (memcmp(header->magic, LDSO_CACHE_MAGIC, LDSO_CACHE_MAGIC_LEN) ||
-		    memcmp(header->version, LDSO_CACHE_VER, LDSO_CACHE_VER_LEN))
-		{
-			munmap(ldcache, ldcache_size);
-			ldcache = NULL;
-			return NULL;
-		}
+	ldso_cache_buf_size = 4096;
+	ldso_cache_buf = xrealloc(ldso_cache_buf, ldso_cache_buf_size);
+}
 
-		ldso_cache_buf_size = 4096;
-		ldso_cache_buf = xrealloc(ldso_cache_buf, ldso_cache_buf_size);
-	} else
-		header = ldcache;
+char *ldso_cache_lookup_lib(elfobj *elf, const char *fname)
+{
+	unsigned int nlib, nlibs;
+	char *ret = NULL;
+	const char *strs;
+	const libentry_old_t *libent_old;
+	const libentry_new_t *libent_new;
 
-	libent = ldcache + sizeof(header_t);
-	strs = (char *) &libent[header->nlibs];
+	if (fname == NULL)
+		return NULL;
 
-	for (nlib = 0; nlib < header->nlibs; ++nlib) {
+	ldso_cache_load();
+	if (ldcache == NULL)
+		return NULL;
+
+	if (ldcache_is_new) {
+		const header_new_t *header = ldcache;
+		libent_old = NULL;
+		libent_new = &header->libs[0];
+		strs = (const char *)header;
+		nlibs = header->nlibs;
+	} else {
+		const header_old_t *header = ldcache;
+		libent_old = &header->libs[0];
+		libent_new = NULL;
+		strs = (const char *)&libent_old[header->nlibs];
+		nlibs = header->nlibs;
+	}
+
+	/*
+	 * TODO: Should add memory range checking in case cache file is corrupt.
+	 * TODO: We search the cache from start to finish, but since we know the cache
+	 * is sorted, we really should be doing a binary search to speed it up.
+	 */
+	for (nlib = 0; nlib < nlibs; ++nlib) {
 		const char *lib;
 		size_t lib_len;
 
-		if (!is_compatible(elf, &libent[nlib]))
+		/* The first few fields are the same between new/old formats. */
+		const libentry_old_t *libent;
+		if (ldcache_is_new) {
+			libent = (void *)&libent_new[nlib];
+		} else {
+			libent = &libent_old[nlib];
+		}
+
+		if (!is_compatible(elf, libent))
 			continue;
 
-		if (strcmp(fname, strs + libent[nlib].sooffset) != 0)
+		if (strcmp(fname, strs + libent->sooffset) != 0)
 			continue;
 
 		/* Return first hit because that is how the ldso rolls */
-		lib = strs + libent[nlib].liboffset;
+		lib = strs + libent->liboffset;
 		lib_len = strlen(lib) + 1;
 		if (lib_len > ldso_cache_buf_size) {
 			ldso_cache_buf = xrealloc(ldso_cache_buf, ldso_cache_buf_size + 4096);
@@ -223,8 +313,8 @@ static void ldso_cache_cleanup(void)
 {
 	free(ldso_cache_buf);
 
-	if (ldcache != NULL)
-		munmap(ldcache, ldcache_size);
+	if (ldcache_mmap_base != NULL)
+		munmap(ldcache_mmap_base, ldcache_mmap_size);
 }
 
 #else
@@ -379,12 +469,45 @@ const char argv0[] = "paxldso";
 int main(int argc, char *argv[])
 {
 	elfobj *elf = readelf(argv[0]);
+	ldso_cache_load();
+	printf("cache file memory base is %p\n", ldcache_mmap_base);
+	printf("cache memory base is %p\n", ldcache);
 	for (int i = 1; i < argc; ++i) {
 		const char *search = argv[i];
 		const char *lib = ldso_cache_lookup_lib(elf, search);
 		printf("%s -> %s\n", search, lib);
 	}
 	unreadelf(elf);
+
+	if (ldcache) {
+		unsigned int nlib;
+		const char *strs, *s;
+
+		if (ldcache_is_new) {
+			const header_new_t *header = ldcache;
+			const libentry_new_t *libents = &header->libs[0];
+			strs = (const char *)header;
+			printf("dumping new cache format\n");
+
+			for (nlib = 0; nlib < header->nlibs; ++nlib) {
+				const libentry_new_t *libent = &libents[nlib];
+				s = strs + libent->sooffset;
+				printf("%p: %s\n", libent, s);
+			}
+		} else {
+			const header_old_t *header = ldcache;
+			const libentry_old_t *libents = &header->libs[0];
+			strs = (const char *)&libents[header->nlibs];
+			printf("dumping old cache format\n");
+
+			for (nlib = 0; nlib < header->nlibs; ++nlib) {
+				const libentry_old_t *libent = &libents[nlib];
+				s = strs + libent->sooffset;
+				printf("%p: %s\n", libent, s);
+			}
+		}
+	}
+
 	paxldso_cleanup();
 }
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 19:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 19:03 UTC (permalink / raw
  To: gentoo-commits

commit:     1f3572f01249e929feb26309fed5c2ce7d932a86
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 17:00:01 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 17:00:01 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f3572f0

build: support debugging/testing object internals

Add a hack so we can build individual objects as standalone programs.
This way we can more easily poke internal static funcs to aid in the
overall debugging/development process.

Bug: https://bugs.gentoo.org/739014
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .gitignore |  3 +++
 Makefile   | 20 +++++++++++++++-----
 paxldso.c  | 18 ++++++++++++++++++
 3 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6e0a530..33f051f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,6 +36,9 @@ stamp-h1
 
 /dumpelf
 /lddtree
+/paxelf
+/paxldso
+/paxmacho
 /pspax
 /scanelf
 /scanmacho

diff --git a/Makefile b/Makefile
index c906311..8a54faf 100644
--- a/Makefile
+++ b/Makefile
@@ -67,19 +67,26 @@ endif
 override CPPFLAGS  += -DVCSID='"$(VCSID)"'
 
 ####################################################################
-ELF_TARGETS  = scanelf dumpelf $(shell echo | $(CC) -dM -E - | grep -q __svr4__ || echo pspax)
+ELF_TARGETS  = scanelf dumpelf $(shell $(CC) -dM -E - </dev/null | grep -q __svr4__ || echo pspax)
 ELF_OBJS     = paxelf.o paxldso.o
 MACH_TARGETS = scanmacho
 MACH_OBJS    = paxmacho.o
 COMMON_OBJS  = paxinc.o security.o xfuncs.o
 TARGETS      = $(ELF_TARGETS) $(MACH_TARGETS)
+TARGETS_OBJS = $(TARGETS:%=%.o)
 SCRIPTS_SH   = lddtree symtree
 SCRIPTS_PY   = lddtree
-OBJS         = $(ELF_OBJS) $(MACH_OBJS) $(COMMON_OBJS) $(TARGETS:%=%.o)
+_OBJS        = $(ELF_OBJS) $(MACH_OBJS) $(COMMON_OBJS)
+OBJS         = $(_OBJS) $(TARGETS_OBJS)
+# Not all objects support this hack.  Otherwise we'd use $(_OBJS:%.o=%)
+OBJS_TARGETS = paxldso
 MPAGES       = $(TARGETS:%=man/%.1)
 SOURCES      = $(OBJS:%.o=%.c)
 
-all: $(OBJS) $(TARGETS)
+all: $(TARGETS)
+	@:
+
+all-dev: all $(OBJS_TARGETS)
 	@:
 
 DEBUG_FLAGS = \
@@ -88,7 +95,7 @@ DEBUG_FLAGS = \
 	-fsanitize=leak \
 	-fsanitize=undefined
 debug: clean
-	$(MAKE) CFLAGS="$(CFLAGS) -g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS))" all
+	$(MAKE) CFLAGS="$(CFLAGS) -g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS))" all-dev
 	@-chpax  -permsx $(ELF_TARGETS)
 	@-paxctl -permsx $(ELF_TARGETS)
 
@@ -120,6 +127,9 @@ $(ELF_TARGETS): %: $(ELF_OBJS) $(COMMON_OBJS) %.o
 $(MACH_TARGETS): %: $(MACH_OBJS) $(COMMON_OBJS) %.o
 	$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
 
+$(OBJS_TARGETS): %: $(_OBJS) %.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -DMAIN $(LDFLAGS) $(filter-out $@.o,$^) -o $@ $(LIBS) $(LIBS-$@)
+
 %.so: %.c
 	$(CC) -shared -fPIC -o $@ $<
 
@@ -127,7 +137,7 @@ depend:
 	$(CC) $(CFLAGS) -MM $(SOURCES) > .depend
 
 clean:
-	-rm -f $(OBJS) $(TARGETS)
+	-rm -f $(OBJS) $(TARGETS) $(OBJS_TARGETS)
 
 distclean: clean
 	-rm -f *~ core *.o

diff --git a/paxldso.c b/paxldso.c
index 2d8ddea..d89210d 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -371,3 +371,21 @@ void paxldso_cleanup(void)
 #endif
 
 const char * ldcache_path = "/etc/ld.so.cache";
+
+#ifdef MAIN
+
+const char argv0[] = "paxldso";
+
+int main(int argc, char *argv[])
+{
+	elfobj *elf = readelf(argv[0]);
+	for (int i = 1; i < argc; ++i) {
+		const char *search = argv[i];
+		const char *lib = ldso_cache_lookup_lib(elf, search);
+		printf("%s -> %s\n", search, lib);
+	}
+	unreadelf(elf);
+	paxldso_cleanup();
+}
+
+#endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 19:26 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 19:26 UTC (permalink / raw
  To: gentoo-commits

commit:     67f3ba64c91b5e1ac9fbbd0bc039fb8ca653cae1
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  4 23:46:33 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 19:22:01 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=67f3ba64

dumpelf: add libFuzzer support

Now you can build dumpelf with libFuzzer and beat the hell out of it.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 Makefile  |  2 +-
 dumpelf.c | 43 ++++++++++++++++++++++++++++++++++---------
 2 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index 8e7b183..9a2c07c 100644
--- a/Makefile
+++ b/Makefile
@@ -115,7 +115,7 @@ afl-fuzz: clean
 		"afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@"
 
 # Not all objects support libfuzzer.
-LIBFUZZER_TARGETS =
+LIBFUZZER_TARGETS = dumpelf
 LIBFUZZER_FLAGS = \
 	-fsanitize=fuzzer \
 	-fsanitize-coverage=edge

diff --git a/dumpelf.c b/dumpelf.c
index bc634f0..342251f 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -11,7 +11,6 @@ const char argv0[] = "dumpelf";
 #include "paxinc.h"
 
 /* prototypes */
-static void dumpelf(const char *filename, size_t file_cnt);
 static void dump_ehdr(elfobj *elf, const void *ehdr);
 static void dump_phdr(elfobj *elf, const void *phdr, size_t phdr_cnt);
 static void dump_shdr(elfobj *elf, const void *shdr, size_t shdr_cnt, const char *section_name);
@@ -31,15 +30,10 @@ static char be_verbose = 0;
 static const void *phdr_dynamic_void;
 
 /* dump all internal elf info */
-static void dumpelf(const char *filename, size_t file_cnt)
+static void dumpelf(elfobj *elf, size_t file_cnt)
 {
-	elfobj *elf;
 	size_t i, b;
 
-	/* verify this is real ELF */
-	if ((elf = readelf(filename)) == NULL)
-		return;
-
 	phdr_dynamic_void = NULL;
 
 	printf("#include <elf.h>\n");
@@ -50,7 +44,7 @@ static void dumpelf(const char *filename, size_t file_cnt)
 		" * ELF dump of '%s'\n"
 		" *     %ji (0x%jX) bytes\n"
 		" */\n\n",
-		filename, elf->len, elf->len);
+		elf->filename, elf->len, elf->len);
 
 	/* setup the struct to namespace this elf */
 #define MAKE_STRUCT(B) \
@@ -148,6 +142,17 @@ static void dumpelf(const char *filename, size_t file_cnt)
 		printf(" /* no dynamic tags ! */ ");
 	}
 	printf("};\n");
+}
+
+static void dumpelf_file(const char *filename, size_t file_cnt)
+{
+	elfobj *elf = readelf(filename);
+
+	/* verify this is real ELF */
+	if (elf == NULL)
+		return;
+
+	dumpelf(elf, file_cnt);
 
 	/* get out of here */
 	unreadelf(elf);
@@ -570,10 +575,29 @@ static void parseargs(int argc, char *argv[])
 	size_t file_cnt = 0;
 
 	while (optind < argc)
-		dumpelf(argv[optind++], file_cnt++);
+		dumpelf_file(argv[optind++], file_cnt++);
 	}
 }
 
+#if PAX_UTILS_LIBFUZZ
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	(void)argc;
+	(void)argv;
+	(void)parseargs;
+	security_init(false);
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	elfobj *elf = readelf_buffer("libFuzzer", data, size);
+	if (elf == NULL)
+		return 0;
+	dumpelf(elf, 0);
+	return 0;
+}
+#else
 int main(int argc, char *argv[])
 {
 	security_init(false);
@@ -582,3 +606,4 @@ int main(int argc, char *argv[])
 	parseargs(argc, argv);
 	return EXIT_SUCCESS;
 }
+#endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 19:26 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 19:26 UTC (permalink / raw
  To: gentoo-commits

commit:     f06cd2cdb8dd0bcfd02356fae1c0604cf7fc7f54
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 19:24:13 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 19:24:13 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f06cd2cd

dumpelf: constify elfobj in APIs

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 dumpelf.c | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 342251f..4742a50 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -11,17 +11,15 @@ const char argv0[] = "dumpelf";
 #include "paxinc.h"
 
 /* prototypes */
-static void dump_ehdr(elfobj *elf, const void *ehdr);
-static void dump_phdr(elfobj *elf, const void *phdr, size_t phdr_cnt);
-static void dump_shdr(elfobj *elf, const void *shdr, size_t shdr_cnt, const char *section_name);
-static void dump_dyn(elfobj *elf, const void *dyn, size_t dyn_cnt);
+static void dump_ehdr(const elfobj *elf, const void *ehdr);
+static void dump_phdr(const elfobj *elf, const void *phdr, size_t phdr_cnt);
+static void dump_shdr(const elfobj *elf, const void *shdr, size_t shdr_cnt, const char *section_name);
+static void dump_dyn(const elfobj *elf, const void *dyn, size_t dyn_cnt);
 #if 0
-static void dump_sym(elfobj *elf, const void *sym);
-static void dump_rel(elfobj *elf, const void *rel);
-static void dump_rela(elfobj *elf, const void *rela);
+static void dump_sym(const elfobj *elf, const void *sym);
+static void dump_rel(const elfobj *elf, const void *rel);
+static void dump_rela(const elfobj *elf, const void *rela);
 #endif
-static void usage(int status);
-static void parseargs(int argc, char *argv[]);
 
 /* variables to control behavior */
 static char be_verbose = 0;
@@ -30,7 +28,7 @@ static char be_verbose = 0;
 static const void *phdr_dynamic_void;
 
 /* dump all internal elf info */
-static void dumpelf(elfobj *elf, size_t file_cnt)
+static void dumpelf(const elfobj *elf, size_t file_cnt)
 {
 	size_t i, b;
 
@@ -158,7 +156,7 @@ static void dumpelf_file(const char *filename, size_t file_cnt)
 	unreadelf(elf);
 }
 
-static void dump_ehdr(elfobj *elf, const void *ehdr_void)
+static void dump_ehdr(const elfobj *elf, const void *ehdr_void)
 {
 #define DUMP_EHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
@@ -208,7 +206,7 @@ static void dump_ehdr(elfobj *elf, const void *ehdr_void)
 	DUMP_EHDR(64)
 }
 
-static void dump_notes(elfobj *elf, size_t B, const void *memory, const void *memory_end)
+static void dump_notes(const elfobj *elf, size_t B, const void *memory, const void *memory_end)
 {
 	/* While normally we'd worry about Elf32_Nhdr vs Elf64_Nhdr, in the ELF
 	 * world, the two structs are exactly the same.  So avoid ugly CPP.
@@ -299,7 +297,7 @@ static const char *dump_p_flags(uint32_t type, uint32_t flags)
 
 	return buf + 3;
 }
-static void dump_phdr(elfobj *elf, const void *phdr_void, size_t phdr_cnt)
+static void dump_phdr(const elfobj *elf, const void *phdr_void, size_t phdr_cnt)
 {
 #define DUMP_PHDR(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \
@@ -356,7 +354,7 @@ static const char *timestamp(uint64_t stamp)
 	return buf;
 }
 
-static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const char *section_name)
+static void dump_shdr(const elfobj *elf, const void *shdr_void, size_t shdr_cnt, const char *section_name)
 {
 	size_t i;
 
@@ -488,7 +486,7 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const
 	DUMP_SHDR(64)
 }
 
-static void dump_dyn(elfobj *elf, const void *dyn_void, size_t dyn_cnt)
+static void dump_dyn(const elfobj *elf, const void *dyn_void, size_t dyn_cnt)
 {
 #define DUMP_DYN(B) \
 	if (elf->elf_class == ELFCLASS ## B) { \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-16 19:26 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-16 19:26 UTC (permalink / raw
  To: gentoo-commits

commit:     d56b0a6dd878cd451ee258844fd70c2099cd19bd
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  4 23:45:43 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 19:21:59 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d56b0a6d

fuzz: add basic framework for using libFuzzer

By itself, this commit doesn't do anything useful.  We have to update
each tool to hook into libFuzzer, so we'll do that in follow up commits.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 Makefile  | 20 +++++++++++++++++++-
 paxinc.h  |  6 ++++++
 porting.h |  5 +++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 8a54faf..8e7b183 100644
--- a/Makefile
+++ b/Makefile
@@ -102,12 +102,30 @@ debug: clean
 analyze: clean
 	scan-build $(MAKE) all
 
-fuzz: clean
+fuzz:
+	@echo "Pick a fuzzer backend:"
+	@echo "$$ make afl-fuzz"
+	@echo "$$ make libfuzzer"
+	@false
+
+afl-fuzz: clean
 	$(MAKE) AFL_HARDEN=1 CC=afl-gcc all
 	@rm -rf findings
 	@printf '\nNow run:\n%s\n' \
 		"afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@"
 
+# Not all objects support libfuzzer.
+LIBFUZZER_TARGETS =
+LIBFUZZER_FLAGS = \
+	-fsanitize=fuzzer \
+	-fsanitize-coverage=edge
+libfuzzer: clean
+	$(MAKE) \
+		CC="clang" \
+		CFLAGS="-g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS)) $(LIBFUZZER_FLAGS)" \
+		CPPFLAGS="-DPAX_UTILS_LIBFUZZ=1" \
+		$(LIBFUZZER_TARGETS)
+
 compile.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(CPPFLAGS-$<) -o $@ -c $<
 
 ifeq ($(V),)

diff --git a/paxinc.h b/paxinc.h
index 6d433b9..620ad68 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -108,6 +108,12 @@ const char *strfileperms(const char *fname);
 #define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size)))
 #define PTR_ALIGN_UP(base, size)   ((__typeof__(base))ALIGN_UP  ((uintptr_t)(base), (size)))
 
+/* Support for libFuzzer: http://llvm.org/docs/LibFuzzer.html */
+#if PAX_UTILS_LIBFUZZ
+int LLVMFuzzerInitialize(__unused__ int *argc, __unused__ char ***argv);
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+#endif
+
 /* helper functions for showing errors */
 extern const char *NORM, *RED, *YELLOW;
 void color_init(bool disable);

diff --git a/porting.h b/porting.h
index 17bbbbc..c4f5fc6 100644
--- a/porting.h
+++ b/porting.h
@@ -94,6 +94,11 @@
 # define PAX_UTILS_CLEANUP 0
 #endif
 
+/* Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html */
+#ifndef PAX_UTILS_LIBFUZZ
+# define PAX_UTILS_LIBFUZZ 0
+#endif
+
 /* Few arches can safely do unaligned accesses */
 #if defined(__cris__) || \
     defined(__i386__) || \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-17  0:38 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-17  0:38 UTC (permalink / raw
  To: gentoo-commits

commit:     707e6e290cf1c5b5b58d626c493e3c80b2acfd57
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Apr 16 22:39:46 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 22:39:46 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=707e6e29

paxldso: fix pointer style

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 paxldso.c | 2 +-
 paxldso.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/paxldso.c b/paxldso.c
index 150f490..ce7facd 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -460,7 +460,7 @@ void paxldso_cleanup(void)
 }
 #endif
 
-const char * ldcache_path = "/etc/ld.so.cache";
+const char *ldcache_path = "/etc/ld.so.cache";
 
 #ifdef MAIN
 

diff --git a/paxldso.h b/paxldso.h
index fb7d938..91c7eed 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -67,6 +67,6 @@ extern void paxldso_cleanup(void);
 #endif
 
 /* Path to ld.so.cache. Usually overridden for tests. */
-extern const char * ldcache_path;
+extern const char *ldcache_path;
 
 #endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-17  5:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-17  5:39 UTC (permalink / raw
  To: gentoo-commits

commit:     f5542c77d4d96cdebb7c45686515e06c4a8d17e5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 17 03:07:37 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Apr 17 04:24:04 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f5542c77

build: refresh autotools a bit

Shuffle macro order to try and fix a few warnings about being used
too early.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .gitignore   | 27 ++++++++++++++-------------
 configure.ac |  2 +-
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index 33f051f..553ea89 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,19 +20,20 @@ core
 .gdb_history
 .gdbinit
 
-aclocal.m4
-autom4te.cache
-build
-config.cache
-config.h
-config.h.in
-config.log
-config.status
-configure
-autotools
-libtool
-Makefile.in
-stamp-h1
+/aclocal.m4
+/autom4te.cache
+/autotools
+/build
+/config.cache
+/config.h
+/config.h.in
+/config.log
+/config.status
+/configure
+/INSTALL
+/libtool
+/Makefile.in
+/stamp-h1
 
 /dumpelf
 /lddtree

diff --git a/configure.ac b/configure.ac
index a22e11a..5ffd5ef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,10 +6,10 @@ AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm
 AC_CONFIG_HEADER([config.h])
 AC_CONFIG_MACRO_DIR([autotools/m4])
 
+AC_USE_SYSTEM_EXTENSIONS
 AC_PROG_CC_C99
 AM_PROG_CC_C_O
 AM_PROG_AR
-AC_USE_SYSTEM_EXTENSIONS
 LT_INIT
 PKG_PROG_PKG_CONFIG
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-17  5:39 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-17  5:39 UTC (permalink / raw
  To: gentoo-commits

commit:     24dd6026cab83b17bbf727feb07ced35fe75bb75
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 27 06:39:20 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Apr 17 04:56:53 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=24dd6026

security: pregen seccomp bpf programs

Since the bpf programs are the same across runs, generate it ahead of
time.  This way we don't have to link against libseccomp and run the
library calls at runtime which helps cut out most overhead.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .depend       |  23 ++++--
 .gitignore    |   1 +
 Makefile      |  24 +++---
 Makefile.am   |   2 +
 configure.ac  |   9 ++-
 porting.h     |   3 +
 seccomp-bpf.c | 255 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 seccomp-bpf.h | 226 +++++++++++++++++++++++++++++++++++++++++++++++++++
 security.c    | 214 ++++++------------------------------------------
 9 files changed, 549 insertions(+), 208 deletions(-)

diff --git a/.depend b/.depend
index 5371c1c..aab4f89 100644
--- a/.depend
+++ b/.depend
@@ -1,5 +1,18 @@
-scanelf.o: scanelf.c paxinc.h porting.h elf.h paxelf.h
-pspax.o: pspax.c paxinc.h porting.h elf.h paxelf.h
-dumpelf.o: dumpelf.c paxinc.h porting.h elf.h paxelf.h
-paxelf.o: paxelf.c paxinc.h porting.h elf.h paxelf.h
-paxinc.o: paxinc.c paxinc.h porting.h elf.h paxelf.h
+paxelf.o: paxelf.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+paxmacho.o: paxmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h
+paxinc.o: paxinc.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+security.o: security.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h seccomp-bpf.h
+xfuncs.o: xfuncs.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+scanelf.o: scanelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h
+dumpelf.o: dumpelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h
+pspax.o: pspax.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+scanmacho.o: scanmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h

diff --git a/.gitignore b/.gitignore
index 553ea89..a6bf3ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,6 +43,7 @@ core
 /pspax
 /scanelf
 /scanmacho
+/seccomp-bpf
 /symtree
 
 /man/*.1

diff --git a/Makefile b/Makefile
index 9a2c07c..bb6f167 100644
--- a/Makefile
+++ b/Makefile
@@ -52,11 +52,14 @@ ifeq ($(USE_DEBUG),yes)
 override CPPFLAGS += -DEBUG
 endif
 
-ifeq ($(USE_SECCOMP),yes)
+ifeq ($(BUILD_USE_SECCOMP),yes)
 LIBSECCOMP_CFLAGS := $(shell $(PKG_CONFIG) --cflags libseccomp)
 LIBSECCOMP_LIBS   := $(shell $(PKG_CONFIG) --libs libseccomp)
 override CPPFLAGS += $(LIBSECCOMP_CFLAGS) -DWANT_SECCOMP
-LIBS              += $(LIBSECCOMP_LIBS)
+LIBS-seccomp-bpf  += $(LIBSECCOMP_LIBS)
+endif
+ifeq ($(USE_SECCOMP),yes)
+override CPPFLAGS += -DWANT_SECCOMP
 endif
 
 ifdef PV
@@ -72,8 +75,10 @@ ELF_OBJS     = paxelf.o paxldso.o
 MACH_TARGETS = scanmacho
 MACH_OBJS    = paxmacho.o
 COMMON_OBJS  = paxinc.o security.o xfuncs.o
+BUILD_OBJS   = $(filter-out security.o,$(COMMON_OBJS))
 TARGETS      = $(ELF_TARGETS) $(MACH_TARGETS)
 TARGETS_OBJS = $(TARGETS:%=%.o)
+BUILD_TARGETS= seccomp-bpf
 SCRIPTS_SH   = lddtree symtree
 SCRIPTS_PY   = lddtree
 _OBJS        = $(ELF_OBJS) $(MACH_OBJS) $(COMMON_OBJS)
@@ -139,23 +144,24 @@ ifeq ($(V),)
 endif
 	$(Q)$(compile.c) $(WFLAGS)
 
-$(ELF_TARGETS): %: $(ELF_OBJS) $(COMMON_OBJS) %.o
-	$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
+LINK = $(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
 
-$(MACH_TARGETS): %: $(MACH_OBJS) $(COMMON_OBJS) %.o
-	$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
+$(BUILD_TARGETS): %: $(BUILD_OBJS) %.o; $(LINK)
+$(ELF_TARGETS): %: $(ELF_OBJS) $(COMMON_OBJS) %.o; $(LINK)
+$(MACH_TARGETS): %: $(MACH_OBJS) $(COMMON_OBJS) %.o; $(LINK)
 
 $(OBJS_TARGETS): %: $(_OBJS) %.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -DMAIN $(LDFLAGS) $(filter-out $@.o,$^) -o $@ $(LIBS) $(LIBS-$@)
 
-%.so: %.c
-	$(CC) -shared -fPIC -o $@ $<
+seccomp-bpf.h: seccomp-bpf.c
+	$(MAKE) BUILD_USE_SECCOMP=yes seccomp-bpf
+	./seccomp-bpf > $@
 
 depend:
 	$(CC) $(CFLAGS) -MM $(SOURCES) > .depend
 
 clean:
-	-rm -f $(OBJS) $(TARGETS) $(OBJS_TARGETS)
+	-rm -f $(OBJS) $(TARGETS) $(OBJS_TARGETS) $(BUILD_TARGETS)
 
 distclean: clean
 	-rm -f *~ core *.o

diff --git a/Makefile.am b/Makefile.am
index f369f86..748a7ca 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -92,6 +92,8 @@ EXTRA_DIST += \
 	pylint \
 	scanelf.c \
 	scanmacho.c \
+	seccomp-bpf.c \
+	seccomp-bpf.h \
 	security.c \
 	security.h \
 	symtree.sh \

diff --git a/configure.ac b/configure.ac
index 5ffd5ef..9b96090 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,9 +33,7 @@ AM_CONDITIONAL([USE_PYTHON], [test "x$with_python" = "xyes"])
 
 AC_ARG_WITH([seccomp], [AS_HELP_STRING([--with-seccomp], [build with seccomp])])
 AS_IF([test "x$with_seccomp" = "xyes"], [
-	PKG_CHECK_MODULES(LIBSECCOMP, libseccomp)
-	CPPFLAGS="$CPPFLAGS $LIBSECCOMP_CFLAGS -DWANT_SECCOMP"
-	LIBS="$LIBS $LIBSECCOMP_LIBS"
+	CPPFLAGS="$CPPFLAGS -DWANT_SECCOMP"
 ])
 
 AX_CFLAGS_WARN_ALL
@@ -62,7 +60,10 @@ m4_foreach_w([flag], [
 	AX_CHECK_COMPILE_FLAG(flag, AS_VAR_APPEND([CFLAGS], " flag"))
 ])
 
-AC_CHECK_HEADERS([linux/securebits.h])
+AC_CHECK_HEADERS_ONCE(m4_flatten([
+	linux/seccomp.h
+	linux/securebits.h
+]))
 
 AC_CONFIG_FILES([
 	Makefile

diff --git a/porting.h b/porting.h
index c4f5fc6..f1bd74f 100644
--- a/porting.h
+++ b/porting.h
@@ -46,6 +46,9 @@
 #endif
 #if defined(__linux__)
 # include <sys/prctl.h>
+# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECCOMP_H)
+#  include <linux/seccomp.h>
+# endif
 # if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECUREBITS_H)
 #  include <linux/securebits.h>
 # endif

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
new file mode 100644
index 0000000..d7246b1
--- /dev/null
+++ b/seccomp-bpf.c
@@ -0,0 +1,255 @@
+/*
+ * Generate the bpf rules ahead of time to speed up runtime.
+ *
+ * Copyright 2015 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+const char argv0[] = "seccomp-bpf";
+
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+
+#include <seccomp.h>
+
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
+
+static const struct {
+	const char *name;
+	uint32_t arch;
+	const char *ifdef;
+} gen_seccomp_arches[] = {
+#define A(arch, ifdef) { #arch, SCMP_ARCH_##arch, ifdef }
+	A(AARCH64,     "defined(__aarch64__)"),
+	A(ARM,         "defined(__arm__)"),
+	A(MIPS,        "defined(__mips__) && defined(__MIPSEB__) && defined(_ABIO32)"),
+	A(MIPS64,      "defined(__mips__) && defined(__MIPSEB__) && defined(_ABI64)"),
+	A(MIPS64N32,   "defined(__mips__) && defined(__MIPSEB__) && defined(_ABIN32)"),
+	A(MIPSEL,      "defined(__mips__) && defined(__MIPSEL__) && defined(_ABIO32)"),
+	A(MIPSEL64,    "defined(__mips__) && defined(__MIPSEL__) && defined(_ABI64)"),
+	A(MIPSEL64N32, "defined(__mips__) && defined(__MIPSEL__) && defined(_ABIN32)"),
+	A(PARISC,      "defined(__hppa__) && !defined(__hppa64__)"),
+	A(PARISC64,    "defined(__hppa__) &&  defined(__hppa64__)"),
+	A(PPC,         "defined(__powerpc__) && !defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)"),
+	A(PPC64,       "defined(__powerpc__) &&  defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)"),
+	A(PPC64LE,     "defined(__powerpc__) &&  defined(__powerpc64__) && !defined(__BIG_ENDIAN__)"),
+	A(RISCV64,     "defined(__riscv) && __riscv_xlen == 64"),
+	A(S390,        "defined(__s390__) && !defined(__s390x__)"),
+	A(S390X,       "defined(__s390__) &&  defined(__s390x__)"),
+	A(X86,         "defined(__i386__)"),
+	A(X32,         "defined(__x86_64__) &&  defined(__ILP32__)"),
+	A(X86_64,      "defined(__x86_64__) && !defined(__ILP32__)"),
+#undef A
+};
+
+/* Simple helper to add all of the syscalls in an array. */
+static int gen_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num)
+{
+	static uint8_t prio;
+	size_t i;
+	for (i = 0; i < num; ++i) {
+		if (seccomp_syscall_priority(ctx, syscalls[i], prio++) < 0) {
+			warn("seccomp_syscall_priority failed");
+			return -1;
+		}
+		if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) < 0) {
+			warn("seccomp_rule_add failed");
+			return -1;
+		}
+	}
+	return 0;
+}
+#define gen_seccomp_rules_add(ctx, syscalls) gen_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
+
+static void gen_seccomp_dump(scmp_filter_ctx ctx, const char *name)
+{
+	unsigned char buf[32768 * 8];
+	ssize_t i, len;
+	int fd;
+
+	fd = memfd_create("bpf", MFD_CLOEXEC);
+	if (fd < 0)
+		err(1, "memfd_create failed");
+	if (seccomp_export_bpf(ctx, fd) < 0)
+		err(1, "seccomp_export_bpf_mem failed");
+	if (lseek(fd, 0, SEEK_SET) != 0)
+		err(1, "seek failed");
+	len = read(fd, buf, sizeof(buf));
+	if (len <= 0)
+		err(1, "read failed");
+
+	printf("static const unsigned char seccomp_bpf_blks_%s[] = {\n\t", name);
+	for (i = 0; i < len; ++i)
+		printf("%u,", buf[i]);
+	printf("\n};\n");
+}
+
+static void gen_seccomp_program(const char *name)
+{
+	printf(
+		"static const seccomp_bpf_program_t seccomp_bpf_program_%s = {\n"
+		"	.cnt = sizeof(seccomp_bpf_blks_%s) / 8,\n"
+		"	.bpf = seccomp_bpf_blks_%s,\n"
+		"};\n", name, name, name);
+}
+
+int main(void)
+{
+	/* Order determines priority (first == lowest prio).  */
+	int base_syscalls[] = {
+		/* We write the most w/scanelf.  */
+		SCMP_SYS(write),
+
+		/* Then the stat family of functions.  */
+		SCMP_SYS(newfstatat),
+		SCMP_SYS(fstat),
+		SCMP_SYS(fstat64),
+		SCMP_SYS(fstatat64),
+		SCMP_SYS(lstat),
+		SCMP_SYS(lstat64),
+		SCMP_SYS(stat),
+		SCMP_SYS(stat64),
+		SCMP_SYS(statx),
+
+		/* Then the fd close func.  */
+		SCMP_SYS(close),
+
+		/* Then fd open family of functions.  */
+		SCMP_SYS(open),
+		SCMP_SYS(openat),
+
+		/* Then the memory mapping functions.  */
+		SCMP_SYS(mmap),
+		SCMP_SYS(mmap2),
+		SCMP_SYS(munmap),
+
+		/* Then the directory reading functions.  */
+		SCMP_SYS(getdents),
+		SCMP_SYS(getdents64),
+
+		/* Then the file reading functions.  */
+		SCMP_SYS(pread64),
+		SCMP_SYS(read),
+
+		/* Then the fd manipulation functions.  */
+		SCMP_SYS(fcntl),
+		SCMP_SYS(fcntl64),
+
+		/* After this point, just sort the list alphabetically.  */
+		SCMP_SYS(access),
+		SCMP_SYS(brk),
+		SCMP_SYS(capget),
+		SCMP_SYS(chdir),
+		SCMP_SYS(exit),
+		SCMP_SYS(exit_group),
+		SCMP_SYS(faccessat),
+#ifndef __SNR_faccessat2
+/* faccessat2 is not yet defined in libseccomp-2.5.1 */
+# define __SNR_faccessat2 __NR_faccessat2
+#endif
+		SCMP_SYS(faccessat2),
+		SCMP_SYS(fchdir),
+		SCMP_SYS(getpid),
+		SCMP_SYS(gettid),
+		SCMP_SYS(ioctl),
+		SCMP_SYS(lseek),
+		SCMP_SYS(_llseek),
+		SCMP_SYS(mprotect),
+
+		/* Syscalls listed because of sandbox.  */
+		SCMP_SYS(readlink),
+
+		/* Syscalls listed because of fakeroot.  */
+		SCMP_SYS(msgget),
+		SCMP_SYS(msgrcv),
+		SCMP_SYS(msgsnd),
+		SCMP_SYS(semget),
+		SCMP_SYS(semop),
+		SCMP_SYS(semtimedop),
+		/*
+		 * Some targets (e.g. ppc & i386) implement the above functions
+		 * as ipc() subcalls.  #675378
+		 */
+		SCMP_SYS(ipc),
+	};
+	int fork_syscalls[] = {
+		SCMP_SYS(clone),
+		SCMP_SYS(execve),
+		SCMP_SYS(fork),
+		SCMP_SYS(rt_sigaction),
+		SCMP_SYS(rt_sigprocmask),
+		SCMP_SYS(unshare),
+		SCMP_SYS(vfork),
+		SCMP_SYS(wait4),
+		SCMP_SYS(waitid),
+		SCMP_SYS(waitpid),
+	};
+
+	/* TODO: Handle debug and KILL vs TRAP. */
+
+	scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
+	if (!ctx)
+		err(1, "seccomp_init failed");
+
+	printf("/* AUTO GENERATED; see seccomp-bpf.c for details. */\n");
+	printf("#undef SECCOMP_BPF_AVAILABLE\n");
+
+	if (seccomp_arch_remove(ctx, seccomp_arch_native()) < 0)
+		err(1, "seccomp_arch_remove failed");
+
+	for (size_t i = 0; i < ARRAY_SIZE(gen_seccomp_arches); ++i) {
+		uint32_t arch = gen_seccomp_arches[i].arch;
+
+		seccomp_reset(ctx, SCMP_ACT_KILL);
+
+		if (arch != seccomp_arch_native()) {
+			if (seccomp_arch_remove(ctx, seccomp_arch_native()) < 0)
+				err(1, "seccomp_arch_remove failed");
+			if (seccomp_arch_add(ctx, arch) < 0)
+				err(1, "seccomp_arch_add failed");
+		}
+
+		printf("\n#if %s\n", gen_seccomp_arches[i].ifdef);
+		printf("/* %s */\n", gen_seccomp_arches[i].name);
+		printf("#define SECCOMP_BPF_AVAILABLE\n");
+
+		if (gen_seccomp_rules_add(ctx, base_syscalls) < 0)
+			err(1, "seccomp_rules_add failed");
+		gen_seccomp_dump(ctx, "base");
+
+		if (gen_seccomp_rules_add(ctx, fork_syscalls) < 0)
+			err(1, "seccomp_rules_add failed");
+		gen_seccomp_dump(ctx, "fork");
+
+		if (0) {
+			printf("/*\n");
+			fflush(stdout);
+			seccomp_export_pfc(ctx, 1);
+			fflush(stdout);
+			printf("*/\n");
+		}
+
+		printf("#endif\n");
+	}
+
+	printf(
+		"\n"
+		"#ifdef SECCOMP_BPF_AVAILABLE\n"
+		"typedef struct {\n"
+		"	uint16_t cnt;\n"
+		"	const void *bpf;\n"
+		"} seccomp_bpf_program_t;\n");
+	gen_seccomp_program("base");
+	gen_seccomp_program("fork");
+	printf("#endif\n");
+
+	seccomp_release(ctx);
+
+	return 0;
+}

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
new file mode 100644
index 0000000..dfb7716
--- /dev/null
+++ b/seccomp-bpf.h
@@ -0,0 +1,226 @@
+/* AUTO GENERATED; see seccomp-bpf.c for details. */
+#undef SECCOMP_BPF_AVAILABLE
+
+#if defined(__aarch64__)
+/* AARCH64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,33,183,0,0,192,32,0,0,0,0,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,183,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,95,0,0,0,21,0,36,0,4,1,0,0,21,0,35,0,97,0,0,0,21,0,34,0,135,0,0,0,21,0,33,0,134,0,0,0,21,0,32,0,221,0,0,0,21,0,31,0,220,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__arm__)
+/* ARM */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,44,40,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,56,1,0,0,21,0,40,0,42,1,0,0,21,0,39,0,43,1,0,0,21,0,38,0,45,1,0,0,21,0,37,0,46,1,0,0,21,0,36,0,47,1,0,0,21,0,35,0,85,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,140,0,0,0,21,0,32,0,19,0,0,0,21,0,31,0,54,0,0,0,21,0,30,0,224,0,0,0,21,0,29,0,20,0,0,0,21,0,28,0,133,0,0,0,21,0,27,0,183,1,0,0,21,0,26,0,78,1,0,0,21,0,25,0,248,0,0,0,21,0,24,0,1,0,0,0,21,0,23,0,12,0,0,0,21,0,22,0,184,0,0,0,21,0,21,0,45,0,0,0,21,0,20,0,33,0,0,0,21,0,19,0,221,0,0,0,21,0,18,0,55,0,0,0,21,0,17,0,3,0,0,0,21,0,16,0,180,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,141,0,0,0,21,0,13,0,91,0,0,0,21,0,12,0,192,0,0,0,21,0,11,0,66,1,0,0,21,0,10,0,5,0,0,0,21,0,9,0,6,0,0,0,21,0,8,0,141,1,0,0,21,0,7,0,195,0,0,0,21,0,6,0,106,0,0,0,21,0,5,0,196,0,0,0,21,0,4,0,107,0,0,0,21,0,3,0,71,1,0,0,21,0,2,0,197,0,0,0,21,0,1,0,108,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,53,40,0,0,64,32,0,0,0,0,0,0,0,21,0,50,0,24,1,0,0,21,0,49,0,114,0,0,0,21,0,48,0,190,0,0,0,21,0,47,0,81,1,0,0,21,0,46,0,175,0,0,0,21,0,45,0,174,0,0,0,21,0,44,0,2,0,0,0,21,0,43,0,11,0,0,0,21,0,42,0,120,0,0,0,21,0,41,0,56,1,0,0,21,0,40,0,42,1,0,0,21,0,39,0,43,1,0,0,21,0,38,0,45,1,0,0,21,0,37,0,46,1,0,0,21,0,36,0,47,1,0,0,21,0,35,0,85,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,140,0,0,0,21,0,32,0,19,0,0,0,21,0,31,0,54,0,0,0,21,0,30,0,224,0,0,0,21,0,29,0,20,0,0,0,21,0,28,0,133,0,0,0,21,0,27,0,183,1,0,0,21,0,26,0,78,1,0,0,21,0,25,0,248,0,0,0,21,0,24,0,1,0,0,0,21,0,23,0,12,0,0,0,21,0,22,0,184,0,0,0,21,0,21,0,45,0,0,0,21,0,20,0,33,0,0,0,21,0,19,0,221,0,0,0,21,0,18,0,55,0,0,0,21,0,17,0,3,0,0,0,21,0,16,0,180,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,141,0,0,0,21,0,13,0,91,0,0,0,21,0,12,0,192,0,0,0,21,0,11,0,66,1,0,0,21,0,10,0,5,0,0,0,21,0,9,0,6,0,0,0,21,0,8,0,141,1,0,0,21,0,7,0,195,0,0,0,21,0,6,0,106,0,0,0,21,0,5,0,196,0,0,0,21,0,4,0,107,0,0,0,21,0,3,0,71,1,0,0,21,0,2,0,197,0,0,0,2
 1,0,1,0,108,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABIO32)
+/* MIPS */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,44,0,0,0,8,0,32,0,0,0,0,0,0,0,21,41,0,0,0,16,21,0,21,40,0,0,0,17,41,0,21,39,0,0,0,17,48,0,21,38,0,0,0,17,49,0,21,37,0,0,0,17,47,0,21,36,0,0,0,15,245,0,21,35,0,0,0,16,29,0,21,34,0,0,0,16,44,0,21,33,0,0,0,15,179,0,21,32,0,0,0,15,214,0,21,31,0,0,0,16,126,0,21,30,0,0,0,15,180,0,21,29,0,0,0,16,37,0,21,28,0,0,0,17,87,0,21,27,0,0,0,16,204,0,21,26,0,0,0,16,150,0,21,25,0,0,0,15,161,0,21,24,0,0,0,15,172,0,21,23,0,0,0,16,108,0,21,22,0,0,0,15,205,0,21,21,0,0,0,15,193,0,21,20,0,0,0,16,124,0,21,19,0,0,0,15,215,0,21,18,0,0,0,15,163,0,21,17,0,0,0,16,104,0,21,16,0,0,0,16,123,0,21,15,0,0,0,16,45,0,21,14,0,0,0,15,251,0,21,13,0,0,0,16,114,0,21,12,0,0,0,15,250,0,21,11,0,0,0,16,192,0,21,10,0,0,0,15,165,0,21,9,0,0,0,15,166,0,21,8,0,0,0,17,14,0,21,7,0,0,0,16,117,0,21,6,0,0,0,16,10,0,21,5,0,0,0,16,118,0,21,4,0,0,0,16,11,0,21,3,0,0,0,16,197,0,21,2,0,0,0,16,119,0,21,1,0,0,0,16,12,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,53,0,0,0,8,0,32,0,0,0,0,0,0,0,21,50,0,0,0,15,167,0,21,49,0,0,0,16,182,0,21,48,0,0,0,16,18,0,21,47,0,0,0,16,207,0,21,46,0,0,0,16,99,0,21,45,0,0,0,16,98,0,21,44,0,0,0,15,162,0,21,43,0,0,0,15,171,0,21,42,0,0,0,16,24,0,21,41,0,0,0,16,21,0,21,40,0,0,0,17,41,0,21,39,0,0,0,17,48,0,21,38,0,0,0,17,49,0,21,37,0,0,0,17,47,0,21,36,0,0,0,15,245,0,21,35,0,0,0,16,29,0,21,34,0,0,0,16,44,0,21,33,0,0,0,15,179,0,21,32,0,0,0,15,214,0,21,31,0,0,0,16,126,0,21,30,0,0,0,15,180,0,21,29,0,0,0,16,37,0,21,28,0,0,0,17,87,0,21,27,0,0,0,16,204,0,21,26,0,0,0,16,150,0,21,25,0,0,0,15,161,0,21,24,0,0,0,15,172,0,21,23,0,0,0,16,108,0,21,22,0,0,0,15,205,0,21,21,0,0,0,15,193,0,21,20,0,0,0,16,124,0,21,19,0,0,0,15,215,0,21,18,0,0,0,15,163,0,21,17,0,0,0,16,104,0,21,16,0,0,0,16,123,0,21,15,0,0,0,16,45,0,21,14,0,0,0,15,251,0,21,13,0,0,0,16,114,0,21,12,0,0,0,15,250,0,21,11,0,0,0,16,192,0,21,10,0,0,0,15,165,0,21,9,0,0,0,15,166,0,21,8,0,0,0,17,14,0,21,7,0,0,0,16,117,0,21,6,0,0,0,16,10,0,21,5,0,0,0,16,118
 ,0,21,4,0,0,0,16,11,0,21,3,0,0,0,16,197,0,21,2,0,0,0,16,119,0,21,1,0,0,0,16,12,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABI64)
+/* MIPS64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,39,128,0,0,8,0,32,0,0,0,0,0,0,0,21,36,0,0,0,20,94,0,21,35,0,0,0,19,199,0,21,34,0,0,0,19,198,0,21,33,0,0,0,19,203,0,21,32,0,0,0,19,204,0,21,31,0,0,0,19,202,0,21,30,0,0,0,19,223,0,21,29,0,0,0,19,146,0,21,28,0,0,0,19,144,0,21,27,0,0,0,19,151,0,21,26,0,0,0,20,58,0,21,25,0,0,0,19,174,0,21,24,0,0,0,19,215,0,21,23,0,0,0,21,63,0,21,22,0,0,0,20,139,0,21,21,0,0,0,20,85,0,21,20,0,0,0,19,194,0,21,19,0,0,0,19,214,0,21,18,0,0,0,20,3,0,21,17,0,0,0,19,148,0,21,16,0,0,0,19,156,0,21,15,0,0,0,19,206,0,21,14,0,0,0,19,136,0,21,13,0,0,0,19,152,0,21,12,0,0,0,20,188,0,21,11,0,0,0,19,212,0,21,10,0,0,0,19,147,0,21,9,0,0,0,19,145,0,21,8,0,0,0,20,127,0,21,7,0,0,0,19,138,0,21,6,0,0,0,19,139,0,21,5,0,0,0,20,206,0,21,4,0,0,0,19,140,0,21,3,0,0,0,19,142,0,21,2,0,0,0,19,141,0,21,1,0,0,0,20,132,0,21,0,1,0,0,19,137,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,47,128,0,0,8,0,32,0,0,0,0,0,0,0,21,44,0,0,0,20,117,0,21,43,0,0,0,19,195,0,21,42,0,0,0,20,142,0,21,41,0,0,0,19,150,0,21,40,0,0,0,19,149,0,21,39,0,0,0,19,192,0,21,38,0,0,0,19,193,0,21,37,0,0,0,19,191,0,21,36,0,0,0,20,94,0,21,35,0,0,0,19,199,0,21,34,0,0,0,19,198,0,21,33,0,0,0,19,203,0,21,32,0,0,0,19,204,0,21,31,0,0,0,19,202,0,21,30,0,0,0,19,223,0,21,29,0,0,0,19,146,0,21,28,0,0,0,19,144,0,21,27,0,0,0,19,151,0,21,26,0,0,0,20,58,0,21,25,0,0,0,19,174,0,21,24,0,0,0,19,215,0,21,23,0,0,0,21,63,0,21,22,0,0,0,20,139,0,21,21,0,0,0,20,85,0,21,20,0,0,0,19,194,0,21,19,0,0,0,19,214,0,21,18,0,0,0,20,3,0,21,17,0,0,0,19,148,0,21,16,0,0,0,19,156,0,21,15,0,0,0,19,206,0,21,14,0,0,0,19,136,0,21,13,0,0,0,19,152,0,21,12,0,0,0,20,188,0,21,11,0,0,0,19,212,0,21,10,0,0,0,19,147,0,21,9,0,0,0,19,145,0,21,8,0,0,0,20,127,0,21,7,0,0,0,19,138,0,21,6,0,0,0,19,139,0,21,5,0,0,0,20,206,0,21,4,0,0,0,19,140,0,21,3,0,0,0,19,142,0,21,2,0,0,0,19,141,0,21,1,0,0,0,20,132,0,21,0,1,0,0,19,137,0,6,0,0,127,2
 55,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABIN32)
+/* MIPS64N32 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,40,160,0,0,8,0,32,0,0,0,0,0,0,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,23,190,0,21,27,0,0,0,23,235,0,21,26,0,0,0,23,124,0,21,25,0,0,0,23,132,0,21,24,0,0,0,24,68,0,21,23,0,0,0,23,182,0,21,22,0,0,0,23,112,0,21,21,0,0,0,23,128,0,21,20,0,0,0,24,155,0,21,19,0,0,0,23,188,0,21,18,0,0,0,23,123,0,21,17,0,0,0,23,121,0,21,16,0,0,0,24,107,0,21,15,0,0,0,23,114,0,21,14,0,0,0,23,115,0,21,13,0,0,0,24,186,0,21,12,0,0,0,23,116,0,21,11,0,0,0,23,118,0,21,10,0,0,0,23,117,0,21,9,0,0,0,24,112,0,21,8,0,0,0,23,113,0,21,7,0,0,0,24,71,0,21,6,0,0,0,23,175,0,21,5,0,0,0,23,174,0,21,4,0,0,0,23,179,0,21,3,0,0,0,23,180,0,21,2,0,0,0,23,178,0,21,1,0,0,0,23,199,0,21,0,1,0,0,23,122,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,48,160,0,0,8,0,32,0,0,0,0,0,0,0,21,45,0,0,0,23,120,0,21,44,0,0,0,23,127,0,21,43,0,0,0,24,34,0,21,42,0,0,0,23,150,0,21,41,0,0,0,23,191,0,21,40,0,0,0,25,39,0,21,39,0,0,0,24,119,0,21,38,0,0,0,24,61,0,21,37,0,0,0,23,170,0,21,36,0,0,0,23,190,0,21,35,0,0,0,23,235,0,21,34,0,0,0,23,124,0,21,33,0,0,0,23,132,0,21,32,0,0,0,24,68,0,21,31,0,0,0,23,182,0,21,30,0,0,0,23,112,0,21,29,0,0,0,23,128,0,21,28,0,0,0,24,155,0,21,27,0,0,0,23,188,0,21,26,0,0,0,23,123,0,21,25,0,0,0,23,121,0,21,24,0,0,0,24,107,0,21,23,0,0,0,23,114,0,21,22,0,0,0,23,115,0,21,21,0,0,0,24,186,0,21,20,0,0,0,23,116,0,21,19,0,0,0,23,118,0,21,18,0,0,0,23,117,0,21,17,0,0,0,24,112,0,21,16,0,0,0,23,113,0,21,15,0,0,0,24,97,0,21,14,0,0,0,23,171,0,21,13,0,0,0,24,122,0,21,12,0,0,0,23,126,0,21,11,0,0,0,23,125,0,21,10,0,0,0,23,168,0,21,9,0,0,0,23,169,0,21,8,0,0,0,23,167,0,21,7,0,0,0,24,71,0,21,6,0,0,0,23,175,0,21,5,0,0,0,23,174,0,21,4,0,0,0,23,179,0,21,3,0,0,0,23,180,0,21,2,0,0,0,23,178,0,21,1,0,0,0,23,199,0,21,0,1,0,0
 ,23,122,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABIO32)
+/* MIPSEL */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,44,8,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,21,16,0,0,21,0,40,0,41,17,0,0,21,0,39,0,48,17,0,0,21,0,38,0,49,17,0,0,21,0,37,0,47,17,0,0,21,0,36,0,245,15,0,0,21,0,35,0,29,16,0,0,21,0,34,0,44,16,0,0,21,0,33,0,179,15,0,0,21,0,32,0,214,15,0,0,21,0,31,0,126,16,0,0,21,0,30,0,180,15,0,0,21,0,29,0,37,16,0,0,21,0,28,0,87,17,0,0,21,0,27,0,204,16,0,0,21,0,26,0,150,16,0,0,21,0,25,0,161,15,0,0,21,0,24,0,172,15,0,0,21,0,23,0,108,16,0,0,21,0,22,0,205,15,0,0,21,0,21,0,193,15,0,0,21,0,20,0,124,16,0,0,21,0,19,0,215,15,0,0,21,0,18,0,163,15,0,0,21,0,17,0,104,16,0,0,21,0,16,0,123,16,0,0,21,0,15,0,45,16,0,0,21,0,14,0,251,15,0,0,21,0,13,0,114,16,0,0,21,0,12,0,250,15,0,0,21,0,11,0,192,16,0,0,21,0,10,0,165,15,0,0,21,0,9,0,166,15,0,0,21,0,8,0,14,17,0,0,21,0,7,0,117,16,0,0,21,0,6,0,10,16,0,0,21,0,5,0,118,16,0,0,21,0,4,0,11,16,0,0,21,0,3,0,197,16,0,0,21,0,2,0,119,16,0,0,21,0,1,0,12,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,53,8,0,0,64,32,0,0,0,0,0,0,0,21,0,50,0,167,15,0,0,21,0,49,0,182,16,0,0,21,0,48,0,18,16,0,0,21,0,47,0,207,16,0,0,21,0,46,0,99,16,0,0,21,0,45,0,98,16,0,0,21,0,44,0,162,15,0,0,21,0,43,0,171,15,0,0,21,0,42,0,24,16,0,0,21,0,41,0,21,16,0,0,21,0,40,0,41,17,0,0,21,0,39,0,48,17,0,0,21,0,38,0,49,17,0,0,21,0,37,0,47,17,0,0,21,0,36,0,245,15,0,0,21,0,35,0,29,16,0,0,21,0,34,0,44,16,0,0,21,0,33,0,179,15,0,0,21,0,32,0,214,15,0,0,21,0,31,0,126,16,0,0,21,0,30,0,180,15,0,0,21,0,29,0,37,16,0,0,21,0,28,0,87,17,0,0,21,0,27,0,204,16,0,0,21,0,26,0,150,16,0,0,21,0,25,0,161,15,0,0,21,0,24,0,172,15,0,0,21,0,23,0,108,16,0,0,21,0,22,0,205,15,0,0,21,0,21,0,193,15,0,0,21,0,20,0,124,16,0,0,21,0,19,0,215,15,0,0,21,0,18,0,163,15,0,0,21,0,17,0,104,16,0,0,21,0,16,0,123,16,0,0,21,0,15,0,45,16,0,0,21,0,14,0,251,15,0,0,21,0,13,0,114,16,0,0,21,0,12,0,250,15,0,0,21,0,11,0,192,16,0,0,21,0,10,0,165,15,0,0,21,0,9,0,166,15,0,0,21,0,8,0,14,17,0,0,21,0,7,0,117,16,0,0,21,0,6,0,10,16,0,0,21,0,5,0,118,16,0,
 0,21,0,4,0,11,16,0,0,21,0,3,0,197,16,0,0,21,0,2,0,119,16,0,0,21,0,1,0,12,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABI64)
+/* MIPSEL64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,39,8,0,0,192,32,0,0,0,0,0,0,0,21,0,36,0,94,20,0,0,21,0,35,0,199,19,0,0,21,0,34,0,198,19,0,0,21,0,33,0,203,19,0,0,21,0,32,0,204,19,0,0,21,0,31,0,202,19,0,0,21,0,30,0,223,19,0,0,21,0,29,0,146,19,0,0,21,0,28,0,144,19,0,0,21,0,27,0,151,19,0,0,21,0,26,0,58,20,0,0,21,0,25,0,174,19,0,0,21,0,24,0,215,19,0,0,21,0,23,0,63,21,0,0,21,0,22,0,139,20,0,0,21,0,21,0,85,20,0,0,21,0,20,0,194,19,0,0,21,0,19,0,214,19,0,0,21,0,18,0,3,20,0,0,21,0,17,0,148,19,0,0,21,0,16,0,156,19,0,0,21,0,15,0,206,19,0,0,21,0,14,0,136,19,0,0,21,0,13,0,152,19,0,0,21,0,12,0,188,20,0,0,21,0,11,0,212,19,0,0,21,0,10,0,147,19,0,0,21,0,9,0,145,19,0,0,21,0,8,0,127,20,0,0,21,0,7,0,138,19,0,0,21,0,6,0,139,19,0,0,21,0,5,0,206,20,0,0,21,0,4,0,140,19,0,0,21,0,3,0,142,19,0,0,21,0,2,0,141,19,0,0,21,0,1,0,132,20,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,47,8,0,0,192,32,0,0,0,0,0,0,0,21,0,44,0,117,20,0,0,21,0,43,0,195,19,0,0,21,0,42,0,142,20,0,0,21,0,41,0,150,19,0,0,21,0,40,0,149,19,0,0,21,0,39,0,192,19,0,0,21,0,38,0,193,19,0,0,21,0,37,0,191,19,0,0,21,0,36,0,94,20,0,0,21,0,35,0,199,19,0,0,21,0,34,0,198,19,0,0,21,0,33,0,203,19,0,0,21,0,32,0,204,19,0,0,21,0,31,0,202,19,0,0,21,0,30,0,223,19,0,0,21,0,29,0,146,19,0,0,21,0,28,0,144,19,0,0,21,0,27,0,151,19,0,0,21,0,26,0,58,20,0,0,21,0,25,0,174,19,0,0,21,0,24,0,215,19,0,0,21,0,23,0,63,21,0,0,21,0,22,0,139,20,0,0,21,0,21,0,85,20,0,0,21,0,20,0,194,19,0,0,21,0,19,0,214,19,0,0,21,0,18,0,3,20,0,0,21,0,17,0,148,19,0,0,21,0,16,0,156,19,0,0,21,0,15,0,206,19,0,0,21,0,14,0,136,19,0,0,21,0,13,0,152,19,0,0,21,0,12,0,188,20,0,0,21,0,11,0,212,19,0,0,21,0,10,0,147,19,0,0,21,0,9,0,145,19,0,0,21,0,8,0,127,20,0,0,21,0,7,0,138,19,0,0,21,0,6,0,139,19,0,0,21,0,5,0,206,20,0,0,21,0,4,0,140,19,0,0,21,0,3,0,142,19,0,0,21,0,2,0,141,19,0,0,21,0,1,0,132,20,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,2
 55,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABIN32)
+/* MIPSEL64N32 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,8,0,0,224,32,0,0,0,0,0,0,0,21,0,37,0,71,24,0,0,21,0,36,0,175,23,0,0,21,0,35,0,174,23,0,0,21,0,34,0,179,23,0,0,21,0,33,0,180,23,0,0,21,0,32,0,178,23,0,0,21,0,31,0,199,23,0,0,21,0,30,0,122,23,0,0,21,0,29,0,120,23,0,0,21,0,28,0,127,23,0,0,21,0,27,0,34,24,0,0,21,0,26,0,150,23,0,0,21,0,25,0,191,23,0,0,21,0,24,0,39,25,0,0,21,0,23,0,119,24,0,0,21,0,22,0,61,24,0,0,21,0,21,0,170,23,0,0,21,0,20,0,190,23,0,0,21,0,19,0,235,23,0,0,21,0,18,0,124,23,0,0,21,0,17,0,132,23,0,0,21,0,16,0,68,24,0,0,21,0,15,0,182,23,0,0,21,0,14,0,112,23,0,0,21,0,13,0,128,23,0,0,21,0,12,0,155,24,0,0,21,0,11,0,188,23,0,0,21,0,10,0,123,23,0,0,21,0,9,0,121,23,0,0,21,0,8,0,107,24,0,0,21,0,7,0,114,23,0,0,21,0,6,0,115,23,0,0,21,0,5,0,186,24,0,0,21,0,4,0,116,23,0,0,21,0,3,0,118,23,0,0,21,0,2,0,117,23,0,0,21,0,1,0,112,24,0,0,21,0,0,1,113,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,48,8,0,0,224,32,0,0,0,0,0,0,0,21,0,45,0,97,24,0,0,21,0,44,0,171,23,0,0,21,0,43,0,122,24,0,0,21,0,42,0,126,23,0,0,21,0,41,0,125,23,0,0,21,0,40,0,168,23,0,0,21,0,39,0,169,23,0,0,21,0,38,0,167,23,0,0,21,0,37,0,71,24,0,0,21,0,36,0,175,23,0,0,21,0,35,0,174,23,0,0,21,0,34,0,179,23,0,0,21,0,33,0,180,23,0,0,21,0,32,0,178,23,0,0,21,0,31,0,199,23,0,0,21,0,30,0,122,23,0,0,21,0,29,0,120,23,0,0,21,0,28,0,127,23,0,0,21,0,27,0,34,24,0,0,21,0,26,0,150,23,0,0,21,0,25,0,191,23,0,0,21,0,24,0,39,25,0,0,21,0,23,0,119,24,0,0,21,0,22,0,61,24,0,0,21,0,21,0,170,23,0,0,21,0,20,0,190,23,0,0,21,0,19,0,235,23,0,0,21,0,18,0,124,23,0,0,21,0,17,0,132,23,0,0,21,0,16,0,68,24,0,0,21,0,15,0,182,23,0,0,21,0,14,0,112,23,0,0,21,0,13,0,128,23,0,0,21,0,12,0,155,24,0,0,21,0,11,0,188,23,0,0,21,0,10,0,123,23,0,0,21,0,9,0,121,23,0,0,21,0,8,0,107,24,0,0,21,0,7,0,114,23,0,0,21,0,6,0,115,23,0,0,21,0,5,0,186,24,0,0,21,0,4,0,116,23,0,0,21,0,3,0,118,23,0,0,21,0,2,0,117,23,0,0,21,0,1,0,112,24,0,0,21,0,0,1,113
 ,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__hppa__) && !defined(__hppa64__)
+/* PARISC */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,45,0,0,0,15,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,228,0,21,41,0,0,0,0,185,0,21,40,0,0,0,0,186,0,21,39,0,0,0,0,188,0,21,38,0,0,0,0,189,0,21,37,0,0,0,0,190,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,206,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,31,0,21,26,0,0,0,0,222,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,202,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,108,0,21,16,0,0,0,0,201,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,89,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,19,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,93,0,21,7,0,0,0,0,101,0,21,6,0,0,0,0,18,0,21,5,0,0,0,0,198,0,21,4,0,0,0,0,84,0,21,3,0,0,0,1,24,0,21,2,0,0,0,0,112,0,21,1,0,0,0,0,28,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,15,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,7,0,21,51,0,0,0,0,235,0,21,50,0,0,0,0,114,0,21,49,0,0,0,0,113,0,21,48,0,0,0,1,32,0,21,47,0,0,0,0,175,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,2,0,21,44,0,0,0,0,11,0,21,43,0,0,0,0,120,0,21,42,0,0,0,0,228,0,21,41,0,0,0,0,185,0,21,40,0,0,0,0,186,0,21,39,0,0,0,0,188,0,21,38,0,0,0,0,189,0,21,37,0,0,0,0,190,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,206,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,31,0,21,26,0,0,0,0,222,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,202,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,108,0,21,16,0,0,0,0,201,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,89,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,19,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,93,0,21,7,0,0,0,0,101,0,21,6,0,0,0,0,18,0,21,5,0,0,0,0,198,0,21,4,0,0,0,0,84
 ,0,21,3,0,0,0,1,24,0,21,2,0,0,0,0,112,0,21,1,0,0,0,0,28,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__hppa__) &&  defined(__hppa64__)
+/* PARISC64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,45,128,0,0,15,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,141,0,21,41,0,0,0,0,91,0,21,40,0,0,0,0,89,0,21,39,0,0,0,0,90,0,21,38,0,0,0,1,19,0,21,37,0,0,0,0,5,0,21,36,0,0,0,0,6,0,21,35,0,0,0,1,93,0,21,34,0,0,0,0,101,0,21,33,0,0,0,0,18,0,21,32,0,0,0,0,198,0,21,31,0,0,0,0,84,0,21,30,0,0,0,1,24,0,21,29,0,0,0,0,112,0,21,28,0,0,0,0,28,0,21,27,0,0,0,0,4,0,21,26,0,0,0,0,228,0,21,25,0,0,0,0,185,0,21,24,0,0,0,0,186,0,21,23,0,0,0,0,188,0,21,22,0,0,0,0,189,0,21,21,0,0,0,0,190,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,125,0,21,18,0,0,0,0,140,0,21,17,0,0,0,0,19,0,21,16,0,0,0,0,54,0,21,15,0,0,0,0,206,0,21,14,0,0,0,0,20,0,21,13,0,0,0,0,133,0,21,12,0,0,0,1,183,0,21,11,0,0,0,1,31,0,21,10,0,0,0,0,222,0,21,9,0,0,0,0,1,0,21,8,0,0,0,0,12,0,21,7,0,0,0,0,106,0,21,6,0,0,0,0,45,0,21,5,0,0,0,0,33,0,21,4,0,0,0,0,202,0,21,3,0,0,0,0,55,0,21,2,0,0,0,0,3,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,201,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,55,128,0,0,15,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,141,0,21,51,0,0,0,0,91,0,21,50,0,0,0,0,89,0,21,49,0,0,0,0,90,0,21,48,0,0,0,1,19,0,21,47,0,0,0,0,5,0,21,46,0,0,0,0,6,0,21,45,0,0,0,1,93,0,21,44,0,0,0,0,101,0,21,43,0,0,0,0,18,0,21,42,0,0,0,0,198,0,21,41,0,0,0,0,84,0,21,40,0,0,0,1,24,0,21,39,0,0,0,0,112,0,21,38,0,0,0,0,28,0,21,37,0,0,0,0,4,0,21,36,0,0,0,0,7,0,21,35,0,0,0,0,235,0,21,34,0,0,0,0,114,0,21,33,0,0,0,0,113,0,21,32,0,0,0,1,32,0,21,31,0,0,0,0,175,0,21,30,0,0,0,0,174,0,21,29,0,0,0,0,2,0,21,28,0,0,0,0,11,0,21,27,0,0,0,0,120,0,21,26,0,0,0,0,228,0,21,25,0,0,0,0,185,0,21,24,0,0,0,0,186,0,21,23,0,0,0,0,188,0,21,22,0,0,0,0,189,0,21,21,0,0,0,0,190,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,125,0,21,18,0,0,0,0,140,0,21,17,0,0,0,0,19,0,21,16,0,0,0,0,54,0,21,15,0,0,0,0,206,0,21,14,0,0,0,0,20,0,21,13,0,0,0,0,133,0,21,12,0,0,0,1,183,0,21,11,0,0,0,1,31,0,21,10,0,0,0,0,222,0,21,9,0,0,0,0,1,0,21,8,0,0,0,0,12,0,21,7,0,0,0,0,106,0,21,6,0,0,0,0,45,0,21,5,0,0,0,0,33,0,21,4,0,0,0,0,20
 2,0,21,3,0,0,0,0,55,0,21,2,0,0,0,0,3,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,201,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__powerpc__) && !defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)
+/* PPC */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,44,0,0,0,20,0,32,0,0,0,0,0,0,0,21,41,0,0,0,0,117,0,21,40,0,0,0,1,137,0,21,39,0,0,0,1,144,0,21,38,0,0,0,1,145,0,21,37,0,0,0,1,143,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,204,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,179,0,21,16,0,0,0,0,202,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,192,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,195,0,21,6,0,0,0,0,106,0,21,5,0,0,0,0,196,0,21,4,0,0,0,0,107,0,21,3,0,0,0,1,35,0,21,2,0,0,0,0,197,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,54,0,0,0,20,0,32,0,0,0,0,0,0,0,21,51,0,0,0,0,7,0,21,50,0,0,0,1,16,0,21,49,0,0,0,0,114,0,21,48,0,0,0,0,189,0,21,47,0,0,0,1,26,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,173,0,21,44,0,0,0,0,2,0,21,43,0,0,0,0,11,0,21,42,0,0,0,0,120,0,21,41,0,0,0,0,117,0,21,40,0,0,0,1,137,0,21,39,0,0,0,1,144,0,21,38,0,0,0,1,145,0,21,37,0,0,0,1,143,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,204,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,179,0,21,16,0,0,0,0,202,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,192,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,195,0,21,6,0,0,0,0,106,0,21,5,0,0,0,0,196,0,21,4,0,0,0,0,107,0,21,3,0,0,0,1,3
 5,0,21,2,0,0,0,0,197,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__powerpc__) &&  defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)
+/* PPC64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,40,128,0,0,21,0,32,0,0,0,0,0,0,0,21,37,0,0,0,0,117,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,179,0,21,17,0,0,0,0,202,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,30,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,127,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,21,0,32,0,0,0,0,0,0,0,21,47,0,0,0,0,7,0,21,46,0,0,0,1,16,0,21,45,0,0,0,0,114,0,21,44,0,0,0,0,189,0,21,43,0,0,0,1,26,0,21,42,0,0,0,0,174,0,21,41,0,0,0,0,173,0,21,40,0,0,0,0,2,0,21,39,0,0,0,0,11,0,21,38,0,0,0,0,120,0,21,37,0,0,0,0,117,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,179,0,21,17,0,0,0,0,202,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,30,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,127,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0
 ,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__powerpc__) &&  defined(__powerpc64__) && !defined(__BIG_ENDIAN__)
+/* PPC64LE */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,21,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,117,0,0,0,21,0,36,0,85,0,0,0,21,0,35,0,125,0,0,0,21,0,34,0,140,0,0,0,21,0,33,0,19,0,0,0,21,0,32,0,54,0,0,0,21,0,31,0,207,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,133,0,0,0,21,0,28,0,183,1,0,0,21,0,27,0,42,1,0,0,21,0,26,0,234,0,0,0,21,0,25,0,1,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,183,0,0,0,21,0,22,0,45,0,0,0,21,0,21,0,33,0,0,0,21,0,20,0,55,0,0,0,21,0,19,0,3,0,0,0,21,0,18,0,179,0,0,0,21,0,17,0,202,0,0,0,21,0,16,0,141,0,0,0,21,0,15,0,91,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,30,1,0,0,21,0,12,0,5,0,0,0,21,0,11,0,6,0,0,0,21,0,10,0,127,1,0,0,21,0,9,0,106,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,108,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,50,21,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,7,0,0,0,21,0,46,0,16,1,0,0,21,0,45,0,114,0,0,0,21,0,44,0,189,0,0,0,21,0,43,0,26,1,0,0,21,0,42,0,174,0,0,0,21,0,41,0,173,0,0,0,21,0,40,0,2,0,0,0,21,0,39,0,11,0,0,0,21,0,38,0,120,0,0,0,21,0,37,0,117,0,0,0,21,0,36,0,85,0,0,0,21,0,35,0,125,0,0,0,21,0,34,0,140,0,0,0,21,0,33,0,19,0,0,0,21,0,32,0,54,0,0,0,21,0,31,0,207,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,133,0,0,0,21,0,28,0,183,1,0,0,21,0,27,0,42,1,0,0,21,0,26,0,234,0,0,0,21,0,25,0,1,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,183,0,0,0,21,0,22,0,45,0,0,0,21,0,21,0,33,0,0,0,21,0,20,0,55,0,0,0,21,0,19,0,3,0,0,0,21,0,18,0,179,0,0,0,21,0,17,0,202,0,0,0,21,0,16,0,141,0,0,0,21,0,15,0,91,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,30,1,0,0,21,0,12,0,5,0,0,0,21,0,11,0,6,0,0,0,21,0,10,0,127,1,0,0,21,0,9,0,106,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,108,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6
 ,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__riscv) && __riscv_xlen == 64
+/* RISCV64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,33,243,0,0,192,32,0,0,0,0,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,243,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,4,1,0,0,21,0,36,0,97,0,0,0,21,0,35,0,135,0,0,0,21,0,34,0,134,0,0,0,21,0,33,0,221,0,0,0,21,0,32,0,220,0,0,0,21,0,31,0,192,0,0,0,21,0,30,0,193,0,0,0,21,0,29,0,190,0,0,0,21,0,28,0,189,0,0,0,21,0,27,0,188,0,0,0,21,0,26,0,186,0,0,0,21,0,25,0,226,0,0,0,21,0,24,0,62,0,0,0,21,0,23,0,29,0,0,0,21,0,22,0,178,0,0,0,21,0,21,0,172,0,0,0,21,0,20,0,50,0,0,0,21,0,19,0,183,1,0,0,21,0,18,0,48,0,0,0,21,0,17,0,94,0,0,0,21,0,16,0,93,0,0,0,21,0,15,0,49,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,214,0,0,0,21,0,12,0,25,0,0,0,21,0,11,0,63,0,0,0,21,0,10,0,67,0,0,0,21,0,9,0,61,0,0,0,21,0,8,0,215,0,0,0,21,0,7,0,222,0,0,0,21,0,6,0,56,0,0,0,21,0,5,0,57,0,0,0,21,0,4,0,35,1,0,0,21,0,3,0,80,0,0,0,21,0,2,0,79,0,0,0,21,0,1,0,64,0,0,0,21,0,0,1,95,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__s390__) && !defined(__s390x__)
+/* S390 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,45,0,0,0,22,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,117,0,21,41,0,0,0,0,85,0,21,40,0,0,0,0,125,0,21,39,0,0,0,0,140,0,21,38,0,0,0,0,19,0,21,37,0,0,0,0,54,0,21,36,0,0,0,0,236,0,21,35,0,0,0,0,20,0,21,34,0,0,0,0,133,0,21,33,0,0,0,1,183,0,21,32,0,0,0,1,44,0,21,31,0,0,0,0,248,0,21,30,0,0,0,0,1,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,184,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,221,0,21,24,0,0,0,0,55,0,21,23,0,0,0,0,3,0,21,22,0,0,0,0,180,0,21,21,0,0,0,0,220,0,21,20,0,0,0,0,141,0,21,19,0,0,0,0,91,0,21,18,0,0,0,0,192,0,21,17,0,0,0,0,90,0,21,16,0,0,0,1,32,0,21,15,0,0,0,0,5,0,21,14,0,0,0,0,6,0,21,13,0,0,0,1,123,0,21,12,0,0,0,0,195,0,21,11,0,0,0,0,106,0,21,10,0,0,0,0,196,0,21,9,0,0,0,0,107,0,21,8,0,0,0,1,37,0,21,7,0,0,0,0,197,0,21,6,0,0,0,0,108,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,54,0,0,0,22,0,32,0,0,0,0,0,0,0,21,51,0,0,0,1,25,0,21,50,0,0,0,0,114,0,21,49,0,0,0,0,190,0,21,48,0,0,0,1,47,0,21,47,0,0,0,0,175,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,2,0,21,44,0,0,0,0,11,0,21,43,0,0,0,0,120,0,21,42,0,0,0,0,117,0,21,41,0,0,0,0,85,0,21,40,0,0,0,0,125,0,21,39,0,0,0,0,140,0,21,38,0,0,0,0,19,0,21,37,0,0,0,0,54,0,21,36,0,0,0,0,236,0,21,35,0,0,0,0,20,0,21,34,0,0,0,0,133,0,21,33,0,0,0,1,183,0,21,32,0,0,0,1,44,0,21,31,0,0,0,0,248,0,21,30,0,0,0,0,1,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,184,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,221,0,21,24,0,0,0,0,55,0,21,23,0,0,0,0,3,0,21,22,0,0,0,0,180,0,21,21,0,0,0,0,220,0,21,20,0,0,0,0,141,0,21,19,0,0,0,0,91,0,21,18,0,0,0,0,192,0,21,17,0,0,0,0,90,0,21,16,0,0,0,1,32,0,21,15,0,0,0,0,5,0,21,14,0,0,0,0,6,0,21,13,0,0,0,1,123,0,21,12,0,0,0,0,195,0,21,11,0,0,0,0,106,0,21,10,0,0,0,0,196,0,21,9,0,0,0,0,107,0,21,8,0,0,0,1,37,0,21,7,0,0,0,0,197,0,21,6,0,0,0,0,108,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,13
 7,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__s390__) &&  defined(__s390x__)
+/* S390X */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,39,128,0,0,22,0,32,0,0,0,0,0,0,0,21,36,0,0,0,0,117,0,21,35,0,0,0,0,85,0,21,34,0,0,0,0,125,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,236,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,44,0,21,26,0,0,0,0,248,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,184,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,180,0,21,17,0,0,0,0,220,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,32,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,123,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,37,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,48,128,0,0,22,0,32,0,0,0,0,0,0,0,21,45,0,0,0,1,25,0,21,44,0,0,0,0,114,0,21,43,0,0,0,0,190,0,21,42,0,0,0,1,47,0,21,41,0,0,0,0,175,0,21,40,0,0,0,0,174,0,21,39,0,0,0,0,2,0,21,38,0,0,0,0,11,0,21,37,0,0,0,0,120,0,21,36,0,0,0,0,117,0,21,35,0,0,0,0,85,0,21,34,0,0,0,0,125,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,236,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,44,0,21,26,0,0,0,0,248,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,184,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,180,0,21,17,0,0,0,0,220,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,32,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,123,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,37,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__i386__)
+/* X86 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,44,3,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,117,0,0,0,21,0,40,0,85,0,0,0,21,0,39,0,125,0,0,0,21,0,38,0,140,0,0,0,21,0,37,0,19,0,0,0,21,0,36,0,54,0,0,0,21,0,35,0,224,0,0,0,21,0,34,0,20,0,0,0,21,0,33,0,133,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,51,1,0,0,21,0,30,0,252,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,180,0,0,0,21,0,20,0,220,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,192,0,0,0,21,0,16,0,90,0,0,0,21,0,15,0,39,1,0,0,21,0,14,0,5,0,0,0,21,0,13,0,6,0,0,0,21,0,12,0,127,1,0,0,21,0,11,0,195,0,0,0,21,0,10,0,106,0,0,0,21,0,9,0,196,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,44,1,0,0,21,0,6,0,197,0,0,0,21,0,5,0,108,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,54,3,0,0,64,32,0,0,0,0,0,0,0,21,0,51,0,7,0,0,0,21,0,50,0,28,1,0,0,21,0,49,0,114,0,0,0,21,0,48,0,190,0,0,0,21,0,47,0,54,1,0,0,21,0,46,0,175,0,0,0,21,0,45,0,174,0,0,0,21,0,44,0,2,0,0,0,21,0,43,0,11,0,0,0,21,0,42,0,120,0,0,0,21,0,41,0,117,0,0,0,21,0,40,0,85,0,0,0,21,0,39,0,125,0,0,0,21,0,38,0,140,0,0,0,21,0,37,0,19,0,0,0,21,0,36,0,54,0,0,0,21,0,35,0,224,0,0,0,21,0,34,0,20,0,0,0,21,0,33,0,133,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,51,1,0,0,21,0,30,0,252,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,180,0,0,0,21,0,20,0,220,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,192,0,0,0,21,0,16,0,90,0,0,0,21,0,15,0,39,1,0,0,21,0,14,0,5,0,0,0,21,0,13,0,6,0,0,0,21,0,12,0,127,1,0,0,21,0,11,0,195,0,0,0,21,0,10,0,106,0,0,0,21,0,9,0,196,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,44,1,0,0,21,0,6,0,197,0,0,0,21,0,5,0,108,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,
 21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__x86_64__) &&  defined(__ILP32__)
+/* X32 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,38,0,0,0,64,21,0,36,0,220,0,0,64,21,0,35,0,65,0,0,64,21,0,34,0,64,0,0,64,21,0,33,0,69,0,0,64,21,0,32,0,70,0,0,64,21,0,31,0,68,0,0,64,21,0,30,0,89,0,0,64,21,0,29,0,10,0,0,64,21,0,28,0,8,0,0,64,21,0,27,0,2,2,0,64,21,0,26,0,186,0,0,64,21,0,25,0,39,0,0,64,21,0,24,0,81,0,0,64,21,0,23,0,183,1,0,64,21,0,22,0,13,1,0,64,21,0,21,0,231,0,0,64,21,0,20,0,60,0,0,64,21,0,19,0,80,0,0,64,21,0,18,0,125,0,0,64,21,0,17,0,12,0,0,64,21,0,16,0,21,0,0,64,21,0,15,0,72,0,0,64,21,0,14,0,0,0,0,64,21,0,13,0,17,0,0,64,21,0,12,0,217,0,0,64,21,0,11,0,78,0,0,64,21,0,10,0,11,0,0,64,21,0,9,0,9,0,0,64,21,0,8,0,1,1,0,64,21,0,7,0,2,0,0,64,21,0,6,0,3,0,0,64,21,0,5,0,76,1,0,64,21,0,4,0,4,0,0,64,21,0,3,0,6,0,0,64,21,0,2,0,5,0,0,64,21,0,1,0,6,1,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,49,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,47,0,0,0,64,21,0,45,0,17,2,0,64,21,0,44,0,61,0,0,64,21,0,43,0,58,0,0,64,21,0,42,0,16,1,0,64,21,0,41,0,14,0,0,64,21,0,40,0,0,2,0,64,21,0,39,0,57,0,0,64,21,0,38,0,8,2,0,64,21,0,37,0,56,0,0,64,21,0,36,0,220,0,0,64,21,0,35,0,65,0,0,64,21,0,34,0,64,0,0,64,21,0,33,0,69,0,0,64,21,0,32,0,70,0,0,64,21,0,31,0,68,0,0,64,21,0,30,0,89,0,0,64,21,0,29,0,10,0,0,64,21,0,28,0,8,0,0,64,21,0,27,0,2,2,0,64,21,0,26,0,186,0,0,64,21,0,25,0,39,0,0,64,21,0,24,0,81,0,0,64,21,0,23,0,183,1,0,64,21,0,22,0,13,1,0,64,21,0,21,0,231,0,0,64,21,0,20,0,60,0,0,64,21,0,19,0,80,0,0,64,21,0,18,0,125,0,0,64,21,0,17,0,12,0,0,64,21,0,16,0,21,0,0,64,21,0,15,0,72,0,0,64,21,0,14,0,0,0,0,64,21,0,13,0,17,0,0,64,21,0,12,0,217,0,0,64,21,0,11,0,78,0,0,64,21,0,10,0,11,0,0,64,21,0,9,0,9,0,0,64,21,0,8,0,1,1,0,64,21,0,7,0,2,0,0,64,21,0,6,0,3,0,0,64,21,0,5,0,76,1,0,64,21,0,4,0,4,0,0,64,21,0,3,0,6,0,0,64,21,0,2,0,5,0,0,64,21,0,1,0,6,1,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,
 6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__x86_64__) && !defined(__ILP32__)
+/* X86_64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,41,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,38,255,255,255,255,21,0,36,0,16,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,39,0,0,0,21,0,33,0,81,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,13,1,0,0,21,0,30,0,231,0,0,0,21,0,29,0,60,0,0,0,21,0,28,0,80,0,0,0,21,0,27,0,125,0,0,0,21,0,26,0,12,0,0,0,21,0,25,0,21,0,0,0,21,0,24,0,72,0,0,0,21,0,23,0,0,0,0,0,21,0,22,0,17,0,0,0,21,0,21,0,217,0,0,0,21,0,20,0,78,0,0,0,21,0,19,0,11,0,0,0,21,0,18,0,9,0,0,0,21,0,17,0,1,1,0,0,21,0,16,0,2,0,0,0,21,0,15,0,3,0,0,0,21,0,14,0,76,1,0,0,21,0,13,0,4,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,5,0,0,0,21,0,10,0,6,1,0,0,21,0,9,0,1,0,0,0,21,0,8,0,220,0,0,0,21,0,7,0,65,0,0,0,21,0,6,0,64,0,0,0,21,0,5,0,69,0,0,0,21,0,4,0,70,0,0,0,21,0,3,0,68,0,0,0,21,0,2,0,89,0,0,0,21,0,1,0,10,0,0,0,21,0,0,1,8,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,50,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,47,255,255,255,255,21,0,45,0,16,0,0,0,21,0,44,0,186,0,0,0,21,0,43,0,39,0,0,0,21,0,42,0,81,0,0,0,21,0,41,0,183,1,0,0,21,0,40,0,13,1,0,0,21,0,39,0,231,0,0,0,21,0,38,0,60,0,0,0,21,0,37,0,80,0,0,0,21,0,36,0,125,0,0,0,21,0,35,0,12,0,0,0,21,0,34,0,21,0,0,0,21,0,33,0,72,0,0,0,21,0,32,0,0,0,0,0,21,0,31,0,17,0,0,0,21,0,30,0,217,0,0,0,21,0,29,0,78,0,0,0,21,0,28,0,11,0,0,0,21,0,27,0,9,0,0,0,21,0,26,0,1,1,0,0,21,0,25,0,2,0,0,0,21,0,24,0,3,0,0,0,21,0,23,0,76,1,0,0,21,0,22,0,4,0,0,0,21,0,21,0,6,0,0,0,21,0,20,0,5,0,0,0,21,0,19,0,6,1,0,0,21,0,18,0,1,0,0,0,21,0,17,0,247,0,0,0,21,0,16,0,61,0,0,0,21,0,15,0,58,0,0,0,21,0,14,0,16,1,0,0,21,0,13,0,14,0,0,0,21,0,12,0,13,0,0,0,21,0,11,0,57,0,0,0,21,0,10,0,59,0,0,0,21,0,9,0,56,0,0,0,21,0,8,0,220,0,0,0,21,0,7,0,65,0,0,0,21,0,6,0,64,0,0,0,21,0,5,0,69,0,0,0,21,0,4,0,70,0,0,0,21,0,3,0,68,0,0,0,21,0,2,0,89,0,0,0,21,0,1,0,10,0,0,0,21,0,0,1,8,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#ifdef SECCOMP_BPF_AVAILABLE
+typedef struct {
+	uint16_t cnt;
+	const void *bpf;
+} seccomp_bpf_program_t;
+static const seccomp_bpf_program_t seccomp_bpf_program_base = {
+	.cnt = sizeof(seccomp_bpf_blks_base) / 8,
+	.bpf = seccomp_bpf_blks_base,
+};
+static const seccomp_bpf_program_t seccomp_bpf_program_fork = {
+	.cnt = sizeof(seccomp_bpf_blks_fork) / 8,
+	.bpf = seccomp_bpf_blks_fork,
+};
+#endif

diff --git a/security.c b/security.c
index 802e586..4fecfa3 100644
--- a/security.c
+++ b/security.c
@@ -6,6 +6,7 @@
  */
 
 #include "paxinc.h"
+#include "seccomp-bpf.h"
 
 #ifdef __linux__
 
@@ -26,202 +27,23 @@
 #define CLONE_NEWUTS 0
 #endif
 
+#ifndef PR_SET_SECCOMP
+#define PR_SET_SECCOMP 22
+#endif
+#ifndef SECCOMP_MODE_FILTER
+#define SECCOMP_MODE_FILTER 2
+#endif
+
 #ifdef __SANITIZE_ADDRESS__
 /* ASAN does some weird stuff. */
 # define ALLOW_PIDNS 0
+# undef WANT_SECCOMP
 #else
 # define ALLOW_PIDNS 1
 #endif
 
-#ifdef WANT_SECCOMP
-# include <seccomp.h>
-
-/* Simple helper to add all of the syscalls in an array. */
-static int pax_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num)
-{
-	static uint8_t prio;
-	size_t i;
-	for (i = 0; i < num; ++i) {
-		if (syscalls[i] < 0)
-			continue;
-
-		if (seccomp_syscall_priority(ctx, syscalls[i], prio++) < 0) {
-			warnp("seccomp_syscall_priority failed");
-			return -1;
-		}
-		if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) < 0) {
-			warnp("seccomp_rule_add failed");
-			return -1;
-		}
-	}
-	return 0;
-}
-#define pax_seccomp_rules_add(ctx, syscalls) pax_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
-
-static void
-pax_seccomp_sigal(__unused__ int signo, siginfo_t *info, __unused__ void *context)
-{
-#ifdef si_syscall
-	warn("seccomp violated: syscall %i", info->si_syscall);
-	fflush(stderr);
-	warn("  syscall = %s",
-		seccomp_syscall_resolve_num_arch(seccomp_arch_native(), info->si_syscall));
-	fflush(stderr);
-#else
-	warn("seccomp violated: syscall unknown (no si_syscall)");
-#endif
-	kill(getpid(), SIGSYS);
-	_exit(1);
-}
-
-static void pax_seccomp_signal_init(void)
-{
-	struct sigaction act;
-	sigemptyset(&act.sa_mask);
-	act.sa_sigaction = pax_seccomp_sigal,
-	act.sa_flags = SA_SIGINFO | SA_RESETHAND;
-	sigaction(SIGSYS, &act, NULL);
-}
-
-static void pax_seccomp_init(bool allow_forking)
-{
-	/* Order determines priority (first == lowest prio).  */
-	int base_syscalls[] = {
-		/* We write the most w/scanelf.  */
-		SCMP_SYS(write),
-		SCMP_SYS(writev),
-		SCMP_SYS(pwrite64),
-		SCMP_SYS(pwritev),
-
-		/* Then the stat family of functions.  */
-		SCMP_SYS(newfstatat),
-		SCMP_SYS(fstat),
-		SCMP_SYS(fstat64),
-		SCMP_SYS(fstatat64),
-		SCMP_SYS(lstat),
-		SCMP_SYS(lstat64),
-		SCMP_SYS(stat),
-		SCMP_SYS(stat64),
-		SCMP_SYS(statx),
-
-		/* Then the fd close func.  */
-		SCMP_SYS(close),
-
-		/* Then fd open family of functions.  */
-		SCMP_SYS(open),
-		SCMP_SYS(openat),
-
-		/* Then the memory mapping functions.  */
-		SCMP_SYS(mmap),
-		SCMP_SYS(mmap2),
-		SCMP_SYS(munmap),
-
-		/* Then the directory reading functions.  */
-		SCMP_SYS(getdents),
-		SCMP_SYS(getdents64),
-
-		/* Then the file reading functions.  */
-		SCMP_SYS(pread64),
-		SCMP_SYS(read),
-		SCMP_SYS(readv),
-		SCMP_SYS(preadv),
-
-		/* Then the fd manipulation functions.  */
-		SCMP_SYS(fcntl),
-		SCMP_SYS(fcntl64),
-
-		/* After this point, just sort the list alphabetically.  */
-		SCMP_SYS(access),
-		SCMP_SYS(brk),
-		SCMP_SYS(capget),
-		SCMP_SYS(chdir),
-		SCMP_SYS(dup),
-		SCMP_SYS(dup2),
-		SCMP_SYS(dup3),
-		SCMP_SYS(exit),
-		SCMP_SYS(exit_group),
-		SCMP_SYS(faccessat),
-		SCMP_SYS(fchdir),
-		SCMP_SYS(getpid),
-		SCMP_SYS(gettid),
-		SCMP_SYS(ioctl),
-		SCMP_SYS(lseek),
-		SCMP_SYS(_llseek),
-		SCMP_SYS(mprotect),
-
-		/* Syscalls listed because of compiler settings.  */
-		SCMP_SYS(futex),
-
-		/* Syscalls listed because of sandbox.  */
-		SCMP_SYS(readlink),
-		SCMP_SYS(readlinkat),
-		SCMP_SYS(getcwd),
-		#ifndef __SNR_faccessat2
-		/* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */
-		#    define __SNR_faccessat2 __NR_faccessat2
-		#endif
-		SCMP_SYS(faccessat2),
-
-		/* Syscalls listed because of fakeroot.  */
-		SCMP_SYS(msgget),
-		SCMP_SYS(msgrcv),
-		SCMP_SYS(msgsnd),
-		SCMP_SYS(semget),
-		SCMP_SYS(semop),
-		SCMP_SYS(semtimedop),
-		/*
-		 * Some targets like ppc and i386 implement the above
-		 * syscall as subcalls via ipc() syscall.
-		 * https://bugs.gentoo.org/675378
-		 */
-		SCMP_SYS(ipc),
-	};
-	int fork_syscalls[] = {
-		SCMP_SYS(clone),
-		SCMP_SYS(execve),
-		SCMP_SYS(fork),
-		SCMP_SYS(rt_sigaction),
-		SCMP_SYS(rt_sigprocmask),
-		SCMP_SYS(unshare),
-		SCMP_SYS(vfork),
-		SCMP_SYS(wait4),
-		SCMP_SYS(waitid),
-		SCMP_SYS(waitpid),
-	};
-	scmp_filter_ctx ctx = seccomp_init(USE_DEBUG ? SCMP_ACT_TRAP : SCMP_ACT_KILL);
-	if (!ctx) {
-		warnp("seccomp_init failed");
-		return;
-	}
-
-	if (pax_seccomp_rules_add(ctx, base_syscalls) < 0)
-		goto done;
-
-	if (allow_forking)
-		if (pax_seccomp_rules_add(ctx, fork_syscalls) < 0)
-			goto done;
-
-	/* We already called prctl. */
-	seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
-
-	if (USE_DEBUG)
-		pax_seccomp_signal_init();
-
-#ifndef __SANITIZE_ADDRESS__
-	/* ASAN does some weird stuff. */
-	if (seccomp_load(ctx) < 0) {
-		/* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */
-		if (errno != EINVAL)
-			warnp("seccomp_load failed");
-	}
-#endif
-
- done:
-	seccomp_release(ctx);
-}
-
-#else
-# define pax_seccomp_init(allow_forking)
+#ifndef SECCOMP_BPF_AVAILABLE
+# undef WANT_SECCOMP
 #endif
 
 static int ns_unshare(int flags)
@@ -308,7 +130,19 @@ void security_init(bool allow_forking)
 				_exit(0);
 	}
 
-	pax_seccomp_init(allow_forking);
+#ifdef WANT_SECCOMP
+	{
+	int ret;
+
+	if (allow_forking)
+		ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &seccomp_bpf_program_fork);
+	else
+		ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &seccomp_bpf_program_base);
+
+	if (ret)
+		warn("enabling seccomp failed");
+	}
+#endif
 }
 
 #endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-18 18:29 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-18 18:29 UTC (permalink / raw
  To: gentoo-commits

commit:     9a5ca4976b17d1ef8210ca6323020d5050b4d374
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 18 18:28:17 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Apr 18 18:28:17 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9a5ca497

security: restore syscalls accidentally dropped

The original precompile work was done against an old version of
pax-utils and I forgot to resync the list before finalizing.
Restore all the syscalls that were in here before.

Bug: https://bugs.gentoo.org/783459
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 seccomp-bpf.c | 13 ++++++++++
 seccomp-bpf.h | 76 +++++++++++++++++++++++++++++------------------------------
 2 files changed, 51 insertions(+), 38 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index d7246b1..f69e5ce 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -105,6 +105,9 @@ int main(void)
 	int base_syscalls[] = {
 		/* We write the most w/scanelf.  */
 		SCMP_SYS(write),
+		SCMP_SYS(writev),
+		SCMP_SYS(pwrite64),
+		SCMP_SYS(pwritev),
 
 		/* Then the stat family of functions.  */
 		SCMP_SYS(newfstatat),
@@ -136,6 +139,8 @@ int main(void)
 		/* Then the file reading functions.  */
 		SCMP_SYS(pread64),
 		SCMP_SYS(read),
+		SCMP_SYS(readv),
+		SCMP_SYS(preadv),
 
 		/* Then the fd manipulation functions.  */
 		SCMP_SYS(fcntl),
@@ -146,6 +151,9 @@ int main(void)
 		SCMP_SYS(brk),
 		SCMP_SYS(capget),
 		SCMP_SYS(chdir),
+		SCMP_SYS(dup),
+		SCMP_SYS(dup2),
+		SCMP_SYS(dup3),
 		SCMP_SYS(exit),
 		SCMP_SYS(exit_group),
 		SCMP_SYS(faccessat),
@@ -162,8 +170,13 @@ int main(void)
 		SCMP_SYS(_llseek),
 		SCMP_SYS(mprotect),
 
+		/* Syscalls listed because of compiler settings.  */
+		SCMP_SYS(futex),
+
 		/* Syscalls listed because of sandbox.  */
 		SCMP_SYS(readlink),
+		SCMP_SYS(readlinkat),
+		SCMP_SYS(getcwd),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index dfb7716..5966bd5 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -5,10 +5,10 @@
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,33,183,0,0,192,32,0,0,0,0,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,40,183,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,95,0,0,0,21,0,36,0,4,1,0,0,21,0,35,0,97,0,0,0,21,0,34,0,135,0,0,0,21,0,33,0,134,0,0,0,21,0,32,0,221,0,0,0,21,0,31,0,220,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
 0,0,0,0,0,0,0,
 };
 #endif
 
@@ -16,10 +16,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* ARM */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,44,40,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,56,1,0,0,21,0,40,0,42,1,0,0,21,0,39,0,43,1,0,0,21,0,38,0,45,1,0,0,21,0,37,0,46,1,0,0,21,0,36,0,47,1,0,0,21,0,35,0,85,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,140,0,0,0,21,0,32,0,19,0,0,0,21,0,31,0,54,0,0,0,21,0,30,0,224,0,0,0,21,0,29,0,20,0,0,0,21,0,28,0,133,0,0,0,21,0,27,0,183,1,0,0,21,0,26,0,78,1,0,0,21,0,25,0,248,0,0,0,21,0,24,0,1,0,0,0,21,0,23,0,12,0,0,0,21,0,22,0,184,0,0,0,21,0,21,0,45,0,0,0,21,0,20,0,33,0,0,0,21,0,19,0,221,0,0,0,21,0,18,0,55,0,0,0,21,0,17,0,3,0,0,0,21,0,16,0,180,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,141,0,0,0,21,0,13,0,91,0,0,0,21,0,12,0,192,0,0,0,21,0,11,0,66,1,0,0,21,0,10,0,5,0,0,0,21,0,9,0,6,0,0,0,21,0,8,0,141,1,0,0,21,0,7,0,195,0,0,0,21,0,6,0,106,0,0,0,21,0,5,0,196,0,0,0,21,0,4,0,107,0,0,0,21,0,3,0,71,1,0,0,21,0,2,0,197,0,0,0,21,0,1,0,108,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,55,40,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0
 ,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,53,40,0,0,64,32,0,0,0,0,0,0,0,21,0,50,0,24,1,0,0,21,0,49,0,114,0,0,0,21,0,48,0,190,0,0,0,21,0,47,0,81,1,0,0,21,0,46,0,175,0,0,0,21,0,45,0,174,0,0,0,21,0,44,0,2,0,0,0,21,0,43,0,11,0,0,0,21,0,42,0,120,0,0,0,21,0,41,0,56,1,0,0,21,0,40,0,42,1,0,0,21,0,39,0,43,1,0,0,21,0,38,0,45,1,0,0,21,0,37,0,46,1,0,0,21,0,36,0,47,1,0,0,21,0,35,0,85,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,140,0,0,0,21,0,32,0,19,0,0,0,21,0,31,0,54,0,0,0,21,0,30,0,224,0,0,0,21,0,29,0,20,0,0,0,21,0,28,0,133,0,0,0,21,0,27,0,183,1,0,0,21,0,26,0,78,1,0,0,21,0,25,0,248,0,0,0,21,0,24,0,1,0,0,0,21,0,23,0,12,0,0,0,21,0,22,0,184,0,0,0,21,0,21,0,45,0,0,0,21,0,20,0,33,0,0,0,21,0,19,0,221,0,0,0,21,0,18,0,55,0,0,0,21,0,17,0,3,0,0,0,21,0,16,0,180,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,141,0,0,0,21,0,13,0,91,0,0,0,21,0,12,0,192,0,0,0,21,0,11,0,66,1,0,0,21,0,10,0,5,0,0,0,21,0,9,0,6,0,0,0,21,0,8,0,141,1,0,0,21,0,7,0,195,0,0,0,21,0,6,0,106,0,0,0,21,0,5,0,196,0,0,0,21,0,4,0,107,0,0,0,21,0,3,0,71,1,0,0,21,0,2,0,197,0,0,0,2
 1,0,1,0,108,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,64,40,0,0,64,32,0,0,0,0,0,0,0,21,0,61,0,24,1,0,0,21,0,60,0,114,0,0,0,21,0,59,0,190,0,0,0,21,0,58,0,81,1,0,0,21,0,57,0,175,0,0,0,21,0,56,0,174,0,0,0,21,0,55,0,2,0,0,0,21,0,54,0,11,0,0,0,21,0,53,0,120,0,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5
 ,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -27,10 +27,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,44,0,0,0,8,0,32,0,0,0,0,0,0,0,21,41,0,0,0,16,21,0,21,40,0,0,0,17,41,0,21,39,0,0,0,17,48,0,21,38,0,0,0,17,49,0,21,37,0,0,0,17,47,0,21,36,0,0,0,15,245,0,21,35,0,0,0,16,29,0,21,34,0,0,0,16,44,0,21,33,0,0,0,15,179,0,21,32,0,0,0,15,214,0,21,31,0,0,0,16,126,0,21,30,0,0,0,15,180,0,21,29,0,0,0,16,37,0,21,28,0,0,0,17,87,0,21,27,0,0,0,16,204,0,21,26,0,0,0,16,150,0,21,25,0,0,0,15,161,0,21,24,0,0,0,15,172,0,21,23,0,0,0,16,108,0,21,22,0,0,0,15,205,0,21,21,0,0,0,15,193,0,21,20,0,0,0,16,124,0,21,19,0,0,0,15,215,0,21,18,0,0,0,15,163,0,21,17,0,0,0,16,104,0,21,16,0,0,0,16,123,0,21,15,0,0,0,16,45,0,21,14,0,0,0,15,251,0,21,13,0,0,0,16,114,0,21,12,0,0,0,15,250,0,21,11,0,0,0,16,192,0,21,10,0,0,0,15,165,0,21,9,0,0,0,15,166,0,21,8,0,0,0,17,14,0,21,7,0,0,0,16,117,0,21,6,0,0,0,16,10,0,21,5,0,0,0,16,118,0,21,4,0,0,0,16,11,0,21,3,0,0,0,16,197,0,21,2,0,0,0,16,119,0,21,1,0,0,0,16,12,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,8,0,32,0,0,0,0,0,0,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,1
 6,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,53,0,0,0,8,0,32,0,0,0,0,0,0,0,21,50,0,0,0,15,167,0,21,49,0,0,0,16,182,0,21,48,0,0,0,16,18,0,21,47,0,0,0,16,207,0,21,46,0,0,0,16,99,0,21,45,0,0,0,16,98,0,21,44,0,0,0,15,162,0,21,43,0,0,0,15,171,0,21,42,0,0,0,16,24,0,21,41,0,0,0,16,21,0,21,40,0,0,0,17,41,0,21,39,0,0,0,17,48,0,21,38,0,0,0,17,49,0,21,37,0,0,0,17,47,0,21,36,0,0,0,15,245,0,21,35,0,0,0,16,29,0,21,34,0,0,0,16,44,0,21,33,0,0,0,15,179,0,21,32,0,0,0,15,214,0,21,31,0,0,0,16,126,0,21,30,0,0,0,15,180,0,21,29,0,0,0,16,37,0,21,28,0,0,0,17,87,0,21,27,0,0,0,16,204,0,21,26,0,0,0,16,150,0,21,25,0,0,0,15,161,0,21,24,0,0,0,15,172,0,21,23,0,0,0,16,108,0,21,22,0,0,0,15,205,0,21,21,0,0,0,15,193,0,21,20,0,0,0,16,124,0,21,19,0,0,0,15,215,0,21,18,0,0,0,15,163,0,21,17,0,0,0,16,104,0,21,16,0,0,0,16,123,0,21,15,0,0,0,16,45,0,21,14,0,0,0,15,251,0,21,13,0,0,0,16,114,0,21,12,0,0,0,15,250,0,21,11,0,0,0,16,192,0,21,10,0,0,0,15,165,0,21,9,0,0,0,15,166,0,21,8,0,0,0,17,14,0,21,7,0,0,0,16,117,0,21,6,0,0,0,16,10,0,21,5,0,0,0,16,118
 ,0,21,4,0,0,0,16,11,0,21,3,0,0,0,16,197,0,21,2,0,0,0,16,119,0,21,1,0,0,0,16,12,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,64,0,0,0,8,0,32,0,0,0,0,0,0,0,21,61,0,0,0,15,167,0,21,60,0,0,0,16,182,0,21,59,0,0,0,16,18,0,21,58,0,0,0,16,207,0,21,57,0,0,0,16,99,0,21,56,0,0,0,16,98,0,21,55,0,0,0,15,162,0,21,54,0,0,0,15,171,0,21,53,0,0,0,16,24,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,
 16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -38,10 +38,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,39,128,0,0,8,0,32,0,0,0,0,0,0,0,21,36,0,0,0,20,94,0,21,35,0,0,0,19,199,0,21,34,0,0,0,19,198,0,21,33,0,0,0,19,203,0,21,32,0,0,0,19,204,0,21,31,0,0,0,19,202,0,21,30,0,0,0,19,223,0,21,29,0,0,0,19,146,0,21,28,0,0,0,19,144,0,21,27,0,0,0,19,151,0,21,26,0,0,0,20,58,0,21,25,0,0,0,19,174,0,21,24,0,0,0,19,215,0,21,23,0,0,0,21,63,0,21,22,0,0,0,20,139,0,21,21,0,0,0,20,85,0,21,20,0,0,0,19,194,0,21,19,0,0,0,19,214,0,21,18,0,0,0,20,3,0,21,17,0,0,0,19,148,0,21,16,0,0,0,19,156,0,21,15,0,0,0,19,206,0,21,14,0,0,0,19,136,0,21,13,0,0,0,19,152,0,21,12,0,0,0,20,188,0,21,11,0,0,0,19,212,0,21,10,0,0,0,19,147,0,21,9,0,0,0,19,145,0,21,8,0,0,0,20,127,0,21,7,0,0,0,19,138,0,21,6,0,0,0,19,139,0,21,5,0,0,0,20,206,0,21,4,0,0,0,19,140,0,21,3,0,0,0,19,142,0,21,2,0,0,0,19,141,0,21,1,0,0,0,20,132,0,21,0,1,0,0,19,137,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,8,0,32,0,0,0,0,0,0,0,21,47,0,0,0,20,94,0,21,46,0,0,0,19,199,0,21,45,0,0,0,19,198,0,21,44,0,0,0,19,203,0,21,43,0,0,0,19,204,0,21,42,0,0,0,19,202,0,21,41,0,0,0,19,213,0,21,40,0,0,0,20,137,0,21,39,0,0,0,19,223,0,21,38,0,0,0,20,74,0,21,37,0,0,0,19,146,0,21,36,0,0,0,19,144,0,21,35,0,0,0,19,151,0,21,34,0,0,0,20,58,0,21,33,0,0,0,19,174,0,21,32,0,0,0,19,215,0,21,31,0,0,0,21,63,0,21,30,0,0,0,20,139,0,21,29,0,0,0,20,85,0,21,28,0,0,0,19,194,0,21,27,0,0,0,20,166,0,21,26,0,0,0,19,168,0,21,25,0,0,0,19,167,0,21,24,0,0,0,19,214,0,21,23,0,0,0,20,3,0,21,22,0,0,0,19,148,0,21,21,0,0,0,19,156,0,21,20,0,0,0,19,206,0,21,19,0,0,0,20,169,0,21,18,0,0,0,19,154,0,21,17,0,0,0,19,136,0,21,16,0,0,0,19,152,0,21,15,0,0,0,20,188,0,21,14,0,0,0,19,212,0,21,13,0,0,0,19,147,0,21,12,0,0,0,19,145,0,21,11,0,0,0,20,127,0,21,10,0,0,0,19,138,0,21,9,0,0,0,19,139,0,21,8,0,0,0,20,206,0,21,7,0,0,0,19,140,0,21,6,0,0,0,19,142,0,21,5,0,0,0,19,141,0,21,4,0,0,0,20,132,0,21,3,0,0,0,20,170,0,21,2,0,0,
 0,19,153,0,21,1,0,0,0,19,155,0,21,0,1,0,0,19,137,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,47,128,0,0,8,0,32,0,0,0,0,0,0,0,21,44,0,0,0,20,117,0,21,43,0,0,0,19,195,0,21,42,0,0,0,20,142,0,21,41,0,0,0,19,150,0,21,40,0,0,0,19,149,0,21,39,0,0,0,19,192,0,21,38,0,0,0,19,193,0,21,37,0,0,0,19,191,0,21,36,0,0,0,20,94,0,21,35,0,0,0,19,199,0,21,34,0,0,0,19,198,0,21,33,0,0,0,19,203,0,21,32,0,0,0,19,204,0,21,31,0,0,0,19,202,0,21,30,0,0,0,19,223,0,21,29,0,0,0,19,146,0,21,28,0,0,0,19,144,0,21,27,0,0,0,19,151,0,21,26,0,0,0,20,58,0,21,25,0,0,0,19,174,0,21,24,0,0,0,19,215,0,21,23,0,0,0,21,63,0,21,22,0,0,0,20,139,0,21,21,0,0,0,20,85,0,21,20,0,0,0,19,194,0,21,19,0,0,0,19,214,0,21,18,0,0,0,20,3,0,21,17,0,0,0,19,148,0,21,16,0,0,0,19,156,0,21,15,0,0,0,19,206,0,21,14,0,0,0,19,136,0,21,13,0,0,0,19,152,0,21,12,0,0,0,20,188,0,21,11,0,0,0,19,212,0,21,10,0,0,0,19,147,0,21,9,0,0,0,19,145,0,21,8,0,0,0,20,127,0,21,7,0,0,0,19,138,0,21,6,0,0,0,19,139,0,21,5,0,0,0,20,206,0,21,4,0,0,0,19,140,0,21,3,0,0,0,19,142,0,21,2,0,0,0,19,141,0,21,1,0,0,0,20,132,0,21,0,1,0,0,19,137,0,6,0,0,127,2
 55,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,58,128,0,0,8,0,32,0,0,0,0,0,0,0,21,55,0,0,0,19,193,0,21,54,0,0,0,19,191,0,21,53,0,0,0,20,94,0,21,52,0,0,0,19,199,0,21,51,0,0,0,19,198,0,21,50,0,0,0,19,203,0,21,49,0,0,0,19,204,0,21,48,0,0,0,19,202,0,21,47,0,0,0,19,213,0,21,46,0,0,0,20,137,0,21,45,0,0,0,19,223,0,21,44,0,0,0,20,74,0,21,43,0,0,0,19,146,0,21,42,0,0,0,19,144,0,21,41,0,0,0,19,151,0,21,40,0,0,0,20,58,0,21,39,0,0,0,19,174,0,21,38,0,0,0,19,215,0,21,37,0,0,0,21,63,0,21,36,0,0,0,20,139,0,21,35,0,0,0,20,85,0,21,34,0,0,0,19,194,0,21,33,0,0,0,20,166,0,21,32,0,0,0,19,168,0,21,31,0,0,0,19,167,0,21,30,0,0,0,19,214,0,21,29,0,0,0,20,3,0,21,28,0,0,0,19,148,0,21,27,0,0,0,19,156,0,21,26,0,0,0,19,206,0,21,25,0,0,0,20,169,0,21,24,0,0,0,19,154,0,21,23,0,0,0,19,136,0,21,22,0,0,0,19,152,0,21,21,0,0,0,20,188,0,21,20,0,0,0,19,212,0,21,19,0,0,0,19,147,0,21,18,0,0,0,19,145,0,21,17,0,0,0,20,127,0,21,16,0,0,0,19,138,0,21,15,0,0,0,19,139,0,21,14,0,0,0,20,206,0,21,13,0,0,0,19,140,0,21,12,0,0,0,19,142,0,21,11,0,0,0,19,141,0,21
 ,10,0,0,0,20,132,0,21,9,0,0,0,20,170,0,21,8,0,0,0,19,153,0,21,7,0,0,0,19,155,0,21,6,0,0,0,19,137,0,21,5,0,0,0,20,117,0,21,4,0,0,0,19,195,0,21,3,0,0,0,20,142,0,21,2,0,0,0,19,150,0,21,1,0,0,0,19,149,0,21,0,1,0,0,19,192,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -49,10 +49,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,40,160,0,0,8,0,32,0,0,0,0,0,0,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,23,190,0,21,27,0,0,0,23,235,0,21,26,0,0,0,23,124,0,21,25,0,0,0,23,132,0,21,24,0,0,0,24,68,0,21,23,0,0,0,23,182,0,21,22,0,0,0,23,112,0,21,21,0,0,0,23,128,0,21,20,0,0,0,24,155,0,21,19,0,0,0,23,188,0,21,18,0,0,0,23,123,0,21,17,0,0,0,23,121,0,21,16,0,0,0,24,107,0,21,15,0,0,0,23,114,0,21,14,0,0,0,23,115,0,21,13,0,0,0,24,186,0,21,12,0,0,0,23,116,0,21,11,0,0,0,23,118,0,21,10,0,0,0,23,117,0,21,9,0,0,0,24,112,0,21,8,0,0,0,23,113,0,21,7,0,0,0,24,71,0,21,6,0,0,0,23,175,0,21,5,0,0,0,23,174,0,21,4,0,0,0,23,179,0,21,3,0,0,0,23,180,0,21,2,0,0,0,23,178,0,21,1,0,0,0,23,199,0,21,0,1,0,0,23,122,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,51,160,0,0,8,0,32,0,0,0,0,0,0,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,
 0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,48,160,0,0,8,0,32,0,0,0,0,0,0,0,21,45,0,0,0,23,120,0,21,44,0,0,0,23,127,0,21,43,0,0,0,24,34,0,21,42,0,0,0,23,150,0,21,41,0,0,0,23,191,0,21,40,0,0,0,25,39,0,21,39,0,0,0,24,119,0,21,38,0,0,0,24,61,0,21,37,0,0,0,23,170,0,21,36,0,0,0,23,190,0,21,35,0,0,0,23,235,0,21,34,0,0,0,23,124,0,21,33,0,0,0,23,132,0,21,32,0,0,0,24,68,0,21,31,0,0,0,23,182,0,21,30,0,0,0,23,112,0,21,29,0,0,0,23,128,0,21,28,0,0,0,24,155,0,21,27,0,0,0,23,188,0,21,26,0,0,0,23,123,0,21,25,0,0,0,23,121,0,21,24,0,0,0,24,107,0,21,23,0,0,0,23,114,0,21,22,0,0,0,23,115,0,21,21,0,0,0,24,186,0,21,20,0,0,0,23,116,0,21,19,0,0,0,23,118,0,21,18,0,0,0,23,117,0,21,17,0,0,0,24,112,0,21,16,0,0,0,23,113,0,21,15,0,0,0,24,97,0,21,14,0,0,0,23,171,0,21,13,0,0,0,24,122,0,21,12,0,0,0,23,126,0,21,11,0,0,0,23,125,0,21,10,0,0,0,23,168,0,21,9,0,0,0,23,169,0,21,8,0,0,0,23,167,0,21,7,0,0,0,24,71,0,21,6,0,0,0,23,175,0,21,5,0,0,0,23,174,0,21,4,0,0,0,23,179,0,21,3,0,0,0,23,180,0,21,2,0,0,0,23,178,0,21,1,0,0,0,23,199,0,21,0,1,0,0
 ,23,122,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,59,160,0,0,8,0,32,0,0,0,0,0,0,0,21,56,0,0,0,24,97,0,21,55,0,0,0,23,171,0,21,54,0,0,0,24,122,0,21,53,0,0,0,23,126,0,21,52,0,0,0,23,125,0,21,51,0,0,0,23,168,0,21,50,0,0,0,23,169,0,21,49,0,0,0,23,167,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21
 ,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -60,10 +60,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,44,8,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,21,16,0,0,21,0,40,0,41,17,0,0,21,0,39,0,48,17,0,0,21,0,38,0,49,17,0,0,21,0,37,0,47,17,0,0,21,0,36,0,245,15,0,0,21,0,35,0,29,16,0,0,21,0,34,0,44,16,0,0,21,0,33,0,179,15,0,0,21,0,32,0,214,15,0,0,21,0,31,0,126,16,0,0,21,0,30,0,180,15,0,0,21,0,29,0,37,16,0,0,21,0,28,0,87,17,0,0,21,0,27,0,204,16,0,0,21,0,26,0,150,16,0,0,21,0,25,0,161,15,0,0,21,0,24,0,172,15,0,0,21,0,23,0,108,16,0,0,21,0,22,0,205,15,0,0,21,0,21,0,193,15,0,0,21,0,20,0,124,16,0,0,21,0,19,0,215,15,0,0,21,0,18,0,163,15,0,0,21,0,17,0,104,16,0,0,21,0,16,0,123,16,0,0,21,0,15,0,45,16,0,0,21,0,14,0,251,15,0,0,21,0,13,0,114,16,0,0,21,0,12,0,250,15,0,0,21,0,11,0,192,16,0,0,21,0,10,0,165,15,0,0,21,0,9,0,166,15,0,0,21,0,8,0,14,17,0,0,21,0,7,0,117,16,0,0,21,0,6,0,10,16,0,0,21,0,5,0,118,16,0,0,21,0,4,0,11,16,0,0,21,0,3,0,197,16,0,0,21,0,2,0,119,16,0,0,21,0,1,0,12,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,55,8,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,1
 6,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,53,8,0,0,64,32,0,0,0,0,0,0,0,21,0,50,0,167,15,0,0,21,0,49,0,182,16,0,0,21,0,48,0,18,16,0,0,21,0,47,0,207,16,0,0,21,0,46,0,99,16,0,0,21,0,45,0,98,16,0,0,21,0,44,0,162,15,0,0,21,0,43,0,171,15,0,0,21,0,42,0,24,16,0,0,21,0,41,0,21,16,0,0,21,0,40,0,41,17,0,0,21,0,39,0,48,17,0,0,21,0,38,0,49,17,0,0,21,0,37,0,47,17,0,0,21,0,36,0,245,15,0,0,21,0,35,0,29,16,0,0,21,0,34,0,44,16,0,0,21,0,33,0,179,15,0,0,21,0,32,0,214,15,0,0,21,0,31,0,126,16,0,0,21,0,30,0,180,15,0,0,21,0,29,0,37,16,0,0,21,0,28,0,87,17,0,0,21,0,27,0,204,16,0,0,21,0,26,0,150,16,0,0,21,0,25,0,161,15,0,0,21,0,24,0,172,15,0,0,21,0,23,0,108,16,0,0,21,0,22,0,205,15,0,0,21,0,21,0,193,15,0,0,21,0,20,0,124,16,0,0,21,0,19,0,215,15,0,0,21,0,18,0,163,15,0,0,21,0,17,0,104,16,0,0,21,0,16,0,123,16,0,0,21,0,15,0,45,16,0,0,21,0,14,0,251,15,0,0,21,0,13,0,114,16,0,0,21,0,12,0,250,15,0,0,21,0,11,0,192,16,0,0,21,0,10,0,165,15,0,0,21,0,9,0,166,15,0,0,21,0,8,0,14,17,0,0,21,0,7,0,117,16,0,0,21,0,6,0,10,16,0,0,21,0,5,0,118,16,0,
 0,21,0,4,0,11,16,0,0,21,0,3,0,197,16,0,0,21,0,2,0,119,16,0,0,21,0,1,0,12,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,64,8,0,0,64,32,0,0,0,0,0,0,0,21,0,61,0,167,15,0,0,21,0,60,0,182,16,0,0,21,0,59,0,18,16,0,0,21,0,58,0,207,16,0,0,21,0,57,0,99,16,0,0,21,0,56,0,98,16,0,0,21,0,55,0,162,15,0,0,21,0,54,0,171,15,0,0,21,0,53,0,24,16,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114
 ,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -71,10 +71,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,39,8,0,0,192,32,0,0,0,0,0,0,0,21,0,36,0,94,20,0,0,21,0,35,0,199,19,0,0,21,0,34,0,198,19,0,0,21,0,33,0,203,19,0,0,21,0,32,0,204,19,0,0,21,0,31,0,202,19,0,0,21,0,30,0,223,19,0,0,21,0,29,0,146,19,0,0,21,0,28,0,144,19,0,0,21,0,27,0,151,19,0,0,21,0,26,0,58,20,0,0,21,0,25,0,174,19,0,0,21,0,24,0,215,19,0,0,21,0,23,0,63,21,0,0,21,0,22,0,139,20,0,0,21,0,21,0,85,20,0,0,21,0,20,0,194,19,0,0,21,0,19,0,214,19,0,0,21,0,18,0,3,20,0,0,21,0,17,0,148,19,0,0,21,0,16,0,156,19,0,0,21,0,15,0,206,19,0,0,21,0,14,0,136,19,0,0,21,0,13,0,152,19,0,0,21,0,12,0,188,20,0,0,21,0,11,0,212,19,0,0,21,0,10,0,147,19,0,0,21,0,9,0,145,19,0,0,21,0,8,0,127,20,0,0,21,0,7,0,138,19,0,0,21,0,6,0,139,19,0,0,21,0,5,0,206,20,0,0,21,0,4,0,140,19,0,0,21,0,3,0,142,19,0,0,21,0,2,0,141,19,0,0,21,0,1,0,132,20,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,50,8,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,15
 3,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,47,8,0,0,192,32,0,0,0,0,0,0,0,21,0,44,0,117,20,0,0,21,0,43,0,195,19,0,0,21,0,42,0,142,20,0,0,21,0,41,0,150,19,0,0,21,0,40,0,149,19,0,0,21,0,39,0,192,19,0,0,21,0,38,0,193,19,0,0,21,0,37,0,191,19,0,0,21,0,36,0,94,20,0,0,21,0,35,0,199,19,0,0,21,0,34,0,198,19,0,0,21,0,33,0,203,19,0,0,21,0,32,0,204,19,0,0,21,0,31,0,202,19,0,0,21,0,30,0,223,19,0,0,21,0,29,0,146,19,0,0,21,0,28,0,144,19,0,0,21,0,27,0,151,19,0,0,21,0,26,0,58,20,0,0,21,0,25,0,174,19,0,0,21,0,24,0,215,19,0,0,21,0,23,0,63,21,0,0,21,0,22,0,139,20,0,0,21,0,21,0,85,20,0,0,21,0,20,0,194,19,0,0,21,0,19,0,214,19,0,0,21,0,18,0,3,20,0,0,21,0,17,0,148,19,0,0,21,0,16,0,156,19,0,0,21,0,15,0,206,19,0,0,21,0,14,0,136,19,0,0,21,0,13,0,152,19,0,0,21,0,12,0,188,20,0,0,21,0,11,0,212,19,0,0,21,0,10,0,147,19,0,0,21,0,9,0,145,19,0,0,21,0,8,0,127,20,0,0,21,0,7,0,138,19,0,0,21,0,6,0,139,19,0,0,21,0,5,0,206,20,0,0,21,0,4,0,140,19,0,0,21,0,3,0,142,19,0,0,21,0,2,0,141,19,0,0,21,0,1,0,132,20,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,2
 55,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,58,8,0,0,192,32,0,0,0,0,0,0,0,21,0,55,0,117,20,0,0,21,0,54,0,195,19,0,0,21,0,53,0,142,20,0,0,21,0,52,0,150,19,0,0,21,0,51,0,149,19,0,0,21,0,50,0,192,19,0,0,21,0,49,0,193,19,0,0,21,0,48,0,191,19,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0
 ,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -82,10 +82,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,40,8,0,0,224,32,0,0,0,0,0,0,0,21,0,37,0,71,24,0,0,21,0,36,0,175,23,0,0,21,0,35,0,174,23,0,0,21,0,34,0,179,23,0,0,21,0,33,0,180,23,0,0,21,0,32,0,178,23,0,0,21,0,31,0,199,23,0,0,21,0,30,0,122,23,0,0,21,0,29,0,120,23,0,0,21,0,28,0,127,23,0,0,21,0,27,0,34,24,0,0,21,0,26,0,150,23,0,0,21,0,25,0,191,23,0,0,21,0,24,0,39,25,0,0,21,0,23,0,119,24,0,0,21,0,22,0,61,24,0,0,21,0,21,0,170,23,0,0,21,0,20,0,190,23,0,0,21,0,19,0,235,23,0,0,21,0,18,0,124,23,0,0,21,0,17,0,132,23,0,0,21,0,16,0,68,24,0,0,21,0,15,0,182,23,0,0,21,0,14,0,112,23,0,0,21,0,13,0,128,23,0,0,21,0,12,0,155,24,0,0,21,0,11,0,188,23,0,0,21,0,10,0,123,23,0,0,21,0,9,0,121,23,0,0,21,0,8,0,107,24,0,0,21,0,7,0,114,23,0,0,21,0,6,0,115,23,0,0,21,0,5,0,186,24,0,0,21,0,4,0,116,23,0,0,21,0,3,0,118,23,0,0,21,0,2,0,117,23,0,0,21,0,1,0,112,24,0,0,21,0,0,1,113,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,8,0,0,224,32,0,0,0,0,0,0,0,21,0,48,0,178,23,0,0,21,0,47,0,189,23,0,0,21,0,46,0,117,24,0,0,21,0,45,0,199,23,0,0,21,0,44,0,50,24,0,0,21,0,43,0,122,23,0,0,21,0,42,0,120,23,0,0,21,0,41,0,127,23,0,0,21,0,40,0,34,24,0,0,21,0,39,0,150,23,0,0,21,0,38,0,191,23,0,0,21,0,37,0,39,25,0,0,21,0,36,0,119,24,0,0,21,0,35,0,61,24,0,0,21,0,34,0,170,23,0,0,21,0,33,0,146,24,0,0,21,0,32,0,144,23,0,0,21,0,31,0,143,23,0,0,21,0,30,0,190,23,0,0,21,0,29,0,235,23,0,0,21,0,28,0,124,23,0,0,21,0,27,0,132,23,0,0,21,0,26,0,68,24,0,0,21,0,25,0,182,23,0,0,21,0,24,0,149,24,0,0,21,0,23,0,130,23,0,0,21,0,22,0,112,23,0,0,21,0,21,0,128,23,0,0,21,0,20,0,155,24,0,0,21,0,19,0,188,23,0,0,21,0,18,0,123,23,0,0,21,0,17,0,121,23,0,0,21,0,16,0,107,24,0,0,21,0,15,0,114,23,0,0,21,0,14,0,115,23,0,0,21,0,13,0,186,24,0,0,21,0,12,0,116,23,0,0,21,0,11,0,118,23,0,0,21,0,10,0,117,23,0,0,21,0,9,0,112,24,0,0,21,0,8,0,150,24,0,0,21,0,7,0,129,23,0,0,21,0,6,0,131,23,0,0,21,0,5,0,113,23,0,0,21,0,4,0,71,24,0,0,21,0,3,0,
 175,23,0,0,21,0,2,0,174,23,0,0,21,0,1,0,179,23,0,0,21,0,0,1,180,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,48,8,0,0,224,32,0,0,0,0,0,0,0,21,0,45,0,97,24,0,0,21,0,44,0,171,23,0,0,21,0,43,0,122,24,0,0,21,0,42,0,126,23,0,0,21,0,41,0,125,23,0,0,21,0,40,0,168,23,0,0,21,0,39,0,169,23,0,0,21,0,38,0,167,23,0,0,21,0,37,0,71,24,0,0,21,0,36,0,175,23,0,0,21,0,35,0,174,23,0,0,21,0,34,0,179,23,0,0,21,0,33,0,180,23,0,0,21,0,32,0,178,23,0,0,21,0,31,0,199,23,0,0,21,0,30,0,122,23,0,0,21,0,29,0,120,23,0,0,21,0,28,0,127,23,0,0,21,0,27,0,34,24,0,0,21,0,26,0,150,23,0,0,21,0,25,0,191,23,0,0,21,0,24,0,39,25,0,0,21,0,23,0,119,24,0,0,21,0,22,0,61,24,0,0,21,0,21,0,170,23,0,0,21,0,20,0,190,23,0,0,21,0,19,0,235,23,0,0,21,0,18,0,124,23,0,0,21,0,17,0,132,23,0,0,21,0,16,0,68,24,0,0,21,0,15,0,182,23,0,0,21,0,14,0,112,23,0,0,21,0,13,0,128,23,0,0,21,0,12,0,155,24,0,0,21,0,11,0,188,23,0,0,21,0,10,0,123,23,0,0,21,0,9,0,121,23,0,0,21,0,8,0,107,24,0,0,21,0,7,0,114,23,0,0,21,0,6,0,115,23,0,0,21,0,5,0,186,24,0,0,21,0,4,0,116,23,0,0,21,0,3,0,118,23,0,0,21,0,2,0,117,23,0,0,21,0,1,0,112,24,0,0,21,0,0,1,113
 ,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,59,8,0,0,224,32,0,0,0,0,0,0,0,21,0,56,0,178,23,0,0,21,0,55,0,189,23,0,0,21,0,54,0,117,24,0,0,21,0,53,0,199,23,0,0,21,0,52,0,50,24,0,0,21,0,51,0,122,23,0,0,21,0,50,0,120,23,0,0,21,0,49,0,127,23,0,0,21,0,48,0,34,24,0,0,21,0,47,0,150,23,0,0,21,0,46,0,191,23,0,0,21,0,45,0,39,25,0,0,21,0,44,0,119,24,0,0,21,0,43,0,61,24,0,0,21,0,42,0,170,23,0,0,21,0,41,0,146,24,0,0,21,0,40,0,144,23,0,0,21,0,39,0,143,23,0,0,21,0,38,0,190,23,0,0,21,0,37,0,235,23,0,0,21,0,36,0,124,23,0,0,21,0,35,0,132,23,0,0,21,0,34,0,68,24,0,0,21,0,33,0,182,23,0,0,21,0,32,0,149,24,0,0,21,0,31,0,130,23,0,0,21,0,30,0,112,23,0,0,21,0,29,0,128,23,0,0,21,0,28,0,155,24,0,0,21,0,27,0,188,23,0,0,21,0,26,0,123,23,0,0,21,0,25,0,121,23,0,0,21,0,24,0,107,24,0,0,21,0,23,0,114,23,0,0,21,0,22,0,115,23,0,0,21,0,21,0,186,24,0,0,21,0,20,0,116,23,0,0,21,0,19,0,118,23,0,0,21,0,18,0,117,23,0,0,21,0,17,0,112,24,0,0,21,0,16,0,150,24,0,0,21,0,15,0,129,23,0,0,21,0,14,0,131,23,0,0,21,0,13,0,113,23,0,0,21,0,12,0,97,24,0,0,21,
 0,11,0,171,23,0,0,21,0,10,0,122,24,0,0,21,0,9,0,126,23,0,0,21,0,8,0,125,23,0,0,21,0,7,0,168,23,0,0,21,0,6,0,169,23,0,0,21,0,5,0,167,23,0,0,21,0,4,0,71,24,0,0,21,0,3,0,175,23,0,0,21,0,2,0,174,23,0,0,21,0,1,0,179,23,0,0,21,0,0,1,180,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -93,10 +93,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,45,0,0,0,15,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,228,0,21,41,0,0,0,0,185,0,21,40,0,0,0,0,186,0,21,39,0,0,0,0,188,0,21,38,0,0,0,0,189,0,21,37,0,0,0,0,190,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,206,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,31,0,21,26,0,0,0,0,222,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,202,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,108,0,21,16,0,0,0,0,201,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,89,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,19,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,93,0,21,7,0,0,0,0,101,0,21,6,0,0,0,0,18,0,21,5,0,0,0,0,198,0,21,4,0,0,0,0,84,0,21,3,0,0,0,1,24,0,21,2,0,0,0,0,112,0,21,1,0,0,0,0,28,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,15,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,11
 2,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,15,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,7,0,21,51,0,0,0,0,235,0,21,50,0,0,0,0,114,0,21,49,0,0,0,0,113,0,21,48,0,0,0,1,32,0,21,47,0,0,0,0,175,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,2,0,21,44,0,0,0,0,11,0,21,43,0,0,0,0,120,0,21,42,0,0,0,0,228,0,21,41,0,0,0,0,185,0,21,40,0,0,0,0,186,0,21,39,0,0,0,0,188,0,21,38,0,0,0,0,189,0,21,37,0,0,0,0,190,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,206,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,31,0,21,26,0,0,0,0,222,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,202,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,108,0,21,16,0,0,0,0,201,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,89,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,19,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,93,0,21,7,0,0,0,0,101,0,21,6,0,0,0,0,18,0,21,5,0,0,0,0,198,0,21,4,0,0,0,0,84
 ,0,21,3,0,0,0,1,24,0,21,2,0,0,0,0,112,0,21,1,0,0,0,0,28,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,15,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,0,235,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,113,0,21,59,0,0,0,1,32,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0
 ,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -104,10 +104,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,45,128,0,0,15,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,141,0,21,41,0,0,0,0,91,0,21,40,0,0,0,0,89,0,21,39,0,0,0,0,90,0,21,38,0,0,0,1,19,0,21,37,0,0,0,0,5,0,21,36,0,0,0,0,6,0,21,35,0,0,0,1,93,0,21,34,0,0,0,0,101,0,21,33,0,0,0,0,18,0,21,32,0,0,0,0,198,0,21,31,0,0,0,0,84,0,21,30,0,0,0,1,24,0,21,29,0,0,0,0,112,0,21,28,0,0,0,0,28,0,21,27,0,0,0,0,4,0,21,26,0,0,0,0,228,0,21,25,0,0,0,0,185,0,21,24,0,0,0,0,186,0,21,23,0,0,0,0,188,0,21,22,0,0,0,0,189,0,21,21,0,0,0,0,190,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,125,0,21,18,0,0,0,0,140,0,21,17,0,0,0,0,19,0,21,16,0,0,0,0,54,0,21,15,0,0,0,0,206,0,21,14,0,0,0,0,20,0,21,13,0,0,0,0,133,0,21,12,0,0,0,1,183,0,21,11,0,0,0,1,31,0,21,10,0,0,0,0,222,0,21,9,0,0,0,0,1,0,21,8,0,0,0,0,12,0,21,7,0,0,0,0,106,0,21,6,0,0,0,0,45,0,21,5,0,0,0,0,33,0,21,4,0,0,0,0,202,0,21,3,0,0,0,0,55,0,21,2,0,0,0,0,3,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,201,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,128,0,0,15,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,
 112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,55,128,0,0,15,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,141,0,21,51,0,0,0,0,91,0,21,50,0,0,0,0,89,0,21,49,0,0,0,0,90,0,21,48,0,0,0,1,19,0,21,47,0,0,0,0,5,0,21,46,0,0,0,0,6,0,21,45,0,0,0,1,93,0,21,44,0,0,0,0,101,0,21,43,0,0,0,0,18,0,21,42,0,0,0,0,198,0,21,41,0,0,0,0,84,0,21,40,0,0,0,1,24,0,21,39,0,0,0,0,112,0,21,38,0,0,0,0,28,0,21,37,0,0,0,0,4,0,21,36,0,0,0,0,7,0,21,35,0,0,0,0,235,0,21,34,0,0,0,0,114,0,21,33,0,0,0,0,113,0,21,32,0,0,0,1,32,0,21,31,0,0,0,0,175,0,21,30,0,0,0,0,174,0,21,29,0,0,0,0,2,0,21,28,0,0,0,0,11,0,21,27,0,0,0,0,120,0,21,26,0,0,0,0,228,0,21,25,0,0,0,0,185,0,21,24,0,0,0,0,186,0,21,23,0,0,0,0,188,0,21,22,0,0,0,0,189,0,21,21,0,0,0,0,190,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,125,0,21,18,0,0,0,0,140,0,21,17,0,0,0,0,19,0,21,16,0,0,0,0,54,0,21,15,0,0,0,0,206,0,21,14,0,0,0,0,20,0,21,13,0,0,0,0,133,0,21,12,0,0,0,1,183,0,21,11,0,0,0,1,31,0,21,10,0,0,0,0,222,0,21,9,0,0,0,0,1,0,21,8,0,0,0,0,12,0,21,7,0,0,0,0,106,0,21,6,0,0,0,0,45,0,21,5,0,0,0,0,33,0,21,4,0,0,0,0,20
 2,0,21,3,0,0,0,0,55,0,21,2,0,0,0,0,3,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,201,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,128,0,0,15,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,0,235,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,113,0,21,59,0,0,0,1,32,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15
 ,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -115,10 +115,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,44,0,0,0,20,0,32,0,0,0,0,0,0,0,21,41,0,0,0,0,117,0,21,40,0,0,0,1,137,0,21,39,0,0,0,1,144,0,21,38,0,0,0,1,145,0,21,37,0,0,0,1,143,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,204,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,179,0,21,16,0,0,0,0,202,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,192,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,195,0,21,6,0,0,0,0,106,0,21,5,0,0,0,0,196,0,21,4,0,0,0,0,107,0,21,3,0,0,0,1,35,0,21,2,0,0,0,0,197,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,20,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0
 ,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,54,0,0,0,20,0,32,0,0,0,0,0,0,0,21,51,0,0,0,0,7,0,21,50,0,0,0,1,16,0,21,49,0,0,0,0,114,0,21,48,0,0,0,0,189,0,21,47,0,0,0,1,26,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,173,0,21,44,0,0,0,0,2,0,21,43,0,0,0,0,11,0,21,42,0,0,0,0,120,0,21,41,0,0,0,0,117,0,21,40,0,0,0,1,137,0,21,39,0,0,0,1,144,0,21,38,0,0,0,1,145,0,21,37,0,0,0,1,143,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,204,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,179,0,21,16,0,0,0,0,202,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,192,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,195,0,21,6,0,0,0,0,106,0,21,5,0,0,0,0,196,0,21,4,0,0,0,0,107,0,21,3,0,0,0,1,3
 5,0,21,2,0,0,0,0,197,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,20,0,32,0,0,0,0,0,0,0,21,62,0,0,0,0,7,0,21,61,0,0,0,1,16,0,21,60,0,0,0,0,114,0,21,59,0,0,0,0,189,0,21,58,0,0,0,1,26,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,173,0,21,55,0,0,0,0,2,0,21,54,0,0,0,0,11,0,21,53,0,0,0,0,120,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,
 0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -126,10 +126,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,40,128,0,0,21,0,32,0,0,0,0,0,0,0,21,37,0,0,0,0,117,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,179,0,21,17,0,0,0,0,202,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,30,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,127,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,21,0,32,0,0,0,0,0,0,0,21,48,0,0,0,0,54,0,21,47,0,0,0,0,207,0,21,46,0,0,0,0,20,0,21,45,0,0,0,0,133,0,21,44,0,0,0,1,183,0,21,43,0,0,0,1,42,0,21,42,0,0,0,0,234,0,21,41,0,0,0,0,1,0,21,40,0,0,0,1,60,0,21,39,0,0,0,0,63,0,21,38,0,0,0,0,41,0,21,37,0,0,0,0,12,0,21,36,0,0,0,0,183,0,21,35,0,0,0,0,45,0,21,34,0,0,0,0,33,0,21,33,0,0,0,0,55,0,21,32,0,0,0,1,64,0,21,31,0,0,0,0,145,0,21,30,0,0,0,0,3,0,21,29,0,0,0,0,179,0,21,28,0,0,0,0,202,0,21,27,0,0,0,0,141,0,21,26,0,0,0,0,91,0,21,25,0,0,0,0,90,0,21,24,0,0,0,1,30,0,21,23,0,0,0,0,5,0,21,22,0,0,0,0,6,0,21,21,0,0,0,1,127,0,21,20,0,0,0,0,106,0,21,19,0,0,0,0,107,0,21,18,0,0,0,0,108,0,21,17,0,0,0,1,35,0,21,16,0,0,0,1,65,0,21,15,0,0,0,0,180,0,21,14,0,0,0,0,146,0,21,13,0,0,0,0,4,0,21,12,0,0,0,0,117,0,21,11,0,0,0,0,182,0,21,10,0,0,0,1,40,0,21,9,0,0,0,0,85,0,21,8,0,0,0,0,221,0,21,7,0,0,0,0,125,0,21,6,0,0,0,0,140,0,21,5,0,0,0,0,19,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,
 0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,21,0,32,0,0,0,0,0,0,0,21,47,0,0,0,0,7,0,21,46,0,0,0,1,16,0,21,45,0,0,0,0,114,0,21,44,0,0,0,0,189,0,21,43,0,0,0,1,26,0,21,42,0,0,0,0,174,0,21,41,0,0,0,0,173,0,21,40,0,0,0,0,2,0,21,39,0,0,0,0,11,0,21,38,0,0,0,0,120,0,21,37,0,0,0,0,117,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,179,0,21,17,0,0,0,0,202,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,30,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,127,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0
 ,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,61,128,0,0,21,0,32,0,0,0,0,0,0,0,21,58,0,0,0,0,54,0,21,57,0,0,0,0,207,0,21,56,0,0,0,0,20,0,21,55,0,0,0,0,133,0,21,54,0,0,0,1,183,0,21,53,0,0,0,1,42,0,21,52,0,0,0,0,234,0,21,51,0,0,0,0,1,0,21,50,0,0,0,1,60,0,21,49,0,0,0,0,63,0,21,48,0,0,0,0,41,0,21,47,0,0,0,0,12,0,21,46,0,0,0,0,183,0,21,45,0,0,0,0,45,0,21,44,0,0,0,0,33,0,21,43,0,0,0,0,55,0,21,42,0,0,0,1,64,0,21,41,0,0,0,0,145,0,21,40,0,0,0,0,3,0,21,39,0,0,0,0,179,0,21,38,0,0,0,0,202,0,21,37,0,0,0,0,141,0,21,36,0,0,0,0,91,0,21,35,0,0,0,0,90,0,21,34,0,0,0,1,30,0,21,33,0,0,0,0,5,0,21,32,0,0,0,0,6,0,21,31,0,0,0,1,127,0,21,30,0,0,0,0,106,0,21,29,0,0,0,0,107,0,21,28,0,0,0,0,108,0,21,27,0,0,0,1,35,0,21,26,0,0,0,1,65,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,146,0,21,23,0,0,0,0,4,0,21,22,0,0,0,0,7,0,21,21,0,0,0,1,16,0,21,20,0,0,0,0,114,0,21,19,0,0,0,0,189,0,21,18,0,0,0,1,26,0,21,17,0,0,0,0,174,0,21,16,0,0,0,0,173,0,21,15,0,0,0,0,2,0,21,14,0,0,0,0,11,0,21,13,0,0,0,0,120,0,21,12,0,0,0,0,117,0,21,11,0,0,0,0,182,0,21,10,0,0,0,
 1,40,0,21,9,0,0,0,0,85,0,21,8,0,0,0,0,221,0,21,7,0,0,0,0,125,0,21,6,0,0,0,0,140,0,21,5,0,0,0,0,19,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -137,10 +137,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64LE */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,40,21,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,117,0,0,0,21,0,36,0,85,0,0,0,21,0,35,0,125,0,0,0,21,0,34,0,140,0,0,0,21,0,33,0,19,0,0,0,21,0,32,0,54,0,0,0,21,0,31,0,207,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,133,0,0,0,21,0,28,0,183,1,0,0,21,0,27,0,42,1,0,0,21,0,26,0,234,0,0,0,21,0,25,0,1,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,183,0,0,0,21,0,22,0,45,0,0,0,21,0,21,0,33,0,0,0,21,0,20,0,55,0,0,0,21,0,19,0,3,0,0,0,21,0,18,0,179,0,0,0,21,0,17,0,202,0,0,0,21,0,16,0,141,0,0,0,21,0,15,0,91,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,30,1,0,0,21,0,12,0,5,0,0,0,21,0,11,0,6,0,0,0,21,0,10,0,127,1,0,0,21,0,9,0,106,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,108,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,21,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,
 6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,21,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,7,0,0,0,21,0,46,0,16,1,0,0,21,0,45,0,114,0,0,0,21,0,44,0,189,0,0,0,21,0,43,0,26,1,0,0,21,0,42,0,174,0,0,0,21,0,41,0,173,0,0,0,21,0,40,0,2,0,0,0,21,0,39,0,11,0,0,0,21,0,38,0,120,0,0,0,21,0,37,0,117,0,0,0,21,0,36,0,85,0,0,0,21,0,35,0,125,0,0,0,21,0,34,0,140,0,0,0,21,0,33,0,19,0,0,0,21,0,32,0,54,0,0,0,21,0,31,0,207,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,133,0,0,0,21,0,28,0,183,1,0,0,21,0,27,0,42,1,0,0,21,0,26,0,234,0,0,0,21,0,25,0,1,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,183,0,0,0,21,0,22,0,45,0,0,0,21,0,21,0,33,0,0,0,21,0,20,0,55,0,0,0,21,0,19,0,3,0,0,0,21,0,18,0,179,0,0,0,21,0,17,0,202,0,0,0,21,0,16,0,141,0,0,0,21,0,15,0,91,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,30,1,0,0,21,0,12,0,5,0,0,0,21,0,11,0,6,0,0,0,21,0,10,0,127,1,0,0,21,0,9,0,106,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,108,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6
 ,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,61,21,0,0,192,32,0,0,0,0,0,0,0,21,0,58,0,7,0,0,0,21,0,57,0,16,1,0,0,21,0,56,0,114,0,0,0,21,0,55,0,189,0,0,0,21,0,54,0,26,1,0,0,21,0,53,0,174,0,0,0,21,0,52,0,173,0,0,0,21,0,51,0,2,0,0,0,21,0,50,0,11,0,0,0,21,0,49,0,120,0,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108
 ,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -148,10 +148,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* RISCV64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,33,243,0,0,192,32,0,0,0,0,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,43,243,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,40,243,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,4,1,0,0,21,0,36,0,97,0,0,0,21,0,35,0,135,0,0,0,21,0,34,0,134,0,0,0,21,0,33,0,221,0,0,0,21,0,32,0,220,0,0,0,21,0,31,0,192,0,0,0,21,0,30,0,193,0,0,0,21,0,29,0,190,0,0,0,21,0,28,0,189,0,0,0,21,0,27,0,188,0,0,0,21,0,26,0,186,0,0,0,21,0,25,0,226,0,0,0,21,0,24,0,62,0,0,0,21,0,23,0,29,0,0,0,21,0,22,0,178,0,0,0,21,0,21,0,172,0,0,0,21,0,20,0,50,0,0,0,21,0,19,0,183,1,0,0,21,0,18,0,48,0,0,0,21,0,17,0,94,0,0,0,21,0,16,0,93,0,0,0,21,0,15,0,49,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,214,0,0,0,21,0,12,0,25,0,0,0,21,0,11,0,63,0,0,0,21,0,10,0,67,0,0,0,21,0,9,0,61,0,0,0,21,0,8,0,215,0,0,0,21,0,7,0,222,0,0,0,21,0,6,0,56,0,0,0,21,0,5,0,57,0,0,0,21,0,4,0,35,1,0,0,21,0,3,0,80,0,0,0,21,0,2,0,79,0,0,0,21,0,1,0,64,0,0,0,21,0,0,1,95,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,50,243,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
 0,0,0,0,0,0,0,
 };
 #endif
 
@@ -159,10 +159,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,45,0,0,0,22,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,117,0,21,41,0,0,0,0,85,0,21,40,0,0,0,0,125,0,21,39,0,0,0,0,140,0,21,38,0,0,0,0,19,0,21,37,0,0,0,0,54,0,21,36,0,0,0,0,236,0,21,35,0,0,0,0,20,0,21,34,0,0,0,0,133,0,21,33,0,0,0,1,183,0,21,32,0,0,0,1,44,0,21,31,0,0,0,0,248,0,21,30,0,0,0,0,1,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,184,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,221,0,21,24,0,0,0,0,55,0,21,23,0,0,0,0,3,0,21,22,0,0,0,0,180,0,21,21,0,0,0,0,220,0,21,20,0,0,0,0,141,0,21,19,0,0,0,0,91,0,21,18,0,0,0,0,192,0,21,17,0,0,0,0,90,0,21,16,0,0,0,1,32,0,21,15,0,0,0,0,5,0,21,14,0,0,0,0,6,0,21,13,0,0,0,1,123,0,21,12,0,0,0,0,195,0,21,11,0,0,0,0,106,0,21,10,0,0,0,0,196,0,21,9,0,0,0,0,107,0,21,8,0,0,0,1,37,0,21,7,0,0,0,0,197,0,21,6,0,0,0,0,108,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,22,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0
 ,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,54,0,0,0,22,0,32,0,0,0,0,0,0,0,21,51,0,0,0,1,25,0,21,50,0,0,0,0,114,0,21,49,0,0,0,0,190,0,21,48,0,0,0,1,47,0,21,47,0,0,0,0,175,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,2,0,21,44,0,0,0,0,11,0,21,43,0,0,0,0,120,0,21,42,0,0,0,0,117,0,21,41,0,0,0,0,85,0,21,40,0,0,0,0,125,0,21,39,0,0,0,0,140,0,21,38,0,0,0,0,19,0,21,37,0,0,0,0,54,0,21,36,0,0,0,0,236,0,21,35,0,0,0,0,20,0,21,34,0,0,0,0,133,0,21,33,0,0,0,1,183,0,21,32,0,0,0,1,44,0,21,31,0,0,0,0,248,0,21,30,0,0,0,0,1,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,184,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,221,0,21,24,0,0,0,0,55,0,21,23,0,0,0,0,3,0,21,22,0,0,0,0,180,0,21,21,0,0,0,0,220,0,21,20,0,0,0,0,141,0,21,19,0,0,0,0,91,0,21,18,0,0,0,0,192,0,21,17,0,0,0,0,90,0,21,16,0,0,0,1,32,0,21,15,0,0,0,0,5,0,21,14,0,0,0,0,6,0,21,13,0,0,0,1,123,0,21,12,0,0,0,0,195,0,21,11,0,0,0,0,106,0,21,10,0,0,0,0,196,0,21,9,0,0,0,0,107,0,21,8,0,0,0,1,37,0,21,7,0,0,0,0,197,0,21,6,0,0,0,0,108,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,13
 7,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,22,0,32,0,0,0,0,0,0,0,21,62,0,0,0,1,25,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,190,0,21,59,0,0,0,1,47,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0
 ,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -170,10 +170,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390X */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,39,128,0,0,22,0,32,0,0,0,0,0,0,0,21,36,0,0,0,0,117,0,21,35,0,0,0,0,85,0,21,34,0,0,0,0,125,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,236,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,44,0,21,26,0,0,0,0,248,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,184,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,180,0,21,17,0,0,0,0,220,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,32,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,123,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,37,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,22,0,32,0,0,0,0,0,0,0,21,47,0,0,0,1,70,0,21,46,0,0,0,0,63,0,21,45,0,0,0,0,41,0,21,44,0,0,0,0,12,0,21,43,0,0,0,0,184,0,21,42,0,0,0,0,45,0,21,41,0,0,0,0,33,0,21,40,0,0,0,0,55,0,21,39,0,0,0,1,72,0,21,38,0,0,0,0,145,0,21,37,0,0,0,0,3,0,21,36,0,0,0,0,180,0,21,35,0,0,0,0,220,0,21,34,0,0,0,0,141,0,21,33,0,0,0,0,91,0,21,32,0,0,0,0,90,0,21,31,0,0,0,1,32,0,21,30,0,0,0,0,5,0,21,29,0,0,0,0,6,0,21,28,0,0,0,1,123,0,21,27,0,0,0,0,106,0,21,26,0,0,0,0,107,0,21,25,0,0,0,0,108,0,21,24,0,0,0,1,37,0,21,23,0,0,0,1,73,0,21,22,0,0,0,0,181,0,21,21,0,0,0,0,146,0,21,20,0,0,0,0,4,0,21,19,0,0,0,0,117,0,21,18,0,0,0,0,183,0,21,17,0,0,0,1,42,0,21,16,0,0,0,0,85,0,21,15,0,0,0,0,238,0,21,14,0,0,0,0,125,0,21,13,0,0,0,0,19,0,21,12,0,0,0,0,54,0,21,11,0,0,0,0,236,0,21,10,0,0,0,0,20,0,21,9,0,0,0,0,133,0,21,8,0,0,0,1,183,0,21,7,0,0,0,1,44,0,21,6,0,0,0,0,248,0,21,5,0,0,0,0,1,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,
 0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,48,128,0,0,22,0,32,0,0,0,0,0,0,0,21,45,0,0,0,1,25,0,21,44,0,0,0,0,114,0,21,43,0,0,0,0,190,0,21,42,0,0,0,1,47,0,21,41,0,0,0,0,175,0,21,40,0,0,0,0,174,0,21,39,0,0,0,0,2,0,21,38,0,0,0,0,11,0,21,37,0,0,0,0,120,0,21,36,0,0,0,0,117,0,21,35,0,0,0,0,85,0,21,34,0,0,0,0,125,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,236,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,44,0,21,26,0,0,0,0,248,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,184,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,180,0,21,17,0,0,0,0,220,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,32,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,123,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,37,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,22,0,32,0,0,0,0,0,0,0,21,56,0,0,0,1,70,0,21,55,0,0,0,0,63,0,21,54,0,0,0,0,41,0,21,53,0,0,0,0,12,0,21,52,0,0,0,0,184,0,21,51,0,0,0,0,45,0,21,50,0,0,0,0,33,0,21,49,0,0,0,0,55,0,21,48,0,0,0,1,72,0,21,47,0,0,0,0,145,0,21,46,0,0,0,0,3,0,21,45,0,0,0,0,180,0,21,44,0,0,0,0,220,0,21,43,0,0,0,0,141,0,21,42,0,0,0,0,91,0,21,41,0,0,0,0,90,0,21,40,0,0,0,1,32,0,21,39,0,0,0,0,5,0,21,38,0,0,0,0,6,0,21,37,0,0,0,1,123,0,21,36,0,0,0,0,106,0,21,35,0,0,0,0,107,0,21,34,0,0,0,0,108,0,21,33,0,0,0,1,37,0,21,32,0,0,0,1,73,0,21,31,0,0,0,0,181,0,21,30,0,0,0,0,146,0,21,29,0,0,0,0,4,0,21,28,0,0,0,1,25,0,21,27,0,0,0,0,114,0,21,26,0,0,0,0,190,0,21,25,0,0,0,1,47,0,21,24,0,0,0,0,175,0,21,23,0,0,0,0,174,0,21,22,0,0,0,0,2,0,21,21,0,0,0,0,11,0,21,20,0,0,0,0,120,0,21,19,0,0,0,0,117,0,21,18,0,0,0,0,183,0,21,17,0,0,0,1,42,0,21,16,0,0,0,0,85,0,21,15,0,0,0,0,238,0,21,14,0,0,0,0,125,0,21,13,0,0,0,0,19,0,21,12,0,0,0,0,54,0,21,11,0,0,0,0,236,0,21,10,0,0,0,0,20,0,21,9,0,0,0,0,133,0,21,8,0,0,0,
 1,183,0,21,7,0,0,0,1,44,0,21,6,0,0,0,0,248,0,21,5,0,0,0,0,1,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -181,10 +181,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,44,3,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,117,0,0,0,21,0,40,0,85,0,0,0,21,0,39,0,125,0,0,0,21,0,38,0,140,0,0,0,21,0,37,0,19,0,0,0,21,0,36,0,54,0,0,0,21,0,35,0,224,0,0,0,21,0,34,0,20,0,0,0,21,0,33,0,133,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,51,1,0,0,21,0,30,0,252,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,180,0,0,0,21,0,20,0,220,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,192,0,0,0,21,0,16,0,90,0,0,0,21,0,15,0,39,1,0,0,21,0,14,0,5,0,0,0,21,0,13,0,6,0,0,0,21,0,12,0,127,1,0,0,21,0,11,0,195,0,0,0,21,0,10,0,106,0,0,0,21,0,9,0,196,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,44,1,0,0,21,0,6,0,197,0,0,0,21,0,5,0,108,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,55,3,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,
 0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,54,3,0,0,64,32,0,0,0,0,0,0,0,21,0,51,0,7,0,0,0,21,0,50,0,28,1,0,0,21,0,49,0,114,0,0,0,21,0,48,0,190,0,0,0,21,0,47,0,54,1,0,0,21,0,46,0,175,0,0,0,21,0,45,0,174,0,0,0,21,0,44,0,2,0,0,0,21,0,43,0,11,0,0,0,21,0,42,0,120,0,0,0,21,0,41,0,117,0,0,0,21,0,40,0,85,0,0,0,21,0,39,0,125,0,0,0,21,0,38,0,140,0,0,0,21,0,37,0,19,0,0,0,21,0,36,0,54,0,0,0,21,0,35,0,224,0,0,0,21,0,34,0,20,0,0,0,21,0,33,0,133,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,51,1,0,0,21,0,30,0,252,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,180,0,0,0,21,0,20,0,220,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,192,0,0,0,21,0,16,0,90,0,0,0,21,0,15,0,39,1,0,0,21,0,14,0,5,0,0,0,21,0,13,0,6,0,0,0,21,0,12,0,127,1,0,0,21,0,11,0,195,0,0,0,21,0,10,0,106,0,0,0,21,0,9,0,196,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,44,1,0,0,21,0,6,0,197,0,0,0,21,0,5,0,108,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,
 21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,65,3,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,7,0,0,0,21,0,61,0,28,1,0,0,21,0,60,0,114,0,0,0,21,0,59,0,190,0,0,0,21,0,58,0,54,1,0,0,21,0,57,0,175,0,0,0,21,0,56,0,174,0,0,0,21,0,55,0,2,0,0,0,21,0,54,0,11,0,0,0,21,0,53,0,120,0,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0
 ,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -192,10 +192,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,40,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,38,0,0,0,64,21,0,36,0,220,0,0,64,21,0,35,0,65,0,0,64,21,0,34,0,64,0,0,64,21,0,33,0,69,0,0,64,21,0,32,0,70,0,0,64,21,0,31,0,68,0,0,64,21,0,30,0,89,0,0,64,21,0,29,0,10,0,0,64,21,0,28,0,8,0,0,64,21,0,27,0,2,2,0,64,21,0,26,0,186,0,0,64,21,0,25,0,39,0,0,64,21,0,24,0,81,0,0,64,21,0,23,0,183,1,0,64,21,0,22,0,13,1,0,64,21,0,21,0,231,0,0,64,21,0,20,0,60,0,0,64,21,0,19,0,80,0,0,64,21,0,18,0,125,0,0,64,21,0,17,0,12,0,0,64,21,0,16,0,21,0,0,64,21,0,15,0,72,0,0,64,21,0,14,0,0,0,0,64,21,0,13,0,17,0,0,64,21,0,12,0,217,0,0,64,21,0,11,0,78,0,0,64,21,0,10,0,11,0,0,64,21,0,9,0,9,0,0,64,21,0,8,0,1,1,0,64,21,0,7,0,2,0,0,64,21,0,6,0,3,0,0,64,21,0,5,0,76,1,0,64,21,0,4,0,4,0,0,64,21,0,3,0,6,0,0,64,21,0,2,0,5,0,0,64,21,0,1,0,6,1,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,49,0,0,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,
 64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,49,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,47,0,0,0,64,21,0,45,0,17,2,0,64,21,0,44,0,61,0,0,64,21,0,43,0,58,0,0,64,21,0,42,0,16,1,0,64,21,0,41,0,14,0,0,64,21,0,40,0,0,2,0,64,21,0,39,0,57,0,0,64,21,0,38,0,8,2,0,64,21,0,37,0,56,0,0,64,21,0,36,0,220,0,0,64,21,0,35,0,65,0,0,64,21,0,34,0,64,0,0,64,21,0,33,0,69,0,0,64,21,0,32,0,70,0,0,64,21,0,31,0,68,0,0,64,21,0,30,0,89,0,0,64,21,0,29,0,10,0,0,64,21,0,28,0,8,0,0,64,21,0,27,0,2,2,0,64,21,0,26,0,186,0,0,64,21,0,25,0,39,0,0,64,21,0,24,0,81,0,0,64,21,0,23,0,183,1,0,64,21,0,22,0,13,1,0,64,21,0,21,0,231,0,0,64,21,0,20,0,60,0,0,64,21,0,19,0,80,0,0,64,21,0,18,0,125,0,0,64,21,0,17,0,12,0,0,64,21,0,16,0,21,0,0,64,21,0,15,0,72,0,0,64,21,0,14,0,0,0,0,64,21,0,13,0,17,0,0,64,21,0,12,0,217,0,0,64,21,0,11,0,78,0,0,64,21,0,10,0,11,0,0,64,21,0,9,0,9,0,0,64,21,0,8,0,1,1,0,64,21,0,7,0,2,0,0,64,21,0,6,0,3,0,0,64,21,0,5,0,76,1,0,64,21,0,4,0,4,0,0,64,21,0,3,0,6,0,0,64,21,0,2,0,5,0,0,64,21,0,1,0,6,1,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,
 6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,60,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,58,0,0,0,64,21,0,56,0,17,2,0,64,21,0,55,0,61,0,0,64,21,0,54,0,58,0,0,64,21,0,53,0,16,1,0,64,21,0,52,0,14,0,0,64,21,0,51,0,0,2,0,64,21,0,50,0,57,0,0,64,21,0,49,0,8,2,0,64,21,0,48,0,56,0,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,
 0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -203,10 +203,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86_64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,41,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,38,255,255,255,255,21,0,36,0,16,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,39,0,0,0,21,0,33,0,81,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,13,1,0,0,21,0,30,0,231,0,0,0,21,0,29,0,60,0,0,0,21,0,28,0,80,0,0,0,21,0,27,0,125,0,0,0,21,0,26,0,12,0,0,0,21,0,25,0,21,0,0,0,21,0,24,0,72,0,0,0,21,0,23,0,0,0,0,0,21,0,22,0,17,0,0,0,21,0,21,0,217,0,0,0,21,0,20,0,78,0,0,0,21,0,19,0,11,0,0,0,21,0,18,0,9,0,0,0,21,0,17,0,1,1,0,0,21,0,16,0,2,0,0,0,21,0,15,0,3,0,0,0,21,0,14,0,76,1,0,0,21,0,13,0,4,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,5,0,0,0,21,0,10,0,6,1,0,0,21,0,9,0,1,0,0,0,21,0,8,0,220,0,0,0,21,0,7,0,65,0,0,0,21,0,6,0,64,0,0,0,21,0,5,0,69,0,0,0,21,0,4,0,70,0,0,0,21,0,3,0,68,0,0,0,21,0,2,0,89,0,0,0,21,0,1,0,10,0,0,0,21,0,0,1,8,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,49,255,255,255,255,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0
 ,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,47,255,255,255,255,21,0,45,0,16,0,0,0,21,0,44,0,186,0,0,0,21,0,43,0,39,0,0,0,21,0,42,0,81,0,0,0,21,0,41,0,183,1,0,0,21,0,40,0,13,1,0,0,21,0,39,0,231,0,0,0,21,0,38,0,60,0,0,0,21,0,37,0,80,0,0,0,21,0,36,0,125,0,0,0,21,0,35,0,12,0,0,0,21,0,34,0,21,0,0,0,21,0,33,0,72,0,0,0,21,0,32,0,0,0,0,0,21,0,31,0,17,0,0,0,21,0,30,0,217,0,0,0,21,0,29,0,78,0,0,0,21,0,28,0,11,0,0,0,21,0,27,0,9,0,0,0,21,0,26,0,1,1,0,0,21,0,25,0,2,0,0,0,21,0,24,0,3,0,0,0,21,0,23,0,76,1,0,0,21,0,22,0,4,0,0,0,21,0,21,0,6,0,0,0,21,0,20,0,5,0,0,0,21,0,19,0,6,1,0,0,21,0,18,0,1,0,0,0,21,0,17,0,247,0,0,0,21,0,16,0,61,0,0,0,21,0,15,0,58,0,0,0,21,0,14,0,16,1,0,0,21,0,13,0,14,0,0,0,21,0,12,0,13,0,0,0,21,0,11,0,57,0,0,0,21,0,10,0,59,0,0,0,21,0,9,0,56,0,0,0,21,0,8,0,220,0,0,0,21,0,7,0,65,0,0,0,21,0,6,0,64,0,0,0,21,0,5,0,69,0,0,0,21,0,4,0,70,0,0,0,21,0,3,0,68,0,0,0,21,0,2,0,89,0,0,0,21,0,1,0,10,0,0,0,21,0,0,1,8,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,61,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,58,255,255,255,255,21,0,56,0,247,0,0,0,21,0,55,0,61,0,0,0,21,0,54,0,58,0,0,0,21,0,53,0,16,1,0,0,21,0,52,0,14,0,0,0,21,0,51,0,13,0,0,0,21,0,50,0,57,0,0,0,21,0,49,0,59,0,0,0,21,0,48,0,56,0,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,2
 1,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-04-19  4:58 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-04-19  4:58 UTC (permalink / raw
  To: gentoo-commits

commit:     f0b893136c4b1418edadff6ff8e65afe68c3b4a8
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Mon Apr 19 04:56:03 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Apr 19 04:56:03 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f0b89313

lddtree: respect (destination) root with --argv0 interp probing

This is important because the path in this func reflects where the
interpreter is going to be living, not where it's being copied from.
These are often the same paths (relatively speaking), but when we're
copying from a cross-compiler sysroot, or when using --libdir so the
target paths are rewritten, the interp path probably does not line
up with whatever happens to live in the active rootfs.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index b8fde0c..dd17387 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -157,7 +157,7 @@ def GenerateLdsoWrapper(root, path, interp, libpaths=()):
                                interp_name),
         'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
                               for p in libpaths]),
-        'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(interp) else '',
+        'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp) else '',
     }
     wrapper = """#!/bin/sh
 if ! base=$(realpath "$0" 2>/dev/null); then


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-06-10  7:02 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-06-10  7:02 UTC (permalink / raw
  To: gentoo-commits

commit:     6012cc3584cfa18c6e37c2a1a56af08b04a9a5f6
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 10 06:58:54 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Jun 10 06:58:54 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6012cc35

seccomp: fix build failure on mips (use _MIP_SIM tests)

glibc's sysdeps/mips/sgidefs.h unconditionally mips _ABI* enum values:
  #define _ABIO32                1
  #define _ABIN32                2
  #define _ABI64                 3
  #define _ABIO64                4

This causes build failures on multiple definitions:
  In file included from security.c:9:
  seccomp-bpf.h:73:28: error: redefinition of 'seccomp_bpf_blks_base'
     73 | static const unsigned char seccomp_bpf_blks_base[] = {
        |                            ^~~~~~~~~~~~~~~~~~~~~

The fix is to test current ABI against _MIPS_SIM.

Fixed-by: Manuel Lauss
Bug: https://bugs.gentoo.org/795075
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 seccomp-bpf.c | 16 +++++++++-------
 seccomp-bpf.h | 16 +++++++++-------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index f69e5ce..8e61f7f 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -28,12 +28,12 @@ static const struct {
 #define A(arch, ifdef) { #arch, SCMP_ARCH_##arch, ifdef }
 	A(AARCH64,     "defined(__aarch64__)"),
 	A(ARM,         "defined(__arm__)"),
-	A(MIPS,        "defined(__mips__) && defined(__MIPSEB__) && defined(_ABIO32)"),
-	A(MIPS64,      "defined(__mips__) && defined(__MIPSEB__) && defined(_ABI64)"),
-	A(MIPS64N32,   "defined(__mips__) && defined(__MIPSEB__) && defined(_ABIN32)"),
-	A(MIPSEL,      "defined(__mips__) && defined(__MIPSEL__) && defined(_ABIO32)"),
-	A(MIPSEL64,    "defined(__mips__) && defined(__MIPSEL__) && defined(_ABI64)"),
-	A(MIPSEL64N32, "defined(__mips__) && defined(__MIPSEL__) && defined(_ABIN32)"),
+	A(MIPS,        "defined(__mips__) && defined(__MIPSEB__) && (_MIPS_SIM == _ABIO32)"),
+	A(MIPS64,      "defined(__mips__) && defined(__MIPSEB__) && (_MIPS_SIM == _ABI64)"),
+	A(MIPS64N32,   "defined(__mips__) && defined(__MIPSEB__) && (_MIPS_SIM == _ABIN32)"),
+	A(MIPSEL,      "defined(__mips__) && defined(__MIPSEL__) && (_MIPS_SIM == _ABIO32)"),
+	A(MIPSEL64,    "defined(__mips__) && defined(__MIPSEL__) && (_MIPS_SIM == _ABI64)"),
+	A(MIPSEL64N32, "defined(__mips__) && defined(__MIPSEL__) && (_MIPS_SIM == _ABIN32)"),
 	A(PARISC,      "defined(__hppa__) && !defined(__hppa64__)"),
 	A(PARISC64,    "defined(__hppa__) &&  defined(__hppa64__)"),
 	A(PPC,         "defined(__powerpc__) && !defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)"),
@@ -210,7 +210,9 @@ int main(void)
 	if (!ctx)
 		err(1, "seccomp_init failed");
 
-	printf("/* AUTO GENERATED; see seccomp-bpf.c for details. */\n");
+	printf("/* AUTO GENERATED FILE. To regenerate run:\n");
+	printf("/*   $ make seccomp-bpf.h\n");
+	printf("/* See seccomp-bpf.c for details. */\n");
 	printf("#undef SECCOMP_BPF_AVAILABLE\n");
 
 	if (seccomp_arch_remove(ctx, seccomp_arch_native()) < 0)

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 5966bd5..95f5bfb 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -1,4 +1,6 @@
-/* AUTO GENERATED; see seccomp-bpf.c for details. */
+/* AUTO GENERATED FILE. To regenerate run:
+/*   $ make seccomp-bpf.h
+/* See seccomp-bpf.c for details. */
 #undef SECCOMP_BPF_AVAILABLE
 
 #if defined(__aarch64__)
@@ -23,7 +25,7 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 };
 #endif
 
-#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABIO32)
+#if defined(__mips__) && defined(__MIPSEB__) && (_MIPS_SIM == _ABIO32)
 /* MIPS */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
@@ -34,7 +36,7 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 };
 #endif
 
-#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABI64)
+#if defined(__mips__) && defined(__MIPSEB__) && (_MIPS_SIM == _ABI64)
 /* MIPS64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
@@ -45,7 +47,7 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 };
 #endif
 
-#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABIN32)
+#if defined(__mips__) && defined(__MIPSEB__) && (_MIPS_SIM == _ABIN32)
 /* MIPS64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
@@ -56,7 +58,7 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 };
 #endif
 
-#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABIO32)
+#if defined(__mips__) && defined(__MIPSEL__) && (_MIPS_SIM == _ABIO32)
 /* MIPSEL */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
@@ -67,7 +69,7 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 };
 #endif
 
-#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABI64)
+#if defined(__mips__) && defined(__MIPSEL__) && (_MIPS_SIM == _ABI64)
 /* MIPSEL64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
@@ -78,7 +80,7 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 };
 #endif
 
-#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABIN32)
+#if defined(__mips__) && defined(__MIPSEL__) && (_MIPS_SIM == _ABIN32)
 /* MIPSEL64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-06-10  7:07 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-06-10  7:07 UTC (permalink / raw
  To: gentoo-commits

commit:     efc6caa0b7eb4fce2d955ae255f449e0cdcf51b4
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 10 07:07:10 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Jun 10 07:07:10 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=efc6caa0

seccomp-bpf: fix warnings by not using nexted open comments

Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 seccomp-bpf.c | 5 +++--
 seccomp-bpf.h | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 8e61f7f..a72f6ef 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -211,8 +211,9 @@ int main(void)
 		err(1, "seccomp_init failed");
 
 	printf("/* AUTO GENERATED FILE. To regenerate run:\n");
-	printf("/*   $ make seccomp-bpf.h\n");
-	printf("/* See seccomp-bpf.c for details. */\n");
+	printf(" *   $ $EDITOR seccomp-bpf.c\n");
+	printf(" *   $ make seccomp-bpf.h\n");
+	printf(" * See seccomp-bpf.c for details. */\n");
 	printf("#undef SECCOMP_BPF_AVAILABLE\n");
 
 	if (seccomp_arch_remove(ctx, seccomp_arch_native()) < 0)

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 95f5bfb..bb2e9cd 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -1,6 +1,7 @@
 /* AUTO GENERATED FILE. To regenerate run:
-/*   $ make seccomp-bpf.h
-/* See seccomp-bpf.c for details. */
+ *   $ $EDITOR seccomp-bpf.c
+ *   $ make seccomp-bpf.h
+ * See seccomp-bpf.c for details. */
 #undef SECCOMP_BPF_AVAILABLE
 
 #if defined(__aarch64__)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-07-02 22:04 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-07-02 22:04 UTC (permalink / raw
  To: gentoo-commits

commit:     703bd1f0d4e142f76b5dfb8827ce2b652ece7d5a
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  2 22:03:53 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Jul  2 22:03:53 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=703bd1f0

BUGS: drop slyfox@ from contacts

Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 BUGS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/BUGS b/BUGS
index 29bf5ce..4ae0846 100644
--- a/BUGS
+++ b/BUGS
@@ -14,6 +14,5 @@ REPORTING BUGS
 --------------
 
 e-mail us:
-slyfox@gentoo.org
 vapier@gentoo.org
 toolchain@gentoo.org


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-07-22 21:16 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-07-22 21:16 UTC (permalink / raw
  To: gentoo-commits

commit:     54aad9134c9c2c3cb01d79d5e81e30623be93d7a
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 22 21:15:43 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Jul 22 21:15:43 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=54aad913

seccomp: allow getrandom() call (glibc-2.34+)

Reported-by: Andreas K. Hüttel
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 seccomp-bpf.c |  3 +++
 seccomp-bpf.h | 76 +++++++++++++++++++++++++++++------------------------------
 2 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index a72f6ef..4bbded8 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -190,6 +190,9 @@ int main(void)
 		 * as ipc() subcalls.  #675378
 		 */
 		SCMP_SYS(ipc),
+
+		/* glibc-2.34+ uses it as part of malloc() implementation. */
+		SCMP_SYS(getrandom),
 	};
 	int fork_syscalls[] = {
 		SCMP_SYS(clone),

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index bb2e9cd..9c5e2de 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
 0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,183,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -19,10 +19,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* ARM */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,55,40,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0
 ,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,40,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,
 0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,64,40,0,0,64,32,0,0,0,0,0,0,0,21,0,61,0,24,1,0,0,21,0,60,0,114,0,0,0,21,0,59,0,190,0,0,0,21,0,58,0,81,1,0,0,21,0,57,0,175,0,0,0,21,0,56,0,174,0,0,0,21,0,55,0,2,0,0,0,21,0,54,0,11,0,0,0,21,0,53,0,120,0,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5
 ,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,65,40,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,24,1,0,0,21,0,61,0,114,0,0,0,21,0,60,0,190,0,0,0,21,0,59,0,81,1,0,0,21,0,58,0,175,0,0,0,21,0,57,0,174,0,0,0,21,0,56,0,2,0,0,0,21,0,55,0,11,0,0,0,21,0,54,0,120,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,
 66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -30,10 +30,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,8,0,32,0,0,0,0,0,0,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,1
 6,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,8,0,32,0,0,0,0,0,0,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16
 ,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,64,0,0,0,8,0,32,0,0,0,0,0,0,0,21,61,0,0,0,15,167,0,21,60,0,0,0,16,182,0,21,59,0,0,0,16,18,0,21,58,0,0,0,16,207,0,21,57,0,0,0,16,99,0,21,56,0,0,0,16,98,0,21,55,0,0,0,15,162,0,21,54,0,0,0,15,171,0,21,53,0,0,0,16,24,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,
 16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,8,0,32,0,0,0,0,0,0,0,21,62,0,0,0,15,167,0,21,61,0,0,0,16,182,0,21,60,0,0,0,16,18,0,21,59,0,0,0,16,207,0,21,58,0,0,0,16,99,0,21,57,0,0,0,16,98,0,21,56,0,0,0,15,162,0,21,55,0,0,0,15,171,0,21,54,0,0,0,16,24,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15
 ,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -41,10 +41,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,8,0,32,0,0,0,0,0,0,0,21,47,0,0,0,20,94,0,21,46,0,0,0,19,199,0,21,45,0,0,0,19,198,0,21,44,0,0,0,19,203,0,21,43,0,0,0,19,204,0,21,42,0,0,0,19,202,0,21,41,0,0,0,19,213,0,21,40,0,0,0,20,137,0,21,39,0,0,0,19,223,0,21,38,0,0,0,20,74,0,21,37,0,0,0,19,146,0,21,36,0,0,0,19,144,0,21,35,0,0,0,19,151,0,21,34,0,0,0,20,58,0,21,33,0,0,0,19,174,0,21,32,0,0,0,19,215,0,21,31,0,0,0,21,63,0,21,30,0,0,0,20,139,0,21,29,0,0,0,20,85,0,21,28,0,0,0,19,194,0,21,27,0,0,0,20,166,0,21,26,0,0,0,19,168,0,21,25,0,0,0,19,167,0,21,24,0,0,0,19,214,0,21,23,0,0,0,20,3,0,21,22,0,0,0,19,148,0,21,21,0,0,0,19,156,0,21,20,0,0,0,19,206,0,21,19,0,0,0,20,169,0,21,18,0,0,0,19,154,0,21,17,0,0,0,19,136,0,21,16,0,0,0,19,152,0,21,15,0,0,0,20,188,0,21,14,0,0,0,19,212,0,21,13,0,0,0,19,147,0,21,12,0,0,0,19,145,0,21,11,0,0,0,20,127,0,21,10,0,0,0,19,138,0,21,9,0,0,0,19,139,0,21,8,0,0,0,20,206,0,21,7,0,0,0,19,140,0,21,6,0,0,0,19,142,0,21,5,0,0,0,19,141,0,21,4,0,0,0,20,132,0,21,3,0,0,0,20,170,0,21,2,0,0,
 0,19,153,0,21,1,0,0,0,19,155,0,21,0,1,0,0,19,137,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,8,0,32,0,0,0,0,0,0,0,21,48,0,0,0,20,94,0,21,47,0,0,0,19,199,0,21,46,0,0,0,19,198,0,21,45,0,0,0,19,203,0,21,44,0,0,0,19,204,0,21,43,0,0,0,19,202,0,21,42,0,0,0,19,213,0,21,41,0,0,0,20,137,0,21,40,0,0,0,19,223,0,21,39,0,0,0,20,74,0,21,38,0,0,0,19,146,0,21,37,0,0,0,19,144,0,21,36,0,0,0,19,151,0,21,35,0,0,0,20,58,0,21,34,0,0,0,19,174,0,21,33,0,0,0,19,215,0,21,32,0,0,0,21,63,0,21,31,0,0,0,20,139,0,21,30,0,0,0,20,85,0,21,29,0,0,0,19,194,0,21,28,0,0,0,20,166,0,21,27,0,0,0,19,168,0,21,26,0,0,0,19,167,0,21,25,0,0,0,19,214,0,21,24,0,0,0,20,3,0,21,23,0,0,0,19,148,0,21,22,0,0,0,19,156,0,21,21,0,0,0,19,206,0,21,20,0,0,0,20,169,0,21,19,0,0,0,19,154,0,21,18,0,0,0,19,136,0,21,17,0,0,0,19,152,0,21,16,0,0,0,20,188,0,21,15,0,0,0,19,212,0,21,14,0,0,0,19,147,0,21,13,0,0,0,19,145,0,21,12,0,0,0,20,127,0,21,11,0,0,0,19,138,0,21,10,0,0,0,19,139,0,21,9,0,0,0,20,206,0,21,8,0,0,0,19,140,0,21,7,0,0,0,19,142,0,21,6,0,0,0,19,141,0,21,5,0,0,0,20,132,0,21,4,0,0,0,20,170,0,21,3,0,0
 ,0,19,153,0,21,2,0,0,0,19,155,0,21,1,0,0,0,19,137,0,21,0,1,0,0,20,193,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,58,128,0,0,8,0,32,0,0,0,0,0,0,0,21,55,0,0,0,19,193,0,21,54,0,0,0,19,191,0,21,53,0,0,0,20,94,0,21,52,0,0,0,19,199,0,21,51,0,0,0,19,198,0,21,50,0,0,0,19,203,0,21,49,0,0,0,19,204,0,21,48,0,0,0,19,202,0,21,47,0,0,0,19,213,0,21,46,0,0,0,20,137,0,21,45,0,0,0,19,223,0,21,44,0,0,0,20,74,0,21,43,0,0,0,19,146,0,21,42,0,0,0,19,144,0,21,41,0,0,0,19,151,0,21,40,0,0,0,20,58,0,21,39,0,0,0,19,174,0,21,38,0,0,0,19,215,0,21,37,0,0,0,21,63,0,21,36,0,0,0,20,139,0,21,35,0,0,0,20,85,0,21,34,0,0,0,19,194,0,21,33,0,0,0,20,166,0,21,32,0,0,0,19,168,0,21,31,0,0,0,19,167,0,21,30,0,0,0,19,214,0,21,29,0,0,0,20,3,0,21,28,0,0,0,19,148,0,21,27,0,0,0,19,156,0,21,26,0,0,0,19,206,0,21,25,0,0,0,20,169,0,21,24,0,0,0,19,154,0,21,23,0,0,0,19,136,0,21,22,0,0,0,19,152,0,21,21,0,0,0,20,188,0,21,20,0,0,0,19,212,0,21,19,0,0,0,19,147,0,21,18,0,0,0,19,145,0,21,17,0,0,0,20,127,0,21,16,0,0,0,19,138,0,21,15,0,0,0,19,139,0,21,14,0,0,0,20,206,0,21,13,0,0,0,19,140,0,21,12,0,0,0,19,142,0,21,11,0,0,0,19,141,0,21
 ,10,0,0,0,20,132,0,21,9,0,0,0,20,170,0,21,8,0,0,0,19,153,0,21,7,0,0,0,19,155,0,21,6,0,0,0,19,137,0,21,5,0,0,0,20,117,0,21,4,0,0,0,19,195,0,21,3,0,0,0,20,142,0,21,2,0,0,0,19,150,0,21,1,0,0,0,19,149,0,21,0,1,0,0,19,192,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,8,0,32,0,0,0,0,0,0,0,21,56,0,0,0,20,94,0,21,55,0,0,0,19,199,0,21,54,0,0,0,19,198,0,21,53,0,0,0,19,203,0,21,52,0,0,0,19,204,0,21,51,0,0,0,19,202,0,21,50,0,0,0,19,213,0,21,49,0,0,0,20,137,0,21,48,0,0,0,19,223,0,21,47,0,0,0,20,74,0,21,46,0,0,0,19,146,0,21,45,0,0,0,19,144,0,21,44,0,0,0,19,151,0,21,43,0,0,0,20,58,0,21,42,0,0,0,19,174,0,21,41,0,0,0,19,215,0,21,40,0,0,0,21,63,0,21,39,0,0,0,20,139,0,21,38,0,0,0,20,85,0,21,37,0,0,0,19,194,0,21,36,0,0,0,20,166,0,21,35,0,0,0,19,168,0,21,34,0,0,0,19,167,0,21,33,0,0,0,19,214,0,21,32,0,0,0,20,3,0,21,31,0,0,0,19,148,0,21,30,0,0,0,19,156,0,21,29,0,0,0,19,206,0,21,28,0,0,0,20,169,0,21,27,0,0,0,19,154,0,21,26,0,0,0,19,136,0,21,25,0,0,0,19,152,0,21,24,0,0,0,20,188,0,21,23,0,0,0,19,212,0,21,22,0,0,0,19,147,0,21,21,0,0,0,19,145,0,21,20,0,0,0,20,127,0,21,19,0,0,0,19,138,0,21,18,0,0,0,19,139,0,21,17,0,0,0,20,206,0,21,16,0,0,0,19,140,0,21,15,0,0,0,19,142,0,21,14,0,0,0,19,141,0,21,13,0,0,0,20,132,0,21,12,0,0,0,20,170,0,21
 ,11,0,0,0,19,153,0,21,10,0,0,0,19,155,0,21,9,0,0,0,19,137,0,21,8,0,0,0,20,117,0,21,7,0,0,0,19,195,0,21,6,0,0,0,20,142,0,21,5,0,0,0,19,150,0,21,4,0,0,0,19,149,0,21,3,0,0,0,19,192,0,21,2,0,0,0,19,193,0,21,1,0,0,0,19,191,0,21,0,1,0,0,20,193,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -52,10 +52,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,51,160,0,0,8,0,32,0,0,0,0,0,0,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,
 0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,52,160,0,0,8,0,32,0,0,0,0,0,0,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0
 ,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,59,160,0,0,8,0,32,0,0,0,0,0,0,0,21,56,0,0,0,24,97,0,21,55,0,0,0,23,171,0,21,54,0,0,0,24,122,0,21,53,0,0,0,23,126,0,21,52,0,0,0,23,125,0,21,51,0,0,0,23,168,0,21,50,0,0,0,23,169,0,21,49,0,0,0,23,167,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21
 ,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,160,0,0,8,0,32,0,0,0,0,0,0,0,21,57,0,0,0,24,97,0,21,56,0,0,0,23,171,0,21,55,0,0,0,24,122,0,21,54,0,0,0,23,126,0,21,53,0,0,0,23,125,0,21,52,0,0,0,23,168,0,21,51,0,0,0,23,169,0,21,50,0,0,0,23,167,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21
 ,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -63,10 +63,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,55,8,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,1
 6,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,8,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,1
 6,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,64,8,0,0,64,32,0,0,0,0,0,0,0,21,0,61,0,167,15,0,0,21,0,60,0,182,16,0,0,21,0,59,0,18,16,0,0,21,0,58,0,207,16,0,0,21,0,57,0,99,16,0,0,21,0,56,0,98,16,0,0,21,0,55,0,162,15,0,0,21,0,54,0,171,15,0,0,21,0,53,0,24,16,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114
 ,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,65,8,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,167,15,0,0,21,0,61,0,182,16,0,0,21,0,60,0,18,16,0,0,21,0,59,0,207,16,0,0,21,0,58,0,99,16,0,0,21,0,57,0,98,16,0,0,21,0,56,0,162,15,0,0,21,0,55,0,171,15,0,0,21,0,54,0,24,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,1
 5,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -74,10 +74,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,8,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,15
 3,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,8,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,1
 70,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,58,8,0,0,192,32,0,0,0,0,0,0,0,21,0,55,0,117,20,0,0,21,0,54,0,195,19,0,0,21,0,53,0,142,20,0,0,21,0,52,0,150,19,0,0,21,0,51,0,149,19,0,0,21,0,50,0,192,19,0,0,21,0,49,0,193,19,0,0,21,0,48,0,191,19,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0
 ,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,59,8,0,0,192,32,0,0,0,0,0,0,0,21,0,56,0,117,20,0,0,21,0,55,0,195,19,0,0,21,0,54,0,142,20,0,0,21,0,53,0,150,19,0,0,21,0,52,0,149,19,0,0,21,0,51,0,192,19,0,0,21,0,50,0,193,19,0,0,21,0,49,0,191,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0
 ,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -85,10 +85,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,8,0,0,224,32,0,0,0,0,0,0,0,21,0,48,0,178,23,0,0,21,0,47,0,189,23,0,0,21,0,46,0,117,24,0,0,21,0,45,0,199,23,0,0,21,0,44,0,50,24,0,0,21,0,43,0,122,23,0,0,21,0,42,0,120,23,0,0,21,0,41,0,127,23,0,0,21,0,40,0,34,24,0,0,21,0,39,0,150,23,0,0,21,0,38,0,191,23,0,0,21,0,37,0,39,25,0,0,21,0,36,0,119,24,0,0,21,0,35,0,61,24,0,0,21,0,34,0,170,23,0,0,21,0,33,0,146,24,0,0,21,0,32,0,144,23,0,0,21,0,31,0,143,23,0,0,21,0,30,0,190,23,0,0,21,0,29,0,235,23,0,0,21,0,28,0,124,23,0,0,21,0,27,0,132,23,0,0,21,0,26,0,68,24,0,0,21,0,25,0,182,23,0,0,21,0,24,0,149,24,0,0,21,0,23,0,130,23,0,0,21,0,22,0,112,23,0,0,21,0,21,0,128,23,0,0,21,0,20,0,155,24,0,0,21,0,19,0,188,23,0,0,21,0,18,0,123,23,0,0,21,0,17,0,121,23,0,0,21,0,16,0,107,24,0,0,21,0,15,0,114,23,0,0,21,0,14,0,115,23,0,0,21,0,13,0,186,24,0,0,21,0,12,0,116,23,0,0,21,0,11,0,118,23,0,0,21,0,10,0,117,23,0,0,21,0,9,0,112,24,0,0,21,0,8,0,150,24,0,0,21,0,7,0,129,23,0,0,21,0,6,0,131,23,0,0,21,0,5,0,113,23,0,0,21,0,4,0,71,24,0,0,21,0,3,0,
 175,23,0,0,21,0,2,0,174,23,0,0,21,0,1,0,179,23,0,0,21,0,0,1,180,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,8,0,0,224,32,0,0,0,0,0,0,0,21,0,49,0,120,23,0,0,21,0,48,0,127,23,0,0,21,0,47,0,34,24,0,0,21,0,46,0,150,23,0,0,21,0,45,0,191,23,0,0,21,0,44,0,39,25,0,0,21,0,43,0,119,24,0,0,21,0,42,0,61,24,0,0,21,0,41,0,170,23,0,0,21,0,40,0,146,24,0,0,21,0,39,0,144,23,0,0,21,0,38,0,143,23,0,0,21,0,37,0,190,23,0,0,21,0,36,0,235,23,0,0,21,0,35,0,124,23,0,0,21,0,34,0,132,23,0,0,21,0,33,0,68,24,0,0,21,0,32,0,182,23,0,0,21,0,31,0,149,24,0,0,21,0,30,0,130,23,0,0,21,0,29,0,112,23,0,0,21,0,28,0,128,23,0,0,21,0,27,0,155,24,0,0,21,0,26,0,188,23,0,0,21,0,25,0,123,23,0,0,21,0,24,0,121,23,0,0,21,0,23,0,107,24,0,0,21,0,22,0,114,23,0,0,21,0,21,0,115,23,0,0,21,0,20,0,186,24,0,0,21,0,19,0,116,23,0,0,21,0,18,0,118,23,0,0,21,0,17,0,117,23,0,0,21,0,16,0,112,24,0,0,21,0,15,0,150,24,0,0,21,0,14,0,129,23,0,0,21,0,13,0,131,23,0,0,21,0,12,0,113,23,0,0,21,0,11,0,173,24,0,0,21,0,10,0,71,24,0,0,21,0,9,0,175,23,0,0,21,0,8,0,174,23,0,0,21,0,7,0,179,23,0,0,21,0,6,0,180,23,0,0,21,0,5,0,178,23,0,0,21,0,4,
 0,189,23,0,0,21,0,3,0,117,24,0,0,21,0,2,0,199,23,0,0,21,0,1,0,50,24,0,0,21,0,0,1,122,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,59,8,0,0,224,32,0,0,0,0,0,0,0,21,0,56,0,178,23,0,0,21,0,55,0,189,23,0,0,21,0,54,0,117,24,0,0,21,0,53,0,199,23,0,0,21,0,52,0,50,24,0,0,21,0,51,0,122,23,0,0,21,0,50,0,120,23,0,0,21,0,49,0,127,23,0,0,21,0,48,0,34,24,0,0,21,0,47,0,150,23,0,0,21,0,46,0,191,23,0,0,21,0,45,0,39,25,0,0,21,0,44,0,119,24,0,0,21,0,43,0,61,24,0,0,21,0,42,0,170,23,0,0,21,0,41,0,146,24,0,0,21,0,40,0,144,23,0,0,21,0,39,0,143,23,0,0,21,0,38,0,190,23,0,0,21,0,37,0,235,23,0,0,21,0,36,0,124,23,0,0,21,0,35,0,132,23,0,0,21,0,34,0,68,24,0,0,21,0,33,0,182,23,0,0,21,0,32,0,149,24,0,0,21,0,31,0,130,23,0,0,21,0,30,0,112,23,0,0,21,0,29,0,128,23,0,0,21,0,28,0,155,24,0,0,21,0,27,0,188,23,0,0,21,0,26,0,123,23,0,0,21,0,25,0,121,23,0,0,21,0,24,0,107,24,0,0,21,0,23,0,114,23,0,0,21,0,22,0,115,23,0,0,21,0,21,0,186,24,0,0,21,0,20,0,116,23,0,0,21,0,19,0,118,23,0,0,21,0,18,0,117,23,0,0,21,0,17,0,112,24,0,0,21,0,16,0,150,24,0,0,21,0,15,0,129,23,0,0,21,0,14,0,131,23,0,0,21,0,13,0,113,23,0,0,21,0,12,0,97,24,0,0,21,
 0,11,0,171,23,0,0,21,0,10,0,122,24,0,0,21,0,9,0,126,23,0,0,21,0,8,0,125,23,0,0,21,0,7,0,168,23,0,0,21,0,6,0,169,23,0,0,21,0,5,0,167,23,0,0,21,0,4,0,71,24,0,0,21,0,3,0,175,23,0,0,21,0,2,0,174,23,0,0,21,0,1,0,179,23,0,0,21,0,0,1,180,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,60,8,0,0,224,32,0,0,0,0,0,0,0,21,0,57,0,120,23,0,0,21,0,56,0,127,23,0,0,21,0,55,0,34,24,0,0,21,0,54,0,150,23,0,0,21,0,53,0,191,23,0,0,21,0,52,0,39,25,0,0,21,0,51,0,119,24,0,0,21,0,50,0,61,24,0,0,21,0,49,0,170,23,0,0,21,0,48,0,146,24,0,0,21,0,47,0,144,23,0,0,21,0,46,0,143,23,0,0,21,0,45,0,190,23,0,0,21,0,44,0,235,23,0,0,21,0,43,0,124,23,0,0,21,0,42,0,132,23,0,0,21,0,41,0,68,24,0,0,21,0,40,0,182,23,0,0,21,0,39,0,149,24,0,0,21,0,38,0,130,23,0,0,21,0,37,0,112,23,0,0,21,0,36,0,128,23,0,0,21,0,35,0,155,24,0,0,21,0,34,0,188,23,0,0,21,0,33,0,123,23,0,0,21,0,32,0,121,23,0,0,21,0,31,0,107,24,0,0,21,0,30,0,114,23,0,0,21,0,29,0,115,23,0,0,21,0,28,0,186,24,0,0,21,0,27,0,116,23,0,0,21,0,26,0,118,23,0,0,21,0,25,0,117,23,0,0,21,0,24,0,112,24,0,0,21,0,23,0,150,24,0,0,21,0,22,0,129,23,0,0,21,0,21,0,131,23,0,0,21,0,20,0,113,23,0,0,21,0,19,0,97,24,0,0,21,0,18,0,171,23,0,0,21,0,17,0,122,24,0,0,21,0,16,0,126,23,0,0,21,0,15,0,125,23,0,0,21,0,14,0,168,23,0,0,21,0,13,0,169,23,0,0,21
 ,0,12,0,167,23,0,0,21,0,11,0,173,24,0,0,21,0,10,0,71,24,0,0,21,0,9,0,175,23,0,0,21,0,8,0,174,23,0,0,21,0,7,0,179,23,0,0,21,0,6,0,180,23,0,0,21,0,5,0,178,23,0,0,21,0,4,0,189,23,0,0,21,0,3,0,117,24,0,0,21,0,2,0,199,23,0,0,21,0,1,0,50,24,0,0,21,0,0,1,122,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -96,10 +96,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,15,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,11
 2,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,15,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,2
 4,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,15,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,0,235,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,113,0,21,59,0,0,0,1,32,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0
 ,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,67,0,0,0,15,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,0,235,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,113,0,21,60,0,0,0,1,32,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0
 ,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -107,10 +107,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,128,0,0,15,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,
 112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,128,0,0,15,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1
 ,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,128,0,0,15,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,0,235,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,113,0,21,59,0,0,0,1,32,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15
 ,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,67,128,0,0,15,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,0,235,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,113,0,21,60,0,0,0,1,32,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16
 ,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -118,10 +118,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,20,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0
 ,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,20,0,32,0,0,0,0,0,0,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,
 0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,20,0,32,0,0,0,0,0,0,0,21,62,0,0,0,0,7,0,21,61,0,0,0,1,16,0,21,60,0,0,0,0,114,0,21,59,0,0,0,0,189,0,21,58,0,0,0,1,26,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,173,0,21,55,0,0,0,0,2,0,21,54,0,0,0,0,11,0,21,53,0,0,0,0,120,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,
 0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,20,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,1,16,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,189,0,21,59,0,0,0,1,26,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,173,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0
 ,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -129,10 +129,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,21,0,32,0,0,0,0,0,0,0,21,48,0,0,0,0,54,0,21,47,0,0,0,0,207,0,21,46,0,0,0,0,20,0,21,45,0,0,0,0,133,0,21,44,0,0,0,1,183,0,21,43,0,0,0,1,42,0,21,42,0,0,0,0,234,0,21,41,0,0,0,0,1,0,21,40,0,0,0,1,60,0,21,39,0,0,0,0,63,0,21,38,0,0,0,0,41,0,21,37,0,0,0,0,12,0,21,36,0,0,0,0,183,0,21,35,0,0,0,0,45,0,21,34,0,0,0,0,33,0,21,33,0,0,0,0,55,0,21,32,0,0,0,1,64,0,21,31,0,0,0,0,145,0,21,30,0,0,0,0,3,0,21,29,0,0,0,0,179,0,21,28,0,0,0,0,202,0,21,27,0,0,0,0,141,0,21,26,0,0,0,0,91,0,21,25,0,0,0,0,90,0,21,24,0,0,0,1,30,0,21,23,0,0,0,0,5,0,21,22,0,0,0,0,6,0,21,21,0,0,0,1,127,0,21,20,0,0,0,0,106,0,21,19,0,0,0,0,107,0,21,18,0,0,0,0,108,0,21,17,0,0,0,1,35,0,21,16,0,0,0,1,65,0,21,15,0,0,0,0,180,0,21,14,0,0,0,0,146,0,21,13,0,0,0,0,4,0,21,12,0,0,0,0,117,0,21,11,0,0,0,0,182,0,21,10,0,0,0,1,40,0,21,9,0,0,0,0,85,0,21,8,0,0,0,0,221,0,21,7,0,0,0,0,125,0,21,6,0,0,0,0,140,0,21,5,0,0,0,0,19,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,
 0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,21,0,32,0,0,0,0,0,0,0,21,49,0,0,0,0,12,0,21,48,0,0,0,0,183,0,21,47,0,0,0,0,45,0,21,46,0,0,0,0,33,0,21,45,0,0,0,0,55,0,21,44,0,0,0,1,64,0,21,43,0,0,0,0,145,0,21,42,0,0,0,0,3,0,21,41,0,0,0,0,179,0,21,40,0,0,0,0,202,0,21,39,0,0,0,0,141,0,21,38,0,0,0,0,91,0,21,37,0,0,0,0,90,0,21,36,0,0,0,1,30,0,21,35,0,0,0,0,5,0,21,34,0,0,0,0,6,0,21,33,0,0,0,1,127,0,21,32,0,0,0,0,106,0,21,31,0,0,0,0,107,0,21,30,0,0,0,0,108,0,21,29,0,0,0,1,35,0,21,28,0,0,0,1,65,0,21,27,0,0,0,0,180,0,21,26,0,0,0,0,146,0,21,25,0,0,0,0,4,0,21,24,0,0,0,1,103,0,21,23,0,0,0,0,117,0,21,22,0,0,0,0,182,0,21,21,0,0,0,1,40,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,221,0,21,18,0,0,0,0,125,0,21,17,0,0,0,0,140,0,21,16,0,0,0,0,19,0,21,15,0,0,0,0,54,0,21,14,0,0,0,0,207,0,21,13,0,0,0,0,20,0,21,12,0,0,0,0,133,0,21,11,0,0,0,1,183,0,21,10,0,0,0,1,42,0,21,9,0,0,0,0,234,0,21,8,0,0,0,0,1,0,21,7,0,0,0,1,60,0,21,6,0,0,0,0,63,0,21,5,0,0,0,0,41,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144
 ,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,61,128,0,0,21,0,32,0,0,0,0,0,0,0,21,58,0,0,0,0,54,0,21,57,0,0,0,0,207,0,21,56,0,0,0,0,20,0,21,55,0,0,0,0,133,0,21,54,0,0,0,1,183,0,21,53,0,0,0,1,42,0,21,52,0,0,0,0,234,0,21,51,0,0,0,0,1,0,21,50,0,0,0,1,60,0,21,49,0,0,0,0,63,0,21,48,0,0,0,0,41,0,21,47,0,0,0,0,12,0,21,46,0,0,0,0,183,0,21,45,0,0,0,0,45,0,21,44,0,0,0,0,33,0,21,43,0,0,0,0,55,0,21,42,0,0,0,1,64,0,21,41,0,0,0,0,145,0,21,40,0,0,0,0,3,0,21,39,0,0,0,0,179,0,21,38,0,0,0,0,202,0,21,37,0,0,0,0,141,0,21,36,0,0,0,0,91,0,21,35,0,0,0,0,90,0,21,34,0,0,0,1,30,0,21,33,0,0,0,0,5,0,21,32,0,0,0,0,6,0,21,31,0,0,0,1,127,0,21,30,0,0,0,0,106,0,21,29,0,0,0,0,107,0,21,28,0,0,0,0,108,0,21,27,0,0,0,1,35,0,21,26,0,0,0,1,65,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,146,0,21,23,0,0,0,0,4,0,21,22,0,0,0,0,7,0,21,21,0,0,0,1,16,0,21,20,0,0,0,0,114,0,21,19,0,0,0,0,189,0,21,18,0,0,0,1,26,0,21,17,0,0,0,0,174,0,21,16,0,0,0,0,173,0,21,15,0,0,0,0,2,0,21,14,0,0,0,0,11,0,21,13,0,0,0,0,120,0,21,12,0,0,0,0,117,0,21,11,0,0,0,0,182,0,21,10,0,0,0,
 1,40,0,21,9,0,0,0,0,85,0,21,8,0,0,0,0,221,0,21,7,0,0,0,0,125,0,21,6,0,0,0,0,140,0,21,5,0,0,0,0,19,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,62,128,0,0,21,0,32,0,0,0,0,0,0,0,21,59,0,0,0,0,12,0,21,58,0,0,0,0,183,0,21,57,0,0,0,0,45,0,21,56,0,0,0,0,33,0,21,55,0,0,0,0,55,0,21,54,0,0,0,1,64,0,21,53,0,0,0,0,145,0,21,52,0,0,0,0,3,0,21,51,0,0,0,0,179,0,21,50,0,0,0,0,202,0,21,49,0,0,0,0,141,0,21,48,0,0,0,0,91,0,21,47,0,0,0,0,90,0,21,46,0,0,0,1,30,0,21,45,0,0,0,0,5,0,21,44,0,0,0,0,6,0,21,43,0,0,0,1,127,0,21,42,0,0,0,0,106,0,21,41,0,0,0,0,107,0,21,40,0,0,0,0,108,0,21,39,0,0,0,1,35,0,21,38,0,0,0,1,65,0,21,37,0,0,0,0,180,0,21,36,0,0,0,0,146,0,21,35,0,0,0,0,4,0,21,34,0,0,0,0,7,0,21,33,0,0,0,1,16,0,21,32,0,0,0,0,114,0,21,31,0,0,0,0,189,0,21,30,0,0,0,1,26,0,21,29,0,0,0,0,174,0,21,28,0,0,0,0,173,0,21,27,0,0,0,0,2,0,21,26,0,0,0,0,11,0,21,25,0,0,0,0,120,0,21,24,0,0,0,1,103,0,21,23,0,0,0,0,117,0,21,22,0,0,0,0,182,0,21,21,0,0,0,1,40,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,221,0,21,18,0,0,0,0,125,0,21,17,0,0,0,0,140,0,21,16,0,0,0,0,19,0,21,15,0,0,0,0,54,0,21,14,0,0,0,0,207,0,21,13,0,0,0,0,20,0,21,12,0,0,0,0,133,0,21,11,0,0
 ,0,1,183,0,21,10,0,0,0,1,42,0,21,9,0,0,0,0,234,0,21,8,0,0,0,0,1,0,21,7,0,0,0,1,60,0,21,6,0,0,0,0,63,0,21,5,0,0,0,0,41,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -140,10 +140,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64LE */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,21,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,
 6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,21,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0
 ,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,61,21,0,0,192,32,0,0,0,0,0,0,0,21,0,58,0,7,0,0,0,21,0,57,0,16,1,0,0,21,0,56,0,114,0,0,0,21,0,55,0,189,0,0,0,21,0,54,0,26,1,0,0,21,0,53,0,174,0,0,0,21,0,52,0,173,0,0,0,21,0,51,0,2,0,0,0,21,0,50,0,11,0,0,0,21,0,49,0,120,0,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108
 ,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,21,0,0,192,32,0,0,0,0,0,0,0,21,0,59,0,7,0,0,0,21,0,58,0,16,1,0,0,21,0,57,0,114,0,0,0,21,0,56,0,189,0,0,0,21,0,55,0,26,1,0,0,21,0,54,0,174,0,0,0,21,0,53,0,173,0,0,0,21,0,52,0,2,0,0,0,21,0,51,0,11,0,0,0,21,0,50,0,120,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107
 ,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -151,10 +151,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* RISCV64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,43,243,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,44,243,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,243,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
 0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,243,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -162,10 +162,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,22,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0
 ,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,22,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0
 ,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,22,0,32,0,0,0,0,0,0,0,21,62,0,0,0,1,25,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,190,0,21,59,0,0,0,1,47,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0
 ,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,22,0,32,0,0,0,0,0,0,0,21,63,0,0,0,1,25,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,190,0,21,60,0,0,0,1,47,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,
 0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -173,10 +173,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390X */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,22,0,32,0,0,0,0,0,0,0,21,47,0,0,0,1,70,0,21,46,0,0,0,0,63,0,21,45,0,0,0,0,41,0,21,44,0,0,0,0,12,0,21,43,0,0,0,0,184,0,21,42,0,0,0,0,45,0,21,41,0,0,0,0,33,0,21,40,0,0,0,0,55,0,21,39,0,0,0,1,72,0,21,38,0,0,0,0,145,0,21,37,0,0,0,0,3,0,21,36,0,0,0,0,180,0,21,35,0,0,0,0,220,0,21,34,0,0,0,0,141,0,21,33,0,0,0,0,91,0,21,32,0,0,0,0,90,0,21,31,0,0,0,1,32,0,21,30,0,0,0,0,5,0,21,29,0,0,0,0,6,0,21,28,0,0,0,1,123,0,21,27,0,0,0,0,106,0,21,26,0,0,0,0,107,0,21,25,0,0,0,0,108,0,21,24,0,0,0,1,37,0,21,23,0,0,0,1,73,0,21,22,0,0,0,0,181,0,21,21,0,0,0,0,146,0,21,20,0,0,0,0,4,0,21,19,0,0,0,0,117,0,21,18,0,0,0,0,183,0,21,17,0,0,0,1,42,0,21,16,0,0,0,0,85,0,21,15,0,0,0,0,238,0,21,14,0,0,0,0,125,0,21,13,0,0,0,0,19,0,21,12,0,0,0,0,54,0,21,11,0,0,0,0,236,0,21,10,0,0,0,0,20,0,21,9,0,0,0,0,133,0,21,8,0,0,0,1,183,0,21,7,0,0,0,1,44,0,21,6,0,0,0,0,248,0,21,5,0,0,0,0,1,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,
 0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,22,0,32,0,0,0,0,0,0,0,21,48,0,0,0,0,91,0,21,47,0,0,0,0,90,0,21,46,0,0,0,1,32,0,21,45,0,0,0,0,5,0,21,44,0,0,0,0,6,0,21,43,0,0,0,1,123,0,21,42,0,0,0,0,106,0,21,41,0,0,0,0,107,0,21,40,0,0,0,0,108,0,21,39,0,0,0,1,37,0,21,38,0,0,0,1,73,0,21,37,0,0,0,0,181,0,21,36,0,0,0,0,146,0,21,35,0,0,0,0,4,0,21,34,0,0,0,1,93,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,183,0,21,31,0,0,0,1,42,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,238,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,19,0,21,26,0,0,0,0,54,0,21,25,0,0,0,0,236,0,21,24,0,0,0,0,20,0,21,23,0,0,0,0,133,0,21,22,0,0,0,1,183,0,21,21,0,0,0,1,44,0,21,20,0,0,0,0,248,0,21,19,0,0,0,0,1,0,21,18,0,0,0,1,70,0,21,17,0,0,0,0,63,0,21,16,0,0,0,0,41,0,21,15,0,0,0,0,12,0,21,14,0,0,0,0,184,0,21,13,0,0,0,0,45,0,21,12,0,0,0,0,33,0,21,11,0,0,0,0,55,0,21,10,0,0,0,1,72,0,21,9,0,0,0,0,145,0,21,8,0,0,0,0,3,0,21,7,0,0,0,0,180,0,21,6,0,0,0,0,220,0,21,5,0,0,0,0,141,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0
 ,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,22,0,32,0,0,0,0,0,0,0,21,56,0,0,0,1,70,0,21,55,0,0,0,0,63,0,21,54,0,0,0,0,41,0,21,53,0,0,0,0,12,0,21,52,0,0,0,0,184,0,21,51,0,0,0,0,45,0,21,50,0,0,0,0,33,0,21,49,0,0,0,0,55,0,21,48,0,0,0,1,72,0,21,47,0,0,0,0,145,0,21,46,0,0,0,0,3,0,21,45,0,0,0,0,180,0,21,44,0,0,0,0,220,0,21,43,0,0,0,0,141,0,21,42,0,0,0,0,91,0,21,41,0,0,0,0,90,0,21,40,0,0,0,1,32,0,21,39,0,0,0,0,5,0,21,38,0,0,0,0,6,0,21,37,0,0,0,1,123,0,21,36,0,0,0,0,106,0,21,35,0,0,0,0,107,0,21,34,0,0,0,0,108,0,21,33,0,0,0,1,37,0,21,32,0,0,0,1,73,0,21,31,0,0,0,0,181,0,21,30,0,0,0,0,146,0,21,29,0,0,0,0,4,0,21,28,0,0,0,1,25,0,21,27,0,0,0,0,114,0,21,26,0,0,0,0,190,0,21,25,0,0,0,1,47,0,21,24,0,0,0,0,175,0,21,23,0,0,0,0,174,0,21,22,0,0,0,0,2,0,21,21,0,0,0,0,11,0,21,20,0,0,0,0,120,0,21,19,0,0,0,0,117,0,21,18,0,0,0,0,183,0,21,17,0,0,0,1,42,0,21,16,0,0,0,0,85,0,21,15,0,0,0,0,238,0,21,14,0,0,0,0,125,0,21,13,0,0,0,0,19,0,21,12,0,0,0,0,54,0,21,11,0,0,0,0,236,0,21,10,0,0,0,0,20,0,21,9,0,0,0,0,133,0,21,8,0,0,0,
 1,183,0,21,7,0,0,0,1,44,0,21,6,0,0,0,0,248,0,21,5,0,0,0,0,1,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,22,0,32,0,0,0,0,0,0,0,21,57,0,0,0,0,91,0,21,56,0,0,0,0,90,0,21,55,0,0,0,1,32,0,21,54,0,0,0,0,5,0,21,53,0,0,0,0,6,0,21,52,0,0,0,1,123,0,21,51,0,0,0,0,106,0,21,50,0,0,0,0,107,0,21,49,0,0,0,0,108,0,21,48,0,0,0,1,37,0,21,47,0,0,0,1,73,0,21,46,0,0,0,0,181,0,21,45,0,0,0,0,146,0,21,44,0,0,0,0,4,0,21,43,0,0,0,1,25,0,21,42,0,0,0,0,114,0,21,41,0,0,0,0,190,0,21,40,0,0,0,1,47,0,21,39,0,0,0,0,175,0,21,38,0,0,0,0,174,0,21,37,0,0,0,0,2,0,21,36,0,0,0,0,11,0,21,35,0,0,0,0,120,0,21,34,0,0,0,1,93,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,183,0,21,31,0,0,0,1,42,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,238,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,19,0,21,26,0,0,0,0,54,0,21,25,0,0,0,0,236,0,21,24,0,0,0,0,20,0,21,23,0,0,0,0,133,0,21,22,0,0,0,1,183,0,21,21,0,0,0,1,44,0,21,20,0,0,0,0,248,0,21,19,0,0,0,0,1,0,21,18,0,0,0,1,70,0,21,17,0,0,0,0,63,0,21,16,0,0,0,0,41,0,21,15,0,0,0,0,12,0,21,14,0,0,0,0,184,0,21,13,0,0,0,0,45,0,21,12,0,0,0,0,33,0,21,11,0,0,0,0,55,0,21,10,0,0,0,1,72,0,21,9,0,0,0,0
 ,145,0,21,8,0,0,0,0,3,0,21,7,0,0,0,0,180,0,21,6,0,0,0,0,220,0,21,5,0,0,0,0,141,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -184,10 +184,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,55,3,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,
 0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,3,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,
 0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,65,3,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,7,0,0,0,21,0,61,0,28,1,0,0,21,0,60,0,114,0,0,0,21,0,59,0,190,0,0,0,21,0,58,0,54,1,0,0,21,0,57,0,175,0,0,0,21,0,56,0,174,0,0,0,21,0,55,0,2,0,0,0,21,0,54,0,11,0,0,0,21,0,53,0,120,0,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0
 ,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,66,3,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,7,0,0,0,21,0,62,0,28,1,0,0,21,0,61,0,114,0,0,0,21,0,60,0,190,0,0,0,21,0,59,0,54,1,0,0,21,0,58,0,175,0,0,0,21,0,57,0,174,0,0,0,21,0,56,0,2,0,0,0,21,0,55,0,11,0,0,0,21,0,54,0,120,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,
 0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -195,10 +195,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,49,0,0,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,
 64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,50,0,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,
 0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,60,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,58,0,0,0,64,21,0,56,0,17,2,0,64,21,0,55,0,61,0,0,64,21,0,54,0,58,0,0,64,21,0,53,0,16,1,0,64,21,0,52,0,14,0,0,64,21,0,51,0,0,2,0,64,21,0,50,0,57,0,0,64,21,0,49,0,8,2,0,64,21,0,48,0,56,0,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,
 0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,61,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,59,0,0,0,64,21,0,57,0,17,2,0,64,21,0,56,0,61,0,0,64,21,0,55,0,58,0,0,64,21,0,54,0,16,1,0,64,21,0,53,0,14,0,0,64,21,0,52,0,0,2,0,64,21,0,51,0,57,0,0,64,21,0,50,0,8,2,0,64,21,0,49,0,56,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21
 ,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -206,10 +206,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86_64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,49,255,255,255,255,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0
 ,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,53,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,50,255,255,255,255,21,0,48,0,62,1,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0
 ,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,61,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,58,255,255,255,255,21,0,56,0,247,0,0,0,21,0,55,0,61,0,0,0,21,0,54,0,58,0,0,0,21,0,53,0,16,1,0,0,21,0,52,0,14,0,0,0,21,0,51,0,13,0,0,0,21,0,50,0,57,0,0,0,21,0,49,0,59,0,0,0,21,0,48,0,56,0,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,2
 1,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,59,255,255,255,255,21,0,57,0,247,0,0,0,21,0,56,0,61,0,0,0,21,0,55,0,58,0,0,0,21,0,54,0,16,1,0,0,21,0,53,0,14,0,0,0,21,0,52,0,13,0,0,0,21,0,51,0,57,0,0,0,21,0,50,0,59,0,0,0,21,0,49,0,56,0,0,0,21,0,48,0,62,1,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,
 21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-07-22 21:31 Sergei Trofimovich
  0 siblings, 0 replies; 253+ messages in thread
From: Sergei Trofimovich @ 2021-07-22 21:31 UTC (permalink / raw
  To: gentoo-commits

commit:     25e4d53c70f2b677dcde1c37cb9c67214b38d611
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 22 21:15:43 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Jul 22 21:23:46 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=25e4d53c

seccomp: allow getrandom() call (glibc-2.34+)

Reported-by: Andreas K. Hüttel
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 seccomp-bpf.c |  3 +++
 seccomp-bpf.h | 76 +++++++++++++++++++++++++++++------------------------------
 2 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index a72f6ef..5279d20 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -190,6 +190,9 @@ int main(void)
 		 * as ipc() subcalls.  #675378
 		 */
 		SCMP_SYS(ipc),
+
+		/* glibc-2.34+ uses it as part of mem alloc functions. */
+		SCMP_SYS(getrandom),
 	};
 	int fork_syscalls[] = {
 		SCMP_SYS(clone),

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index bb2e9cd..9c5e2de 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
 0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,183,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -19,10 +19,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* ARM */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,55,40,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0
 ,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,40,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,
 0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,64,40,0,0,64,32,0,0,0,0,0,0,0,21,0,61,0,24,1,0,0,21,0,60,0,114,0,0,0,21,0,59,0,190,0,0,0,21,0,58,0,81,1,0,0,21,0,57,0,175,0,0,0,21,0,56,0,174,0,0,0,21,0,55,0,2,0,0,0,21,0,54,0,11,0,0,0,21,0,53,0,120,0,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5
 ,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,65,40,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,24,1,0,0,21,0,61,0,114,0,0,0,21,0,60,0,190,0,0,0,21,0,59,0,81,1,0,0,21,0,58,0,175,0,0,0,21,0,57,0,174,0,0,0,21,0,56,0,2,0,0,0,21,0,55,0,11,0,0,0,21,0,54,0,120,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,
 66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -30,10 +30,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,8,0,32,0,0,0,0,0,0,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,1
 6,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,8,0,32,0,0,0,0,0,0,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16
 ,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,64,0,0,0,8,0,32,0,0,0,0,0,0,0,21,61,0,0,0,15,167,0,21,60,0,0,0,16,182,0,21,59,0,0,0,16,18,0,21,58,0,0,0,16,207,0,21,57,0,0,0,16,99,0,21,56,0,0,0,16,98,0,21,55,0,0,0,15,162,0,21,54,0,0,0,15,171,0,21,53,0,0,0,16,24,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,
 16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,8,0,32,0,0,0,0,0,0,0,21,62,0,0,0,15,167,0,21,61,0,0,0,16,182,0,21,60,0,0,0,16,18,0,21,59,0,0,0,16,207,0,21,58,0,0,0,16,99,0,21,57,0,0,0,16,98,0,21,56,0,0,0,15,162,0,21,55,0,0,0,15,171,0,21,54,0,0,0,16,24,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15
 ,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -41,10 +41,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,8,0,32,0,0,0,0,0,0,0,21,47,0,0,0,20,94,0,21,46,0,0,0,19,199,0,21,45,0,0,0,19,198,0,21,44,0,0,0,19,203,0,21,43,0,0,0,19,204,0,21,42,0,0,0,19,202,0,21,41,0,0,0,19,213,0,21,40,0,0,0,20,137,0,21,39,0,0,0,19,223,0,21,38,0,0,0,20,74,0,21,37,0,0,0,19,146,0,21,36,0,0,0,19,144,0,21,35,0,0,0,19,151,0,21,34,0,0,0,20,58,0,21,33,0,0,0,19,174,0,21,32,0,0,0,19,215,0,21,31,0,0,0,21,63,0,21,30,0,0,0,20,139,0,21,29,0,0,0,20,85,0,21,28,0,0,0,19,194,0,21,27,0,0,0,20,166,0,21,26,0,0,0,19,168,0,21,25,0,0,0,19,167,0,21,24,0,0,0,19,214,0,21,23,0,0,0,20,3,0,21,22,0,0,0,19,148,0,21,21,0,0,0,19,156,0,21,20,0,0,0,19,206,0,21,19,0,0,0,20,169,0,21,18,0,0,0,19,154,0,21,17,0,0,0,19,136,0,21,16,0,0,0,19,152,0,21,15,0,0,0,20,188,0,21,14,0,0,0,19,212,0,21,13,0,0,0,19,147,0,21,12,0,0,0,19,145,0,21,11,0,0,0,20,127,0,21,10,0,0,0,19,138,0,21,9,0,0,0,19,139,0,21,8,0,0,0,20,206,0,21,7,0,0,0,19,140,0,21,6,0,0,0,19,142,0,21,5,0,0,0,19,141,0,21,4,0,0,0,20,132,0,21,3,0,0,0,20,170,0,21,2,0,0,
 0,19,153,0,21,1,0,0,0,19,155,0,21,0,1,0,0,19,137,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,8,0,32,0,0,0,0,0,0,0,21,48,0,0,0,20,94,0,21,47,0,0,0,19,199,0,21,46,0,0,0,19,198,0,21,45,0,0,0,19,203,0,21,44,0,0,0,19,204,0,21,43,0,0,0,19,202,0,21,42,0,0,0,19,213,0,21,41,0,0,0,20,137,0,21,40,0,0,0,19,223,0,21,39,0,0,0,20,74,0,21,38,0,0,0,19,146,0,21,37,0,0,0,19,144,0,21,36,0,0,0,19,151,0,21,35,0,0,0,20,58,0,21,34,0,0,0,19,174,0,21,33,0,0,0,19,215,0,21,32,0,0,0,21,63,0,21,31,0,0,0,20,139,0,21,30,0,0,0,20,85,0,21,29,0,0,0,19,194,0,21,28,0,0,0,20,166,0,21,27,0,0,0,19,168,0,21,26,0,0,0,19,167,0,21,25,0,0,0,19,214,0,21,24,0,0,0,20,3,0,21,23,0,0,0,19,148,0,21,22,0,0,0,19,156,0,21,21,0,0,0,19,206,0,21,20,0,0,0,20,169,0,21,19,0,0,0,19,154,0,21,18,0,0,0,19,136,0,21,17,0,0,0,19,152,0,21,16,0,0,0,20,188,0,21,15,0,0,0,19,212,0,21,14,0,0,0,19,147,0,21,13,0,0,0,19,145,0,21,12,0,0,0,20,127,0,21,11,0,0,0,19,138,0,21,10,0,0,0,19,139,0,21,9,0,0,0,20,206,0,21,8,0,0,0,19,140,0,21,7,0,0,0,19,142,0,21,6,0,0,0,19,141,0,21,5,0,0,0,20,132,0,21,4,0,0,0,20,170,0,21,3,0,0
 ,0,19,153,0,21,2,0,0,0,19,155,0,21,1,0,0,0,19,137,0,21,0,1,0,0,20,193,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,58,128,0,0,8,0,32,0,0,0,0,0,0,0,21,55,0,0,0,19,193,0,21,54,0,0,0,19,191,0,21,53,0,0,0,20,94,0,21,52,0,0,0,19,199,0,21,51,0,0,0,19,198,0,21,50,0,0,0,19,203,0,21,49,0,0,0,19,204,0,21,48,0,0,0,19,202,0,21,47,0,0,0,19,213,0,21,46,0,0,0,20,137,0,21,45,0,0,0,19,223,0,21,44,0,0,0,20,74,0,21,43,0,0,0,19,146,0,21,42,0,0,0,19,144,0,21,41,0,0,0,19,151,0,21,40,0,0,0,20,58,0,21,39,0,0,0,19,174,0,21,38,0,0,0,19,215,0,21,37,0,0,0,21,63,0,21,36,0,0,0,20,139,0,21,35,0,0,0,20,85,0,21,34,0,0,0,19,194,0,21,33,0,0,0,20,166,0,21,32,0,0,0,19,168,0,21,31,0,0,0,19,167,0,21,30,0,0,0,19,214,0,21,29,0,0,0,20,3,0,21,28,0,0,0,19,148,0,21,27,0,0,0,19,156,0,21,26,0,0,0,19,206,0,21,25,0,0,0,20,169,0,21,24,0,0,0,19,154,0,21,23,0,0,0,19,136,0,21,22,0,0,0,19,152,0,21,21,0,0,0,20,188,0,21,20,0,0,0,19,212,0,21,19,0,0,0,19,147,0,21,18,0,0,0,19,145,0,21,17,0,0,0,20,127,0,21,16,0,0,0,19,138,0,21,15,0,0,0,19,139,0,21,14,0,0,0,20,206,0,21,13,0,0,0,19,140,0,21,12,0,0,0,19,142,0,21,11,0,0,0,19,141,0,21
 ,10,0,0,0,20,132,0,21,9,0,0,0,20,170,0,21,8,0,0,0,19,153,0,21,7,0,0,0,19,155,0,21,6,0,0,0,19,137,0,21,5,0,0,0,20,117,0,21,4,0,0,0,19,195,0,21,3,0,0,0,20,142,0,21,2,0,0,0,19,150,0,21,1,0,0,0,19,149,0,21,0,1,0,0,19,192,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,8,0,32,0,0,0,0,0,0,0,21,56,0,0,0,20,94,0,21,55,0,0,0,19,199,0,21,54,0,0,0,19,198,0,21,53,0,0,0,19,203,0,21,52,0,0,0,19,204,0,21,51,0,0,0,19,202,0,21,50,0,0,0,19,213,0,21,49,0,0,0,20,137,0,21,48,0,0,0,19,223,0,21,47,0,0,0,20,74,0,21,46,0,0,0,19,146,0,21,45,0,0,0,19,144,0,21,44,0,0,0,19,151,0,21,43,0,0,0,20,58,0,21,42,0,0,0,19,174,0,21,41,0,0,0,19,215,0,21,40,0,0,0,21,63,0,21,39,0,0,0,20,139,0,21,38,0,0,0,20,85,0,21,37,0,0,0,19,194,0,21,36,0,0,0,20,166,0,21,35,0,0,0,19,168,0,21,34,0,0,0,19,167,0,21,33,0,0,0,19,214,0,21,32,0,0,0,20,3,0,21,31,0,0,0,19,148,0,21,30,0,0,0,19,156,0,21,29,0,0,0,19,206,0,21,28,0,0,0,20,169,0,21,27,0,0,0,19,154,0,21,26,0,0,0,19,136,0,21,25,0,0,0,19,152,0,21,24,0,0,0,20,188,0,21,23,0,0,0,19,212,0,21,22,0,0,0,19,147,0,21,21,0,0,0,19,145,0,21,20,0,0,0,20,127,0,21,19,0,0,0,19,138,0,21,18,0,0,0,19,139,0,21,17,0,0,0,20,206,0,21,16,0,0,0,19,140,0,21,15,0,0,0,19,142,0,21,14,0,0,0,19,141,0,21,13,0,0,0,20,132,0,21,12,0,0,0,20,170,0,21
 ,11,0,0,0,19,153,0,21,10,0,0,0,19,155,0,21,9,0,0,0,19,137,0,21,8,0,0,0,20,117,0,21,7,0,0,0,19,195,0,21,6,0,0,0,20,142,0,21,5,0,0,0,19,150,0,21,4,0,0,0,19,149,0,21,3,0,0,0,19,192,0,21,2,0,0,0,19,193,0,21,1,0,0,0,19,191,0,21,0,1,0,0,20,193,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -52,10 +52,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,51,160,0,0,8,0,32,0,0,0,0,0,0,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,
 0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,52,160,0,0,8,0,32,0,0,0,0,0,0,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0
 ,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,59,160,0,0,8,0,32,0,0,0,0,0,0,0,21,56,0,0,0,24,97,0,21,55,0,0,0,23,171,0,21,54,0,0,0,24,122,0,21,53,0,0,0,23,126,0,21,52,0,0,0,23,125,0,21,51,0,0,0,23,168,0,21,50,0,0,0,23,169,0,21,49,0,0,0,23,167,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21
 ,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,160,0,0,8,0,32,0,0,0,0,0,0,0,21,57,0,0,0,24,97,0,21,56,0,0,0,23,171,0,21,55,0,0,0,24,122,0,21,54,0,0,0,23,126,0,21,53,0,0,0,23,125,0,21,52,0,0,0,23,168,0,21,51,0,0,0,23,169,0,21,50,0,0,0,23,167,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21
 ,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -63,10 +63,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,55,8,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,1
 6,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,8,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,1
 6,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,64,8,0,0,64,32,0,0,0,0,0,0,0,21,0,61,0,167,15,0,0,21,0,60,0,182,16,0,0,21,0,59,0,18,16,0,0,21,0,58,0,207,16,0,0,21,0,57,0,99,16,0,0,21,0,56,0,98,16,0,0,21,0,55,0,162,15,0,0,21,0,54,0,171,15,0,0,21,0,53,0,24,16,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114
 ,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,65,8,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,167,15,0,0,21,0,61,0,182,16,0,0,21,0,60,0,18,16,0,0,21,0,59,0,207,16,0,0,21,0,58,0,99,16,0,0,21,0,57,0,98,16,0,0,21,0,56,0,162,15,0,0,21,0,55,0,171,15,0,0,21,0,54,0,24,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,1
 5,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -74,10 +74,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,8,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,15
 3,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,8,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,1
 70,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,58,8,0,0,192,32,0,0,0,0,0,0,0,21,0,55,0,117,20,0,0,21,0,54,0,195,19,0,0,21,0,53,0,142,20,0,0,21,0,52,0,150,19,0,0,21,0,51,0,149,19,0,0,21,0,50,0,192,19,0,0,21,0,49,0,193,19,0,0,21,0,48,0,191,19,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0
 ,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,59,8,0,0,192,32,0,0,0,0,0,0,0,21,0,56,0,117,20,0,0,21,0,55,0,195,19,0,0,21,0,54,0,142,20,0,0,21,0,53,0,150,19,0,0,21,0,52,0,149,19,0,0,21,0,51,0,192,19,0,0,21,0,50,0,193,19,0,0,21,0,49,0,191,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0
 ,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -85,10 +85,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,8,0,0,224,32,0,0,0,0,0,0,0,21,0,48,0,178,23,0,0,21,0,47,0,189,23,0,0,21,0,46,0,117,24,0,0,21,0,45,0,199,23,0,0,21,0,44,0,50,24,0,0,21,0,43,0,122,23,0,0,21,0,42,0,120,23,0,0,21,0,41,0,127,23,0,0,21,0,40,0,34,24,0,0,21,0,39,0,150,23,0,0,21,0,38,0,191,23,0,0,21,0,37,0,39,25,0,0,21,0,36,0,119,24,0,0,21,0,35,0,61,24,0,0,21,0,34,0,170,23,0,0,21,0,33,0,146,24,0,0,21,0,32,0,144,23,0,0,21,0,31,0,143,23,0,0,21,0,30,0,190,23,0,0,21,0,29,0,235,23,0,0,21,0,28,0,124,23,0,0,21,0,27,0,132,23,0,0,21,0,26,0,68,24,0,0,21,0,25,0,182,23,0,0,21,0,24,0,149,24,0,0,21,0,23,0,130,23,0,0,21,0,22,0,112,23,0,0,21,0,21,0,128,23,0,0,21,0,20,0,155,24,0,0,21,0,19,0,188,23,0,0,21,0,18,0,123,23,0,0,21,0,17,0,121,23,0,0,21,0,16,0,107,24,0,0,21,0,15,0,114,23,0,0,21,0,14,0,115,23,0,0,21,0,13,0,186,24,0,0,21,0,12,0,116,23,0,0,21,0,11,0,118,23,0,0,21,0,10,0,117,23,0,0,21,0,9,0,112,24,0,0,21,0,8,0,150,24,0,0,21,0,7,0,129,23,0,0,21,0,6,0,131,23,0,0,21,0,5,0,113,23,0,0,21,0,4,0,71,24,0,0,21,0,3,0,
 175,23,0,0,21,0,2,0,174,23,0,0,21,0,1,0,179,23,0,0,21,0,0,1,180,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,8,0,0,224,32,0,0,0,0,0,0,0,21,0,49,0,120,23,0,0,21,0,48,0,127,23,0,0,21,0,47,0,34,24,0,0,21,0,46,0,150,23,0,0,21,0,45,0,191,23,0,0,21,0,44,0,39,25,0,0,21,0,43,0,119,24,0,0,21,0,42,0,61,24,0,0,21,0,41,0,170,23,0,0,21,0,40,0,146,24,0,0,21,0,39,0,144,23,0,0,21,0,38,0,143,23,0,0,21,0,37,0,190,23,0,0,21,0,36,0,235,23,0,0,21,0,35,0,124,23,0,0,21,0,34,0,132,23,0,0,21,0,33,0,68,24,0,0,21,0,32,0,182,23,0,0,21,0,31,0,149,24,0,0,21,0,30,0,130,23,0,0,21,0,29,0,112,23,0,0,21,0,28,0,128,23,0,0,21,0,27,0,155,24,0,0,21,0,26,0,188,23,0,0,21,0,25,0,123,23,0,0,21,0,24,0,121,23,0,0,21,0,23,0,107,24,0,0,21,0,22,0,114,23,0,0,21,0,21,0,115,23,0,0,21,0,20,0,186,24,0,0,21,0,19,0,116,23,0,0,21,0,18,0,118,23,0,0,21,0,17,0,117,23,0,0,21,0,16,0,112,24,0,0,21,0,15,0,150,24,0,0,21,0,14,0,129,23,0,0,21,0,13,0,131,23,0,0,21,0,12,0,113,23,0,0,21,0,11,0,173,24,0,0,21,0,10,0,71,24,0,0,21,0,9,0,175,23,0,0,21,0,8,0,174,23,0,0,21,0,7,0,179,23,0,0,21,0,6,0,180,23,0,0,21,0,5,0,178,23,0,0,21,0,4,
 0,189,23,0,0,21,0,3,0,117,24,0,0,21,0,2,0,199,23,0,0,21,0,1,0,50,24,0,0,21,0,0,1,122,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,59,8,0,0,224,32,0,0,0,0,0,0,0,21,0,56,0,178,23,0,0,21,0,55,0,189,23,0,0,21,0,54,0,117,24,0,0,21,0,53,0,199,23,0,0,21,0,52,0,50,24,0,0,21,0,51,0,122,23,0,0,21,0,50,0,120,23,0,0,21,0,49,0,127,23,0,0,21,0,48,0,34,24,0,0,21,0,47,0,150,23,0,0,21,0,46,0,191,23,0,0,21,0,45,0,39,25,0,0,21,0,44,0,119,24,0,0,21,0,43,0,61,24,0,0,21,0,42,0,170,23,0,0,21,0,41,0,146,24,0,0,21,0,40,0,144,23,0,0,21,0,39,0,143,23,0,0,21,0,38,0,190,23,0,0,21,0,37,0,235,23,0,0,21,0,36,0,124,23,0,0,21,0,35,0,132,23,0,0,21,0,34,0,68,24,0,0,21,0,33,0,182,23,0,0,21,0,32,0,149,24,0,0,21,0,31,0,130,23,0,0,21,0,30,0,112,23,0,0,21,0,29,0,128,23,0,0,21,0,28,0,155,24,0,0,21,0,27,0,188,23,0,0,21,0,26,0,123,23,0,0,21,0,25,0,121,23,0,0,21,0,24,0,107,24,0,0,21,0,23,0,114,23,0,0,21,0,22,0,115,23,0,0,21,0,21,0,186,24,0,0,21,0,20,0,116,23,0,0,21,0,19,0,118,23,0,0,21,0,18,0,117,23,0,0,21,0,17,0,112,24,0,0,21,0,16,0,150,24,0,0,21,0,15,0,129,23,0,0,21,0,14,0,131,23,0,0,21,0,13,0,113,23,0,0,21,0,12,0,97,24,0,0,21,
 0,11,0,171,23,0,0,21,0,10,0,122,24,0,0,21,0,9,0,126,23,0,0,21,0,8,0,125,23,0,0,21,0,7,0,168,23,0,0,21,0,6,0,169,23,0,0,21,0,5,0,167,23,0,0,21,0,4,0,71,24,0,0,21,0,3,0,175,23,0,0,21,0,2,0,174,23,0,0,21,0,1,0,179,23,0,0,21,0,0,1,180,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,60,8,0,0,224,32,0,0,0,0,0,0,0,21,0,57,0,120,23,0,0,21,0,56,0,127,23,0,0,21,0,55,0,34,24,0,0,21,0,54,0,150,23,0,0,21,0,53,0,191,23,0,0,21,0,52,0,39,25,0,0,21,0,51,0,119,24,0,0,21,0,50,0,61,24,0,0,21,0,49,0,170,23,0,0,21,0,48,0,146,24,0,0,21,0,47,0,144,23,0,0,21,0,46,0,143,23,0,0,21,0,45,0,190,23,0,0,21,0,44,0,235,23,0,0,21,0,43,0,124,23,0,0,21,0,42,0,132,23,0,0,21,0,41,0,68,24,0,0,21,0,40,0,182,23,0,0,21,0,39,0,149,24,0,0,21,0,38,0,130,23,0,0,21,0,37,0,112,23,0,0,21,0,36,0,128,23,0,0,21,0,35,0,155,24,0,0,21,0,34,0,188,23,0,0,21,0,33,0,123,23,0,0,21,0,32,0,121,23,0,0,21,0,31,0,107,24,0,0,21,0,30,0,114,23,0,0,21,0,29,0,115,23,0,0,21,0,28,0,186,24,0,0,21,0,27,0,116,23,0,0,21,0,26,0,118,23,0,0,21,0,25,0,117,23,0,0,21,0,24,0,112,24,0,0,21,0,23,0,150,24,0,0,21,0,22,0,129,23,0,0,21,0,21,0,131,23,0,0,21,0,20,0,113,23,0,0,21,0,19,0,97,24,0,0,21,0,18,0,171,23,0,0,21,0,17,0,122,24,0,0,21,0,16,0,126,23,0,0,21,0,15,0,125,23,0,0,21,0,14,0,168,23,0,0,21,0,13,0,169,23,0,0,21
 ,0,12,0,167,23,0,0,21,0,11,0,173,24,0,0,21,0,10,0,71,24,0,0,21,0,9,0,175,23,0,0,21,0,8,0,174,23,0,0,21,0,7,0,179,23,0,0,21,0,6,0,180,23,0,0,21,0,5,0,178,23,0,0,21,0,4,0,189,23,0,0,21,0,3,0,117,24,0,0,21,0,2,0,199,23,0,0,21,0,1,0,50,24,0,0,21,0,0,1,122,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -96,10 +96,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,15,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,11
 2,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,15,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,2
 4,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,15,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,0,235,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,113,0,21,59,0,0,0,1,32,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0
 ,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,67,0,0,0,15,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,0,235,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,113,0,21,60,0,0,0,1,32,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0
 ,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -107,10 +107,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,128,0,0,15,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,
 112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,128,0,0,15,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1
 ,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,128,0,0,15,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,0,235,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,113,0,21,59,0,0,0,1,32,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15
 ,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,67,128,0,0,15,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,0,235,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,113,0,21,60,0,0,0,1,32,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16
 ,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -118,10 +118,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,20,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0
 ,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,20,0,32,0,0,0,0,0,0,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,
 0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,20,0,32,0,0,0,0,0,0,0,21,62,0,0,0,0,7,0,21,61,0,0,0,1,16,0,21,60,0,0,0,0,114,0,21,59,0,0,0,0,189,0,21,58,0,0,0,1,26,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,173,0,21,55,0,0,0,0,2,0,21,54,0,0,0,0,11,0,21,53,0,0,0,0,120,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,
 0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,20,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,1,16,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,189,0,21,59,0,0,0,1,26,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,173,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0
 ,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -129,10 +129,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,21,0,32,0,0,0,0,0,0,0,21,48,0,0,0,0,54,0,21,47,0,0,0,0,207,0,21,46,0,0,0,0,20,0,21,45,0,0,0,0,133,0,21,44,0,0,0,1,183,0,21,43,0,0,0,1,42,0,21,42,0,0,0,0,234,0,21,41,0,0,0,0,1,0,21,40,0,0,0,1,60,0,21,39,0,0,0,0,63,0,21,38,0,0,0,0,41,0,21,37,0,0,0,0,12,0,21,36,0,0,0,0,183,0,21,35,0,0,0,0,45,0,21,34,0,0,0,0,33,0,21,33,0,0,0,0,55,0,21,32,0,0,0,1,64,0,21,31,0,0,0,0,145,0,21,30,0,0,0,0,3,0,21,29,0,0,0,0,179,0,21,28,0,0,0,0,202,0,21,27,0,0,0,0,141,0,21,26,0,0,0,0,91,0,21,25,0,0,0,0,90,0,21,24,0,0,0,1,30,0,21,23,0,0,0,0,5,0,21,22,0,0,0,0,6,0,21,21,0,0,0,1,127,0,21,20,0,0,0,0,106,0,21,19,0,0,0,0,107,0,21,18,0,0,0,0,108,0,21,17,0,0,0,1,35,0,21,16,0,0,0,1,65,0,21,15,0,0,0,0,180,0,21,14,0,0,0,0,146,0,21,13,0,0,0,0,4,0,21,12,0,0,0,0,117,0,21,11,0,0,0,0,182,0,21,10,0,0,0,1,40,0,21,9,0,0,0,0,85,0,21,8,0,0,0,0,221,0,21,7,0,0,0,0,125,0,21,6,0,0,0,0,140,0,21,5,0,0,0,0,19,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,
 0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,21,0,32,0,0,0,0,0,0,0,21,49,0,0,0,0,12,0,21,48,0,0,0,0,183,0,21,47,0,0,0,0,45,0,21,46,0,0,0,0,33,0,21,45,0,0,0,0,55,0,21,44,0,0,0,1,64,0,21,43,0,0,0,0,145,0,21,42,0,0,0,0,3,0,21,41,0,0,0,0,179,0,21,40,0,0,0,0,202,0,21,39,0,0,0,0,141,0,21,38,0,0,0,0,91,0,21,37,0,0,0,0,90,0,21,36,0,0,0,1,30,0,21,35,0,0,0,0,5,0,21,34,0,0,0,0,6,0,21,33,0,0,0,1,127,0,21,32,0,0,0,0,106,0,21,31,0,0,0,0,107,0,21,30,0,0,0,0,108,0,21,29,0,0,0,1,35,0,21,28,0,0,0,1,65,0,21,27,0,0,0,0,180,0,21,26,0,0,0,0,146,0,21,25,0,0,0,0,4,0,21,24,0,0,0,1,103,0,21,23,0,0,0,0,117,0,21,22,0,0,0,0,182,0,21,21,0,0,0,1,40,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,221,0,21,18,0,0,0,0,125,0,21,17,0,0,0,0,140,0,21,16,0,0,0,0,19,0,21,15,0,0,0,0,54,0,21,14,0,0,0,0,207,0,21,13,0,0,0,0,20,0,21,12,0,0,0,0,133,0,21,11,0,0,0,1,183,0,21,10,0,0,0,1,42,0,21,9,0,0,0,0,234,0,21,8,0,0,0,0,1,0,21,7,0,0,0,1,60,0,21,6,0,0,0,0,63,0,21,5,0,0,0,0,41,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144
 ,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,61,128,0,0,21,0,32,0,0,0,0,0,0,0,21,58,0,0,0,0,54,0,21,57,0,0,0,0,207,0,21,56,0,0,0,0,20,0,21,55,0,0,0,0,133,0,21,54,0,0,0,1,183,0,21,53,0,0,0,1,42,0,21,52,0,0,0,0,234,0,21,51,0,0,0,0,1,0,21,50,0,0,0,1,60,0,21,49,0,0,0,0,63,0,21,48,0,0,0,0,41,0,21,47,0,0,0,0,12,0,21,46,0,0,0,0,183,0,21,45,0,0,0,0,45,0,21,44,0,0,0,0,33,0,21,43,0,0,0,0,55,0,21,42,0,0,0,1,64,0,21,41,0,0,0,0,145,0,21,40,0,0,0,0,3,0,21,39,0,0,0,0,179,0,21,38,0,0,0,0,202,0,21,37,0,0,0,0,141,0,21,36,0,0,0,0,91,0,21,35,0,0,0,0,90,0,21,34,0,0,0,1,30,0,21,33,0,0,0,0,5,0,21,32,0,0,0,0,6,0,21,31,0,0,0,1,127,0,21,30,0,0,0,0,106,0,21,29,0,0,0,0,107,0,21,28,0,0,0,0,108,0,21,27,0,0,0,1,35,0,21,26,0,0,0,1,65,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,146,0,21,23,0,0,0,0,4,0,21,22,0,0,0,0,7,0,21,21,0,0,0,1,16,0,21,20,0,0,0,0,114,0,21,19,0,0,0,0,189,0,21,18,0,0,0,1,26,0,21,17,0,0,0,0,174,0,21,16,0,0,0,0,173,0,21,15,0,0,0,0,2,0,21,14,0,0,0,0,11,0,21,13,0,0,0,0,120,0,21,12,0,0,0,0,117,0,21,11,0,0,0,0,182,0,21,10,0,0,0,
 1,40,0,21,9,0,0,0,0,85,0,21,8,0,0,0,0,221,0,21,7,0,0,0,0,125,0,21,6,0,0,0,0,140,0,21,5,0,0,0,0,19,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,62,128,0,0,21,0,32,0,0,0,0,0,0,0,21,59,0,0,0,0,12,0,21,58,0,0,0,0,183,0,21,57,0,0,0,0,45,0,21,56,0,0,0,0,33,0,21,55,0,0,0,0,55,0,21,54,0,0,0,1,64,0,21,53,0,0,0,0,145,0,21,52,0,0,0,0,3,0,21,51,0,0,0,0,179,0,21,50,0,0,0,0,202,0,21,49,0,0,0,0,141,0,21,48,0,0,0,0,91,0,21,47,0,0,0,0,90,0,21,46,0,0,0,1,30,0,21,45,0,0,0,0,5,0,21,44,0,0,0,0,6,0,21,43,0,0,0,1,127,0,21,42,0,0,0,0,106,0,21,41,0,0,0,0,107,0,21,40,0,0,0,0,108,0,21,39,0,0,0,1,35,0,21,38,0,0,0,1,65,0,21,37,0,0,0,0,180,0,21,36,0,0,0,0,146,0,21,35,0,0,0,0,4,0,21,34,0,0,0,0,7,0,21,33,0,0,0,1,16,0,21,32,0,0,0,0,114,0,21,31,0,0,0,0,189,0,21,30,0,0,0,1,26,0,21,29,0,0,0,0,174,0,21,28,0,0,0,0,173,0,21,27,0,0,0,0,2,0,21,26,0,0,0,0,11,0,21,25,0,0,0,0,120,0,21,24,0,0,0,1,103,0,21,23,0,0,0,0,117,0,21,22,0,0,0,0,182,0,21,21,0,0,0,1,40,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,221,0,21,18,0,0,0,0,125,0,21,17,0,0,0,0,140,0,21,16,0,0,0,0,19,0,21,15,0,0,0,0,54,0,21,14,0,0,0,0,207,0,21,13,0,0,0,0,20,0,21,12,0,0,0,0,133,0,21,11,0,0
 ,0,1,183,0,21,10,0,0,0,1,42,0,21,9,0,0,0,0,234,0,21,8,0,0,0,0,1,0,21,7,0,0,0,1,60,0,21,6,0,0,0,0,63,0,21,5,0,0,0,0,41,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -140,10 +140,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64LE */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,21,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,
 6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,21,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0
 ,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,61,21,0,0,192,32,0,0,0,0,0,0,0,21,0,58,0,7,0,0,0,21,0,57,0,16,1,0,0,21,0,56,0,114,0,0,0,21,0,55,0,189,0,0,0,21,0,54,0,26,1,0,0,21,0,53,0,174,0,0,0,21,0,52,0,173,0,0,0,21,0,51,0,2,0,0,0,21,0,50,0,11,0,0,0,21,0,49,0,120,0,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108
 ,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,21,0,0,192,32,0,0,0,0,0,0,0,21,0,59,0,7,0,0,0,21,0,58,0,16,1,0,0,21,0,57,0,114,0,0,0,21,0,56,0,189,0,0,0,21,0,55,0,26,1,0,0,21,0,54,0,174,0,0,0,21,0,53,0,173,0,0,0,21,0,52,0,2,0,0,0,21,0,51,0,11,0,0,0,21,0,50,0,120,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107
 ,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -151,10 +151,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* RISCV64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,43,243,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,44,243,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,50,243,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
 0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,51,243,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -162,10 +162,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,22,0,32,0,0,0,0,0,0,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0
 ,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,22,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0
 ,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,22,0,32,0,0,0,0,0,0,0,21,62,0,0,0,1,25,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,190,0,21,59,0,0,0,1,47,0,21,58,0,0,0,0,175,0,21,57,0,0,0,0,174,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0
 ,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,22,0,32,0,0,0,0,0,0,0,21,63,0,0,0,1,25,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,190,0,21,60,0,0,0,1,47,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,
 0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -173,10 +173,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390X */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,22,0,32,0,0,0,0,0,0,0,21,47,0,0,0,1,70,0,21,46,0,0,0,0,63,0,21,45,0,0,0,0,41,0,21,44,0,0,0,0,12,0,21,43,0,0,0,0,184,0,21,42,0,0,0,0,45,0,21,41,0,0,0,0,33,0,21,40,0,0,0,0,55,0,21,39,0,0,0,1,72,0,21,38,0,0,0,0,145,0,21,37,0,0,0,0,3,0,21,36,0,0,0,0,180,0,21,35,0,0,0,0,220,0,21,34,0,0,0,0,141,0,21,33,0,0,0,0,91,0,21,32,0,0,0,0,90,0,21,31,0,0,0,1,32,0,21,30,0,0,0,0,5,0,21,29,0,0,0,0,6,0,21,28,0,0,0,1,123,0,21,27,0,0,0,0,106,0,21,26,0,0,0,0,107,0,21,25,0,0,0,0,108,0,21,24,0,0,0,1,37,0,21,23,0,0,0,1,73,0,21,22,0,0,0,0,181,0,21,21,0,0,0,0,146,0,21,20,0,0,0,0,4,0,21,19,0,0,0,0,117,0,21,18,0,0,0,0,183,0,21,17,0,0,0,1,42,0,21,16,0,0,0,0,85,0,21,15,0,0,0,0,238,0,21,14,0,0,0,0,125,0,21,13,0,0,0,0,19,0,21,12,0,0,0,0,54,0,21,11,0,0,0,0,236,0,21,10,0,0,0,0,20,0,21,9,0,0,0,0,133,0,21,8,0,0,0,1,183,0,21,7,0,0,0,1,44,0,21,6,0,0,0,0,248,0,21,5,0,0,0,0,1,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,
 0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,22,0,32,0,0,0,0,0,0,0,21,48,0,0,0,0,91,0,21,47,0,0,0,0,90,0,21,46,0,0,0,1,32,0,21,45,0,0,0,0,5,0,21,44,0,0,0,0,6,0,21,43,0,0,0,1,123,0,21,42,0,0,0,0,106,0,21,41,0,0,0,0,107,0,21,40,0,0,0,0,108,0,21,39,0,0,0,1,37,0,21,38,0,0,0,1,73,0,21,37,0,0,0,0,181,0,21,36,0,0,0,0,146,0,21,35,0,0,0,0,4,0,21,34,0,0,0,1,93,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,183,0,21,31,0,0,0,1,42,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,238,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,19,0,21,26,0,0,0,0,54,0,21,25,0,0,0,0,236,0,21,24,0,0,0,0,20,0,21,23,0,0,0,0,133,0,21,22,0,0,0,1,183,0,21,21,0,0,0,1,44,0,21,20,0,0,0,0,248,0,21,19,0,0,0,0,1,0,21,18,0,0,0,1,70,0,21,17,0,0,0,0,63,0,21,16,0,0,0,0,41,0,21,15,0,0,0,0,12,0,21,14,0,0,0,0,184,0,21,13,0,0,0,0,45,0,21,12,0,0,0,0,33,0,21,11,0,0,0,0,55,0,21,10,0,0,0,1,72,0,21,9,0,0,0,0,145,0,21,8,0,0,0,0,3,0,21,7,0,0,0,0,180,0,21,6,0,0,0,0,220,0,21,5,0,0,0,0,141,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0
 ,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,22,0,32,0,0,0,0,0,0,0,21,56,0,0,0,1,70,0,21,55,0,0,0,0,63,0,21,54,0,0,0,0,41,0,21,53,0,0,0,0,12,0,21,52,0,0,0,0,184,0,21,51,0,0,0,0,45,0,21,50,0,0,0,0,33,0,21,49,0,0,0,0,55,0,21,48,0,0,0,1,72,0,21,47,0,0,0,0,145,0,21,46,0,0,0,0,3,0,21,45,0,0,0,0,180,0,21,44,0,0,0,0,220,0,21,43,0,0,0,0,141,0,21,42,0,0,0,0,91,0,21,41,0,0,0,0,90,0,21,40,0,0,0,1,32,0,21,39,0,0,0,0,5,0,21,38,0,0,0,0,6,0,21,37,0,0,0,1,123,0,21,36,0,0,0,0,106,0,21,35,0,0,0,0,107,0,21,34,0,0,0,0,108,0,21,33,0,0,0,1,37,0,21,32,0,0,0,1,73,0,21,31,0,0,0,0,181,0,21,30,0,0,0,0,146,0,21,29,0,0,0,0,4,0,21,28,0,0,0,1,25,0,21,27,0,0,0,0,114,0,21,26,0,0,0,0,190,0,21,25,0,0,0,1,47,0,21,24,0,0,0,0,175,0,21,23,0,0,0,0,174,0,21,22,0,0,0,0,2,0,21,21,0,0,0,0,11,0,21,20,0,0,0,0,120,0,21,19,0,0,0,0,117,0,21,18,0,0,0,0,183,0,21,17,0,0,0,1,42,0,21,16,0,0,0,0,85,0,21,15,0,0,0,0,238,0,21,14,0,0,0,0,125,0,21,13,0,0,0,0,19,0,21,12,0,0,0,0,54,0,21,11,0,0,0,0,236,0,21,10,0,0,0,0,20,0,21,9,0,0,0,0,133,0,21,8,0,0,0,
 1,183,0,21,7,0,0,0,1,44,0,21,6,0,0,0,0,248,0,21,5,0,0,0,0,1,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,22,0,32,0,0,0,0,0,0,0,21,57,0,0,0,0,91,0,21,56,0,0,0,0,90,0,21,55,0,0,0,1,32,0,21,54,0,0,0,0,5,0,21,53,0,0,0,0,6,0,21,52,0,0,0,1,123,0,21,51,0,0,0,0,106,0,21,50,0,0,0,0,107,0,21,49,0,0,0,0,108,0,21,48,0,0,0,1,37,0,21,47,0,0,0,1,73,0,21,46,0,0,0,0,181,0,21,45,0,0,0,0,146,0,21,44,0,0,0,0,4,0,21,43,0,0,0,1,25,0,21,42,0,0,0,0,114,0,21,41,0,0,0,0,190,0,21,40,0,0,0,1,47,0,21,39,0,0,0,0,175,0,21,38,0,0,0,0,174,0,21,37,0,0,0,0,2,0,21,36,0,0,0,0,11,0,21,35,0,0,0,0,120,0,21,34,0,0,0,1,93,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,183,0,21,31,0,0,0,1,42,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,238,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,19,0,21,26,0,0,0,0,54,0,21,25,0,0,0,0,236,0,21,24,0,0,0,0,20,0,21,23,0,0,0,0,133,0,21,22,0,0,0,1,183,0,21,21,0,0,0,1,44,0,21,20,0,0,0,0,248,0,21,19,0,0,0,0,1,0,21,18,0,0,0,1,70,0,21,17,0,0,0,0,63,0,21,16,0,0,0,0,41,0,21,15,0,0,0,0,12,0,21,14,0,0,0,0,184,0,21,13,0,0,0,0,45,0,21,12,0,0,0,0,33,0,21,11,0,0,0,0,55,0,21,10,0,0,0,1,72,0,21,9,0,0,0,0
 ,145,0,21,8,0,0,0,0,3,0,21,7,0,0,0,0,180,0,21,6,0,0,0,0,220,0,21,5,0,0,0,0,141,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -184,10 +184,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,55,3,0,0,64,32,0,0,0,0,0,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,
 0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,3,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,
 0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,65,3,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,7,0,0,0,21,0,61,0,28,1,0,0,21,0,60,0,114,0,0,0,21,0,59,0,190,0,0,0,21,0,58,0,54,1,0,0,21,0,57,0,175,0,0,0,21,0,56,0,174,0,0,0,21,0,55,0,2,0,0,0,21,0,54,0,11,0,0,0,21,0,53,0,120,0,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0
 ,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,66,3,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,7,0,0,0,21,0,62,0,28,1,0,0,21,0,61,0,114,0,0,0,21,0,60,0,190,0,0,0,21,0,59,0,54,1,0,0,21,0,58,0,175,0,0,0,21,0,57,0,174,0,0,0,21,0,56,0,2,0,0,0,21,0,55,0,11,0,0,0,21,0,54,0,120,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,
 0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -195,10 +195,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,49,0,0,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,
 64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,50,0,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,
 0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,60,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,58,0,0,0,64,21,0,56,0,17,2,0,64,21,0,55,0,61,0,0,64,21,0,54,0,58,0,0,64,21,0,53,0,16,1,0,64,21,0,52,0,14,0,0,64,21,0,51,0,0,2,0,64,21,0,50,0,57,0,0,64,21,0,49,0,8,2,0,64,21,0,48,0,56,0,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,
 0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,61,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,59,0,0,0,64,21,0,57,0,17,2,0,64,21,0,56,0,61,0,0,64,21,0,55,0,58,0,0,64,21,0,54,0,16,1,0,64,21,0,53,0,14,0,0,64,21,0,52,0,0,2,0,64,21,0,51,0,57,0,0,64,21,0,50,0,8,2,0,64,21,0,49,0,56,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21
 ,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -206,10 +206,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86_64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,49,255,255,255,255,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0
 ,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,53,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,50,255,255,255,255,21,0,48,0,62,1,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0
 ,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,61,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,58,255,255,255,255,21,0,56,0,247,0,0,0,21,0,55,0,61,0,0,0,21,0,54,0,58,0,0,0,21,0,53,0,16,1,0,0,21,0,52,0,14,0,0,0,21,0,51,0,13,0,0,0,21,0,50,0,57,0,0,0,21,0,49,0,59,0,0,0,21,0,48,0,56,0,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,2
 1,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,59,255,255,255,255,21,0,57,0,247,0,0,0,21,0,56,0,61,0,0,0,21,0,55,0,58,0,0,0,21,0,54,0,16,1,0,0,21,0,53,0,14,0,0,0,21,0,52,0,13,0,0,0,21,0,51,0,57,0,0,0,21,0,50,0,59,0,0,0,21,0,49,0,56,0,0,0,21,0,48,0,62,1,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,
 21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-09-20  4:51 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2021-09-20  4:51 UTC (permalink / raw
  To: gentoo-commits

commit:     c31c7fef7febeb4606d5b0cd22006c4dc7c11b06
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 20 04:51:03 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep 20 04:51:03 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c31c7fef

README.md: solar@ is long-retired

Signed-off-by: Sam James <sam <AT> gentoo.org>

 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7e6dc99..6f2a3e7 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ If you include pax-utils in your distro, feel free to send an update for this.
 ##### Gentoo
  * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
  * https://gitweb.gentoo.org/proj/pax-utils.git/
- * Maintainer: Mike Frysinger <vapier@gentoo.org>, Ned Ludd <solar@gentoo.org>
+ * Maintainer: Mike Frysinger <vapier@gentoo.org>, Toolchain Project <toolchain@gentoo.org>
 
 ##### openSUSE
  * https://build.opensuse.org/package/show?package=pax-utils&project=openSUSE%3AFactory


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-10-04 22:05 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-10-04 22:05 UTC (permalink / raw
  To: gentoo-commits

commit:     e296d7ac9b45c75499dbfa89cfd4e2341303d2e2
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Mon Oct  4 21:46:02 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct  4 21:46:02 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e296d7ac

build: add --debug for easy shell script tracing

Improve the CLI parser slightly so we can add a --debug option.
This makes it easy to get shell script tracing with a -x option
rather than having to override the shebang/shell interpreter.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 autogen.sh      | 26 ++++++++++++++++++++++++--
 make-tarball.sh | 13 ++++++++++---
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/autogen.sh b/autogen.sh
index 42e8a8c..a21b8e5 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -2,11 +2,33 @@
 
 . "${0%/*}"/travis/lib.sh
 
+# NB: This script is normally run in a GNU environment (e.g. Linux), but we also run it on other
+# systems (e.g. macOS) as part of our automated CI.  So a little care must be taken.
+
+cd "${0%/*}" || exit 1
+
 m4dir="autotools/m4"
 
+: ${MAKE:=make}
+
+FROM_TOOL=
+while [[ $# -gt 0 ]] ;do
+	case $1 in
+	--from=*) FROM_TOOL=${1#*=};;
+	-x|--debug) set -x;;
+	*) break;;
+	esac
+	shift
+done
+
+if [[ $# -ne 0 ]] ; then
+	echo "Usage: $0" >&2
+	exit 1
+fi
+
 v rm -rf autotools
-if [[ $1 != "--from=make" ]] ; then
-	v ${MAKE:-make} autotools-update
+if [[ ${FROM_TOOL} != "make" ]] ; then
+	v ${MAKE} autotools-update
 fi
 
 # reload the gnulib code if possible

diff --git a/make-tarball.sh b/make-tarball.sh
index 04f778d..3cd3219 100755
--- a/make-tarball.sh
+++ b/make-tarball.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# NB: This script is expected to be run in a GNU environment (e.g. Linux).
+# So it is not written to be completely POSIX compliant.
+
 set -e
 
 if ! . /etc/init.d/functions.sh 2>/dev/null ; then
@@ -13,10 +16,14 @@ v() { printf '\t%s\n' "$*"; "$@"; }
 : ${MAKE:=make}
 
 CHECK=false
-if [[ $1 == "--check" ]] ; then
-	CHECK=true
+while [[ $# -gt 0 ]] ;do
+	case $1 in
+	--check) CHECK=true;;
+	-x|--debug) set -x;;
+	*) break;;
+	esac
 	shift
-fi
+done
 
 if [[ $# -ne 1 ]] ; then
 	die "Usage: $0 <ver>"


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-10-05  1:05 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-10-05  1:05 UTC (permalink / raw
  To: gentoo-commits

commit:     9b9fe5a81bf125690bd4e312b1c6659131b1394a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  5 01:04:54 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Oct  5 01:04:54 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9b9fe5a8

build: note that xz -9 is not needed

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 make-tarball.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/make-tarball.sh b/make-tarball.sh
index 231cb66..8f357b5 100755
--- a/make-tarball.sh
+++ b/make-tarball.sh
@@ -59,6 +59,7 @@ rm -rf autom4te.cache
 popd >/dev/null
 
 einfo "Generating tarball ..."
+# The archive is small enough that -6 & -9 produce the same size.
 tar cf - "${p}" | xz > "${p}".tar.xz
 rm -r "${p}"
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-10-17  5:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-10-17  5:15 UTC (permalink / raw
  To: gentoo-commits

commit:     acc9835d8c96451f88b65822f1f6b5b4f27594e0
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 17 02:45:44 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Oct 17 02:45:44 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=acc9835d

seccomp: mark arrays const+static

This generates better code, although it doesn't super matter since
this is only used at build time.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 seccomp-bpf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 5279d20..6a095a4 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -49,7 +49,7 @@ static const struct {
 };
 
 /* Simple helper to add all of the syscalls in an array. */
-static int gen_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num)
+static int gen_seccomp_rules_add(scmp_filter_ctx ctx, const int syscalls[], size_t num)
 {
 	static uint8_t prio;
 	size_t i;
@@ -102,7 +102,7 @@ static void gen_seccomp_program(const char *name)
 int main(void)
 {
 	/* Order determines priority (first == lowest prio).  */
-	int base_syscalls[] = {
+	static const int base_syscalls[] = {
 		/* We write the most w/scanelf.  */
 		SCMP_SYS(write),
 		SCMP_SYS(writev),
@@ -194,7 +194,7 @@ int main(void)
 		/* glibc-2.34+ uses it as part of mem alloc functions. */
 		SCMP_SYS(getrandom),
 	};
-	int fork_syscalls[] = {
+	static const int fork_syscalls[] = {
 		SCMP_SYS(clone),
 		SCMP_SYS(execve),
 		SCMP_SYS(fork),


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-12-17  5:19 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2021-12-17  5:19 UTC (permalink / raw
  To: gentoo-commits

commit:     1f79c681bbaab91133ee9343690ee563099d0bf0
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 17 05:19:28 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 05:19:28 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f79c681

lddtree: add argcomplete support if available

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lddtree.py b/lddtree.py
index dd17387..ef8a9b2 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+# PYTHON_ARGCOMPLETE_OK
 # Copyright 2012-2014 Gentoo Foundation
 # Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>
 # Copyright 2012-2014 The Chromium OS Authors
@@ -50,6 +51,11 @@ import sys
 
 assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}'
 
+try:
+    import argcomplete
+except ImportError:
+    argcomplete = None
+
 from elftools.elf.elffile import ELFFile
 from elftools.common import exceptions
 
@@ -739,6 +745,8 @@ def GetParser():
                        action='store_true', default=False,
                        help='Copy over plain (non-ELF) files instead of warn+ignore')
 
+    if argcomplete is not None:
+        argcomplete.autocomplete(parser)
     return parser
 
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2021-12-24  1:45 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2021-12-24  1:45 UTC (permalink / raw
  To: gentoo-commits

commit:     d0470cd0513f8b28d496a1d04c28951061c86781
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 24 01:44:19 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 24 01:45:17 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d0470cd0

README.md: restore original author (solar@)

I should've properly listed this before rather than just dropping
him rather unceremoniously without thinking.

Fixes: c31c7fef7febeb4606d5b0cd22006c4dc7c11b06
Signed-off-by: Sam James <sam <AT> gentoo.org>

 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 7696374..35d25db 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,7 @@ If you include pax-utils in your distro, feel free to send an update for this.
  * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
  * https://gitweb.gentoo.org/proj/pax-utils.git/
  * Maintainer: Mike Frysinger <vapier@gentoo.org>, Toolchain Project <toolchain@gentoo.org>
+ * Original author: Ned Ludd <solar@gentoo.org>
 
 ##### openSUSE
  * https://build.opensuse.org/package/show?package=pax-utils&project=openSUSE%3AFactory


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-01-23  2:47 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-01-23  2:47 UTC (permalink / raw
  To: gentoo-commits

commit:     0ffdf618844966c177825e7d1b523808582b322c
Author:     Frederic Cambus <fred <AT> statdns <DOT> com>
AuthorDate: Sat Jan 22 22:03:30 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jan 23 02:42:39 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0ffdf618

porting: don't include alloca.h on NetBSD

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 porting.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/porting.h b/porting.h
index f1bd74f..8e5542d 100644
--- a/porting.h
+++ b/porting.h
@@ -41,7 +41,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include "elf.h"
-#if !defined(__FreeBSD__) && !defined(__OpenBSD__)
+#if !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__)
 # include <alloca.h>
 #endif
 #if defined(__linux__)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-02-07  7:18 Fabian Groffen
  0 siblings, 0 replies; 253+ messages in thread
From: Fabian Groffen @ 2022-02-07  7:18 UTC (permalink / raw
  To: gentoo-commits

commit:     62cae785a300009a8625de789928dbc99c851438
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Feb  7 07:18:31 2022 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Feb  7 07:18:31 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=62cae785

README: attempt to fix github build status badge

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 35d25db..49277e0 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 | HOMEPAGE | https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities   |
 | GIT      | git clone git://anongit.gentoo.org/proj/pax-utils.git |
 | VIEWVCS  | https://gitweb.gentoo.org/proj/pax-utils.git/         |
-| STATUS   | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci/badge.svg) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) |
+| STATUS   | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml/badge.svg)](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) |
 
 pax-utils is a small set of utilities for peforming Q/A (mostly security)
 checks on systems (most notably, `scanelf`).  It is focused on the ELF


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-03-09  8:01 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-03-09  8:01 UTC (permalink / raw
  To: gentoo-commits

commit:     6ba123b5046d9310e0e23050d736e696d2c30b98
Author:     Jae Hoon Kim <kimjae <AT> chromium <DOT> org>
AuthorDate: Tue Mar  8 07:20:42 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Mar  9 08:01:25 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6ba123b5

lddtree: add --skip-missing

Allow explicitly ignoring missing files.
$ lddtree --root=/build/$BOARD --copy-to-tree=. --copy-non-elfs /sbin/lvm /sbin/lvmdump
lddtree: warning: /build/brya/sbin/lvm: did not match any paths
$ echo $?
1

lddtree --root=/build/$BOARD --copy-to-tree=. --copy-non-elfs --skip-missing /sbin/lvm /sbin/lvmdump
lddtree: warning: /build/brya/sbin/lvm: did not match any paths
$ echo $?
0

Signed-off-by: Jae Hoon Kim <kimjae <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> chromiium.org>

 lddtree.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index ef8a9b2..3afcfac 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -702,6 +702,9 @@ def GetParser():
     parser.add_argument('--skip-non-elfs',
                         action='store_true', default=False,
                         help='Skip plain (non-ELF) files instead of warning')
+    parser.add_argument('--skip-missing',
+                        action='store_true', default=False,
+                        help='Skip missing files instead of failing')
     parser.add_argument('-V', '--version',
                         action='version',
                         version='lddtree by Mike Frysinger <vapier@gentoo.org>',
@@ -844,7 +847,8 @@ def main(argv):
                 _ActionCopy(options, elf)
 
         if not matched:
-            ret = 1
+            if not options.skip_missing:
+                ret = 1
             warn('%s: did not match any paths' % (path,))
 
     return ret


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-03-24 15:42 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2022-03-24 15:42 UTC (permalink / raw
  To: gentoo-commits

commit:     8ae4575392cef94c1e66197c5c35e7a194f3eb93
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 20 08:14:56 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 24 15:42:27 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8ae45753

paxelf: add LoongArch to recognized ELF machine types

Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 elf.h    | 3 ++-
 paxelf.c | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/elf.h b/elf.h
index 51962c9..e6c8b20 100644
--- a/elf.h
+++ b/elf.h
@@ -268,7 +268,8 @@ typedef struct
 #define EM_MICROBLAZE	189		/* Xilinx MicroBlaze */
 #define EM_TILEGX	191		/* Tilera TILE-Gx */
 #define EM_RISCV	243		/* RISC-V */
-#define EM_NUM		244
+#define EM_LOONGARCH	258		/* LoongArch */
+#define EM_NUM		259
 
 /* If it is necessary to assign new unofficial EM_* values, please
    pick large random numbers (0x8523, 0xa7f2, etc.) to minimize the

diff --git a/paxelf.c b/paxelf.c
index bbd38bf..331f1b4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -277,6 +277,7 @@ static pairtype elf_emtypes[] = {
 	QUERY(EM_TILEGX),
 	QUERY(EM_ALPHA),
 	QUERY(EM_RISCV),
+	QUERY(EM_LOONGARCH),
 	{ 0, 0 }
 };
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-04-25  1:20 WANG Xuerui
  0 siblings, 0 replies; 253+ messages in thread
From: WANG Xuerui @ 2022-04-25  1:20 UTC (permalink / raw
  To: gentoo-commits

commit:     d9f65269d7182ef1d313e3b87bcea37e45958561
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 24 18:41:55 2022 +0000
Commit:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
CommitDate: Mon Apr 25 01:19:39 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d9f65269

seccomp: allow madvise() call (glibc 2.35+)

Closes: https://bugs.gentoo.org/836735
Reviewed-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>

 seccomp-bpf.c |  3 +++
 seccomp-bpf.h | 76 +++++++++++++++++++++++++++++------------------------------
 2 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 6a095a4..1d64172 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -193,6 +193,9 @@ int main(void)
 
 		/* glibc-2.34+ uses it as part of mem alloc functions. */
 		SCMP_SYS(getrandom),
+
+		/* glibc-2.35+ uses it when GLIBC_TUNABLES=glibc.malloc.hugetlb=1. */
+		SCMP_SYS(madvise),
 	};
 	static const int fork_syscalls[] = {
 		SCMP_SYS(clone),

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 9c5e2de..80d6d94 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,45,183,0,0,192,32,0,0,0,0,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,183,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,183,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,95,0,0,0,21,0,48,0,4,1,0,0,21,0,47,0,97,0,0,0,21,0,46,0,135,0,0,0,21,0,45,0,134,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,220,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,2
 1,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -19,10 +19,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* ARM */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,56,40,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,
 0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,57,40,0,0,64,32,0,0,0,0,0,0,0,21,0,54,0,220,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1
 ,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,65,40,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,24,1,0,0,21,0,61,0,114,0,0,0,21,0,60,0,190,0,0,0,21,0,59,0,81,1,0,0,21,0,58,0,175,0,0,0,21,0,57,0,174,0,0,0,21,0,56,0,2,0,0,0,21,0,55,0,11,0,0,0,21,0,54,0,120,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,
 66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,66,40,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,24,1,0,0,21,0,62,0,114,0,0,0,21,0,61,0,190,0,0,0,21,0,60,0,81,1,0,0,21,0,59,0,175,0,0,0,21,0,58,0,174,0,0,0,21,0,57,0,2,0,0,0,21,0,56,0,11,0,0,0,21,0,55,0,120,0,0,0,21,0,54,0,220,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,
 192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -30,10 +30,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,8,0,32,0,0,0,0,0,0,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16
 ,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,8,0,32,0,0,0,0,0,0,0,21,54,0,0,0,16,122,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,16,107,0,21,50,0,0,0,16,202,0,21,49,0,0,0,15,245,0,21,48,0,0,0,16,142,0,21,47,0,0,0,16,29,0,21,46,0,0,0,16,44,0,21,45,0,0,0,15,179,0,21,44,0,0,0,15,214,0,21,43,0,0,0,16,126,0,21,42,0,0,0,15,180,0,21,41,0,0,0,16,37,0,21,40,0,0,0,17,87,0,21,39,0,0,0,16,204,0,21,38,0,0,0,16,150,0,21,37,0,0,0,15,161,0,21,36,0,0,0,16,231,0,21,35,0,0,0,15,223,0,21,34,0,0,0,15,201,0,21,33,0,0,0,15,172,0,21,32,0,0,0,16,108,0,21,31,0,0,0,15,205,0,21,30,0,0,0,15,193,0,21,29,0,0,0,16,124,0,21,28,0,0,0,15,215,0,21,27,0,0,0,16,234,0,21,26,0,0,0,16,49,0,21,25,0,0,0,15,163,0,21,24,0,0,0,16,104,0,21,23,0,0,0,16,123,0,21,22,0,0,0,16,45,0,21,21,0,0,0,15,251,0,21,20,0,0,0,16,114,0,21,19,0,0,0,15,250,0,21,18,0,0,0,16,192,0,21,17,0,0,0,15,165,0,21,16,0,0,0,15,166,0,21,15,0,0,0,17,14,0,21,14,0,0,0,16,117,0,21,13,0,0,0,16,10,0,21,12,0,0,0,16,118,0,21,11,0,0,0,16,11,0,21,10,0,0,0,16,197,0,21,9,0,0,
 0,16,119,0,21,8,0,0,0,16,12,0,21,7,0,0,0,16,235,0,21,6,0,0,0,16,105,0,21,5,0,0,0,16,50,0,21,4,0,0,0,15,164,0,21,3,0,0,0,17,41,0,21,2,0,0,0,17,47,0,21,1,0,0,0,17,48,0,21,0,1,0,0,17,49,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,65,0,0,0,8,0,32,0,0,0,0,0,0,0,21,62,0,0,0,15,167,0,21,61,0,0,0,16,182,0,21,60,0,0,0,16,18,0,21,59,0,0,0,16,207,0,21,58,0,0,0,16,99,0,21,57,0,0,0,16,98,0,21,56,0,0,0,15,162,0,21,55,0,0,0,15,171,0,21,54,0,0,0,16,24,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,17,41,0,21,50,0,0,0,17,48,0,21,49,0,0,0,17,49,0,21,48,0,0,0,17,47,0,21,47,0,0,0,16,107,0,21,46,0,0,0,16,202,0,21,45,0,0,0,15,245,0,21,44,0,0,0,16,142,0,21,43,0,0,0,16,29,0,21,42,0,0,0,16,44,0,21,41,0,0,0,15,179,0,21,40,0,0,0,15,214,0,21,39,0,0,0,16,126,0,21,38,0,0,0,15,180,0,21,37,0,0,0,16,37,0,21,36,0,0,0,17,87,0,21,35,0,0,0,16,204,0,21,34,0,0,0,16,150,0,21,33,0,0,0,15,161,0,21,32,0,0,0,16,231,0,21,31,0,0,0,15,223,0,21,30,0,0,0,15,201,0,21,29,0,0,0,15,172,0,21,28,0,0,0,16,108,0,21,27,0,0,0,15,205,0,21,26,0,0,0,15,193,0,21,25,0,0,0,16,124,0,21,24,0,0,0,15,215,0,21,23,0,0,0,16,234,0,21,22,0,0,0,16,49,0,21,21,0,0,0,15,163,0,21,20,0,0,0,16,104,0,21,19,0,0,0,16,123,0,21,18,0,0,0,16,45,0,21,17,0,0,0,15
 ,251,0,21,16,0,0,0,16,114,0,21,15,0,0,0,15,250,0,21,14,0,0,0,16,192,0,21,13,0,0,0,15,165,0,21,12,0,0,0,15,166,0,21,11,0,0,0,17,14,0,21,10,0,0,0,16,117,0,21,9,0,0,0,16,10,0,21,8,0,0,0,16,118,0,21,7,0,0,0,16,11,0,21,6,0,0,0,16,197,0,21,5,0,0,0,16,119,0,21,4,0,0,0,16,12,0,21,3,0,0,0,16,235,0,21,2,0,0,0,16,105,0,21,1,0,0,0,16,50,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,8,0,32,0,0,0,0,0,0,0,21,63,0,0,0,15,167,0,21,62,0,0,0,16,182,0,21,61,0,0,0,16,18,0,21,60,0,0,0,16,207,0,21,59,0,0,0,16,99,0,21,58,0,0,0,16,98,0,21,57,0,0,0,15,162,0,21,56,0,0,0,15,171,0,21,55,0,0,0,16,24,0,21,54,0,0,0,16,122,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,16,107,0,21,50,0,0,0,16,202,0,21,49,0,0,0,15,245,0,21,48,0,0,0,16,142,0,21,47,0,0,0,16,29,0,21,46,0,0,0,16,44,0,21,45,0,0,0,15,179,0,21,44,0,0,0,15,214,0,21,43,0,0,0,16,126,0,21,42,0,0,0,15,180,0,21,41,0,0,0,16,37,0,21,40,0,0,0,17,87,0,21,39,0,0,0,16,204,0,21,38,0,0,0,16,150,0,21,37,0,0,0,15,161,0,21,36,0,0,0,16,231,0,21,35,0,0,0,15,223,0,21,34,0,0,0,15,201,0,21,33,0,0,0,15,172,0,21,32,0,0,0,16,108,0,21,31,0,0,0,15,205,0,21,30,0,0,0,15,193,0,21,29,0,0,0,16,124,0,21,28,0,0,0,15,215,0,21,27,0,0,0,16,234,0,21,26,0,0,0,16,49,0,21,25,0,0,0,15,163,0,21,24,0,0,0,16,104,0,21,23,0,0,0,16,123,0,21,22,0,0,0,16,45,0,21,21,0,0,0,15,251,0,21,20,0,0,0,16,114,0,21,19,0,0,0,15,250,0,21,18,0,0,
 0,16,192,0,21,17,0,0,0,15,165,0,21,16,0,0,0,15,166,0,21,15,0,0,0,17,14,0,21,14,0,0,0,16,117,0,21,13,0,0,0,16,10,0,21,12,0,0,0,16,118,0,21,11,0,0,0,16,11,0,21,10,0,0,0,16,197,0,21,9,0,0,0,16,119,0,21,8,0,0,0,16,12,0,21,7,0,0,0,16,235,0,21,6,0,0,0,16,105,0,21,5,0,0,0,16,50,0,21,4,0,0,0,15,164,0,21,3,0,0,0,17,41,0,21,2,0,0,0,17,47,0,21,1,0,0,0,17,48,0,21,0,1,0,0,17,49,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -41,10 +41,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,8,0,32,0,0,0,0,0,0,0,21,48,0,0,0,20,94,0,21,47,0,0,0,19,199,0,21,46,0,0,0,19,198,0,21,45,0,0,0,19,203,0,21,44,0,0,0,19,204,0,21,43,0,0,0,19,202,0,21,42,0,0,0,19,213,0,21,41,0,0,0,20,137,0,21,40,0,0,0,19,223,0,21,39,0,0,0,20,74,0,21,38,0,0,0,19,146,0,21,37,0,0,0,19,144,0,21,36,0,0,0,19,151,0,21,35,0,0,0,20,58,0,21,34,0,0,0,19,174,0,21,33,0,0,0,19,215,0,21,32,0,0,0,21,63,0,21,31,0,0,0,20,139,0,21,30,0,0,0,20,85,0,21,29,0,0,0,19,194,0,21,28,0,0,0,20,166,0,21,27,0,0,0,19,168,0,21,26,0,0,0,19,167,0,21,25,0,0,0,19,214,0,21,24,0,0,0,20,3,0,21,23,0,0,0,19,148,0,21,22,0,0,0,19,156,0,21,21,0,0,0,19,206,0,21,20,0,0,0,20,169,0,21,19,0,0,0,19,154,0,21,18,0,0,0,19,136,0,21,17,0,0,0,19,152,0,21,16,0,0,0,20,188,0,21,15,0,0,0,19,212,0,21,14,0,0,0,19,147,0,21,13,0,0,0,19,145,0,21,12,0,0,0,20,127,0,21,11,0,0,0,19,138,0,21,10,0,0,0,19,139,0,21,9,0,0,0,20,206,0,21,8,0,0,0,19,140,0,21,7,0,0,0,19,142,0,21,6,0,0,0,19,141,0,21,5,0,0,0,20,132,0,21,4,0,0,0,20,170,0,21,3,0,0
 ,0,19,153,0,21,2,0,0,0,19,155,0,21,1,0,0,0,19,137,0,21,0,1,0,0,20,193,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,8,0,32,0,0,0,0,0,0,0,21,49,0,0,0,19,203,0,21,48,0,0,0,19,204,0,21,47,0,0,0,19,202,0,21,46,0,0,0,19,213,0,21,45,0,0,0,20,137,0,21,44,0,0,0,19,223,0,21,43,0,0,0,20,74,0,21,42,0,0,0,19,146,0,21,41,0,0,0,19,144,0,21,40,0,0,0,19,151,0,21,39,0,0,0,20,58,0,21,38,0,0,0,19,174,0,21,37,0,0,0,19,215,0,21,36,0,0,0,21,63,0,21,35,0,0,0,20,139,0,21,34,0,0,0,20,85,0,21,33,0,0,0,19,194,0,21,32,0,0,0,20,166,0,21,31,0,0,0,19,168,0,21,30,0,0,0,19,167,0,21,29,0,0,0,19,214,0,21,28,0,0,0,20,3,0,21,27,0,0,0,19,148,0,21,26,0,0,0,19,156,0,21,25,0,0,0,19,206,0,21,24,0,0,0,20,169,0,21,23,0,0,0,19,154,0,21,22,0,0,0,19,136,0,21,21,0,0,0,19,152,0,21,20,0,0,0,20,188,0,21,19,0,0,0,19,212,0,21,18,0,0,0,19,147,0,21,17,0,0,0,19,145,0,21,16,0,0,0,20,127,0,21,15,0,0,0,19,138,0,21,14,0,0,0,19,139,0,21,13,0,0,0,20,206,0,21,12,0,0,0,19,140,0,21,11,0,0,0,19,142,0,21,10,0,0,0,19,141,0,21,9,0,0,0,20,132,0,21,8,0,0,0,20,170,0,21,7,0,0,0,19,153,0,21,6,0,0,0,19,155,0,21,5,0,0,0,19,137,0,21,4,0
 ,0,0,19,163,0,21,3,0,0,0,20,193,0,21,2,0,0,0,20,94,0,21,1,0,0,0,19,199,0,21,0,1,0,0,19,198,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,8,0,32,0,0,0,0,0,0,0,21,56,0,0,0,20,94,0,21,55,0,0,0,19,199,0,21,54,0,0,0,19,198,0,21,53,0,0,0,19,203,0,21,52,0,0,0,19,204,0,21,51,0,0,0,19,202,0,21,50,0,0,0,19,213,0,21,49,0,0,0,20,137,0,21,48,0,0,0,19,223,0,21,47,0,0,0,20,74,0,21,46,0,0,0,19,146,0,21,45,0,0,0,19,144,0,21,44,0,0,0,19,151,0,21,43,0,0,0,20,58,0,21,42,0,0,0,19,174,0,21,41,0,0,0,19,215,0,21,40,0,0,0,21,63,0,21,39,0,0,0,20,139,0,21,38,0,0,0,20,85,0,21,37,0,0,0,19,194,0,21,36,0,0,0,20,166,0,21,35,0,0,0,19,168,0,21,34,0,0,0,19,167,0,21,33,0,0,0,19,214,0,21,32,0,0,0,20,3,0,21,31,0,0,0,19,148,0,21,30,0,0,0,19,156,0,21,29,0,0,0,19,206,0,21,28,0,0,0,20,169,0,21,27,0,0,0,19,154,0,21,26,0,0,0,19,136,0,21,25,0,0,0,19,152,0,21,24,0,0,0,20,188,0,21,23,0,0,0,19,212,0,21,22,0,0,0,19,147,0,21,21,0,0,0,19,145,0,21,20,0,0,0,20,127,0,21,19,0,0,0,19,138,0,21,18,0,0,0,19,139,0,21,17,0,0,0,20,206,0,21,16,0,0,0,19,140,0,21,15,0,0,0,19,142,0,21,14,0,0,0,19,141,0,21,13,0,0,0,20,132,0,21,12,0,0,0,20,170,0,21
 ,11,0,0,0,19,153,0,21,10,0,0,0,19,155,0,21,9,0,0,0,19,137,0,21,8,0,0,0,20,117,0,21,7,0,0,0,19,195,0,21,6,0,0,0,20,142,0,21,5,0,0,0,19,150,0,21,4,0,0,0,19,149,0,21,3,0,0,0,19,192,0,21,2,0,0,0,19,193,0,21,1,0,0,0,19,191,0,21,0,1,0,0,20,193,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,8,0,32,0,0,0,0,0,0,0,21,57,0,0,0,19,203,0,21,56,0,0,0,19,204,0,21,55,0,0,0,19,202,0,21,54,0,0,0,19,213,0,21,53,0,0,0,20,137,0,21,52,0,0,0,19,223,0,21,51,0,0,0,20,74,0,21,50,0,0,0,19,146,0,21,49,0,0,0,19,144,0,21,48,0,0,0,19,151,0,21,47,0,0,0,20,58,0,21,46,0,0,0,19,174,0,21,45,0,0,0,19,215,0,21,44,0,0,0,21,63,0,21,43,0,0,0,20,139,0,21,42,0,0,0,20,85,0,21,41,0,0,0,19,194,0,21,40,0,0,0,20,166,0,21,39,0,0,0,19,168,0,21,38,0,0,0,19,167,0,21,37,0,0,0,19,214,0,21,36,0,0,0,20,3,0,21,35,0,0,0,19,148,0,21,34,0,0,0,19,156,0,21,33,0,0,0,19,206,0,21,32,0,0,0,20,169,0,21,31,0,0,0,19,154,0,21,30,0,0,0,19,136,0,21,29,0,0,0,19,152,0,21,28,0,0,0,20,188,0,21,27,0,0,0,19,212,0,21,26,0,0,0,19,147,0,21,25,0,0,0,19,145,0,21,24,0,0,0,20,127,0,21,23,0,0,0,19,138,0,21,22,0,0,0,19,139,0,21,21,0,0,0,20,206,0,21,20,0,0,0,19,140,0,21,19,0,0,0,19,142,0,21,18,0,0,0,19,141,0,21,17,0,0,0,20,132,0,21,16,0,0,0,20,170,0,21,15,0,0,0,19,153,0,21,14,0,0,0,19,155,0,21,13,0,0,0,19,137,0,2
 1,12,0,0,0,20,117,0,21,11,0,0,0,19,195,0,21,10,0,0,0,20,142,0,21,9,0,0,0,19,150,0,21,8,0,0,0,19,149,0,21,7,0,0,0,19,192,0,21,6,0,0,0,19,193,0,21,5,0,0,0,19,191,0,21,4,0,0,0,19,163,0,21,3,0,0,0,20,193,0,21,2,0,0,0,20,94,0,21,1,0,0,0,19,199,0,21,0,1,0,0,19,198,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -52,10 +52,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,52,160,0,0,8,0,32,0,0,0,0,0,0,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0
 ,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,53,160,0,0,8,0,32,0,0,0,0,0,0,0,21,50,0,0,0,23,139,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,
 0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,60,160,0,0,8,0,32,0,0,0,0,0,0,0,21,57,0,0,0,24,97,0,21,56,0,0,0,23,171,0,21,55,0,0,0,24,122,0,21,54,0,0,0,23,126,0,21,53,0,0,0,23,125,0,21,52,0,0,0,23,168,0,21,51,0,0,0,23,169,0,21,50,0,0,0,23,167,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21
 ,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,61,160,0,0,8,0,32,0,0,0,0,0,0,0,21,58,0,0,0,24,97,0,21,57,0,0,0,23,171,0,21,56,0,0,0,24,122,0,21,55,0,0,0,23,126,0,21,54,0,0,0,23,125,0,21,53,0,0,0,23,168,0,21,52,0,0,0,23,169,0,21,51,0,0,0,23,167,0,21,50,0,0,0,23,139,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21
 ,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -63,10 +63,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,56,8,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,15,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,1
 6,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,57,8,0,0,64,32,0,0,0,0,0,0,0,21,0,54,0,122,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,107,16,0,0,21,0,50,0,202,16,0,0,21,0,49,0,245,15,0,0,21,0,48,0,142,16,0,0,21,0,47,0,29,16,0,0,21,0,46,0,44,16,0,0,21,0,45,0,179,15,0,0,21,0,44,0,214,15,0,0,21,0,43,0,126,16,0,0,21,0,42,0,180,15,0,0,21,0,41,0,37,16,0,0,21,0,40,0,87,17,0,0,21,0,39,0,204,16,0,0,21,0,38,0,150,16,0,0,21,0,37,0,161,15,0,0,21,0,36,0,231,16,0,0,21,0,35,0,223,15,0,0,21,0,34,0,201,15,0,0,21,0,33,0,172,15,0,0,21,0,32,0,108,16,0,0,21,0,31,0,205,15,0,0,21,0,30,0,193,15,0,0,21,0,29,0,124,16,0,0,21,0,28,0,215,15,0,0,21,0,27,0,234,16,0,0,21,0,26,0,49,16,0,0,21,0,25,0,163,15,0,0,21,0,24,0,104,16,0,0,21,0,23,0,123,16,0,0,21,0,22,0,45,16,0,0,21,0,21,0,251,15,0,0,21,0,20,0,114,16,0,0,21,0,19,0,250,15,0,0,21,0,18,0,192,16,0,0,21,0,17,0,165,15,0,0,21,0,16,0,166,15,0,0,21,0,15,0,14,17,0,0,21,0,14,0,117,16,0,0,21,0,13,0,10,16,0,0,21,0,12,0,118,16,0,0,21,0,11,0,11,16,0,0,21,0,10,0,197,16,0,0,21,0,9,0,1
 19,16,0,0,21,0,8,0,12,16,0,0,21,0,7,0,235,16,0,0,21,0,6,0,105,16,0,0,21,0,5,0,50,16,0,0,21,0,4,0,164,15,0,0,21,0,3,0,41,17,0,0,21,0,2,0,47,17,0,0,21,0,1,0,48,17,0,0,21,0,0,1,49,17,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,65,8,0,0,64,32,0,0,0,0,0,0,0,21,0,62,0,167,15,0,0,21,0,61,0,182,16,0,0,21,0,60,0,18,16,0,0,21,0,59,0,207,16,0,0,21,0,58,0,99,16,0,0,21,0,57,0,98,16,0,0,21,0,56,0,162,15,0,0,21,0,55,0,171,15,0,0,21,0,54,0,24,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,41,17,0,0,21,0,50,0,48,17,0,0,21,0,49,0,49,17,0,0,21,0,48,0,47,17,0,0,21,0,47,0,107,16,0,0,21,0,46,0,202,16,0,0,21,0,45,0,245,15,0,0,21,0,44,0,142,16,0,0,21,0,43,0,29,16,0,0,21,0,42,0,44,16,0,0,21,0,41,0,179,15,0,0,21,0,40,0,214,15,0,0,21,0,39,0,126,16,0,0,21,0,38,0,180,15,0,0,21,0,37,0,37,16,0,0,21,0,36,0,87,17,0,0,21,0,35,0,204,16,0,0,21,0,34,0,150,16,0,0,21,0,33,0,161,15,0,0,21,0,32,0,231,16,0,0,21,0,31,0,223,15,0,0,21,0,30,0,201,15,0,0,21,0,29,0,172,15,0,0,21,0,28,0,108,16,0,0,21,0,27,0,205,15,0,0,21,0,26,0,193,15,0,0,21,0,25,0,124,16,0,0,21,0,24,0,215,15,0,0,21,0,23,0,234,16,0,0,21,0,22,0,49,16,0,0,21,0,21,0,163,15,0,0,21,0,20,0,104,16,0,0,21,0,19,0,123,16,0,0,21,0,18,0,45,16,0,0,21,0,17,0,251,1
 5,0,0,21,0,16,0,114,16,0,0,21,0,15,0,250,15,0,0,21,0,14,0,192,16,0,0,21,0,13,0,165,15,0,0,21,0,12,0,166,15,0,0,21,0,11,0,14,17,0,0,21,0,10,0,117,16,0,0,21,0,9,0,10,16,0,0,21,0,8,0,118,16,0,0,21,0,7,0,11,16,0,0,21,0,6,0,197,16,0,0,21,0,5,0,119,16,0,0,21,0,4,0,12,16,0,0,21,0,3,0,235,16,0,0,21,0,2,0,105,16,0,0,21,0,1,0,50,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,66,8,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,167,15,0,0,21,0,62,0,182,16,0,0,21,0,61,0,18,16,0,0,21,0,60,0,207,16,0,0,21,0,59,0,99,16,0,0,21,0,58,0,98,16,0,0,21,0,57,0,162,15,0,0,21,0,56,0,171,15,0,0,21,0,55,0,24,16,0,0,21,0,54,0,122,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,107,16,0,0,21,0,50,0,202,16,0,0,21,0,49,0,245,15,0,0,21,0,48,0,142,16,0,0,21,0,47,0,29,16,0,0,21,0,46,0,44,16,0,0,21,0,45,0,179,15,0,0,21,0,44,0,214,15,0,0,21,0,43,0,126,16,0,0,21,0,42,0,180,15,0,0,21,0,41,0,37,16,0,0,21,0,40,0,87,17,0,0,21,0,39,0,204,16,0,0,21,0,38,0,150,16,0,0,21,0,37,0,161,15,0,0,21,0,36,0,231,16,0,0,21,0,35,0,223,15,0,0,21,0,34,0,201,15,0,0,21,0,33,0,172,15,0,0,21,0,32,0,108,16,0,0,21,0,31,0,205,15,0,0,21,0,30,0,193,15,0,0,21,0,29,0,124,16,0,0,21,0,28,0,215,15,0,0,21,0,27,0,234,16,0,0,21,0,26,0,49,16,0,0,21,0,25,0,163,15,0,0,21,0,24,0,104,16,0,0,21,0,23,0,123,16,0,0,21,0,22,0,45,16,0,0,21,0,21,0,251,15,0,0,21,0,20,0,114,16,0,0,21,0,19,0,250,15,0,0,21,0,18,0,1
 92,16,0,0,21,0,17,0,165,15,0,0,21,0,16,0,166,15,0,0,21,0,15,0,14,17,0,0,21,0,14,0,117,16,0,0,21,0,13,0,10,16,0,0,21,0,12,0,118,16,0,0,21,0,11,0,11,16,0,0,21,0,10,0,197,16,0,0,21,0,9,0,119,16,0,0,21,0,8,0,12,16,0,0,21,0,7,0,235,16,0,0,21,0,6,0,105,16,0,0,21,0,5,0,50,16,0,0,21,0,4,0,164,15,0,0,21,0,3,0,41,17,0,0,21,0,2,0,47,17,0,0,21,0,1,0,48,17,0,0,21,0,0,1,49,17,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -74,10 +74,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,8,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,1
 70,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,8,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,163,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,
 132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,59,8,0,0,192,32,0,0,0,0,0,0,0,21,0,56,0,117,20,0,0,21,0,55,0,195,19,0,0,21,0,54,0,142,20,0,0,21,0,53,0,150,19,0,0,21,0,52,0,149,19,0,0,21,0,51,0,192,19,0,0,21,0,50,0,193,19,0,0,21,0,49,0,191,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0
 ,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,60,8,0,0,192,32,0,0,0,0,0,0,0,21,0,57,0,117,20,0,0,21,0,56,0,195,19,0,0,21,0,55,0,142,20,0,0,21,0,54,0,150,19,0,0,21,0,53,0,149,19,0,0,21,0,52,0,192,19,0,0,21,0,51,0,193,19,0,0,21,0,50,0,191,19,0,0,21,0,49,0,163,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0
 ,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -85,10 +85,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,8,0,0,224,32,0,0,0,0,0,0,0,21,0,49,0,120,23,0,0,21,0,48,0,127,23,0,0,21,0,47,0,34,24,0,0,21,0,46,0,150,23,0,0,21,0,45,0,191,23,0,0,21,0,44,0,39,25,0,0,21,0,43,0,119,24,0,0,21,0,42,0,61,24,0,0,21,0,41,0,170,23,0,0,21,0,40,0,146,24,0,0,21,0,39,0,144,23,0,0,21,0,38,0,143,23,0,0,21,0,37,0,190,23,0,0,21,0,36,0,235,23,0,0,21,0,35,0,124,23,0,0,21,0,34,0,132,23,0,0,21,0,33,0,68,24,0,0,21,0,32,0,182,23,0,0,21,0,31,0,149,24,0,0,21,0,30,0,130,23,0,0,21,0,29,0,112,23,0,0,21,0,28,0,128,23,0,0,21,0,27,0,155,24,0,0,21,0,26,0,188,23,0,0,21,0,25,0,123,23,0,0,21,0,24,0,121,23,0,0,21,0,23,0,107,24,0,0,21,0,22,0,114,23,0,0,21,0,21,0,115,23,0,0,21,0,20,0,186,24,0,0,21,0,19,0,116,23,0,0,21,0,18,0,118,23,0,0,21,0,17,0,117,23,0,0,21,0,16,0,112,24,0,0,21,0,15,0,150,24,0,0,21,0,14,0,129,23,0,0,21,0,13,0,131,23,0,0,21,0,12,0,113,23,0,0,21,0,11,0,173,24,0,0,21,0,10,0,71,24,0,0,21,0,9,0,175,23,0,0,21,0,8,0,174,23,0,0,21,0,7,0,179,23,0,0,21,0,6,0,180,23,0,0,21,0,5,0,178,23,0,0,21,0,4,
 0,189,23,0,0,21,0,3,0,117,24,0,0,21,0,2,0,199,23,0,0,21,0,1,0,50,24,0,0,21,0,0,1,122,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,53,8,0,0,224,32,0,0,0,0,0,0,0,21,0,50,0,61,24,0,0,21,0,49,0,170,23,0,0,21,0,48,0,146,24,0,0,21,0,47,0,144,23,0,0,21,0,46,0,143,23,0,0,21,0,45,0,190,23,0,0,21,0,44,0,235,23,0,0,21,0,43,0,124,23,0,0,21,0,42,0,132,23,0,0,21,0,41,0,68,24,0,0,21,0,40,0,182,23,0,0,21,0,39,0,149,24,0,0,21,0,38,0,130,23,0,0,21,0,37,0,112,23,0,0,21,0,36,0,128,23,0,0,21,0,35,0,155,24,0,0,21,0,34,0,188,23,0,0,21,0,33,0,123,23,0,0,21,0,32,0,121,23,0,0,21,0,31,0,107,24,0,0,21,0,30,0,114,23,0,0,21,0,29,0,115,23,0,0,21,0,28,0,186,24,0,0,21,0,27,0,116,23,0,0,21,0,26,0,118,23,0,0,21,0,25,0,117,23,0,0,21,0,24,0,112,24,0,0,21,0,23,0,150,24,0,0,21,0,22,0,129,23,0,0,21,0,21,0,131,23,0,0,21,0,20,0,113,23,0,0,21,0,19,0,139,23,0,0,21,0,18,0,173,24,0,0,21,0,17,0,71,24,0,0,21,0,16,0,175,23,0,0,21,0,15,0,174,23,0,0,21,0,14,0,179,23,0,0,21,0,13,0,180,23,0,0,21,0,12,0,178,23,0,0,21,0,11,0,189,23,0,0,21,0,10,0,117,24,0,0,21,0,9,0,199,23,0,0,21,0,8,0,50,24,0,0,21,0,7,0,122,23,0,0,21,0,6,0,120,23,0,0,21,0,
 5,0,127,23,0,0,21,0,4,0,34,24,0,0,21,0,3,0,150,23,0,0,21,0,2,0,191,23,0,0,21,0,1,0,39,25,0,0,21,0,0,1,119,24,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,60,8,0,0,224,32,0,0,0,0,0,0,0,21,0,57,0,120,23,0,0,21,0,56,0,127,23,0,0,21,0,55,0,34,24,0,0,21,0,54,0,150,23,0,0,21,0,53,0,191,23,0,0,21,0,52,0,39,25,0,0,21,0,51,0,119,24,0,0,21,0,50,0,61,24,0,0,21,0,49,0,170,23,0,0,21,0,48,0,146,24,0,0,21,0,47,0,144,23,0,0,21,0,46,0,143,23,0,0,21,0,45,0,190,23,0,0,21,0,44,0,235,23,0,0,21,0,43,0,124,23,0,0,21,0,42,0,132,23,0,0,21,0,41,0,68,24,0,0,21,0,40,0,182,23,0,0,21,0,39,0,149,24,0,0,21,0,38,0,130,23,0,0,21,0,37,0,112,23,0,0,21,0,36,0,128,23,0,0,21,0,35,0,155,24,0,0,21,0,34,0,188,23,0,0,21,0,33,0,123,23,0,0,21,0,32,0,121,23,0,0,21,0,31,0,107,24,0,0,21,0,30,0,114,23,0,0,21,0,29,0,115,23,0,0,21,0,28,0,186,24,0,0,21,0,27,0,116,23,0,0,21,0,26,0,118,23,0,0,21,0,25,0,117,23,0,0,21,0,24,0,112,24,0,0,21,0,23,0,150,24,0,0,21,0,22,0,129,23,0,0,21,0,21,0,131,23,0,0,21,0,20,0,113,23,0,0,21,0,19,0,97,24,0,0,21,0,18,0,171,23,0,0,21,0,17,0,122,24,0,0,21,0,16,0,126,23,0,0,21,0,15,0,125,23,0,0,21,0,14,0,168,23,0,0,21,0,13,0,169,23,0,0,21
 ,0,12,0,167,23,0,0,21,0,11,0,173,24,0,0,21,0,10,0,71,24,0,0,21,0,9,0,175,23,0,0,21,0,8,0,174,23,0,0,21,0,7,0,179,23,0,0,21,0,6,0,180,23,0,0,21,0,5,0,178,23,0,0,21,0,4,0,189,23,0,0,21,0,3,0,117,24,0,0,21,0,2,0,199,23,0,0,21,0,1,0,50,24,0,0,21,0,0,1,122,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,61,8,0,0,224,32,0,0,0,0,0,0,0,21,0,58,0,61,24,0,0,21,0,57,0,170,23,0,0,21,0,56,0,146,24,0,0,21,0,55,0,144,23,0,0,21,0,54,0,143,23,0,0,21,0,53,0,190,23,0,0,21,0,52,0,235,23,0,0,21,0,51,0,124,23,0,0,21,0,50,0,132,23,0,0,21,0,49,0,68,24,0,0,21,0,48,0,182,23,0,0,21,0,47,0,149,24,0,0,21,0,46,0,130,23,0,0,21,0,45,0,112,23,0,0,21,0,44,0,128,23,0,0,21,0,43,0,155,24,0,0,21,0,42,0,188,23,0,0,21,0,41,0,123,23,0,0,21,0,40,0,121,23,0,0,21,0,39,0,107,24,0,0,21,0,38,0,114,23,0,0,21,0,37,0,115,23,0,0,21,0,36,0,186,24,0,0,21,0,35,0,116,23,0,0,21,0,34,0,118,23,0,0,21,0,33,0,117,23,0,0,21,0,32,0,112,24,0,0,21,0,31,0,150,24,0,0,21,0,30,0,129,23,0,0,21,0,29,0,131,23,0,0,21,0,28,0,113,23,0,0,21,0,27,0,97,24,0,0,21,0,26,0,171,23,0,0,21,0,25,0,122,24,0,0,21,0,24,0,126,23,0,0,21,0,23,0,125,23,0,0,21,0,22,0,168,23,0,0,21,0,21,0,169,23,0,0,21,0,20,0,167,23,0,0,21,0,19,0,139,23,0,0,21,0,18,0,173,24,0,0,21,0,17,0,71,24,0,0,21,0,16,0,175,23,0,0,21,0,15,0,174,23,0,0,21,0,14,0,179,23,0,0,2
 1,0,13,0,180,23,0,0,21,0,12,0,178,23,0,0,21,0,11,0,189,23,0,0,21,0,10,0,117,24,0,0,21,0,9,0,199,23,0,0,21,0,8,0,50,24,0,0,21,0,7,0,122,23,0,0,21,0,6,0,120,23,0,0,21,0,5,0,127,23,0,0,21,0,4,0,34,24,0,0,21,0,3,0,150,23,0,0,21,0,2,0,191,23,0,0,21,0,1,0,39,25,0,0,21,0,0,1,119,24,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -96,10 +96,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,15,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,2
 4,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,58,0,0,0,15,0,32,0,0,0,0,0,0,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0
 ,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,67,0,0,0,15,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,0,235,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,113,0,21,60,0,0,0,1,32,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0
 ,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,68,0,0,0,15,0,32,0,0,0,0,0,0,0,21,65,0,0,0,0,7,0,21,64,0,0,0,0,235,0,21,63,0,0,0,0,114,0,21,62,0,0,0,0,113,0,21,61,0,0,0,1,32,0,21,60,0,0,0,0,175,0,21,59,0,0,0,0,174,0,21,58,0,0,0,0,2,0,21,57,0,0,0,0,11,0,21,56,0,0,0,0,120,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,
 0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -107,10 +107,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,57,128,0,0,15,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1
 ,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,58,128,0,0,15,0,32,0,0,0,0,0,0,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0
 ,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,67,128,0,0,15,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,0,235,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,113,0,21,60,0,0,0,1,32,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16
 ,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,68,128,0,0,15,0,32,0,0,0,0,0,0,0,21,65,0,0,0,0,7,0,21,64,0,0,0,0,235,0,21,63,0,0,0,0,114,0,21,62,0,0,0,0,113,0,21,61,0,0,0,1,32,0,21,60,0,0,0,0,175,0,21,59,0,0,0,0,174,0,21,58,0,0,0,0,2,0,21,57,0,0,0,0,11,0,21,56,0,0,0,0,120,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,1
 7,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -118,10 +118,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,56,0,0,0,20,0,32,0,0,0,0,0,0,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,
 0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,20,0,32,0,0,0,0,0,0,0,21,54,0,0,0,0,205,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,182,0,21,50,0,0,0,1,40,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,221,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,207,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,42,0,21,38,0,0,0,0,234,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,60,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,183,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,204,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,64,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,179,0,21,23,0,0,0,0,202,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,30,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,1,127,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,35,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,65,0,21,6,0,0,0,
 0,180,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,20,0,32,0,0,0,0,0,0,0,21,63,0,0,0,0,7,0,21,62,0,0,0,1,16,0,21,61,0,0,0,0,114,0,21,60,0,0,0,0,189,0,21,59,0,0,0,1,26,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,173,0,21,56,0,0,0,0,2,0,21,55,0,0,0,0,11,0,21,54,0,0,0,0,120,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,1,137,0,21,50,0,0,0,1,144,0,21,49,0,0,0,1,145,0,21,48,0,0,0,1,143,0,21,47,0,0,0,0,182,0,21,46,0,0,0,1,40,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,221,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,207,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,42,0,21,34,0,0,0,0,234,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,60,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,183,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,204,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,64,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,179,0,21,19,0,0,0,0,202,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,192,0,21,15,0
 ,0,0,0,90,0,21,14,0,0,0,1,30,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,127,0,21,10,0,0,0,0,195,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,196,0,21,7,0,0,0,0,107,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,197,0,21,4,0,0,0,0,108,0,21,3,0,0,0,1,65,0,21,2,0,0,0,0,180,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,67,0,0,0,20,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,1,16,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,189,0,21,60,0,0,0,1,26,0,21,59,0,0,0,0,174,0,21,58,0,0,0,0,173,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,0,205,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,182,0,21,50,0,0,0,1,40,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,221,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,207,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,42,0,21,38,0,0,0,0,234,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,60,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,183,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,204,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,64,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,179,0,21,23,0,0,0,0,202,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,30,0,21,17,0,0,0,0,5,0,21,16,0,0,0
 ,0,6,0,21,15,0,0,0,1,127,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,35,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,65,0,21,6,0,0,0,0,180,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -129,10 +129,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,21,0,32,0,0,0,0,0,0,0,21,49,0,0,0,0,12,0,21,48,0,0,0,0,183,0,21,47,0,0,0,0,45,0,21,46,0,0,0,0,33,0,21,45,0,0,0,0,55,0,21,44,0,0,0,1,64,0,21,43,0,0,0,0,145,0,21,42,0,0,0,0,3,0,21,41,0,0,0,0,179,0,21,40,0,0,0,0,202,0,21,39,0,0,0,0,141,0,21,38,0,0,0,0,91,0,21,37,0,0,0,0,90,0,21,36,0,0,0,1,30,0,21,35,0,0,0,0,5,0,21,34,0,0,0,0,6,0,21,33,0,0,0,1,127,0,21,32,0,0,0,0,106,0,21,31,0,0,0,0,107,0,21,30,0,0,0,0,108,0,21,29,0,0,0,1,35,0,21,28,0,0,0,1,65,0,21,27,0,0,0,0,180,0,21,26,0,0,0,0,146,0,21,25,0,0,0,0,4,0,21,24,0,0,0,1,103,0,21,23,0,0,0,0,117,0,21,22,0,0,0,0,182,0,21,21,0,0,0,1,40,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,221,0,21,18,0,0,0,0,125,0,21,17,0,0,0,0,140,0,21,16,0,0,0,0,19,0,21,15,0,0,0,0,54,0,21,14,0,0,0,0,207,0,21,13,0,0,0,0,20,0,21,12,0,0,0,0,133,0,21,11,0,0,0,1,183,0,21,10,0,0,0,1,42,0,21,9,0,0,0,0,234,0,21,8,0,0,0,0,1,0,21,7,0,0,0,1,60,0,21,6,0,0,0,0,63,0,21,5,0,0,0,0,41,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144
 ,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,53,128,0,0,21,0,32,0,0,0,0,0,0,0,21,50,0,0,0,0,141,0,21,49,0,0,0,0,91,0,21,48,0,0,0,0,90,0,21,47,0,0,0,1,30,0,21,46,0,0,0,0,5,0,21,45,0,0,0,0,6,0,21,44,0,0,0,1,127,0,21,43,0,0,0,0,106,0,21,42,0,0,0,0,107,0,21,41,0,0,0,0,108,0,21,40,0,0,0,1,35,0,21,39,0,0,0,1,65,0,21,38,0,0,0,0,180,0,21,37,0,0,0,0,146,0,21,36,0,0,0,0,4,0,21,35,0,0,0,0,205,0,21,34,0,0,0,1,103,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,182,0,21,31,0,0,0,1,40,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,140,0,21,26,0,0,0,0,19,0,21,25,0,0,0,0,54,0,21,24,0,0,0,0,207,0,21,23,0,0,0,0,20,0,21,22,0,0,0,0,133,0,21,21,0,0,0,1,183,0,21,20,0,0,0,1,42,0,21,19,0,0,0,0,234,0,21,18,0,0,0,0,1,0,21,17,0,0,0,1,60,0,21,16,0,0,0,0,63,0,21,15,0,0,0,0,41,0,21,14,0,0,0,0,12,0,21,13,0,0,0,0,183,0,21,12,0,0,0,0,45,0,21,11,0,0,0,0,33,0,21,10,0,0,0,0,55,0,21,9,0,0,0,1,64,0,21,8,0,0,0,0,145,0,21,7,0,0,0,0,3,0,21,6,0,0,0,0,179,0,21,5,0,0,0,0,202,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,14
 3,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,62,128,0,0,21,0,32,0,0,0,0,0,0,0,21,59,0,0,0,0,12,0,21,58,0,0,0,0,183,0,21,57,0,0,0,0,45,0,21,56,0,0,0,0,33,0,21,55,0,0,0,0,55,0,21,54,0,0,0,1,64,0,21,53,0,0,0,0,145,0,21,52,0,0,0,0,3,0,21,51,0,0,0,0,179,0,21,50,0,0,0,0,202,0,21,49,0,0,0,0,141,0,21,48,0,0,0,0,91,0,21,47,0,0,0,0,90,0,21,46,0,0,0,1,30,0,21,45,0,0,0,0,5,0,21,44,0,0,0,0,6,0,21,43,0,0,0,1,127,0,21,42,0,0,0,0,106,0,21,41,0,0,0,0,107,0,21,40,0,0,0,0,108,0,21,39,0,0,0,1,35,0,21,38,0,0,0,1,65,0,21,37,0,0,0,0,180,0,21,36,0,0,0,0,146,0,21,35,0,0,0,0,4,0,21,34,0,0,0,0,7,0,21,33,0,0,0,1,16,0,21,32,0,0,0,0,114,0,21,31,0,0,0,0,189,0,21,30,0,0,0,1,26,0,21,29,0,0,0,0,174,0,21,28,0,0,0,0,173,0,21,27,0,0,0,0,2,0,21,26,0,0,0,0,11,0,21,25,0,0,0,0,120,0,21,24,0,0,0,1,103,0,21,23,0,0,0,0,117,0,21,22,0,0,0,0,182,0,21,21,0,0,0,1,40,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,221,0,21,18,0,0,0,0,125,0,21,17,0,0,0,0,140,0,21,16,0,0,0,0,19,0,21,15,0,0,0,0,54,0,21,14,0,0,0,0,207,0,21,13,0,0,0,0,20,0,21,12,0,0,0,0,133,0,21,11,0,0
 ,0,1,183,0,21,10,0,0,0,1,42,0,21,9,0,0,0,0,234,0,21,8,0,0,0,0,1,0,21,7,0,0,0,1,60,0,21,6,0,0,0,0,63,0,21,5,0,0,0,0,41,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,63,128,0,0,21,0,32,0,0,0,0,0,0,0,21,60,0,0,0,0,141,0,21,59,0,0,0,0,91,0,21,58,0,0,0,0,90,0,21,57,0,0,0,1,30,0,21,56,0,0,0,0,5,0,21,55,0,0,0,0,6,0,21,54,0,0,0,1,127,0,21,53,0,0,0,0,106,0,21,52,0,0,0,0,107,0,21,51,0,0,0,0,108,0,21,50,0,0,0,1,35,0,21,49,0,0,0,1,65,0,21,48,0,0,0,0,180,0,21,47,0,0,0,0,146,0,21,46,0,0,0,0,4,0,21,45,0,0,0,0,7,0,21,44,0,0,0,1,16,0,21,43,0,0,0,0,114,0,21,42,0,0,0,0,189,0,21,41,0,0,0,1,26,0,21,40,0,0,0,0,174,0,21,39,0,0,0,0,173,0,21,38,0,0,0,0,2,0,21,37,0,0,0,0,11,0,21,36,0,0,0,0,120,0,21,35,0,0,0,0,205,0,21,34,0,0,0,1,103,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,182,0,21,31,0,0,0,1,40,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,140,0,21,26,0,0,0,0,19,0,21,25,0,0,0,0,54,0,21,24,0,0,0,0,207,0,21,23,0,0,0,0,20,0,21,22,0,0,0,0,133,0,21,21,0,0,0,1,183,0,21,20,0,0,0,1,42,0,21,19,0,0,0,0,234,0,21,18,0,0,0,0,1,0,21,17,0,0,0,1,60,0,21,16,0,0,0,0,63,0,21,15,0,0,0,0,41,0,21,14,0,0,0,0,12,0,21,13,0,0,0,0,183,0,21,12,0,0
 ,0,0,45,0,21,11,0,0,0,0,33,0,21,10,0,0,0,0,55,0,21,9,0,0,0,1,64,0,21,8,0,0,0,0,145,0,21,7,0,0,0,0,3,0,21,6,0,0,0,0,179,0,21,5,0,0,0,0,202,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -140,10 +140,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64LE */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,21,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0
 ,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,53,21,0,0,192,32,0,0,0,0,0,0,0,21,0,50,0,205,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,
 0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,62,21,0,0,192,32,0,0,0,0,0,0,0,21,0,59,0,7,0,0,0,21,0,58,0,16,1,0,0,21,0,57,0,114,0,0,0,21,0,56,0,189,0,0,0,21,0,55,0,26,1,0,0,21,0,54,0,174,0,0,0,21,0,53,0,173,0,0,0,21,0,52,0,2,0,0,0,21,0,51,0,11,0,0,0,21,0,50,0,120,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107
 ,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,63,21,0,0,192,32,0,0,0,0,0,0,0,21,0,60,0,7,0,0,0,21,0,59,0,16,1,0,0,21,0,58,0,114,0,0,0,21,0,57,0,189,0,0,0,21,0,56,0,26,1,0,0,21,0,55,0,174,0,0,0,21,0,54,0,173,0,0,0,21,0,53,0,2,0,0,0,21,0,52,0,11,0,0,0,21,0,51,0,120,0,0,0,21,0,50,0,205,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106
 ,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -151,10 +151,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* RISCV64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,44,243,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,45,243,0,0,192,32,0,0,0,0,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,51,243,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,52,243,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,95,0,0,0,21,0,48,0,4,1,0,0,21,0,47,0,97,0,0,0,21,0,46,0,135,0,0,0,21,0,45,0,134,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,220,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,2
 1,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -162,10 +162,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,22,0,32,0,0,0,0,0,0,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0
 ,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,22,0,32,0,0,0,0,0,0,0,21,54,0,0,0,0,219,0,21,53,0,0,0,1,93,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,183,0,21,50,0,0,0,1,42,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,238,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,236,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,44,0,21,38,0,0,0,0,248,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,70,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,184,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,72,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,180,0,21,23,0,0,0,0,220,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,32,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,1,123,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,37,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,73,0,21,6,0,0,0,0
 ,181,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,22,0,32,0,0,0,0,0,0,0,21,63,0,0,0,1,25,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,190,0,21,60,0,0,0,1,47,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,
 0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,22,0,32,0,0,0,0,0,0,0,21,63,0,0,0,1,25,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,190,0,21,60,0,0,0,1,47,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,0,219,0,21,53,0,0,0,1,93,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,183,0,21,50,0,0,0,1,42,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,238,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,236,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,44,0,21,38,0,0,0,0,248,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,70,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,184,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,72,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,180,0,21,23,0,0,0,0,220,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,32,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,
 1,123,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,37,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,73,0,21,6,0,0,0,0,181,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -173,10 +173,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390X */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,51,128,0,0,22,0,32,0,0,0,0,0,0,0,21,48,0,0,0,0,91,0,21,47,0,0,0,0,90,0,21,46,0,0,0,1,32,0,21,45,0,0,0,0,5,0,21,44,0,0,0,0,6,0,21,43,0,0,0,1,123,0,21,42,0,0,0,0,106,0,21,41,0,0,0,0,107,0,21,40,0,0,0,0,108,0,21,39,0,0,0,1,37,0,21,38,0,0,0,1,73,0,21,37,0,0,0,0,181,0,21,36,0,0,0,0,146,0,21,35,0,0,0,0,4,0,21,34,0,0,0,1,93,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,183,0,21,31,0,0,0,1,42,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,238,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,19,0,21,26,0,0,0,0,54,0,21,25,0,0,0,0,236,0,21,24,0,0,0,0,20,0,21,23,0,0,0,0,133,0,21,22,0,0,0,1,183,0,21,21,0,0,0,1,44,0,21,20,0,0,0,0,248,0,21,19,0,0,0,0,1,0,21,18,0,0,0,1,70,0,21,17,0,0,0,0,63,0,21,16,0,0,0,0,41,0,21,15,0,0,0,0,12,0,21,14,0,0,0,0,184,0,21,13,0,0,0,0,45,0,21,12,0,0,0,0,33,0,21,11,0,0,0,0,55,0,21,10,0,0,0,1,72,0,21,9,0,0,0,0,145,0,21,8,0,0,0,0,3,0,21,7,0,0,0,0,180,0,21,6,0,0,0,0,220,0,21,5,0,0,0,0,141,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0
 ,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,22,0,32,0,0,0,0,0,0,0,21,49,0,0,0,1,73,0,21,48,0,0,0,0,181,0,21,47,0,0,0,0,146,0,21,46,0,0,0,0,4,0,21,45,0,0,0,0,219,0,21,44,0,0,0,1,93,0,21,43,0,0,0,0,117,0,21,42,0,0,0,0,183,0,21,41,0,0,0,1,42,0,21,40,0,0,0,0,85,0,21,39,0,0,0,0,238,0,21,38,0,0,0,0,125,0,21,37,0,0,0,0,19,0,21,36,0,0,0,0,54,0,21,35,0,0,0,0,236,0,21,34,0,0,0,0,20,0,21,33,0,0,0,0,133,0,21,32,0,0,0,1,183,0,21,31,0,0,0,1,44,0,21,30,0,0,0,0,248,0,21,29,0,0,0,0,1,0,21,28,0,0,0,1,70,0,21,27,0,0,0,0,63,0,21,26,0,0,0,0,41,0,21,25,0,0,0,0,12,0,21,24,0,0,0,0,184,0,21,23,0,0,0,0,45,0,21,22,0,0,0,0,33,0,21,21,0,0,0,0,55,0,21,20,0,0,0,1,72,0,21,19,0,0,0,0,145,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,180,0,21,16,0,0,0,0,220,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,90,0,21,12,0,0,0,1,32,0,21,11,0,0,0,0,5,0,21,10,0,0,0,0,6,0,21,9,0,0,0,1,123,0,21,8,0,0,0,0,106,0,21,7,0,0,0,0,107,0,21,6,0,0,0,0,108,0,21,5,0,0,0,1,37,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,
 0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,22,0,32,0,0,0,0,0,0,0,21,57,0,0,0,0,91,0,21,56,0,0,0,0,90,0,21,55,0,0,0,1,32,0,21,54,0,0,0,0,5,0,21,53,0,0,0,0,6,0,21,52,0,0,0,1,123,0,21,51,0,0,0,0,106,0,21,50,0,0,0,0,107,0,21,49,0,0,0,0,108,0,21,48,0,0,0,1,37,0,21,47,0,0,0,1,73,0,21,46,0,0,0,0,181,0,21,45,0,0,0,0,146,0,21,44,0,0,0,0,4,0,21,43,0,0,0,1,25,0,21,42,0,0,0,0,114,0,21,41,0,0,0,0,190,0,21,40,0,0,0,1,47,0,21,39,0,0,0,0,175,0,21,38,0,0,0,0,174,0,21,37,0,0,0,0,2,0,21,36,0,0,0,0,11,0,21,35,0,0,0,0,120,0,21,34,0,0,0,1,93,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,183,0,21,31,0,0,0,1,42,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,238,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,19,0,21,26,0,0,0,0,54,0,21,25,0,0,0,0,236,0,21,24,0,0,0,0,20,0,21,23,0,0,0,0,133,0,21,22,0,0,0,1,183,0,21,21,0,0,0,1,44,0,21,20,0,0,0,0,248,0,21,19,0,0,0,0,1,0,21,18,0,0,0,1,70,0,21,17,0,0,0,0,63,0,21,16,0,0,0,0,41,0,21,15,0,0,0,0,12,0,21,14,0,0,0,0,184,0,21,13,0,0,0,0,45,0,21,12,0,0,0,0,33,0,21,11,0,0,0,0,55,0,21,10,0,0,0,1,72,0,21,9,0,0,0,0
 ,145,0,21,8,0,0,0,0,3,0,21,7,0,0,0,0,180,0,21,6,0,0,0,0,220,0,21,5,0,0,0,0,141,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,61,128,0,0,22,0,32,0,0,0,0,0,0,0,21,58,0,0,0,1,73,0,21,57,0,0,0,0,181,0,21,56,0,0,0,0,146,0,21,55,0,0,0,0,4,0,21,54,0,0,0,1,25,0,21,53,0,0,0,0,114,0,21,52,0,0,0,0,190,0,21,51,0,0,0,1,47,0,21,50,0,0,0,0,175,0,21,49,0,0,0,0,174,0,21,48,0,0,0,0,2,0,21,47,0,0,0,0,11,0,21,46,0,0,0,0,120,0,21,45,0,0,0,0,219,0,21,44,0,0,0,1,93,0,21,43,0,0,0,0,117,0,21,42,0,0,0,0,183,0,21,41,0,0,0,1,42,0,21,40,0,0,0,0,85,0,21,39,0,0,0,0,238,0,21,38,0,0,0,0,125,0,21,37,0,0,0,0,19,0,21,36,0,0,0,0,54,0,21,35,0,0,0,0,236,0,21,34,0,0,0,0,20,0,21,33,0,0,0,0,133,0,21,32,0,0,0,1,183,0,21,31,0,0,0,1,44,0,21,30,0,0,0,0,248,0,21,29,0,0,0,0,1,0,21,28,0,0,0,1,70,0,21,27,0,0,0,0,63,0,21,26,0,0,0,0,41,0,21,25,0,0,0,0,12,0,21,24,0,0,0,0,184,0,21,23,0,0,0,0,45,0,21,22,0,0,0,0,33,0,21,21,0,0,0,0,55,0,21,20,0,0,0,1,72,0,21,19,0,0,0,0,145,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,180,0,21,16,0,0,0,0,220,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,90,0,21,12,0,0,0,1,32,0,21,11,0,0,0,0,5,0,21,10,0,0,0
 ,0,6,0,21,9,0,0,0,1,123,0,21,8,0,0,0,0,106,0,21,7,0,0,0,0,107,0,21,6,0,0,0,0,108,0,21,5,0,0,0,1,37,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -184,10 +184,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,56,3,0,0,64,32,0,0,0,0,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,
 0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,57,3,0,0,64,32,0,0,0,0,0,0,0,21,0,54,0,219,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0
 ,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,66,3,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,7,0,0,0,21,0,62,0,28,1,0,0,21,0,61,0,114,0,0,0,21,0,60,0,190,0,0,0,21,0,59,0,54,1,0,0,21,0,58,0,175,0,0,0,21,0,57,0,174,0,0,0,21,0,56,0,2,0,0,0,21,0,55,0,11,0,0,0,21,0,54,0,120,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,
 0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,67,3,0,0,64,32,0,0,0,0,0,0,0,21,0,64,0,7,0,0,0,21,0,63,0,28,1,0,0,21,0,62,0,114,0,0,0,21,0,61,0,190,0,0,0,21,0,60,0,54,1,0,0,21,0,59,0,175,0,0,0,21,0,58,0,174,0,0,0,21,0,57,0,2,0,0,0,21,0,56,0,11,0,0,0,21,0,55,0,120,0,0,0,21,0,54,0,219,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,
 0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -195,10 +195,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,50,0,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,
 0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,53,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,51,0,0,0,64,21,0,49,0,28,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2
 ,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,61,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,59,0,0,0,64,21,0,57,0,17,2,0,64,21,0,56,0,61,0,0,64,21,0,55,0,58,0,0,64,21,0,54,0,16,1,0,64,21,0,53,0,14,0,0,64,21,0,52,0,0,2,0,64,21,0,51,0,57,0,0,64,21,0,50,0,8,2,0,64,21,0,49,0,56,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21
 ,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,60,0,0,0,64,21,0,58,0,17,2,0,64,21,0,57,0,61,0,0,64,21,0,56,0,58,0,0,64,21,0,55,0,16,1,0,64,21,0,54,0,14,0,0,64,21,0,53,0,0,2,0,64,21,0,52,0,57,0,0,64,21,0,51,0,8,2,0,64,21,0,50,0,56,0,0,64,21,0,49,0,28,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,2
 1,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -206,10 +206,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86_64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,53,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,50,255,255,255,255,21,0,48,0,62,1,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0
 ,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,54,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,51,255,255,255,255,21,0,49,0,220,0,0,0,21,0,48,0,65,0,0,0,21,0,47,0,64,0,0,0,21,0,46,0,69,0,0,0,21,0,45,0,70,0,0,0,21,0,44,0,68,0,0,0,21,0,43,0,79,0,0,0,21,0,42,0,11,1,0,0,21,0,41,0,89,0,0,0,21,0,40,0,202,0,0,0,21,0,39,0,10,0,0,0,21,0,38,0,8,0,0,0,21,0,37,0,16,0,0,0,21,0,36,0,186,0,0,0,21,0,35,0,39,0,0,0,21,0,34,0,81,0,0,0,21,0,33,0,183,1,0,0,21,0,32,0,13,1,0,0,21,0,31,0,231,0,0,0,21,0,30,0,60,0,0,0,21,0,29,0,36,1,0,0,21,0,28,0,33,0,0,0,21,0,27,0,32,0,0,0,21,0,26,0,80,0,0,0,21,0,25,0,125,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,21,0,0,0,21,0,22,0,72,0,0,0,21,0,21,0,39,1,0,0,21,0,20,0,19,0,0,0,21,0,19,0,0,0,0,0,21,0,18,0,17,0,0,0,21,0,17,0,217,0,0,0,21,0,16,0,78,0,0,0,21,0,15,0,11,0,0,0,21,0,14,0,9,0,0,0,21,0,13,0,1,1,0,0,21,0,12,0,2,0,0,0,21,0,11,0,3,0,0,0,21,0,10,0,76,1,0,0,21,0,9,0,4,0,0,0,21,0,8,0,6,0,0,0,21,0,7,0,5,0,0,0,21,0,6,0,6,1,0,0,21,0,5,0,40,1,0,0,21,0,4,0,18,0,0,0,21,0,3,0,20,0,0,0,21,0,2,0,1,0,0
 ,0,21,0,1,0,28,0,0,0,21,0,0,1,62,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,62,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,59,255,255,255,255,21,0,57,0,247,0,0,0,21,0,56,0,61,0,0,0,21,0,55,0,58,0,0,0,21,0,54,0,16,1,0,0,21,0,53,0,14,0,0,0,21,0,52,0,13,0,0,0,21,0,51,0,57,0,0,0,21,0,50,0,59,0,0,0,21,0,49,0,56,0,0,0,21,0,48,0,62,1,0,0,21,0,47,0,220,0,0,0,21,0,46,0,65,0,0,0,21,0,45,0,64,0,0,0,21,0,44,0,69,0,0,0,21,0,43,0,70,0,0,0,21,0,42,0,68,0,0,0,21,0,41,0,79,0,0,0,21,0,40,0,11,1,0,0,21,0,39,0,89,0,0,0,21,0,38,0,202,0,0,0,21,0,37,0,10,0,0,0,21,0,36,0,8,0,0,0,21,0,35,0,16,0,0,0,21,0,34,0,186,0,0,0,21,0,33,0,39,0,0,0,21,0,32,0,81,0,0,0,21,0,31,0,183,1,0,0,21,0,30,0,13,1,0,0,21,0,29,0,231,0,0,0,21,0,28,0,60,0,0,0,21,0,27,0,36,1,0,0,21,0,26,0,33,0,0,0,21,0,25,0,32,0,0,0,21,0,24,0,80,0,0,0,21,0,23,0,125,0,0,0,21,0,22,0,12,0,0,0,21,0,21,0,21,0,0,0,21,0,20,0,72,0,0,0,21,0,19,0,39,1,0,0,21,0,18,0,19,0,0,0,21,0,17,0,0,0,0,0,21,0,16,0,17,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,78,0,0,0,21,0,13,0,11,0,0,0,21,0,12,0,9,0,0,0,21,0,11,0,1,1,0,0,
 21,0,10,0,2,0,0,0,21,0,9,0,3,0,0,0,21,0,8,0,76,1,0,0,21,0,7,0,4,0,0,0,21,0,6,0,6,0,0,0,21,0,5,0,5,0,0,0,21,0,4,0,6,1,0,0,21,0,3,0,40,1,0,0,21,0,2,0,18,0,0,0,21,0,1,0,20,0,0,0,21,0,0,1,1,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,63,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,60,255,255,255,255,21,0,58,0,220,0,0,0,21,0,57,0,65,0,0,0,21,0,56,0,64,0,0,0,21,0,55,0,69,0,0,0,21,0,54,0,70,0,0,0,21,0,53,0,68,0,0,0,21,0,52,0,79,0,0,0,21,0,51,0,11,1,0,0,21,0,50,0,89,0,0,0,21,0,49,0,202,0,0,0,21,0,48,0,10,0,0,0,21,0,47,0,8,0,0,0,21,0,46,0,16,0,0,0,21,0,45,0,186,0,0,0,21,0,44,0,39,0,0,0,21,0,43,0,81,0,0,0,21,0,42,0,183,1,0,0,21,0,41,0,13,1,0,0,21,0,40,0,231,0,0,0,21,0,39,0,60,0,0,0,21,0,38,0,36,1,0,0,21,0,37,0,33,0,0,0,21,0,36,0,32,0,0,0,21,0,35,0,80,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,21,0,0,0,21,0,31,0,72,0,0,0,21,0,30,0,39,1,0,0,21,0,29,0,19,0,0,0,21,0,28,0,0,0,0,0,21,0,27,0,17,0,0,0,21,0,26,0,217,0,0,0,21,0,25,0,78,0,0,0,21,0,24,0,11,0,0,0,21,0,23,0,9,0,0,0,21,0,22,0,1,1,0,0,21,0,21,0,2,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,76,1,0,0,21,0,18,0,4,0,0,0,21,0,17,0,6,0,0,0,21,0,16,0,5,0,0,0,21,0,15,0,6,1,0,0,21,0,14,0,40,1,0,0,21,0,13,0,18,0,0,0,21,0,12,0,20,0,0,0,21,0,11
 ,0,1,0,0,0,21,0,10,0,247,0,0,0,21,0,9,0,61,0,0,0,21,0,8,0,58,0,0,0,21,0,7,0,16,1,0,0,21,0,6,0,14,0,0,0,21,0,5,0,13,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,59,0,0,0,21,0,2,0,56,0,0,0,21,0,1,0,28,0,0,0,21,0,0,1,62,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-07-12  6:33 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2022-07-12  6:33 UTC (permalink / raw
  To: gentoo-commits

commit:     bac6818bd82acea720a0a961c62321982ec381e7
Author:     Arsen Arsenović <arsen <AT> aarsen <DOT> me>
AuthorDate: Sat Jun 25 17:04:50 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jul 12 06:33:20 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bac6818b

security.h: suppress unused argument warning on allow_forking

Signed-off-by: Arsen Arsenović <arsen <AT> aarsen.me>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 security.c | 1 +
 security.h | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/security.c b/security.c
index 4fecfa3..19bf78f 100644
--- a/security.c
+++ b/security.c
@@ -94,6 +94,7 @@ void security_init_pid(void)
 
 void security_init(bool allow_forking)
 {
+	(void) allow_forking;
 	int flags;
 
 	if (!ALLOW_PIDNS)

diff --git a/security.h b/security.h
index c93ec3e..65e1ad5 100644
--- a/security.h
+++ b/security.h
@@ -22,7 +22,7 @@ void security_init(bool allow_forking);
 /* Disable forking; usable only when allow_forking above was true. */
 void security_init_pid(void);
 #else
-static inline void security_init(bool allow_forking) {}
+static inline void security_init(bool allow_forking) { (void) allow_forking; }
 static inline void security_init_pid(void) {}
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-07-12  6:33 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2022-07-12  6:33 UTC (permalink / raw
  To: gentoo-commits

commit:     01b19ca9629c02d46af23f97c4afe4903c8b201a
Author:     Arsen Arsenović <arsen <AT> aarsen <DOT> me>
AuthorDate: Sat Jun 25 17:15:00 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jul 12 06:33:20 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=01b19ca9

Improve build-related documentation

Signed-off-by: Arsen Arsenović <arsen <AT> aarsen.me>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 README.md         | 13 +++----------
 meson_options.txt | 18 +++++++++++++-----
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 49277e0..539f3cc 100644
--- a/README.md
+++ b/README.md
@@ -18,16 +18,9 @@ Originally focused only on [PaX](https://pax.grsecurity.net/), it has been
 expanded to be generally security focused.  It still has a good number of
 PaX helpers for people interested in that.
 
-## Building
-
-Just run `make`.  This should work on any recent POSIX compliant system.
-
-Note: To rebuild the man-pages, you will need xmlto and the docbook-xml-dtd
-      packages installed on your system.
-
-## Installation
-
-`make install`
+## Building and installing
+pax-utils uses a bog-standard meson-based build system. See `meson_options.txt`
+for configuration options.
 
 You don't need PaX to use the pax-utils. Infact the only thing they
 really have in common is that pax-utils was initially written to aid in

diff --git a/meson_options.txt b/meson_options.txt
index 62adc35..c96865d 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,9 +1,17 @@
-option('lddtree_implementation', type : 'combo', choices : ['python', 'sh', 'none'], value : 'python')
-option('use_libcap', type : 'feature', value : 'auto')
+option('lddtree_implementation', type : 'combo',
+  choices : ['python', 'sh', 'none'], value : 'python',
+  description : 'Which lddtree implementation to install?')
+option('use_libcap', type : 'feature', value : 'auto',
+  description : 'Enable listing capabilities in pspax output (requires libcap)'
+)
 option('use_seccomp', type : 'boolean', value : 'true',
-  description : 'Enable seccomp filters at runtime (does *not* require libseccomp)'
+  description : 'Enable seccomp filters at runtime (does *not* require libseccomp, but does require kernel support)'
 )
 option('build_manpages', type : 'feature', value : 'auto',
   description : 'Build manuals via DocBook (requires xmlto)')
-option('tests', type : 'boolean', value : 'true')
-option('use_fuzzing', type : 'boolean', description : 'Also build LibFuzzer fuzzers', value : 'true')
+option('tests', type : 'boolean', value : 'true'
+  description : 'Enable testing (not guaranteed to work)'
+)
+option('use_fuzzing', type : 'boolean', value : 'true',
+  description : 'Also build LibFuzzer fuzzers as tests'
+)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-07-31  4:56 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2022-07-31  4:56 UTC (permalink / raw
  To: gentoo-commits

commit:     df2f3b5ba0d52dc4e27a832de4b8f468b029e357
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 31 04:52:25 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 31 04:56:14 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=df2f3b5b

meson.build: prepare for 1.3.5

Signed-off-by: Sam James <sam <AT> gentoo.org>

 meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 6a5dd66..0ee2630 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('pax-utils', 'c',
-  version : '1.3.5-pre',
+  version : '1.3.5',
   license : 'GPL-2.0-only',
   default_options : [
     'warning_level=2',


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-21  8:20 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-21  8:20 UTC (permalink / raw
  To: gentoo-commits

commit:     ec9220bb190671152703a837da56148d42f1ff8d
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 21 08:19:18 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 08:21:04 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ec9220bb

lddtree: update CrOS copyright line

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 3afcfac..7cb4348 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -2,7 +2,7 @@
 # PYTHON_ARGCOMPLETE_OK
 # Copyright 2012-2014 Gentoo Foundation
 # Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>
-# Copyright 2012-2014 The Chromium OS Authors
+# Copyright 2012-2014 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license (BSD-3)
 
 """Read the ELF dependency tree and show it


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-21  8:26 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-21  8:26 UTC (permalink / raw
  To: gentoo-commits

commit:     e165b0bc20911f4727a9a736560ee321fe0c1712
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 21 08:26:01 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 08:26:22 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e165b0bc

lddtree: sort imports

Should be no functional change.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 7cb4348..1f66b4d 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -41,9 +41,9 @@ they need will be placed into /foo/lib/ only.
 """
 
 import argparse
+import errno
 import functools
 import glob
-import errno
 import mmap
 import os
 import shutil
@@ -56,8 +56,8 @@ try:
 except ImportError:
     argcomplete = None
 
-from elftools.elf.elffile import ELFFile
 from elftools.common import exceptions
+from elftools.elf.elffile import ELFFile
 
 
 def warn(msg, prefix='warning'):


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-21  8:28 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-21  8:28 UTC (permalink / raw
  To: gentoo-commits

commit:     a94b2f664714a33eeeb492efe87525fa9947a644
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 08:28:55 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 08:28:55 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a94b2f66

lddtree: specify utf-8 encoding with text files

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 1f66b4d..3c9d66f 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -184,7 +184,7 @@ exec \\
 """
     wrappath = root + path
     os.rename(wrappath, wrappath + '.elf')
-    with open(wrappath, 'w') as f:
+    with open(wrappath, 'w', encoding='utf-8') as f:
         f.write(wrapper % replacements)
     os.chmod(wrappath, 0o0755)
 
@@ -251,7 +251,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
     dbg_pfx = '' if _first else '  '
     try:
         dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf))
-        with open(ldso_conf) as f:
+        with open(ldso_conf, encoding='utf-8') as f:
             for line in f.readlines():
                 line = line.split('#', 1)[0].strip()
                 if not line:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     c8f5de35cfa59ce7620ed646cce9c9715b0ed72e
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 05:46:01 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:17 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c8f5de35

lddtree: switch to f-strings in most places

These are a bit more readable than % formatting.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 349bace..ecb353d 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -250,7 +250,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
 
     dbg_pfx = '' if _first else '  '
     try:
-        dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf))
+        dbg(debug, f"{dbg_pfx}ParseLdSoConf({ldso_conf})")
         with open(ldso_conf, encoding='utf-8') as f:
             for line in f.readlines():
                 line = line.split('#', 1)[0].strip()
@@ -262,7 +262,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
                         line = root + line.lstrip('/')
                     else:
                         line = os.path.dirname(ldso_conf) + '/' + line
-                    dbg(debug, '%s  glob: %s' % (dbg_pfx, line))
+                    dbg(debug, dbg_pfx, "glob:", line)
                     # ldconfig in glibc uses glob() which returns entries sorted according
                     # to LC_COLLATE.  Further, ldconfig does not reset that but respects
                     # the active env settings (which might be a mistake).  Python does not
@@ -336,7 +336,7 @@ def CompatibleELFs(elf1, elf2):
     """
     osabis = frozenset([e.header['e_ident']['EI_OSABI'] for e in (elf1, elf2)])
     compat_sets = (
-        frozenset('ELFOSABI_%s' % x for x in ('NONE', 'SYSV', 'GNU', 'LINUX',)),
+        frozenset(f"ELFOSABI_{x}" for x in ("NONE", "SYSV", "GNU", "LINUX")),
     )
     return ((len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets)) and
             elf1.elfclass == elf2.elfclass and
@@ -357,13 +357,13 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
     Returns:
       Tuple of the full path to the desired library and the real path to it
     """
-    dbg(debug, '  FindLib(%s)' % lib)
+    dbg(debug, f"  FindLib({lib})")
 
     for ldpath in ldpaths:
         path = os.path.join(ldpath, lib)
         target = readlink(path, root, prefixed=True)
         if path != target:
-            dbg(debug, '    checking: %s -> %s' % (path, target))
+            dbg(debug, "    checking:", path, "->", target)
         else:
             dbg(debug, '    checking:', path)
 
@@ -374,7 +374,7 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
                     if CompatibleELFs(elf, libelf):
                         return (target, path)
                 except exceptions.ELFError as e:
-                    warn('%s: %s' % (target, e))
+                    warn(f"{target}: {e}")
 
     return (None, None)
 
@@ -429,7 +429,7 @@ def ParseELF(path, root='/', cwd=None, prefix='',
         'libs': _all_libs,
     }
 
-    dbg(debug, 'ParseELF(%s)' % path)
+    dbg(debug, f"ParseELF({path})")
 
     with open(path, 'rb') as f:
         try:
@@ -527,7 +527,7 @@ def ParseELF(path, root='/', cwd=None, prefix='',
                     lret = ParseELF(realpath, root, cwd, prefix, ldpaths, display=fullpath,
                                     debug=debug, _first=False, _all_libs=_all_libs)
                 except exceptions.ELFError as e:
-                    warn('%s: %s' % (realpath, e))
+                    warn(f"{realpath}: {e}")
                 _all_libs[lib]['needed'] = lret['needed']
 
         del elf
@@ -549,13 +549,14 @@ def _ActionShow(options, elf):
         if options.list:
             print(fullpath or lib)
         else:
-            print('%s%s => %s' % ('    ' * depth, lib, fullpath))
+            indent = "    " * depth
+            print(f"{indent}{lib}", "=>", fullpath)
 
         new_libs = []
         for lib in elf['libs'][lib]['needed']:
             if lib in chain_libs:
                 if not options.list:
-                    print('%s%s => !!! circular loop !!!' % ('    ' * depth, lib))
+                    print(f"{indent}{lib} => !!! circular loop !!!")
                 continue
             if options.all or not lib in shown_libs:
                 shown_libs.add(lib)
@@ -584,7 +585,7 @@ def _ActionShow(options, elf):
         if not interp is None:
             print(interp)
     else:
-        print('%s (interpreter => %s)' % (elf['path'], interp))
+        print(elf["path"], f"(interpreter => {interp})")
     for lib in new_libs:
         _show(lib, 1)
 
@@ -627,7 +628,7 @@ def _ActionCopy(options, elf):
                 raise
 
         if options.verbose:
-            print('%s -> %s' % (src, dst))
+            print(src, "->", dst)
 
         os.makedirs(os.path.dirname(dst), exist_ok=True)
         try:
@@ -644,7 +645,7 @@ def _ActionCopy(options, elf):
 
         if wrapit:
             if options.verbose:
-                print('generate wrapper %s' % (dst,))
+                print("generate wrapper", dst)
 
             if options.libdir:
                 interp = os.path.join(options.libdir, os.path.basename(elf['interp']))
@@ -662,7 +663,7 @@ def _ActionCopy(options, elf):
         libdata = elf['libs'][lib]
         path = libdata['realpath']
         if path is None:
-            warn('could not locate library: %s' % lib)
+            warn("could not locate library:", lib)
             continue
         if not options.libdir:
             uniq_libpaths.add(_StripRoot(os.path.dirname(path)))
@@ -838,11 +839,11 @@ def main(argv):
                         _ActionCopy(options, elf)
                         continue
                 ret = 1
-                warn('%s: %s' % (p, e))
+                warn(f"{p}: {e}")
                 continue
             except IOError as e:
                 ret = 1
-                warn('%s: %s' % (p, e))
+                warn(f"{p}: {e}")
                 continue
 
             if options.dest is None:
@@ -853,7 +854,7 @@ def main(argv):
         if not matched:
             if not options.skip_missing:
                 ret = 1
-            warn('%s: did not match any paths' % (path,))
+            warn(f"{path}: did not match any paths")
 
     return ret
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     413a60a31daafe60a539fc113dafb1760abb1d20
Author:     Manoj Gupta <manojgupta <AT> chromium <DOT> org>
AuthorDate: Mon Nov  1 18:23:22 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:14 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=413a60a3

lddtree: Add logging for ELFParseError

Add logging inside parseELF to print the bad file if the parser
fails with ELFParseError.

Bug: https://issuetracker.google.com/issues/203821449
Signed-off-by: Manoj Gupta <manojgupta <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 3c9d66f..349bace 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -432,7 +432,11 @@ def ParseELF(path, root='/', cwd=None, prefix='',
     dbg(debug, 'ParseELF(%s)' % path)
 
     with open(path, 'rb') as f:
-        elf = ELFFile(f)
+        try:
+            elf = ELFFile(f)
+        except exceptions.ELFParseError:
+            warn("ELFParser failed to parse", path)
+            raise
 
         # If this is the first ELF, extract the interpreter.
         if _first:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     bbb4e5d73ee1f3df12a1cd467beca3a476c5f054
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 07:03:11 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:17 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bbb4e5d7

lddtree: avoid shadowing function args

pylint warns about redefining |lib| here, and it's right -- the code
is a little hard to follow because of it.  So give it a diff name.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 85dd91f..d894505 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -589,17 +589,17 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
             print(f"{indent}{lib}", "=>", fullpath)
 
         new_libs = []
-        for lib in elf['libs'][lib]['needed']:
-            if lib in chain_libs:
+        for nlib in elf["libs"][lib]["needed"]:
+            if nlib in chain_libs:
                 if not options.list:
-                    print(f"{indent}{lib} => !!! circular loop !!!")
+                    print(f"{indent}{nlib} => !!! circular loop !!!")
                 continue
-            if options.all or not lib in shown_libs:
-                shown_libs.add(lib)
-                new_libs.append(lib)
+            if options.all or not nlib in shown_libs:
+                shown_libs.add(nlib)
+                new_libs.append(nlib)
 
-        for lib in new_libs:
-            _show(lib, depth + 1)
+        for nlib in new_libs:
+            _show(nlib, depth + 1)
         chain_libs.pop()
 
     shown_libs = set(elf['needed'])


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     b74963dd2346fb526382635b7d6317653417256a
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 06:57:56 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:17 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b74963dd

lddtree: simplify join logic

No need to create a list to past to join when we can pass a generator.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 6939bb6..85dd91f 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -167,8 +167,9 @@ def GenerateLdsoWrapper(
     replacements = {
         'interp': os.path.join(os.path.relpath(interp_dir, basedir),
                                interp_name),
-        'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
-                              for p in libpaths]),
+        "libpaths": ":".join(
+            "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
+        ),
         'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp) else '',
     }
     wrapper = """#!/bin/sh


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     30d1f02c1482ea5371ee4e0a36276ae03b186208
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 07:40:48 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:17 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=30d1f02c

pylint: reformat with black

Also drop a few Python 2 specific things.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pylint | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/pylint b/pylint
index 38d77a2..463dc03 100755
--- a/pylint
+++ b/pylint
@@ -1,12 +1,9 @@
 #!/usr/bin/env python
-# -*- coding: utf-8 -*-
 # Copyright 1999-2020 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 """Run pylint with the right settings."""
 
-from __future__ import print_function
-
 import os
 import sys
 
@@ -17,10 +14,10 @@ def find_all_modules(source_root):
 
     for root, _dirs, files in os.walk(source_root, topdown=False):
         # Add all of the .py modules in the tree.
-        ret += [os.path.join(root, x) for x in files if x.endswith('.py')]
+        ret += [os.path.join(root, x) for x in files if x.endswith(".py")]
 
     # Add the main scripts that don't end in .py.
-    ret += [os.path.join(source_root, x) for x in ('pylint',)]
+    ret += [os.path.join(source_root, x) for x in ("pylint",)]
 
     return ret
 
@@ -33,17 +30,17 @@ def main(argv):
         argv = find_all_modules(source_root)
 
     pympath = source_root
-    pythonpath = os.environ.get('PYTHONPATH')
+    pythonpath = os.environ.get("PYTHONPATH")
     if pythonpath is None:
         pythonpath = pympath
     else:
-        pythonpath = pympath + ':' + pythonpath
-    os.environ['PYTHONPATH'] = pythonpath
+        pythonpath = pympath + ":" + pythonpath
+    os.environ["PYTHONPATH"] = pythonpath
 
-    pylintrc = os.path.join(source_root, '.pylintrc')
-    cmd = ['pylint', '--rcfile', pylintrc]
+    pylintrc = os.path.join(source_root, ".pylintrc")
+    cmd = ["pylint", "--rcfile", pylintrc]
     os.execvp(cmd[0], cmd + argv)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     sys.exit(main(sys.argv[1:]))


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     1ddedd87363c65d6b910fe32da0f1764ba1329a9
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 07:39:56 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:17 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1ddedd87

lddtree: reformat with black

Largely this is just single quotes -> double quotes.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 503 ++++++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 294 insertions(+), 209 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index d894505..e851ac1 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -50,7 +50,7 @@ import shutil
 import sys
 from typing import Any, Iterable, Optional, Union
 
-assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}'
+assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}"
 
 try:
     import argcomplete
@@ -63,12 +63,12 @@ from elftools.elf.elffile import ELFFile
 
 def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
     """Write |msg| to stderr with a |prefix| before it"""
-    print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr)
+    print("%s: %s: %s" % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr)
 
 
 def err(msg: Any, status: Optional[int] = 1) -> None:
     """Write |msg| to stderr and exit with |status|"""
-    warn(msg, prefix='error')
+    warn(msg, prefix="error")
     sys.exit(status)
 
 
@@ -82,7 +82,7 @@ def bstr(buf: Union[bytes, str]) -> str:
     """Decode the byte string into a string"""
     if isinstance(buf, str):
         return buf
-    return buf.decode('utf-8')
+    return buf.decode("utf-8")
 
 
 def normpath(path: str) -> str:
@@ -93,7 +93,7 @@ def normpath(path: str) -> str:
       //..// -> //
       //..//..// -> ///
     """
-    return os.path.normpath(path).replace('//', '/')
+    return os.path.normpath(path).replace("//", "/")
 
 
 @functools.lru_cache(maxsize=None)
@@ -115,9 +115,9 @@ def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str:
     Returns:
       A fully resolved symlink path
     """
-    root = root.rstrip('/')
+    root = root.rstrip("/")
     if prefixed:
-        path = path[len(root):]
+        path = path[len(root) :]
 
     while os.path.islink(root + path):
         path = os.path.join(os.path.dirname(path), os.readlink(root + path))
@@ -137,9 +137,9 @@ def interp_supports_argv0(interp: str) -> bool:
 
     Starting with glibc-2.33, the ldso supports --argv0 to override argv[0].
     """
-    with open(interp, 'rb') as fp:
+    with open(interp, "rb") as fp:
         with mmap.mmap(fp.fileno(), 0, prot=mmap.PROT_READ) as mm:
-            return mm.find(b'--argv0') >= 0
+            return mm.find(b"--argv0") >= 0
 
 
 def GenerateLdsoWrapper(
@@ -165,12 +165,11 @@ def GenerateLdsoWrapper(
     # Add ldso interpreter dir to end of libpaths as a fallback library path.
     libpaths = dedupe(list(libpaths) + [interp_dir])
     replacements = {
-        'interp': os.path.join(os.path.relpath(interp_dir, basedir),
-                               interp_name),
+        "interp": os.path.join(os.path.relpath(interp_dir, basedir), interp_name),
         "libpaths": ":".join(
             "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
         ),
-        'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp) else '',
+        "argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp) else "",
     }
     wrapper = """#!/bin/sh
 if ! base=$(realpath "$0" 2>/dev/null); then
@@ -190,8 +189,8 @@ exec \\
   "$@"
 """
     wrappath = root + path
-    os.rename(wrappath, wrappath + '.elf')
-    with open(wrappath, 'w', encoding='utf-8') as f:
+    os.rename(wrappath, wrappath + ".elf")
+    with open(wrappath, "w", encoding="utf-8") as f:
         f.write(wrapper % replacements)
     os.chmod(wrappath, 0o0755)
 
@@ -223,17 +222,17 @@ def ParseLdPaths(
         cwd = os.getcwd()
 
     ldpaths = []
-    for ldpath in str_ldpaths.split(':'):
+    for ldpath in str_ldpaths.split(":"):
         # Expand placeholders first.
-        if '$ORIGIN' in ldpath:
-            ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path))
-        elif '${ORIGIN}' in ldpath:
-            ldpath = ldpath.replace('${ORIGIN}', os.path.dirname(path))
+        if "$ORIGIN" in ldpath:
+            ldpath = ldpath.replace("$ORIGIN", os.path.dirname(path))
+        elif "${ORIGIN}" in ldpath:
+            ldpath = ldpath.replace("${ORIGIN}", os.path.dirname(path))
 
         # Expand relative paths if needed.  These don't make sense in general,
         # but that doesn't stop people from using them.  As such, root prefix
         # doesn't make sense with it either.
-        if not ldpath.startswith('/'):
+        if not ldpath.startswith("/"):
             # NB: The ldso treats "" paths as cwd too.
             ldpath = os.path.join(cwd, ldpath)
         else:
@@ -265,27 +264,29 @@ def ParseLdSoConf(
     """
     paths = []
 
-    dbg_pfx = '' if _first else '  '
+    dbg_pfx = "" if _first else "  "
     try:
         dbg(debug, f"{dbg_pfx}ParseLdSoConf({ldso_conf})")
-        with open(ldso_conf, encoding='utf-8') as f:
+        with open(ldso_conf, encoding="utf-8") as f:
             for line in f.readlines():
-                line = line.split('#', 1)[0].strip()
+                line = line.split("#", 1)[0].strip()
                 if not line:
                     continue
-                if line.startswith('include '):
+                if line.startswith("include "):
                     line = line[8:]
-                    if line[0] == '/':
-                        line = root + line.lstrip('/')
+                    if line[0] == "/":
+                        line = root + line.lstrip("/")
                     else:
-                        line = os.path.dirname(ldso_conf) + '/' + line
+                        line = os.path.dirname(ldso_conf) + "/" + line
                     dbg(debug, dbg_pfx, "glob:", line)
                     # ldconfig in glibc uses glob() which returns entries sorted according
                     # to LC_COLLATE.  Further, ldconfig does not reset that but respects
                     # the active env settings (which might be a mistake).  Python does not
                     # sort its results by default though, so do it ourselves.
                     for path in sorted(glob.glob(line)):
-                        paths += ParseLdSoConf(path, root=root, debug=debug, _first=False)
+                        paths += ParseLdSoConf(
+                            path, root=root, debug=debug, _first=False
+                        )
                 else:
                     paths += [normpath(root + line)]
     except IOError as e:
@@ -320,25 +321,26 @@ def LoadLdpaths(
       dict containing library paths to search
     """
     ldpaths: dict[str, list[str]] = {
-        'conf': [],
-        'env': [],
-        'interp': [],
+        "conf": [],
+        "env": [],
+        "interp": [],
     }
 
     # Load up $LD_LIBRARY_PATH.
-    ldpaths['env'] = []
-    env_ldpath = os.environ.get('LD_LIBRARY_PATH')
+    ldpaths["env"] = []
+    env_ldpath = os.environ.get("LD_LIBRARY_PATH")
     if not env_ldpath is None:
-        if root != '/':
-            warn('ignoring LD_LIBRARY_PATH due to ROOT usage')
+        if root != "/":
+            warn("ignoring LD_LIBRARY_PATH due to ROOT usage")
         else:
             # XXX: If this contains $ORIGIN, we probably have to parse this
             # on a per-ELF basis so it can get turned into the right thing.
-            ldpaths['env'] = ParseLdPaths(env_ldpath, cwd=cwd, path='')
+            ldpaths["env"] = ParseLdPaths(env_ldpath, cwd=cwd, path="")
 
     # Load up /etc/ld.so.conf.
-    ldpaths['conf'] = ParseLdSoConf(root + prefix + '/etc/ld.so.conf', root=root,
-                                    debug=debug)
+    ldpaths["conf"] = ParseLdSoConf(
+        root + prefix + "/etc/ld.so.conf", root=root, debug=debug
+    )
 
     return ldpaths
 
@@ -356,14 +358,16 @@ def CompatibleELFs(elf1: ELFFile, elf2: ELFFile) -> bool:
     Returns:
       True if compatible, False otherwise
     """
-    osabis = frozenset([e.header['e_ident']['EI_OSABI'] for e in (elf1, elf2)])
+    osabis = frozenset([e.header["e_ident"]["EI_OSABI"] for e in (elf1, elf2)])
     compat_sets = (
         frozenset(f"ELFOSABI_{x}" for x in ("NONE", "SYSV", "GNU", "LINUX")),
     )
-    return ((len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets)) and
-            elf1.elfclass == elf2.elfclass and
-            elf1.little_endian == elf2.little_endian and
-            elf1.header['e_machine'] == elf2.header['e_machine'])
+    return (
+        (len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets))
+        and elf1.elfclass == elf2.elfclass
+        and elf1.little_endian == elf2.little_endian
+        and elf1.header["e_machine"] == elf2.header["e_machine"]
+    )
 
 
 def FindLib(
@@ -393,10 +397,10 @@ def FindLib(
         if path != target:
             dbg(debug, "    checking:", path, "->", target)
         else:
-            dbg(debug, '    checking:', path)
+            dbg(debug, "    checking:", path)
 
         if os.path.exists(target):
-            with open(target, 'rb') as f:
+            with open(target, "rb") as f:
                 try:
                     libelf = ELFFile(f)
                     if CompatibleELFs(elf, libelf):
@@ -456,18 +460,18 @@ def ParseELF(
         _all_libs = {}
         ldpaths = ldpaths.copy()
     ret = {
-        'interp': None,
-        'path': path if display is None else display,
-        'realpath': path,
-        'needed': [],
-        'rpath': [],
-        'runpath': [],
-        'libs': _all_libs,
+        "interp": None,
+        "path": path if display is None else display,
+        "realpath": path,
+        "needed": [],
+        "rpath": [],
+        "runpath": [],
+        "libs": _all_libs,
     }
 
     dbg(debug, f"ParseELF({path})")
 
-    with open(path, 'rb') as f:
+    with open(path, "rb") as f:
         try:
             elf = ELFFile(f)
         except exceptions.ELFParseError:
@@ -477,17 +481,17 @@ def ParseELF(
         # If this is the first ELF, extract the interpreter.
         if _first:
             for segment in elf.iter_segments():
-                if segment.header.p_type != 'PT_INTERP':
+                if segment.header.p_type != "PT_INTERP":
                     continue
 
                 interp = bstr(segment.get_interp_name())
-                dbg(debug, '  interp           =', interp)
-                ret['interp'] = normpath(root + interp)
-                real_interp = readlink(ret['interp'], root, prefixed=True)
-                ret['libs'][os.path.basename(interp)] = {
-                    'path': ret['interp'],
-                    'realpath': real_interp,
-                    'needed': [],
+                dbg(debug, "  interp           =", interp)
+                ret["interp"] = normpath(root + interp)
+                real_interp = readlink(ret["interp"], root, prefixed=True)
+                ret["libs"][os.path.basename(interp)] = {
+                    "path": ret["interp"],
+                    "realpath": real_interp,
+                    "needed": [],
                 }
                 # XXX: Could read it and scan for /lib paths.
                 # If the interp is a symlink, lets follow it on the assumption that it
@@ -498,12 +502,16 @@ def ParseELF(
                 # ld64.so.1 is really a symlink to ../lib64/ld64.so.1.  In the multiarch
                 # setup, it'll be /lib/ld64.so.1 -> /lib/s390x-linux-gnu/ld64.so.1.
                 # That is why we use |real_interp| here instead of |interp|.
-                ldpaths['interp'] = [
+                ldpaths["interp"] = [
                     os.path.dirname(real_interp),
-                    normpath(root + prefix + '/usr/' + os.path.dirname(
-                        real_interp)[len(root) + len(prefix):]),
+                    normpath(
+                        root
+                        + prefix
+                        + "/usr/"
+                        + os.path.dirname(real_interp)[len(root) + len(prefix) :]
+                    ),
                 ]
-                dbg(debug, '  ldpaths[interp]  =', ldpaths['interp'])
+                dbg(debug, "  ldpaths[interp]  =", ldpaths["interp"])
                 break
 
         # Parse the ELF's dynamic tags.
@@ -511,15 +519,17 @@ def ParseELF(
         rpaths = []
         runpaths = []
         for segment in elf.iter_segments():
-            if segment.header.p_type != 'PT_DYNAMIC':
+            if segment.header.p_type != "PT_DYNAMIC":
                 continue
 
             for t in segment.iter_tags():
-                if t.entry.d_tag == 'DT_RPATH':
+                if t.entry.d_tag == "DT_RPATH":
                     rpaths = ParseLdPaths(bstr(t.rpath), root=root, cwd=cwd, path=path)
-                elif t.entry.d_tag == 'DT_RUNPATH':
-                    runpaths = ParseLdPaths(bstr(t.runpath), root=root, cwd=cwd, path=path)
-                elif t.entry.d_tag == 'DT_NEEDED':
+                elif t.entry.d_tag == "DT_RUNPATH":
+                    runpaths = ParseLdPaths(
+                        bstr(t.runpath), root=root, cwd=cwd, path=path
+                    )
+                elif t.entry.d_tag == "DT_NEEDED":
                     libs.append(bstr(t.needed))
             if runpaths:
                 # If both RPATH and RUNPATH are set, only the latter is used.
@@ -531,13 +541,13 @@ def ParseELF(
         if _first:
             # Propagate the rpaths used by the main ELF since those will be
             # used at runtime to locate things.
-            ldpaths['rpath'] = rpaths
-            ldpaths['runpath'] = runpaths
-            dbg(debug, '  ldpaths[rpath]   =', rpaths)
-            dbg(debug, '  ldpaths[runpath] =', runpaths)
-        ret['rpath'] = rpaths
-        ret['runpath'] = runpaths
-        ret['needed'] = libs
+            ldpaths["rpath"] = rpaths
+            ldpaths["runpath"] = runpaths
+            dbg(debug, "  ldpaths[rpath]   =", rpaths)
+            dbg(debug, "  ldpaths[runpath] =", runpaths)
+        ret["rpath"] = rpaths
+        ret["runpath"] = runpaths
+        ret["needed"] = libs
 
         # Search for the libs this ELF uses.
         all_ldpaths = None
@@ -546,29 +556,42 @@ def ParseELF(
                 continue
             if all_ldpaths is None:
                 all_ldpaths = (
-                    rpaths + ldpaths['rpath'] +
-                    ldpaths['env'] +
-                    runpaths + ldpaths['runpath'] +
-                    ldpaths['conf'] +
-                    ldpaths['interp']
+                    rpaths
+                    + ldpaths["rpath"]
+                    + ldpaths["env"]
+                    + runpaths
+                    + ldpaths["runpath"]
+                    + ldpaths["conf"]
+                    + ldpaths["interp"]
                 )
             realpath, fullpath = FindLib(elf, lib, all_ldpaths, root, debug=debug)
             _all_libs[lib] = {
-                'realpath': realpath,
-                'path': fullpath,
-                'needed': [],
+                "realpath": realpath,
+                "path": fullpath,
+                "needed": [],
             }
             if realpath is not None:
                 try:
-                    lret = ParseELF(realpath, root, cwd, prefix, ldpaths, display=fullpath,
-                                    debug=debug, _first=False, _all_libs=_all_libs)
+                    lret = ParseELF(
+                        realpath,
+                        root,
+                        cwd,
+                        prefix,
+                        ldpaths,
+                        display=fullpath,
+                        debug=debug,
+                        _first=False,
+                        _all_libs=_all_libs,
+                    )
                 except exceptions.ELFError as e:
                     warn(f"{realpath}: {e}")
-                _all_libs[lib]['needed'] = lret['needed']
+                _all_libs[lib]["needed"] = lret["needed"]
 
         del elf
 
     return ret
+
+
 # pylint: enable=dangerous-default-value
 
 
@@ -579,9 +602,10 @@ class _NormalizePathAction(argparse.Action):
 
 def _ActionShow(options: argparse.Namespace, elf: dict):
     """Show the dependency tree for this ELF"""
+
     def _show(lib, depth):
         chain_libs.append(lib)
-        fullpath = elf['libs'][lib]['path']
+        fullpath = elf["libs"][lib]["path"]
         if options.list:
             print(fullpath or lib)
         else:
@@ -602,10 +626,10 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
             _show(nlib, depth + 1)
         chain_libs.pop()
 
-    shown_libs = set(elf['needed'])
-    new_libs = elf['needed'][:]
+    shown_libs = set(elf["needed"])
+    new_libs = elf["needed"][:]
     chain_libs: list[str] = []
-    interp = elf['interp']
+    interp = elf["interp"]
     if interp:
         lib = os.path.basename(interp)
         shown_libs.add(lib)
@@ -617,7 +641,7 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
         if not options.all and options.list and lib in new_libs:
             new_libs.remove(lib)
     if options.list:
-        print(elf['path'])
+        print(elf["path"])
         if not interp is None:
             print(interp)
     else:
@@ -628,17 +652,17 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
 
 def _ActionCopy(options: argparse.Namespace, elf: dict):
     """Copy the ELF and its dependencies to a destination tree"""
+
     def _StripRoot(path: str) -> str:
-        return path[len(options.root) - 1:]
+        return path[len(options.root) - 1 :]
 
-    def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(),
-              outdir=None):
+    def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(), outdir=None):
         if realsrc is None:
             return
 
         if wrapit:
             # Static ELFs don't need to be wrapped.
-            if not elf['interp']:
+            if not elf["interp"]:
                 wrapit = False
 
         striproot = _StripRoot if striproot else lambda x: x
@@ -651,11 +675,10 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
 
         try:
             # See if they're the same file.
-            nstat = os.stat(dst + ('.elf' if wrapit else ''))
+            nstat = os.stat(dst + (".elf" if wrapit else ""))
             ostat = os.stat(realsrc)
-            for field in ('mode', 'mtime', 'size'):
-                if getattr(ostat, 'st_' + field) != \
-                   getattr(nstat, 'st_' + field):
+            for field in ("mode", "mtime", "size"):
+                if getattr(ostat, "st_" + field) != getattr(nstat, "st_" + field):
                     break
             else:
                 return
@@ -684,9 +707,9 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
                 print("generate wrapper", dst)
 
             if options.libdir:
-                interp = os.path.join(options.libdir, os.path.basename(elf['interp']))
+                interp = os.path.join(options.libdir, os.path.basename(elf["interp"]))
             else:
-                interp = _StripRoot(elf['interp'])
+                interp = _StripRoot(elf["interp"])
             GenerateLdsoWrapper(options.dest, subdst, interp, libpaths)
 
     # XXX: We should automatically import libgcc_s.so whenever libpthread.so
@@ -695,99 +718,153 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
     # the libnsl.so and libnss_*.so libraries, as well as an open ended list
     # for known libs that get loaded (e.g. curl will dlopen(libresolv)).
     uniq_libpaths = set()
-    for lib in elf['libs']:
-        libdata = elf['libs'][lib]
-        path = libdata['realpath']
+    for lib in elf["libs"]:
+        libdata = elf["libs"][lib]
+        path = libdata["realpath"]
         if path is None:
             warn("could not locate library:", lib)
             continue
         if not options.libdir:
             uniq_libpaths.add(_StripRoot(os.path.dirname(path)))
-        _copy(path, libdata['path'], outdir=options.libdir)
+        _copy(path, libdata["path"], outdir=options.libdir)
 
     if not options.libdir:
         libpaths = list(uniq_libpaths)
-        if elf['runpath']:
-            libpaths = elf['runpath'] + libpaths
+        if elf["runpath"]:
+            libpaths = elf["runpath"] + libpaths
         else:
-            libpaths = elf['rpath'] + libpaths
+            libpaths = elf["rpath"] + libpaths
     else:
         uniq_libpaths.add(options.libdir)
         libpaths = list(uniq_libpaths)
 
     # We don't bother to copy this as ParseElf adds the interp to the 'libs',
     # so it was already copied in the libs loop above.
-    #_copy(elf['interp'], outdir=options.libdir)
-    _copy(elf['realpath'], elf['path'], striproot=options.auto_root,
-          wrapit=options.generate_wrappers, libpaths=libpaths,
-          outdir=options.bindir)
+    # _copy(elf['interp'], outdir=options.libdir)
+    _copy(
+        elf["realpath"],
+        elf["path"],
+        striproot=options.auto_root,
+        wrapit=options.generate_wrappers,
+        libpaths=libpaths,
+        outdir=options.bindir,
+    )
 
 
 def GetParser() -> argparse.ArgumentParser:
     """Get a CLI parser."""
     parser = argparse.ArgumentParser(
-        description=__doc__,
-        formatter_class=argparse.RawDescriptionHelpFormatter)
-    parser.add_argument('-a', '--all',
-                        action='store_true', default=False,
-                        help='Show all duplicated dependencies')
-    parser.add_argument('-l', '--list',
-                        action='store_true', default=False,
-                        help='Display output in a simple list (easy for copying)')
-    parser.add_argument('-x', '--debug',
-                        action='store_true', default=False,
-                        help='Run with debugging')
-    parser.add_argument('-v', '--verbose',
-                        action='store_true', default=False,
-                        help='Be verbose')
-    parser.add_argument('--skip-non-elfs',
-                        action='store_true', default=False,
-                        help='Skip plain (non-ELF) files instead of warning')
-    parser.add_argument('--skip-missing',
-                        action='store_true', default=False,
-                        help='Skip missing files instead of failing')
-    parser.add_argument('-V', '--version',
-                        action='version',
-                        version='lddtree by Mike Frysinger <vapier@gentoo.org>',
-                        help='Show version information')
-    parser.add_argument('path', nargs='+')
-
-    group = parser.add_argument_group('Path options')
-    group.add_argument('-R', '--root',
-                       default=os.environ.get('ROOT', ''), type=str,
-                       action=_NormalizePathAction,
-                       help='Search for all files/dependencies in ROOT')
-    group.add_argument('--no-auto-root',
-                       dest='auto_root', action='store_false', default=True,
-                       help='Do not automatically prefix input ELFs with ROOT')
-    group.add_argument('-C', '--cwd',
-                       default=os.getcwd(), type=str, action=_NormalizePathAction,
-                       help='Path to resolve relative paths against')
-    group.add_argument('-P', '--prefix',
-                       default=os.environ.get(
-                           'EPREFIX', '@GENTOO_PORTAGE_EPREFIX@'), type=str,
-                       action=_NormalizePathAction,
-                       help='Specify EPREFIX for binaries (for Gentoo Prefix)')
-
-    group = parser.add_argument_group('Copying options')
-    group.add_argument('--copy-to-tree',
-                       dest='dest', default=None, type=str,
-                       action=_NormalizePathAction,
-                       help='Copy all files to the specified tree')
-    group.add_argument('--bindir',
-                       default=None, type=str,
-                       action=_NormalizePathAction,
-                       help='Dir to store all ELFs specified on the command line')
-    group.add_argument('--libdir',
-                       default=None, type=str,
-                       action=_NormalizePathAction,
-                       help='Dir to store all ELF libs')
-    group.add_argument('--generate-wrappers',
-                       action='store_true', default=False,
-                       help='Wrap executable ELFs with scripts for local ldso')
-    group.add_argument('--copy-non-elfs',
-                       action='store_true', default=False,
-                       help='Copy over plain (non-ELF) files instead of warn+ignore')
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument(
+        "-a",
+        "--all",
+        action="store_true",
+        default=False,
+        help="Show all duplicated dependencies",
+    )
+    parser.add_argument(
+        "-l",
+        "--list",
+        action="store_true",
+        default=False,
+        help="Display output in a simple list (easy for copying)",
+    )
+    parser.add_argument(
+        "-x", "--debug", action="store_true", default=False, help="Run with debugging"
+    )
+    parser.add_argument(
+        "-v", "--verbose", action="store_true", default=False, help="Be verbose"
+    )
+    parser.add_argument(
+        "--skip-non-elfs",
+        action="store_true",
+        default=False,
+        help="Skip plain (non-ELF) files instead of warning",
+    )
+    parser.add_argument(
+        "--skip-missing",
+        action="store_true",
+        default=False,
+        help="Skip missing files instead of failing",
+    )
+    parser.add_argument(
+        "-V",
+        "--version",
+        action="version",
+        version="lddtree by Mike Frysinger <vapier@gentoo.org>",
+        help="Show version information",
+    )
+    parser.add_argument("path", nargs="+")
+
+    group = parser.add_argument_group("Path options")
+    group.add_argument(
+        "-R",
+        "--root",
+        default=os.environ.get("ROOT", ""),
+        type=str,
+        action=_NormalizePathAction,
+        help="Search for all files/dependencies in ROOT",
+    )
+    group.add_argument(
+        "--no-auto-root",
+        dest="auto_root",
+        action="store_false",
+        default=True,
+        help="Do not automatically prefix input ELFs with ROOT",
+    )
+    group.add_argument(
+        "-C",
+        "--cwd",
+        default=os.getcwd(),
+        type=str,
+        action=_NormalizePathAction,
+        help="Path to resolve relative paths against",
+    )
+    group.add_argument(
+        "-P",
+        "--prefix",
+        default=os.environ.get("EPREFIX", "@GENTOO_PORTAGE_EPREFIX@"),
+        type=str,
+        action=_NormalizePathAction,
+        help="Specify EPREFIX for binaries (for Gentoo Prefix)",
+    )
+
+    group = parser.add_argument_group("Copying options")
+    group.add_argument(
+        "--copy-to-tree",
+        dest="dest",
+        default=None,
+        type=str,
+        action=_NormalizePathAction,
+        help="Copy all files to the specified tree",
+    )
+    group.add_argument(
+        "--bindir",
+        default=None,
+        type=str,
+        action=_NormalizePathAction,
+        help="Dir to store all ELFs specified on the command line",
+    )
+    group.add_argument(
+        "--libdir",
+        default=None,
+        type=str,
+        action=_NormalizePathAction,
+        help="Dir to store all ELF libs",
+    )
+    group.add_argument(
+        "--generate-wrappers",
+        action="store_true",
+        default=False,
+        help="Wrap executable ELFs with scripts for local ldso",
+    )
+    group.add_argument(
+        "--copy-non-elfs",
+        action="store_true",
+        default=False,
+        help="Copy over plain (non-ELF) files instead of warn+ignore",
+    )
 
     if argcomplete is not None:
         argcomplete.autocomplete(parser)
@@ -800,41 +877,42 @@ def main(argv: list[str]) -> Optional[int]:
     options = parser.parse_args(argv)
     paths = options.path
 
-    if options.root != '/':
-        options.root += '/'
-    if options.prefix == '@''GENTOO_PORTAGE_EPREFIX''@':
-        options.prefix = ''
+    if options.root != "/":
+        options.root += "/"
+    if options.prefix == "@" "GENTOO_PORTAGE_EPREFIX" "@":
+        options.prefix = ""
 
-    if options.bindir and options.bindir[0] != '/':
-        parser.error('--bindir accepts absolute paths only')
-    if options.libdir and options.libdir[0] != '/':
-        parser.error('--libdir accepts absolute paths only')
+    if options.bindir and options.bindir[0] != "/":
+        parser.error("--bindir accepts absolute paths only")
+    if options.libdir and options.libdir[0] != "/":
+        parser.error("--libdir accepts absolute paths only")
 
     if options.skip_non_elfs and options.copy_non_elfs:
-        parser.error('pick one handler for non-ELFs: skip or copy')
+        parser.error("pick one handler for non-ELFs: skip or copy")
 
-    dbg(options.debug, 'root =', options.root)
-    dbg(options.debug, 'cwd =', options.cwd)
+    dbg(options.debug, "root =", options.root)
+    dbg(options.debug, "cwd =", options.cwd)
     if options.dest:
-        dbg(options.debug, 'dest =', options.dest)
+        dbg(options.debug, "dest =", options.dest)
     if not paths:
-        err('missing ELF files to scan')
+        err("missing ELF files to scan")
 
-    ldpaths = LoadLdpaths(options.root, cwd=options.cwd, prefix=options.prefix,
-                          debug=options.debug)
-    dbg(options.debug, 'ldpaths[conf] =', ldpaths['conf'])
-    dbg(options.debug, 'ldpaths[env]  =', ldpaths['env'])
+    ldpaths = LoadLdpaths(
+        options.root, cwd=options.cwd, prefix=options.prefix, debug=options.debug
+    )
+    dbg(options.debug, "ldpaths[conf] =", ldpaths["conf"])
+    dbg(options.debug, "ldpaths[env]  =", ldpaths["env"])
 
     # Process all the files specified.
     ret = 0
     for path in paths:
-        dbg(options.debug, 'argv[x]       =', path)
+        dbg(options.debug, "argv[x]       =", path)
         # Only auto-prefix the path if the ELF is absolute.
         # If it's a relative path, the user most likely wants
         # the local path.
-        if options.auto_root and path.startswith('/'):
-            path = options.root + path.lstrip('/')
-            dbg(options.debug, '  +auto-root  =', path)
+        if options.auto_root and path.startswith("/"):
+            path = options.root + path.lstrip("/")
+            dbg(options.debug, "  +auto-root  =", path)
 
         matched = False
         for p in glob.iglob(path):
@@ -844,20 +922,27 @@ def main(argv: list[str]) -> Optional[int]:
             #   $ lddtree --root $PWD/root /bin/sh
             # First we'd turn /bin/sh into $PWD/root/bin/sh, then we want to resolve
             # the symlink to $PWD/root/bin/bash rather than a plain /bin/bash.
-            dbg(options.debug, '  globbed     =', p)
-            if not path.startswith('/'):
+            dbg(options.debug, "  globbed     =", p)
+            if not path.startswith("/"):
                 realpath = os.path.realpath(path)
             elif options.auto_root:
                 realpath = readlink(p, options.root, prefixed=True)
             else:
                 realpath = path
             if path != realpath:
-                dbg(options.debug, '  resolved    =', realpath)
+                dbg(options.debug, "  resolved    =", realpath)
 
             matched = True
             try:
-                elf = ParseELF(realpath, options.root, options.cwd, options.prefix, ldpaths,
-                               display=p, debug=options.debug)
+                elf = ParseELF(
+                    realpath,
+                    options.root,
+                    options.cwd,
+                    options.prefix,
+                    ldpaths,
+                    display=p,
+                    debug=options.debug,
+                )
             except exceptions.ELFError as e:
                 if options.skip_non_elfs:
                     continue
@@ -865,12 +950,12 @@ def main(argv: list[str]) -> Optional[int]:
                 if options.dest is not None and options.copy_non_elfs:
                     if os.path.exists(p):
                         elf = {
-                            'interp': None,
-                            'libs': [],
-                            'runpath': [],
-                            'rpath': [],
-                            'path': p,
-                            'realpath': realpath,
+                            "interp": None,
+                            "libs": [],
+                            "runpath": [],
+                            "rpath": [],
+                            "path": p,
+                            "realpath": realpath,
                         }
                         _ActionCopy(options, elf)
                         continue
@@ -895,5 +980,5 @@ def main(argv: list[str]) -> Optional[int]:
     return ret
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     sys.exit(main(sys.argv[1:]))


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2022-09-28  7:42 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2022-09-28  7:42 UTC (permalink / raw
  To: gentoo-commits

commit:     b07b25dcc8ad0e518d801bc23d01fb59cc6de442
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 06:03:01 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 07:42:17 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b07b25dc

lddtree: add typing info to more places

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 87 +++++++++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 61 insertions(+), 26 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index ecb353d..6939bb6 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -48,6 +48,7 @@ import mmap
 import os
 import shutil
 import sys
+from typing import Any, Iterable, Optional, Union
 
 assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}'
 
@@ -60,31 +61,31 @@ from elftools.common import exceptions
 from elftools.elf.elffile import ELFFile
 
 
-def warn(msg, prefix='warning'):
+def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
     """Write |msg| to stderr with a |prefix| before it"""
     print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr)
 
 
-def err(msg, status=1):
+def err(msg: Any, status: Optional[int] = 1) -> None:
     """Write |msg| to stderr and exit with |status|"""
     warn(msg, prefix='error')
     sys.exit(status)
 
 
-def dbg(debug, *args, **kwargs):
+def dbg(debug: bool, *args, **kwargs) -> None:
     """Pass |args| and |kwargs| to print() when |debug| is True"""
     if debug:
         print(*args, **kwargs)
 
 
-def bstr(buf):
+def bstr(buf: Union[bytes, str]) -> str:
     """Decode the byte string into a string"""
     if isinstance(buf, str):
         return buf
     return buf.decode('utf-8')
 
 
-def normpath(path):
+def normpath(path: str) -> str:
     """Normalize a path
 
     Python's os.path.normpath() doesn't handle some cases:
@@ -96,7 +97,7 @@ def normpath(path):
 
 
 @functools.lru_cache(maxsize=None)
-def readlink(path, root, prefixed=False):
+def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str:
     """Like os.readlink(), but relative to a |root|
 
     This does not currently handle the pathological case:
@@ -124,14 +125,14 @@ def readlink(path, root, prefixed=False):
     return normpath((root + path) if prefixed else path)
 
 
-def dedupe(items):
+def dedupe(items: list[str]) -> list[str]:
     """Remove all duplicates from |items| (keeping order)"""
-    seen = {}
+    seen: dict[str, str] = {}
     return [seen.setdefault(x, x) for x in items if x not in seen]
 
 
 @functools.lru_cache(maxsize=None)
-def interp_supports_argv0(interp) -> bool:
+def interp_supports_argv0(interp: str) -> bool:
     """See whether |interp| supports the --argv0 option.
 
     Starting with glibc-2.33, the ldso supports --argv0 to override argv[0].
@@ -141,7 +142,12 @@ def interp_supports_argv0(interp) -> bool:
             return mm.find(b'--argv0') >= 0
 
 
-def GenerateLdsoWrapper(root, path, interp, libpaths=()):
+def GenerateLdsoWrapper(
+    root: str,
+    path: str,
+    interp: str,
+    libpaths: Iterable[str] = (),
+) -> None:
     """Generate a shell script wrapper which uses local ldso to run the ELF
 
     Since we cannot rely on the host glibc (or other libraries), we need to
@@ -190,7 +196,12 @@ exec \\
 
 
 @functools.lru_cache(maxsize=None)
-def ParseLdPaths(str_ldpaths, root='', cwd=None, path=None):
+def ParseLdPaths(
+    str_ldpaths: str,
+    root: str = "",
+    cwd: Optional[str] = None,
+    path: str = "",
+) -> list[str]:
     """Parse the colon-delimited list of paths and apply ldso rules to each
 
     Note the special handling as dictated by the ldso:
@@ -232,7 +243,12 @@ def ParseLdPaths(str_ldpaths, root='', cwd=None, path=None):
     return dedupe(ldpaths)
 
 
-def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
+def ParseLdSoConf(
+    ldso_conf: str,
+    root: str = "/",
+    debug: bool = False,
+    _first: bool = True,
+) -> list[str]:
     """Load all the paths from a given ldso config file
 
     This should handle comments, whitespace, and "include" statements.
@@ -283,7 +299,12 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
     return paths
 
 
-def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
+def LoadLdpaths(
+    root: str = "/",
+    cwd: Optional[str] = None,
+    prefix: str = "",
+    debug: bool = False,
+) -> dict[str, list[str]]:
     """Load linker paths from common locations
 
     This parses the ld.so.conf and LD_LIBRARY_PATH env var.
@@ -297,7 +318,7 @@ def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
     Returns:
       dict containing library paths to search
     """
-    ldpaths = {
+    ldpaths: dict[str, list[str]] = {
         'conf': [],
         'env': [],
         'interp': [],
@@ -321,7 +342,7 @@ def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
     return ldpaths
 
 
-def CompatibleELFs(elf1, elf2):
+def CompatibleELFs(elf1: ELFFile, elf2: ELFFile) -> bool:
     """See if two ELFs are compatible
 
     This compares the aspects of the ELF to see if they're compatible:
@@ -344,7 +365,13 @@ def CompatibleELFs(elf1, elf2):
             elf1.header['e_machine'] == elf2.header['e_machine'])
 
 
-def FindLib(elf, lib, ldpaths, root='/', debug=False):
+def FindLib(
+    elf: ELFFile,
+    lib: str,
+    ldpaths: list[str],
+    root: str = "/",
+    debug: bool = False,
+) -> tuple[Optional[str], Optional[str]]:
     """Try to locate a |lib| that is compatible to |elf| in the given |ldpaths|
 
     Args:
@@ -381,9 +408,17 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
 
 # We abuse the _all_libs state.  We probably shouldn't, but we do currently.
 # pylint: disable=dangerous-default-value
-def ParseELF(path, root='/', cwd=None, prefix='',
-             ldpaths={'conf':[], 'env':[], 'interp':[]},
-             display=None, debug=False, _first=True, _all_libs={}):
+def ParseELF(
+    path: str,
+    root: str = "/",
+    cwd: Optional[str] = None,
+    prefix: str = "",
+    ldpaths={"conf": [], "env": [], "interp": []},
+    display: Optional[str] = None,
+    debug: bool = False,
+    _first: bool = True,
+    _all_libs={},
+) -> dict[str, Any]:
     """Parse the ELF dependency tree of the specified file
 
     Args:
@@ -522,7 +557,7 @@ def ParseELF(path, root='/', cwd=None, prefix='',
                 'path': fullpath,
                 'needed': [],
             }
-            if fullpath:
+            if realpath is not None:
                 try:
                     lret = ParseELF(realpath, root, cwd, prefix, ldpaths, display=fullpath,
                                     debug=debug, _first=False, _all_libs=_all_libs)
@@ -541,7 +576,7 @@ class _NormalizePathAction(argparse.Action):
         setattr(namespace, self.dest, normpath(values))
 
 
-def _ActionShow(options, elf):
+def _ActionShow(options: argparse.Namespace, elf: dict):
     """Show the dependency tree for this ELF"""
     def _show(lib, depth):
         chain_libs.append(lib)
@@ -568,7 +603,7 @@ def _ActionShow(options, elf):
 
     shown_libs = set(elf['needed'])
     new_libs = elf['needed'][:]
-    chain_libs = []
+    chain_libs: list[str] = []
     interp = elf['interp']
     if interp:
         lib = os.path.basename(interp)
@@ -590,9 +625,9 @@ def _ActionShow(options, elf):
         _show(lib, 1)
 
 
-def _ActionCopy(options, elf):
+def _ActionCopy(options: argparse.Namespace, elf: dict):
     """Copy the ELF and its dependencies to a destination tree"""
-    def _StripRoot(path):
+    def _StripRoot(path: str) -> str:
         return path[len(options.root) - 1:]
 
     def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(),
@@ -687,7 +722,7 @@ def _ActionCopy(options, elf):
           outdir=options.bindir)
 
 
-def GetParser():
+def GetParser() -> argparse.ArgumentParser:
     """Get a CLI parser."""
     parser = argparse.ArgumentParser(
         description=__doc__,
@@ -758,7 +793,7 @@ def GetParser():
     return parser
 
 
-def main(argv):
+def main(argv: list[str]) -> Optional[int]:
     """The main entry point!"""
     parser = GetParser()
     options = parser.parse_args(argv)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-06  7:15 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-06  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     0a7d8b69dc1dcb248c5313788e273374acbdfb52
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  6 07:09:11 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan  6 07:09:13 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0a7d8b69

meson: release 1.3.6

Signed-off-by: Sam James <sam <AT> gentoo.org>

 meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 0054ba4..f39defc 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('pax-utils', 'c',
-  version : '1.3.5',
+  version : '1.3.6',
   license : 'GPL-2.0-only',
   default_options : [
     'warning_level=2',


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-26 21:46 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-26 21:46 UTC (permalink / raw
  To: gentoo-commits

commit:     d49fa503588cb9a89eda7eb7141b65507fa126ce
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 26 21:45:48 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 26 21:45:48 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d49fa503

meson.build: release 1.3.7

Signed-off-by: Sam James <sam <AT> gentoo.org>

 meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index f39defc..0cb9a0e 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('pax-utils', 'c',
-  version : '1.3.6',
+  version : '1.3.7',
   license : 'GPL-2.0-only',
   default_options : [
     'warning_level=2',


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-29  3:36 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-29  3:36 UTC (permalink / raw
  To: gentoo-commits

commit:     aa907a42d89ddfd5a7e64d8182a1da35277f2f6e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 28 10:14:46 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jan 28 10:14:46 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=aa907a42

Make headers standalone (missing includes, prep for clang-tidy)

Signed-off-by: Sam James <sam <AT> gentoo.org>

 paxelf.h      | 5 +++++
 paxldso.h     | 4 ++++
 paxmacho.h    | 2 ++
 seccomp-bpf.h | 2 ++
 security.h    | 2 ++
 xfuncs.h      | 2 ++
 6 files changed, 17 insertions(+)

diff --git a/paxelf.h b/paxelf.h
index f252969..ac41a64 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -11,6 +11,11 @@
 #ifndef _PAX_ELF_H
 #define _PAX_ELF_H
 
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <sys/types.h>
+
 typedef struct {
 	const void *phdr;
 	const void *shdr;

diff --git a/paxldso.h b/paxldso.h
index 91c7eed..fd9f344 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,6 +9,10 @@
 #ifndef _PAX_LDSO_H
 #define _PAX_LDSO_H
 
+#include "paxelf.h"
+#include "porting.h"
+#include "xfuncs.h"
+
 /*
  * ld.so.cache logic
  */

diff --git a/paxmacho.h b/paxmacho.h
index 48ac854..c32ccbb 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -12,6 +12,8 @@
 #ifndef _PAX_MACHO_H
 #define _PAX_MACHO_H
 
+#include <stddef.h>
+
 #include "macho.h"
 
 #define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) : value)

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 80d6d94..21499f7 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -4,6 +4,8 @@
  * See seccomp-bpf.c for details. */
 #undef SECCOMP_BPF_AVAILABLE
 
+#include <stdint.h>
+
 #if defined(__aarch64__)
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE

diff --git a/security.h b/security.h
index 65e1ad5..ef2e82a 100644
--- a/security.h
+++ b/security.h
@@ -9,6 +9,8 @@
 #ifndef _PAX_SECURITY_H
 #define _PAX_SECURITY_H
 
+#include <stdbool.h>
+
 /* Whether to enable features that significantly impact speed. */
 #ifdef SLOW_SECURITY
 # define USE_SLOW_SECURITY 1

diff --git a/xfuncs.h b/xfuncs.h
index 61577ec..5781d61 100644
--- a/xfuncs.h
+++ b/xfuncs.h
@@ -9,6 +9,8 @@
 #ifndef __XFUNCS_H__
 #define __XFUNCS_H__
 
+#include <stddef.h>
+
 char *xstrdup(const char *s);
 void *xmalloc(size_t size);
 void *xzalloc(size_t size);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-29  3:36 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-29  3:36 UTC (permalink / raw
  To: gentoo-commits

commit:     f8287200aec0ca33ef07fafcdd5aef0aa6eb1306
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 28 10:15:57 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jan 28 10:18:34 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f8287200

*: IWYU fixes

Separate from the first commit as this one was done programmatically with
dev-util/include-what-you-use.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c   | 13 +++++++++++++
 paxelf.c    | 13 +++++++++++++
 paxelf.h    |  2 ++
 paxinc.c    |  7 +++++++
 paxinc.h    | 10 +++++++++-
 paxldso.c   | 17 +++++++++++++++++
 paxldso.h   |  2 ++
 paxmacho.c  | 12 ++++++++++++
 paxmacho.h  |  2 ++
 pspax.c     | 21 ++++++++++++++++++++-
 scanelf.c   | 22 ++++++++++++++++++++++
 scanmacho.c | 19 +++++++++++++++++++
 security.c  | 13 +++++++++++++
 xfuncs.c    |  6 ++++++
 14 files changed, 157 insertions(+), 2 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 4742a50..baa6358 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -8,7 +8,20 @@
 
 const char argv0[] = "dumpelf";
 
+#include <getopt.h>
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
 #include "paxinc.h"
+#include "elf.h"
+#include "pax_utils_version.h"
+#include "porting.h"
+#include "security.h"
 
 /* prototypes */
 static void dump_ehdr(const elfobj *elf, const void *ehdr);

diff --git a/paxelf.c b/paxelf.c
index 331f1b4..0268fa4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -6,7 +6,20 @@
  * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
  */
 
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
 #include "paxinc.h"
+#include "elf.h"
+#include "paxelf.h"
+#include "porting.h"
+#include "xfuncs.h"
 
 /*
  * Setup a bunch of helper functions to translate

diff --git a/paxelf.h b/paxelf.h
index ac41a64..31ef298 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -16,6 +16,8 @@
 #include <stdio.h>
 #include <sys/types.h>
 
+#include "elf.h"
+
 typedef struct {
 	const void *phdr;
 	const void *shdr;

diff --git a/paxinc.c b/paxinc.c
index 64a3069..7dfd4ca 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -11,6 +11,13 @@
 #define IN_paxinc
 #include "paxinc.h"
 
+#include <alloca.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "xfuncs.h"
+
 char do_reverse_endian;
 
 /* some of this ar code was taken from busybox */

diff --git a/paxinc.h b/paxinc.h
index 3dd163a..7eb6802 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -11,6 +11,15 @@
 #ifndef _PAX_INC_H
 #define _PAX_INC_H
 
+#include <byteswap.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <stdint.h>
+
 #include "porting.h"
 #include "xfuncs.h"
 #include "security.h"
@@ -35,7 +44,6 @@
 #include "elf.h"
 #include "paxelf.h"
 #include "paxldso.h"
-
 /* Mach-O love */
 #include "macho.h"
 #include "paxmacho.h"

diff --git a/paxldso.c b/paxldso.c
index ce7facd..acab364 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -6,7 +6,24 @@
  * Copyright 2004-2016 Mike Frysinger  - <vapier@gentoo.org>
  */
 
+#include <ctype.h>
+#include <fcntl.h>
+#include <features.h>
+#include <glob.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
 #include "paxinc.h"
+#include "elf.h"
+#include "paxelf.h"
+#include "paxldso.h"
+#include "xfuncs.h"
 
 /*
  * ld.so.cache logic

diff --git a/paxldso.h b/paxldso.h
index fd9f344..1e95851 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,6 +9,8 @@
 #ifndef _PAX_LDSO_H
 #define _PAX_LDSO_H
 
+#include <features.h>
+
 #include "paxelf.h"
 #include "porting.h"
 #include "xfuncs.h"

diff --git a/paxmacho.c b/paxmacho.c
index 74f02da..fcdff4b 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -7,7 +7,19 @@
  *           2008-2021 Fabian Groffen  - <grobian@gentoo.org>
  */
 
+#include <byteswap.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
 #include "paxinc.h"
+#include "macho.h"
+#include "paxmacho.h"
+#include "xfuncs.h"
 
 /* lil' static string pool */
 static const char STR_BE[]      = "BE";

diff --git a/paxmacho.h b/paxmacho.h
index c32ccbb..b109af5 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -13,6 +13,8 @@
 #define _PAX_MACHO_H
 
 #include <stddef.h>
+#include <byteswap.h>
+#include <stdint.h>
 
 #include "macho.h"
 

diff --git a/pspax.c b/pspax.c
index 6094882..1e75494 100644
--- a/pspax.c
+++ b/pspax.c
@@ -14,12 +14,31 @@
 
 const char argv0[] = "pspax";
 
-#include "paxinc.h"
 #include <grp.h>
+#include <ctype.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <pwd.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "paxinc.h"
+#include "elf.h"
+#include "pax_utils_version.h"
+#include "paxelf.h"
+#include "security.h"
 
 #ifdef WANT_SYSCAP
 # undef _POSIX_SOURCE
 # include <sys/capability.h>
+
 # define WRAP_SYSCAP(x) x
 #else
 # define WRAP_SYSCAP(x)

diff --git a/scanelf.c b/scanelf.c
index 50497b2..ee990c9 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -8,7 +8,29 @@
 
 const char argv0[] = "scanelf";
 
+#include <ctype.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <fnmatch.h>
+#include <getopt.h>
+#include <inttypes.h>
+#include <regex.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
 #include "paxinc.h"
+#include "elf.h"
+#include "pax_utils_version.h"
+#include "paxldso.h"
+#include "porting.h"
+#include "security.h"
+#include "xfuncs.h"
 
 #define IS_MODIFIER(c) (c == '%' || c == '#' || c == '+')
 

diff --git a/scanmacho.c b/scanmacho.c
index e2aa485..fa1eee1 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -11,7 +11,26 @@
 
 const char argv0[] = "scanmacho";
 
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
 #include "paxinc.h"
+#include "macho.h"
+#include "pax_utils_version.h"
+#include "paxmacho.h"
+#include "porting.h"
+#include "security.h"
+#include "xfuncs.h"
 
 #define IS_MODIFIER(c) (c == '%' || c == '#' || c == '+')
 

diff --git a/security.c b/security.c
index 19bf78f..f1a34df 100644
--- a/security.c
+++ b/security.c
@@ -5,8 +5,21 @@
  * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
  */
 
+#include <errno.h>
+
+#ifdef WANT_SECCOMP
+#include <linux/seccomp.h>
+#include <linux/securebits.h>
+#endif
+
+#include <sched.h>
+#include <stdbool.h>
+#include <sys/prctl.h>
+#include <unistd.h>
+
 #include "paxinc.h"
 #include "seccomp-bpf.h"
+#include "security.h"
 
 #ifdef __linux__
 

diff --git a/xfuncs.c b/xfuncs.c
index cd73dfa..e912fb0 100644
--- a/xfuncs.c
+++ b/xfuncs.c
@@ -6,7 +6,13 @@
  * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
  */
 
+#include <errno.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
 #include "paxinc.h"
+#include "xfuncs.h"
 
 char *xstrdup(const char *s)
 {


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-29  3:41 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-29  3:41 UTC (permalink / raw
  To: gentoo-commits

commit:     ffedc60fa41d307bda28fd108e6ff1b8da1fc2ee
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 29 03:41:09 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 03:41:51 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ffedc60f

*: IWYU fixes deux

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c     | 1 +
 paxelf.c      | 1 +
 paxinc.c      | 1 +
 paxinc.h      | 1 +
 paxldso.c     | 2 +-
 paxldso.h     | 2 --
 paxmacho.c    | 1 +
 pspax.c       | 1 +
 scanelf.c     | 1 +
 scanmacho.c   | 1 +
 seccomp-bpf.c | 1 +
 xfuncs.c      | 1 +
 12 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index baa6358..877b0db 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -11,6 +11,7 @@ const char argv0[] = "dumpelf";
 #include <getopt.h>
 #include <inttypes.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

diff --git a/paxelf.c b/paxelf.c
index 0268fa4..b072ba0 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -7,6 +7,7 @@
  */
 
 #include <fcntl.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>

diff --git a/paxinc.c b/paxinc.c
index 7dfd4ca..f87e8a6 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -12,6 +12,7 @@
 #include "paxinc.h"
 
 #include <alloca.h>
+#include <stddef.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <unistd.h>

diff --git a/paxinc.h b/paxinc.h
index 7eb6802..52bbefd 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -14,6 +14,7 @@
 #include <byteswap.h>
 #include <errno.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

diff --git a/paxldso.c b/paxldso.c
index acab364..d40d7ef 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -8,9 +8,9 @@
 
 #include <ctype.h>
 #include <fcntl.h>
-#include <features.h>
 #include <glob.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>

diff --git a/paxldso.h b/paxldso.h
index 1e95851..fd9f344 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,8 +9,6 @@
 #ifndef _PAX_LDSO_H
 #define _PAX_LDSO_H
 
-#include <features.h>
-
 #include "paxelf.h"
 #include "porting.h"
 #include "xfuncs.h"

diff --git a/paxmacho.c b/paxmacho.c
index fcdff4b..39db1cb 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -9,6 +9,7 @@
 
 #include <byteswap.h>
 #include <fcntl.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>

diff --git a/pspax.c b/pspax.c
index 1e75494..369ed37 100644
--- a/pspax.c
+++ b/pspax.c
@@ -21,6 +21,7 @@ const char argv0[] = "pspax";
 #include <getopt.h>
 #include <pwd.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>

diff --git a/scanelf.c b/scanelf.c
index ee990c9..d6bb14b 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -17,6 +17,7 @@ const char argv0[] = "scanelf";
 #include <inttypes.h>
 #include <regex.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

diff --git a/scanmacho.c b/scanmacho.c
index fa1eee1..c38c5ed 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -16,6 +16,7 @@ const char argv0[] = "scanmacho";
 #include <fcntl.h>
 #include <getopt.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 1d64172..7c3923f 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -11,6 +11,7 @@ const char argv0[] = "seccomp-bpf";
 
 #include <err.h>
 #include <stdio.h>
+#include <stddef.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <sys/mman.h>

diff --git a/xfuncs.c b/xfuncs.c
index e912fb0..a68756b 100644
--- a/xfuncs.c
+++ b/xfuncs.c
@@ -8,6 +8,7 @@
 
 #include <errno.h>
 #include <stdbool.h>
+#include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-29  5:56 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-29  5:56 UTC (permalink / raw
  To: gentoo-commits

commit:     731b5e1798e98694e6afa783065ff996331e8153
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 29 05:56:03 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 05:56:33 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=731b5e17

porting.h: include <stddef.h> for size_t, sort includes

Signed-off-by: Sam James <sam <AT> gentoo.org>

 porting.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/porting.h b/porting.h
index 0d43a92..4f34302 100644
--- a/porting.h
+++ b/porting.h
@@ -29,15 +29,16 @@
 #include <regex.h>
 #include <sched.h>
 #include <signal.h>
+#include <stddef.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <time.h>
-#include <unistd.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <time.h>
+#include <unistd.h>
 #include "elf.h"
 #if HAS_ALLOCA_H
 # include <alloca.h>


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-29  5:56 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-29  5:56 UTC (permalink / raw
  To: gentoo-commits

commit:     781a3856ae53df051563645b45d8ff7033aea113
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 29 05:55:51 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 05:56:33 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=781a3856

paxinc: include <alloca.h> for alloca

Signed-off-by: Sam James <sam <AT> gentoo.org>

 paxinc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/paxinc.c b/paxinc.c
index 64a3069..c6eab87 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -9,6 +9,7 @@
 /* stick common symbols here that are needed by paxinc.h */
 
 #define IN_paxinc
+#include <alloca.h>
 #include "paxinc.h"
 
 char do_reverse_endian;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-01-29  5:56 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-01-29  5:56 UTC (permalink / raw
  To: gentoo-commits

commit:     755a512e6a3c2b015b8d54dc98f2f48bb9dd3971
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 29 05:40:05 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 05:56:32 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=755a512e

Undo IWYU fixes

I wasn't paying enough attention, it's better to just fold the needed
bits into porting.h.

This reverts commit ffedc60fa41d307bda28fd108e6ff1b8da1fc2ee.
This reverts commit f8287200aec0ca33ef07fafcdd5aef0aa6eb1306.
This reverts commit aa907a42d89ddfd5a7e64d8182a1da35277f2f6e.

Bug: https://github.com/gentoo/pax-utils/pull/11#issuecomment-1407566344
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c     | 14 --------------
 paxelf.c      | 14 --------------
 paxelf.h      |  7 -------
 paxinc.c      |  8 --------
 paxinc.h      | 11 +----------
 paxldso.c     | 17 -----------------
 paxldso.h     |  4 ----
 paxmacho.c    | 13 -------------
 paxmacho.h    |  4 ----
 pspax.c       | 22 +---------------------
 scanelf.c     | 23 -----------------------
 scanmacho.c   | 20 --------------------
 seccomp-bpf.c |  1 -
 seccomp-bpf.h |  2 --
 security.c    | 13 -------------
 security.h    |  2 --
 xfuncs.c      |  7 -------
 xfuncs.h      |  2 --
 18 files changed, 2 insertions(+), 182 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 877b0db..4742a50 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -8,21 +8,7 @@
 
 const char argv0[] = "dumpelf";
 
-#include <getopt.h>
-#include <inttypes.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "elf.h"
-#include "pax_utils_version.h"
-#include "porting.h"
-#include "security.h"
 
 /* prototypes */
 static void dump_ehdr(const elfobj *elf, const void *ehdr);

diff --git a/paxelf.c b/paxelf.c
index b072ba0..331f1b4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -6,21 +6,7 @@
  * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
  */
 
-#include <fcntl.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "elf.h"
-#include "paxelf.h"
-#include "porting.h"
-#include "xfuncs.h"
 
 /*
  * Setup a bunch of helper functions to translate

diff --git a/paxelf.h b/paxelf.h
index 31ef298..f252969 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -11,13 +11,6 @@
 #ifndef _PAX_ELF_H
 #define _PAX_ELF_H
 
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <sys/types.h>
-
-#include "elf.h"
-
 typedef struct {
 	const void *phdr;
 	const void *shdr;

diff --git a/paxinc.c b/paxinc.c
index f87e8a6..64a3069 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -11,14 +11,6 @@
 #define IN_paxinc
 #include "paxinc.h"
 
-#include <alloca.h>
-#include <stddef.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "xfuncs.h"
-
 char do_reverse_endian;
 
 /* some of this ar code was taken from busybox */

diff --git a/paxinc.h b/paxinc.h
index 52bbefd..3dd163a 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -11,16 +11,6 @@
 #ifndef _PAX_INC_H
 #define _PAX_INC_H
 
-#include <byteswap.h>
-#include <errno.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <stdint.h>
-
 #include "porting.h"
 #include "xfuncs.h"
 #include "security.h"
@@ -45,6 +35,7 @@
 #include "elf.h"
 #include "paxelf.h"
 #include "paxldso.h"
+
 /* Mach-O love */
 #include "macho.h"
 #include "paxmacho.h"

diff --git a/paxldso.c b/paxldso.c
index d40d7ef..ce7facd 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -6,24 +6,7 @@
  * Copyright 2004-2016 Mike Frysinger  - <vapier@gentoo.org>
  */
 
-#include <ctype.h>
-#include <fcntl.h>
-#include <glob.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "elf.h"
-#include "paxelf.h"
-#include "paxldso.h"
-#include "xfuncs.h"
 
 /*
  * ld.so.cache logic

diff --git a/paxldso.h b/paxldso.h
index fd9f344..91c7eed 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,10 +9,6 @@
 #ifndef _PAX_LDSO_H
 #define _PAX_LDSO_H
 
-#include "paxelf.h"
-#include "porting.h"
-#include "xfuncs.h"
-
 /*
  * ld.so.cache logic
  */

diff --git a/paxmacho.c b/paxmacho.c
index 39db1cb..74f02da 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -7,20 +7,7 @@
  *           2008-2021 Fabian Groffen  - <grobian@gentoo.org>
  */
 
-#include <byteswap.h>
-#include <fcntl.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "macho.h"
-#include "paxmacho.h"
-#include "xfuncs.h"
 
 /* lil' static string pool */
 static const char STR_BE[]      = "BE";

diff --git a/paxmacho.h b/paxmacho.h
index b109af5..48ac854 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -12,10 +12,6 @@
 #ifndef _PAX_MACHO_H
 #define _PAX_MACHO_H
 
-#include <stddef.h>
-#include <byteswap.h>
-#include <stdint.h>
-
 #include "macho.h"
 
 #define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) : value)

diff --git a/pspax.c b/pspax.c
index 369ed37..6094882 100644
--- a/pspax.c
+++ b/pspax.c
@@ -14,32 +14,12 @@
 
 const char argv0[] = "pspax";
 
-#include <grp.h>
-#include <ctype.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <pwd.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <strings.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "elf.h"
-#include "pax_utils_version.h"
-#include "paxelf.h"
-#include "security.h"
+#include <grp.h>
 
 #ifdef WANT_SYSCAP
 # undef _POSIX_SOURCE
 # include <sys/capability.h>
-
 # define WRAP_SYSCAP(x) x
 #else
 # define WRAP_SYSCAP(x)

diff --git a/scanelf.c b/scanelf.c
index d6bb14b..50497b2 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -8,30 +8,7 @@
 
 const char argv0[] = "scanelf";
 
-#include <ctype.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <fnmatch.h>
-#include <getopt.h>
-#include <inttypes.h>
-#include <regex.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "elf.h"
-#include "pax_utils_version.h"
-#include "paxldso.h"
-#include "porting.h"
-#include "security.h"
-#include "xfuncs.h"
 
 #define IS_MODIFIER(c) (c == '%' || c == '#' || c == '+')
 

diff --git a/scanmacho.c b/scanmacho.c
index c38c5ed..e2aa485 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -11,27 +11,7 @@
 
 const char argv0[] = "scanmacho";
 
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
 #include "paxinc.h"
-#include "macho.h"
-#include "pax_utils_version.h"
-#include "paxmacho.h"
-#include "porting.h"
-#include "security.h"
-#include "xfuncs.h"
 
 #define IS_MODIFIER(c) (c == '%' || c == '#' || c == '+')
 

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 7c3923f..1d64172 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -11,7 +11,6 @@ const char argv0[] = "seccomp-bpf";
 
 #include <err.h>
 #include <stdio.h>
-#include <stddef.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <sys/mman.h>

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 21499f7..80d6d94 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -4,8 +4,6 @@
  * See seccomp-bpf.c for details. */
 #undef SECCOMP_BPF_AVAILABLE
 
-#include <stdint.h>
-
 #if defined(__aarch64__)
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE

diff --git a/security.c b/security.c
index f1a34df..19bf78f 100644
--- a/security.c
+++ b/security.c
@@ -5,21 +5,8 @@
  * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
  */
 
-#include <errno.h>
-
-#ifdef WANT_SECCOMP
-#include <linux/seccomp.h>
-#include <linux/securebits.h>
-#endif
-
-#include <sched.h>
-#include <stdbool.h>
-#include <sys/prctl.h>
-#include <unistd.h>
-
 #include "paxinc.h"
 #include "seccomp-bpf.h"
-#include "security.h"
 
 #ifdef __linux__
 

diff --git a/security.h b/security.h
index ef2e82a..65e1ad5 100644
--- a/security.h
+++ b/security.h
@@ -9,8 +9,6 @@
 #ifndef _PAX_SECURITY_H
 #define _PAX_SECURITY_H
 
-#include <stdbool.h>
-
 /* Whether to enable features that significantly impact speed. */
 #ifdef SLOW_SECURITY
 # define USE_SLOW_SECURITY 1

diff --git a/xfuncs.c b/xfuncs.c
index a68756b..cd73dfa 100644
--- a/xfuncs.c
+++ b/xfuncs.c
@@ -6,14 +6,7 @@
  * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
  */
 
-#include <errno.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
 #include "paxinc.h"
-#include "xfuncs.h"
 
 char *xstrdup(const char *s)
 {

diff --git a/xfuncs.h b/xfuncs.h
index 5781d61..61577ec 100644
--- a/xfuncs.h
+++ b/xfuncs.h
@@ -9,8 +9,6 @@
 #ifndef __XFUNCS_H__
 #define __XFUNCS_H__
 
-#include <stddef.h>
-
 char *xstrdup(const char *s);
 void *xmalloc(size_t size);
 void *xzalloc(size_t size);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-02-13  5:26 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-02-13  5:26 UTC (permalink / raw
  To: gentoo-commits

commit:     d1a646983084f3c5b82e67ee73e77e17a73dcdd6
Author:     Frederic Cambus <fred <AT> statdns <DOT> com>
AuthorDate: Sat Feb 11 09:46:33 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Feb 13 05:24:05 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d1a64698

lddtree: allow lddtree.sh to find Xenocara libraries on OpenBSD.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 lddtree.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.sh b/lddtree.sh
index 5271dae..c964ed6 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -45,7 +45,7 @@ elf_specs() {
 		sed -E 's: (LINUX|GNU)$: NONE:'
 }
 
-lib_paths_fallback="${ROOT}lib* ${ROOT}usr/lib* ${ROOT}usr/local/lib*"
+lib_paths_fallback="${ROOT}lib* ${ROOT}usr/lib* ${ROOT}usr/local/lib* ${ROOT}usr/X11R6/lib*"
 c_ldso_paths_loaded='false'
 find_elf() {
 	_find_elf=''


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-02-13  5:26 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-02-13  5:26 UTC (permalink / raw
  To: gentoo-commits

commit:     8ed70f98b7299a8433bb22ae4144ead2bb3a83a8
Author:     Frederic Cambus <fred <AT> statdns <DOT> com>
AuthorDate: Sun Feb 12 10:51:01 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Feb 13 05:24:21 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8ed70f98

README: fix typo: s/peforming/performing.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 539f3cc..99bbc3f 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
 | VIEWVCS  | https://gitweb.gentoo.org/proj/pax-utils.git/         |
 | STATUS   | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml/badge.svg)](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) |
 
-pax-utils is a small set of utilities for peforming Q/A (mostly security)
+pax-utils is a small set of utilities for performing Q/A (mostly security)
 checks on systems (most notably, `scanelf`).  It is focused on the ELF
 format, but does include a Mach-O helper too for OS X systems.
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-11-23 13:31 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2023-11-23 13:31 UTC (permalink / raw
  To: gentoo-commits

commit:     124f3e448e7a0c4680fbff2306a3e2c9354bde77
Author:     Aliaksei Urbanski <aliaksei.urbanski <AT> gmail <DOT> com>
AuthorDate: Wed Nov  8 01:58:52 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 23 13:31:19 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=124f3e44

Fix fuzz-dumpelf test

Not sure why, but the dumpelf.fuzz fuzzer fails when it's calling
prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, ...) at security_init.
So I suggest disabling seccomp for fuzzy testing.

Also, in order to not run indefinitely,
the fuzzer must be executed with some reasonable options.
https://releases.llvm.org/14.0.0/docs/LibFuzzer.html#options

Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski <AT> gmail.com>
Closes: https://github.com/gentoo/pax-utils/pull/13
Signed-off-by: Sam James <sam <AT> gentoo.org>

 meson.build | 8 +++++++-
 security.c  | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 0cb9a0e..255107b 100644
--- a/meson.build
+++ b/meson.build
@@ -166,6 +166,12 @@ if do_tests and get_option('use_fuzzing')
       link_args : fuzz_flags,
       install : false
     )
-    test('fuzz-dumpelf', dumpelf_fuzzer)
+    test('fuzz-dumpelf', dumpelf_fuzzer,
+      args : [
+        '-close_fd_mask=3',
+        '-max_total_time=10',
+        '-print_final_stats',
+      ]
+    )
   endif
 endif

diff --git a/security.c b/security.c
index 19bf78f..7122a7f 100644
--- a/security.c
+++ b/security.c
@@ -46,6 +46,10 @@
 # undef WANT_SECCOMP
 #endif
 
+#if PAX_UTILS_LIBFUZZ
+# undef WANT_SECCOMP
+#endif
+
 static int ns_unshare(int flags)
 {
 	int flag, ret = 0;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-14 19:57 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-14 19:57 UTC (permalink / raw
  To: gentoo-commits

commit:     43dc19d632741e9e80f02842684ca57d1277a070
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Dec 14 19:52:20 2023 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 19:53:27 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=43dc19d6

Revert "paxinc: include <alloca.h> for alloca"

This reverts commit 781a3856ae53df051563645b45d8ff7033aea113.

The header is already included in porting.h.  We want to keep all
system headers centralized in porting.h and not sprinkle across
the other modules.

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 paxinc.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/paxinc.c b/paxinc.c
index c6eab87..64a3069 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -9,7 +9,6 @@
 /* stick common symbols here that are needed by paxinc.h */
 
 #define IN_paxinc
-#include <alloca.h>
 #include "paxinc.h"
 
 char do_reverse_endian;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-14 21:28 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-14 21:28 UTC (permalink / raw
  To: gentoo-commits

commit:     c9f62fd60b3d92726bca1e0c56be7aa1eeef83d8
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Dec 14 21:25:01 2023 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 21:27:05 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c9f62fd6

pylintrc: remove old entries

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .pylintrc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.pylintrc b/.pylintrc
index b86319b..7bee576 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -5,7 +5,6 @@ load-plugins=
 	pylint.extensions.bad_builtin,
 	pylint.extensions.check_elif,
 	pylint.extensions.docstyle,
-	pylint.extensions.emptystring,
 	pylint.extensions.overlapping_exceptions,
 	pylint.extensions.redefined_variable_type,
 
@@ -25,8 +24,6 @@ disable=
 	too-many-public-methods,
 	too-many-locals,
 	too-many-arguments,
-	locally-enabled,
-	locally-disabled,
 	fixme,
 	invalid-name,
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-14 21:28 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-14 21:28 UTC (permalink / raw
  To: gentoo-commits

commit:     d51fa4ec5812e38af23ec773b0376d33e2b228ae
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 26 17:13:07 2020 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 20:20:06 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d51fa4ec

lddtree: add docstring for all classes

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lddtree.py b/lddtree.py
index e851ac1..60f3a7c 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -596,6 +596,8 @@ def ParseELF(
 
 
 class _NormalizePathAction(argparse.Action):
+    """Argparse action to normalize paths."""
+
     def __call__(self, parser, namespace, values, option_string=None):
         setattr(namespace, self.dest, normpath(values))
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-22  2:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-22  2:31 UTC (permalink / raw
  To: gentoo-commits

commit:     9ca3f108762c27b557825f5392499498e8a00202
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Dec 15 20:53:20 2023 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 15 20:53:59 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9ca3f108

lddtree: fix argcomplete typing

mypy wants a cast here to avoid warning:
lddtree.py:59: error: Incompatible types in assignment (expression has type "None", variable has type Module)  [assignment]

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 576d3d3..80808fc 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -49,14 +49,14 @@ import os
 import re
 import shutil
 import sys
-from typing import Any, Iterable, Optional, Union
+from typing import Any, cast, Iterable, Optional, Union
 
 assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}"
 
 try:
     import argcomplete
 except ImportError:
-    argcomplete = None
+    argcomplete = cast(Any, None)
 
 from elftools.common import exceptions
 from elftools.elf.elffile import ELFFile


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-22  2:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-22  2:31 UTC (permalink / raw
  To: gentoo-commits

commit:     5f8628d611c03f77bbcf245c025b85cf60b88431
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Fri Dec 15 20:41:31 2023 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 15 20:53:59 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5f8628d6

lddtree: use f-string in warn message

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 2b8b9c4..576d3d3 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -64,7 +64,7 @@ from elftools.elf.elffile import ELFFile
 
 def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
     """Write |msg| to stderr with a |prefix| before it"""
-    print("%s: %s: %s" % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr)
+    print(f"{os.path.basename(sys.argv[0])}: {prefix}: {msg}", file=sys.stderr)
 
 
 def err(msg: Any, status: Optional[int] = 1) -> None:


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-22  2:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-22  2:31 UTC (permalink / raw
  To: gentoo-commits

commit:     c3205676f2bc6cc0ffd01098ce007ba7b5b7d159
Author:     David Riley <davidriley <AT> chromium <DOT> org>
AuthorDate: Wed Sep 28 17:16:42 2022 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 15 20:53:59 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c3205676

lddtree: Add --wrapper-preload

--wrapper-preload allows the wrapper to be generated always specifying
an LD_PRELOAD via the --preload option of the loader.

Signed-off-by: David Riley <davidriley <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 60f3a7c..2b8b9c4 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -46,6 +46,7 @@ import functools
 import glob
 import mmap
 import os
+import re
 import shutil
 import sys
 from typing import Any, Iterable, Optional, Union
@@ -147,6 +148,7 @@ def GenerateLdsoWrapper(
     path: str,
     interp: str,
     libpaths: Iterable[str] = (),
+    preload: Optional[str] = None,
 ) -> None:
     """Generate a shell script wrapper which uses local ldso to run the ELF
 
@@ -164,12 +166,21 @@ def GenerateLdsoWrapper(
     interp_dir, interp_name = os.path.split(interp)
     # Add ldso interpreter dir to end of libpaths as a fallback library path.
     libpaths = dedupe(list(libpaths) + [interp_dir])
+    if preload:
+        # If preload is an absolute path, calculate it from basedir.
+        preload_prefix = f'${{basedir}}/{os.path.relpath("/", basedir)}'
+        preload = ":".join(
+            f"{preload_prefix}{x}" if os.path.isabs(x) else x
+            for x in re.split(r"[ :]", preload)
+        )
+
     replacements = {
         "interp": os.path.join(os.path.relpath(interp_dir, basedir), interp_name),
         "libpaths": ":".join(
             "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
         ),
         "argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp) else "",
+        "preload_arg": f'--preload "{preload}"' if preload else "",
     }
     wrapper = """#!/bin/sh
 if ! base=$(realpath "$0" 2>/dev/null); then
@@ -182,6 +193,7 @@ basedir=${base%%/*}
 exec \\
   "${basedir}/%(interp)s" \\
   %(argv0_arg)s \\
+  %(preload_arg)s \\
   --library-path "%(libpaths)s" \\
   --inhibit-cache \\
   --inhibit-rpath '' \\
@@ -658,7 +670,15 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
     def _StripRoot(path: str) -> str:
         return path[len(options.root) - 1 :]
 
-    def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(), outdir=None):
+    def _copy(
+        realsrc,
+        src,
+        striproot=True,
+        wrapit=False,
+        libpaths=(),
+        outdir=None,
+        preload=None,
+    ):
         if realsrc is None:
             return
 
@@ -712,7 +732,7 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
                 interp = os.path.join(options.libdir, os.path.basename(elf["interp"]))
             else:
                 interp = _StripRoot(elf["interp"])
-            GenerateLdsoWrapper(options.dest, subdst, interp, libpaths)
+            GenerateLdsoWrapper(options.dest, subdst, interp, libpaths, preload)
 
     # XXX: We should automatically import libgcc_s.so whenever libpthread.so
     # is copied over (since we know it can be dlopen-ed by NPTL at runtime).
@@ -750,6 +770,7 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
         wrapit=options.generate_wrappers,
         libpaths=libpaths,
         outdir=options.bindir,
+        preload=options.wrapper_preload,
     )
 
 
@@ -867,6 +888,12 @@ def GetParser() -> argparse.ArgumentParser:
         default=False,
         help="Copy over plain (non-ELF) files instead of warn+ignore",
     )
+    group.add_argument(
+        "--wrapper-preload",
+        default=None,
+        type=str,
+        help="Have wrapper add --preload to the ldso invocation",
+    )
 
     if argcomplete is not None:
         argcomplete.autocomplete(parser)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-22  5:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-22  5:31 UTC (permalink / raw
  To: gentoo-commits

commit:     aadadb863a89af460726163703278b14750591ae
Author:     George Burgess IV <gbiv <AT> google <DOT> com>
AuthorDate: Tue Sep 22 15:09:47 2020 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 22 05:31:31 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=aadadb86

lddtree: add LD_ARGV0_REL

Some binaries use `/proc/self/exe` to get a link to the
currently-executing binary. Unfortunately, when `ld.so` is invoked
directly, `/proc/self/exe` alawys points to `ld.so`.

`LD_ARGV0` can only be used to determine the current executable in
programs which haven't changed their working directory from their
starting one, so that's difficult to generally use.

To solve this, this embeds the path of the current binary _relative to
ld.so_ in an env var.

Bug: https://crbug.com/1003841
Bug: https://issuetracker.google.com/187793259
Signed-off-by: George Burgess <gbiv <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lddtree.py b/lddtree.py
index 8184e8f..b26afcf 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -176,6 +176,7 @@ def GenerateLdsoWrapper(
 
     replacements = {
         "interp": os.path.join(os.path.relpath(interp_dir, basedir), interp_name),
+        "interp_rel": os.path.relpath(path, interp_dir),
         "libpaths": ":".join(
             "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
         ),
@@ -186,6 +187,10 @@ def GenerateLdsoWrapper(
     # Keep path relativeness of argv0 (in ${base}.elf). This allows tools to
     # remove absolute paths from build outputs and enables directory independent
     # cache sharing in distributed build systems.
+    #
+    # NB: LD_ARGV0_REL below is unrelated & non-standard.  It's to let tools see
+    # the original path if they need it and when they know they'll be wrapped up
+    # by this script.
     wrapper = """#!/bin/sh
 if base=$(readlink "$0" 2>/dev/null); then
   # If $0 is an abspath symlink, fully resolve the target.
@@ -200,6 +205,7 @@ else
   esac
 fi
 basedir=${base%%/*}
+LD_ARGV0_REL="%(interp_rel)s" \\
 exec \\
   "${basedir}/%(interp)s" \\
   %(argv0_arg)s \\


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-22  5:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-22  5:31 UTC (permalink / raw
  To: gentoo-commits

commit:     8f404c038705389cefd86e8a1fba1b50074a01ae
Author:     Takuto Ikuta <tikuta <AT> chromium <DOT> org>
AuthorDate: Wed Aug 29 06:07:30 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 22 05:31:14 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8f404c03

lddtree: keep relativeness of invoked program in elf wrapper

This makes clang's resource dir relative when we pass
-no-canonical-prefixes flag like below.
$ chromium/.cros_cache/chrome-sdk/tarballs/$BOARD+$VERSION+target_toolchain/usr/bin/clang -no-canonical-prefixes -###
Chromium OS 7.0_pre328903_p20180425-r5 clang version 7.0.0 (/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git e7408fe366bb18923fa360b069b4e4566203f34f) (/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git 95561668f063fbcb8195bde05ecede721ece4ba4) (based on LLVM 7.0.0svn)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: chromium/.cros_cache/chrome-sdk/tarballs/kevin+10750.0.0+target_toolchain/usr/bin

Without this patch, -no-canonical-prefixes has no meaning.
$ chromium/.cros_cache/chrome-sdk/tarballs/$BOARD+$VERSION+target_toolchain/usr/bin/clang -no-canonical-prefixes -###
Chromium OS 7.0_pre328903_p20180425-r5 clang version 7.0.0 (/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git e7408fe366bb18923fa360b069b4e4566203f34f) (/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git 95561668f063fbcb8195bde05ecede721ece4ba4) (based on LLVM 7.0.0svn)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: $HOME/chromium/.cros_cache/chrome-sdk/tarballs/kevin+10750.0.0+target_toolchain/usr/bin

This is a part of effort for build cache sharing when using goma by
removing absolute path from compile result.

Instead of enforcing relative path, I keep relativeness of compiler
path.

I confirmed this works as following with a debug line to show ${base}.elf.
(sdk daisy R70-11005.0.0) tikuta <AT> tikuta ~/chromium/src $ ln -s build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7 clang
(sdk daisy R70-11005.0.0) tikuta <AT> tikuta ~/chromium/src $ ./clang
${base}.elf: './build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7.elf'
clang-7: error: no input files

In previous versions of this change, it ran like below:
(sdk daisy R70-11005.0.0) tikuta <AT> tikuta ~/chromium/src $ ./clang
${base}.elf: '/usr/local/google/home/tikuta/chromium/src/build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7.elf'
clang-7: error: no input files

I confirmed this can build base_unittests on daisy and amd64-generic
after creating a new CrOS SDK with chromiumos-sdk-tryjob.

Bug: https://crbug.com/846610
Bug: https://crbug.com/876604
Signed-off-by: Takuto Ikuta <tikuta <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 80808fc..bbf9df9 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -182,8 +182,12 @@ def GenerateLdsoWrapper(
         "argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp) else "",
         "preload_arg": f'--preload "{preload}"' if preload else "",
     }
+
+    # Keep path relativeness of argv0 (in ${base}.elf). This allows tools to
+    # remove absolute paths from build outputs and enables directory independent
+    # cache sharing in distributed build systems.
     wrapper = """#!/bin/sh
-if ! base=$(realpath "$0" 2>/dev/null); then
+if ! base=$(dirname "$0")/$(readlink "$0" 2>/dev/null); then
   case $0 in
   /*) base=$0;;
   *)  base=${PWD:-`pwd`}/$0;;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2023-12-22  5:31 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2023-12-22  5:31 UTC (permalink / raw
  To: gentoo-commits

commit:     00c695d6152bb8f2e7a288a5c019986ed3ee9495
Author:     Daniel Verkamp <dverkamp <AT> chromium <DOT> org>
AuthorDate: Fri Sep  7 23:28:32 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Dec 22 05:31:16 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=00c695d6

lddtree: use readlink -f for absolute links

Commit b97eba7fb2c0a3c5ad9e3831c6f87dca1fde59c5 causes problems when
using lddtree with symlinks containing absolute paths, such as the
crosvm guest tools, which install these links:

  /usr/bin/sommelier -> /etc/alternatives/sommelier ->
  /opt/google/cros-containers/bin/sommelier

(where the final sommelier is the lddtree-generated script).

In this case, $base resolved by the lddtree script would be
'/usr/bin//etc/alternatives/sommelier', which is incorrect.

Replace the dirname/readlink combination with readlink -f when the
symlink is absolute in order to fully resolve the symlink, while keeping
the relative path when the script is invoked through a relative path.

Bug: https://crbug.com/882055
Signed-off-by: Daniel Verkamp <dverkamp <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index bbf9df9..8184e8f 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -187,7 +187,13 @@ def GenerateLdsoWrapper(
     # remove absolute paths from build outputs and enables directory independent
     # cache sharing in distributed build systems.
     wrapper = """#!/bin/sh
-if ! base=$(dirname "$0")/$(readlink "$0" 2>/dev/null); then
+if base=$(readlink "$0" 2>/dev/null); then
+  # If $0 is an abspath symlink, fully resolve the target.
+  case ${base} in
+  /*) base=$(readlink -f "$0" 2>/dev/null);;
+  *)  base=$(dirname "$0")/${base};;
+  esac
+else
   case $0 in
   /*) base=$0;;
   *)  base=${PWD:-`pwd`}/$0;;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-01 15:43 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-01 15:43 UTC (permalink / raw
  To: gentoo-commits

commit:     511617ac43a13e6173f1dcbbd3feaf3be51ada6c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  1 15:37:28 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jan  1 15:37:28 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=511617ac

elf.h: pull from latest glibc

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 elf.h | 1160 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 1038 insertions(+), 122 deletions(-)

diff --git a/elf.h b/elf.h
index e6c8b20..5c1c197 100644
--- a/elf.h
+++ b/elf.h
@@ -1,5 +1,5 @@
 /* This file defines standard ELF types, structures, and macros.
-   Copyright (C) 1995-2015 Free Software Foundation, Inc.
+   Copyright (C) 1995-2023 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -168,109 +168,204 @@ typedef struct
 
 /* Legal values for e_machine (architecture).  */
 
-#define EM_NONE		 0		/* No machine */
-#define EM_M32		 1		/* AT&T WE 32100 */
-#define EM_SPARC	 2		/* SUN SPARC */
-#define EM_386		 3		/* Intel 80386 */
-#define EM_68K		 4		/* Motorola m68k family */
-#define EM_88K		 5		/* Motorola m88k family */
-#define EM_860		 7		/* Intel 80860 */
-#define EM_MIPS		 8		/* MIPS R3000 big-endian */
-#define EM_S370		 9		/* IBM System/370 */
-#define EM_MIPS_RS3_LE	10		/* MIPS R3000 little-endian */
-
-#define EM_PARISC	15		/* HPPA */
-#define EM_VPP500	17		/* Fujitsu VPP500 */
-#define EM_SPARC32PLUS	18		/* Sun's "v8plus" */
-#define EM_960		19		/* Intel 80960 */
-#define EM_PPC		20		/* PowerPC */
-#define EM_PPC64	21		/* PowerPC 64-bit */
-#define EM_S390		22		/* IBM S390 */
-
-#define EM_V800		36		/* NEC V800 series */
-#define EM_FR20		37		/* Fujitsu FR20 */
-#define EM_RH32		38		/* TRW RH-32 */
-#define EM_RCE		39		/* Motorola RCE */
-#define EM_ARM		40		/* ARM */
-#define EM_FAKE_ALPHA	41		/* Digital Alpha */
-#define EM_SH		42		/* Hitachi SH */
-#define EM_SPARCV9	43		/* SPARC v9 64-bit */
-#define EM_TRICORE	44		/* Siemens Tricore */
-#define EM_ARC		45		/* Argonaut RISC Core */
-#define EM_H8_300	46		/* Hitachi H8/300 */
-#define EM_H8_300H	47		/* Hitachi H8/300H */
-#define EM_H8S		48		/* Hitachi H8S */
-#define EM_H8_500	49		/* Hitachi H8/500 */
-#define EM_IA_64	50		/* Intel Merced */
-#define EM_MIPS_X	51		/* Stanford MIPS-X */
-#define EM_COLDFIRE	52		/* Motorola Coldfire */
-#define EM_68HC12	53		/* Motorola M68HC12 */
-#define EM_MMA		54		/* Fujitsu MMA Multimedia Accelerator*/
-#define EM_PCP		55		/* Siemens PCP */
-#define EM_NCPU		56		/* Sony nCPU embeeded RISC */
-#define EM_NDR1		57		/* Denso NDR1 microprocessor */
-#define EM_STARCORE	58		/* Motorola Start*Core processor */
-#define EM_ME16		59		/* Toyota ME16 processor */
-#define EM_ST100	60		/* STMicroelectronic ST100 processor */
-#define EM_TINYJ	61		/* Advanced Logic Corp. Tinyj emb.fam*/
-#define EM_X86_64	62		/* AMD x86-64 architecture */
-#define EM_PDSP		63		/* Sony DSP Processor */
-
-#define EM_FX66		66		/* Siemens FX66 microcontroller */
-#define EM_ST9PLUS	67		/* STMicroelectronics ST9+ 8/16 mc */
-#define EM_ST7		68		/* STmicroelectronics ST7 8 bit mc */
-#define EM_68HC16	69		/* Motorola MC68HC16 microcontroller */
-#define EM_68HC11	70		/* Motorola MC68HC11 microcontroller */
-#define EM_68HC08	71		/* Motorola MC68HC08 microcontroller */
-#define EM_68HC05	72		/* Motorola MC68HC05 microcontroller */
-#define EM_SVX		73		/* Silicon Graphics SVx */
-#define EM_ST19		74		/* STMicroelectronics ST19 8 bit mc */
-#define EM_VAX		75		/* Digital VAX */
-#define EM_CRIS		76		/* Axis Communications 32-bit embedded processor */
-#define EM_JAVELIN	77		/* Infineon Technologies 32-bit embedded processor */
-#define EM_FIREPATH	78		/* Element 14 64-bit DSP Processor */
-#define EM_ZSP		79		/* LSI Logic 16-bit DSP Processor */
-#define EM_MMIX		80		/* Donald Knuth's educational 64-bit processor */
-#define EM_HUANY	81		/* Harvard University machine-independent object files */
-#define EM_PRISM	82		/* SiTera Prism */
-#define EM_AVR		83		/* Atmel AVR 8-bit microcontroller */
-#define EM_FR30		84		/* Fujitsu FR30 */
-#define EM_D10V		85		/* Mitsubishi D10V */
-#define EM_D30V		86		/* Mitsubishi D30V */
-#define EM_V850		87		/* NEC v850 */
-#define EM_M32R		88		/* Mitsubishi M32R */
-#define EM_MN10300	89		/* Matsushita MN10300 */
-#define EM_MN10200	90		/* Matsushita MN10200 */
-#define EM_PJ		91		/* picoJava */
-#define EM_OPENRISC	92		/* OpenRISC 32-bit embedded processor */
-#define EM_ARC_A5	93		/* ARC Cores Tangent-A5 */
-#define EM_XTENSA	94		/* Tensilica Xtensa Architecture */
-#define EM_VIDEOCORE	95		/* Alphamosaic VideoCore processor */
-#define EM_TMM_GPP	96		/* Thompson Multimedia General Purpose Proc  */
-#define EM_NS32K	97		/* National Semiconductor 32000 series */
-#define EM_TPC		98		/* Tenor Network TPC processor */
-#define EM_SNP1K	99		/* Trebia SNP 1000 processor */
-#define EM_ST200	100		/* STMicroelectronics ST200 microcontroller */
-#define EM_IP2K 	101		/* Ubicom IP2xxx microcontroller family */
-#define EM_MAX		102		/* MAX Processor */
-#define EM_CR		103		/* NatSemi CompactRISC microprocessor */
-#define EM_F2MC16	104		/* Fujitsu F2MC16 */
-#define EM_MSP430	105		/* TI embedded microcontroller msp430 */
-#define EM_BLACKFIN 	106		/* Analog Devices Blackfin (DSP) processor */
-#define EM_SE_C33 	107		/* S1C33 Family of Seiko Epson processors */
-#define EM_SEP		108		/* Sharp embedded microprocessor */
-#define EM_ARCA 	109		/* Arca RISC Microprocessor */
-#define EM_UNICORE	110		/* Microprocessor series from PKU-Unity Ltd. */
-					/* and MPRC of Peking University */
-#define EM_ALTERA_NIOS2 113		/* Altera Nios II */
-#define EM_AARCH64	183		/* ARM AARCH64 */
-#define EM_TILEPRO	188		/* Tilera TILEPro */
-#define EM_MICROBLAZE	189		/* Xilinx MicroBlaze */
-#define EM_TILEGX	191		/* Tilera TILE-Gx */
-#define EM_RISCV	243		/* RISC-V */
-#define EM_LOONGARCH	258		/* LoongArch */
+#define EM_NONE		 0	/* No machine */
+#define EM_M32		 1	/* AT&T WE 32100 */
+#define EM_SPARC	 2	/* SUN SPARC */
+#define EM_386		 3	/* Intel 80386 */
+#define EM_68K		 4	/* Motorola m68k family */
+#define EM_88K		 5	/* Motorola m88k family */
+#define EM_IAMCU	 6	/* Intel MCU */
+#define EM_860		 7	/* Intel 80860 */
+#define EM_MIPS		 8	/* MIPS R3000 big-endian */
+#define EM_S370		 9	/* IBM System/370 */
+#define EM_MIPS_RS3_LE	10	/* MIPS R3000 little-endian */
+				/* reserved 11-14 */
+#define EM_PARISC	15	/* HPPA */
+				/* reserved 16 */
+#define EM_VPP500	17	/* Fujitsu VPP500 */
+#define EM_SPARC32PLUS	18	/* Sun's "v8plus" */
+#define EM_960		19	/* Intel 80960 */
+#define EM_PPC		20	/* PowerPC */
+#define EM_PPC64	21	/* PowerPC 64-bit */
+#define EM_S390		22	/* IBM S390 */
+#define EM_SPU		23	/* IBM SPU/SPC */
+				/* reserved 24-35 */
+#define EM_V800		36	/* NEC V800 series */
+#define EM_FR20		37	/* Fujitsu FR20 */
+#define EM_RH32		38	/* TRW RH-32 */
+#define EM_RCE		39	/* Motorola RCE */
+#define EM_ARM		40	/* ARM */
+#define EM_FAKE_ALPHA	41	/* Digital Alpha */
+#define EM_SH		42	/* Hitachi SH */
+#define EM_SPARCV9	43	/* SPARC v9 64-bit */
+#define EM_TRICORE	44	/* Siemens Tricore */
+#define EM_ARC		45	/* Argonaut RISC Core */
+#define EM_H8_300	46	/* Hitachi H8/300 */
+#define EM_H8_300H	47	/* Hitachi H8/300H */
+#define EM_H8S		48	/* Hitachi H8S */
+#define EM_H8_500	49	/* Hitachi H8/500 */
+#define EM_IA_64	50	/* Intel Merced */
+#define EM_MIPS_X	51	/* Stanford MIPS-X */
+#define EM_COLDFIRE	52	/* Motorola Coldfire */
+#define EM_68HC12	53	/* Motorola M68HC12 */
+#define EM_MMA		54	/* Fujitsu MMA Multimedia Accelerator */
+#define EM_PCP		55	/* Siemens PCP */
+#define EM_NCPU		56	/* Sony nCPU embedded RISC */
+#define EM_NDR1		57	/* Denso NDR1 microprocessor */
+#define EM_STARCORE	58	/* Motorola Start*Core processor */
+#define EM_ME16		59	/* Toyota ME16 processor */
+#define EM_ST100	60	/* STMicroelectronic ST100 processor */
+#define EM_TINYJ	61	/* Advanced Logic Corp. Tinyj emb.fam */
+#define EM_X86_64	62	/* AMD x86-64 architecture */
+#define EM_PDSP		63	/* Sony DSP Processor */
+#define EM_PDP10	64	/* Digital PDP-10 */
+#define EM_PDP11	65	/* Digital PDP-11 */
+#define EM_FX66		66	/* Siemens FX66 microcontroller */
+#define EM_ST9PLUS	67	/* STMicroelectronics ST9+ 8/16 mc */
+#define EM_ST7		68	/* STmicroelectronics ST7 8 bit mc */
+#define EM_68HC16	69	/* Motorola MC68HC16 microcontroller */
+#define EM_68HC11	70	/* Motorola MC68HC11 microcontroller */
+#define EM_68HC08	71	/* Motorola MC68HC08 microcontroller */
+#define EM_68HC05	72	/* Motorola MC68HC05 microcontroller */
+#define EM_SVX		73	/* Silicon Graphics SVx */
+#define EM_ST19		74	/* STMicroelectronics ST19 8 bit mc */
+#define EM_VAX		75	/* Digital VAX */
+#define EM_CRIS		76	/* Axis Communications 32-bit emb.proc */
+#define EM_JAVELIN	77	/* Infineon Technologies 32-bit emb.proc */
+#define EM_FIREPATH	78	/* Element 14 64-bit DSP Processor */
+#define EM_ZSP		79	/* LSI Logic 16-bit DSP Processor */
+#define EM_MMIX		80	/* Donald Knuth's educational 64-bit proc */
+#define EM_HUANY	81	/* Harvard University machine-independent object files */
+#define EM_PRISM	82	/* SiTera Prism */
+#define EM_AVR		83	/* Atmel AVR 8-bit microcontroller */
+#define EM_FR30		84	/* Fujitsu FR30 */
+#define EM_D10V		85	/* Mitsubishi D10V */
+#define EM_D30V		86	/* Mitsubishi D30V */
+#define EM_V850		87	/* NEC v850 */
+#define EM_M32R		88	/* Mitsubishi M32R */
+#define EM_MN10300	89	/* Matsushita MN10300 */
+#define EM_MN10200	90	/* Matsushita MN10200 */
+#define EM_PJ		91	/* picoJava */
+#define EM_OPENRISC	92	/* OpenRISC 32-bit embedded processor */
+#define EM_ARC_COMPACT	93	/* ARC International ARCompact */
+#define EM_XTENSA	94	/* Tensilica Xtensa Architecture */
+#define EM_VIDEOCORE	95	/* Alphamosaic VideoCore */
+#define EM_TMM_GPP	96	/* Thompson Multimedia General Purpose Proc */
+#define EM_NS32K	97	/* National Semi. 32000 */
+#define EM_TPC		98	/* Tenor Network TPC */
+#define EM_SNP1K	99	/* Trebia SNP 1000 */
+#define EM_ST200	100	/* STMicroelectronics ST200 */
+#define EM_IP2K		101	/* Ubicom IP2xxx */
+#define EM_MAX		102	/* MAX processor */
+#define EM_CR		103	/* National Semi. CompactRISC */
+#define EM_F2MC16	104	/* Fujitsu F2MC16 */
+#define EM_MSP430	105	/* Texas Instruments msp430 */
+#define EM_BLACKFIN	106	/* Analog Devices Blackfin DSP */
+#define EM_SE_C33	107	/* Seiko Epson S1C33 family */
+#define EM_SEP		108	/* Sharp embedded microprocessor */
+#define EM_ARCA		109	/* Arca RISC */
+#define EM_UNICORE	110	/* PKU-Unity & MPRC Peking Uni. mc series */
+#define EM_EXCESS	111	/* eXcess configurable cpu */
+#define EM_DXP		112	/* Icera Semi. Deep Execution Processor */
+#define EM_ALTERA_NIOS2 113	/* Altera Nios II */
+#define EM_CRX		114	/* National Semi. CompactRISC CRX */
+#define EM_XGATE	115	/* Motorola XGATE */
+#define EM_C166		116	/* Infineon C16x/XC16x */
+#define EM_M16C		117	/* Renesas M16C */
+#define EM_DSPIC30F	118	/* Microchip Technology dsPIC30F */
+#define EM_CE		119	/* Freescale Communication Engine RISC */
+#define EM_M32C		120	/* Renesas M32C */
+				/* reserved 121-130 */
+#define EM_TSK3000	131	/* Altium TSK3000 */
+#define EM_RS08		132	/* Freescale RS08 */
+#define EM_SHARC	133	/* Analog Devices SHARC family */
+#define EM_ECOG2	134	/* Cyan Technology eCOG2 */
+#define EM_SCORE7	135	/* Sunplus S+core7 RISC */
+#define EM_DSP24	136	/* New Japan Radio (NJR) 24-bit DSP */
+#define EM_VIDEOCORE3	137	/* Broadcom VideoCore III */
+#define EM_LATTICEMICO32 138	/* RISC for Lattice FPGA */
+#define EM_SE_C17	139	/* Seiko Epson C17 */
+#define EM_TI_C6000	140	/* Texas Instruments TMS320C6000 DSP */
+#define EM_TI_C2000	141	/* Texas Instruments TMS320C2000 DSP */
+#define EM_TI_C5500	142	/* Texas Instruments TMS320C55x DSP */
+#define EM_TI_ARP32	143	/* Texas Instruments App. Specific RISC */
+#define EM_TI_PRU	144	/* Texas Instruments Prog. Realtime Unit */
+				/* reserved 145-159 */
+#define EM_MMDSP_PLUS	160	/* STMicroelectronics 64bit VLIW DSP */
+#define EM_CYPRESS_M8C	161	/* Cypress M8C */
+#define EM_R32C		162	/* Renesas R32C */
+#define EM_TRIMEDIA	163	/* NXP Semi. TriMedia */
+#define EM_QDSP6	164	/* QUALCOMM DSP6 */
+#define EM_8051		165	/* Intel 8051 and variants */
+#define EM_STXP7X	166	/* STMicroelectronics STxP7x */
+#define EM_NDS32	167	/* Andes Tech. compact code emb. RISC */
+#define EM_ECOG1X	168	/* Cyan Technology eCOG1X */
+#define EM_MAXQ30	169	/* Dallas Semi. MAXQ30 mc */
+#define EM_XIMO16	170	/* New Japan Radio (NJR) 16-bit DSP */
+#define EM_MANIK	171	/* M2000 Reconfigurable RISC */
+#define EM_CRAYNV2	172	/* Cray NV2 vector architecture */
+#define EM_RX		173	/* Renesas RX */
+#define EM_METAG	174	/* Imagination Tech. META */
+#define EM_MCST_ELBRUS	175	/* MCST Elbrus */
+#define EM_ECOG16	176	/* Cyan Technology eCOG16 */
+#define EM_CR16		177	/* National Semi. CompactRISC CR16 */
+#define EM_ETPU		178	/* Freescale Extended Time Processing Unit */
+#define EM_SLE9X	179	/* Infineon Tech. SLE9X */
+#define EM_L10M		180	/* Intel L10M */
+#define EM_K10M		181	/* Intel K10M */
+				/* reserved 182 */
+#define EM_AARCH64	183	/* ARM AARCH64 */
+				/* reserved 184 */
+#define EM_AVR32	185	/* Amtel 32-bit microprocessor */
+#define EM_STM8		186	/* STMicroelectronics STM8 */
+#define EM_TILE64	187	/* Tilera TILE64 */
+#define EM_TILEPRO	188	/* Tilera TILEPro */
+#define EM_MICROBLAZE	189	/* Xilinx MicroBlaze */
+#define EM_CUDA		190	/* NVIDIA CUDA */
+#define EM_TILEGX	191	/* Tilera TILE-Gx */
+#define EM_CLOUDSHIELD	192	/* CloudShield */
+#define EM_COREA_1ST	193	/* KIPO-KAIST Core-A 1st gen. */
+#define EM_COREA_2ND	194	/* KIPO-KAIST Core-A 2nd gen. */
+#define EM_ARCV2	195	/* Synopsys ARCv2 ISA.  */
+#define EM_OPEN8	196	/* Open8 RISC */
+#define EM_RL78		197	/* Renesas RL78 */
+#define EM_VIDEOCORE5	198	/* Broadcom VideoCore V */
+#define EM_78KOR	199	/* Renesas 78KOR */
+#define EM_56800EX	200	/* Freescale 56800EX DSC */
+#define EM_BA1		201	/* Beyond BA1 */
+#define EM_BA2		202	/* Beyond BA2 */
+#define EM_XCORE	203	/* XMOS xCORE */
+#define EM_MCHP_PIC	204	/* Microchip 8-bit PIC(r) */
+#define EM_INTELGT	205	/* Intel Graphics Technology */
+				/* reserved 206-209 */
+#define EM_KM32		210	/* KM211 KM32 */
+#define EM_KMX32	211	/* KM211 KMX32 */
+#define EM_EMX16	212	/* KM211 KMX16 */
+#define EM_EMX8		213	/* KM211 KMX8 */
+#define EM_KVARC	214	/* KM211 KVARC */
+#define EM_CDP		215	/* Paneve CDP */
+#define EM_COGE		216	/* Cognitive Smart Memory Processor */
+#define EM_COOL		217	/* Bluechip CoolEngine */
+#define EM_NORC		218	/* Nanoradio Optimized RISC */
+#define EM_CSR_KALIMBA	219	/* CSR Kalimba */
+#define EM_Z80		220	/* Zilog Z80 */
+#define EM_VISIUM	221	/* Controls and Data Services VISIUMcore */
+#define EM_FT32		222	/* FTDI Chip FT32 */
+#define EM_MOXIE	223	/* Moxie processor */
+#define EM_AMDGPU	224	/* AMD GPU */
+				/* reserved 225-242 */
+#define EM_RISCV	243	/* RISC-V */
+
+#define EM_BPF		247	/* Linux BPF -- in-kernel virtual machine */
+#define EM_CSKY		252     /* C-SKY */
+#define EM_LOONGARCH	258	/* LoongArch */
+
 #define EM_NUM		259
 
+/* Old spellings/synonyms.  */
+
+#define EM_ARC_A5	EM_ARC_COMPACT
+
 /* If it is necessary to assign new unofficial EM_* values, please
    pick large random numbers (0x8523, 0xa7f2, etc.) to minimize the
    chances of collision with official or non-GNU unofficial values.  */
@@ -348,8 +443,9 @@ typedef struct
 #define SHT_FINI_ARRAY	  15		/* Array of destructors */
 #define SHT_PREINIT_ARRAY 16		/* Array of pre-constructors */
 #define SHT_GROUP	  17		/* Section group */
-#define SHT_SYMTAB_SHNDX  18		/* Extended section indeces */
-#define	SHT_NUM		  19		/* Number of defined types.  */
+#define SHT_SYMTAB_SHNDX  18		/* Extended section indices */
+#define SHT_RELR	  19            /* RELR relative relocations */
+#define	SHT_NUM		  20		/* Number of defined types.  */
 #define SHT_LOOS	  0x60000000	/* Start OS-specific.  */
 #define SHT_GNU_ATTRIBUTES 0x6ffffff5	/* Object attributes.  */
 #define SHT_GNU_HASH	  0x6ffffff6	/* GNU-style hash table.  */
@@ -382,13 +478,40 @@ typedef struct
 					   required */
 #define SHF_GROUP	     (1 << 9)	/* Section is member of a group.  */
 #define SHF_TLS		     (1 << 10)	/* Section hold thread-local data.  */
+#define SHF_COMPRESSED	     (1 << 11)	/* Section with compressed data. */
 #define SHF_MASKOS	     0x0ff00000	/* OS-specific.  */
 #define SHF_MASKPROC	     0xf0000000	/* Processor-specific */
+#define SHF_GNU_RETAIN	     (1 << 21)  /* Not to be GCed by linker.  */
 #define SHF_ORDERED	     (1 << 30)	/* Special ordering requirement
 					   (Solaris).  */
-#define SHF_EXCLUDE	     (1 << 31)	/* Section is excluded unless
+#define SHF_EXCLUDE	     (1U << 31)	/* Section is excluded unless
 					   referenced or allocated (Solaris).*/
 
+/* Section compression header.  Used when SHF_COMPRESSED is set.  */
+
+typedef struct
+{
+  Elf32_Word	ch_type;	/* Compression format.  */
+  Elf32_Word	ch_size;	/* Uncompressed data size.  */
+  Elf32_Word	ch_addralign;	/* Uncompressed data alignment.  */
+} Elf32_Chdr;
+
+typedef struct
+{
+  Elf64_Word	ch_type;	/* Compression format.  */
+  Elf64_Word	ch_reserved;
+  Elf64_Xword	ch_size;	/* Uncompressed data size.  */
+  Elf64_Xword	ch_addralign;	/* Uncompressed data alignment.  */
+} Elf64_Chdr;
+
+/* Legal values for ch_type (compression algorithm).  */
+#define ELFCOMPRESS_ZLIB	1	   /* ZLIB/DEFLATE algorithm.  */
+#define ELFCOMPRESS_ZSTD	2	   /* Zstandard algorithm.  */
+#define ELFCOMPRESS_LOOS	0x60000000 /* Start of OS-specific.  */
+#define ELFCOMPRESS_HIOS	0x6fffffff /* End of OS-specific.  */
+#define ELFCOMPRESS_LOPROC	0x70000000 /* Start of processor-specific.  */
+#define ELFCOMPRESS_HIPROC	0x7fffffff /* End of processor-specific.  */
+
 /* Section group handling.  */
 #define GRP_COMDAT	0x1		/* Mark group as COMDAT.  */
 
@@ -436,7 +559,7 @@ typedef struct
 
 /* Possible bitmasks for si_flags.  */
 #define SYMINFO_FLG_DIRECT	0x0001	/* Direct bound symbol */
-#define SYMINFO_FLG_PASSTHRU	0x0002	/* Pass-thru symbol for translator */
+#define SYMINFO_FLG_PASSTHRU	0x0002	/* Pass-through symbol for translator */
 #define SYMINFO_FLG_COPY	0x0004	/* Symbol is a copy-reloc */
 #define SYMINFO_FLG_LAZYLOAD	0x0008	/* Symbol bound to object to be lazy
 					   loaded */
@@ -542,6 +665,11 @@ typedef struct
   Elf64_Sxword	r_addend;		/* Addend */
 } Elf64_Rela;
 
+/* RELR relocation table entry */
+
+typedef Elf32_Word	Elf32_Relr;
+typedef Elf64_Xword	Elf64_Relr;
+
 /* How to extract and insert information held in the r_info field.  */
 
 #define ELF32_R_SYM(val)		((val) >> 8)
@@ -599,6 +727,8 @@ typedef struct
 #define PT_GNU_EH_FRAME	0x6474e550	/* GCC .eh_frame_hdr segment */
 #define PT_GNU_STACK	0x6474e551	/* Indicates stack executability */
 #define PT_GNU_RELRO	0x6474e552	/* Read-only after relocation */
+#define PT_GNU_PROPERTY	0x6474e553	/* GNU property */
+#define PT_GNU_SFRAME	0x6474e554	/* SFrame segment.  */
 #define PT_LOSUNW	0x6ffffffa
 #define PT_SUNWBSS	0x6ffffffa	/* Sun Specific segment */
 #define PT_SUNWSTACK	0x6ffffffb	/* Stack segment */
@@ -618,6 +748,8 @@ typedef struct
 /* Legal values for note segment descriptor types for core files. */
 
 #define NT_PRSTATUS	1		/* Contains copy of prstatus struct */
+#define NT_PRFPREG	2		/* Contains copy of fpregset
+					   struct.  */
 #define NT_FPREGSET	2		/* Contains copy of fpregset struct */
 #define NT_PRPSINFO	3		/* Contains copy of prpsinfo struct */
 #define NT_PRXREG	4		/* Contains copy of prxregset struct */
@@ -641,9 +773,30 @@ typedef struct
 #define NT_PPC_VMX	0x100		/* PowerPC Altivec/VMX registers */
 #define NT_PPC_SPE	0x101		/* PowerPC SPE/EVR registers */
 #define NT_PPC_VSX	0x102		/* PowerPC VSX registers */
+#define NT_PPC_TAR	0x103		/* Target Address Register */
+#define NT_PPC_PPR	0x104		/* Program Priority Register */
+#define NT_PPC_DSCR	0x105		/* Data Stream Control Register */
+#define NT_PPC_EBB	0x106		/* Event Based Branch Registers */
+#define NT_PPC_PMU	0x107		/* Performance Monitor Registers */
+#define NT_PPC_TM_CGPR	0x108		/* TM checkpointed GPR Registers */
+#define NT_PPC_TM_CFPR	0x109		/* TM checkpointed FPR Registers */
+#define NT_PPC_TM_CVMX	0x10a		/* TM checkpointed VMX Registers */
+#define NT_PPC_TM_CVSX	0x10b		/* TM checkpointed VSX Registers */
+#define NT_PPC_TM_SPR	0x10c		/* TM Special Purpose Registers */
+#define NT_PPC_TM_CTAR	0x10d		/* TM checkpointed Target Address
+					   Register */
+#define NT_PPC_TM_CPPR	0x10e		/* TM checkpointed Program Priority
+					   Register */
+#define NT_PPC_TM_CDSCR	0x10f		/* TM checkpointed Data Stream Control
+					   Register */
+#define NT_PPC_PKEY	0x110		/* Memory Protection Keys
+					   registers.  */
+#define NT_PPC_DEXCR	0x111		/* PowerPC DEXCR registers.  */
+#define NT_PPC_HASHKEYR	0x112		/* PowerPC HASHKEYR register.  */
 #define NT_386_TLS	0x200		/* i386 TLS slots (struct user_desc) */
 #define NT_386_IOPERM	0x201		/* x86 io permission bitmap (1=deny) */
 #define NT_X86_XSTATE	0x202		/* x86 extended state using xsave */
+#define NT_X86_SHSTK	0x204		/* x86 SHSTK state */
 #define NT_S390_HIGH_GPRS	0x300	/* s390 upper register halves */
 #define NT_S390_TIMER	0x301		/* s390 timer register */
 #define NT_S390_TODCMP	0x302		/* s390 TOD clock comparator register */
@@ -653,10 +806,48 @@ typedef struct
 #define NT_S390_LAST_BREAK	0x306	/* s390 breaking event address */
 #define NT_S390_SYSTEM_CALL	0x307	/* s390 system call restart data */
 #define NT_S390_TDB	0x308		/* s390 transaction diagnostic block */
+#define NT_S390_VXRS_LOW	0x309	/* s390 vector registers 0-15
+					   upper half.  */
+#define NT_S390_VXRS_HIGH	0x30a	/* s390 vector registers 16-31.  */
+#define NT_S390_GS_CB	0x30b		/* s390 guarded storage registers.  */
+#define NT_S390_GS_BC	0x30c		/* s390 guarded storage
+					   broadcast control block.  */
+#define NT_S390_RI_CB	0x30d		/* s390 runtime instrumentation.  */
+#define NT_S390_PV_CPU_DATA	0x30e	/* s390 protvirt cpu dump data.  */
 #define NT_ARM_VFP	0x400		/* ARM VFP/NEON registers */
 #define NT_ARM_TLS	0x401		/* ARM TLS register */
 #define NT_ARM_HW_BREAK	0x402		/* ARM hardware breakpoint registers */
 #define NT_ARM_HW_WATCH	0x403		/* ARM hardware watchpoint registers */
+#define NT_ARM_SYSTEM_CALL	0x404	/* ARM system call number */
+#define NT_ARM_SVE	0x405		/* ARM Scalable Vector Extension
+					   registers */
+#define NT_ARM_PAC_MASK	0x406		/* ARM pointer authentication
+					   code masks.  */
+#define NT_ARM_PACA_KEYS	0x407	/* ARM pointer authentication
+					   address keys.  */
+#define NT_ARM_PACG_KEYS	0x408	/* ARM pointer authentication
+					   generic key.  */
+#define NT_ARM_TAGGED_ADDR_CTRL	0x409	/* AArch64 tagged address
+					   control.  */
+#define NT_ARM_PAC_ENABLED_KEYS	0x40a	/* AArch64 pointer authentication
+					   enabled keys.  */
+#define NT_VMCOREDD	0x700		/* Vmcore Device Dump Note.  */
+#define NT_MIPS_DSP	0x800		/* MIPS DSP ASE registers.  */
+#define NT_MIPS_FP_MODE	0x801		/* MIPS floating-point mode.  */
+#define NT_MIPS_MSA	0x802		/* MIPS SIMD registers.  */
+#define NT_RISCV_CSR	0x900		/* RISC-V Control and Status Registers */
+#define NT_RISCV_VECTOR	0x901		/* RISC-V vector registers */
+#define NT_LOONGARCH_CPUCFG	0xa00	/* LoongArch CPU config registers.  */
+#define NT_LOONGARCH_CSR	0xa01	/* LoongArch control and
+					   status registers.  */
+#define NT_LOONGARCH_LSX	0xa02	/* LoongArch Loongson SIMD
+					   Extension registers.  */
+#define NT_LOONGARCH_LASX	0xa03	/* LoongArch Loongson Advanced
+					   SIMD Extension registers.  */
+#define NT_LOONGARCH_LBT	0xa04	/* LoongArch Loongson Binary
+					   Translation registers.  */
+#define NT_LOONGARCH_HW_BREAK	0xa05   /* LoongArch hardware breakpoint registers */
+#define NT_LOONGARCH_HW_WATCH	0xa06   /* LoongArch hardware watchpoint registers */
 
 /* Legal values for the note segment descriptor types for object files.  */
 
@@ -721,7 +912,11 @@ typedef struct
 #define DT_ENCODING	32		/* Start of encoded range */
 #define DT_PREINIT_ARRAY 32		/* Array with addresses of preinit fct*/
 #define DT_PREINIT_ARRAYSZ 33		/* size in bytes of DT_PREINIT_ARRAY */
-#define	DT_NUM		34		/* Number used */
+#define DT_SYMTAB_SHNDX	34		/* Address of SYMTAB_SHNDX section */
+#define DT_RELRSZ	35		/* Total size of RELR relative relocations */
+#define DT_RELR		36		/* Address of RELR relative relocations */
+#define DT_RELRENT	37		/* Size of one RELR relative relocaction */
+#define	DT_NUM		38		/* Number used */
 #define DT_LOOS		0x6000000d	/* Start of OS-specific */
 #define DT_HIOS		0x6ffff000	/* End of OS-specific */
 #define DT_LOPROC	0x70000000	/* Start of processor-specific */
@@ -829,6 +1024,11 @@ typedef struct
 #define	DF_1_SYMINTPOSE	0x00800000	/* Object has individual interposers.  */
 #define	DF_1_GLOBAUDIT	0x01000000	/* Global auditing required.  */
 #define	DF_1_SINGLETON	0x02000000	/* Singleton symbols are used.  */
+#define	DF_1_STUB	0x04000000
+#define	DF_1_PIE	0x08000000
+#define	DF_1_KMOD       0x10000000
+#define	DF_1_WEAKFILTER 0x20000000
+#define	DF_1_NOCOMMON   0x40000000
 
 /* Flags for the feature selection in DT_FEATURE_1.  */
 #define DTF_1_PARINIT	0x00000001
@@ -873,7 +1073,8 @@ typedef struct
 
 /* Legal values for vd_flags (version information flags).  */
 #define VER_FLG_BASE	0x1		/* Version definition of file itself */
-#define VER_FLG_WEAK	0x2		/* Weak version identifier */
+#define VER_FLG_WEAK	0x2		/* Weak version identifier.  Also
+					   used by vna_flags below.  */
 
 /* Versym symbol index values.  */
 #define	VER_NDX_LOCAL		0	/* Symbol is local.  */
@@ -881,7 +1082,7 @@ typedef struct
 #define	VER_NDX_LORESERVE	0xff00	/* Beginning of reserved entries.  */
 #define	VER_NDX_ELIMINATE	0xff01	/* Symbol is to be eliminated.  */
 
-/* Auxialiary version information.  */
+/* Auxiliary version information.  */
 
 typedef struct
 {
@@ -951,10 +1152,6 @@ typedef struct
 } Elf64_Vernaux;
 
 
-/* Legal values for vna_flags.  */
-#define VER_FLG_WEAK	0x2		/* Weak version identifier */
-
-
 /* Auxiliary vector.  */
 
 /* This vector is normally only used by the program interpreter.  The
@@ -1034,6 +1231,9 @@ typedef struct
 #define AT_HWCAP2	26		/* More machine-dependent hints about
 					   processor capabilities.  */
 
+#define AT_RSEQ_FEATURE_SIZE	27	/* rseq supported feature size.  */
+#define AT_RSEQ_ALIGN	28		/* rseq allocation alignment.  */
+
 #define AT_EXECFN	31		/* Filename of executable.  */
 
 /* Pointer to the global system page used for system calls and other
@@ -1048,6 +1248,20 @@ typedef struct
 #define AT_L2_CACHESHAPE	36
 #define AT_L3_CACHESHAPE	37
 
+/* Shapes of the caches, with more room to describe them.
+   *GEOMETRY are comprised of cache line size in bytes in the bottom 16 bits
+   and the cache associativity in the next 16 bits.  */
+#define AT_L1I_CACHESIZE	40
+#define AT_L1I_CACHEGEOMETRY	41
+#define AT_L1D_CACHESIZE	42
+#define AT_L1D_CACHEGEOMETRY	43
+#define AT_L2_CACHESIZE		44
+#define AT_L2_CACHEGEOMETRY	45
+#define AT_L3_CACHESIZE		46
+#define AT_L3_CACHEGEOMETRY	47
+
+#define AT_MINSIGSTKSZ		51 /* Stack needed for signal delivery  */
+
 /* Note section contents.  Each entry in the note section begins with
    a header of a fixed form.  */
 
@@ -1073,6 +1287,8 @@ typedef struct
 /* Note entries for GNU systems have this name.  */
 #define ELF_NOTE_GNU		"GNU"
 
+/* Note entries for freedesktop.org have this name.  */
+#define ELF_NOTE_FDO		"FDO"
 
 /* Defined types of notes for Solaris.  */
 
@@ -1113,6 +1329,84 @@ typedef struct
 /* Version note generated by GNU gold containing a version string.  */
 #define NT_GNU_GOLD_VERSION	4
 
+/* Program property.  */
+#define NT_GNU_PROPERTY_TYPE_0 5
+
+/* Packaging metadata as defined on
+   https://systemd.io/COREDUMP_PACKAGE_METADATA/ */
+#define NT_FDO_PACKAGING_METADATA 0xcafe1a7e
+
+/* Note section name of program property.   */
+#define NOTE_GNU_PROPERTY_SECTION_NAME ".note.gnu.property"
+
+/* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).  */
+
+/* Stack size.  */
+#define GNU_PROPERTY_STACK_SIZE			1
+/* No copy relocation on protected data symbol.  */
+#define GNU_PROPERTY_NO_COPY_ON_PROTECTED	2
+
+/* A 4-byte unsigned integer property: A bit is set if it is set in all
+   relocatable inputs.  */
+#define GNU_PROPERTY_UINT32_AND_LO	0xb0000000
+#define GNU_PROPERTY_UINT32_AND_HI	0xb0007fff
+
+/* A 4-byte unsigned integer property: A bit is set if it is set in any
+   relocatable inputs.  */
+#define GNU_PROPERTY_UINT32_OR_LO	0xb0008000
+#define GNU_PROPERTY_UINT32_OR_HI	0xb000ffff
+
+/* The needed properties by the object file.  */
+#define GNU_PROPERTY_1_NEEDED		GNU_PROPERTY_UINT32_OR_LO
+
+/* Set if the object file requires canonical function pointers and
+   cannot be used with copy relocation.  */
+#define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
+
+/* Processor-specific semantics, lo */
+#define GNU_PROPERTY_LOPROC			0xc0000000
+/* Processor-specific semantics, hi */
+#define GNU_PROPERTY_HIPROC			0xdfffffff
+/* Application-specific semantics, lo */
+#define GNU_PROPERTY_LOUSER			0xe0000000
+/* Application-specific semantics, hi */
+#define GNU_PROPERTY_HIUSER			0xffffffff
+
+/* AArch64 specific GNU properties.  */
+#define GNU_PROPERTY_AARCH64_FEATURE_1_AND	0xc0000000
+
+#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI	(1U << 0)
+#define GNU_PROPERTY_AARCH64_FEATURE_1_PAC	(1U << 1)
+
+/* The x86 instruction sets indicated by the corresponding bits are
+   used in program.  Their support in the hardware is optional.  */
+#define GNU_PROPERTY_X86_ISA_1_USED		0xc0010002
+/* The x86 instruction sets indicated by the corresponding bits are
+   used in program and they must be supported by the hardware.   */
+#define GNU_PROPERTY_X86_ISA_1_NEEDED		0xc0008002
+/* X86 processor-specific features used in program.  */
+#define GNU_PROPERTY_X86_FEATURE_1_AND		0xc0000002
+
+/* GNU_PROPERTY_X86_ISA_1_BASELINE: CMOV, CX8 (cmpxchg8b), FPU (fld),
+   MMX, OSFXSR (fxsave), SCE (syscall), SSE and SSE2.  */
+#define GNU_PROPERTY_X86_ISA_1_BASELINE		(1U << 0)
+/* GNU_PROPERTY_X86_ISA_1_V2: GNU_PROPERTY_X86_ISA_1_BASELINE,
+   CMPXCHG16B (cmpxchg16b), LAHF-SAHF (lahf), POPCNT (popcnt), SSE3,
+   SSSE3, SSE4.1 and SSE4.2.  */
+#define GNU_PROPERTY_X86_ISA_1_V2		(1U << 1)
+/* GNU_PROPERTY_X86_ISA_1_V3: GNU_PROPERTY_X86_ISA_1_V2, AVX, AVX2, BMI1,
+   BMI2, F16C, FMA, LZCNT, MOVBE, XSAVE.  */
+#define GNU_PROPERTY_X86_ISA_1_V3		(1U << 2)
+/* GNU_PROPERTY_X86_ISA_1_V4: GNU_PROPERTY_X86_ISA_1_V3, AVX512F,
+   AVX512BW, AVX512CD, AVX512DQ and AVX512VL.  */
+#define GNU_PROPERTY_X86_ISA_1_V4		(1U << 3)
+
+/* This indicates that all executable sections are compatible with
+   IBT.  */
+#define GNU_PROPERTY_X86_FEATURE_1_IBT		(1U << 0)
+/* This indicates that all executable sections are compatible with
+   SHSTK.  */
+#define GNU_PROPERTY_X86_FEATURE_1_SHSTK	(1U << 1)
 
 /* Move records.  */
 typedef struct
@@ -1259,8 +1553,10 @@ typedef struct
 					   argument, returning the TLS
 					   offset for the symbol.  */
 #define R_386_IRELATIVE	   42		/* Adjust indirectly by program base */
+#define R_386_GOT32X	   43		/* Load from 32 bit GOT entry,
+					   relaxable. */
 /* Keep this the last entry.  */
-#define R_386_NUM	   43
+#define R_386_NUM	   44
 
 /* SUN SPARC specific definitions.  */
 
@@ -1396,11 +1692,25 @@ typedef struct
 #define EF_MIPS_PIC		2     /* Contains PIC code.  */
 #define EF_MIPS_CPIC		4     /* Uses PIC calling sequence.  */
 #define EF_MIPS_XGOT		8
-#define EF_MIPS_64BIT_WHIRL	16
+#define EF_MIPS_UCODE		16
 #define EF_MIPS_ABI2		32
 #define EF_MIPS_ABI_ON32	64
+#define EF_MIPS_OPTIONS_FIRST	0x00000080 /* Process the .MIPS.options
+					      section first by ld.  */
+#define EF_MIPS_32BITMODE	0x00000100 /* Indicates code compiled for
+					      a 64-bit machine in 32-bit
+					      mode (regs are 32-bits
+					      wide).  */
 #define EF_MIPS_FP64		512  /* Uses FP64 (12 callee-saved).  */
 #define EF_MIPS_NAN2008	1024  /* Uses IEEE 754-2008 NaN encoding.  */
+#define EF_MIPS_ARCH_ASE	0x0f000000 /* Architectural Extensions
+					      used by this file.  */
+#define EF_MIPS_ARCH_ASE_MDMX	0x08000000 /* Use MDMX multimedia
+					      extensions.  */
+#define EF_MIPS_ARCH_ASE_M16	0x04000000 /* Use MIPS-16 ISA
+					      extensions.  */
+#define EF_MIPS_ARCH_ASE_MICROMIPS	0x02000000 /* Use MICROMIPS ISA
+						      extensions.  */
 #define EF_MIPS_ARCH		0xf0000000 /* MIPS architecture level.  */
 
 /* Legal values for MIPS architecture level.  */
@@ -1414,6 +1724,38 @@ typedef struct
 #define EF_MIPS_ARCH_64		0x60000000 /* MIPS64 code.  */
 #define EF_MIPS_ARCH_32R2	0x70000000 /* MIPS32r2 code.  */
 #define EF_MIPS_ARCH_64R2	0x80000000 /* MIPS64r2 code.  */
+#define EF_MIPS_ARCH_32R6	0x90000000 /* MIPS32r6 code.  */
+#define EF_MIPS_ARCH_64R6	0xa0000000 /* MIPS64r6 code.  */
+#define EF_MIPS_ABI		0x0000F000 /* The ABI of the file.  Also
+					      see EF_MIPS_ABI2 above.  */
+#define EF_MIPS_ABI_O32		0x00001000 /* The original o32 abi.  */
+#define EF_MIPS_ABI_O64		0x00002000 /* O32 extended to work on
+					      64 bit architectures.  */
+#define EF_MIPS_ABI_EABI32	0x00003000 /* EABI in 32 bit mode.  */
+#define EF_MIPS_ABI_EABI64	0x00004000 /* EABI in 64 bit mode.  */
+#define EF_MIPS_MACH		0x00FF0000
+#define EF_MIPS_MACH_3900	0x00810000
+#define EF_MIPS_MACH_4010	0x00820000
+#define EF_MIPS_MACH_4100	0x00830000
+#define EF_MIPS_MACH_ALLEGREX	0x00840000
+#define EF_MIPS_MACH_4650	0x00850000
+#define EF_MIPS_MACH_4120	0x00870000
+#define EF_MIPS_MACH_4111	0x00880000
+#define EF_MIPS_MACH_SB1	0x008a0000
+#define EF_MIPS_MACH_OCTEON	0x008b0000
+#define EF_MIPS_MACH_XLR	0x008c0000
+#define EF_MIPS_MACH_OCTEON2	0x008d0000
+#define EF_MIPS_MACH_OCTEON3	0x008e0000
+#define EF_MIPS_MACH_5400	0x00910000
+#define EF_MIPS_MACH_5900	0x00920000
+#define EF_MIPS_MACH_IAMR2	0x00930000
+#define EF_MIPS_MACH_5500	0x00980000
+#define EF_MIPS_MACH_9000	0x00990000
+#define EF_MIPS_MACH_LS2E	0x00A00000
+#define EF_MIPS_MACH_LS2F	0x00A10000
+#define EF_MIPS_MACH_GS464	0x00A20000
+#define EF_MIPS_MACH_GS464E	0x00A30000
+#define EF_MIPS_MACH_GS264E	0x00A40000
 
 /* The following are unofficial names and should not be used.  */
 
@@ -1474,6 +1816,8 @@ typedef struct
 #define SHT_MIPS_EH_REGION	0x70000027
 #define SHT_MIPS_XLATE_OLD	0x70000028
 #define SHT_MIPS_PDR_EXCEPTION	0x70000029
+#define SHT_MIPS_ABIFLAGS	0x7000002a
+#define SHT_MIPS_XHASH		0x7000002b
 
 /* Legal values for sh_flags field of Elf32_Shdr.  */
 
@@ -1641,10 +1985,68 @@ typedef struct
 #define R_MIPS_TLS_TPREL_HI16	49	/* TP-relative offset, high 16 bits */
 #define R_MIPS_TLS_TPREL_LO16	50	/* TP-relative offset, low 16 bits */
 #define R_MIPS_GLOB_DAT		51
+#define R_MIPS_PC21_S2		60
+#define R_MIPS_PC26_S2		61
+#define R_MIPS_PC18_S3		62
+#define R_MIPS_PC19_S2		63
+#define R_MIPS_PCHI16		64
+#define R_MIPS_PCLO16		65
+#define R_MIPS16_26		100
+#define R_MIPS16_GPREL		101
+#define R_MIPS16_GOT16		102
+#define R_MIPS16_CALL16		103
+#define R_MIPS16_HI16		104
+#define R_MIPS16_LO16		105
+#define R_MIPS16_TLS_GD		106
+#define R_MIPS16_TLS_LDM	107
+#define R_MIPS16_TLS_DTPREL_HI16	108
+#define R_MIPS16_TLS_DTPREL_LO16	109
+#define R_MIPS16_TLS_GOTTPREL	110
+#define R_MIPS16_TLS_TPREL_HI16	111
+#define R_MIPS16_TLS_TPREL_LO16	112
+#define R_MIPS16_PC16_S1	113
 #define R_MIPS_COPY		126
 #define R_MIPS_JUMP_SLOT        127
+#define R_MIPS_RELATIVE		128
+#define R_MICROMIPS_26_S1	133
+#define R_MICROMIPS_HI16	134
+#define R_MICROMIPS_LO16	135
+#define R_MICROMIPS_GPREL16	136
+#define R_MICROMIPS_LITERAL	137
+#define R_MICROMIPS_GOT16	138
+#define R_MICROMIPS_PC7_S1	139
+#define R_MICROMIPS_PC10_S1	140
+#define R_MICROMIPS_PC16_S1	141
+#define R_MICROMIPS_CALL16	142
+#define R_MICROMIPS_GOT_DISP	145
+#define R_MICROMIPS_GOT_PAGE	146
+#define R_MICROMIPS_GOT_OFST	147
+#define R_MICROMIPS_GOT_HI16	148
+#define R_MICROMIPS_GOT_LO16	149
+#define R_MICROMIPS_SUB		150
+#define R_MICROMIPS_HIGHER	151
+#define R_MICROMIPS_HIGHEST	152
+#define R_MICROMIPS_CALL_HI16	153
+#define R_MICROMIPS_CALL_LO16	154
+#define R_MICROMIPS_SCN_DISP	155
+#define R_MICROMIPS_JALR	156
+#define R_MICROMIPS_HI0_LO16	157
+#define R_MICROMIPS_TLS_GD	162
+#define R_MICROMIPS_TLS_LDM	163
+#define R_MICROMIPS_TLS_DTPREL_HI16	164
+#define R_MICROMIPS_TLS_DTPREL_LO16	165
+#define R_MICROMIPS_TLS_GOTTPREL	166
+#define R_MICROMIPS_TLS_TPREL_HI16	169
+#define R_MICROMIPS_TLS_TPREL_LO16	170
+#define R_MICROMIPS_GPREL7_S2	172
+#define R_MICROMIPS_PC23_S2	173
+#define R_MIPS_PC32		248
+#define R_MIPS_EH		249
+#define R_MIPS_GNU_REL16_S2	250
+#define R_MIPS_GNU_VTINHERIT	253
+#define R_MIPS_GNU_VTENTRY	254
 /* Keep this the last entry.  */
-#define R_MIPS_NUM		128
+#define R_MIPS_NUM		255
 
 /* Legal values for p_type field of Elf32_Phdr.  */
 
@@ -1717,7 +2119,13 @@ typedef struct
    PLT is writable.  For a non-writable PLT, this is omitted or has a zero
    value.  */
 #define DT_MIPS_RWPLT        0x70000034
-#define DT_MIPS_NUM	     0x35
+/* An alternative description of the classic MIPS RLD_MAP that is usable
+   in a PIE as it stores a relative offset from the address of the tag
+   rather than an absolute address.  */
+#define DT_MIPS_RLD_MAP_REL  0x70000035
+/* GNU-style hash table with xlat.  */
+#define DT_MIPS_XHASH	     0x70000036
+#define DT_MIPS_NUM	     0x37
 
 /* Legal values for DT_MIPS_FLAGS Elf32_Dyn entry.  */
 
@@ -1888,9 +2296,9 @@ enum
 #define EFA_PARISC_1_1		    0x0210 /* PA-RISC 1.1 big-endian.  */
 #define EFA_PARISC_2_0		    0x0214 /* PA-RISC 2.0 big-endian.  */
 
-/* Additional section indeces.  */
+/* Additional section indices.  */
 
-#define SHN_PARISC_ANSI_COMMON	0xff00	   /* Section for tenatively declared
+#define SHN_PARISC_ANSI_COMMON	0xff00	   /* Section for tentatively declared
 					      symbols in ANSI C.  */
 #define SHN_PARISC_HUGE_COMMON	0xff01	   /* Common blocks in huge model.  */
 
@@ -2209,6 +2617,8 @@ enum
 #define R_PPC_GOT_DTPREL16_LO	92 /* half16*	(sym+add)@got@dtprel@l */
 #define R_PPC_GOT_DTPREL16_HI	93 /* half16*	(sym+add)@got@dtprel@h */
 #define R_PPC_GOT_DTPREL16_HA	94 /* half16*	(sym+add)@got@dtprel@ha */
+#define R_PPC_TLSGD		95 /* none	(sym+add)@tlsgd */
+#define R_PPC_TLSLD		96 /* none	(sym+add)@tlsld */
 
 /* The remaining relocs are from the Embedded ELF ABI, and are not
    in the SVR4 ELF ABI.  */
@@ -2252,7 +2662,11 @@ enum
 
 /* PowerPC specific values for the Dyn d_tag field.  */
 #define DT_PPC_GOT		(DT_LOPROC + 0)
-#define DT_PPC_NUM		1
+#define DT_PPC_OPT		(DT_LOPROC + 1)
+#define DT_PPC_NUM		2
+
+/* PowerPC specific values for the DT_PPC_OPT Dyn entry.  */
+#define PPC_OPT_TLS		1
 
 /* PowerPC64 relocations defined by the ABIs */
 #define R_PPC64_NONE		R_PPC_NONE
@@ -2398,9 +2812,10 @@ enum
 #define DT_PPC64_OPT	(DT_LOPROC + 3)
 #define DT_PPC64_NUM    4
 
-/* PowerPC64 specific values for the DT_PPC64_OPT Dyn entry.  */
+/* PowerPC64 specific bits in the DT_PPC64_OPT Dyn entry.  */
 #define PPC64_OPT_TLS		1
 #define PPC64_OPT_MULTI_TOC	2
+#define PPC64_OPT_LOCALENTRY	4
 
 /* PowerPC64 specific values for the Elf64_Sym st_other field.  */
 #define STO_PPC64_LOCAL_BIT	5
@@ -2612,6 +3027,18 @@ enum
 #define R_AARCH64_TLSDESC      1031	/* TLS Descriptor.  */
 #define R_AARCH64_IRELATIVE	1032	/* STT_GNU_IFUNC relocation.  */
 
+/* MTE memory tag segment type.  */
+#define PT_AARCH64_MEMTAG_MTE	(PT_LOPROC + 2)
+
+/* AArch64 specific values for the Dyn d_tag field.  */
+#define DT_AARCH64_BTI_PLT	(DT_LOPROC + 1)
+#define DT_AARCH64_PAC_PLT	(DT_LOPROC + 3)
+#define DT_AARCH64_VARIANT_PCS	(DT_LOPROC + 5)
+#define DT_AARCH64_NUM		6
+
+/* AArch64 specific values for the st_other field.  */
+#define STO_AARCH64_VARIANT_PCS 0x80
+
 /* ARM relocs.  */
 
 #define R_ARM_NONE		0	/* No reloc */
@@ -2780,6 +3207,81 @@ enum
 /* Keep this the last entry.  */
 #define R_ARM_NUM		256
 
+/* C-SKY */
+#define R_CKCORE_NONE               0	/* no reloc */
+#define R_CKCORE_ADDR32             1	/* direct 32 bit (S + A) */
+#define R_CKCORE_PCRELIMM8BY4       2	/* disp ((S + A - P) >> 2) & 0xff   */
+#define R_CKCORE_PCRELIMM11BY2      3	/* disp ((S + A - P) >> 1) & 0x7ff  */
+#define R_CKCORE_PCREL32            5	/* 32-bit rel (S + A - P)           */
+#define R_CKCORE_PCRELJSR_IMM11BY2  6	/* disp ((S + A - P) >>1) & 0x7ff   */
+#define R_CKCORE_RELATIVE           9	/* 32 bit adjust program base(B + A)*/
+#define R_CKCORE_COPY               10	/* 32 bit adjust by program base    */
+#define R_CKCORE_GLOB_DAT           11	/* off between got and sym (S)      */
+#define R_CKCORE_JUMP_SLOT          12	/* PLT entry (S) */
+#define R_CKCORE_GOTOFF             13	/* offset to GOT (S + A - GOT)      */
+#define R_CKCORE_GOTPC              14	/* PC offset to GOT (GOT + A - P)   */
+#define R_CKCORE_GOT32              15	/* 32 bit GOT entry (G) */
+#define R_CKCORE_PLT32              16	/* 32 bit PLT entry (G) */
+#define R_CKCORE_ADDRGOT            17	/* GOT entry in GLOB_DAT (GOT + G)  */
+#define R_CKCORE_ADDRPLT            18	/* PLT entry in GLOB_DAT (GOT + G)  */
+#define R_CKCORE_PCREL_IMM26BY2     19	/* ((S + A - P) >> 1) & 0x3ffffff   */
+#define R_CKCORE_PCREL_IMM16BY2     20	/* disp ((S + A - P) >> 1) & 0xffff */
+#define R_CKCORE_PCREL_IMM16BY4     21	/* disp ((S + A - P) >> 2) & 0xffff */
+#define R_CKCORE_PCREL_IMM10BY2     22	/* disp ((S + A - P) >> 1) & 0x3ff  */
+#define R_CKCORE_PCREL_IMM10BY4     23	/* disp ((S + A - P) >> 2) & 0x3ff  */
+#define R_CKCORE_ADDR_HI16          24	/* high & low 16 bit ADDR */
+                                        /* ((S + A) >> 16) & 0xffff */
+#define R_CKCORE_ADDR_LO16          25	/* (S + A) & 0xffff */
+#define R_CKCORE_GOTPC_HI16         26	/* high & low 16 bit GOTPC */
+                                        /* ((GOT + A - P) >> 16) & 0xffff */
+#define R_CKCORE_GOTPC_LO16         27	/* (GOT + A - P) & 0xffff */
+#define R_CKCORE_GOTOFF_HI16        28	/* high & low 16 bit GOTOFF */
+                                        /* ((S + A - GOT) >> 16) & 0xffff */
+#define R_CKCORE_GOTOFF_LO16        29	/* (S + A - GOT) & 0xffff */
+#define R_CKCORE_GOT12              30	/* 12 bit disp GOT entry (G) */
+#define R_CKCORE_GOT_HI16           31	/* high & low 16 bit GOT */
+                                        /* (G >> 16) & 0xffff */
+#define R_CKCORE_GOT_LO16           32	/* (G & 0xffff) */
+#define R_CKCORE_PLT12              33	/* 12 bit disp PLT entry (G) */
+#define R_CKCORE_PLT_HI16           34	/* high & low 16 bit PLT */
+                                        /* (G >> 16) & 0xffff */
+#define R_CKCORE_PLT_LO16           35	/* G & 0xffff */
+#define R_CKCORE_ADDRGOT_HI16       36	/* high & low 16 bit ADDRGOT */
+                                        /* (GOT + G * 4) & 0xffff */
+#define R_CKCORE_ADDRGOT_LO16       37	/* (GOT + G * 4) & 0xffff */
+#define R_CKCORE_ADDRPLT_HI16       38	/* high & low 16 bit ADDRPLT */
+                                        /* ((GOT + G * 4) >> 16) & 0xFFFF */
+#define R_CKCORE_ADDRPLT_LO16       39	/* (GOT+G*4) & 0xffff */
+#define R_CKCORE_PCREL_JSR_IMM26BY2 40	/* disp ((S+A-P) >>1) & x3ffffff */
+#define R_CKCORE_TOFFSET_LO16       41	/* (S+A-BTEXT) & 0xffff */
+#define R_CKCORE_DOFFSET_LO16       42	/* (S+A-BTEXT) & 0xffff */
+#define R_CKCORE_PCREL_IMM18BY2     43	/* disp ((S+A-P) >>1) & 0x3ffff */
+#define R_CKCORE_DOFFSET_IMM18      44	/* disp (S+A-BDATA) & 0x3ffff */
+#define R_CKCORE_DOFFSET_IMM18BY2   45	/* disp ((S+A-BDATA)>>1) & 0x3ffff */
+#define R_CKCORE_DOFFSET_IMM18BY4   46	/* disp ((S+A-BDATA)>>2) & 0x3ffff */
+#define R_CKCORE_GOT_IMM18BY4       48	/* disp (G >> 2) */
+#define R_CKCORE_PLT_IMM18BY4       49	/* disp (G >> 2) */
+#define R_CKCORE_PCREL_IMM7BY4      50	/* disp ((S+A-P) >>2) & 0x7f */
+#define R_CKCORE_TLS_LE32           51	/* 32 bit offset to TLS block */
+#define R_CKCORE_TLS_IE32           52
+#define R_CKCORE_TLS_GD32           53
+#define R_CKCORE_TLS_LDM32          54
+#define R_CKCORE_TLS_LDO32          55
+#define R_CKCORE_TLS_DTPMOD32       56
+#define R_CKCORE_TLS_DTPOFF32       57
+#define R_CKCORE_TLS_TPOFF32        58
+
+/* C-SKY elf header definition.  */
+#define EF_CSKY_ABIMASK		    0XF0000000
+#define EF_CSKY_OTHER		    0X0FFF0000
+#define EF_CSKY_PROCESSOR	    0X0000FFFF
+
+#define EF_CSKY_ABIV1		    0X10000000
+#define EF_CSKY_ABIV2		    0X20000000
+
+/* C-SKY attributes section.  */
+#define SHT_CSKY_ATTRIBUTES	    (SHT_LOPROC + 1)
+
 /* IA-64 specific declarations.  */
 
 /* Processor specific flags for the Ehdr e_flags field.  */
@@ -3124,8 +3626,18 @@ enum
 #define R_X86_64_TLSDESC        36	/* TLS descriptor.  */
 #define R_X86_64_IRELATIVE	37	/* Adjust indirectly by program base */
 #define R_X86_64_RELATIVE64	38	/* 64-bit adjust by program base */
+					/* 39 Reserved was R_X86_64_PC32_BND */
+					/* 40 Reserved was R_X86_64_PLT32_BND */
+#define R_X86_64_GOTPCRELX	41	/* Load from 32 bit signed pc relative
+					   offset to GOT entry without REX
+					   prefix, relaxable.  */
+#define R_X86_64_REX_GOTPCRELX	42	/* Load from 32 bit signed pc relative
+					   offset to GOT entry with REX prefix,
+					   relaxable.  */
+#define R_X86_64_NUM		43
 
-#define R_X86_64_NUM		39
+/* x86-64 sh_type values.  */
+#define SHT_X86_64_UNWIND	0x70000001 /* Unwind information.  */
 
 
 /* AM33 relocations.  */
@@ -3536,4 +4048,408 @@ enum
 
 #define R_TILEGX_NUM		130
 
+/* RISC-V ELF Flags */
+#define EF_RISCV_RVC 			0x0001
+#define EF_RISCV_FLOAT_ABI 		0x0006
+#define EF_RISCV_FLOAT_ABI_SOFT 	0x0000
+#define EF_RISCV_FLOAT_ABI_SINGLE 	0x0002
+#define EF_RISCV_FLOAT_ABI_DOUBLE 	0x0004
+#define EF_RISCV_FLOAT_ABI_QUAD 	0x0006
+#define EF_RISCV_RVE			0x0008
+#define EF_RISCV_TSO			0x0010
+
+/* RISC-V relocations.  */
+#define R_RISCV_NONE		 0
+#define R_RISCV_32		 1
+#define R_RISCV_64		 2
+#define R_RISCV_RELATIVE	 3
+#define R_RISCV_COPY		 4
+#define R_RISCV_JUMP_SLOT	 5
+#define R_RISCV_TLS_DTPMOD32	 6
+#define R_RISCV_TLS_DTPMOD64	 7
+#define R_RISCV_TLS_DTPREL32	 8
+#define R_RISCV_TLS_DTPREL64	 9
+#define R_RISCV_TLS_TPREL32	10
+#define R_RISCV_TLS_TPREL64	11
+#define R_RISCV_BRANCH		16
+#define R_RISCV_JAL		17
+#define R_RISCV_CALL		18
+#define R_RISCV_CALL_PLT	19
+#define R_RISCV_GOT_HI20	20
+#define R_RISCV_TLS_GOT_HI20	21
+#define R_RISCV_TLS_GD_HI20	22
+#define R_RISCV_PCREL_HI20	23
+#define R_RISCV_PCREL_LO12_I	24
+#define R_RISCV_PCREL_LO12_S	25
+#define R_RISCV_HI20		26
+#define R_RISCV_LO12_I		27
+#define R_RISCV_LO12_S		28
+#define R_RISCV_TPREL_HI20	29
+#define R_RISCV_TPREL_LO12_I	30
+#define R_RISCV_TPREL_LO12_S	31
+#define R_RISCV_TPREL_ADD	32
+#define R_RISCV_ADD8		33
+#define R_RISCV_ADD16		34
+#define R_RISCV_ADD32		35
+#define R_RISCV_ADD64		36
+#define R_RISCV_SUB8		37
+#define R_RISCV_SUB16		38
+#define R_RISCV_SUB32		39
+#define R_RISCV_SUB64		40
+#define R_RISCV_GNU_VTINHERIT	41
+#define R_RISCV_GNU_VTENTRY	42
+#define R_RISCV_ALIGN		43
+#define R_RISCV_RVC_BRANCH	44
+#define R_RISCV_RVC_JUMP	45
+#define R_RISCV_RVC_LUI		46
+#define R_RISCV_GPREL_I		47
+#define R_RISCV_GPREL_S		48
+#define R_RISCV_TPREL_I		49
+#define R_RISCV_TPREL_S		50
+#define R_RISCV_RELAX		51
+#define R_RISCV_SUB6		52
+#define R_RISCV_SET6		53
+#define R_RISCV_SET8		54
+#define R_RISCV_SET16		55
+#define R_RISCV_SET32		56
+#define R_RISCV_32_PCREL	57
+#define R_RISCV_IRELATIVE	58
+#define R_RISCV_PLT32		59
+#define R_RISCV_SET_ULEB128	60
+#define R_RISCV_SUB_ULEB128	61
+
+#define R_RISCV_NUM		62
+
+/* RISC-V specific values for the st_other field.  */
+#define STO_RISCV_VARIANT_CC	0x80	/* Function uses variant calling
+					   convention */
+
+/* RISC-V specific values for the sh_type field.  */
+#define SHT_RISCV_ATTRIBUTES	(SHT_LOPROC + 3)
+
+/* RISC-V specific values for the p_type field.  */
+#define PT_RISCV_ATTRIBUTES	(PT_LOPROC + 3)
+
+/* RISC-V specific values for the d_tag field.  */
+#define DT_RISCV_VARIANT_CC	(DT_LOPROC + 1)
+
+/* BPF specific declarations.  */
+
+#define R_BPF_NONE		0	/* No reloc */
+#define R_BPF_64_64		1
+#define R_BPF_64_32		10
+
+/* Imagination Meta specific relocations. */
+
+#define R_METAG_HIADDR16	0
+#define R_METAG_LOADDR16	1
+#define R_METAG_ADDR32		2	/* 32bit absolute address */
+#define R_METAG_NONE		3	/* No reloc */
+#define R_METAG_RELBRANCH	4
+#define R_METAG_GETSETOFF	5
+
+/* Backward compatibility */
+#define R_METAG_REG32OP1	6
+#define R_METAG_REG32OP2	7
+#define R_METAG_REG32OP3	8
+#define R_METAG_REG16OP1	9
+#define R_METAG_REG16OP2	10
+#define R_METAG_REG16OP3	11
+#define R_METAG_REG32OP4	12
+
+#define R_METAG_HIOG		13
+#define R_METAG_LOOG		14
+
+#define R_METAG_REL8		15
+#define R_METAG_REL16		16
+
+/* GNU */
+#define R_METAG_GNU_VTINHERIT	30
+#define R_METAG_GNU_VTENTRY	31
+
+/* PIC relocations */
+#define R_METAG_HI16_GOTOFF	32
+#define R_METAG_LO16_GOTOFF	33
+#define R_METAG_GETSET_GOTOFF	34
+#define R_METAG_GETSET_GOT	35
+#define R_METAG_HI16_GOTPC	36
+#define R_METAG_LO16_GOTPC	37
+#define R_METAG_HI16_PLT	38
+#define R_METAG_LO16_PLT	39
+#define R_METAG_RELBRANCH_PLT	40
+#define R_METAG_GOTOFF		41
+#define R_METAG_PLT		42
+#define R_METAG_COPY		43
+#define R_METAG_JMP_SLOT	44
+#define R_METAG_RELATIVE	45
+#define R_METAG_GLOB_DAT	46
+
+/* TLS relocations */
+#define R_METAG_TLS_GD		47
+#define R_METAG_TLS_LDM		48
+#define R_METAG_TLS_LDO_HI16	49
+#define R_METAG_TLS_LDO_LO16	50
+#define R_METAG_TLS_LDO		51
+#define R_METAG_TLS_IE		52
+#define R_METAG_TLS_IENONPIC	53
+#define R_METAG_TLS_IENONPIC_HI16 54
+#define R_METAG_TLS_IENONPIC_LO16 55
+#define R_METAG_TLS_TPOFF	56
+#define R_METAG_TLS_DTPMOD	57
+#define R_METAG_TLS_DTPOFF	58
+#define R_METAG_TLS_LE		59
+#define R_METAG_TLS_LE_HI16	60
+#define R_METAG_TLS_LE_LO16	61
+
+/* NDS32 relocations.  */
+#define R_NDS32_NONE		0
+#define R_NDS32_32_RELA 	20
+#define R_NDS32_COPY		39
+#define R_NDS32_GLOB_DAT	40
+#define R_NDS32_JMP_SLOT	41
+#define R_NDS32_RELATIVE	42
+#define R_NDS32_TLS_TPOFF	102
+#define R_NDS32_TLS_DESC	119
+
+/* LoongArch ELF Flags */
+#define EF_LARCH_ABI_MODIFIER_MASK  0x07
+#define EF_LARCH_ABI_SOFT_FLOAT     0x01
+#define EF_LARCH_ABI_SINGLE_FLOAT   0x02
+#define EF_LARCH_ABI_DOUBLE_FLOAT   0x03
+#define EF_LARCH_OBJABI_V1          0x40
+
+/* LoongArch specific dynamic relocations */
+#define R_LARCH_NONE		0
+#define R_LARCH_32		1
+#define R_LARCH_64		2
+#define R_LARCH_RELATIVE	3
+#define R_LARCH_COPY		4
+#define R_LARCH_JUMP_SLOT	5
+#define R_LARCH_TLS_DTPMOD32	6
+#define R_LARCH_TLS_DTPMOD64	7
+#define R_LARCH_TLS_DTPREL32	8
+#define R_LARCH_TLS_DTPREL64	9
+#define R_LARCH_TLS_TPREL32	10
+#define R_LARCH_TLS_TPREL64	11
+#define R_LARCH_IRELATIVE	12
+
+/* Reserved for future relocs that the dynamic linker must understand.  */
+
+/* used by the static linker for relocating .text.  */
+#define R_LARCH_MARK_LA  20
+#define R_LARCH_MARK_PCREL  21
+#define R_LARCH_SOP_PUSH_PCREL  22
+#define R_LARCH_SOP_PUSH_ABSOLUTE  23
+#define R_LARCH_SOP_PUSH_DUP  24
+#define R_LARCH_SOP_PUSH_GPREL  25
+#define R_LARCH_SOP_PUSH_TLS_TPREL  26
+#define R_LARCH_SOP_PUSH_TLS_GOT  27
+#define R_LARCH_SOP_PUSH_TLS_GD  28
+#define R_LARCH_SOP_PUSH_PLT_PCREL  29
+#define R_LARCH_SOP_ASSERT  30
+#define R_LARCH_SOP_NOT  31
+#define R_LARCH_SOP_SUB  32
+#define R_LARCH_SOP_SL  33
+#define R_LARCH_SOP_SR  34
+#define R_LARCH_SOP_ADD  35
+#define R_LARCH_SOP_AND  36
+#define R_LARCH_SOP_IF_ELSE  37
+#define R_LARCH_SOP_POP_32_S_10_5  38
+#define R_LARCH_SOP_POP_32_U_10_12  39
+#define R_LARCH_SOP_POP_32_S_10_12  40
+#define R_LARCH_SOP_POP_32_S_10_16  41
+#define R_LARCH_SOP_POP_32_S_10_16_S2  42
+#define R_LARCH_SOP_POP_32_S_5_20  43
+#define R_LARCH_SOP_POP_32_S_0_5_10_16_S2  44
+#define R_LARCH_SOP_POP_32_S_0_10_10_16_S2  45
+#define R_LARCH_SOP_POP_32_U  46
+
+/* used by the static linker for relocating non .text.  */
+#define R_LARCH_ADD8  47
+#define R_LARCH_ADD16  48
+#define R_LARCH_ADD24  49
+#define R_LARCH_ADD32  50
+#define R_LARCH_ADD64  51
+#define R_LARCH_SUB8  52
+#define R_LARCH_SUB16  53
+#define R_LARCH_SUB24  54
+#define R_LARCH_SUB32  55
+#define R_LARCH_SUB64  56
+#define R_LARCH_GNU_VTINHERIT  57
+#define R_LARCH_GNU_VTENTRY  58
+
+/* reserved 59-63 */
+
+#define R_LARCH_B16 64
+#define R_LARCH_B21 65
+#define R_LARCH_B26 66
+#define R_LARCH_ABS_HI20 67
+#define R_LARCH_ABS_LO12 68
+#define R_LARCH_ABS64_LO20 69
+#define R_LARCH_ABS64_HI12 70
+#define R_LARCH_PCALA_HI20 71
+#define R_LARCH_PCALA_LO12 72
+#define R_LARCH_PCALA64_LO20 73
+#define R_LARCH_PCALA64_HI12 74
+#define R_LARCH_GOT_PC_HI20 75
+#define R_LARCH_GOT_PC_LO12 76
+#define R_LARCH_GOT64_PC_LO20 77
+#define R_LARCH_GOT64_PC_HI12 78
+#define R_LARCH_GOT_HI20 79
+#define R_LARCH_GOT_LO12 80
+#define R_LARCH_GOT64_LO20 81
+#define R_LARCH_GOT64_HI12 82
+#define R_LARCH_TLS_LE_HI20 83
+#define R_LARCH_TLS_LE_LO12 84
+#define R_LARCH_TLS_LE64_LO20 85
+#define R_LARCH_TLS_LE64_HI12 86
+#define R_LARCH_TLS_IE_PC_HI20 87
+#define R_LARCH_TLS_IE_PC_LO12 88
+#define R_LARCH_TLS_IE64_PC_LO20 89
+#define R_LARCH_TLS_IE64_PC_HI12 90
+#define R_LARCH_TLS_IE_HI20 91
+#define R_LARCH_TLS_IE_LO12 92
+#define R_LARCH_TLS_IE64_LO20 93
+#define R_LARCH_TLS_IE64_HI12 94
+#define R_LARCH_TLS_LD_PC_HI20 95
+#define R_LARCH_TLS_LD_HI20 96
+#define R_LARCH_TLS_GD_PC_HI20 97
+#define R_LARCH_TLS_GD_HI20 98
+#define R_LARCH_32_PCREL 99
+#define R_LARCH_RELAX 100
+#define R_LARCH_DELETE 101
+#define R_LARCH_ALIGN 102
+#define R_LARCH_PCREL20_S2 103
+#define R_LARCH_CFA 104
+#define R_LARCH_ADD6 105
+#define R_LARCH_SUB6 106
+#define R_LARCH_ADD_ULEB128 107
+#define R_LARCH_SUB_ULEB128 108
+#define R_LARCH_64_PCREL 109
+
+/* ARC specific declarations.  */
+
+/* Processor specific flags for the Ehdr e_flags field.  */
+#define EF_ARC_MACH_MSK	    0x000000ff
+#define EF_ARC_OSABI_MSK    0x00000f00
+#define EF_ARC_ALL_MSK	    (EF_ARC_MACH_MSK | EF_ARC_OSABI_MSK)
+
+/* Processor specific values for the Shdr sh_type field.  */
+#define SHT_ARC_ATTRIBUTES	(SHT_LOPROC + 1) /* ARC attributes section.  */
+
+/* ARCompact/ARCv2 specific relocs.  */
+#define R_ARC_NONE		0x0
+#define R_ARC_8			0x1
+#define R_ARC_16		0x2
+#define R_ARC_24		0x3
+#define R_ARC_32		0x4
+
+#define R_ARC_B22_PCREL		0x6
+#define R_ARC_H30		0x7
+#define R_ARC_N8		0x8
+#define R_ARC_N16		0x9
+#define R_ARC_N24		0xA
+#define R_ARC_N32		0xB
+#define R_ARC_SDA		0xC
+#define R_ARC_SECTOFF		0xD
+#define R_ARC_S21H_PCREL	0xE
+#define R_ARC_S21W_PCREL	0xF
+#define R_ARC_S25H_PCREL	0x10
+#define R_ARC_S25W_PCREL	0x11
+#define R_ARC_SDA32		0x12
+#define R_ARC_SDA_LDST		0x13
+#define R_ARC_SDA_LDST1		0x14
+#define R_ARC_SDA_LDST2		0x15
+#define R_ARC_SDA16_LD		0x16
+#define R_ARC_SDA16_LD1		0x17
+#define R_ARC_SDA16_LD2		0x18
+#define R_ARC_S13_PCREL		0x19
+#define R_ARC_W			0x1A
+#define R_ARC_32_ME		0x1B
+#define R_ARC_N32_ME		0x1C
+#define R_ARC_SECTOFF_ME	0x1D
+#define R_ARC_SDA32_ME		0x1E
+#define R_ARC_W_ME		0x1F
+#define R_ARC_H30_ME		0x20
+#define R_ARC_SECTOFF_U8	0x21
+#define R_ARC_SECTOFF_S9	0x22
+#define R_AC_SECTOFF_U8		0x23
+#define R_AC_SECTOFF_U8_1	0x24
+#define R_AC_SECTOFF_U8_2	0x25
+#define R_AC_SECTOFF_S9		0x26
+#define R_AC_SECTOFF_S9_1	0x27
+#define R_AC_SECTOFF_S9_2	0x28
+#define R_ARC_SECTOFF_ME_1	0x29
+#define R_ARC_SECTOFF_ME_2	0x2A
+#define R_ARC_SECTOFF_1		0x2B
+#define R_ARC_SECTOFF_2		0x2C
+#define R_ARC_SDA_12		0x2D
+#define R_ARC_SDA16_ST2		0x30
+#define R_ARC_32_PCREL		0x31
+#define R_ARC_PC32		0x32
+#define R_ARC_GOTPC32		0x33
+#define R_ARC_PLT32		0x34
+#define R_ARC_COPY		0x35
+#define R_ARC_GLOB_DAT		0x36
+#define R_ARC_JMP_SLOT		0x37
+#define R_ARC_RELATIVE		0x38
+#define R_ARC_GOTOFF		0x39
+#define R_ARC_GOTPC		0x3A
+#define R_ARC_GOT32		0x3B
+#define R_ARC_S21W_PCREL_PLT	0x3C
+#define R_ARC_S25H_PCREL_PLT	0x3D
+
+#define R_ARC_JLI_SECTOFF	0x3F
+
+#define R_ARC_TLS_DTPMOD	0x42
+#define R_ARC_TLS_DTPOFF	0x43
+#define R_ARC_TLS_TPOFF		0x44
+#define R_ARC_TLS_GD_GOT	0x45
+#define R_ARC_TLS_GD_LD	        0x46
+#define R_ARC_TLS_GD_CALL	0x47
+#define R_ARC_TLS_IE_GOT	0x48
+#define R_ARC_TLS_DTPOFF_S9	0x49
+#define R_ARC_TLS_LE_S9		0x4A
+#define R_ARC_TLS_LE_32		0x4B
+#define R_ARC_S25W_PCREL_PLT	0x4C
+#define R_ARC_S21H_PCREL_PLT	0x4D
+#define R_ARC_NPS_CMEM16	0x4E
+
+/* OpenRISC 1000 specific relocs.  */
+#define R_OR1K_NONE		0
+#define R_OR1K_32		1
+#define R_OR1K_16		2
+#define R_OR1K_8		3
+#define R_OR1K_LO_16_IN_INSN	4
+#define R_OR1K_HI_16_IN_INSN	5
+#define R_OR1K_INSN_REL_26	6
+#define R_OR1K_GNU_VTENTRY	7
+#define R_OR1K_GNU_VTINHERIT	8
+#define R_OR1K_32_PCREL		9
+#define R_OR1K_16_PCREL		10
+#define R_OR1K_8_PCREL		11
+#define R_OR1K_GOTPC_HI16	12
+#define R_OR1K_GOTPC_LO16	13
+#define R_OR1K_GOT16		14
+#define R_OR1K_PLT26		15
+#define R_OR1K_GOTOFF_HI16	16
+#define R_OR1K_GOTOFF_LO16	17
+#define R_OR1K_COPY		18
+#define R_OR1K_GLOB_DAT		19
+#define R_OR1K_JMP_SLOT		20
+#define R_OR1K_RELATIVE		21
+#define R_OR1K_TLS_GD_HI16	22
+#define R_OR1K_TLS_GD_LO16	23
+#define R_OR1K_TLS_LDM_HI16	24
+#define R_OR1K_TLS_LDM_LO16	25
+#define R_OR1K_TLS_LDO_HI16	26
+#define R_OR1K_TLS_LDO_LO16	27
+#define R_OR1K_TLS_IE_HI16	28
+#define R_OR1K_TLS_IE_LO16	29
+#define R_OR1K_TLS_LE_HI16	30
+#define R_OR1K_TLS_LE_LO16	31
+#define R_OR1K_TLS_TPOFF	32
+#define R_OR1K_TLS_DTPOFF	33
+#define R_OR1K_TLS_DTPMOD	34
+
 #endif	/* elf.h */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-01 15:43 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-01 15:43 UTC (permalink / raw
  To: gentoo-commits

commit:     b3994055a70d2f87e49c8a9053ae0b1745af3f5c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  1 15:42:35 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Jan  1 15:42:35 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b3994055

update copyright headers

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 dumpelf.c     | 4 ++--
 lddtree.py    | 6 +++---
 lddtree.sh    | 4 ++--
 macho.h       | 2 +-
 paxelf.c      | 4 ++--
 paxelf.h      | 4 ++--
 paxinc.c      | 4 ++--
 paxinc.h      | 4 ++--
 paxldso.c     | 4 ++--
 paxldso.h     | 4 ++--
 paxmacho.c    | 4 ++--
 paxmacho.h    | 4 ++--
 porting.h     | 4 ++--
 pylint        | 2 +-
 scanelf.c     | 4 ++--
 scanmacho.c   | 4 ++--
 seccomp-bpf.c | 4 ++--
 security.c    | 4 ++--
 security.h    | 4 ++--
 xfuncs.c      | 4 ++--
 xfuncs.h      | 4 ++--
 21 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 4742a50..de9a563 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 const char argv0[] = "dumpelf";

diff --git a/lddtree.py b/lddtree.py
index b26afcf..89733be 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,8 +1,8 @@
 #!/usr/bin/env python
 # PYTHON_ARGCOMPLETE_OK
-# Copyright 2012-2014 Gentoo Foundation
-# Copyright 2012-2014 Mike Frysinger <vapier@gentoo.org>
-# Copyright 2012-2014 The ChromiumOS Authors
+# Copyright 2012-2024 Gentoo Foundation
+# Copyright 2012-2024 Mike Frysinger <vapier@gentoo.org>
+# Copyright 2012-2024 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license (BSD-3)
 
 """Read the ELF dependency tree and show it

diff --git a/lddtree.sh b/lddtree.sh
index c964ed6..dfa8d06 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2007-2013 Gentoo Foundation
-# Copyright 2007-2013 Mike Frysinger <vapier@gentoo.org>
+# Copyright 2007-2024 Gentoo Foundation
+# Copyright 2007-2024 Mike Frysinger <vapier@gentoo.org>
 # Distributed under the terms of the GNU General Public License v2
 
 argv0=${0##*/}

diff --git a/macho.h b/macho.h
index c4929c8..76f3697 100644
--- a/macho.h
+++ b/macho.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2021 Gentoo Foundation
+ * Copyright 2008-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  */
 

diff --git a/paxelf.c b/paxelf.c
index 331f1b4..fb4160c 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #include "paxinc.h"

diff --git a/paxelf.h b/paxelf.h
index f252969..0c163d5 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -1,9 +1,9 @@
 /*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  *
  * Make sure all of the common elf stuff is setup as we expect
  */

diff --git a/paxinc.c b/paxinc.c
index 64a3069..589d7ae 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 /* stick common symbols here that are needed by paxinc.h */

diff --git a/paxinc.h b/paxinc.h
index 3dd163a..d25cf57 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -1,9 +1,9 @@
 /*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  *
  * Make sure all of the common stuff is setup as we expect
  */

diff --git a/paxldso.c b/paxldso.c
index ce7facd..a9bef1e 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2016 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2004-2016 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2004-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #include "paxinc.h"

diff --git a/paxldso.h b/paxldso.h
index 91c7eed..aba58fa 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2016 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2004-2016 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2004-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #ifndef _PAX_LDSO_H

diff --git a/paxmacho.c b/paxmacho.c
index 74f02da..75f9206 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2021 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  *           2008-2021 Fabian Groffen  - <grobian@gentoo.org>
  */
 

diff --git a/paxmacho.h b/paxmacho.h
index 48ac854..8ea1ece 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -1,9 +1,9 @@
 /*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  *           2008-2012 Fabian Groffen  - <grobian@gentoo.org>
  *
  * Make sure all of the common mach-o stuff is setup as we expect

diff --git a/porting.h b/porting.h
index 4f34302..42c9ba3 100644
--- a/porting.h
+++ b/porting.h
@@ -1,9 +1,9 @@
 /*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2005-2024 Mike Frysinger  - <vapier@gentoo.org>
  *
  * Make sure all of the common elf stuff is setup as we expect
  */

diff --git a/pylint b/pylint
index 463dc03..512511e 100755
--- a/pylint
+++ b/pylint
@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-# Copyright 1999-2020 Gentoo Foundation
+# Copyright 1999-2024 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 """Run pylint with the right settings."""

diff --git a/scanelf.c b/scanelf.c
index 50497b2..d306316 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2004-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 const char argv0[] = "scanelf";

diff --git a/scanmacho.c b/scanmacho.c
index e2aa485..b96cf44 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -1,10 +1,10 @@
 /*
- * Copyright 2008-2021 Gentoo Foundation
+ * Copyright 2008-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * based on scanelf by:
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2004-2024 Mike Frysinger  - <vapier@gentoo.org>
  * for Darwin specific fun:
  *           2008-2021 Fabian Groffen  - <grobian@gentoo.org>
  */

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 1d64172..b56e9e4 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -1,10 +1,10 @@
 /*
  * Generate the bpf rules ahead of time to speed up runtime.
  *
- * Copyright 2015 Gentoo Foundation
+ * Copyright 2015-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
- * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2015-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 const char argv0[] = "seccomp-bpf";

diff --git a/security.c b/security.c
index 7122a7f..171c46c 100644
--- a/security.c
+++ b/security.c
@@ -1,8 +1,8 @@
 /*
- * Copyright 2015 Gentoo Foundation
+ * Copyright 2015-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
- * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2015-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #include "paxinc.h"

diff --git a/security.h b/security.h
index 65e1ad5..d2625e2 100644
--- a/security.h
+++ b/security.h
@@ -1,9 +1,9 @@
 /* Various security related features.
  *
- * Copyright 2015 Gentoo Foundation
+ * Copyright 2015-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
- * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2015-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #ifndef _PAX_SECURITY_H

diff --git a/xfuncs.c b/xfuncs.c
index cd73dfa..694cc21 100644
--- a/xfuncs.c
+++ b/xfuncs.c
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2004-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #include "paxinc.h"

diff --git a/xfuncs.h b/xfuncs.h
index 61577ec..afe35ac 100644
--- a/xfuncs.h
+++ b/xfuncs.h
@@ -1,9 +1,9 @@
 /*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
  *
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
- * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
+ * Copyright 2004-2024 Mike Frysinger  - <vapier@gentoo.org>
  */
 
 #ifndef __XFUNCS_H__


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-02 16:28 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-02 16:28 UTC (permalink / raw
  To: gentoo-commits

commit:     b49fe5088ca8f1fa0191a85e933ec213928449bc
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue Jan  2 16:27:50 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  2 16:27:50 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b49fe508

dumpelf: use explicit 64-bit to display off_t

There's no guarantee that %j (uintmax_t) is large enough to handle off_t.

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 dumpelf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index de9a563..1a469ea 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -40,9 +40,9 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
 		"\n"
 		"/*\n"
 		" * ELF dump of '%s'\n"
-		" *     %ji (0x%jX) bytes\n"
+		" *     %" PRIi64 " (0x%" PRIX64 ") bytes\n"
 		" */\n\n",
-		elf->filename, elf->len, elf->len);
+		elf->filename, (int64_t)elf->len, (uint64_t)elf->len);
 
 	/* setup the struct to namespace this elf */
 #define MAKE_STRUCT(B) \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-02 18:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-02 18:03 UTC (permalink / raw
  To: gentoo-commits

commit:     259a52c16c02d2cbb041ad33ea66a735652c66cf
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue Jan  2 17:56:56 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  2 17:56:56 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=259a52c1

lddtree: disable mypy import errors

We don't have types for these imports, so ignore errors on them.

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 70d755c..8a42627 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -56,12 +56,12 @@ assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.versio
 # Disable import errors for all 3rd party modules.
 # pylint: disable=import-error
 try:
-    import argcomplete
+    import argcomplete  # type: ignore
 except ImportError:
     argcomplete = cast(Any, None)
 
-from elftools.common import exceptions
-from elftools.elf.elffile import ELFFile
+from elftools.common import exceptions  # type: ignore
+from elftools.elf.elffile import ELFFile  # type: ignore
 
 # pylint: enable=import-error
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-02 18:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-02 18:03 UTC (permalink / raw
  To: gentoo-commits

commit:     cf84a6c35151b790ec104892883e85010ca252ac
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue Jan  2 17:46:55 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  2 17:46:55 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cf84a6c3

lddtree: use older Python typing style

Support for list[...] is new to Python 3.9.  We still support Python
3.6 (or at least, 3.8) so we need to use List[...] instead.

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/lddtree.py b/lddtree.py
index 89733be..247e9db 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -49,7 +49,7 @@ import os
 import re
 import shutil
 import sys
-from typing import Any, cast, Iterable, Optional, Union
+from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
 
 assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}"
 
@@ -126,9 +126,9 @@ def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str:
     return normpath((root + path) if prefixed else path)
 
 
-def dedupe(items: list[str]) -> list[str]:
+def dedupe(items: List[str]) -> List[str]:
     """Remove all duplicates from |items| (keeping order)"""
-    seen: dict[str, str] = {}
+    seen: Dict[str, str] = {}
     return [seen.setdefault(x, x) for x in items if x not in seen]
 
 
@@ -229,7 +229,7 @@ def ParseLdPaths(
     root: str = "",
     cwd: Optional[str] = None,
     path: str = "",
-) -> list[str]:
+) -> List[str]:
     """Parse the colon-delimited list of paths and apply ldso rules to each
 
     Note the special handling as dictated by the ldso:
@@ -276,7 +276,7 @@ def ParseLdSoConf(
     root: str = "/",
     debug: bool = False,
     _first: bool = True,
-) -> list[str]:
+) -> List[str]:
     """Load all the paths from a given ldso config file
 
     This should handle comments, whitespace, and "include" statements.
@@ -334,7 +334,7 @@ def LoadLdpaths(
     cwd: Optional[str] = None,
     prefix: str = "",
     debug: bool = False,
-) -> dict[str, list[str]]:
+) -> Dict[str, List[str]]:
     """Load linker paths from common locations
 
     This parses the ld.so.conf and LD_LIBRARY_PATH env var.
@@ -348,7 +348,7 @@ def LoadLdpaths(
     Returns:
       dict containing library paths to search
     """
-    ldpaths: dict[str, list[str]] = {
+    ldpaths: Dict[str, List[str]] = {
         "conf": [],
         "env": [],
         "interp": [],
@@ -401,10 +401,10 @@ def CompatibleELFs(elf1: ELFFile, elf2: ELFFile) -> bool:
 def FindLib(
     elf: ELFFile,
     lib: str,
-    ldpaths: list[str],
+    ldpaths: List[str],
     root: str = "/",
     debug: bool = False,
-) -> tuple[Optional[str], Optional[str]]:
+) -> Tuple[Optional[str], Optional[str]]:
     """Try to locate a |lib| that is compatible to |elf| in the given |ldpaths|
 
     Args:
@@ -451,7 +451,7 @@ def ParseELF(
     debug: bool = False,
     _first: bool = True,
     _all_libs={},
-) -> dict[str, Any]:
+) -> Dict[str, Any]:
     """Parse the ELF dependency tree of the specified file
 
     Args:
@@ -658,7 +658,7 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
 
     shown_libs = set(elf["needed"])
     new_libs = elf["needed"][:]
-    chain_libs: list[str] = []
+    chain_libs: List[str] = []
     interp = elf["interp"]
     if interp:
         lib = os.path.basename(interp)
@@ -916,7 +916,7 @@ def GetParser() -> argparse.ArgumentParser:
     return parser
 
 
-def main(argv: list[str]) -> Optional[int]:
+def main(argv: List[str]) -> Optional[int]:
     """The main entry point!"""
     parser = GetParser()
     options = parser.parse_args(argv)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-02 18:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-02 18:03 UTC (permalink / raw
  To: gentoo-commits

commit:     cb88e6fce4386ba30d378edfb59964fa2a4cc9c3
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue Jan  2 18:00:15 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  2 18:00:15 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cb88e6fc

lddtree: add some more typing info for mypy

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 8a42627..8ccd855 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -491,7 +491,7 @@ def ParseELF(
     if _first:
         _all_libs = {}
         ldpaths = ldpaths.copy()
-    ret = {
+    ret: Dict[str, Any] = {
         "interp": None,
         "path": path if display is None else display,
         "realpath": path,


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-02 18:03 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-02 18:03 UTC (permalink / raw
  To: gentoo-commits

commit:     c899a5a007c28c8b9005d142f8c7b539e097d5b3
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue Jan  2 17:49:06 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  2 17:49:06 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c899a5a0

lddtree: disable pyelftools pylint import errors

Since pyelftools isn't commonly installed, disable the pylint check
by default.

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lddtree.py b/lddtree.py
index 247e9db..70d755c 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -53,6 +53,8 @@ from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
 
 assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}"
 
+# Disable import errors for all 3rd party modules.
+# pylint: disable=import-error
 try:
     import argcomplete
 except ImportError:
@@ -61,6 +63,8 @@ except ImportError:
 from elftools.common import exceptions
 from elftools.elf.elffile import ELFFile
 
+# pylint: enable=import-error
+
 
 def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
     """Write |msg| to stderr with a |prefix| before it"""


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-10  7:58 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-10  7:58 UTC (permalink / raw
  To: gentoo-commits

commit:     81e0200c6068d8c00c2d1f569f8b7b0ea7c1b0d5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 07:38:36 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 07:38:36 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81e0200c

lddtree: raise min version to Python 3.8

We aren't using Python 3.6 anywhere anymore that I care about, so
raise the min version to 3.8.  Tools are dropping support for it
too which makes it difficult to reasonably support.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index 8ccd855..b1fef16 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -51,7 +51,7 @@ import shutil
 import sys
 from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
 
-assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}"
+assert sys.version_info >= (3, 8), f"Python 3.8+ required, but found {sys.version}"
 
 # Disable import errors for all 3rd party modules.
 # pylint: disable=import-error


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-10  8:02 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-10  8:02 UTC (permalink / raw
  To: gentoo-commits

commit:     756eda7dbce4261e2d5cd6e38bab49aa457e99c1
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 07:43:19 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 07:43:19 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=756eda7d

pylintrc: merge into pyproject.toml

The same settings, but we have a single file for all our configs now.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .pylintrc      | 58 ------------------------------------------------
 pylint         |  2 +-
 pyproject.toml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 59 deletions(-)

diff --git a/.pylintrc b/.pylintrc
deleted file mode 100644
index 7bee576..0000000
--- a/.pylintrc
+++ /dev/null
@@ -1,58 +0,0 @@
-[MASTER]
-# List of plugins (as comma separated values of python modules names) to load,
-# usually to register additional checkers.
-load-plugins=
-	pylint.extensions.bad_builtin,
-	pylint.extensions.check_elif,
-	pylint.extensions.docstyle,
-	pylint.extensions.overlapping_exceptions,
-	pylint.extensions.redefined_variable_type,
-
-jobs=0
-
-[MESSAGES CONTROL]
-# Disable the message, report, category or checker with the given id(s). You
-# can either give multiple identifier separated by comma (,) or put this option
-# multiple times (only on the command line, not in the configuration file where
-# it should appear only once).
-disable=
-	too-many-lines,
-	too-many-branches,
-	too-many-statements,
-	too-few-public-methods,
-	too-many-instance-attributes,
-	too-many-public-methods,
-	too-many-locals,
-	too-many-arguments,
-	fixme,
-	invalid-name,
-
-[REPORTS]
-reports=no
-score=no
-
-[FORMAT]
-max-line-length = 100
-indent-string = '    '
-
-[BASIC]
-bad-functions=
-	exit,
-	filter,
-	input,
-	map,
-	quit,
-
-[SIMILARITIES]
-min-similarity-lines=20
-
-[VARIABLES]
-dummy-variables-rgx=_
-
-[DESIGN]
-max-parents=10
-
-[IMPORTS]
-deprecated-modules=
-	mox,
-	optparse,

diff --git a/pylint b/pylint
index 512511e..29e8b5e 100755
--- a/pylint
+++ b/pylint
@@ -37,7 +37,7 @@ def main(argv):
         pythonpath = pympath + ":" + pythonpath
     os.environ["PYTHONPATH"] = pythonpath
 
-    pylintrc = os.path.join(source_root, ".pylintrc")
+    pylintrc = os.path.join(source_root, "pyproject.toml")
     cmd = ["pylint", "--rcfile", pylintrc]
     os.execvp(cmd[0], cmd + argv)
 

diff --git a/pyproject.toml b/pyproject.toml
index ab0fde0..e633a0a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -40,3 +40,72 @@ single_line_exclusions = [
 # https://mypy.readthedocs.io/en/stable/config_file.html
 [tool.mypy]
 python_version = "3.8"
+
+
+# https://pylint.pycqa.org/en/latest/user_guide/usage/run.html
+[tool.pylint."MASTER"]
+py-version = "3.8"
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins = [
+	"pylint.extensions.bad_builtin",
+	"pylint.extensions.check_elif",
+	"pylint.extensions.docstyle",
+	"pylint.extensions.overlapping_exceptions",
+	"pylint.extensions.redefined_variable_type",
+]
+
+# Run everything in parallel.
+jobs = 0
+
+# https://pylint.pycqa.org/en/latest/user_guide/messages/index.html
+[tool.pylint."MESSAGES CONTROL"]
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifier separated by comma (,) or put this option
+# multiple times (only on the command line, not in the configuration file where
+# it should appear only once).
+disable = [
+	"too-many-lines",
+	"too-many-branches",
+	"too-many-statements",
+	"too-few-public-methods",
+	"too-many-instance-attributes",
+	"too-many-public-methods",
+	"too-many-locals",
+	"too-many-arguments",
+	"fixme",
+	"invalid-name",
+]
+
+[tool.pylint."REPORTS"]
+reports = false
+score = false
+
+[tool.pylint."FORMAT"]
+max-line-length = 100
+indent-string = "    "
+
+[tool.pylint."BASIC"]
+bad-functions = [
+	"exit",
+	"filter",
+	"input",
+	"map",
+	"quit",
+]
+
+[tool.pylint."SIMILARITIES"]
+min-similarity-lines = 20
+
+[tool.pylint."VARIABLES"]
+dummy-variables-rgx = "_"
+
+[tool.pylint."DESIGN"]
+max-parents = 10
+
+[tool.pylint."IMPORTS"]
+deprecated-modules = [
+	"mox",
+	"optparse",
+]


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-10  8:02 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-10  8:02 UTC (permalink / raw
  To: gentoo-commits

commit:     a172acf0b81a9a1027f1b28cfae5b2ba4f5a32c6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 07:42:23 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 07:42:23 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a172acf0

pyproject.toml: add black & isort & mypy settings

This should help stabilize the tool behavior for different developers.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 lddtree.py     |  4 +++-
 pyproject.toml | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/lddtree.py b/lddtree.py
index b1fef16..3a41886 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -49,7 +49,8 @@ import os
 import re
 import shutil
 import sys
-from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
+from typing import Any, cast, Dict, Iterable, List, Optional, Tuple, Union
+
 
 assert sys.version_info >= (3, 8), f"Python 3.8+ required, but found {sys.version}"
 
@@ -63,6 +64,7 @@ except ImportError:
 from elftools.common import exceptions  # type: ignore
 from elftools.elf.elffile import ELFFile  # type: ignore
 
+
 # pylint: enable=import-error
 
 

diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..ab0fde0
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,42 @@
+# Copyright 2024 Gentoo Foundation
+# Copyright 2024 Mike Frysinger <vapier@gentoo.org>
+# Copyright 2024 The ChromiumOS Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# https://packaging.python.org/en/latest/guides/writing-pyproject-toml/
+
+
+# https://black.readthedocs.io/en/stable/usage_and_configuration/the_basics.html
+[tool.black]
+line-length = 88
+target-version = ["py38"]
+
+
+# https://pycqa.github.io/isort/docs/configuration/options
+[tool.isort]
+py_version = "38"
+
+# Be compatible with `black` since it also matches what we want.
+profile = "black"
+
+line_length = 88
+length_sort = false
+force_single_line = true
+lines_after_imports = 2
+from_first = false
+case_sensitive = false
+force_sort_within_sections = true
+order_by_type = false
+
+# Allow importing multiple classes on a single line from these modules.
+# https://google.github.io/styleguide/pyguide#s2.2-imports
+single_line_exclusions = [
+	"abc",
+	"collections.abc",
+	"typing",
+]
+
+
+# https://mypy.readthedocs.io/en/stable/config_file.html
+[tool.mypy]
+python_version = "3.8"


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-10  8:05 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-10  8:05 UTC (permalink / raw
  To: gentoo-commits

commit:     153e0f60ee6b04492b9b6d3cfc69809b0f29d65c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 08:05:13 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 08:05:13 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=153e0f60

requirements: pin(ish) Python deps that we use to check things

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 requirements-dev.txt | 12 ++++++++++++
 requirements.txt     |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/requirements-dev.txt b/requirements-dev.txt
new file mode 100644
index 0000000..9f4869c
--- /dev/null
+++ b/requirements-dev.txt
@@ -0,0 +1,12 @@
+# Copyright 2024 Gentoo Foundation
+# Copyright 2024 Mike Frysinger <vapier@gentoo.org>
+# Copyright 2024 The ChromiumOS Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Deps needed to run tests/linters/etc...
+# https://pip.pypa.io/en/stable/reference/requirements-file-format/
+
+black==23.*
+isort==5.*
+mypy==1.*
+pylint==3.0.*

diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..540976b
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,9 @@
+# Copyright 2024 Gentoo Foundation
+# Copyright 2024 Mike Frysinger <vapier@gentoo.org>
+# Copyright 2024 The ChromiumOS Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Deps needed to run Python scripts after installed.
+# https://pip.pypa.io/en/stable/reference/requirements-file-format/
+
+pyelftools


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-16  5:13 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-16  5:13 UTC (permalink / raw
  To: gentoo-commits

commit:     a285f1f17dccd79968a63e5acc35b5230c236389
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 16 04:56:53 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 16 04:56:53 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a285f1f1

drop old __BOUNDS_CHECKING_ON support

The out-of-tree patches for -fbounds-checking in GCC were great, but
they haven't been updated since the gcc-4.0 days, and the sanitizer
options have made it obsolete, so it's unlikely we'll ever use this
code again.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 porting.h |  7 -------
 pspax.c   | 10 ----------
 2 files changed, 17 deletions(-)

diff --git a/porting.h b/porting.h
index 42c9ba3..3a544fa 100644
--- a/porting.h
+++ b/porting.h
@@ -77,13 +77,6 @@
 #endif
 
 #undef PAX_UTILS_CLEANUP
-/* bounds checking code will fart on free(NULL) even though that
- * is valid usage.  So let's wrap it if need be.
- */
-#ifdef __BOUNDS_CHECKING_ON
-# define free(ptr) do { if (ptr) free(ptr); } while (0)
-# define PAX_UTILS_CLEANUP 1
-#endif
 /* LSAN (Leak Sanitizer) will complain about things we leak. */
 #ifdef __SANITIZE_ADDRESS__
 # define PAX_UTILS_CLEANUP 1

diff --git a/pspax.c b/pspax.c
index 6094882..e79469d 100644
--- a/pspax.c
+++ b/pspax.c
@@ -189,15 +189,6 @@ static int print_executable_mappings(int pfd)
 	return 0;
 }
 
-#ifdef __BOUNDS_CHECKING_ON
-# define NOTE_TO_SELF warn( \
-	"This is bullshit but getpwuid() is leaking memory and I wasted a few hrs 1 day tracking it down in pspax\n" \
-	"Later on I forgot I tracked it down before and saw pspax leaking memory so I tracked it down all over again (silly me)\n" \
-	"Hopefully the getpwuid()/nis/nss/pam or whatever wont suck later on in the future.")
-#else
-# define NOTE_TO_SELF
-#endif
-
 static const struct passwd *get_proc_passwd(int pfd)
 {
 	struct stat st;
@@ -577,6 +568,5 @@ int main(int argc, char *argv[])
 
 	pspax(name);
 
-	NOTE_TO_SELF;
 	return EXIT_SUCCESS;
 }


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-16  5:13 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-16  5:13 UTC (permalink / raw
  To: gentoo-commits

commit:     857eaddab407db1577076a09206386bc62bfa4eb
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 16 04:59:57 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan 16 04:59:57 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=857eadda

fix various typos found w/codespell

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 README.md      |  2 +-
 dumpelf.c      |  4 ++--
 lddtree.sh     |  8 ++++----
 macho.h        |  4 ++--
 paxelf.c       |  2 +-
 paxldso.c      |  2 +-
 porting.h      |  2 +-
 pspax.c        |  2 +-
 pyproject.toml | 10 ++++++++++
 scanelf.c      |  6 +++---
 scanmacho.c    |  2 +-
 11 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index 99bbc3f..ec4bfe6 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ PaX helpers for people interested in that.
 pax-utils uses a bog-standard meson-based build system. See `meson_options.txt`
 for configuration options.
 
-You don't need PaX to use the pax-utils. Infact the only thing they
+You don't need PaX to use the pax-utils. In fact the only thing they
 really have in common is that pax-utils was initially written to aid in
 deploying PaX systems so it includes support for PT_PAX_FLAGS and the
 deprecated but still in use EI_PAX flags. For more information about PaX

diff --git a/dumpelf.c b/dumpelf.c
index 1a469ea..c8f27e4 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -114,7 +114,7 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
  break_out_shdr:
 	printf("},\n");
 
-	/* finish the namespace struct and start the abitrary ones */
+	/* finish the namespace struct and start the arbitrary ones */
 	printf("\n.dyns = dumpedelf_dyn_%zu,\n", file_cnt);
 	printf("};\n");
 
@@ -538,7 +538,7 @@ static void usage(int status)
 	exit(status);
 }
 
-/* parse command line arguments and preform needed actions */
+/* parse command line arguments and perform needed actions */
 static void parseargs(int argc, char *argv[])
 {
 	int flag;

diff --git a/lddtree.sh b/lddtree.sh
index dfa8d06..e0185f4 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -96,8 +96,8 @@ find_elf() {
 				read_ldso_conf() {
 					local line p
 					for p ; do
-						# if the glob didnt match anything #360041,
-						# or the files arent readable, skip it
+						# If the glob didn't match anything #360041,
+						# or the files aren't readable, skip it.
 						[[ -r ${p} ]] || continue
 						while read line ; do
 							case ${line} in
@@ -179,12 +179,12 @@ show_elf() {
 		# No need for leading comma w/my_allhits as we guarantee it always
 		# starts with one due to the way we append the value above.
 		[[ ${my_allhits}, == *,${lib},* ]] && continue
-		# If the interp is being linked against directly, re-use the existing
+		# If the interp is being linked against directly, reuse the existing
 		# full path rather than perform a search for it.  When systems symlink
 		# the interp to a diff location, we might locate a different path, and
 		# displaying both doesn't make sense as it doesn't match the runtime --
 		# the ldso won't load another copy of ldso into memory from the search
-		# path, it'll re-use the existing copy that was loaded from the full
+		# path, it'll reuse the existing copy that was loaded from the full
 		# hardcoded path.
 		if [[ ${lib} == "${interp}" ]] ; then
 			rlib=${full_interp}

diff --git a/macho.h b/macho.h
index 76f3697..4a99e8f 100644
--- a/macho.h
+++ b/macho.h
@@ -73,7 +73,7 @@ struct mach_header
 							   incremental link against a base file and
 							   cannot be link edited again */
 #define MH_DYLDLINK 0x4     /* the object file is input for the dynamic
-							   linker and cannot be staticly link edited
+							   linker and cannot be statically link edited
 							   again */
 #define MH_TWOLEVEL 0x80    /* the image is using two-level namespace
 							   bindings */
@@ -107,7 +107,7 @@ struct mach_header
 											they are not used by other
 											code */
 #define MH_NOMULTIDEFS 0x200 /* this umbrella guarantees there are no
-								multiple defintions of symbols in its
+								multiple definitions of symbols in its
 								subimages, as a result the two-level
 								namespace hints can always be used */
 

diff --git a/paxelf.c b/paxelf.c
index fb4160c..9a34ea4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -584,7 +584,7 @@ free_elf_and_return:
 
 	/* check class and stuff */
 	if (!DO_WE_LIKE_ELF(elf->data)) {
-		warn("we no likey %s: {%s,%s,%s,%s}",
+		warn("unknown ELF settings: %s: {%s,%s,%s,%s}",
 		     filename,
 		     get_elfeitype(EI_CLASS, elf->data[EI_CLASS]),
 		     get_elfeitype(EI_DATA, elf->data[EI_DATA]),

diff --git a/paxldso.c b/paxldso.c
index a9bef1e..5363134 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -357,7 +357,7 @@ int ldso_config_load(const char *fname)
 			size_t x;
 			const char *gpath;
 
-			/* re-use existing path buffer ... need to be creative */
+			/* Reuse existing path buffer ... need to be creative. */
 			if (path[8] != '/')
 				gpath = memcpy(path + 3, "/etc/", 5);
 			else

diff --git a/porting.h b/porting.h
index 3a544fa..61018fb 100644
--- a/porting.h
+++ b/porting.h
@@ -191,7 +191,7 @@
 #endif
 
 /*
- * propably will never be official added to the toolchain.
+ * Probably will never be officially added to the toolchain.
  * But none the less we should try to get 0x65041580 reserved
  */
 #ifndef PT_PAX_FLAGS

diff --git a/pspax.c b/pspax.c
index e79469d..1e3562d 100644
--- a/pspax.c
+++ b/pspax.c
@@ -491,7 +491,7 @@ static void usage(int status)
 	exit(status);
 }
 
-/* parse command line arguments and preform needed actions */
+/* parse command line arguments and perform needed actions */
 static void parseargs(int argc, char *argv[])
 {
 	int flag;

diff --git a/pyproject.toml b/pyproject.toml
index e633a0a..d3ae4e0 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,6 +12,16 @@ line-length = 88
 target-version = ["py38"]
 
 
+# https://github.com/codespell-project/codespell?tab=readme-ov-file#using-a-config-file
+[tool.codespell]
+# eles: We use variable name as short for "elements".
+# Ned: Author's name.
+ignore-words-list = "eles,ned"
+
+# Imported from glibc.
+skip = "elf.h"
+
+
 # https://pycqa.github.io/isort/docs/configuration/options
 [tool.isort]
 py_version = "38"

diff --git a/scanelf.c b/scanelf.c
index d306316..1a6043e 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -761,7 +761,7 @@ static const char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char
 	if (symtab_void && elf->phdr)
 		SCANELF_ELF_SIZED(SHOW_TEXTRELS);
 	if (!*found_textrels)
-		warnf("ELF %s has TEXTREL markings but doesnt appear to have any real TEXTREL's !?", elf->filename);
+		warnf("ELF %s has TEXTREL markings but doesn't appear to have any real TEXTREL's !?", elf->filename);
 
 	return NULL;
 }
@@ -1154,7 +1154,7 @@ static const char *scanelf_file_soname(elfobj *elf, char *found_soname)
  *        STV group: STV_DEFAULT:p STV_INTERNAL:i STV_HIDDEN:h STV_PROTECTED:P
  *        SHN group: SHN_UNDEF:u SHN_ABS:a SHN_COMMON:c {defined}:d
  *    The "defined" value in the SHN group does not correspond to a SHN_xxx define.
- * You can search for multiple symbols at once by seperating with a comma (",").
+ * You can search for multiple symbols at once by separating with a comma (",").
  *
  * Some examples:
  *    ELFs with a weak function "foo":
@@ -1963,7 +1963,7 @@ static void usage(int status)
 	exit(status);
 }
 
-/* parse command line arguments and preform needed actions */
+/* parse command line arguments and perform needed actions */
 #define do_pax_state(option, flag) \
 	if (islower(option)) { \
 		flags &= ~PF_##flag; \

diff --git a/scanmacho.c b/scanmacho.c
index b96cf44..f0351ff 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -658,7 +658,7 @@ static void usage(int status)
 	exit(status);
 }
 
-/* parse command line arguments and preform needed actions */
+/* parse command line arguments and perform needed actions */
 static int parseargs(int argc, char *argv[])
 {
 	int i;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-24 15:44 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-24 15:44 UTC (permalink / raw
  To: gentoo-commits

commit:     063a90661c0423172e23405c2548e649a1631796
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Wed Jan 24 15:35:52 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 24 15:35:52 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=063a9066

build: use standard HAVE_xxx define style

Use the more standard HAVE_xxx convention, and only define when
available.  This avoids further confusion with code that is using
"#ifdef" already.

Signed-off-by: Mike Frysinger <vapier <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 meson.build |  4 +---
 porting.h   | 20 ++++++++++----------
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/meson.build b/meson.build
index c91bb64..e891d98 100644
--- a/meson.build
+++ b/meson.build
@@ -48,11 +48,9 @@ foreach x : [
   'elf-hints.h',
   'glob.h',
 ]
-  x_exists = 0
   if cc.has_header(x)
-    x_exists = 1
+    probe_results.set('HAVE_' + x.to_upper().underscorify(), 1)
   endif
-  probe_results.set('HAS_' + x.to_upper().underscorify(), x_exists)
 endforeach
 
 configure_file(

diff --git a/porting.h b/porting.h
index 1ace55e..68e2b6c 100644
--- a/porting.h
+++ b/porting.h
@@ -40,36 +40,36 @@
 #include <time.h>
 #include <unistd.h>
 #include "elf.h"
-#if HAS_ALLOCA_H
+#ifdef HAVE_ALLOCA_H
 # include <alloca.h>
 #endif
-#if HAS_SYS_PRCTL_H
+#ifdef HAVE_SYS_PRCTL_H
 # include <sys/prctl.h>
-# if HAS_LINUX_SECCOMP_H
+# ifdef HAVE_LINUX_SECCOMP_H
 #  include <linux/seccomp.h>
 # endif
-# if HAS_LINUX_SECUREBITS_H
+# ifdef HAVE_LINUX_SECUREBITS_H
 #  include <linux/securebits.h>
 # endif
 #endif
-#if HAS_ENDIAN_H && HAS_BYTESWAP_H
+#if defined(HAVE_ENDIAN_H) && defined(HAVE_BYTESWAP_H)
 # include <byteswap.h>
 # include <endian.h>
-#elif HAS_SYS_ENDIAN_H
+#elif defined(HAVE_SYS_ENDIAN_H)
 # include <sys/endian.h>
-#elif HAS_ISA_DEFS_H
+#elif defined(HAVE_ISA_DEFS_H)
 # include <sys/isa_defs.h>
-#elif HAS_MACHINE_ENDIAN_H
+#elif defined(HAVE_MACHINE_ENDIAN_H)
 # include <machine/endian.h>
 #endif
 
-#ifdef HAS_GLOB_H
+#ifdef HAVE_GLOB_H
 # include <glob.h>
 #endif
 
 #if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
 # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG "/etc/ld.so.conf"
-#elif HAS_ELF_HINTS_H
+#elif defined(HAVE_ELF_HINTS_H)
 # include <elf-hints.h>
 # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG _PATH_ELF_HINTS
 #else


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-24 22:15 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-24 22:15 UTC (permalink / raw
  To: gentoo-commits

commit:     1cf21243deebbfe3a5655f0ac18cd25e9ba53c48
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 24 22:06:41 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 24 22:06:41 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1cf21243

pspax: rework & document get_proc_name

The current scanf format tries to use "%s.16" to limit reading to 16
bytes, but that doesn't actually work -- the maximum field width is
between the "%" and the "s", so it should have been "%16s".  This ends
up working anyways because the %s consumes the entire string before it
stops, and then scanf stops processing after it can't match ".16".  If
the size of the field were BUFSIZE or larger, then it'd overflow.  In
practice, BUFSIZ tends to be "large" (i.e. O(KiB)), and the kernel will
truncate this field to 16 bytes for userspace programs.  Kernel threads
can have longer names, but not that big.  At least, on Linux.

Fix the scanf string to properly limit to 15 bytes, and change the local
buffer to be exactly 16 bytes rather than the unrelated BUFSIZ (which is
a stdio.h buffer size, and nothing related to kernel processes).  Then
add some more comments to explain what the code is actually doing, and
simplify the final NUL logic to avoid redundant work.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pspax.c | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/pspax.c b/pspax.c
index 1e3562d..97d51c6 100644
--- a/pspax.c
+++ b/pspax.c
@@ -96,7 +96,13 @@ static const char *get_proc_name_cmdline(int pfd)
 static const char *get_proc_name(int pfd)
 {
 	FILE *fp;
-	static char str[BUFSIZ];
+	/*
+	 * The stat file says process names are truncated to TASK_COMM_LEN (16) bytes.
+	 * That includes the trailing NUL (\0) byte.  This is true for userspace, but
+	 * kernel processes seem to be unlimited.  We don't care about those in this
+	 * program though, so truncating them all the time is fine.
+	 */
+	static char str[16];
 
 	if (wide_output)
 		return get_proc_name_cmdline(pfd);
@@ -105,18 +111,30 @@ static const char *get_proc_name(int pfd)
 	if (fp == NULL)
 		return NULL;
 
-	if (fscanf(fp, "%*d %s.16", str) != 1) {
+	/*
+	 * The format is:
+	 *   <pid> (<name>) ...more fields...
+	 * For example:
+	 *   1234 (bash) R ...
+	 *
+	 * Match the leading (, then read 15 bytes (since scanf writes, but doesn't count,
+	 * NUL bytes, so it will write up to 16 bytes to str).  Ignore the rest rather than
+	 * look for closing ) since kernel processes can be longer.
+	 */
+	if (fscanf(fp, "%*d (%15s", str) != 1) {
 		fclose(fp);
 		return NULL;
 	}
 
 	if (*str) {
-		str[strlen(str) - 1] = '\0';
-		str[16] = 0;
+		/* Discard trailing ) if it exists. */
+		size_t len = strlen(str);
+		if (str[len - 1] == ')')
+			str[len - 1] = '\0';
 	}
 	fclose(fp);
 
-	return (str+1);
+	return str;
 }
 
 static int get_proc_maps(int pfd)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-24 22:53 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-24 22:53 UTC (permalink / raw
  To: gentoo-commits

commit:     a8a823e6acf88625fd482e15b2ba69c5f165fe46
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 24 22:51:40 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Jan 24 22:51:40 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a8a823e6

pspax: replace proc_fopen with fopenat_r

Switch to the common helper we have in paxinc already that does
exactly the same thing as this proc_fopen.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pspax.c | 37 ++++++++-----------------------------
 1 file changed, 8 insertions(+), 29 deletions(-)

diff --git a/pspax.c b/pspax.c
index 97d51c6..81392b1 100644
--- a/pspax.c
+++ b/pspax.c
@@ -40,33 +40,12 @@ static pid_t show_pid = 0;
 static uid_t show_uid = (uid_t)-1;
 static gid_t show_gid = (gid_t)-1;
 
-static int proc_open(int pfd, const char *file)
-{
-	return openat(pfd, file, O_RDONLY|O_CLOEXEC);
-}
-
-static FILE *proc_fopen(int pfd, const char *file)
-{
-	int fd;
-	FILE *fp;
-
-	fd = proc_open(pfd, file);
-	if (fd == -1)
-		return NULL;
-
-	fp = fdopen(fd, "re");
-	if (fp == NULL)
-		close(fd);
-
-	return fp;
-}
-
 static elfobj *proc_readelf(int pfd)
 {
 	int fd;
 	elfobj *elf;
 
-	fd = proc_open(pfd, "exe");
+	fd = openat(pfd, "exe", O_RDONLY|O_CLOEXEC);
 	if (fd == -1)
 		return NULL;
 
@@ -80,7 +59,7 @@ static const char *get_proc_name_cmdline(int pfd)
 	FILE *fp;
 	static char str[1024];
 
-	fp = proc_fopen(pfd, "cmdline");
+	fp = fopenat_r(pfd, "cmdline");
 	if (fp == NULL)
 		return NULL;
 
@@ -107,7 +86,7 @@ static const char *get_proc_name(int pfd)
 	if (wide_output)
 		return get_proc_name_cmdline(pfd);
 
-	fp = proc_fopen(pfd, "stat");
+	fp = fopenat_r(pfd, "stat");
 	if (fp == NULL)
 		return NULL;
 
@@ -142,7 +121,7 @@ static int get_proc_maps(int pfd)
 	FILE *fp;
 	static char str[BUFSIZ];
 
-	if ((fp = proc_fopen(pfd, "maps")) == NULL)
+	if ((fp = fopenat_r(pfd, "maps")) == NULL)
 		return -1;
 
 	while (fgets(str, sizeof(str), fp)) {
@@ -178,7 +157,7 @@ static int print_executable_mappings(int pfd)
 	FILE *fp;
 	static char str[BUFSIZ];
 
-	if ((fp = proc_fopen(pfd, "maps")) == NULL)
+	if ((fp = fopenat_r(pfd, "maps")) == NULL)
 		return -1;
 
 	while (fgets(str, sizeof(str), fp)) {
@@ -224,7 +203,7 @@ static const char *get_proc_status(int pfd, const char *name)
 	size_t len;
 	static char str[BUFSIZ];
 
-	if ((fp = proc_fopen(pfd, "status")) == NULL)
+	if ((fp = fopenat_r(pfd, "status")) == NULL)
 		return NULL;
 
 	len = strlen(name);
@@ -248,7 +227,7 @@ static const char *get_pid_attr(int pfd)
 	char *p;
 	static char buf[BUFSIZ];
 
-	if ((fp = proc_fopen(pfd, "attr/current")) == NULL)
+	if ((fp = fopenat_r(pfd, "attr/current")) == NULL)
 		return NULL;
 
 	if (fgets(buf, sizeof(buf), fp) != NULL)
@@ -265,7 +244,7 @@ static const char *get_pid_addr(int pfd)
 	char *p;
 	static char buf[BUFSIZ];
 
-	if ((fp = proc_fopen(pfd, "ipaddr")) == NULL)
+	if ((fp = fopenat_r(pfd, "ipaddr")) == NULL)
 		return NULL;
 
 	if (fgets(buf, sizeof(buf), fp) != NULL)


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  2:14 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  2:14 UTC (permalink / raw
  To: gentoo-commits

commit:     b5d34e577acb271cdc616b47b77569cb5577b9ef
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 01:55:49 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 01:55:49 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b5d34e57

pspax: fix buffer limiting in cmdline reading

The current scanf format tries to use "%s.1023" to limit reading to 1023
bytes, but that doesn't actually work -- the maximum field width is between
the "%" and the "s", so it should have been "%1023s".  This ends up working
anyways because the %s stops reading when it hits NUL or a space.  Normally
cmdline is NUL delimited which means argv[0] would have to be 1024+ bytes
inorder to overflow this.  Or the process rewrote its cmdline settings such
that argv[0] was that long.  Certainly possible, but extremely unlikely.

Fix the scanf string to properly limit to 1023 bytes (+1 for the NUL).

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pspax.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pspax.c b/pspax.c
index 81392b1..f1644a3 100644
--- a/pspax.c
+++ b/pspax.c
@@ -63,7 +63,7 @@ static const char *get_proc_name_cmdline(int pfd)
 	if (fp == NULL)
 		return NULL;
 
-	if (fscanf(fp, "%s.1023", str) != 1) {
+	if (fscanf(fp, "%1023s", str) != 1) {
 		fclose(fp);
 		return NULL;
 	}


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  2:53 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  2:53 UTC (permalink / raw
  To: gentoo-commits

commit:     5243cb017a7847f53caaa7c89b8e7f3abf1e5e40
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 02:52:41 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 02:52:41 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5243cb01

unify usage() output across all the tools

The scanelf --help output is the best & most flexible, so move that
to common code so the rest of the tools can benefit from it.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 dumpelf.c   | 20 +++++++-------------
 paxinc.c    | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 paxinc.h    | 11 +++++++++++
 pspax.c     | 21 +++++++--------------
 scanelf.c   | 45 +++++++--------------------------------------
 scanmacho.c | 24 ++++++++----------------
 6 files changed, 90 insertions(+), 81 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index c8f27e4..5b18326 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -507,7 +507,6 @@ static void dump_dyn(const elfobj *elf, const void *dyn_void, size_t dyn_cnt)
 
 /* usage / invocation handling functions */
 #define PARSE_FLAGS "vhV"
-#define a_argument required_argument
 static struct option const long_opts[] = {
 	{"verbose",   no_argument, NULL, 'v'},
 	{"help",      no_argument, NULL, 'h'},
@@ -524,18 +523,13 @@ static const char * const opts_help[] = {
 /* display usage and exit */
 static void usage(int status)
 {
-	size_t i;
-	printf("* Dump internal ELF structure\n\n"
-	       "Usage: %s <file1> [file2 fileN ...]\n\n", argv0);
-	printf("Options:\n");
-	for (i = 0; long_opts[i].name; ++i)
-		if (long_opts[i].has_arg == no_argument)
-			printf("  -%c, --%-13s* %s\n", long_opts[i].val,
-			       long_opts[i].name, opts_help[i]);
-		else
-			printf("  -%c, --%-6s <arg> * %s\n", long_opts[i].val,
-			       long_opts[i].name, opts_help[i]);
-	exit(status);
+	pax_usage(
+		"Dump internal ELF structure",
+		"<file1> [file2 fileN ...]",
+		PARSE_FLAGS,
+		long_opts,
+		opts_help,
+		status);
 }
 
 /* parse command line arguments and perform needed actions */

diff --git a/paxinc.c b/paxinc.c
index 589d7ae..ff4ab85 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -198,3 +198,53 @@ const char *root_rel_path(const char *path)
 
 	return path;
 }
+
+void pax_usage(
+	const char *header,
+	const char *args,
+	const char *parse_flags,
+	const struct option long_opts[],
+	const char * const opts_help[],
+	int status)
+{
+	const char a_arg[] = "<arg>";
+	size_t a_arg_len = strlen(a_arg) + 2;
+	size_t i;
+	int optlen;
+
+	printf("* %s\n\n"
+	       "Usage: %s [options] %s\n\n", header, argv0, args);
+	printf("Options: -[%s]\n", parse_flags);
+
+	/* Prescan the --long opt length to auto-align. */
+	optlen = 0;
+	for (i = 0; long_opts[i].name; ++i) {
+		int l = strlen(long_opts[i].name);
+		if (long_opts[i].has_arg == a_argument)
+			l += a_arg_len;
+		optlen = max(l, optlen);
+	}
+	/* Use some reasonable min width. */
+	optlen = max(20, optlen);
+
+	for (i = 0; long_opts[i].name; ++i) {
+		/* First output the short flag if it has one. */
+		if (long_opts[i].val > '~')
+			printf("      ");
+		else
+			printf("  -%c, ", long_opts[i].val);
+
+		/* Then the long flag. */
+		if (long_opts[i].has_arg == no_argument)
+			printf("--%-*s", optlen, long_opts[i].name);
+		else
+			printf("--%s %s %*s", long_opts[i].name, a_arg,
+				(int)(optlen - strlen(long_opts[i].name) - a_arg_len), "");
+
+		/* Finally the help text. */
+		printf("* %s\n", opts_help[i]);
+	}
+
+	printf("\nFor more information, see the %s(1) manpage.\n", argv0);
+	exit(status);
+}

diff --git a/paxinc.h b/paxinc.h
index d25cf57..c8fcf71 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -124,6 +124,17 @@ void color_init(bool disable);
 /* constant pointer to a constant buffer ... each program needs to set this */
 extern const char argv0[];
 
+/* Display usage and exit. */
+extern void pax_usage(
+	const char *header,
+	const char *args,
+	const char *parse_flags,
+	const struct option long_opts[],
+	const char * const opts_help[],
+	int status);
+
+#define a_argument required_argument
+
 /* we need the space before the last comma or we trigger a bug in gcc-2 :( */
 #define warn(fmt, args...) \
 	fprintf(stderr, "%s%s%s: " fmt "\n", RED, argv0, NORM , ## args)

diff --git a/pspax.c b/pspax.c
index 1cfd72f..4cd09b6 100644
--- a/pspax.c
+++ b/pspax.c
@@ -448,7 +448,6 @@ static void pspax(const char *find_name)
 
 /* usage / invocation handling functions */
 #define PARSE_FLAGS "aeip:u:g:nwWvCBhV"
-#define a_argument required_argument
 static struct option const long_opts[] = {
 	{"all",       no_argument, NULL, 'a'},
 	{"header",    no_argument, NULL, 'e'},
@@ -488,19 +487,13 @@ static const char * const opts_help[] = {
 /* display usage and exit */
 static void usage(int status)
 {
-	int i;
-	printf("* List ELF/PaX information about running processes\n\n"
-	       "Usage: %s [options]\n\n", argv0);
-	fputs("Options:\n", stdout);
-	for (i = 0; long_opts[i].name; ++i)
-		printf("  -%c, --%-12s* %s\n", long_opts[i].val,
-		       long_opts[i].name, opts_help[i]);
-#ifdef MANLYPAGE
-	for (i = 0; long_opts[i].name; ++i)
-		printf(".TP\n\\fB\\-%c, \\-\\-%s\\fR\n%s\n", long_opts[i].val,
-		       long_opts[i].name, opts_help[i]);
-#endif
-	exit(status);
+	pax_usage(
+		"List ELF/PaX information about running processes",
+		"",
+		PARSE_FLAGS,
+		long_opts,
+		opts_help,
+		status);
 }
 
 /* parse command line arguments and perform needed actions */

diff --git a/scanelf.c b/scanelf.c
index 1a6043e..140208b 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -1828,7 +1828,6 @@ static void scanelf_envpath(void)
 
 /* usage / invocation handling functions */ /* Free Flags: c d j u w G H J K P Q U W */
 #define PARSE_FLAGS "plRmyAXz:xetrnLibSs:k:gN:TaqvF:f:o:E:M:DIYO:ZCBhV"
-#define a_argument required_argument
 static struct option const long_opts[] = {
 	{"path",      no_argument, NULL, 'p'},
 	{"ldpath",    no_argument, NULL, 'l'},
@@ -1924,43 +1923,13 @@ static const char * const opts_help[] = {
 /* display usage and exit */
 static void usage(int status)
 {
-	const char a_arg[] = "<arg>";
-	size_t a_arg_len = strlen(a_arg) + 2;
-	size_t i;
-	int optlen;
-	printf("* Scan ELF binaries for stuff\n\n"
-	       "Usage: %s [options] <dir1/file1> [dir2 dirN file2 fileN ...]\n\n", argv0);
-	printf("Options: -[%s]\n", PARSE_FLAGS);
-
-	/* prescan the --long opt length to auto-align */
-	optlen = 0;
-	for (i = 0; long_opts[i].name; ++i) {
-		int l = strlen(long_opts[i].name);
-		if (long_opts[i].has_arg == a_argument)
-			l += a_arg_len;
-		optlen = max(l, optlen);
-	}
-
-	for (i = 0; long_opts[i].name; ++i) {
-		/* first output the short flag if it has one */
-		if (long_opts[i].val > '~')
-			printf("      ");
-		else
-			printf("  -%c, ", long_opts[i].val);
-
-		/* then the long flag */
-		if (long_opts[i].has_arg == no_argument)
-			printf("--%-*s", optlen, long_opts[i].name);
-		else
-			printf("--%s %s %*s", long_opts[i].name, a_arg,
-				(int)(optlen - strlen(long_opts[i].name) - a_arg_len), "");
-
-		/* finally the help text */
-		printf("* %s\n", opts_help[i]);
-	}
-
-	puts("\nFor more information, see the scanelf(1) manpage");
-	exit(status);
+	pax_usage(
+		"Scan ELF binaries for stuff",
+		"<dir1/file1> [dir2 dirN file2 fileN ...]",
+		PARSE_FLAGS,
+		long_opts,
+		opts_help,
+		status);
 }
 
 /* parse command line arguments and perform needed actions */

diff --git a/scanmacho.c b/scanmacho.c
index f0351ff..d33a440 100644
--- a/scanmacho.c
+++ b/scanmacho.c
@@ -573,7 +573,6 @@ static void scanmacho_envpath(void)
 
 /* usage / invocation handling functions */ /* Free Flags: c d e j k l s t u w x z G H I J K L P Q T W X Y */
 #define PARSE_FLAGS "pRmyArnibSUN:gE:M:DO:ZaqvF:f:o:CBhV"
-#define a_argument required_argument
 static struct option const long_opts[] = {
 	{"path",      no_argument, NULL, 'p'},
 	{"recursive", no_argument, NULL, 'R'},
@@ -621,7 +620,7 @@ static const char * const opts_help[] = {
 	"Find a specified library",
 	"Use strncmp to match libraries. (use with -N)",
 	"Print only Mach-O files matching mach_header\n"
-		"                        MH_OBJECT,MH_EXECUTE ... (ELF: etype)",
+		"                       MH_OBJECT,MH_EXECUTE ... (ELF: etype)",
 	"Print only Mach-O files matching numeric bits",
 	"Print Endianness",
 	"Print only Mach-O files matching octal permissions",
@@ -642,20 +641,13 @@ static const char * const opts_help[] = {
 /* display usage and exit */
 static void usage(int status)
 {
-	unsigned long i;
-	printf("* Scan Mach-O binaries for stuff\n\n"
-	       "Usage: %s [options] <dir1/file1> [dir2 dirN file2 fileN ...]\n\n", argv0);
-	printf("Options: -[%s]\n", PARSE_FLAGS);
-	for (i = 0; long_opts[i].name; ++i)
-		if (long_opts[i].has_arg == no_argument)
-			printf("  -%c, --%-14s* %s\n", long_opts[i].val,
-			       long_opts[i].name, opts_help[i]);
-		else
-			printf("  -%c, --%-7s <arg> * %s\n", long_opts[i].val,
-			       long_opts[i].name, opts_help[i]);
-
-	puts("\nFor more information, see the scanmacho(1) manpage");
-	exit(status);
+	pax_usage(
+		"Scan Mach-O binaries for stuff",
+		"<dir1/file1> [dir2 dirN file2 fileN ...]",
+		PARSE_FLAGS,
+		long_opts,
+		opts_help,
+		status);
 }
 
 /* parse command line arguments and perform needed actions */


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  2:53 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  2:53 UTC (permalink / raw
  To: gentoo-commits

commit:     6be48eb30663e52678a26e303a29842ca15dadca
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 02:19:37 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 02:19:37 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6be48eb3

pspax: fix error handling when reading attr or ipaddr fail

If these functions weren't able to read data from the files, they'd
return the previous buffer contents which would be pretty confusing.
Fix it to return NULL instead like other get helpers in here.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pspax.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/pspax.c b/pspax.c
index f1644a3..04cae79 100644
--- a/pspax.c
+++ b/pspax.c
@@ -230,9 +230,14 @@ static const char *get_pid_attr(int pfd)
 	if ((fp = fopenat_r(pfd, "attr/current")) == NULL)
 		return NULL;
 
-	if (fgets(buf, sizeof(buf), fp) != NULL)
-		if ((p = strchr(buf, '\n')) != NULL)
-			*p = 0;
+	if (fgets(buf, sizeof(buf), fp) == NULL) {
+		fclose(fp);
+		return NULL;
+	}
+
+	if ((p = strchr(buf, '\n')) != NULL)
+		*p = 0;
+
 	fclose(fp);
 
 	return buf;
@@ -247,9 +252,14 @@ static const char *get_pid_addr(int pfd)
 	if ((fp = fopenat_r(pfd, "ipaddr")) == NULL)
 		return NULL;
 
-	if (fgets(buf, sizeof(buf), fp) != NULL)
-		if ((p = strchr(buf, '\n')) != NULL)
-			*p = 0;
+	if (fgets(buf, sizeof(buf), fp) == NULL) {
+		fclose(fp);
+		return NULL;
+	}
+
+	if ((p = strchr(buf, '\n')) != NULL)
+		*p = 0;
+
 	fclose(fp);
 
 	return buf;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  2:53 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  2:53 UTC (permalink / raw
  To: gentoo-commits

commit:     76055a7dd0ab434e00df33b3577542bb69172aa8
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 02:25:39 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 02:25:39 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=76055a7d

pspax: switch from fgets to getline

This avoids limiting buffers to BUFSIZ which is a stdio.h define for
stdio buffers, not for random files, and is not a guaranteed size.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 pspax.c | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/pspax.c b/pspax.c
index 04cae79..1cfd72f 100644
--- a/pspax.c
+++ b/pspax.c
@@ -119,12 +119,13 @@ static const char *get_proc_name(int pfd)
 static int get_proc_maps(int pfd)
 {
 	FILE *fp;
-	static char str[BUFSIZ];
+	static char *str = NULL;
+	static size_t len = 0;
 
 	if ((fp = fopenat_r(pfd, "maps")) == NULL)
 		return -1;
 
-	while (fgets(str, sizeof(str), fp)) {
+	while (getline(&str, &len, fp) != -1) {
 		char *p;
 		if ((p = strchr(str, ' ')) != NULL) {
 			if (strlen(p) < 6)
@@ -155,12 +156,13 @@ static int get_proc_maps(int pfd)
 static int print_executable_mappings(int pfd)
 {
 	FILE *fp;
-	static char str[BUFSIZ];
+	static char *str = NULL;
+	static size_t len = 0;
 
 	if ((fp = fopenat_r(pfd, "maps")) == NULL)
 		return -1;
 
-	while (fgets(str, sizeof(str), fp)) {
+	while (getline(&str, &len, fp) != -1) {
 		char *p;
 		if ((p = strchr(str, ' ')) != NULL) {
 			if (strlen(p) < 6)
@@ -200,20 +202,21 @@ static const struct passwd *get_proc_passwd(int pfd)
 static const char *get_proc_status(int pfd, const char *name)
 {
 	FILE *fp;
-	size_t len;
-	static char str[BUFSIZ];
+	size_t name_len;
+	static char *str = NULL;
+	static size_t len = 0;
 
 	if ((fp = fopenat_r(pfd, "status")) == NULL)
 		return NULL;
 
-	len = strlen(name);
-	while (fgets(str, sizeof(str), fp)) {
-		if (strncasecmp(str, name, len) != 0)
+	name_len = strlen(name);
+	while (getline(&str, &len, fp) != -1) {
+		if (strncasecmp(str, name, name_len) != 0)
 			continue;
-		if (str[len] == ':') {
+		if (str[name_len] == ':') {
 			fclose(fp);
 			str[strlen(str) - 1] = 0;
-			return (str + len + 2);
+			return (str + name_len + 2);
 		}
 	}
 	fclose(fp);
@@ -225,12 +228,13 @@ static const char *get_pid_attr(int pfd)
 {
 	FILE *fp;
 	char *p;
-	static char buf[BUFSIZ];
+	static char *buf = NULL;
+	static size_t len = 0;
 
 	if ((fp = fopenat_r(pfd, "attr/current")) == NULL)
 		return NULL;
 
-	if (fgets(buf, sizeof(buf), fp) == NULL) {
+	if (getline(&buf, &len, fp) == -1) {
 		fclose(fp);
 		return NULL;
 	}
@@ -247,12 +251,13 @@ static const char *get_pid_addr(int pfd)
 {
 	FILE *fp;
 	char *p;
-	static char buf[BUFSIZ];
+	static char *buf = NULL;
+	static size_t len = 0;
 
 	if ((fp = fopenat_r(pfd, "ipaddr")) == NULL)
 		return NULL;
 
-	if (fgets(buf, sizeof(buf), fp) == NULL) {
+	if (getline(&buf, &len, fp) == -1) {
 		fclose(fp);
 		return NULL;
 	}


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  4:44 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  4:44 UTC (permalink / raw
  To: gentoo-commits

commit:     5b5556d12b96dd2d420e0d66456f1935668b3984
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 04:33:40 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 04:33:40 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5b5556d1

ar: handle invalid ascii numbers better

The atoi helper handles signed 32-bit integers, and expects the input
strings to be NUL terminated.  Some of the fields are larger than what
signed 32-bit can handle, and none of them are NUL terminated.  The
code currently works because it stops processing once it reaches text
that is not numeric, and the content that follows each field is always
non-numeric (e.g. a space).

Add a helper function that leverages strtoll as all of the fields can
fit into a signed 64-bit number.  If the number is invalid, flag it as
such, and normalize it to 0 so the rest of the code can continue on.

Bug: https://bugs.gentoo.org/890577
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 paxinc.c | 53 +++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 45 insertions(+), 8 deletions(-)

diff --git a/paxinc.c b/paxinc.c
index ff4ab85..5369697 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -50,6 +50,42 @@ archive_handle *ar_open(const char *filename, bool verbose)
 	return ret;
 }
 
+static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int base)
+{
+	/* Largest field ar headers have is 16 bytes. */
+	char buf[17];
+	char *endp;
+	long long ret;
+
+	memcpy(buf, numstr, ndigits);
+	buf[ndigits] = '\0';
+
+	ret = strtoll(buf, &endp, base);
+	/* Numbers are padded with whitespace. */
+	if (*endp != '\0' && *endp != ' ') {
+		warn("ar: invalid number: %s", buf);
+		ret = 0;
+	}
+
+	/*
+	 * Unsigned 64-bit numbers use up to 20 digits, and signed 64-bit numbers use
+	 * up to 19 digits, but ndigits is always less than that.  So we'd never handle
+	 * a number that requires all 64-bits.  If it's negative, it's because the input
+	 * was negative e.g. "-1", and none of these fields should ever be negative.
+	 */
+	if (ret < 0) {
+		warn("ar: invalid number: %s", buf);
+		ret = 0;
+	}
+
+	return ret;
+}
+#define read_octal_number(s, n) ar_read_ascii_number(s, n, 8)
+#define read_decimal_number(s, n) ar_read_ascii_number(s, n, 10)
+/* For char[] arrays rather than dynamic pointers. */
+#define read_octal_number_fixed(s) read_octal_number(s, sizeof(s))
+#define read_decimal_number_fixed(s) read_decimal_number(s, sizeof(s))
+
 archive_member *ar_next(archive_handle *ar)
 {
 	char *s;
@@ -84,12 +120,13 @@ close_and_ret:
 		goto close_and_ret;
 	}
 
+	/* System V extended filename section. */
 	if (ret.buf.formatted.name[0] == '/' && ret.buf.formatted.name[1] == '/') {
 		if (ar->extfn != NULL) {
 			warn("%s: Duplicate GNU extended filename section", ar->filename);
 			goto close_and_ret;
 		}
-		len = atoi(ret.buf.formatted.size);
+		len = read_decimal_number_fixed(ret.buf.formatted.size);
 		ar->extfn = xmalloc(sizeof(char) * (len + 1));
 		if (read(ar->fd, ar->extfn, len) != len)
 			goto close_and_ret;
@@ -104,7 +141,7 @@ close_and_ret:
 	s = ret.buf.formatted.name;
 	if (s[0] == '#' && s[1] == '1' && s[2] == '/') {
 		/* BSD extended filename, always in use on Darwin */
-		len = atoi(s + 3);
+		len = read_decimal_number(s + 3, sizeof(ret.buf.formatted.name) - 3);
 		if (len <= (ssize_t)sizeof(ret.buf.formatted.name)) {
 			if (read(ar->fd, ret.buf.formatted.name, len) != len)
 				goto close_and_ret;
@@ -120,18 +157,18 @@ close_and_ret:
 			warn("%s: GNU extended filename without special data section", ar->filename);
 			goto close_and_ret;
 		}
-		s = ar->extfn + atoi(s + 1);
+		s = ar->extfn + read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1);
 	}
 
 	snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
 	ret.name[sizeof(ret.name) - 1] = '\0';
 	if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
 		*s = '\0';
-	ret.date = atoi(ret.buf.formatted.date);
-	ret.uid = atoi(ret.buf.formatted.uid);
-	ret.gid = atoi(ret.buf.formatted.gid);
-	ret.mode = strtol(ret.buf.formatted.mode, NULL, 8);
-	ret.size = atoi(ret.buf.formatted.size);
+	ret.date = read_decimal_number_fixed(ret.buf.formatted.date);
+	ret.uid = read_decimal_number_fixed(ret.buf.formatted.uid);
+	ret.gid = read_decimal_number_fixed(ret.buf.formatted.gid);
+	ret.mode = read_octal_number_fixed(ret.buf.formatted.mode);
+	ret.size = read_decimal_number_fixed(ret.buf.formatted.size);
 	ar->skip = ret.size - len;
 
 	return &ret;


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  5:06 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  5:06 UTC (permalink / raw
  To: gentoo-commits

commit:     f2af478770a5a4a3f69ab64f1b5e17c8f7a17050
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 04:58:06 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 04:58:06 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f2af4787

ar: handle invalid extended filename offsets

Check the extended filename offset doesn't exceed the size of the
extended filename section.

Bug: https://bugs.gentoo.org/890579
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 paxinc.c | 10 ++++++++--
 paxinc.h |  1 +
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/paxinc.c b/paxinc.c
index 5369697..21844d8 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -126,7 +126,7 @@ close_and_ret:
 			warn("%s: Duplicate GNU extended filename section", ar->filename);
 			goto close_and_ret;
 		}
-		len = read_decimal_number_fixed(ret.buf.formatted.size);
+		len = ar->extfn_len = read_decimal_number_fixed(ret.buf.formatted.size);
 		ar->extfn = xmalloc(sizeof(char) * (len + 1));
 		if (read(ar->fd, ar->extfn, len) != len)
 			goto close_and_ret;
@@ -157,7 +157,13 @@ close_and_ret:
 			warn("%s: GNU extended filename without special data section", ar->filename);
 			goto close_and_ret;
 		}
-		s = ar->extfn + read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1);
+		/* NB: We NUL terminated extfn above when reading it. */
+		int64_t off = read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1);
+		if (off >= ar->extfn_len) {
+			warn("%s: GNU extended filename has invalid offset", ar->filename);
+			goto close_and_ret;
+		}
+		s = ar->extfn + off;
 	}
 
 	snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);

diff --git a/paxinc.h b/paxinc.h
index c8fcf71..b2d2b50 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -48,6 +48,7 @@ typedef struct {
 	const char *filename;
 	size_t skip;
 	char *extfn;
+	off_t extfn_len;
 	bool verbose;
 } archive_handle;
 #else


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  5:06 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  5:06 UTC (permalink / raw
  To: gentoo-commits

commit:     77bf161b55dbf340f4498ad26eef3fd7a0dfbcdc
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 05:02:51 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 05:02:51 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=77bf161b

ar: switch from alloca to malloc

If alloca allocates too much stack space, program behavior is undefined,
and basically we segfault.  There is no way to check whether this will
happen ahead of time, so our only choice is to switch to malloc.  If we
try to allocate too much memory from the heap, we'll get a NULL pointer,
and we can diagnose & exit ourselves.  Kind of sucks as alloca was a
perfect fit here, but since the size is coming directly from user input,
we can't trust it is always "reasonable".

Bug: https://bugs.gentoo.org/890579
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 meson.build | 1 -
 paxinc.c    | 5 ++++-
 porting.h   | 3 ---
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/meson.build b/meson.build
index e891d98..319e3de 100644
--- a/meson.build
+++ b/meson.build
@@ -44,7 +44,6 @@ foreach x : [
   'linux/seccomp.h',
   'linux/securebits.h',
   'sys/prctl.h',
-  'alloca.h',
   'elf-hints.h',
   'glob.h',
 ]

diff --git a/paxinc.c b/paxinc.c
index 21844d8..644c0d6 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -89,11 +89,13 @@ static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int bas
 archive_member *ar_next(archive_handle *ar)
 {
 	char *s;
+	char *heap_s = NULL;
 	ssize_t len = 0;
 	static archive_member ret;
 
 	if (ar->skip && lseek(ar->fd, ar->skip, SEEK_CUR) == -1) {
 close_and_ret:
+		free(heap_s);
 		free(ar->extfn);
 		close(ar->fd);
 		ar->extfn = NULL;
@@ -146,7 +148,7 @@ close_and_ret:
 			if (read(ar->fd, ret.buf.formatted.name, len) != len)
 				goto close_and_ret;
 		} else {
-			s = alloca(sizeof(char) * len + 1);
+			s = heap_s = xmalloc(sizeof(char) * (len + 1));
 			if (read(ar->fd, s, len) != len)
 				goto close_and_ret;
 			s[len] = '\0';
@@ -167,6 +169,7 @@ close_and_ret:
 	}
 
 	snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
+	free(heap_s);
 	ret.name[sizeof(ret.name) - 1] = '\0';
 	if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
 		*s = '\0';

diff --git a/porting.h b/porting.h
index 68e2b6c..103d268 100644
--- a/porting.h
+++ b/porting.h
@@ -40,9 +40,6 @@
 #include <time.h>
 #include <unistd.h>
 #include "elf.h"
-#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
-#endif
 #ifdef HAVE_SYS_PRCTL_H
 # include <sys/prctl.h>
 # ifdef HAVE_LINUX_SECCOMP_H


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  5:21 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  5:21 UTC (permalink / raw
  To: gentoo-commits

commit:     c1759f9bf28edb910208a7c7fbb4b373fe8b1297
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 05:19:50 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 05:19:50 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c1759f9b

scanelf: fix hashtable overflow checks

Make sure we use the right offset, and make sure the numbers to check
don't overflow themselves -- if nbuckets & nchains are 32-bit, and if
we multiply them by 4, we can easily overflow before we get a chance
to see if they will fit within the memory range.

Bug: https://bugs.gentoo.org/890028
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 scanelf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scanelf.c b/scanelf.c
index 140208b..0ee1bad 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -315,9 +315,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, const void **sym, const void *
 			Elf32_Word sym_idx; \
 			Elf32_Word chained; \
 			\
-			if (!VALID_RANGE(elf, offset, nbuckets * 4)) \
+			if (!VALID_RANGE(elf, hash_offset, nbuckets * (uint64_t)4)) \
 				goto corrupt_hash; \
-			if (!VALID_RANGE(elf, offset, nchains * 4)) \
+			if (!VALID_RANGE(elf, hash_offset, nchains * (uint64_t)4)) \
 				goto corrupt_hash; \
 			\
 			for (b = 0; b < nbuckets; ++b) { \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  5:36 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  5:36 UTC (permalink / raw
  To: gentoo-commits

commit:     0c6f0ca36748ae97d413aff232ad4fcc6829a582
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 05:36:05 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 05:36:05 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0c6f0ca3

README: update macOS name

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ec4bfe6..845c8de 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@
 
 pax-utils is a small set of utilities for performing Q/A (mostly security)
 checks on systems (most notably, `scanelf`).  It is focused on the ELF
-format, but does include a Mach-O helper too for OS X systems.
+format, but does include a Mach-O helper too for macOS systems.
 
 While heavily integrated into Gentoo's build system, it can be used on any
 distro as it is a generic toolset.


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  5:57 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  5:57 UTC (permalink / raw
  To: gentoo-commits

commit:     af9a4e8e1695fcbaaeb379bec14ccc03b00341fa
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 05:53:39 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 05:53:39 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=af9a4e8e

dumpelf: free elf after fuzzing it to avoid leaking

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 dumpelf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dumpelf.c b/dumpelf.c
index 5b18326..0afb6c7 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -587,6 +587,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	if (elf == NULL)
 		return 0;
 	dumpelf(elf, 0);
+	unreadelf(elf);
 	return 0;
 }
 #else


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  5:57 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  5:57 UTC (permalink / raw
  To: gentoo-commits

commit:     0b5d5d35b7b745dfff588579cda1245c5a4d19cb
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 05:50:23 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 05:50:23 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0b5d5d35

paxelf: reject ELFs with incomplete Ehdr structures

There's nothing useful we can parse out of these, so skip them.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 paxelf.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/paxelf.c b/paxelf.c
index 9a34ea4..599d54f 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -620,6 +620,11 @@ free_elf_and_return:
 		char invalid; \
 		const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
 		Elf ## B ## _Off size; \
+		/* Need enough bytes for all of ehdr. */ \
+		if (elf->len < (off_t)sizeof(*ehdr)) { \
+			warn("%s: Incomplete ELF header", filename); \
+			goto free_elf_and_return; \
+		} \
 		/* verify program header */ \
 		invalid = 0; \
 		if (EGET(ehdr->e_phnum) <= 0) \


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-01-25  6:52 Mike Frysinger
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Frysinger @ 2024-01-25  6:52 UTC (permalink / raw
  To: gentoo-commits

commit:     80a83a8f6aebd4c5f0d2a21bfbfe5d7cffd1fc9b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 06:51:49 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 06:51:49 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=80a83a8f

sanitizer: fix feature tests under clang

While gcc defines __SANITIZE_ADDRESS__, clang requires more verbose
tests.  Add them to make the cleanup/security logic work correctly.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 porting.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/porting.h b/porting.h
index 103d268..6c0da01 100644
--- a/porting.h
+++ b/porting.h
@@ -74,6 +74,13 @@
 #endif
 
 #undef PAX_UTILS_CLEANUP
+#ifndef __SANITIZE_ADDRESS__
+# ifdef __has_feature
+#  if __has_feature (address_sanitizer)
+#   define __SANITIZE_ADDRESS__ 1
+#  endif
+# endif
+#endif
 /* LSAN (Leak Sanitizer) will complain about things we leak. */
 #ifdef __SANITIZE_ADDRESS__
 # define PAX_UTILS_CLEANUP 1


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-07-22 20:08 Mike Gilbert
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Gilbert @ 2024-07-22 20:08 UTC (permalink / raw
  To: gentoo-commits

commit:     b16cce4ad0cb04e407252ab2f37331cd4bf3b19d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 22 20:03:13 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul 22 20:08:09 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b16cce4a

make-seccomp-filters.sh: split cflags/ldflags for libseccomp

Resolves a link failure with -Wl,--as-needed.
Thanks to Mathias Krause for noticing the problem.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 make-seccomp-filters.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/make-seccomp-filters.sh b/make-seccomp-filters.sh
index 124646a..762670f 100755
--- a/make-seccomp-filters.sh
+++ b/make-seccomp-filters.sh
@@ -4,10 +4,12 @@ set -ufe
 >&2 echo YOU DO NOT NEED TO RUN IT UNLESS YOU EDITED seccomp-bpf.c
 
 : "${CC:=gcc}"
-: "${CCFLAGS:=$(pkg-config --cflags --libs libseccomp)}"
+: "${PKG_CONFIG:=pkg-config}"
+: "${SECCOMP_CFLAGS:=$(${PKG_CONFIG} --cflags libseccomp)}"
+: "${SECCOMP_LIBS:=$(${PKG_CONFIG} --libs libseccomp)}"
 
 generator="$(mktemp)"
 trap 'rm "${generator}"' EXIT
 
-"${CC}" -o "${generator}" -D_GNU_SOURCE ${CCFLAGS} seccomp-bpf.c && \
+${CC} -o "${generator}" -D_GNU_SOURCE ${SECCOMP_CFLAGS} ${CFLAGS-} ${LDFLAGS-} seccomp-bpf.c ${SECCOMP_LIBS} && \
 	"${generator}" > seccomp-bpf.h


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-07-22 21:07 Mike Gilbert
  0 siblings, 0 replies; 253+ messages in thread
From: Mike Gilbert @ 2024-07-22 21:07 UTC (permalink / raw
  To: gentoo-commits

commit:     a9440d0bf71c665aea026a7c06603bca2c80ae75
Author:     Mathias Krause <minipli <AT> grsecurity <DOT> net>
AuthorDate: Tue Jan 23 10:12:20 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul 22 21:05:57 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a9440d0b

seccomp: make socket() fail with -ENOSYS

At least Debian's glibc tries to make use of nscd by default leading to
the getpwuid() / getpwnam() calls in pspax trying to open up a local
connection to /var/run/nscd/socket. Neither socket() nor connect() are
allowed by the seccomp policy, leading to unavoidable killing of the
process:

  $ pspax
  USER     PID    PAX    MAPS ETYPE      NAME             CAPS ATTR
  Bad system call (core dumped)

  $ strace pspax |& tail -3
  newfstatat(4, "stat", {st_mode=S_IFREG|0444, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 41
  +++ killed by SIGSYS (core dumped) +++

Fix this by making socket() fail with -ENOSYS instead:

  $ strace -e trace=socket ./build/pspax >/dev/null
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = -1 ENOSYS (Function not implemented)
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = -1 ENOSYS (Function not implemented)
  +++ exited with 0 +++

Signed-off-by: Mathias Krause <minipli <AT> grsecurity.net>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 seccomp-bpf.c | 16 +++++++++----
 seccomp-bpf.h | 76 +++++++++++++++++++++++++++++------------------------------
 2 files changed, 49 insertions(+), 43 deletions(-)

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index b56e9e4..5d34f33 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -10,6 +10,7 @@
 const char argv0[] = "seccomp-bpf";
 
 #include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -49,7 +50,7 @@ static const struct {
 };
 
 /* Simple helper to add all of the syscalls in an array. */
-static int gen_seccomp_rules_add(scmp_filter_ctx ctx, const int syscalls[], size_t num)
+static int gen_seccomp_rules_add(scmp_filter_ctx ctx, const int syscalls[], size_t num, uint32_t action)
 {
 	static uint8_t prio;
 	size_t i;
@@ -58,14 +59,14 @@ static int gen_seccomp_rules_add(scmp_filter_ctx ctx, const int syscalls[], size
 			warn("seccomp_syscall_priority failed");
 			return -1;
 		}
-		if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) < 0) {
+		if (seccomp_rule_add(ctx, action, syscalls[i], 0) < 0) {
 			warn("seccomp_rule_add failed");
 			return -1;
 		}
 	}
 	return 0;
 }
-#define gen_seccomp_rules_add(ctx, syscalls) gen_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
+#define gen_seccomp_rules_add(ctx, syscalls, action) gen_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls), action)
 
 static void gen_seccomp_dump(scmp_filter_ctx ctx, const char *name)
 {
@@ -209,6 +210,9 @@ int main(void)
 		SCMP_SYS(waitid),
 		SCMP_SYS(waitpid),
 	};
+	static const int soft_error_syscalls[] = {
+		SCMP_SYS(socket),
+	};
 
 	/* TODO: Handle debug and KILL vs TRAP. */
 
@@ -241,11 +245,13 @@ int main(void)
 		printf("/* %s */\n", gen_seccomp_arches[i].name);
 		printf("#define SECCOMP_BPF_AVAILABLE\n");
 
-		if (gen_seccomp_rules_add(ctx, base_syscalls) < 0)
+		if (gen_seccomp_rules_add(ctx, base_syscalls, SCMP_ACT_ALLOW) < 0)
+			err(1, "seccomp_rules_add failed");
+		if (gen_seccomp_rules_add(ctx, soft_error_syscalls, SCMP_ACT_ERRNO(ENOSYS)) < 0)
 			err(1, "seccomp_rules_add failed");
 		gen_seccomp_dump(ctx, "base");
 
-		if (gen_seccomp_rules_add(ctx, fork_syscalls) < 0)
+		if (gen_seccomp_rules_add(ctx, fork_syscalls, SCMP_ACT_ALLOW) < 0)
 			err(1, "seccomp_rules_add failed");
 		gen_seccomp_dump(ctx, "fork");
 

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 80d6d94..9f9c578 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
 /* AARCH64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,45,183,0,0,192,32,0,0,0,0,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,47,183,0,0,192,32,0,0,0,0,0,0,0,21,0,0,1,198,0,0,0,6,0,0,0,38,0,5,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,183,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,95,0,0,0,21,0,48,0,4,1,0,0,21,0,47,0,97,0,0,0,21,0,46,0,135,0,0,0,21,0,45,0,134,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,220,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,2
 1,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,54,183,0,0,192,32,0,0,0,0,0,0,0,21,0,51,0,95,0,0,0,21,0,50,0,4,1,0,0,21,0,49,0,97,0,0,0,21,0,48,0,135,0,0,0,21,0,47,0,134,0,0,0,21,0,46,0,221,0,0,0,21,0,45,0,220,0,0,0,21,0,0,1,198,0,0,0,6,0,0,0,38,0,5,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,2
 1,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -19,10 +19,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* ARM */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,57,40,0,0,64,32,0,0,0,0,0,0,0,21,0,54,0,220,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1
 ,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,59,40,0,0,64,32,0,0,0,0,0,0,0,21,0,0,1,25,1,0,0,6,0,0,0,38,0,5,0,21,0,54,0,220,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0
 ,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,66,40,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,24,1,0,0,21,0,62,0,114,0,0,0,21,0,61,0,190,0,0,0,21,0,60,0,81,1,0,0,21,0,59,0,175,0,0,0,21,0,58,0,174,0,0,0,21,0,57,0,2,0,0,0,21,0,56,0,11,0,0,0,21,0,55,0,120,0,0,0,21,0,54,0,220,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,
 192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,68,40,0,0,64,32,0,0,0,0,0,0,0,21,0,65,0,24,1,0,0,21,0,64,0,114,0,0,0,21,0,63,0,190,0,0,0,21,0,62,0,81,1,0,0,21,0,61,0,175,0,0,0,21,0,60,0,174,0,0,0,21,0,59,0,2,0,0,0,21,0,58,0,11,0,0,0,21,0,57,0,120,0,0,0,21,0,0,1,25,1,0,0,6,0,0,0,38,0,5,0,21,0,54,0,220,0,0,0,21,0,53,0,128,1,0,0,21,0,52,0,56,1,0,0,21,0,51,0,42,1,0,0,21,0,50,0,43,1,0,0,21,0,49,0,45,1,0,0,21,0,48,0,46,1,0,0,21,0,47,0,47,1,0,0,21,0,46,0,183,0,0,0,21,0,45,0,76,1,0,0,21,0,44,0,85,0,0,0,21,0,43,0,240,0,0,0,21,0,42,0,125,0,0,0,21,0,41,0,140,0,0,0,21,0,40,0,19,0,0,0,21,0,39,0,54,0,0,0,21,0,38,0,224,0,0,0,21,0,37,0,20,0,0,0,21,0,36,0,133,0,0,0,21,0,35,0,183,1,0,0,21,0,34,0,78,1,0,0,21,0,33,0,248,0,0,0,21,0,32,0,1,0,0,0,21,0,31,0,102,1,0,0,21,0,30,0,63,0,0,0,21,0,29,0,41,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,105,1,0,0,21,0,21,0,145,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,180,0,0,0,21,0,18,0,217,0,0,0,21,0,17,0,141,
 0,0,0,21,0,16,0,91,0,0,0,21,0,15,0,192,0,0,0,21,0,14,0,66,1,0,0,21,0,13,0,5,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,141,1,0,0,21,0,10,0,195,0,0,0,21,0,9,0,106,0,0,0,21,0,8,0,196,0,0,0,21,0,7,0,107,0,0,0,21,0,6,0,71,1,0,0,21,0,5,0,197,0,0,0,21,0,4,0,108,0,0,0,21,0,3,0,106,1,0,0,21,0,2,0,181,0,0,0,21,0,1,0,146,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -30,10 +30,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,8,0,32,0,0,0,0,0,0,0,21,54,0,0,0,16,122,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,16,107,0,21,50,0,0,0,16,202,0,21,49,0,0,0,15,245,0,21,48,0,0,0,16,142,0,21,47,0,0,0,16,29,0,21,46,0,0,0,16,44,0,21,45,0,0,0,15,179,0,21,44,0,0,0,15,214,0,21,43,0,0,0,16,126,0,21,42,0,0,0,15,180,0,21,41,0,0,0,16,37,0,21,40,0,0,0,17,87,0,21,39,0,0,0,16,204,0,21,38,0,0,0,16,150,0,21,37,0,0,0,15,161,0,21,36,0,0,0,16,231,0,21,35,0,0,0,15,223,0,21,34,0,0,0,15,201,0,21,33,0,0,0,15,172,0,21,32,0,0,0,16,108,0,21,31,0,0,0,15,205,0,21,30,0,0,0,15,193,0,21,29,0,0,0,16,124,0,21,28,0,0,0,15,215,0,21,27,0,0,0,16,234,0,21,26,0,0,0,16,49,0,21,25,0,0,0,15,163,0,21,24,0,0,0,16,104,0,21,23,0,0,0,16,123,0,21,22,0,0,0,16,45,0,21,21,0,0,0,15,251,0,21,20,0,0,0,16,114,0,21,19,0,0,0,15,250,0,21,18,0,0,0,16,192,0,21,17,0,0,0,15,165,0,21,16,0,0,0,15,166,0,21,15,0,0,0,17,14,0,21,14,0,0,0,16,117,0,21,13,0,0,0,16,10,0,21,12,0,0,0,16,118,0,21,11,0,0,0,16,11,0,21,10,0,0,0,16,197,0,21,9,0,0,
 0,16,119,0,21,8,0,0,0,16,12,0,21,7,0,0,0,16,235,0,21,6,0,0,0,16,105,0,21,5,0,0,0,16,50,0,21,4,0,0,0,15,164,0,21,3,0,0,0,17,41,0,21,2,0,0,0,17,47,0,21,1,0,0,0,17,48,0,21,0,1,0,0,17,49,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,62,0,0,0,8,0,32,0,0,0,0,0,0,0,21,0,2,0,0,16,6,0,32,0,0,0,0,0,20,0,21,52,58,0,0,0,1,0,21,56,0,0,0,16,122,0,21,55,0,0,0,17,1,0,21,54,0,0,0,16,21,0,21,53,0,0,0,16,107,0,21,52,0,0,0,16,202,0,21,51,0,0,0,15,245,0,21,50,0,0,0,16,142,0,21,49,0,0,0,16,29,0,21,48,0,0,0,16,44,0,21,47,0,0,0,15,179,0,21,46,0,0,0,15,214,0,21,45,0,0,0,16,126,0,21,44,0,0,0,15,180,0,21,43,0,0,0,16,37,0,21,42,0,0,0,17,87,0,21,41,0,0,0,16,204,0,21,40,0,0,0,16,150,0,21,39,0,0,0,15,161,0,21,38,0,0,0,16,231,0,21,37,0,0,0,15,223,0,21,36,0,0,0,15,201,0,21,35,0,0,0,15,172,0,21,34,0,0,0,16,108,0,21,33,0,0,0,15,205,0,21,32,0,0,0,15,193,0,21,31,0,0,0,16,124,0,21,30,0,0,0,15,215,0,21,29,0,0,0,16,234,0,21,28,0,0,0,16,49,0,21,27,0,0,0,15,163,0,21,26,0,0,0,16,104,0,21,25,0,0,0,16,123,0,21,24,0,0,0,16,45,0,21,23,0,0,0,15,251,0,21,22,0,0,0,16,114,0,21,21,0,0,0,15,250,0,21,20,0,0,0,16,192,0,21,19,0,0,0,15,165,0,21,18,0,0,0,15,166,0,21,17,0,0,0,17,14,0,21,16,0,0,0,16,117,0,21,15,0,0,0,16,10,0,21,14,0,0,0,16,1
 18,0,21,13,0,0,0,16,11,0,21,12,0,0,0,16,197,0,21,11,0,0,0,16,119,0,21,10,0,0,0,16,12,0,21,9,0,0,0,16,235,0,21,8,0,0,0,16,105,0,21,7,0,0,0,16,50,0,21,6,0,0,0,15,164,0,21,0,1,0,0,16,87,0,6,0,0,0,5,0,38,0,21,3,0,0,0,17,41,0,21,2,0,0,0,17,47,0,21,1,0,0,0,17,48,0,21,0,1,0,0,17,49,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,8,0,32,0,0,0,0,0,0,0,21,63,0,0,0,15,167,0,21,62,0,0,0,16,182,0,21,61,0,0,0,16,18,0,21,60,0,0,0,16,207,0,21,59,0,0,0,16,99,0,21,58,0,0,0,16,98,0,21,57,0,0,0,15,162,0,21,56,0,0,0,15,171,0,21,55,0,0,0,16,24,0,21,54,0,0,0,16,122,0,21,53,0,0,0,17,1,0,21,52,0,0,0,16,21,0,21,51,0,0,0,16,107,0,21,50,0,0,0,16,202,0,21,49,0,0,0,15,245,0,21,48,0,0,0,16,142,0,21,47,0,0,0,16,29,0,21,46,0,0,0,16,44,0,21,45,0,0,0,15,179,0,21,44,0,0,0,15,214,0,21,43,0,0,0,16,126,0,21,42,0,0,0,15,180,0,21,41,0,0,0,16,37,0,21,40,0,0,0,17,87,0,21,39,0,0,0,16,204,0,21,38,0,0,0,16,150,0,21,37,0,0,0,15,161,0,21,36,0,0,0,16,231,0,21,35,0,0,0,15,223,0,21,34,0,0,0,15,201,0,21,33,0,0,0,15,172,0,21,32,0,0,0,16,108,0,21,31,0,0,0,15,205,0,21,30,0,0,0,15,193,0,21,29,0,0,0,16,124,0,21,28,0,0,0,15,215,0,21,27,0,0,0,16,234,0,21,26,0,0,0,16,49,0,21,25,0,0,0,15,163,0,21,24,0,0,0,16,104,0,21,23,0,0,0,16,123,0,21,22,0,0,0,16,45,0,21,21,0,0,0,15,251,0,21,20,0,0,0,16,114,0,21,19,0,0,0,15,250,0,21,18,0,0,
 0,16,192,0,21,17,0,0,0,15,165,0,21,16,0,0,0,15,166,0,21,15,0,0,0,17,14,0,21,14,0,0,0,16,117,0,21,13,0,0,0,16,10,0,21,12,0,0,0,16,118,0,21,11,0,0,0,16,11,0,21,10,0,0,0,16,197,0,21,9,0,0,0,16,119,0,21,8,0,0,0,16,12,0,21,7,0,0,0,16,235,0,21,6,0,0,0,16,105,0,21,5,0,0,0,16,50,0,21,4,0,0,0,15,164,0,21,3,0,0,0,17,41,0,21,2,0,0,0,17,47,0,21,1,0,0,0,17,48,0,21,0,1,0,0,17,49,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,71,0,0,0,8,0,32,0,0,0,0,0,0,0,21,68,0,0,0,15,167,0,21,67,0,0,0,16,182,0,21,66,0,0,0,16,18,0,21,65,0,0,0,16,207,0,21,64,0,0,0,16,99,0,21,63,0,0,0,16,98,0,21,62,0,0,0,15,162,0,21,61,0,0,0,15,171,0,21,60,0,0,0,16,24,0,21,0,2,0,0,16,6,0,32,0,0,0,0,0,20,0,21,52,58,0,0,0,1,0,21,56,0,0,0,16,122,0,21,55,0,0,0,17,1,0,21,54,0,0,0,16,21,0,21,53,0,0,0,16,107,0,21,52,0,0,0,16,202,0,21,51,0,0,0,15,245,0,21,50,0,0,0,16,142,0,21,49,0,0,0,16,29,0,21,48,0,0,0,16,44,0,21,47,0,0,0,15,179,0,21,46,0,0,0,15,214,0,21,45,0,0,0,16,126,0,21,44,0,0,0,15,180,0,21,43,0,0,0,16,37,0,21,42,0,0,0,17,87,0,21,41,0,0,0,16,204,0,21,40,0,0,0,16,150,0,21,39,0,0,0,15,161,0,21,38,0,0,0,16,231,0,21,37,0,0,0,15,223,0,21,36,0,0,0,15,201,0,21,35,0,0,0,15,172,0,21,34,0,0,0,16,108,0,21,33,0,0,0,15,205,0,21,32,0,0,0,15,193,0,21,31,0,0,0,16,124,0,21,30,0,0,0,15,215,0,21,29,0,0,0,16,234,0,21,28,0,0,0,16,49,0,21,27,0,0,0,15,163,0,21,26,0,0,0,16,104,0,21,25,0,0,0,16,123,0,21,24,0,0,0,16,45,0,21,23,0,0,0,15,251
 ,0,21,22,0,0,0,16,114,0,21,21,0,0,0,15,250,0,21,20,0,0,0,16,192,0,21,19,0,0,0,15,165,0,21,18,0,0,0,15,166,0,21,17,0,0,0,17,14,0,21,16,0,0,0,16,117,0,21,15,0,0,0,16,10,0,21,14,0,0,0,16,118,0,21,13,0,0,0,16,11,0,21,12,0,0,0,16,197,0,21,11,0,0,0,16,119,0,21,10,0,0,0,16,12,0,21,9,0,0,0,16,235,0,21,8,0,0,0,16,105,0,21,7,0,0,0,16,50,0,21,6,0,0,0,15,164,0,21,0,1,0,0,16,87,0,6,0,0,0,5,0,38,0,21,3,0,0,0,17,41,0,21,2,0,0,0,17,47,0,21,1,0,0,0,17,48,0,21,0,1,0,0,17,49,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -41,10 +41,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,8,0,32,0,0,0,0,0,0,0,21,49,0,0,0,19,203,0,21,48,0,0,0,19,204,0,21,47,0,0,0,19,202,0,21,46,0,0,0,19,213,0,21,45,0,0,0,20,137,0,21,44,0,0,0,19,223,0,21,43,0,0,0,20,74,0,21,42,0,0,0,19,146,0,21,41,0,0,0,19,144,0,21,40,0,0,0,19,151,0,21,39,0,0,0,20,58,0,21,38,0,0,0,19,174,0,21,37,0,0,0,19,215,0,21,36,0,0,0,21,63,0,21,35,0,0,0,20,139,0,21,34,0,0,0,20,85,0,21,33,0,0,0,19,194,0,21,32,0,0,0,20,166,0,21,31,0,0,0,19,168,0,21,30,0,0,0,19,167,0,21,29,0,0,0,19,214,0,21,28,0,0,0,20,3,0,21,27,0,0,0,19,148,0,21,26,0,0,0,19,156,0,21,25,0,0,0,19,206,0,21,24,0,0,0,20,169,0,21,23,0,0,0,19,154,0,21,22,0,0,0,19,136,0,21,21,0,0,0,19,152,0,21,20,0,0,0,20,188,0,21,19,0,0,0,19,212,0,21,18,0,0,0,19,147,0,21,17,0,0,0,19,145,0,21,16,0,0,0,20,127,0,21,15,0,0,0,19,138,0,21,14,0,0,0,19,139,0,21,13,0,0,0,20,206,0,21,12,0,0,0,19,140,0,21,11,0,0,0,19,142,0,21,10,0,0,0,19,141,0,21,9,0,0,0,20,132,0,21,8,0,0,0,20,170,0,21,7,0,0,0,19,153,0,21,6,0,0,0,19,155,0,21,5,0,0,0,19,137,0,21,4,0
 ,0,0,19,163,0,21,3,0,0,0,20,193,0,21,2,0,0,0,20,94,0,21,1,0,0,0,19,199,0,21,0,1,0,0,19,198,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,54,128,0,0,8,0,32,0,0,0,0,0,0,0,21,51,0,0,0,19,213,0,21,50,0,0,0,20,137,0,21,49,0,0,0,19,223,0,21,48,0,0,0,20,74,0,21,47,0,0,0,19,146,0,21,46,0,0,0,19,144,0,21,45,0,0,0,19,151,0,21,44,0,0,0,20,58,0,21,43,0,0,0,19,174,0,21,42,0,0,0,19,215,0,21,41,0,0,0,21,63,0,21,40,0,0,0,20,139,0,21,39,0,0,0,20,85,0,21,38,0,0,0,19,194,0,21,37,0,0,0,20,166,0,21,36,0,0,0,19,168,0,21,35,0,0,0,19,167,0,21,34,0,0,0,19,214,0,21,33,0,0,0,20,3,0,21,32,0,0,0,19,148,0,21,31,0,0,0,19,156,0,21,30,0,0,0,19,206,0,21,29,0,0,0,20,169,0,21,28,0,0,0,19,154,0,21,27,0,0,0,19,136,0,21,26,0,0,0,19,152,0,21,25,0,0,0,20,188,0,21,24,0,0,0,19,212,0,21,23,0,0,0,19,147,0,21,22,0,0,0,19,145,0,21,21,0,0,0,20,127,0,21,20,0,0,0,19,138,0,21,19,0,0,0,19,139,0,21,18,0,0,0,20,206,0,21,17,0,0,0,19,140,0,21,16,0,0,0,19,142,0,21,15,0,0,0,19,141,0,21,14,0,0,0,20,132,0,21,13,0,0,0,20,170,0,21,12,0,0,0,19,153,0,21,11,0,0,0,19,155,0,21,10,0,0,0,19,137,0,21,0,1,0,0,19,176,0,6,0,0,0,5,0,38,0,21,7,0,0,0,19,163,0,21,6,0,
 0,0,20,193,0,21,5,0,0,0,20,94,0,21,4,0,0,0,19,199,0,21,3,0,0,0,19,198,0,21,2,0,0,0,19,203,0,21,1,0,0,0,19,204,0,21,0,1,0,0,19,202,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,8,0,32,0,0,0,0,0,0,0,21,57,0,0,0,19,203,0,21,56,0,0,0,19,204,0,21,55,0,0,0,19,202,0,21,54,0,0,0,19,213,0,21,53,0,0,0,20,137,0,21,52,0,0,0,19,223,0,21,51,0,0,0,20,74,0,21,50,0,0,0,19,146,0,21,49,0,0,0,19,144,0,21,48,0,0,0,19,151,0,21,47,0,0,0,20,58,0,21,46,0,0,0,19,174,0,21,45,0,0,0,19,215,0,21,44,0,0,0,21,63,0,21,43,0,0,0,20,139,0,21,42,0,0,0,20,85,0,21,41,0,0,0,19,194,0,21,40,0,0,0,20,166,0,21,39,0,0,0,19,168,0,21,38,0,0,0,19,167,0,21,37,0,0,0,19,214,0,21,36,0,0,0,20,3,0,21,35,0,0,0,19,148,0,21,34,0,0,0,19,156,0,21,33,0,0,0,19,206,0,21,32,0,0,0,20,169,0,21,31,0,0,0,19,154,0,21,30,0,0,0,19,136,0,21,29,0,0,0,19,152,0,21,28,0,0,0,20,188,0,21,27,0,0,0,19,212,0,21,26,0,0,0,19,147,0,21,25,0,0,0,19,145,0,21,24,0,0,0,20,127,0,21,23,0,0,0,19,138,0,21,22,0,0,0,19,139,0,21,21,0,0,0,20,206,0,21,20,0,0,0,19,140,0,21,19,0,0,0,19,142,0,21,18,0,0,0,19,141,0,21,17,0,0,0,20,132,0,21,16,0,0,0,20,170,0,21,15,0,0,0,19,153,0,21,14,0,0,0,19,155,0,21,13,0,0,0,19,137,0,2
 1,12,0,0,0,20,117,0,21,11,0,0,0,19,195,0,21,10,0,0,0,20,142,0,21,9,0,0,0,19,150,0,21,8,0,0,0,19,149,0,21,7,0,0,0,19,192,0,21,6,0,0,0,19,193,0,21,5,0,0,0,19,191,0,21,4,0,0,0,19,163,0,21,3,0,0,0,20,193,0,21,2,0,0,0,20,94,0,21,1,0,0,0,19,199,0,21,0,1,0,0,19,198,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,62,128,0,0,8,0,32,0,0,0,0,0,0,0,21,59,0,0,0,19,213,0,21,58,0,0,0,20,137,0,21,57,0,0,0,19,223,0,21,56,0,0,0,20,74,0,21,55,0,0,0,19,146,0,21,54,0,0,0,19,144,0,21,53,0,0,0,19,151,0,21,52,0,0,0,20,58,0,21,51,0,0,0,19,174,0,21,50,0,0,0,19,215,0,21,49,0,0,0,21,63,0,21,48,0,0,0,20,139,0,21,47,0,0,0,20,85,0,21,46,0,0,0,19,194,0,21,45,0,0,0,20,166,0,21,44,0,0,0,19,168,0,21,43,0,0,0,19,167,0,21,42,0,0,0,19,214,0,21,41,0,0,0,20,3,0,21,40,0,0,0,19,148,0,21,39,0,0,0,19,156,0,21,38,0,0,0,19,206,0,21,37,0,0,0,20,169,0,21,36,0,0,0,19,154,0,21,35,0,0,0,19,136,0,21,34,0,0,0,19,152,0,21,33,0,0,0,20,188,0,21,32,0,0,0,19,212,0,21,31,0,0,0,19,147,0,21,30,0,0,0,19,145,0,21,29,0,0,0,20,127,0,21,28,0,0,0,19,138,0,21,27,0,0,0,19,139,0,21,26,0,0,0,20,206,0,21,25,0,0,0,19,140,0,21,24,0,0,0,19,142,0,21,23,0,0,0,19,141,0,21,22,0,0,0,20,132,0,21,21,0,0,0,20,170,0,21,20,0,0,0,19,153,0,21,19,0,0,0,19,155,0,21,18,0,0,0,19,137,0,21,17,0,0,0,20,117,0,21,16,0,0,0,19,195,0,21,15,0,0,0,20,142,0,2
 1,14,0,0,0,19,150,0,21,13,0,0,0,19,149,0,21,12,0,0,0,19,192,0,21,11,0,0,0,19,193,0,21,10,0,0,0,19,191,0,21,0,1,0,0,19,176,0,6,0,0,0,5,0,38,0,21,7,0,0,0,19,163,0,21,6,0,0,0,20,193,0,21,5,0,0,0,20,94,0,21,4,0,0,0,19,199,0,21,3,0,0,0,19,198,0,21,2,0,0,0,19,203,0,21,1,0,0,0,19,204,0,21,0,1,0,0,19,202,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -52,10 +52,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPS64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,53,160,0,0,8,0,32,0,0,0,0,0,0,0,21,50,0,0,0,23,139,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,
 0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,55,160,0,0,8,0,32,0,0,0,0,0,0,0,21,0,1,0,0,23,152,0,6,0,0,0,5,0,38,0,21,50,0,0,0,23,139,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0
 ,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,61,160,0,0,8,0,32,0,0,0,0,0,0,0,21,58,0,0,0,24,97,0,21,57,0,0,0,23,171,0,21,56,0,0,0,24,122,0,21,55,0,0,0,23,126,0,21,54,0,0,0,23,125,0,21,53,0,0,0,23,168,0,21,52,0,0,0,23,169,0,21,51,0,0,0,23,167,0,21,50,0,0,0,23,139,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0,0,0,24,155,0,21,14,0,0,0,23,188,0,21
 ,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,63,160,0,0,8,0,32,0,0,0,0,0,0,0,21,60,0,0,0,24,97,0,21,59,0,0,0,23,171,0,21,58,0,0,0,24,122,0,21,57,0,0,0,23,126,0,21,56,0,0,0,23,125,0,21,55,0,0,0,23,168,0,21,54,0,0,0,23,169,0,21,53,0,0,0,23,167,0,21,0,1,0,0,23,152,0,6,0,0,0,5,0,38,0,21,50,0,0,0,23,139,0,21,49,0,0,0,24,173,0,21,48,0,0,0,24,71,0,21,47,0,0,0,23,175,0,21,46,0,0,0,23,174,0,21,45,0,0,0,23,179,0,21,44,0,0,0,23,180,0,21,43,0,0,0,23,178,0,21,42,0,0,0,23,189,0,21,41,0,0,0,24,117,0,21,40,0,0,0,23,199,0,21,39,0,0,0,24,50,0,21,38,0,0,0,23,122,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,24,146,0,21,27,0,0,0,23,144,0,21,26,0,0,0,23,143,0,21,25,0,0,0,23,190,0,21,24,0,0,0,23,235,0,21,23,0,0,0,23,124,0,21,22,0,0,0,23,132,0,21,21,0,0,0,24,68,0,21,20,0,0,0,23,182,0,21,19,0,0,0,24,149,0,21,18,0,0,0,23,130,0,21,17,0,0,0,23,112,0,21,16,0,0,0,23,128,0,21,15,0
 ,0,0,24,155,0,21,14,0,0,0,23,188,0,21,13,0,0,0,23,123,0,21,12,0,0,0,23,121,0,21,11,0,0,0,24,107,0,21,10,0,0,0,23,114,0,21,9,0,0,0,23,115,0,21,8,0,0,0,24,186,0,21,7,0,0,0,23,116,0,21,6,0,0,0,23,118,0,21,5,0,0,0,23,117,0,21,4,0,0,0,24,112,0,21,3,0,0,0,24,150,0,21,2,0,0,0,23,129,0,21,1,0,0,0,23,131,0,21,0,1,0,0,23,113,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -63,10 +63,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,57,8,0,0,64,32,0,0,0,0,0,0,0,21,0,54,0,122,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,107,16,0,0,21,0,50,0,202,16,0,0,21,0,49,0,245,15,0,0,21,0,48,0,142,16,0,0,21,0,47,0,29,16,0,0,21,0,46,0,44,16,0,0,21,0,45,0,179,15,0,0,21,0,44,0,214,15,0,0,21,0,43,0,126,16,0,0,21,0,42,0,180,15,0,0,21,0,41,0,37,16,0,0,21,0,40,0,87,17,0,0,21,0,39,0,204,16,0,0,21,0,38,0,150,16,0,0,21,0,37,0,161,15,0,0,21,0,36,0,231,16,0,0,21,0,35,0,223,15,0,0,21,0,34,0,201,15,0,0,21,0,33,0,172,15,0,0,21,0,32,0,108,16,0,0,21,0,31,0,205,15,0,0,21,0,30,0,193,15,0,0,21,0,29,0,124,16,0,0,21,0,28,0,215,15,0,0,21,0,27,0,234,16,0,0,21,0,26,0,49,16,0,0,21,0,25,0,163,15,0,0,21,0,24,0,104,16,0,0,21,0,23,0,123,16,0,0,21,0,22,0,45,16,0,0,21,0,21,0,251,15,0,0,21,0,20,0,114,16,0,0,21,0,19,0,250,15,0,0,21,0,18,0,192,16,0,0,21,0,17,0,165,15,0,0,21,0,16,0,166,15,0,0,21,0,15,0,14,17,0,0,21,0,14,0,117,16,0,0,21,0,13,0,10,16,0,0,21,0,12,0,118,16,0,0,21,0,11,0,11,16,0,0,21,0,10,0,197,16,0,0,21,0,9,0,1
 19,16,0,0,21,0,8,0,12,16,0,0,21,0,7,0,235,16,0,0,21,0,6,0,105,16,0,0,21,0,5,0,50,16,0,0,21,0,4,0,164,15,0,0,21,0,3,0,41,17,0,0,21,0,2,0,47,17,0,0,21,0,1,0,48,17,0,0,21,0,0,1,49,17,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,8,0,0,64,32,0,0,0,0,0,0,0,21,0,0,2,6,16,0,0,32,0,0,0,16,0,0,0,21,0,52,58,1,0,0,0,21,0,56,0,122,16,0,0,21,0,55,0,1,17,0,0,21,0,54,0,21,16,0,0,21,0,53,0,107,16,0,0,21,0,52,0,202,16,0,0,21,0,51,0,245,15,0,0,21,0,50,0,142,16,0,0,21,0,49,0,29,16,0,0,21,0,48,0,44,16,0,0,21,0,47,0,179,15,0,0,21,0,46,0,214,15,0,0,21,0,45,0,126,16,0,0,21,0,44,0,180,15,0,0,21,0,43,0,37,16,0,0,21,0,42,0,87,17,0,0,21,0,41,0,204,16,0,0,21,0,40,0,150,16,0,0,21,0,39,0,161,15,0,0,21,0,38,0,231,16,0,0,21,0,37,0,223,15,0,0,21,0,36,0,201,15,0,0,21,0,35,0,172,15,0,0,21,0,34,0,108,16,0,0,21,0,33,0,205,15,0,0,21,0,32,0,193,15,0,0,21,0,31,0,124,16,0,0,21,0,30,0,215,15,0,0,21,0,29,0,234,16,0,0,21,0,28,0,49,16,0,0,21,0,27,0,163,15,0,0,21,0,26,0,104,16,0,0,21,0,25,0,123,16,0,0,21,0,24,0,45,16,0,0,21,0,23,0,251,15,0,0,21,0,22,0,114,16,0,0,21,0,21,0,250,15,0,0,21,0,20,0,192,16,0,0,21,0,19,0,165,15,0,0,21,0,18,0,166,15,0,0,21,0,17,0,14,17,0,0,21,0,16,0,117,16,0,0,21,0,15,0,10,16,0,0,21,0,14,0,118,16,
 0,0,21,0,13,0,11,16,0,0,21,0,12,0,197,16,0,0,21,0,11,0,119,16,0,0,21,0,10,0,12,16,0,0,21,0,9,0,235,16,0,0,21,0,8,0,105,16,0,0,21,0,7,0,50,16,0,0,21,0,6,0,164,15,0,0,21,0,0,1,87,16,0,0,6,0,0,0,38,0,5,0,21,0,3,0,41,17,0,0,21,0,2,0,47,17,0,0,21,0,1,0,48,17,0,0,21,0,0,1,49,17,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,66,8,0,0,64,32,0,0,0,0,0,0,0,21,0,63,0,167,15,0,0,21,0,62,0,182,16,0,0,21,0,61,0,18,16,0,0,21,0,60,0,207,16,0,0,21,0,59,0,99,16,0,0,21,0,58,0,98,16,0,0,21,0,57,0,162,15,0,0,21,0,56,0,171,15,0,0,21,0,55,0,24,16,0,0,21,0,54,0,122,16,0,0,21,0,53,0,1,17,0,0,21,0,52,0,21,16,0,0,21,0,51,0,107,16,0,0,21,0,50,0,202,16,0,0,21,0,49,0,245,15,0,0,21,0,48,0,142,16,0,0,21,0,47,0,29,16,0,0,21,0,46,0,44,16,0,0,21,0,45,0,179,15,0,0,21,0,44,0,214,15,0,0,21,0,43,0,126,16,0,0,21,0,42,0,180,15,0,0,21,0,41,0,37,16,0,0,21,0,40,0,87,17,0,0,21,0,39,0,204,16,0,0,21,0,38,0,150,16,0,0,21,0,37,0,161,15,0,0,21,0,36,0,231,16,0,0,21,0,35,0,223,15,0,0,21,0,34,0,201,15,0,0,21,0,33,0,172,15,0,0,21,0,32,0,108,16,0,0,21,0,31,0,205,15,0,0,21,0,30,0,193,15,0,0,21,0,29,0,124,16,0,0,21,0,28,0,215,15,0,0,21,0,27,0,234,16,0,0,21,0,26,0,49,16,0,0,21,0,25,0,163,15,0,0,21,0,24,0,104,16,0,0,21,0,23,0,123,16,0,0,21,0,22,0,45,16,0,0,21,0,21,0,251,15,0,0,21,0,20,0,114,16,0,0,21,0,19,0,250,15,0,0,21,0,18,0,1
 92,16,0,0,21,0,17,0,165,15,0,0,21,0,16,0,166,15,0,0,21,0,15,0,14,17,0,0,21,0,14,0,117,16,0,0,21,0,13,0,10,16,0,0,21,0,12,0,118,16,0,0,21,0,11,0,11,16,0,0,21,0,10,0,197,16,0,0,21,0,9,0,119,16,0,0,21,0,8,0,12,16,0,0,21,0,7,0,235,16,0,0,21,0,6,0,105,16,0,0,21,0,5,0,50,16,0,0,21,0,4,0,164,15,0,0,21,0,3,0,41,17,0,0,21,0,2,0,47,17,0,0,21,0,1,0,48,17,0,0,21,0,0,1,49,17,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,71,8,0,0,64,32,0,0,0,0,0,0,0,21,0,68,0,167,15,0,0,21,0,67,0,182,16,0,0,21,0,66,0,18,16,0,0,21,0,65,0,207,16,0,0,21,0,64,0,99,16,0,0,21,0,63,0,98,16,0,0,21,0,62,0,162,15,0,0,21,0,61,0,171,15,0,0,21,0,60,0,24,16,0,0,21,0,0,2,6,16,0,0,32,0,0,0,16,0,0,0,21,0,52,58,1,0,0,0,21,0,56,0,122,16,0,0,21,0,55,0,1,17,0,0,21,0,54,0,21,16,0,0,21,0,53,0,107,16,0,0,21,0,52,0,202,16,0,0,21,0,51,0,245,15,0,0,21,0,50,0,142,16,0,0,21,0,49,0,29,16,0,0,21,0,48,0,44,16,0,0,21,0,47,0,179,15,0,0,21,0,46,0,214,15,0,0,21,0,45,0,126,16,0,0,21,0,44,0,180,15,0,0,21,0,43,0,37,16,0,0,21,0,42,0,87,17,0,0,21,0,41,0,204,16,0,0,21,0,40,0,150,16,0,0,21,0,39,0,161,15,0,0,21,0,38,0,231,16,0,0,21,0,37,0,223,15,0,0,21,0,36,0,201,15,0,0,21,0,35,0,172,15,0,0,21,0,34,0,108,16,0,0,21,0,33,0,205,15,0,0,21,0,32,0,193,15,0,0,21,0,31,0,124,16,0,0,21,0,30,0,215,15,0,0,21,0,29,0,234,16,0,0,21,0,28,0,49,16,0,0,21,0,27,0,163,15,0,0,21,0,26,0,104,16,0,0,21,0,25,0,123,16,0,0,21,0,24,0,45,16,0,0,21,0,23,0,251,15,0,
 0,21,0,22,0,114,16,0,0,21,0,21,0,250,15,0,0,21,0,20,0,192,16,0,0,21,0,19,0,165,15,0,0,21,0,18,0,166,15,0,0,21,0,17,0,14,17,0,0,21,0,16,0,117,16,0,0,21,0,15,0,10,16,0,0,21,0,14,0,118,16,0,0,21,0,13,0,11,16,0,0,21,0,12,0,197,16,0,0,21,0,11,0,119,16,0,0,21,0,10,0,12,16,0,0,21,0,9,0,235,16,0,0,21,0,8,0,105,16,0,0,21,0,7,0,50,16,0,0,21,0,6,0,164,15,0,0,21,0,0,1,87,16,0,0,6,0,0,0,38,0,5,0,21,0,3,0,41,17,0,0,21,0,2,0,47,17,0,0,21,0,1,0,48,17,0,0,21,0,0,1,49,17,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -74,10 +74,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,8,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,163,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,
 132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,54,8,0,0,192,32,0,0,0,0,0,0,0,21,0,0,1,176,19,0,0,6,0,0,0,38,0,5,0,21,0,49,0,163,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142
 ,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,60,8,0,0,192,32,0,0,0,0,0,0,0,21,0,57,0,117,20,0,0,21,0,56,0,195,19,0,0,21,0,55,0,142,20,0,0,21,0,54,0,150,19,0,0,21,0,53,0,149,19,0,0,21,0,52,0,192,19,0,0,21,0,51,0,193,19,0,0,21,0,50,0,191,19,0,0,21,0,49,0,163,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0,212,19,0,0,21,0,13,0,147,19,0,0,21,0
 ,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,8,0,0,192,32,0,0,0,0,0,0,0,21,0,59,0,117,20,0,0,21,0,58,0,195,19,0,0,21,0,57,0,142,20,0,0,21,0,56,0,150,19,0,0,21,0,55,0,149,19,0,0,21,0,54,0,192,19,0,0,21,0,53,0,193,19,0,0,21,0,52,0,191,19,0,0,21,0,0,1,176,19,0,0,6,0,0,0,38,0,5,0,21,0,49,0,163,19,0,0,21,0,48,0,193,20,0,0,21,0,47,0,94,20,0,0,21,0,46,0,199,19,0,0,21,0,45,0,198,19,0,0,21,0,44,0,203,19,0,0,21,0,43,0,204,19,0,0,21,0,42,0,202,19,0,0,21,0,41,0,213,19,0,0,21,0,40,0,137,20,0,0,21,0,39,0,223,19,0,0,21,0,38,0,74,20,0,0,21,0,37,0,146,19,0,0,21,0,36,0,144,19,0,0,21,0,35,0,151,19,0,0,21,0,34,0,58,20,0,0,21,0,33,0,174,19,0,0,21,0,32,0,215,19,0,0,21,0,31,0,63,21,0,0,21,0,30,0,139,20,0,0,21,0,29,0,85,20,0,0,21,0,28,0,194,19,0,0,21,0,27,0,166,20,0,0,21,0,26,0,168,19,0,0,21,0,25,0,167,19,0,0,21,0,24,0,214,19,0,0,21,0,23,0,3,20,0,0,21,0,22,0,148,19,0,0,21,0,21,0,156,19,0,0,21,0,20,0,206,19,0,0,21,0,19,0,169,20,0,0,21,0,18,0,154,19,0,0,21,0,17,0,136,19,0,0,21,0,16,0,152,19,0,0,21,0,15,0,188,20,0,0,21,0,14,0
 ,212,19,0,0,21,0,13,0,147,19,0,0,21,0,12,0,145,19,0,0,21,0,11,0,127,20,0,0,21,0,10,0,138,19,0,0,21,0,9,0,139,19,0,0,21,0,8,0,206,20,0,0,21,0,7,0,140,19,0,0,21,0,6,0,142,19,0,0,21,0,5,0,141,19,0,0,21,0,4,0,132,20,0,0,21,0,3,0,170,20,0,0,21,0,2,0,153,19,0,0,21,0,1,0,155,19,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -85,10 +85,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* MIPSEL64N32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,53,8,0,0,224,32,0,0,0,0,0,0,0,21,0,50,0,61,24,0,0,21,0,49,0,170,23,0,0,21,0,48,0,146,24,0,0,21,0,47,0,144,23,0,0,21,0,46,0,143,23,0,0,21,0,45,0,190,23,0,0,21,0,44,0,235,23,0,0,21,0,43,0,124,23,0,0,21,0,42,0,132,23,0,0,21,0,41,0,68,24,0,0,21,0,40,0,182,23,0,0,21,0,39,0,149,24,0,0,21,0,38,0,130,23,0,0,21,0,37,0,112,23,0,0,21,0,36,0,128,23,0,0,21,0,35,0,155,24,0,0,21,0,34,0,188,23,0,0,21,0,33,0,123,23,0,0,21,0,32,0,121,23,0,0,21,0,31,0,107,24,0,0,21,0,30,0,114,23,0,0,21,0,29,0,115,23,0,0,21,0,28,0,186,24,0,0,21,0,27,0,116,23,0,0,21,0,26,0,118,23,0,0,21,0,25,0,117,23,0,0,21,0,24,0,112,24,0,0,21,0,23,0,150,24,0,0,21,0,22,0,129,23,0,0,21,0,21,0,131,23,0,0,21,0,20,0,113,23,0,0,21,0,19,0,139,23,0,0,21,0,18,0,173,24,0,0,21,0,17,0,71,24,0,0,21,0,16,0,175,23,0,0,21,0,15,0,174,23,0,0,21,0,14,0,179,23,0,0,21,0,13,0,180,23,0,0,21,0,12,0,178,23,0,0,21,0,11,0,189,23,0,0,21,0,10,0,117,24,0,0,21,0,9,0,199,23,0,0,21,0,8,0,50,24,0,0,21,0,7,0,122,23,0,0,21,0,6,0,120,23,0,0,21,0,
 5,0,127,23,0,0,21,0,4,0,34,24,0,0,21,0,3,0,150,23,0,0,21,0,2,0,191,23,0,0,21,0,1,0,39,25,0,0,21,0,0,1,119,24,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,55,8,0,0,224,32,0,0,0,0,0,0,0,21,0,52,0,124,23,0,0,21,0,51,0,132,23,0,0,21,0,50,0,68,24,0,0,21,0,49,0,182,23,0,0,21,0,48,0,149,24,0,0,21,0,47,0,130,23,0,0,21,0,46,0,112,23,0,0,21,0,45,0,128,23,0,0,21,0,44,0,155,24,0,0,21,0,43,0,188,23,0,0,21,0,42,0,123,23,0,0,21,0,41,0,121,23,0,0,21,0,40,0,107,24,0,0,21,0,39,0,114,23,0,0,21,0,38,0,115,23,0,0,21,0,37,0,186,24,0,0,21,0,36,0,116,23,0,0,21,0,35,0,118,23,0,0,21,0,34,0,117,23,0,0,21,0,33,0,112,24,0,0,21,0,32,0,150,24,0,0,21,0,31,0,129,23,0,0,21,0,30,0,131,23,0,0,21,0,29,0,113,23,0,0,21,0,0,1,152,23,0,0,6,0,0,0,38,0,5,0,21,0,26,0,139,23,0,0,21,0,25,0,173,24,0,0,21,0,24,0,71,24,0,0,21,0,23,0,175,23,0,0,21,0,22,0,174,23,0,0,21,0,21,0,179,23,0,0,21,0,20,0,180,23,0,0,21,0,19,0,178,23,0,0,21,0,18,0,189,23,0,0,21,0,17,0,117,24,0,0,21,0,16,0,199,23,0,0,21,0,15,0,50,24,0,0,21,0,14,0,122,23,0,0,21,0,13,0,120,23,0,0,21,0,12,0,127,23,0,0,21,0,11,0,34,24,0,0,21,0,10,0,150,23,0,0,21,0,9,0,191,23,0,0,21,0,8,0,39,25,0,0,21,0,7,0,
 119,24,0,0,21,0,6,0,61,24,0,0,21,0,5,0,170,23,0,0,21,0,4,0,146,24,0,0,21,0,3,0,144,23,0,0,21,0,2,0,143,23,0,0,21,0,1,0,190,23,0,0,21,0,0,1,235,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,61,8,0,0,224,32,0,0,0,0,0,0,0,21,0,58,0,61,24,0,0,21,0,57,0,170,23,0,0,21,0,56,0,146,24,0,0,21,0,55,0,144,23,0,0,21,0,54,0,143,23,0,0,21,0,53,0,190,23,0,0,21,0,52,0,235,23,0,0,21,0,51,0,124,23,0,0,21,0,50,0,132,23,0,0,21,0,49,0,68,24,0,0,21,0,48,0,182,23,0,0,21,0,47,0,149,24,0,0,21,0,46,0,130,23,0,0,21,0,45,0,112,23,0,0,21,0,44,0,128,23,0,0,21,0,43,0,155,24,0,0,21,0,42,0,188,23,0,0,21,0,41,0,123,23,0,0,21,0,40,0,121,23,0,0,21,0,39,0,107,24,0,0,21,0,38,0,114,23,0,0,21,0,37,0,115,23,0,0,21,0,36,0,186,24,0,0,21,0,35,0,116,23,0,0,21,0,34,0,118,23,0,0,21,0,33,0,117,23,0,0,21,0,32,0,112,24,0,0,21,0,31,0,150,24,0,0,21,0,30,0,129,23,0,0,21,0,29,0,131,23,0,0,21,0,28,0,113,23,0,0,21,0,27,0,97,24,0,0,21,0,26,0,171,23,0,0,21,0,25,0,122,24,0,0,21,0,24,0,126,23,0,0,21,0,23,0,125,23,0,0,21,0,22,0,168,23,0,0,21,0,21,0,169,23,0,0,21,0,20,0,167,23,0,0,21,0,19,0,139,23,0,0,21,0,18,0,173,24,0,0,21,0,17,0,71,24,0,0,21,0,16,0,175,23,0,0,21,0,15,0,174,23,0,0,21,0,14,0,179,23,0,0,2
 1,0,13,0,180,23,0,0,21,0,12,0,178,23,0,0,21,0,11,0,189,23,0,0,21,0,10,0,117,24,0,0,21,0,9,0,199,23,0,0,21,0,8,0,50,24,0,0,21,0,7,0,122,23,0,0,21,0,6,0,120,23,0,0,21,0,5,0,127,23,0,0,21,0,4,0,34,24,0,0,21,0,3,0,150,23,0,0,21,0,2,0,191,23,0,0,21,0,1,0,39,25,0,0,21,0,0,1,119,24,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,63,8,0,0,224,32,0,0,0,0,0,0,0,21,0,60,0,124,23,0,0,21,0,59,0,132,23,0,0,21,0,58,0,68,24,0,0,21,0,57,0,182,23,0,0,21,0,56,0,149,24,0,0,21,0,55,0,130,23,0,0,21,0,54,0,112,23,0,0,21,0,53,0,128,23,0,0,21,0,52,0,155,24,0,0,21,0,51,0,188,23,0,0,21,0,50,0,123,23,0,0,21,0,49,0,121,23,0,0,21,0,48,0,107,24,0,0,21,0,47,0,114,23,0,0,21,0,46,0,115,23,0,0,21,0,45,0,186,24,0,0,21,0,44,0,116,23,0,0,21,0,43,0,118,23,0,0,21,0,42,0,117,23,0,0,21,0,41,0,112,24,0,0,21,0,40,0,150,24,0,0,21,0,39,0,129,23,0,0,21,0,38,0,131,23,0,0,21,0,37,0,113,23,0,0,21,0,36,0,97,24,0,0,21,0,35,0,171,23,0,0,21,0,34,0,122,24,0,0,21,0,33,0,126,23,0,0,21,0,32,0,125,23,0,0,21,0,31,0,168,23,0,0,21,0,30,0,169,23,0,0,21,0,29,0,167,23,0,0,21,0,0,1,152,23,0,0,6,0,0,0,38,0,5,0,21,0,26,0,139,23,0,0,21,0,25,0,173,24,0,0,21,0,24,0,71,24,0,0,21,0,23,0,175,23,0,0,21,0,22,0,174,23,0,0,21,0,21,0,179,23,0,0,21,0,20,0,180,23,0,0,21,0,19,0,178,23,0,0,21,0,18,0,189,23,0,0,21,0,17,0,117,24,0,0,21,0,16,0,199,23,0,0,21,0,
 15,0,50,24,0,0,21,0,14,0,122,23,0,0,21,0,13,0,120,23,0,0,21,0,12,0,127,23,0,0,21,0,11,0,34,24,0,0,21,0,10,0,150,23,0,0,21,0,9,0,191,23,0,0,21,0,8,0,39,25,0,0,21,0,7,0,119,24,0,0,21,0,6,0,61,24,0,0,21,0,5,0,170,23,0,0,21,0,4,0,146,24,0,0,21,0,3,0,144,23,0,0,21,0,2,0,143,23,0,0,21,0,1,0,190,23,0,0,21,0,0,1,235,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -96,10 +96,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,58,0,0,0,15,0,32,0,0,0,0,0,0,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0
 ,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,0,0,0,15,0,32,0,0,0,0,0,0,0,21,0,1,0,0,0,17,0,6,0,0,0,5,0,38,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,1
 8,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,68,0,0,0,15,0,32,0,0,0,0,0,0,0,21,65,0,0,0,0,7,0,21,64,0,0,0,0,235,0,21,63,0,0,0,0,114,0,21,62,0,0,0,0,113,0,21,61,0,0,0,1,32,0,21,60,0,0,0,0,175,0,21,59,0,0,0,0,174,0,21,58,0,0,0,0,2,0,21,57,0,0,0,0,11,0,21,56,0,0,0,0,120,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,
 0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,70,0,0,0,15,0,32,0,0,0,0,0,0,0,21,67,0,0,0,0,7,0,21,66,0,0,0,0,235,0,21,65,0,0,0,0,114,0,21,64,0,0,0,0,113,0,21,63,0,0,0,1,32,0,21,62,0,0,0,0,175,0,21,61,0,0,0,0,174,0,21,60,0,0,0,0,2,0,21,59,0,0,0,0,11,0,21,58,0,0,0,0,120,0,21,0,1,0,0,0,17,0,6,0,0,0,5,0,38,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0
 ,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -107,10 +107,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PARISC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,58,128,0,0,15,0,32,0,0,0,0,0,0,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0
 ,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,15,0,32,0,0,0,0,0,0,0,21,0,1,0,0,0,17,0,6,0,0,0,5,0,38,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0
 ,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,68,128,0,0,15,0,32,0,0,0,0,0,0,0,21,65,0,0,0,0,7,0,21,64,0,0,0,0,235,0,21,63,0,0,0,0,114,0,21,62,0,0,0,0,113,0,21,61,0,0,0,1,32,0,21,60,0,0,0,0,175,0,21,59,0,0,0,0,174,0,21,58,0,0,0,0,2,0,21,57,0,0,0,0,11,0,21,56,0,0,0,0,120,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0,0,0,201,0,21,18,0,0,0,0,141,0,21,1
 7,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,70,128,0,0,15,0,32,0,0,0,0,0,0,0,21,67,0,0,0,0,7,0,21,66,0,0,0,0,235,0,21,65,0,0,0,0,114,0,21,64,0,0,0,0,113,0,21,63,0,0,0,1,32,0,21,62,0,0,0,0,175,0,21,61,0,0,0,0,174,0,21,60,0,0,0,0,2,0,21,59,0,0,0,0,11,0,21,58,0,0,0,0,120,0,21,0,1,0,0,0,17,0,6,0,0,0,5,0,38,0,21,55,0,0,0,0,119,0,21,54,0,0,0,1,83,0,21,53,0,0,0,0,228,0,21,52,0,0,0,0,185,0,21,51,0,0,0,0,186,0,21,50,0,0,0,0,188,0,21,49,0,0,0,0,189,0,21,48,0,0,0,0,190,0,21,47,0,0,0,0,110,0,21,46,0,0,0,1,29,0,21,45,0,0,0,0,85,0,21,44,0,0,0,0,210,0,21,43,0,0,0,0,125,0,21,42,0,0,0,0,140,0,21,41,0,0,0,0,19,0,21,40,0,0,0,0,54,0,21,39,0,0,0,0,206,0,21,38,0,0,0,0,20,0,21,37,0,0,0,0,133,0,21,36,0,0,0,1,183,0,21,35,0,0,0,1,31,0,21,34,0,0,0,0,222,0,21,33,0,0,0,0,1,0,21,32,0,0,0,1,56,0,21,31,0,0,0,0,63,0,21,30,0,0,0,0,41,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,106,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,55,0,21,23,0,0,0,1,59,0,21,22,0,0,0,0,145,0,21,21,0,0,0,0,3,0,21,20,0,0,0,0,108,0,21,19,0,0
 ,0,0,201,0,21,18,0,0,0,0,141,0,21,17,0,0,0,0,91,0,21,16,0,0,0,0,89,0,21,15,0,0,0,0,90,0,21,14,0,0,0,1,19,0,21,13,0,0,0,0,5,0,21,12,0,0,0,0,6,0,21,11,0,0,0,1,93,0,21,10,0,0,0,0,101,0,21,9,0,0,0,0,18,0,21,8,0,0,0,0,198,0,21,7,0,0,0,0,84,0,21,6,0,0,0,1,24,0,21,5,0,0,0,0,112,0,21,4,0,0,0,0,28,0,21,3,0,0,0,1,60,0,21,2,0,0,0,0,109,0,21,1,0,0,0,0,146,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -118,10 +118,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,20,0,32,0,0,0,0,0,0,0,21,54,0,0,0,0,205,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,182,0,21,50,0,0,0,1,40,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,221,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,207,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,42,0,21,38,0,0,0,0,234,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,60,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,183,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,204,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,64,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,179,0,21,23,0,0,0,0,202,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,30,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,1,127,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,35,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,65,0,21,6,0,0,0,
 0,180,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,62,0,0,0,20,0,32,0,0,0,0,0,0,0,21,0,2,0,0,0,102,0,32,0,0,0,0,0,20,0,21,52,58,0,0,0,1,0,21,56,0,0,0,0,205,0,21,55,0,0,0,1,103,0,21,54,0,0,0,0,117,0,21,53,0,0,0,0,182,0,21,52,0,0,0,1,40,0,21,51,0,0,0,0,85,0,21,50,0,0,0,0,221,0,21,49,0,0,0,0,125,0,21,48,0,0,0,0,140,0,21,47,0,0,0,0,19,0,21,46,0,0,0,0,54,0,21,45,0,0,0,0,207,0,21,44,0,0,0,0,20,0,21,43,0,0,0,0,133,0,21,42,0,0,0,1,183,0,21,41,0,0,0,1,42,0,21,40,0,0,0,0,234,0,21,39,0,0,0,0,1,0,21,38,0,0,0,1,60,0,21,37,0,0,0,0,63,0,21,36,0,0,0,0,41,0,21,35,0,0,0,0,12,0,21,34,0,0,0,0,183,0,21,33,0,0,0,0,45,0,21,32,0,0,0,0,33,0,21,31,0,0,0,0,204,0,21,30,0,0,0,0,55,0,21,29,0,0,0,1,64,0,21,28,0,0,0,0,145,0,21,27,0,0,0,0,3,0,21,26,0,0,0,0,179,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,141,0,21,23,0,0,0,0,91,0,21,22,0,0,0,0,192,0,21,21,0,0,0,0,90,0,21,20,0,0,0,1,30,0,21,19,0,0,0,0,5,0,21,18,0,0,0,0,6,0,21,17,0,0,0,1,127,0,21,16,0,0,0,0,195,0,21,15,0,0,0,0,106,0,21,14,0,0,0,0,196,0,21,13,0,0,0,0,107,0,21,12,0,0,0,1,35,0,21,11,0,0,0
 ,0,197,0,21,10,0,0,0,0,108,0,21,9,0,0,0,1,65,0,21,8,0,0,0,0,180,0,21,7,0,0,0,0,146,0,21,6,0,0,0,0,4,0,21,0,1,0,0,1,70,0,6,0,0,0,5,0,38,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,67,0,0,0,20,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,7,0,21,63,0,0,0,1,16,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,189,0,21,60,0,0,0,1,26,0,21,59,0,0,0,0,174,0,21,58,0,0,0,0,173,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,0,205,0,21,53,0,0,0,1,103,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,182,0,21,50,0,0,0,1,40,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,221,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,207,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,42,0,21,38,0,0,0,0,234,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,60,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,183,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,204,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,64,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,179,0,21,23,0,0,0,0,202,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,30,0,21,17,0,0,0,0,5,0,21,16,0,0,0
 ,0,6,0,21,15,0,0,0,1,127,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,35,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,65,0,21,6,0,0,0,0,180,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,72,0,0,0,20,0,32,0,0,0,0,0,0,0,21,69,0,0,0,0,7,0,21,68,0,0,0,1,16,0,21,67,0,0,0,0,114,0,21,66,0,0,0,0,189,0,21,65,0,0,0,1,26,0,21,64,0,0,0,0,174,0,21,63,0,0,0,0,173,0,21,62,0,0,0,0,2,0,21,61,0,0,0,0,11,0,21,60,0,0,0,0,120,0,21,0,2,0,0,0,102,0,32,0,0,0,0,0,20,0,21,52,58,0,0,0,1,0,21,56,0,0,0,0,205,0,21,55,0,0,0,1,103,0,21,54,0,0,0,0,117,0,21,53,0,0,0,0,182,0,21,52,0,0,0,1,40,0,21,51,0,0,0,0,85,0,21,50,0,0,0,0,221,0,21,49,0,0,0,0,125,0,21,48,0,0,0,0,140,0,21,47,0,0,0,0,19,0,21,46,0,0,0,0,54,0,21,45,0,0,0,0,207,0,21,44,0,0,0,0,20,0,21,43,0,0,0,0,133,0,21,42,0,0,0,1,183,0,21,41,0,0,0,1,42,0,21,40,0,0,0,0,234,0,21,39,0,0,0,0,1,0,21,38,0,0,0,1,60,0,21,37,0,0,0,0,63,0,21,36,0,0,0,0,41,0,21,35,0,0,0,0,12,0,21,34,0,0,0,0,183,0,21,33,0,0,0,0,45,0,21,32,0,0,0,0,33,0,21,31,0,0,0,0,204,0,21,30,0,0,0,0,55,0,21,29,0,0,0,1,64,0,21,28,0,0,0,0,145,0,21,27,0,0,0,0,3,0,21,26,0,0,0,0,179,0,21,25,0,0,0,0,202,0,21,24,0,0,0,0,141,0,21,23,0,0,0,0,91,0,21,22,0,0,0,0,192,0,21,21,0,0,0
 ,0,90,0,21,20,0,0,0,1,30,0,21,19,0,0,0,0,5,0,21,18,0,0,0,0,6,0,21,17,0,0,0,1,127,0,21,16,0,0,0,0,195,0,21,15,0,0,0,0,106,0,21,14,0,0,0,0,196,0,21,13,0,0,0,0,107,0,21,12,0,0,0,1,35,0,21,11,0,0,0,0,197,0,21,10,0,0,0,0,108,0,21,9,0,0,0,1,65,0,21,8,0,0,0,0,180,0,21,7,0,0,0,0,146,0,21,6,0,0,0,0,4,0,21,0,1,0,0,1,70,0,6,0,0,0,5,0,38,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -129,10 +129,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,53,128,0,0,21,0,32,0,0,0,0,0,0,0,21,50,0,0,0,0,141,0,21,49,0,0,0,0,91,0,21,48,0,0,0,0,90,0,21,47,0,0,0,1,30,0,21,46,0,0,0,0,5,0,21,45,0,0,0,0,6,0,21,44,0,0,0,1,127,0,21,43,0,0,0,0,106,0,21,42,0,0,0,0,107,0,21,41,0,0,0,0,108,0,21,40,0,0,0,1,35,0,21,39,0,0,0,1,65,0,21,38,0,0,0,0,180,0,21,37,0,0,0,0,146,0,21,36,0,0,0,0,4,0,21,35,0,0,0,0,205,0,21,34,0,0,0,1,103,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,182,0,21,31,0,0,0,1,40,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,140,0,21,26,0,0,0,0,19,0,21,25,0,0,0,0,54,0,21,24,0,0,0,0,207,0,21,23,0,0,0,0,20,0,21,22,0,0,0,0,133,0,21,21,0,0,0,1,183,0,21,20,0,0,0,1,42,0,21,19,0,0,0,0,234,0,21,18,0,0,0,0,1,0,21,17,0,0,0,1,60,0,21,16,0,0,0,0,63,0,21,15,0,0,0,0,41,0,21,14,0,0,0,0,12,0,21,13,0,0,0,0,183,0,21,12,0,0,0,0,45,0,21,11,0,0,0,0,33,0,21,10,0,0,0,0,55,0,21,9,0,0,0,1,64,0,21,8,0,0,0,0,145,0,21,7,0,0,0,0,3,0,21,6,0,0,0,0,179,0,21,5,0,0,0,0,202,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,14
 3,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,60,128,0,0,21,0,32,0,0,0,0,0,0,0,21,57,0,0,0,0,107,0,21,56,0,0,0,0,108,0,21,55,0,0,0,1,35,0,21,54,0,0,0,1,65,0,21,53,0,0,0,0,180,0,21,52,0,0,0,0,146,0,21,51,0,0,0,0,4,0,21,0,4,0,0,0,102,0,32,0,0,0,0,0,16,0,21,0,49,0,0,0,0,0,32,0,0,0,0,0,20,0,21,40,47,0,0,0,1,0,21,45,0,0,0,0,205,0,21,44,0,0,0,1,103,0,21,43,0,0,0,0,117,0,21,42,0,0,0,0,182,0,21,41,0,0,0,1,40,0,21,40,0,0,0,0,85,0,21,39,0,0,0,0,221,0,21,38,0,0,0,0,125,0,21,37,0,0,0,0,140,0,21,36,0,0,0,0,19,0,21,35,0,0,0,0,54,0,21,34,0,0,0,0,207,0,21,33,0,0,0,0,20,0,21,32,0,0,0,0,133,0,21,31,0,0,0,1,183,0,21,30,0,0,0,1,42,0,21,29,0,0,0,0,234,0,21,28,0,0,0,0,1,0,21,27,0,0,0,1,60,0,21,26,0,0,0,0,63,0,21,25,0,0,0,0,41,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,1,64,0,21,18,0,0,0,0,145,0,21,17,0,0,0,0,3,0,21,16,0,0,0,0,179,0,21,15,0,0,0,0,202,0,21,14,0,0,0,0,141,0,21,13,0,0,0,0,91,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6
 ,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,106,0,21,0,1,0,0,1,70,0,6,0,0,0,5,0,38,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,63,128,0,0,21,0,32,0,0,0,0,0,0,0,21,60,0,0,0,0,141,0,21,59,0,0,0,0,91,0,21,58,0,0,0,0,90,0,21,57,0,0,0,1,30,0,21,56,0,0,0,0,5,0,21,55,0,0,0,0,6,0,21,54,0,0,0,1,127,0,21,53,0,0,0,0,106,0,21,52,0,0,0,0,107,0,21,51,0,0,0,0,108,0,21,50,0,0,0,1,35,0,21,49,0,0,0,1,65,0,21,48,0,0,0,0,180,0,21,47,0,0,0,0,146,0,21,46,0,0,0,0,4,0,21,45,0,0,0,0,7,0,21,44,0,0,0,1,16,0,21,43,0,0,0,0,114,0,21,42,0,0,0,0,189,0,21,41,0,0,0,1,26,0,21,40,0,0,0,0,174,0,21,39,0,0,0,0,173,0,21,38,0,0,0,0,2,0,21,37,0,0,0,0,11,0,21,36,0,0,0,0,120,0,21,35,0,0,0,0,205,0,21,34,0,0,0,1,103,0,21,33,0,0,0,0,117,0,21,32,0,0,0,0,182,0,21,31,0,0,0,1,40,0,21,30,0,0,0,0,85,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,125,0,21,27,0,0,0,0,140,0,21,26,0,0,0,0,19,0,21,25,0,0,0,0,54,0,21,24,0,0,0,0,207,0,21,23,0,0,0,0,20,0,21,22,0,0,0,0,133,0,21,21,0,0,0,1,183,0,21,20,0,0,0,1,42,0,21,19,0,0,0,0,234,0,21,18,0,0,0,0,1,0,21,17,0,0,0,1,60,0,21,16,0,0,0,0,63,0,21,15,0,0,0,0,41,0,21,14,0,0,0,0,12,0,21,13,0,0,0,0,183,0,21,12,0,0
 ,0,0,45,0,21,11,0,0,0,0,33,0,21,10,0,0,0,0,55,0,21,9,0,0,0,1,64,0,21,8,0,0,0,0,145,0,21,7,0,0,0,0,3,0,21,6,0,0,0,0,179,0,21,5,0,0,0,0,202,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,70,128,0,0,21,0,32,0,0,0,0,0,0,0,21,67,0,0,0,0,107,0,21,66,0,0,0,0,108,0,21,65,0,0,0,1,35,0,21,64,0,0,0,1,65,0,21,63,0,0,0,0,180,0,21,62,0,0,0,0,146,0,21,61,0,0,0,0,4,0,21,60,0,0,0,0,7,0,21,59,0,0,0,1,16,0,21,58,0,0,0,0,114,0,21,57,0,0,0,0,189,0,21,56,0,0,0,1,26,0,21,55,0,0,0,0,174,0,21,54,0,0,0,0,173,0,21,53,0,0,0,0,2,0,21,52,0,0,0,0,11,0,21,51,0,0,0,0,120,0,21,0,4,0,0,0,102,0,32,0,0,0,0,0,16,0,21,0,49,0,0,0,0,0,32,0,0,0,0,0,20,0,21,40,47,0,0,0,1,0,21,45,0,0,0,0,205,0,21,44,0,0,0,1,103,0,21,43,0,0,0,0,117,0,21,42,0,0,0,0,182,0,21,41,0,0,0,1,40,0,21,40,0,0,0,0,85,0,21,39,0,0,0,0,221,0,21,38,0,0,0,0,125,0,21,37,0,0,0,0,140,0,21,36,0,0,0,0,19,0,21,35,0,0,0,0,54,0,21,34,0,0,0,0,207,0,21,33,0,0,0,0,20,0,21,32,0,0,0,0,133,0,21,31,0,0,0,1,183,0,21,30,0,0,0,1,42,0,21,29,0,0,0,0,234,0,21,28,0,0,0,0,1,0,21,27,0,0,0,1,60,0,21,26,0,0,0,0,63,0,21,25,0,0,0,0,41,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,1
 ,64,0,21,18,0,0,0,0,145,0,21,17,0,0,0,0,3,0,21,16,0,0,0,0,179,0,21,15,0,0,0,0,202,0,21,14,0,0,0,0,141,0,21,13,0,0,0,0,91,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,106,0,21,0,1,0,0,1,70,0,6,0,0,0,5,0,38,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -140,10 +140,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* PPC64LE */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,53,21,0,0,192,32,0,0,0,0,0,0,0,21,0,50,0,205,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,
 0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,60,21,0,0,192,32,0,0,0,0,0,0,0,21,0,0,4,102,0,0,0,32,0,0,0,20,0,0,0,21,0,0,56,0,0,0,0,32,0,0,0,16,0,0,0,21,0,47,54,1,0,0,0,21,0,52,0,205,0,0,0,21,0,51,0,103,1,0,0,21,0,50,0,117,0,0,0,21,0,49,0,182,0,0,0,21,0,48,0,40,1,0,0,21,0,47,0,85,0,0,0,21,0,46,0,221,0,0,0,21,0,45,0,125,0,0,0,21,0,44,0,140,0,0,0,21,0,43,0,19,0,0,0,21,0,42,0,54,0,0,0,21,0,41,0,207,0,0,0,21,0,40,0,20,0,0,0,21,0,39,0,133,0,0,0,21,0,38,0,183,1,0,0,21,0,37,0,42,1,0,0,21,0,36,0,234,0,0,0,21,0,35,0,1,0,0,0,21,0,34,0,60,1,0,0,21,0,33,0,63,0,0,0,21,0,32,0,41,0,0,0,21,0,31,0,12,0,0,0,21,0,30,0,183,0,0,0,21,0,29,0,45,0,0,0,21,0,28,0,33,0,0,0,21,0,27,0,55,0,0,0,21,0,26,0,64,1,0,0,21,0,25,0,145,0,0,0,21,0,24,0,3,0,0,0,21,0,23,0,179,0,0,0,21,0,22,0,202,0,0,0,21,0,21,0,141,0,0,0,21,0,20,0,91,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,30,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,106,0,0,0,21,0,13,0,107,0,0,0,21,0,12,0,108,0,0,0,21,0,11,0,35,1,0,0,21,0,10,0,65,1,0,0,21,0,9,0,180,0,0
 ,0,21,0,8,0,146,0,0,0,21,0,7,0,4,0,0,0,21,0,0,1,70,1,0,0,6,0,0,0,38,0,5,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,63,21,0,0,192,32,0,0,0,0,0,0,0,21,0,60,0,7,0,0,0,21,0,59,0,16,1,0,0,21,0,58,0,114,0,0,0,21,0,57,0,189,0,0,0,21,0,56,0,26,1,0,0,21,0,55,0,174,0,0,0,21,0,54,0,173,0,0,0,21,0,53,0,2,0,0,0,21,0,52,0,11,0,0,0,21,0,51,0,120,0,0,0,21,0,50,0,205,0,0,0,21,0,49,0,103,1,0,0,21,0,48,0,117,0,0,0,21,0,47,0,182,0,0,0,21,0,46,0,40,1,0,0,21,0,45,0,85,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,140,0,0,0,21,0,41,0,19,0,0,0,21,0,40,0,54,0,0,0,21,0,39,0,207,0,0,0,21,0,38,0,20,0,0,0,21,0,37,0,133,0,0,0,21,0,36,0,183,1,0,0,21,0,35,0,42,1,0,0,21,0,34,0,234,0,0,0,21,0,33,0,1,0,0,0,21,0,32,0,60,1,0,0,21,0,31,0,63,0,0,0,21,0,30,0,41,0,0,0,21,0,29,0,12,0,0,0,21,0,28,0,183,0,0,0,21,0,27,0,45,0,0,0,21,0,26,0,33,0,0,0,21,0,25,0,55,0,0,0,21,0,24,0,64,1,0,0,21,0,23,0,145,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,179,0,0,0,21,0,20,0,202,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,90,0,0,0,21,0,16,0,30,1,0,0,21,0,15,0,5,0,0,0,21,0,14,0,6,0,0,0,21,0,13,0,127,1,0,0,21,0,12,0,106
 ,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,35,1,0,0,21,0,8,0,65,1,0,0,21,0,7,0,180,0,0,0,21,0,6,0,146,0,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,70,21,0,0,192,32,0,0,0,0,0,0,0,21,0,67,0,7,0,0,0,21,0,66,0,16,1,0,0,21,0,65,0,114,0,0,0,21,0,64,0,189,0,0,0,21,0,63,0,26,1,0,0,21,0,62,0,174,0,0,0,21,0,61,0,173,0,0,0,21,0,60,0,2,0,0,0,21,0,59,0,11,0,0,0,21,0,58,0,120,0,0,0,21,0,0,4,102,0,0,0,32,0,0,0,20,0,0,0,21,0,0,56,0,0,0,0,32,0,0,0,16,0,0,0,21,0,47,54,1,0,0,0,21,0,52,0,205,0,0,0,21,0,51,0,103,1,0,0,21,0,50,0,117,0,0,0,21,0,49,0,182,0,0,0,21,0,48,0,40,1,0,0,21,0,47,0,85,0,0,0,21,0,46,0,221,0,0,0,21,0,45,0,125,0,0,0,21,0,44,0,140,0,0,0,21,0,43,0,19,0,0,0,21,0,42,0,54,0,0,0,21,0,41,0,207,0,0,0,21,0,40,0,20,0,0,0,21,0,39,0,133,0,0,0,21,0,38,0,183,1,0,0,21,0,37,0,42,1,0,0,21,0,36,0,234,0,0,0,21,0,35,0,1,0,0,0,21,0,34,0,60,1,0,0,21,0,33,0,63,0,0,0,21,0,32,0,41,0,0,0,21,0,31,0,12,0,0,0,21,0,30,0,183,0,0,0,21,0,29,0,45,0,0,0,21,0,28,0,33,0,0,0,21,0,27,0,55,0,0,0,21,0,26,0,64,1,0,0,21,0,25,0,145,0,0,0,21,0,24,0,3,0,0,0,21,0,23,0,179,0,0,0,21,0,22,0,202,0,0,0,21,0,21,0,141,0,0,0,21,0,20,0,91,0,0,0,21,0,19,0,90,0,
 0,0,21,0,18,0,30,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,106,0,0,0,21,0,13,0,107,0,0,0,21,0,12,0,108,0,0,0,21,0,11,0,35,1,0,0,21,0,10,0,65,1,0,0,21,0,9,0,180,0,0,0,21,0,8,0,146,0,0,0,21,0,7,0,4,0,0,0,21,0,0,1,70,1,0,0,6,0,0,0,38,0,5,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -151,10 +151,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* RISCV64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,45,243,0,0,192,32,0,0,0,0,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,47,243,0,0,192,32,0,0,0,0,0,0,0,21,0,0,1,198,0,0,0,6,0,0,0,38,0,5,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,52,243,0,0,192,32,0,0,0,0,0,0,0,21,0,49,0,95,0,0,0,21,0,48,0,4,1,0,0,21,0,47,0,97,0,0,0,21,0,46,0,135,0,0,0,21,0,45,0,134,0,0,0,21,0,44,0,221,0,0,0,21,0,43,0,220,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,2
 1,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,54,243,0,0,192,32,0,0,0,0,0,0,0,21,0,51,0,95,0,0,0,21,0,50,0,4,1,0,0,21,0,49,0,97,0,0,0,21,0,48,0,135,0,0,0,21,0,47,0,134,0,0,0,21,0,46,0,221,0,0,0,21,0,45,0,220,0,0,0,21,0,0,1,198,0,0,0,6,0,0,0,38,0,5,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,2
 1,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -162,10 +162,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,57,0,0,0,22,0,32,0,0,0,0,0,0,0,21,54,0,0,0,0,219,0,21,53,0,0,0,1,93,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,183,0,21,50,0,0,0,1,42,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,238,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,236,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,44,0,21,38,0,0,0,0,248,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,70,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,184,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,72,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,180,0,21,23,0,0,0,0,220,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,32,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,1,123,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,37,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,73,0,21,6,0,0,0,0
 ,181,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,62,0,0,0,22,0,32,0,0,0,0,0,0,0,21,55,0,0,0,0,219,0,21,54,0,0,0,1,93,0,21,53,0,0,0,0,117,0,21,52,0,0,0,0,183,0,21,51,0,0,0,1,42,0,21,50,0,0,0,0,85,0,21,49,0,0,0,0,238,0,21,48,0,0,0,0,125,0,21,47,0,0,0,0,140,0,21,46,0,0,0,0,19,0,21,45,0,0,0,0,54,0,21,44,0,0,0,0,236,0,21,43,0,0,0,0,20,0,21,42,0,0,0,0,133,0,21,41,0,0,0,1,183,0,21,40,0,0,0,1,44,0,21,39,0,0,0,0,248,0,21,38,0,0,0,0,1,0,21,37,0,0,0,1,70,0,21,36,0,0,0,0,63,0,21,35,0,0,0,0,41,0,21,34,0,0,0,0,12,0,21,33,0,0,0,0,184,0,21,32,0,0,0,0,45,0,21,31,0,0,0,0,33,0,21,30,0,0,0,0,221,0,21,29,0,0,0,0,55,0,21,28,0,0,0,1,72,0,21,27,0,0,0,0,145,0,21,26,0,0,0,0,3,0,21,25,0,0,0,0,180,0,21,24,0,0,0,0,220,0,21,23,0,0,0,0,141,0,21,22,0,0,0,0,91,0,21,21,0,0,0,0,192,0,21,20,0,0,0,0,90,0,21,19,0,0,0,1,32,0,21,18,0,0,0,0,5,0,21,17,0,0,0,0,6,0,21,16,0,0,0,1,123,0,21,15,0,0,0,0,195,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,196,0,21,12,0,0,0,0,107,0,21,11,0,0,0,1,37,0,21,10,0,0,0,0,197,0,21,9,0,0,0,0,108,0,21,8,0,0,0,1,73,0,21,7,0,0,0,
 0,181,0,21,6,0,0,0,0,146,0,21,5,0,0,0,0,4,0,21,8,0,0,0,1,103,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,21,0,3,0,0,0,102,0,32,0,0,0,0,0,20,0,21,0,1,0,0,0,1,0,6,0,0,0,5,0,38,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,66,0,0,0,22,0,32,0,0,0,0,0,0,0,21,63,0,0,0,1,25,0,21,62,0,0,0,0,114,0,21,61,0,0,0,0,190,0,21,60,0,0,0,1,47,0,21,59,0,0,0,0,175,0,21,58,0,0,0,0,174,0,21,57,0,0,0,0,2,0,21,56,0,0,0,0,11,0,21,55,0,0,0,0,120,0,21,54,0,0,0,0,219,0,21,53,0,0,0,1,93,0,21,52,0,0,0,0,117,0,21,51,0,0,0,0,183,0,21,50,0,0,0,1,42,0,21,49,0,0,0,0,85,0,21,48,0,0,0,0,238,0,21,47,0,0,0,0,125,0,21,46,0,0,0,0,140,0,21,45,0,0,0,0,19,0,21,44,0,0,0,0,54,0,21,43,0,0,0,0,236,0,21,42,0,0,0,0,20,0,21,41,0,0,0,0,133,0,21,40,0,0,0,1,183,0,21,39,0,0,0,1,44,0,21,38,0,0,0,0,248,0,21,37,0,0,0,0,1,0,21,36,0,0,0,1,70,0,21,35,0,0,0,0,63,0,21,34,0,0,0,0,41,0,21,33,0,0,0,0,12,0,21,32,0,0,0,0,184,0,21,31,0,0,0,0,45,0,21,30,0,0,0,0,33,0,21,29,0,0,0,0,221,0,21,28,0,0,0,0,55,0,21,27,0,0,0,1,72,0,21,26,0,0,0,0,145,0,21,25,0,0,0,0,3,0,21,24,0,0,0,0,180,0,21,23,0,0,0,0,220,0,21,22,0,0,0,0,141,0,21,21,0,0,0,0,91,0,21,20,0,0,0,0,192,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,32,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,
 1,123,0,21,14,0,0,0,0,195,0,21,13,0,0,0,0,106,0,21,12,0,0,0,0,196,0,21,11,0,0,0,0,107,0,21,10,0,0,0,1,37,0,21,9,0,0,0,0,197,0,21,8,0,0,0,0,108,0,21,7,0,0,0,1,73,0,21,6,0,0,0,0,181,0,21,5,0,0,0,0,146,0,21,4,0,0,0,0,4,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,71,0,0,0,22,0,32,0,0,0,0,0,0,0,21,64,0,0,0,0,219,0,21,63,0,0,0,1,93,0,21,62,0,0,0,0,117,0,21,61,0,0,0,0,183,0,21,60,0,0,0,1,42,0,21,59,0,0,0,0,85,0,21,58,0,0,0,0,238,0,21,57,0,0,0,0,125,0,21,56,0,0,0,0,140,0,21,55,0,0,0,0,19,0,21,54,0,0,0,0,54,0,21,53,0,0,0,0,236,0,21,52,0,0,0,0,20,0,21,51,0,0,0,0,133,0,21,50,0,0,0,1,183,0,21,49,0,0,0,1,44,0,21,48,0,0,0,0,248,0,21,47,0,0,0,0,1,0,21,46,0,0,0,1,70,0,21,45,0,0,0,0,63,0,21,44,0,0,0,0,41,0,21,43,0,0,0,0,12,0,21,42,0,0,0,0,184,0,21,41,0,0,0,0,45,0,21,40,0,0,0,0,33,0,21,39,0,0,0,0,221,0,21,38,0,0,0,0,55,0,21,37,0,0,0,1,72,0,21,36,0,0,0,0,145,0,21,35,0,0,0,0,3,0,21,34,0,0,0,0,180,0,21,33,0,0,0,0,220,0,21,32,0,0,0,0,141,0,21,31,0,0,0,0,91,0,21,30,0,0,0,0,192,0,21,29,0,0,0,0,90,0,21,28,0,0,0,1,32,0,21,27,0,0,0,0,5,0,21,26,0,0,0,0,6,0,21,25,0,0,0,1,123,0,21,24,0,0,0,0,195,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,196,0,21,21,0,0,0,0,107,0,21,20,0,0,0,1,37,0,21,19,0,0,0,0,197,0,21,18,0,0,0,0,108,0,21,17,0,0,0,1,73,0,21,16,0,0
 ,0,0,181,0,21,15,0,0,0,0,146,0,21,14,0,0,0,0,4,0,21,13,0,0,0,1,25,0,21,12,0,0,0,0,114,0,21,11,0,0,0,0,190,0,21,10,0,0,0,1,47,0,21,9,0,0,0,0,175,0,21,8,0,0,0,0,174,0,21,7,0,0,0,0,2,0,21,6,0,0,0,0,11,0,21,5,0,0,0,0,120,0,21,8,0,0,0,1,103,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,21,0,3,0,0,0,102,0,32,0,0,0,0,0,20,0,21,0,1,0,0,0,1,0,6,0,0,0,5,0,38,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -173,10 +173,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* S390X */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	0,32,0,0,0,0,0,4,0,21,0,52,128,0,0,22,0,32,0,0,0,0,0,0,0,21,49,0,0,0,1,73,0,21,48,0,0,0,0,181,0,21,47,0,0,0,0,146,0,21,46,0,0,0,0,4,0,21,45,0,0,0,0,219,0,21,44,0,0,0,1,93,0,21,43,0,0,0,0,117,0,21,42,0,0,0,0,183,0,21,41,0,0,0,1,42,0,21,40,0,0,0,0,85,0,21,39,0,0,0,0,238,0,21,38,0,0,0,0,125,0,21,37,0,0,0,0,19,0,21,36,0,0,0,0,54,0,21,35,0,0,0,0,236,0,21,34,0,0,0,0,20,0,21,33,0,0,0,0,133,0,21,32,0,0,0,1,183,0,21,31,0,0,0,1,44,0,21,30,0,0,0,0,248,0,21,29,0,0,0,0,1,0,21,28,0,0,0,1,70,0,21,27,0,0,0,0,63,0,21,26,0,0,0,0,41,0,21,25,0,0,0,0,12,0,21,24,0,0,0,0,184,0,21,23,0,0,0,0,45,0,21,22,0,0,0,0,33,0,21,21,0,0,0,0,55,0,21,20,0,0,0,1,72,0,21,19,0,0,0,0,145,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,180,0,21,16,0,0,0,0,220,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,90,0,21,12,0,0,0,1,32,0,21,11,0,0,0,0,5,0,21,10,0,0,0,0,6,0,21,9,0,0,0,1,123,0,21,8,0,0,0,0,106,0,21,7,0,0,0,0,107,0,21,6,0,0,0,0,108,0,21,5,0,0,0,1,37,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,
 0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,59,128,0,0,22,0,32,0,0,0,0,0,0,0,21,0,4,0,0,0,102,0,32,0,0,0,0,0,16,0,21,0,55,0,0,0,0,0,32,0,0,0,0,0,20,0,21,46,53,0,0,0,1,0,21,51,0,0,0,0,219,0,21,50,0,0,0,1,93,0,21,49,0,0,0,0,117,0,21,48,0,0,0,0,183,0,21,47,0,0,0,1,42,0,21,46,0,0,0,0,85,0,21,45,0,0,0,0,238,0,21,44,0,0,0,0,125,0,21,43,0,0,0,0,19,0,21,42,0,0,0,0,54,0,21,41,0,0,0,0,236,0,21,40,0,0,0,0,20,0,21,39,0,0,0,0,133,0,21,38,0,0,0,1,183,0,21,37,0,0,0,1,44,0,21,36,0,0,0,0,248,0,21,35,0,0,0,0,1,0,21,34,0,0,0,1,70,0,21,33,0,0,0,0,63,0,21,32,0,0,0,0,41,0,21,31,0,0,0,0,12,0,21,30,0,0,0,0,184,0,21,29,0,0,0,0,45,0,21,28,0,0,0,0,33,0,21,27,0,0,0,0,55,0,21,26,0,0,0,1,72,0,21,25,0,0,0,0,145,0,21,24,0,0,0,0,3,0,21,23,0,0,0,0,180,0,21,22,0,0,0,0,220,0,21,21,0,0,0,0,141,0,21,20,0,0,0,0,91,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,32,0,21,17,0,0,0,0,5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,1,123,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,107,0,21,12,0,0,0,0,108,0,21,11,0,0,0,1,37,0,21,10,0,0,0,1,73,0,21,9,0,0,0,0,181,0,21,8,0,0,0,0,146
 ,0,21,7,0,0,0,0,4,0,21,0,1,0,0,1,103,0,6,0,0,0,5,0,38,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	0,32,0,0,0,0,0,4,0,21,0,61,128,0,0,22,0,32,0,0,0,0,0,0,0,21,58,0,0,0,1,73,0,21,57,0,0,0,0,181,0,21,56,0,0,0,0,146,0,21,55,0,0,0,0,4,0,21,54,0,0,0,1,25,0,21,53,0,0,0,0,114,0,21,52,0,0,0,0,190,0,21,51,0,0,0,1,47,0,21,50,0,0,0,0,175,0,21,49,0,0,0,0,174,0,21,48,0,0,0,0,2,0,21,47,0,0,0,0,11,0,21,46,0,0,0,0,120,0,21,45,0,0,0,0,219,0,21,44,0,0,0,1,93,0,21,43,0,0,0,0,117,0,21,42,0,0,0,0,183,0,21,41,0,0,0,1,42,0,21,40,0,0,0,0,85,0,21,39,0,0,0,0,238,0,21,38,0,0,0,0,125,0,21,37,0,0,0,0,19,0,21,36,0,0,0,0,54,0,21,35,0,0,0,0,236,0,21,34,0,0,0,0,20,0,21,33,0,0,0,0,133,0,21,32,0,0,0,1,183,0,21,31,0,0,0,1,44,0,21,30,0,0,0,0,248,0,21,29,0,0,0,0,1,0,21,28,0,0,0,1,70,0,21,27,0,0,0,0,63,0,21,26,0,0,0,0,41,0,21,25,0,0,0,0,12,0,21,24,0,0,0,0,184,0,21,23,0,0,0,0,45,0,21,22,0,0,0,0,33,0,21,21,0,0,0,0,55,0,21,20,0,0,0,1,72,0,21,19,0,0,0,0,145,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,180,0,21,16,0,0,0,0,220,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,90,0,21,12,0,0,0,1,32,0,21,11,0,0,0,0,5,0,21,10,0,0,0
 ,0,6,0,21,9,0,0,0,1,123,0,21,8,0,0,0,0,106,0,21,7,0,0,0,0,107,0,21,6,0,0,0,0,108,0,21,5,0,0,0,1,37,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+	0,32,0,0,0,0,0,4,0,21,0,68,128,0,0,22,0,32,0,0,0,0,0,0,0,21,65,0,0,0,1,25,0,21,64,0,0,0,0,114,0,21,63,0,0,0,0,190,0,21,62,0,0,0,1,47,0,21,61,0,0,0,0,175,0,21,60,0,0,0,0,174,0,21,59,0,0,0,0,2,0,21,58,0,0,0,0,11,0,21,57,0,0,0,0,120,0,21,0,4,0,0,0,102,0,32,0,0,0,0,0,16,0,21,0,55,0,0,0,0,0,32,0,0,0,0,0,20,0,21,46,53,0,0,0,1,0,21,51,0,0,0,0,219,0,21,50,0,0,0,1,93,0,21,49,0,0,0,0,117,0,21,48,0,0,0,0,183,0,21,47,0,0,0,1,42,0,21,46,0,0,0,0,85,0,21,45,0,0,0,0,238,0,21,44,0,0,0,0,125,0,21,43,0,0,0,0,19,0,21,42,0,0,0,0,54,0,21,41,0,0,0,0,236,0,21,40,0,0,0,0,20,0,21,39,0,0,0,0,133,0,21,38,0,0,0,1,183,0,21,37,0,0,0,1,44,0,21,36,0,0,0,0,248,0,21,35,0,0,0,0,1,0,21,34,0,0,0,1,70,0,21,33,0,0,0,0,63,0,21,32,0,0,0,0,41,0,21,31,0,0,0,0,12,0,21,30,0,0,0,0,184,0,21,29,0,0,0,0,45,0,21,28,0,0,0,0,33,0,21,27,0,0,0,0,55,0,21,26,0,0,0,1,72,0,21,25,0,0,0,0,145,0,21,24,0,0,0,0,3,0,21,23,0,0,0,0,180,0,21,22,0,0,0,0,220,0,21,21,0,0,0,0,141,0,21,20,0,0,0,0,91,0,21,19,0,0,0,0,90,0,21,18,0,0,0,1,32,0,21,17,0,0,0,0,
 5,0,21,16,0,0,0,0,6,0,21,15,0,0,0,1,123,0,21,14,0,0,0,0,106,0,21,13,0,0,0,0,107,0,21,12,0,0,0,0,108,0,21,11,0,0,0,1,37,0,21,10,0,0,0,1,73,0,21,9,0,0,0,0,181,0,21,8,0,0,0,0,146,0,21,7,0,0,0,0,4,0,21,0,1,0,0,1,103,0,6,0,0,0,5,0,38,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
 };
 #endif
 
@@ -184,10 +184,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,57,3,0,0,64,32,0,0,0,0,0,0,0,21,0,54,0,219,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0
 ,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,62,3,0,0,64,32,0,0,0,0,0,0,0,21,0,0,2,102,0,0,0,32,0,0,0,16,0,0,0,21,0,52,58,1,0,0,0,21,0,56,0,219,0,0,0,21,0,55,0,99,1,0,0,21,0,54,0,117,0,0,0,21,0,53,0,183,0,0,0,21,0,52,0,49,1,0,0,21,0,51,0,85,0,0,0,21,0,50,0,240,0,0,0,21,0,49,0,125,0,0,0,21,0,48,0,140,0,0,0,21,0,47,0,19,0,0,0,21,0,46,0,54,0,0,0,21,0,45,0,224,0,0,0,21,0,44,0,20,0,0,0,21,0,43,0,133,0,0,0,21,0,42,0,183,1,0,0,21,0,41,0,51,1,0,0,21,0,40,0,252,0,0,0,21,0,39,0,1,0,0,0,21,0,38,0,74,1,0,0,21,0,37,0,63,0,0,0,21,0,36,0,41,0,0,0,21,0,35,0,12,0,0,0,21,0,34,0,184,0,0,0,21,0,33,0,45,0,0,0,21,0,32,0,33,0,0,0,21,0,31,0,221,0,0,0,21,0,30,0,55,0,0,0,21,0,29,0,77,1,0,0,21,0,28,0,145,0,0,0,21,0,27,0,3,0,0,0,21,0,26,0,180,0,0,0,21,0,25,0,220,0,0,0,21,0,24,0,141,0,0,0,21,0,23,0,91,0,0,0,21,0,22,0,192,0,0,0,21,0,21,0,90,0,0,0,21,0,20,0,39,1,0,0,21,0,19,0,5,0,0,0,21,0,18,0,6,0,0,0,21,0,17,0,127,1,0,0,21,0,16,0,195,0,0,0,21,0,15,0,106,0,0,0,21,0,14,0,196,0,0,0,21,0,13,0,107,0,0,0,21,0,12,0,44,1,0,0,21,0,11,0,197,
 0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,78,1,0,0,21,0,8,0,181,0,0,0,21,0,7,0,146,0,0,0,21,0,6,0,4,0,0,0,21,0,0,1,103,1,0,0,6,0,0,0,38,0,5,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,67,3,0,0,64,32,0,0,0,0,0,0,0,21,0,64,0,7,0,0,0,21,0,63,0,28,1,0,0,21,0,62,0,114,0,0,0,21,0,61,0,190,0,0,0,21,0,60,0,54,1,0,0,21,0,59,0,175,0,0,0,21,0,58,0,174,0,0,0,21,0,57,0,2,0,0,0,21,0,56,0,11,0,0,0,21,0,55,0,120,0,0,0,21,0,54,0,219,0,0,0,21,0,53,0,99,1,0,0,21,0,52,0,117,0,0,0,21,0,51,0,183,0,0,0,21,0,50,0,49,1,0,0,21,0,49,0,85,0,0,0,21,0,48,0,240,0,0,0,21,0,47,0,125,0,0,0,21,0,46,0,140,0,0,0,21,0,45,0,19,0,0,0,21,0,44,0,54,0,0,0,21,0,43,0,224,0,0,0,21,0,42,0,20,0,0,0,21,0,41,0,133,0,0,0,21,0,40,0,183,1,0,0,21,0,39,0,51,1,0,0,21,0,38,0,252,0,0,0,21,0,37,0,1,0,0,0,21,0,36,0,74,1,0,0,21,0,35,0,63,0,0,0,21,0,34,0,41,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,184,0,0,0,21,0,31,0,45,0,0,0,21,0,30,0,33,0,0,0,21,0,29,0,221,0,0,0,21,0,28,0,55,0,0,0,21,0,27,0,77,1,0,0,21,0,26,0,145,0,0,0,21,0,25,0,3,0,0,0,21,0,24,0,180,0,0,0,21,0,23,0,220,0,0,0,21,0,22,0,141,0,0,0,21,0,21,0,91,0,0,0,21,0,20,0,192,0,0,0,21,0,19,0,90,0,0,0,21,0,18,0,39,1,0,0,21,0,17,0,5,0,0,0,21,0,16,0,6,0,
 0,0,21,0,15,0,127,1,0,0,21,0,14,0,195,0,0,0,21,0,13,0,106,0,0,0,21,0,12,0,196,0,0,0,21,0,11,0,107,0,0,0,21,0,10,0,44,1,0,0,21,0,9,0,197,0,0,0,21,0,8,0,108,0,0,0,21,0,7,0,78,1,0,0,21,0,6,0,181,0,0,0,21,0,5,0,146,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,72,3,0,0,64,32,0,0,0,0,0,0,0,21,0,69,0,7,0,0,0,21,0,68,0,28,1,0,0,21,0,67,0,114,0,0,0,21,0,66,0,190,0,0,0,21,0,65,0,54,1,0,0,21,0,64,0,175,0,0,0,21,0,63,0,174,0,0,0,21,0,62,0,2,0,0,0,21,0,61,0,11,0,0,0,21,0,60,0,120,0,0,0,21,0,0,2,102,0,0,0,32,0,0,0,16,0,0,0,21,0,52,58,1,0,0,0,21,0,56,0,219,0,0,0,21,0,55,0,99,1,0,0,21,0,54,0,117,0,0,0,21,0,53,0,183,0,0,0,21,0,52,0,49,1,0,0,21,0,51,0,85,0,0,0,21,0,50,0,240,0,0,0,21,0,49,0,125,0,0,0,21,0,48,0,140,0,0,0,21,0,47,0,19,0,0,0,21,0,46,0,54,0,0,0,21,0,45,0,224,0,0,0,21,0,44,0,20,0,0,0,21,0,43,0,133,0,0,0,21,0,42,0,183,1,0,0,21,0,41,0,51,1,0,0,21,0,40,0,252,0,0,0,21,0,39,0,1,0,0,0,21,0,38,0,74,1,0,0,21,0,37,0,63,0,0,0,21,0,36,0,41,0,0,0,21,0,35,0,12,0,0,0,21,0,34,0,184,0,0,0,21,0,33,0,45,0,0,0,21,0,32,0,33,0,0,0,21,0,31,0,221,0,0,0,21,0,30,0,55,0,0,0,21,0,29,0,77,1,0,0,21,0,28,0,145,0,0,0,21,0,27,0,3,0,0,0,21,0,26,0,180,0,0,0,21,0,25,0,220,0,0,0,21,0,24,0,141,0,0,0,21,0,23,0,91,0,0,0,21,0,22,0,192,0,0,0,21,0,21,0,90,0
 ,0,0,21,0,20,0,39,1,0,0,21,0,19,0,5,0,0,0,21,0,18,0,6,0,0,0,21,0,17,0,127,1,0,0,21,0,16,0,195,0,0,0,21,0,15,0,106,0,0,0,21,0,14,0,196,0,0,0,21,0,13,0,107,0,0,0,21,0,12,0,44,1,0,0,21,0,11,0,197,0,0,0,21,0,10,0,108,0,0,0,21,0,9,0,78,1,0,0,21,0,8,0,181,0,0,0,21,0,7,0,146,0,0,0,21,0,6,0,4,0,0,0,21,0,0,1,103,1,0,0,6,0,0,0,38,0,5,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -195,10 +195,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X32 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,53,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,51,0,0,0,64,21,0,49,0,28,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2
 ,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,55,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,53,0,0,0,64,21,0,0,1,41,0,0,64,6,0,0,0,38,0,5,0,21,0,49,0,28,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,
 0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,62,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,60,0,0,0,64,21,0,58,0,17,2,0,64,21,0,57,0,61,0,0,64,21,0,56,0,58,0,0,64,21,0,55,0,16,1,0,64,21,0,54,0,14,0,0,64,21,0,53,0,0,2,0,64,21,0,52,0,57,0,0,64,21,0,51,0,8,2,0,64,21,0,50,0,56,0,0,64,21,0,49,0,28,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,14,0,78,0,0,64,21,0,13,0,11,0,0,64,2
 1,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,64,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,62,0,0,0,64,21,0,60,0,17,2,0,64,21,0,59,0,61,0,0,64,21,0,58,0,58,0,0,64,21,0,57,0,16,1,0,64,21,0,56,0,14,0,0,64,21,0,55,0,0,2,0,64,21,0,54,0,57,0,0,64,21,0,53,0,8,2,0,64,21,0,52,0,56,0,0,64,21,0,0,1,41,0,0,64,6,0,0,0,38,0,5,0,21,0,49,0,28,0,0,64,21,0,48,0,62,1,0,64,21,0,47,0,220,0,0,64,21,0,46,0,65,0,0,64,21,0,45,0,64,0,0,64,21,0,44,0,69,0,0,64,21,0,43,0,70,0,0,64,21,0,42,0,68,0,0,64,21,0,41,0,79,0,0,64,21,0,40,0,11,1,0,64,21,0,39,0,89,0,0,64,21,0,38,0,202,0,0,64,21,0,37,0,10,0,0,64,21,0,36,0,8,0,0,64,21,0,35,0,2,2,0,64,21,0,34,0,186,0,0,64,21,0,33,0,39,0,0,64,21,0,32,0,81,0,0,64,21,0,31,0,183,1,0,64,21,0,30,0,13,1,0,64,21,0,29,0,231,0,0,64,21,0,28,0,60,0,0,64,21,0,27,0,36,1,0,64,21,0,26,0,33,0,0,64,21,0,25,0,32,0,0,64,21,0,24,0,80,0,0,64,21,0,23,0,125,0,0,64,21,0,22,0,12,0,0,64,21,0,21,0,21,0,0,64,21,0,20,0,72,0,0,64,21,0,19,0,22,2,0,64,21,0,18,0,3,2,0,64,21,0,17,0,0,0,0,64,21,0,16,0,17,0,0,64,21,0,15,0,217,0,0,64,21,0,
 14,0,78,0,0,64,21,0,13,0,11,0,0,64,21,0,12,0,9,0,0,64,21,0,11,0,1,1,0,64,21,0,10,0,2,0,0,64,21,0,9,0,3,0,0,64,21,0,8,0,76,1,0,64,21,0,7,0,4,0,0,64,21,0,6,0,6,0,0,64,21,0,5,0,5,0,0,64,21,0,4,0,6,1,0,64,21,0,3,0,23,2,0,64,21,0,2,0,18,0,0,64,21,0,1,0,4,2,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 
@@ -206,10 +206,10 @@ static const unsigned char seccomp_bpf_blks_fork[] = {
 /* X86_64 */
 #define SECCOMP_BPF_AVAILABLE
 static const unsigned char seccomp_bpf_blks_base[] = {
-	32,0,0,0,4,0,0,0,21,0,0,54,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,51,255,255,255,255,21,0,49,0,220,0,0,0,21,0,48,0,65,0,0,0,21,0,47,0,64,0,0,0,21,0,46,0,69,0,0,0,21,0,45,0,70,0,0,0,21,0,44,0,68,0,0,0,21,0,43,0,79,0,0,0,21,0,42,0,11,1,0,0,21,0,41,0,89,0,0,0,21,0,40,0,202,0,0,0,21,0,39,0,10,0,0,0,21,0,38,0,8,0,0,0,21,0,37,0,16,0,0,0,21,0,36,0,186,0,0,0,21,0,35,0,39,0,0,0,21,0,34,0,81,0,0,0,21,0,33,0,183,1,0,0,21,0,32,0,13,1,0,0,21,0,31,0,231,0,0,0,21,0,30,0,60,0,0,0,21,0,29,0,36,1,0,0,21,0,28,0,33,0,0,0,21,0,27,0,32,0,0,0,21,0,26,0,80,0,0,0,21,0,25,0,125,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,21,0,0,0,21,0,22,0,72,0,0,0,21,0,21,0,39,1,0,0,21,0,20,0,19,0,0,0,21,0,19,0,0,0,0,0,21,0,18,0,17,0,0,0,21,0,17,0,217,0,0,0,21,0,16,0,78,0,0,0,21,0,15,0,11,0,0,0,21,0,14,0,9,0,0,0,21,0,13,0,1,1,0,0,21,0,12,0,2,0,0,0,21,0,11,0,3,0,0,0,21,0,10,0,76,1,0,0,21,0,9,0,4,0,0,0,21,0,8,0,6,0,0,0,21,0,7,0,5,0,0,0,21,0,6,0,6,1,0,0,21,0,5,0,40,1,0,0,21,0,4,0,18,0,0,0,21,0,3,0,20,0,0,0,21,0,2,0,1,0,0
 ,0,21,0,1,0,28,0,0,0,21,0,0,1,62,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,56,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,53,255,255,255,255,21,0,51,0,183,1,0,0,21,0,50,0,13,1,0,0,21,0,49,0,231,0,0,0,21,0,48,0,60,0,0,0,21,0,47,0,36,1,0,0,21,0,46,0,33,0,0,0,21,0,45,0,32,0,0,0,21,0,44,0,80,0,0,0,21,0,43,0,125,0,0,0,21,0,42,0,12,0,0,0,21,0,41,0,21,0,0,0,21,0,40,0,72,0,0,0,21,0,39,0,39,1,0,0,21,0,38,0,19,0,0,0,21,0,37,0,0,0,0,0,21,0,36,0,17,0,0,0,21,0,35,0,217,0,0,0,21,0,34,0,78,0,0,0,21,0,33,0,11,0,0,0,21,0,32,0,9,0,0,0,21,0,31,0,1,1,0,0,21,0,30,0,2,0,0,0,21,0,29,0,3,0,0,0,21,0,28,0,76,1,0,0,21,0,27,0,4,0,0,0,21,0,26,0,6,0,0,0,21,0,25,0,5,0,0,0,21,0,24,0,6,1,0,0,21,0,23,0,40,1,0,0,21,0,22,0,18,0,0,0,21,0,21,0,20,0,0,0,21,0,20,0,1,0,0,0,21,0,0,1,41,0,0,0,6,0,0,0,38,0,5,0,21,0,17,0,28,0,0,0,21,0,16,0,62,1,0,0,21,0,15,0,220,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,64,0,0,0,21,0,12,0,69,0,0,0,21,0,11,0,70,0,0,0,21,0,10,0,68,0,0,0,21,0,9,0,79,0,0,0,21,0,8,0,11,1,0,0,21,0,7,0,89,0,0,0,21,0,6,0,202,0,0,0,21,0,5,0,10,0,0,0,21,0,4,0,8,0,0,0
 ,21,0,3,0,16,0,0,0,21,0,2,0,186,0,0,0,21,0,1,0,39,0,0,0,21,0,0,1,81,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 static const unsigned char seccomp_bpf_blks_fork[] = {
-	32,0,0,0,4,0,0,0,21,0,0,63,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,60,255,255,255,255,21,0,58,0,220,0,0,0,21,0,57,0,65,0,0,0,21,0,56,0,64,0,0,0,21,0,55,0,69,0,0,0,21,0,54,0,70,0,0,0,21,0,53,0,68,0,0,0,21,0,52,0,79,0,0,0,21,0,51,0,11,1,0,0,21,0,50,0,89,0,0,0,21,0,49,0,202,0,0,0,21,0,48,0,10,0,0,0,21,0,47,0,8,0,0,0,21,0,46,0,16,0,0,0,21,0,45,0,186,0,0,0,21,0,44,0,39,0,0,0,21,0,43,0,81,0,0,0,21,0,42,0,183,1,0,0,21,0,41,0,13,1,0,0,21,0,40,0,231,0,0,0,21,0,39,0,60,0,0,0,21,0,38,0,36,1,0,0,21,0,37,0,33,0,0,0,21,0,36,0,32,0,0,0,21,0,35,0,80,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,12,0,0,0,21,0,32,0,21,0,0,0,21,0,31,0,72,0,0,0,21,0,30,0,39,1,0,0,21,0,29,0,19,0,0,0,21,0,28,0,0,0,0,0,21,0,27,0,17,0,0,0,21,0,26,0,217,0,0,0,21,0,25,0,78,0,0,0,21,0,24,0,11,0,0,0,21,0,23,0,9,0,0,0,21,0,22,0,1,1,0,0,21,0,21,0,2,0,0,0,21,0,20,0,3,0,0,0,21,0,19,0,76,1,0,0,21,0,18,0,4,0,0,0,21,0,17,0,6,0,0,0,21,0,16,0,5,0,0,0,21,0,15,0,6,1,0,0,21,0,14,0,40,1,0,0,21,0,13,0,18,0,0,0,21,0,12,0,20,0,0,0,21,0,11
 ,0,1,0,0,0,21,0,10,0,247,0,0,0,21,0,9,0,61,0,0,0,21,0,8,0,58,0,0,0,21,0,7,0,16,1,0,0,21,0,6,0,14,0,0,0,21,0,5,0,13,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,59,0,0,0,21,0,2,0,56,0,0,0,21,0,1,0,28,0,0,0,21,0,0,1,62,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+	32,0,0,0,4,0,0,0,21,0,0,65,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,62,255,255,255,255,21,0,60,0,183,1,0,0,21,0,59,0,13,1,0,0,21,0,58,0,231,0,0,0,21,0,57,0,60,0,0,0,21,0,56,0,36,1,0,0,21,0,55,0,33,0,0,0,21,0,54,0,32,0,0,0,21,0,53,0,80,0,0,0,21,0,52,0,125,0,0,0,21,0,51,0,12,0,0,0,21,0,50,0,21,0,0,0,21,0,49,0,72,0,0,0,21,0,48,0,39,1,0,0,21,0,47,0,19,0,0,0,21,0,46,0,0,0,0,0,21,0,45,0,17,0,0,0,21,0,44,0,217,0,0,0,21,0,43,0,78,0,0,0,21,0,42,0,11,0,0,0,21,0,41,0,9,0,0,0,21,0,40,0,1,1,0,0,21,0,39,0,2,0,0,0,21,0,38,0,3,0,0,0,21,0,37,0,76,1,0,0,21,0,36,0,4,0,0,0,21,0,35,0,6,0,0,0,21,0,34,0,5,0,0,0,21,0,33,0,6,1,0,0,21,0,32,0,40,1,0,0,21,0,31,0,18,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,247,0,0,0,21,0,27,0,61,0,0,0,21,0,26,0,58,0,0,0,21,0,25,0,16,1,0,0,21,0,24,0,14,0,0,0,21,0,23,0,13,0,0,0,21,0,22,0,57,0,0,0,21,0,21,0,59,0,0,0,21,0,20,0,56,0,0,0,21,0,0,1,41,0,0,0,6,0,0,0,38,0,5,0,21,0,17,0,28,0,0,0,21,0,16,0,62,1,0,0,21,0,15,0,220,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,6
 4,0,0,0,21,0,12,0,69,0,0,0,21,0,11,0,70,0,0,0,21,0,10,0,68,0,0,0,21,0,9,0,79,0,0,0,21,0,8,0,11,1,0,0,21,0,7,0,89,0,0,0,21,0,6,0,202,0,0,0,21,0,5,0,10,0,0,0,21,0,4,0,8,0,0,0,21,0,3,0,16,0,0,0,21,0,2,0,186,0,0,0,21,0,1,0,39,0,0,0,21,0,0,1,81,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
 };
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:02 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:02 UTC (permalink / raw
  To: gentoo-commits

commit:     f87e4803e1b20b6161c05509c5d68152166569c5
Author:     Mathias Krause <minipli <AT> grsecurity <DOT> net>
AuthorDate: Tue Jul 30 21:18:27 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:02:43 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f87e4803

pspax: fix libcap memory leaks

Every cap_t needs to be free'd by calling cap_free() which does a NULL
pointer test itself so callers don't need to.

Signed-off-by: Mathias Krause <minipli <AT> grsecurity.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 pspax.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pspax.c b/pspax.c
index 4cd09b6..b61e7d0 100644
--- a/pspax.c
+++ b/pspax.c
@@ -345,8 +345,6 @@ static void pspax(const char *find_name)
 	int pfd;
 	WRAP_SYSCAP(ssize_t length; cap_t cap_d;)
 
-	WRAP_SYSCAP(cap_d = cap_init());
-
 	dir = opendir(PROC_DIR);
 	if (dir == NULL || chdir(PROC_DIR))
 		errp(PROC_DIR);
@@ -438,7 +436,8 @@ static void pspax(const char *find_name)
 				print_executable_mappings(pfd);
 		}
 
-		WRAP_SYSCAP(if (caps) cap_free(caps));
+		WRAP_SYSCAP(cap_free(cap_d));
+		WRAP_SYSCAP(cap_free(caps));
 
  next_pid:
 		close(pfd);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:06 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     d1d12246b7c5df3e20b062e536da9b4e639a4a66
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 03:46:42 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:06:16 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d1d12246

dumpelf: check dyn pointer before DT_NULL check too

We were checking the pointer before dumping it, but missed the
DT_NULL check in the overall while loop.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit 7b37c40d0409d79a925b71135e9de96343096ce8)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dumpelf.c b/dumpelf.c
index 0afb6c7..6ce8403 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -125,13 +125,17 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
 		if (elf->elf_class == ELFCLASS ## B) { \
 		const Elf ## B ## _Phdr *phdr = phdr_dynamic_void; \
 		const Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \
+		if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
+			printf(" /* invalid dynamic tags ! */ "); \
+			goto break_out_dyn; \
+		} \
 		i = 0; \
 		do { \
+			dump_dyn(elf, dyn++, i++); \
 			if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
 				printf(" /* invalid dynamic tags ! */ "); \
 				break; \
 			} \
-			dump_dyn(elf, dyn++, i++); \
 		} while (EGET(dyn->d_tag) != DT_NULL); \
 		}
 		DUMP_DYNS(32)
@@ -139,6 +143,7 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
 	} else {
 		printf(" /* no dynamic tags ! */ ");
 	}
+ break_out_dyn:
 	printf("};\n");
 }
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:06 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     e99a8c374ed7da962bcd4ba76107dc090502e8d6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 04:10:11 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:06:17 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e99a8c37

dumpelf: limit note name display

The note name is supposed to be NUL terminated, but if it's not,
make sure we don't keep reading data until we hit out of bounds
by limiting to exactly the number of bytes declared (and that we
already verified fit within valid memory).

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit c7d34ad6cf90f3cbb2a184050996d37966fe2ef1)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dumpelf.c b/dumpelf.c
index b88be0c..15058ee 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -253,7 +253,7 @@ static void dump_notes(const elfobj *elf, size_t B, const void *memory, const vo
 		printf("\t * Elf%zu_Nhdr note%zu = {\n", B, i);
 		printf("\t * \t.n_namesz = %u, (bytes)", namesz);
 		if (name)
-			printf(" [%s]", name);
+			printf(" [%.*s]", namesz, name);
 		printf("\n");
 		printf("\t * \t.n_descsz = %u, (bytes)", descsz);
 		if (desc) {


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:06 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     dcd8f6a8a98c8af7e8749fe80478d42b2eeed37d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 04:44:54 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:06:17 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=dcd8f6a8

fuzz-ar: fuzzer for the archive parsing API

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit 4bfa4576e7b64b16937f71094641ec0f39ee47c7)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 fuzz-ar.c   | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 meson.build | 17 +++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/fuzz-ar.c b/fuzz-ar.c
new file mode 100644
index 0000000..360194f
--- /dev/null
+++ b/fuzz-ar.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2024 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+/* Fuzz the ar interface. */
+
+const char argv0[] = "fuzz-ar";
+
+#include "paxinc.h"
+
+static int fd;
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	(void)argc;
+	(void)argv;
+
+	fd = memfd_create("fuzz-input.a", MFD_CLOEXEC);
+	if (fd == -1)
+		errp("memfd_create() failed");
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	if (ftruncate(fd, size) != 0)
+		errp("ftruncate(%i, %zu) failed", fd, size);
+	if (pwrite(fd, data, size, 0) != (ssize_t)size)
+		errp("pwrite() failed");
+	if (lseek(fd, 0, SEEK_SET) != 0)
+		errp("lseek() failed");
+
+	int afd = dup(fd);
+	archive_handle *ar = ar_open_fd("fuzz-input.a", afd, 0);
+	if (ar == NULL) {
+		close(afd);
+		return 0;
+	}
+	while (ar_next(ar) != NULL)
+		continue;
+
+	return 0;
+}

diff --git a/meson.build b/meson.build
index 64fcc14..6de7a30 100644
--- a/meson.build
+++ b/meson.build
@@ -171,5 +171,22 @@ if do_tests and get_option('use_fuzzing')
         '-print_final_stats',
       ]
     )
+
+    fuzz_ar = executable('fuzz-ar',
+      common_src + ['fuzz-ar.c'],
+      override_options : [
+        'buildtype=debug',
+      ],
+      c_args : fuzz_flags,
+      link_args : fuzz_flags,
+      install : false
+    )
+    test('fuzz-ar', fuzz_ar,
+      args : [
+        '-close_fd_mask=3',
+        '-max_total_time=10',
+        '-print_final_stats=1',
+      ]
+    )
   endif
 endif


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:06 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     599d8c41b144596764b33d87d09f80948652ed92
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 03:57:24 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:06:16 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=599d8c41

dumpelf: improve note memory check

Make sure the entire structure fits within the bounds of memory,
not just the start of it.

Bug: https://bugs.gentoo.org/922906
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit a5298c41c27a35a5c2dcca0723c808029d241953)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dumpelf.c b/dumpelf.c
index 6ce8403..b88be0c 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -232,7 +232,7 @@ static void dump_notes(const elfobj *elf, size_t B, const void *memory, const vo
 	}
 
 	printf("\n\t/%c note section dump:\n", '*');
-	for (i = 0; ndata < memory_end && !corrupt; ++i) {
+	for (i = 0; ndata < memory_end - sizeof(*note) && !corrupt; ++i) {
 		note = ndata;
 		namesz = EGET(note->n_namesz);
 		descsz = EGET(note->n_descsz);


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:06 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     1964a6b60c0a44e525348a558d95a21c2ee7ad61
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 04:45:38 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:06:18 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1964a6b6

fuzz-dumpelf: fix stats argument

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit 047684a7cd651f889dd4bad41d95a8feb5717815)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 6de7a30..827e7e4 100644
--- a/meson.build
+++ b/meson.build
@@ -168,7 +168,7 @@ if do_tests and get_option('use_fuzzing')
       args : [
         '-close_fd_mask=3',
         '-max_total_time=10',
-        '-print_final_stats',
+        '-print_final_stats=1',
       ]
     )
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-08-09 10:06 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-08-09 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     15a415c49a6aeadf8c098df646643f990aa62b6a
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 04:54:20 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  9 10:06:18 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=15a415c4

fuzzer: fix unused setting on argc & argv

At some point the compiler changed to not propagate argument attributes
from the prototype to the definition.  Add a hacky macro to insert it
by default instead to avoid need for (void) casts.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit 6508649486444d20636d1ff15df7db7302f3c46c)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dumpelf.c | 2 --
 fuzz-ar.c | 3 ---
 paxinc.h  | 9 +++++++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/dumpelf.c b/dumpelf.c
index 15058ee..1eb7e62 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -579,8 +579,6 @@ static void parseargs(int argc, char *argv[])
 #if PAX_UTILS_LIBFUZZ
 int LLVMFuzzerInitialize(int *argc, char ***argv)
 {
-	(void)argc;
-	(void)argv;
 	(void)parseargs;
 	security_init(false);
 	return 0;

diff --git a/fuzz-ar.c b/fuzz-ar.c
index 360194f..eadcdee 100644
--- a/fuzz-ar.c
+++ b/fuzz-ar.c
@@ -15,9 +15,6 @@ static int fd;
 
 int LLVMFuzzerInitialize(int *argc, char ***argv)
 {
-	(void)argc;
-	(void)argv;
-
 	fd = memfd_create("fuzz-input.a", MFD_CLOEXEC);
 	if (fd == -1)
 		errp("memfd_create() failed");

diff --git a/paxinc.h b/paxinc.h
index b2d2b50..0d10c21 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -112,9 +112,14 @@ const char *strfileperms(const char *fname);
 #define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size)))
 #define PTR_ALIGN_UP(base, size)   ((__typeof__(base))ALIGN_UP  ((uintptr_t)(base), (size)))
 
-/* Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html */
+/*
+ * Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html
+ * No headers define this API, so we have to do it ourselves.
+ */
 #if PAX_UTILS_LIBFUZZ
-int LLVMFuzzerInitialize(__unused__ int *argc, __unused__ char ***argv);
+int LLVMFuzzerInitialize(int *argc, char ***argv);
+/* Attributes on the prototype are ignored, so hack the definition. */
+#define LLVMFuzzerInitialize(c, v) LLVMFuzzerInitialize(__unused__ c, __unused__ v)
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 #endif
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-09-22  4:30 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-09-22  4:30 UTC (permalink / raw
  To: gentoo-commits

commit:     f80b5effb263c13865a958d395ec65df0ad930a1
Author:     Zach van Rijn <me <AT> zv <DOT> io>
AuthorDate: Tue Sep  3 16:31:15 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 22 04:30:42 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f80b5eff

paxelf: use correct format string

On 32-bit platforms, mmap() larger than 2GB may fail.

This patch ensures that the correct size is printed and provides
parity with commit 90a0c6affc9b2fe9ebd6ba3cf3ee9fbcc1fc5835.

Signed-off-by: Zach van Rijn <me <AT> zv.io>
Closes: https://github.com/gentoo/pax-utils/pull/18
Signed-off-by: Sam James <sam <AT> gentoo.org>

 paxelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/paxelf.c b/paxelf.c
index 599d54f..795971a 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -684,7 +684,7 @@ elfobj *_readelf_fd(const char *filename, int fd, size_t len, int read_only)
 
 	buffer = mmap(0, len, PROT_READ | (read_only ? 0 : PROT_WRITE), (read_only ? MAP_PRIVATE : MAP_SHARED), fd, 0);
 	if (buffer == MAP_FAILED) {
-		warn("mmap on '%s' of %li bytes failed :(", filename, (unsigned long)len);
+		warn("mmap on '%s' of %zu bytes failed :(", filename, len);
 		return NULL;
 	}
 


^ permalink raw reply related	[flat|nested] 253+ messages in thread

* [gentoo-commits] proj/pax-utils:master commit in: /
@ 2024-09-22  4:33 Sam James
  0 siblings, 0 replies; 253+ messages in thread
From: Sam James @ 2024-09-22  4:33 UTC (permalink / raw
  To: gentoo-commits

commit:     c3c2343acf8ea00c07413eb65676c5b6071f295a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 22 04:31:51 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 22 04:31:51 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c3c2343a

meson.build: prepare for pax-utils-1.3.8

Signed-off-by: Sam James <sam <AT> gentoo.org>

 meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 827e7e4..bee1c05 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('pax-utils', 'c',
-  version : '1.3.7',
+  version : '1.3.8',
   license : 'GPL-2.0-only',
   default_options : [
     'warning_level=2',


^ permalink raw reply related	[flat|nested] 253+ messages in thread

end of thread, other threads:[~2024-09-22  4:33 UTC | newest]

Thread overview: 253+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-20  4:51 [gentoo-commits] proj/pax-utils:master commit in: / Sam James
  -- strict thread matches above, loose matches on Subject: below --
2024-09-22  4:33 Sam James
2024-09-22  4:30 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:02 Sam James
2024-07-22 21:07 Mike Gilbert
2024-07-22 20:08 Mike Gilbert
2024-01-25  6:52 Mike Frysinger
2024-01-25  5:57 Mike Frysinger
2024-01-25  5:57 Mike Frysinger
2024-01-25  5:36 Mike Frysinger
2024-01-25  5:21 Mike Frysinger
2024-01-25  5:06 Mike Frysinger
2024-01-25  5:06 Mike Frysinger
2024-01-25  4:44 Mike Frysinger
2024-01-25  2:53 Mike Frysinger
2024-01-25  2:53 Mike Frysinger
2024-01-25  2:53 Mike Frysinger
2024-01-25  2:14 Mike Frysinger
2024-01-24 22:53 Mike Frysinger
2024-01-24 22:15 Mike Frysinger
2024-01-24 15:44 Mike Frysinger
2024-01-16  5:13 Mike Frysinger
2024-01-16  5:13 Mike Frysinger
2024-01-10  8:05 Mike Frysinger
2024-01-10  8:02 Mike Frysinger
2024-01-10  8:02 Mike Frysinger
2024-01-10  7:58 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 16:28 Mike Frysinger
2024-01-01 15:43 Mike Frysinger
2024-01-01 15:43 Mike Frysinger
2023-12-22  5:31 Mike Frysinger
2023-12-22  5:31 Mike Frysinger
2023-12-22  5:31 Mike Frysinger
2023-12-22  2:31 Mike Frysinger
2023-12-22  2:31 Mike Frysinger
2023-12-22  2:31 Mike Frysinger
2023-12-14 21:28 Mike Frysinger
2023-12-14 21:28 Mike Frysinger
2023-12-14 19:57 Mike Frysinger
2023-11-23 13:31 Sam James
2023-02-13  5:26 Sam James
2023-02-13  5:26 Sam James
2023-01-29  5:56 Sam James
2023-01-29  5:56 Sam James
2023-01-29  5:56 Sam James
2023-01-29  3:41 Sam James
2023-01-29  3:36 Sam James
2023-01-29  3:36 Sam James
2023-01-26 21:46 Sam James
2023-01-06  7:15 Sam James
2022-09-28  7:42 Mike Frysinger
2022-09-28  7:42 Mike Frysinger
2022-09-28  7:42 Mike Frysinger
2022-09-28  7:42 Mike Frysinger
2022-09-28  7:42 Mike Frysinger
2022-09-28  7:42 Mike Frysinger
2022-09-28  7:42 Mike Frysinger
2022-09-21  8:28 Mike Frysinger
2022-09-21  8:26 Mike Frysinger
2022-09-21  8:20 Mike Frysinger
2022-07-31  4:56 Sam James
2022-07-12  6:33 Sam James
2022-07-12  6:33 Sam James
2022-04-25  1:20 WANG Xuerui
2022-03-24 15:42 Sam James
2022-03-09  8:01 Mike Frysinger
2022-02-07  7:18 Fabian Groffen
2022-01-23  2:47 Mike Frysinger
2021-12-24  1:45 Sam James
2021-12-17  5:19 Mike Frysinger
2021-10-17  5:15 Mike Frysinger
2021-10-05  1:05 Mike Frysinger
2021-10-04 22:05 Mike Frysinger
2021-07-22 21:31 Sergei Trofimovich
2021-07-22 21:16 Sergei Trofimovich
2021-07-02 22:04 Sergei Trofimovich
2021-06-10  7:07 Sergei Trofimovich
2021-06-10  7:02 Sergei Trofimovich
2021-04-19  4:58 Mike Frysinger
2021-04-18 18:29 Mike Frysinger
2021-04-17  5:39 Mike Frysinger
2021-04-17  5:39 Mike Frysinger
2021-04-17  0:38 Mike Frysinger
2021-04-16 19:26 Mike Frysinger
2021-04-16 19:26 Mike Frysinger
2021-04-16 19:26 Mike Frysinger
2021-04-16 19:03 Mike Frysinger
2021-04-16 19:03 Mike Frysinger
2021-04-16 15:08 Mike Frysinger
2021-04-16 15:08 Mike Frysinger
2021-04-16 15:08 Mike Frysinger
2021-04-16  3:41 Mike Frysinger
2021-04-16  3:39 Mike Frysinger
2021-04-16  3:39 Mike Frysinger
2021-04-16  1:56 Mike Frysinger
2021-04-16  1:56 Mike Frysinger
2021-04-16  0:48 Mike Frysinger
2021-04-16  0:48 Mike Frysinger
2021-02-26 11:51 Sergei Trofimovich
2021-02-04 18:51 Sergei Trofimovich
2021-02-03 20:41 Sergei Trofimovich
2021-02-03 20:17 Sergei Trofimovich
2021-02-03 19:46 Sergei Trofimovich
2021-01-01 14:08 Fabian Groffen
2021-01-01 14:08 Fabian Groffen
2020-12-20 19:53 Sergei Trofimovich
2020-10-05 17:46 Sergei Trofimovich
2020-08-14 22:17 Sergei Trofimovich
2020-04-13 10:41 Sergei Trofimovich
2020-04-06 18:00 Sergei Trofimovich
2020-03-26 19:27 Mike Frysinger
2020-03-26 17:09 Mike Frysinger
2020-03-26 17:09 Mike Frysinger
2020-03-19  0:00 Sergei Trofimovich
2020-03-18 23:39 Sergei Trofimovich
2020-02-16 10:57 Sergei Trofimovich
2020-02-16 10:50 Sergei Trofimovich
2020-02-16 10:48 Sergei Trofimovich
2020-02-16 10:17 Sergei Trofimovich
2019-01-14 22:53 Sergei Trofimovich
2018-11-19 22:20 Sergei Trofimovich
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07  4:44 Mike Frysinger
2018-06-07  4:44 Mike Frysinger
2018-06-07  4:44 Mike Frysinger
2018-02-24 10:16 Sergei Trofimovich
2017-09-18  9:27 Fabian Groffen
2017-09-18  9:27 Fabian Groffen
2017-09-18  7:06 Fabian Groffen
2017-03-14  7:19 Mike Frysinger
2017-02-16 21:24 Mike Frysinger
2017-02-16 21:24 Mike Frysinger
2017-02-16 21:24 Mike Frysinger
2017-02-11  7:06 Mike Frysinger
2017-02-01 23:08 Mike Frysinger
2017-02-01 23:08 Mike Frysinger
2017-02-01 23:08 Mike Frysinger
2017-01-24 20:39 Mike Frysinger
2017-01-24 20:39 Mike Frysinger
2017-01-24  6:50 Mike Frysinger
2017-01-24  6:50 Mike Frysinger
2017-01-24  6:50 Mike Frysinger
2017-01-24  6:50 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2016-11-27  3:43 Mike Frysinger
2016-11-15  4:02 Mike Frysinger
2016-11-15  4:02 Mike Frysinger
2016-11-14 14:57 Mike Frysinger
2016-11-12  7:15 Mike Frysinger
2016-11-12  7:15 Mike Frysinger
2016-11-12  7:15 Mike Frysinger
2016-11-12  7:15 Mike Frysinger
2016-11-12  7:15 Mike Frysinger
2016-11-12  7:15 Mike Frysinger
2016-11-08 20:47 Mike Gilbert
2016-06-20 17:46 Mike Frysinger
2016-06-20  4:03 Mike Frysinger
2016-06-20  4:03 Mike Frysinger
2016-06-20  3:22 Mike Frysinger
2016-06-20  3:22 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-06-20  3:08 Mike Frysinger
2016-05-31 22:27 Mike Frysinger
2016-03-03 21:15 Mike Frysinger
2016-02-10 19:41 Mike Frysinger
2016-02-10 18:54 Mike Frysinger
2016-01-28 22:42 Mike Frysinger
2016-01-03 22:23 Mike Frysinger
2016-01-03 22:23 Mike Frysinger
2016-01-03 22:01 Mike Frysinger
2016-01-02 15:26 Mike Frysinger
2016-01-02  3:52 Mike Frysinger
2015-12-19 19:41 Mike Frysinger
2015-12-17  3:24 Mike Frysinger
2015-12-17  3:24 Mike Frysinger
2015-12-17  3:24 Mike Frysinger
2015-12-17  3:24 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-11-26  8:43 Mike Frysinger
2015-10-26  4:35 Mike Frysinger
2015-10-08 20:31 Mike Frysinger
2015-09-19  6:27 Mike Frysinger
2015-09-19  6:27 Mike Frysinger
2015-09-12  4:17 Mike Frysinger
2015-08-28  0:33 Mike Frysinger
2015-08-26  6:29 Mike Frysinger
2015-08-24 21:22 Mike Frysinger
2015-08-24 21:22 Mike Frysinger
2015-08-24 21:22 Mike Frysinger
2015-08-20 14:39 Mike Frysinger
2015-08-20 14:39 Mike Frysinger
2015-08-20 14:39 Mike Frysinger
2015-08-20 14:33 Mike Frysinger
2015-08-20 14:33 Mike Frysinger
2015-08-20 13:32 Mike Frysinger
2015-08-18 15:56 Mike Frysinger
2015-08-18 15:35 Mike Frysinger
2015-08-18 15:35 Mike Frysinger
2015-08-18 14:39 Mike Frysinger
2015-08-18 14:38 Mike Frysinger
2015-07-13  9:14 Mike Frysinger
2015-07-13  9:14 Mike Frysinger
2015-07-13  9:14 Mike Frysinger
2015-05-24  3:22 Mike Frysinger
2015-03-29 20:07 Mike Frysinger
2015-03-29 20:07 Mike Frysinger
2015-03-29 20:07 Mike Frysinger
2015-03-10  5:31 Mike Frysinger
2015-03-10  5:31 Mike Frysinger
2015-03-10  4:19 Mike Frysinger
2015-03-10  3:36 Mike Frysinger
2015-03-06 11:52 Mike Frysinger
2015-03-04 22:35 Mike Frysinger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox