seccomp (full) in projects: external - OpenGrok search results

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched full:seccomp (Results 1 – 25 of 314) sorted by relevance

12 3 4 5 6 7 8 9 10 >>...13

/external/crosvm/jail/seccomp/
D	Android.bp	80 relative_install_path: "crosvm/x86_64-linux-gnu/seccomp", 94 relative_install_path: "crosvm/aarch64-linux-gnu/seccomp", 132 relative_install_path: "crosvm/x86_64-linux-gnu/seccomp", 146 relative_install_path: "crosvm/aarch64-linux-gnu/seccomp", 184 relative_install_path: "crosvm/x86_64-linux-gnu/seccomp", 198 relative_install_path: "crosvm/aarch64-linux-gnu/seccomp", 236 relative_install_path: "crosvm/x86_64-linux-gnu/seccomp", 250 relative_install_path: "crosvm/aarch64-linux-gnu/seccomp", 288 relative_install_path: "crosvm/x86_64-linux-gnu/seccomp", 302 relative_install_path: "crosvm/aarch64-linux-gnu/seccomp", [all …]
/external/minijail/tools/
D	README.md	5 This script lets you build a Minijail seccomp-bpf filter from strace output. 13 to `execve(2)` might not be needed, since the seccomp-bpf filter is installed 37 `SYSCALL` event is more voluminous than a corresponding `SECCOMP` event. 38 We employ here a combination of both techniques. We rely on `SECCOMP` for all 46 Set up `audit` rules and an empty seccomp policy for later use. This can be 85 An external seccomp-bpf compiler that is documented [here][3]. This uses a 87 be provided to `minijail0`'s `--seccomp-bpf-binary` or `libminijail`'s 98 [libseccomp](https://github.com/seccomp/libseccomp)'s `tools/scmp_bpf_disasm`. 106 cat > test/seccomp.policy <<EOF 114 ./tools/compile_seccomp_policy.py test/seccomp.policy test/seccomp.bpf [all …]
D	seccomp_policy_lint_unittest.py	`6 """Unittests for the seccomp policy linter module.""" 39 f"seccomp: {path.resolve()} does not contain any dangerous" 65 f"seccomp: {path.resolve()} contains dangerous syscalls," 90 f"seccomp: {path.resolve()} contains dangerous syscalls," 120 f"seccomp: {path.resolve()} contains dangerous syscalls,"`
/external/crosvm/docs/book/src/appendix/
D	seccomp.md	1 # Seccomp chapter 3 The seccomp system is used to filter the syscalls that sandboxed processes can use. The form of 4 seccomp used by crosvm (`SECCOMP_SET_MODE_FILTER`) allows for a BPF program to be used. To generate 11 The seccomp policies are compiled from `.policy` source files into BPF bytecode by 13 and embedded in the crosvm executable, so it is not necessary to install the seccomp policy files, 20 [jail/seccomp/README.md](https://chromium.googlesource.com/crosvm/crosvm/+/refs/heads/main/jail/sec… 32 {{#include ../../../../jail/seccomp/x86_64/common_device.policy:5:}}
/external/cronet/stable/components/nacl/loader/
D	nacl_main_platform_delegate_linux.cc	`12 // The seccomp sandbox is started in the renderer. in EnableSandbox() 14 // seccomp is currently disabled for nacl. in EnableSandbox() 17 // for how to turn seccomp on. in EnableSandbox() 19 // The seccomp sandbox should not be enabled for Native Client until in EnableSandbox() 21 // http://code.google.com/p/nativeclient/issues/list?q=label:Seccomp in EnableSandbox() 22 // At best, NaCl will not work. At worst, enabling the seccomp sandbox in EnableSandbox()`
/external/cronet/tot/components/nacl/loader/
D	nacl_main_platform_delegate_linux.cc	`12 // The seccomp sandbox is started in the renderer. in EnableSandbox() 14 // seccomp is currently disabled for nacl. in EnableSandbox() 17 // for how to turn seccomp on. in EnableSandbox() 19 // The seccomp sandbox should not be enabled for Native Client until in EnableSandbox() 21 // http://code.google.com/p/nativeclient/issues/list?q=label:Seccomp in EnableSandbox() 22 // At best, NaCl will not work. At worst, enabling the seccomp sandbox in EnableSandbox()`
/external/linux-kselftest/android/patches/
D	0009-seccomp-detect-compat-mode-in-ARM64.patch	`4 Subject: [PATCH 09/20] seccomp: detect compat mode in ARM64 13 tools/testing/selftests/seccomp/seccomp_bpf.c \| 5 +++-- 16 diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccom… 18 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c 19 +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c`
D	0021-seccomp_bpf-Disable-incompatible-tests.patch	`11 tools/testing/selftests/seccomp/seccomp_bpf.c \| 32 +++++++++++++++++++ 14 diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccom… 16 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c 17 +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c`
/external/crosvm/jail/src/
D	config.rs	72 from_key_values("seccomp-policy-dir=/path/to/seccomp/dir").unwrap(); in parse_jailconfig() 74 seccomp_policy_dir: Some("/path/to/seccomp/dir".into()), in parse_jailconfig() 80 let config: JailConfig = from_key_values("seccomp-log-failures").unwrap(); in parse_jailconfig() 89 let config: JailConfig = from_key_values("seccomp-log-failures=false").unwrap(); in parse_jailconfig() 99 from_key_values("pivot-root=/path/to/pivot/root,seccomp-log-failures=true").unwrap(); in parse_jailconfig() 109 from_key_values("seccomp-log-failures,invalid-arg=value"); in parse_jailconfig()
/external/seccomp-tests/
D	README.md	`1 # Seccomp-BPF Kernel Self-Test Suite 3 This repository contains a mirror of the upstream Linux kernel test suite for the Seccomp-BPF 9 Rather than hold the entire Linux history in this repository, only the subdirectory for the Seccomp 40 3. Filter the branch to just the subtree containing the Seccomp test suite: 42 git filter-branch --subdirectory-filter tools/testing/selftests/seccomp 78 branch into the seccomp-tests repository and subtree merge it (as FETCH\_HEAD). This will avoid`
/external/strace/tests-mx32/
D	seccomp_get_action_avail.c	`2 * Check decoding of seccomp SECCOMP_GET_ACTION_AVAIL. 40 # include <linux/seccomp.h> 96 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, [%s]) = %s\n", in main() 103 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, %p) = %s\n", in main() 108 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, %#jx) = %s\n", in main() 114 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, %u, NULL) = %s\n", in main()`
D	seccomp-filter-v.c	`2 * Check verbose decoding of seccomp SECCOMP_SET_MODE_FILTER. 43 # include <linux/seccomp.h> 114 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=%p})" in main() 120 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u" in main() 126 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=0, filter=[]})" in main() 138 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=[", in main() 180 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u, filter=[", in main()`
D	seccomp-filter.gen.test	`2 # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (seccomp-filter -e trace=seccomp); do… 4 run_strace_match_diff -e trace=seccomp`
D	seccomp-filter-v.gen.test	`2 # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (seccomp-filter-v -v -e trace=seccomp… 4 run_strace_match_diff -v -e trace=seccomp`
/external/strace/tests-m32/
D	seccomp_get_action_avail.c	`2 * Check decoding of seccomp SECCOMP_GET_ACTION_AVAIL. 40 # include <linux/seccomp.h> 96 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, [%s]) = %s\n", in main() 103 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, %p) = %s\n", in main() 108 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, %#jx) = %s\n", in main() 114 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, %u, NULL) = %s\n", in main()`
D	seccomp-filter-v.c	`2 * Check verbose decoding of seccomp SECCOMP_SET_MODE_FILTER. 43 # include <linux/seccomp.h> 114 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=%p})" in main() 120 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u" in main() 126 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=0, filter=[]})" in main() 138 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=[", in main() 180 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u, filter=[", in main()`
D	seccomp-filter.gen.test	`2 # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (seccomp-filter -e trace=seccomp); do… 4 run_strace_match_diff -e trace=seccomp`
D	seccomp-filter-v.gen.test	`2 # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (seccomp-filter-v -v -e trace=seccomp… 4 run_strace_match_diff -v -e trace=seccomp`
/external/strace/tests/
D	seccomp_get_action_avail.c	`2 * Check decoding of seccomp SECCOMP_GET_ACTION_AVAIL. 40 # include <linux/seccomp.h> 96 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, [%s]) = %s\n", in main() 103 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, %p) = %s\n", in main() 108 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, 0, %#jx) = %s\n", in main() 114 printf("seccomp(SECCOMP_GET_ACTION_AVAIL, %u, NULL) = %s\n", in main()`
D	seccomp-filter-v.c	`2 * Check verbose decoding of seccomp SECCOMP_SET_MODE_FILTER. 43 # include <linux/seccomp.h> 114 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=%p})" in main() 120 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u" in main() 126 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=0, filter=[]})" in main() 138 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=[", in main() 180 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u, filter=[", in main()`
D	seccomp-filter.gen.test	`2 # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (seccomp-filter -e trace=seccomp); do… 4 run_strace_match_diff -e trace=seccomp`
D	seccomp-filter-v.gen.test	`2 # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (seccomp-filter-v -v -e trace=seccomp… 4 run_strace_match_diff -v -e trace=seccomp`
/external/minijail/
D	minijail0.1	173 Report blocked syscalls when using a seccomp filter. On kernels with support for 175 subsystem (see \fBseccomp\fR(2) for more details on SECCOMP_RET_LOG 231 Enable \fBseccomp\fR(2) in mode 1, which restricts the child process to a very 233 You most likely do not want to use this with the seccomp filter mode (\fB-S\fR) 237 Enable \fBseccomp\fR(2) in mode 13 which restricts the child process to a set of 278 Synchronize seccomp filters across thread group. 322 \fB--seccomp-bpf-binary <arch-specific BPF binary>\fR 332 This passes the \fISECCOMP_FILTER_FLAG_SPEC_ALLOW\fR flag to seccomp which 379 Disables default seccomp policy and setting of no_new_privs. The default 380 runtime environment is used by Minijail if no other seccomp policy is set, [all …]
/external/linux-kselftest/tools/testing/selftests/seccomp/
D	seccomp_benchmark.c	15 #include <linux/seccomp.h> 206 ESTIMATE("total seccomp overhead for 1 bitmapped filter", calc, in main() 208 ESTIMATE("total seccomp overhead for 2 bitmapped filters", calc, in main() 210 ESTIMATE("total seccomp overhead for 3 full filters", calc, in main() 212 ESTIMATE("total seccomp overhead for 4 full filters", calc, in main() 214 ESTIMATE("seccomp entry overhead", entry, in main() 216 ESTIMATE("seccomp per-filter overhead (last 2 diff)", per_filter1, in main() 218 ESTIMATE("seccomp per-filter overhead (filters / 4)", per_filter2, in main()
/external/kernel-headers/original/uapi/linux/
D	seccomp.h	`9 /* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) / 10 #define SECCOMP_MODE_DISABLED 0 / seccomp is not in use. / 14 / Valid operations for seccomp syscall. / 91 It should be absolutely clear that this means that the seccomp notifier 126 * @id: The ID of the seccomp notification 146 /* Flags for seccomp notification fd ioctl. */`

12 3 4 5 6 7 8 9 10 >>...13

art
bionic
bootable
build
cts
dalvik
developers
development
device
external
frameworks
hardware
kernel
libcore
libnativehelper
packages
pdk
platform_testing
prebuilts
sdk
system
test
toolchain
tools
trusty