Adopt the syscalls crate for syscall numbers, names, and sets#85
Merged
Conversation
Signed-off-by: Cong Wang <cwang@multikernel.io>
Signed-off-by: Cong Wang <cwang@multikernel.io>
Signed-off-by: Cong Wang <cwang@multikernel.io>
Signed-off-by: Cong Wang <cwang@multikernel.io>
congwang-mk
force-pushed
the
adopt-syscalls-crate
branch
from
66c89fc to
7e01e3a
Compare
Signed-off-by: Cong Wang <cwang@multikernel.io>
congwang-mk
force-pushed
the
adopt-syscalls-crate
branch
from
a011230 to
423680f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces Sandlock's hand-maintained syscall tables with the
syscallscrate(BSD-2, generated from the kernel ABI), so the crate is the single source of
truth for syscall numbers, names, and per-architecture presence.
What changed
matchinseccomp/syscall_names.rsis replaced bySysno::from_str, then folded intoseccomp::syscallnext to theSyscallchecked newtype, so that module ownssyscall identity (name, number, validity).
is_known_syscallnow usesSysno::new(nr)instead ofa
nr <= MAX_SYSCALL_NRrange check, so unassigned holes are rejected and thedrifting
MAX_SYSCALL_NRconstants are gone.arch.rsis now pure ABI. The per-arch numeric constants and the legacyOption<i64>tables (open, stat, fork, etc., previously hand-listed x3 arches)are derived from the crate. The only hand-maintained per-arch datum left is
AUDIT_ARCH, alinux/audit.htoken the crate does not provide.chroot, fs_denied) is now one function combining its modern and legacy
members, kept in
context.rswith the other policy lists.SysnoSet.blocklist_syscall_numbersandno_supervisor_blocklist_syscall_numberscollapse into one helper thataccumulates into a
SysnoSet: inherent dedup (SysV IPC folds in viainsert), ascending order, no manualsort/dedup/contains.Behavior notes
nfsservctlnow resolves and is enforced in the blocklist. Previously it wasin the blocklist intent but silently dropped (no libc constant), so this is a
latent fix, not a regression.
extra_deny_syscallsand handler registration by name now accept any realsyscall name, not just the previously curated subset. Typos still resolve to
nothing and are rejected by name validation.
Testing
sandlock-corelib unit tests pass; clean build, no warnings.per-arch legacy-accessor presence, and a
libc::SYS_*cross-check.Cross-arch caveat
Validated on x86_64 here. The per-arch tripwire tests are written for aarch64
and riscv64 too but need CI on those targets to actually run.
🤖 Generated with Claude Code