Box: Introduce 64-bit mode and mask out syscalls which are not available there

diff --git a/box/Makefile b/box/Makefile
index bb9e2d6cd8287e5db690a70ee6b8c2ddb26e296d..7f7150115554cd12e89ea89254bf8ef3d8bf6a03 100644 (file)
--- a/box/Makefile
+++ b/box/Makefile
@@ -1,14 +1,17 @@
 # Makefile for MO-Eval sandbox
-# (c) 2008 Martin Mares <mj@ucw.cz>
+# (c) 2008--2010 Martin Mares <mj@ucw.cz>
 
 DIRS+=box
 PROGS+=$(o)/box/box
 
+BOX_CFLAGS=-m64 -DCONFIG_BOX_AMD64
+
 $(o)/box/box: $(o)/box/box.o
 $(o)/box/box.o: $(o)/box/syscall-table.h
+$(o)/box/box.o: CFLAGS+=$(BOX_CFLAGS)
 
 $(o)/box/syscall-table.h: $(s)/box/mk-syscall-table
-       sh $^ >$@
+       sh $^ >$@ $(BOX_CFLAGS)
 
 box-tests: $(addprefix $(o)/box/test-sys,32-int80 64-int80 32-syscall 64-syscall 32-sysenter 64-sysenter)
 

diff --git a/box/box.c b/box/box.c
index 892cc53eb9b8bee98fb369f7b4e8810a342375ad..4a096e49a9a3039f1e44e7471f5915c73490fe8f 100644 (file)
--- a/box/box.c
+++ b/box/box.c
@@ -1,7 +1,7 @@
 /*
- *     A Simple Sandbox for MO-Eval
+ *     A Simple Sandbox for Moe
  *
- *     (c) 2001--2008 Martin Mares <mj@ucw.cz>
+ *     (c) 2001--2010 Martin Mares <mj@ucw.cz>
  */
 
 #define _LARGEFILE64_SOURCE
@@ -231,16 +231,18 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
     S(open) = A_FILENAME,
     S(creat) = A_FILENAME,
     S(unlink) = A_FILENAME,
-    S(oldstat) = A_FILENAME,
     S(access) = A_FILENAME,                    
-    S(oldlstat) = A_FILENAME,                  
     S(truncate) = A_FILENAME,
     S(stat) = A_FILENAME,
     S(lstat) = A_FILENAME,
+    S(readlink) = A_FILENAME,
+#ifndef CONFIG_BOX_AMD64
+    S(oldstat) = A_FILENAME,
+    S(oldlstat) = A_FILENAME,
     S(truncate64) = A_FILENAME,
     S(stat64) = A_FILENAME,
     S(lstat64) = A_FILENAME,
-    S(readlink) = A_FILENAME,
+#endif
 
     // Syscalls permitted always
     S(exit) = A_YES | A_SAMPLE_MEM,
@@ -250,7 +252,6 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
     S(lseek) = A_YES,
     S(getpid) = A_YES,
     S(getuid) = A_YES,
-    S(oldfstat) = A_YES,
     S(dup) = A_YES,
     S(brk) = A_YES,
     S(getgid) = A_YES,
@@ -260,7 +261,6 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
     S(ftruncate) = A_YES,
     S(fstat) = A_YES,
     S(personality) = A_YES,
-    S(_llseek) = A_YES,
     S(readv) = A_YES,
     S(writev) = A_YES,
     S(getresuid) = A_YES,
@@ -271,12 +271,8 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
     S(pread) = A_YES,
     S(pwrite) = A_YES,
 #endif
-    S(ftruncate64) = A_YES,
-    S(fstat64) = A_YES,
     S(fcntl) = A_YES,
-    S(fcntl64) = A_YES,
     S(mmap) = A_YES,
-    S(mmap2) = A_YES,
     S(munmap) = A_YES,
     S(ioctl) = A_YES,
     S(uname) = A_YES,
@@ -285,32 +281,29 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
     S(get_thread_area) = A_YES,
     S(set_tid_address) = A_YES,
     S(exit_group) = A_YES | A_SAMPLE_MEM,
+#ifndef CONFIG_BOX_AMD64
+    S(oldfstat) = A_YES,
+    S(ftruncate64) = A_YES,
+    S(_llseek) = A_YES,
+    S(fstat64) = A_YES,
+    S(fcntl64) = A_YES,
+    S(mmap2) = A_YES,
+#endif
 
     // Syscalls permitted only in liberal mode
     S(time) = A_YES | A_LIBERAL,
     S(alarm) = A_YES | A_LIBERAL,
     S(pause) = A_YES | A_LIBERAL,
-    S(signal) = A_YES | A_LIBERAL,
     S(fchmod) = A_YES | A_LIBERAL,
-    S(sigaction) = A_YES | A_LIBERAL,
-    S(sgetmask) = A_YES | A_LIBERAL,
-    S(ssetmask) = A_YES | A_LIBERAL,
-    S(sigsuspend) = A_YES | A_LIBERAL,
-    S(sigpending) = A_YES | A_LIBERAL,
     S(getrlimit) = A_YES | A_LIBERAL,
     S(getrusage) = A_YES | A_LIBERAL,
-    S(ugetrlimit) = A_YES | A_LIBERAL,
     S(gettimeofday) = A_YES | A_LIBERAL,
     S(select) = A_YES | A_LIBERAL,
-    S(readdir) = A_YES | A_LIBERAL,
     S(setitimer) = A_YES | A_LIBERAL,
     S(getitimer) = A_YES | A_LIBERAL,
-    S(sigreturn) = A_YES | A_LIBERAL | A_NO_RETVAL,
     S(mprotect) = A_YES | A_LIBERAL,
-    S(sigprocmask) = A_YES | A_LIBERAL,
     S(getdents) = A_YES | A_LIBERAL,
     S(getdents64) = A_YES | A_LIBERAL,
-    S(_newselect) = A_YES | A_LIBERAL,
     S(fdatasync) = A_YES | A_LIBERAL,
     S(mremap) = A_YES | A_LIBERAL,
     S(poll) = A_YES | A_LIBERAL,
@@ -324,6 +317,20 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
     S(rt_sigqueueinfo) = A_YES | A_LIBERAL,
     S(rt_sigsuspend) = A_YES | A_LIBERAL,
     S(_sysctl) = A_YES | A_LIBERAL,
+#ifndef CONFIG_BOX_AMD64
+    S(sigaction) = A_YES | A_LIBERAL,
+    S(sgetmask) = A_YES | A_LIBERAL,
+    S(ssetmask) = A_YES | A_LIBERAL,
+    S(sigsuspend) = A_YES | A_LIBERAL,
+    S(sigpending) = A_YES | A_LIBERAL,
+    S(sigreturn) = A_YES | A_LIBERAL | A_NO_RETVAL,
+    S(sigprocmask) = A_YES | A_LIBERAL,
+    S(ugetrlimit) = A_YES | A_LIBERAL,
+    S(readdir) = A_YES | A_LIBERAL,
+    S(signal) = A_YES | A_LIBERAL,
+    S(_newselect) = A_YES | A_LIBERAL,
+#endif
+
 #undef S
 };
 

diff --git a/box/mk-syscall-table b/box/mk-syscall-table
index c4b1e9eeb856d7246528324b3085635fc3577af4..82096d276036765fc2d65db17eaa5c98e8889e91 100755 (executable)
--- a/box/mk-syscall-table
+++ b/box/mk-syscall-table
@@ -4,6 +4,6 @@ set -e
 echo '/* Syscall table automatically generated by mk-syscall-table */'
 echo
 echo '#include <asm/unistd.h>' |
-       gcc -E -dM - |
+       gcc -E -dM "$@" - |
        sed 's/^#define __NR_\([^       ]\+\).*/[ __NR_\1 ] = "\1",/;t;d'
 )