Asymmetric keyrings can require key payloads to be X.509 certificates
signed by a key in a different keyring. This can be helpful for rotating
keys on a live machines for subsystems like IMA while preventing local
tampering.
Tested locally by applying the "key_or_keyring:<id>" restriction to a
keyring.
Change-Id: Ia8dcb343abc5f405d374c357d5cac3d5181d7159
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178400
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
The kernel raw syscall takes an additional parameter specifying
the size of the Sigset_t parameter, returns a file descriptor and sets errno.
Add a uintptr maxSize parameter, adjust the return to be (newfd int, err error).
Add the _NSIG #define and a wrapper to call with maxSize set to _C__NSIG/8 as done
in glibc/musl.
Change-Id: I277db0aab5c12364533c26ea800b7f394ec83ae4
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178858
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This teaches unix/mksyscall.go about mapping uint64 to syscall
arguments, similar to existing handling of int64.
Change-Id: I536b4b09bbf6a8e3016565a4a04d2b9d32cbc624
Reviewed-on: https://go-review.googlesource.com/c/164664
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
On linux/riscv64, the renameat syscall no longer exists and has been
superseded by renameat2. Use Renameat2 to implement Renameat on
linux/riscv64.
Based on a patch by Ryan O'Leary.
Updates golang/go#27532
Change-Id: I7c60c7f824750408265f67397b8ac1fa7226f425
Reviewed-on: https://go-review.googlesource.com/c/157899
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
The stat structure on linux/mips64x differ between C library and the kernel,
as described in the stat(2) man page.
Fstat, Lstat and Stat on linux/mips64x already converts the stat structure
using a fillStat_t function, very similar to __xstat_conv in GLIBC.
Doing the same for Fstatat before calling SYS_NEWFSTATAT fixes the
"Fstatat: returned stat does not match Stat/Lstat" error in TestFstatat.
Fixesgolang/go#29401
Change-Id: I0b2a7b274acc3c7c9fc7ae2afe722dd6225da383
Reviewed-on: https://go-review.googlesource.com/c/155747
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Port mksyscall.pl Perl script to mksyscall.go.
mkall scripts are modified to run mksyscall.go.
Running ./mkall.sh does not generate any git diff besides
the command name in comments of generated files.
Updates golang/go#27779
Change-Id: I8c6eb852e6821f4a91dc03cc042d8d343f1bcf66
Reviewed-on: https://go-review.googlesource.com/c/150217
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Renameat2 is Linux-specific and allows to pass an additional flags
argument to the renameat syscall. Also add the corresponding RENAME_*
flag mask values.
Change-Id: Ib4baa46fdd0b07ccd0988ac624862ce69d5c3ad5
Reviewed-on: https://go-review.googlesource.com/127763
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
On linux/arm64 we used to manually define syscall numbers for some
deprecated syscalls. Most of them are unused by now anyhow. Convert the
remaining syscall wrappers using them to implement the respective
functionality using a non-deprecated syscall (in the same way glibc does
it):
- Implement EpollCreate using EpollCreate1 and additionally check
that the passed size argument is larger than 0.
- Implement Futimesat and utimes using utimensat. Also change futimesat
on the other geese to take a string instead of *byte and let the
generated wrapper do the BytePtrFromString conversion.
- Return ENOSYS from Ustat. The ustat syscall has been deprecated for a
long time in favor of fstatfs and statfs. Even glibc will deprecate
ustat in the upcoming 2.28 release [1].
[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=d51fa09544f03899b7ff5a80569db088c3c23c28;hb=HEAD#l90
Change-Id: I7ea38a3cd394b0875f17443b14e107fd9c70350d
Reviewed-on: https://go-review.googlesource.com/119655
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This adds a wrapper around perf_event_open, exported constants and
two structs:
- perf_event_attr, used to configure the syscall
- perf_event_mmap_page to coordinate the kernel's mmap ring buffer
Change-Id: Ife7ded8344de9e3eb74441bd51ab9a04c81b4965
Reviewed-on: https://go-review.googlesource.com/105756
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
statx(2) allows to get enhanced file status information (not currently
available through the existing stat syscalls), lightweight stat,
heavyweight stat. The Statx_t type used by Statx has consistent field
sizes on all arches (with year-2038-capable timestamps) and is closer to
the BSD implementation of Stat_t.
See http://man7.org/linux/man-pages/man2/statx.2.html for details. The
syscall was added in Linux kernel 4.11.
See https://github.com/tklauser/statx for an example of how this
function and types can be used to report stat(1)-like file status
information.
Change-Id: I9e9642b5b42a393f94fd532453888ce9ba4f0003
Reviewed-on: https://go-review.googlesource.com/87555
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Looks like it's enough to just add wrappers pointing to the
corresponding SYS_FSTATAT{,64} or SYS_NEWFSTATAT syscall. Add a test to
verify that assumption which checks that the returned stat data matches
what is returned by Stat/Lstat.
Also add the AT_NO_AUTOMOUNT constant which may be used for the flags
parmeter.
Fixesgolang/go#14216
Change-Id: I73f27b483bd97d2dcf09d4b95a7957e75d194395
Reviewed-on: https://go-review.googlesource.com/79795
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Follow CL 70590 which did the same for syscall.
unix.Select uses SYS_PSELECT6 on arm64 and mipx64x, however this
syscall expects its 5th argument to be of type Timespec (with seconds
and nanoseconds) instead of type Timeval (with seconds and microseconds)
This leads to the timeout being too short by a factor of 1000.
This CL fixes this by adjusting the timeout argument accordingly,
similarly to how glibc does it for architectures where neither
SYS_SELECT nor SYS__NEWSELECT are available. It also makes Pselect
generaly available on linux.
Updates golang/go#22246
Change-Id: I69f8821a40c59ee469b8a986d784a4db8727ee9a
Reviewed-on: https://go-review.googlesource.com/70610
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Change https://go-review.googlesource.com/c/sys/+/56172 did not run
./mkall.sh after modifying syscall_linux.go. This change simply runs
./mkall.sh to correctly generate the modified files.
Note that the previous change simply reordered a few functions, so the
functions are simply reordered in the generated files.
Change-Id: I2d819f9ca4ae0e59e67e42d04bb6e6513b3c6c45
Reviewed-on: https://go-review.googlesource.com/61750
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Currently Linux' fchmodat(2) syscall implementation doesn't support the
flags parameter (though it might in future versions [1]). Fchmodat in
x/sys/unix takes the parameter and (wrongly) passes it on to the syscall
which will ignore it.
According to the POSIX.1-2008 manual page [2], AT_SYMLINK_NOFOLLOW is
the only valid value for the flags parameter and EOPNOTSUPP should be
returned in case changing the mode of a symbolic link is not supported
by the underlying system. EINVAL should be returned for any other value
of the flags parameter.
[1] https://patchwork.kernel.org/patch/9596301/
[2] http://pubs.opengroup.org/onlinepubs/9699919799/functions/chmod.html
Change the Fchmodat implementation accordingly and also add the
corresponding test.
Fixesgolang/go#20130
Change-Id: I62e677e6674d3702eaf388af0ac3d7e623a35c24
Reviewed-on: https://go-review.googlesource.com/46474
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Add support for the eventfd2 syscall on Linux.
Use the eventfd2 syscall instead of eventfd, as the latter does not
provide a flags argument and glibc also maps its eventfd() function to
the eventfd2 syscall, see the Notes section in
http://man7.org/linux/man-pages/man2/eventfd.2.html
Also add the corresponding flags values EFD_CLOEXEC, EFD_NONBLOCK and
EFD_SEMAPHORE.
Change-Id: Ia8c99e68d5966ab5c7ebe7e45423943fd7d8214e
Reviewed-on: https://go-review.googlesource.com/45093
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This CL adds basic integer get/set functions which wrap a generic
ioctl call. The API is similar the one introduced for solaris/amd64
in CL 14587, but the request parameter has been changed to a uint
instead of an int. This makes requests with a number larger than the
maximum signed 32-bit integer work on linux/386.
For consistency, the solaris/amd64 API has also been updated to make
use of a uint instead of an int for the request number.
Fixesgolang/go#20474
Change-Id: Iaae1ee2e4bb4bfcc420dcec252fe53c8d90ce81d
Reviewed-on: https://go-review.googlesource.com/44009
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This CL adds support for the ADD_KEY, REQUESET_KEY, and KEYCTL syscalls.
These syscalls allow access to the kernel keyring facilities. In C code,
these syscalls are wrapped by the libkeyutils package. See:
http://man7.org/linux/man-pages/man7/keyutils.7.html
The ADD_KEY and REQUEST_KEY calls are fairly straightforward, but the
KEYCTL syscall is a multiplexor for a number of key management
functions. See:
http://man7.org/linux/man-pages/man3/keyctl.3.html
The Go bindings for the KEYCTL functions attempt to replicate what
libkeyutils does. This is done via generated helper functions.
Change-Id: If8c97d4ef5bce14c43dee3e6772ded42dc3c595a
Reviewed-on: https://go-review.googlesource.com/41415
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Introduces the CopyFileRange syscall which first appears in Linux 4.5.
Allows copying file content between file descriptors within the kernel
without transferring data to user space. This syscall also allows the
kernel to take advantage of reflinking or other fast copy methods on
supported file systems.
http://man7.org/linux/man-pages/man2/copy_file_range.2.html
Change-Id: Id365f1e5d4d5ddf7159478e3a13084c9576ebd5c
Reviewed-on: https://go-review.googlesource.com/39992
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Right now the process for adding in new constants, errors, or syscalls
for Linux is a pain and unreliable. The scripts are designed to be run
on the target architecture and use the header files installed on the
user's system. This makes it hard to generate files for all the
architectures or to have consistency between users. See golang/go#15282.
This CL fixes this issue by making all of the files for the 11 supported
architectures directly from source checkouts of Linux, glibc, and bluez.
This is done using Docker, the gcc cross-compilers, and qemu emulation.
Previously discussed here:
https://go-review.googlesource.com/c/37589/
A README.md file is also added to explain how all the parts of the build
system work.
In order to get the build working for all the architectures, I made
some changes to the other scripts called from mkall_linux.go:
- Files only used for generating linux code, moved to linux/
- linux/mksysnum.pl supports a specified CC compiler.
- The generated C code in mkerrors.sh changed to avoid a warning
- mkerrors.sh headers changed to fix powerpc64 bug in sys/ioctl.h
- linux/types.go no longer needs to export Ptrace structs in lowercase
Build instructions:
- Host system needs to be x86-64 Linux
- Install Docker (https://docs.docker.com/engine/installation/)
- ./mkall.sh (That's it!!!)
Change-Id: I87067c14442ba12f8d51991349a43a9d73f38ae0
Reviewed-on: https://go-review.googlesource.com/37943
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This CL introduces the Getrandom syscall. Allowing users of
sufficiently new kernels (3.17) to detect when the operating system
lacks enough entropy to generate cryptographic random data. See:
http://man7.org/linux/man-pages/man2/getrandom.2.html
As we have updated the syscall numbers, the Getrandom function can
just be generated normally. The only other change is to mkerrors.sh
to include the GRND_* flags for getrandom from <linux/random.h>.
It is important to note that currently the mkerrors.sh script cannot
actually be run as it has fallen behind the 4.10 kernel. The GRND_*
flags were added manually.
This was originally part of a larger commit that was split up.
See CL: https://go-review.googlesource.com/37570
Change-Id: I464088a9c9f7224abdcdae476b30a4f2f412d9f5
Reviewed-on: https://go-review.googlesource.com/37589
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Matt Layher <mdlayher@gmail.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Pause is a legacy syscall not available on linux-arm64. Use ppoll with
all args as 0 to emulate - this is the way musl libc does Pause when the
pause syscall isn't available.
With the changes in syscall_linux* and regenerating zsyscall_linux*,
this calling Pause on linux-arm64 works and returns EINTR as expected.
Change-Id: I88236290313f18c742d826e759e86ff260a8b383
Reviewed-on: https://go-review.googlesource.com/22014
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Since Linux 3.11, O_TMPFILE flag can be used in open syscall to create
an unnamed file in a directory. The file occupies space in the
filesystem, and can be given a name using linkat syscall. If the file is
closed without being given a name, its contents are deleted.
See the manpage open(2) in Linux for details.
Exports O_TMPFILE for Linux in 386 and amd64 (other architectures
already had it). Exports Linkat syscall and AT_SYMLINK_FOLLOW (used for
giving a name to the file) for all Linux in all architectures.
Fixesgolang/go#7830.
Change-Id: Ib82e44f405b227e227b9cbf317c2657b32e046f5
Reviewed-on: https://go-review.googlesource.com/21003
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This system call is used to reassociate the current thread with a Linux
namespace (e.g. a network namespace or a mount namespace). This system
call is key to interacting with the primitives enabling Linux containers.
The users of this system call will most likely want to wrap their calls
with a pair of LockOSThread / UnlockOSThread calls. Here is an example
that is a reasonably close approximation of the `ns_exec' program given
as an example in `man 2 setns':
package main
import (
"log"
"os"
"os/exec"
"runtime"
"golang.org/x/sys/unix"
)
func main() {
if len(os.Args) < 3 {
log.Fatalf("%s /proc/PID/ns/FILE cmd args...", os.Args[0])
}
fd, err := unix.Open(os.Args[1], unix.O_RDONLY, 0)
if err != nil {
log.Fatalf("open: %s", err)
}
runtime.LockOSThread()
defer runtime.UnlockOSThread()
if err = unix.Setns(fd, 0); err != nil {
log.Fatalf("setns: %s", err)
}
cmd := exec.Command(os.Args[2], os.Args[3:]...)
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err = cmd.Run()
if err != nil {
log.Fatalf("exec: %s", err)
}
}
Fixesgolang/go#5968.
Change-Id: I78dc54667cfaef4f9e99a08d48f6e423686f1b22
Reviewed-on: https://go-review.googlesource.com/20054
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
