Asymmetric keyrings can require key payloads to be X.509 certificates
signed by a key in a different keyring. This can be helpful for rotating
keys on a live machines for subsystems like IMA while preventing local
tampering.
Tested locally by applying the "key_or_keyring:<id>" restriction to a
keyring.
Change-Id: Ia8dcb343abc5f405d374c357d5cac3d5181d7159
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178400
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
The kernel raw syscall takes an additional parameter specifying
the size of the Sigset_t parameter, returns a file descriptor and sets errno.
Add a uintptr maxSize parameter, adjust the return to be (newfd int, err error).
Add the _NSIG #define and a wrapper to call with maxSize set to _C__NSIG/8 as done
in glibc/musl.
Change-Id: I277db0aab5c12364533c26ea800b7f394ec83ae4
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178858
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This teaches unix/mksyscall.go about mapping uint64 to syscall
arguments, similar to existing handling of int64.
Change-Id: I536b4b09bbf6a8e3016565a4a04d2b9d32cbc624
Reviewed-on: https://go-review.googlesource.com/c/164664
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
On linux/riscv64, the renameat syscall no longer exists and has been
superseded by renameat2. Use Renameat2 to implement Renameat on
linux/riscv64.
Based on a patch by Ryan O'Leary.
Updates golang/go#27532
Change-Id: I7c60c7f824750408265f67397b8ac1fa7226f425
Reviewed-on: https://go-review.googlesource.com/c/157899
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Port mksyscall.pl Perl script to mksyscall.go.
mkall scripts are modified to run mksyscall.go.
Running ./mkall.sh does not generate any git diff besides
the command name in comments of generated files.
Updates golang/go#27779
Change-Id: I8c6eb852e6821f4a91dc03cc042d8d343f1bcf66
Reviewed-on: https://go-review.googlesource.com/c/150217
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
For some reason I didn't completely re-generate the zsyscall_linux_*
files for all GOARCHes during review of CL 135915. Do so now such that
the flags parameter is of type int on all GOARCHes.
Change-Id: Ifc4afacfbedb70f3818b23ed3ea468745bbdb455
Reviewed-on: https://go-review.googlesource.com/136296
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Add syscall wrappers, error constants and types for linux/riscv64
Switch docker image to Ubuntu 18.10 in order to get qemu supporting
riscv64. Also set the uname release string for qemu to 4.15 (the first
Linux kernel version with riscv64 support), because otherwise running
the generating C program in mkerrors.sh on a host with an older kernel
would fail with a "FATAL: kernel too old".
Note that linux/riscv64 is currently only usable using gccgo.
Updates golang/go#27532
Change-Id: Ic420f842342418443474cac72d38adff14d1b938
Reviewed-on: https://go-review.googlesource.com/133735
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
