)]}' { "log": [ { "commit": "91baa6234536b66149ba576d0e6c0506c3b3d2e3", "tree": "c0a535be43dcf997b0119cb4ae8bee1e54d3a8c6", "parents": [ "9330761c07459eb6cbb75ab2d120a153307a8cb7" ], "author": { "name": "hans@chromium.org", "email": "hans@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Dec 12 18:14:34 2012" }, "committer": { "name": "hans@chromium.org", "email": "hans@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Dec 12 18:14:34 2012" }, "message": "Make Maps constructor explicit.\n\nBUG\u003dhttps://code.google.com/p/chromium/issues/detail?id\u003d163357\nReview URL: https://codereview.chromium.org/11547014\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@189 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "9330761c07459eb6cbb75ab2d120a153307a8cb7", "tree": "8b487c5bc8922ee88e1d42440eb79955fe02a396", "parents": [ "95fc762804a289168b66f3a9a9676ad9a9dd89a4" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Oct 25 04:21:39 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Oct 25 04:21:39 2012" }, "message": "Work-around for an erroneous warning message in gcc-4.7\n\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@188 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "95fc762804a289168b66f3a9a9676ad9a9dd89a4", "tree": "1e7a1293e6d46d5de49acda7a2d9fde4c460c7a1", "parents": [ "197650a0f9a2535b6494e2f66990e43032588fdc" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Aug 14 00:47:30 2012" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Aug 14 00:47:30 2012" }, "message": "Add out-of-line copy ctor to Maps::Iterator.\n\nChrome\u0027s style checking plugin complains that this class needs an explicit\nout-of-line copy constructor.\n\nSo far, the style plugin has not warned about nested classes because of a bug,\nbut we have fixed that bug and are now cleaning up all the cases where it warns.\n\nCommitted on behalf of Hans Wennborg (hans@chromium.org).\n\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d139346\n\nReview URL: https://chromiumcodereview.appspot.com/10824229\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@187 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "197650a0f9a2535b6494e2f66990e43032588fdc", "tree": "6ebb3c5209eb5d6e5acd0b5af6385b26da8f1117", "parents": [ "e30c22440e74b902137db92852bbd5af629657fd" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon May 21 23:06:45 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon May 21 23:06:45 2012" }, "message": "I am somewhat reluctantly changing the API so that setProcFD is no longer\nidempotent with regards to global state. But Julien Tinnes convinced me that\nwe should try to hold on to /proc for as short a time as possible.\n\nThis change potentially makes things a little more difficult for callers, as\nthey can now no longer re-use the file descriptor passed into setProcFd(), so\nI updated the comments to warn about the changed semantics.\n\nBUG\u003dn/a\nTEST\u003dmake test\nReview URL: https://chromiumcodereview.appspot.com/10399114\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@186 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e30c22440e74b902137db92852bbd5af629657fd", "tree": "dc369d9c180ca4e934f0673eb359244664fca739", "parents": [ "f62b37971966b4f4ebebf12787f1e062d9e91385" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon May 21 20:43:17 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon May 21 20:43:17 2012" }, "message": "Get rid of a call to dup() that is no longer needed with the way the API works\nnow. It was harmless, but it certainly confuses my poor code reviewers :-)\n\nTEST\u003dmake test\nBUG\u003dn/a\nReview URL: https://chromiumcodereview.appspot.com/10399109\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@185 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "f62b37971966b4f4ebebf12787f1e062d9e91385", "tree": "e225478d4e821997fb4f03e5d94aabc41b10db52", "parents": [ "f407e208e083d5c54cf1ff643fc7978cc0b170e6" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri May 18 01:35:32 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri May 18 01:35:32 2012" }, "message": "Change the sandbox API to require passing in a copy of /proc instead of\n/proc/self. This allows \"SupportsSeccompSandbox()\" to work correctly, even\nafter it had to \"fork()\". Otherwise, the old \"/proc/self\" would point to\nthe parent process, and some kernels don\u0027t allow accessing it from the\nchild (even though it is still a valid file descriptor; it just stops\nworking).\n\nBUG\u003dn/a\nTEST\u003dmake test\nReview URL: https://chromiumcodereview.appspot.com/10389201\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@184 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "f407e208e083d5c54cf1ff643fc7978cc0b170e6", "tree": "8398bc8621f74791fa02d9115e3f610bb737deb3", "parents": [ "a35a8eb3c0725cfc61e8734fb6a221a0f6950ba1" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 15 01:10:37 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 15 01:10:37 2012" }, "message": "PaX-enabled systems require us to mark our executables so that mprotect() doesn\u0027t get\nrestricted. If \"paxctl\" is available at build-time, run it on all of our binaries.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d20\nTEST\u003dmake test\nReview URL: https://chromiumcodereview.appspot.com/10384175\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@183 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "a35a8eb3c0725cfc61e8734fb6a221a0f6950ba1", "tree": "d33bbc5335243283de9de0a6765c58f37220cf9c", "parents": [ "0bd555879f21bb531959d337ddb9037a2115c781" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 15 01:09:39 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 15 01:09:39 2012" }, "message": "Include \u003cunistd.h\u003e, as we are otherwise missing definitions on some systems.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d19\nTEST\u003dmake test\nReview URL: https://chromiumcodereview.appspot.com/10384174\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@182 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "0bd555879f21bb531959d337ddb9037a2115c781", "tree": "68cb96c6292dcaa1faf395dd1c279c71cdb32e3e", "parents": [ "b5e857297b432d3cf00d0805c7fe036d0d718cc1" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 15 01:06:42 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 15 01:06:42 2012" }, "message": "Import \u003csys/types.h\u003e, as that is the canonical location of \"ssize_t\".\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d18\nTEST\u003dmake test\nReview URL: https://chromiumcodereview.appspot.com/10388133\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@181 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "b5e857297b432d3cf00d0805c7fe036d0d718cc1", "tree": "3fc421347e8ffc594a9924419ca5d824cb409320", "parents": [ "57d626f7814caca01ea21207750ac3104a833375" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 01 00:41:51 2012" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue May 01 00:41:51 2012" }, "message": "Make a small change to the API. Instead of passing in a file\ndescriptor to /proc/self/maps, we now pass in a file descriptor\nto /proc/self and open \"maps\" ourselves. This is a more generic\nAPI that will make it easier to add other features in the future\n(e.g. merge the setuid sandbox into the seccomp sandbox, if the\nkernel allow unprivileged calls to chroot).\n\nBUG\u003dnone\nTEST\u003dmake test\nReview URL: https://chromiumcodereview.appspot.com/10178029\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@180 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "57d626f7814caca01ea21207750ac3104a833375", "tree": "da1d9b16b3605e8155014ede1b6dd56864252882", "parents": [ "16a95ccebbef3caed8bfb8f2e667319d61f7d454" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Nov 30 05:34:02 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Nov 30 05:34:02 2011" }, "message": "Add test for doing syscalls via \"int $0\"\n\nThis is a test for the fix in r165 (which fixed the 6th syscall\nargument on x86-32).\n\nBUG\u003dnone\nTEST\u003d\"make test\"\n\nReview URL: http://codereview.chromium.org/8727036\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@179 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "16a95ccebbef3caed8bfb8f2e667319d61f7d454", "tree": "b84a4eafdd1366a0721d6c3624f0e728cb043784", "parents": [ "288cf2bc06b7e7f46a02fcef6989f36421473b7e" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sat Nov 19 03:28:04 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sat Nov 19 03:28:04 2011" }, "message": "Add logic for patching calls to the x86-64 vsyscall page\n\nThis is necessary on Linux 3.1 because the vsyscalls now make real\nsyscalls to the kernel, rather than just reading memory as they\nusually did before, which means they fail in seccomp mode.\n\nAlthough the vsyscall page is deprecated, glibc still contains some\ncalls to it. We detect and patch the instruction sequence that\nmatters. (We do this because, unfortunately, the kernel does not let\nus change the permissions on the vsyscall page to patch it.)\n\nglibc still contains a code path that could call vgettimeofday via a\ndifferent instruction sequence, which is much harder to patch, and we\ndon\u0027t try to. libc.so has code to store vgettimeofday\u0027s address\n(0xffffffffff600000) in TLS, but in practice this code path is not\nused when the vdso is present.\n\nTo apply the patch we replace the instructions with a syscall, which\nlater gets re-patched to be a jump.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d17\nTEST\u003dtest_patching_vsyscall_* on any Linux version,\n plus test_time and test_sched_getcpu on Linux 3.1\n\nReview URL: http://codereview.chromium.org/8605003\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@178 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "288cf2bc06b7e7f46a02fcef6989f36421473b7e", "tree": "45e9c3d33e94f8ddc86d2903bddc96d3869a9cac", "parents": [ "2c20cb8fda1ea4388802944830cb78bff1a7fe67" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 21:17:05 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 21:17:05 2011" }, "message": "Add test for patching a system call instruction\n\nThis tests patching a specific, fixed instruction sequence, whereas\nthe existing tests just test whatever is in the version of glibc on\nthe system.\n\nChange library.cc to make the patching code easier to test: Split out\na patchSystemCallsInRange() method, since the existing methods assume\nthey are operating on a whole dynamically-loaded ELF object. Change\nmaps_ to be per-instance so that creating Library objects with\ndifferent Maps objects works.\n\nThis doesn\u0027t try to cover the various corner cases in library.cc yet.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d17\nTEST\u003dtest_patching_syscall\n\nReview URL: http://codereview.chromium.org/8596009\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@177 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "2c20cb8fda1ea4388802944830cb78bff1a7fe67", "tree": "5effff044573b0195a90617e2524908cb438aa0b", "parents": [ "1bd1a03ef10ce44e3ea4e30098d5495c8b765f01" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 18:04:10 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 18:04:10 2011" }, "message": "Add tests for glibc functions which sometimes use the x86-64 vsyscall page\n\ntest_time and test_sched_getcpu reproduce a problem on Linux 3.1\n(e.g. with the current version of Ubuntu Precise), which I\u0027ll fix in a\nlater change. These tests will hang, because the untrusted thread is\nkilled when it attempts to do a syscall.\n\ntest_gettimeofday is included for completeness.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d17\nTEST\u003dshould fail on Linux 3.1 but pass on earlier kernel versions\n\nReview URL: http://codereview.chromium.org/8558011\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@176 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "1bd1a03ef10ce44e3ea4e30098d5495c8b765f01", "tree": "4934441b7520271660239408a7f515d516c6fe01", "parents": [ "178bbab4862f667b20fcdd589df58c294a8f2f1d" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 16:20:26 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 16:20:26 2011" }, "message": "Tests: Split generic test runner out into test_runner.{cc,h}\n\nThis will allow test cases to be spread across multiple files rather\nthan putting them all in one big file as they are now.\n\nBUG\u003dnone\nTEST\u003d\"make all test\" plus run tests through Gyp too\n\nReview URL: http://codereview.chromium.org/8558007\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@175 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "178bbab4862f667b20fcdd589df58c294a8f2f1d", "tree": "be022d3594abb4b469ea5ccd50883536f1bd415a", "parents": [ "202f2afa2ac2ad3b4e6a16d305617da5cc3dfe86" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 00:24:33 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 00:24:33 2011" }, "message": "Test runner: Make test discovery work within C++ (or C)\n\nRemove the hack I wrote that used a Python script to scrape the TEST()\nfunction names. Replace it with a different hack: Use constructors to\nregister the test functions in a global list before main() gets\ncalled.\n\nThis simplifies the build scripts. It will also make it easier to\nsplit test_syscalls.cc into smaller files.\n\nIt also means that #ifs around test cases will work.\n\nBUG\u003dnone\nTEST\u003d\"make all test\"\n\nReview URL: http://codereview.chromium.org/8586016\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@174 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "202f2afa2ac2ad3b4e6a16d305617da5cc3dfe86", "tree": "f6755a82f2e59cd25796adc361a0b91bc1920b71", "parents": [ "39104e2bbb2076ed188800b7092740c7298ca5fe" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 00:16:38 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 18 00:16:38 2011" }, "message": "Add a tool for patching ELF libraries/executables offline\n\nThis is for patching ELF objects for use with elf_loader.cc. It\nallows system call instructions to be patched before the library or\nexecutable is loaded.\n\nFor simplicity, we replace system calls with \"int $0\", which is not\nvery fast at run time. A more sophisticated version could insert\njumps like library.cc does, but this would involve adding an extra\ncode segment to the ELF object.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d13\nTEST\u003dFor example:\n ./patch_offline /lib/ld-linux.so.2 -o ld.so.patched\n objdump -d ld.so.patched | grep -w int\nAutomated tests will be added in a later change.\n\nReview URL: http://codereview.chromium.org/8589027\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@173 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "39104e2bbb2076ed188800b7092740c7298ca5fe", "tree": "73a38b50b8a4c65d9d04512a13563a061c565cdb", "parents": [ "464a08ace2b54b18c4e0b57e7eb852ed7ab124c9" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Nov 17 00:55:26 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Nov 17 00:55:26 2011" }, "message": "Remove some unused code in the library patcher\n\nlibrary.cc parses the PLT table and fills out plt_entries_, but this\nis not subsequently used, so we can remove it. Also remove some other\nunused definitions.\n\nBUG\u003dnone\nTEST\u003d\"make all test\"\n\nReview URL: http://codereview.chromium.org/8578008\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@172 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "464a08ace2b54b18c4e0b57e7eb852ed7ab124c9", "tree": "f5cbdb4830e1a17b663f25fc2ba6c94900a0cf3b", "parents": [ "f2d60520fbe250b1c33c2012f79d21cf16710a8d" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Nov 16 16:16:06 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Nov 16 16:16:06 2011" }, "message": "Add an ELF loader that can load and run an executable in the sandbox\n\nThis can load both statically-linked executables and ld.so (the\ndynamic linker). These have to be pre-patched to do syscalls via\n\"int $0\" - I will add a tool for doing this patching in another change.\n\nThe ELF loader itself also runs with sandboxing enabled.\n\nCurrently the loader is dynamically linked against glibc, which will\nprobably cause problems when another copy of libc gets loaded into the\nprocess, so in the long term we will want to statically link the\nloader.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d13\nTEST\u003dto be added in a later change\n\nReview URL: http://codereview.chromium.org/7634024\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@171 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "f2d60520fbe250b1c33c2012f79d21cf16710a8d", "tree": "8764804cffc8b889e64fedaa4949250bd0603001", "parents": [ "4fb14f3b8b41a9d9afd1f194b9fd645dc74e61ce" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Sep 27 15:34:58 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Sep 27 15:34:58 2011" }, "message": "In 32bit mode, removed all assembly addressing modes that are incompatible with\nposition independent code. Fedora is configured to refuse running binaries that\nrequire relocations.\n\nTEST\u003dadd -fPIC and -fPIE to CFLAGS and LDFLAGS respectively, then run \"scanelf -qT ./preload32.so\". There shouldn\u0027t be any output.\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d87704\nReview URL: http://codereview.chromium.org/8036047\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@170 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "4fb14f3b8b41a9d9afd1f194b9fd645dc74e61ce", "tree": "8229d7fdad6093a301d232331b8a520ea196d518", "parents": [ "e1204e76274d8817d02ec0c0ac30f2641a27b77f" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 16 18:43:25 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 16 18:43:25 2011" }, "message": "Original changelist: http://codereview.chromium.org/7326013/\n\nTEST\u003dmake test\nBUG\u003dnone\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@169 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e1204e76274d8817d02ec0c0ac30f2641a27b77f", "tree": "5c1ac22561a37fac860dcd02b829785b229c27af", "parents": [ "592d8aff46d65a16024f9235a37ce328e7a36dff" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Aug 19 02:44:25 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Aug 19 02:44:25 2011" }, "message": "Committed clang-related fix, as requested by Nico Weber.\n\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@168 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "592d8aff46d65a16024f9235a37ce328e7a36dff", "tree": "152b72c70f62655ec370210508ef89c7fe6f1819", "parents": [ "53974bc492e23a9210d43ca25d1cac4736461cd9" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Aug 15 17:31:27 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Aug 15 17:31:27 2011" }, "message": "Allow the ftruncate() system call from within the sandbox.\nReview URL: http://codereview.chromium.org/7650011\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@167 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "53974bc492e23a9210d43ca25d1cac4736461cd9", "tree": "9c4a340a7b2cf40a549de120ffd2c437e1eec1fc", "parents": [ "4597c75afda5c4ecbdd5b7504d953a504a11820b" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Aug 11 07:06:14 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Aug 11 07:06:14 2011" }, "message": "Allow writev() and readv() system calls\n\nThe dynamic linker (ld.so) uses writev() to print error messages.\n\nAllow readv() for symmetry.\n\nWe already allow preadv() and pwritev().\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d13\nTEST\u003d\"make test\"\n\nReview URL: http://codereview.chromium.org/7462025\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@166 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "4597c75afda5c4ecbdd5b7504d953a504a11820b", "tree": "bc38810110fac89f085a07415cca7578d8ea8a51", "parents": [ "a3afca84ee507c7b5b436cb905ded4f1cde5104f" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Aug 04 19:24:37 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Aug 04 19:24:37 2011" }, "message": "x86-32: Fix the 6th argument on syscalls invoked via \"int $0\"\n\nThe assembly-code signal handler restores %ebp (the 6th system call\nargument) from the wrong offset in the signal stack frame. This\nbreaks the \"offset\" argument of the mmap() system call.\n\nThis change can be checked against /usr/include/asm/sigcontext.h.\n\"struct sigcontext\" includes:\n\n unsigned long edi; // offset 0xb4\n unsigned long esi; // offset 0xb8\n unsigned long ebp; // offset 0xbc\n unsigned long esp; // offset 0xc0\n unsigned long ebx; // offset 0xc4\n unsigned long edx; // offset 0xc8\n unsigned long ecx; // offset 0xcc\n unsigned long eax; // offset 0xd0\n\nBUG\u003dnone\nTEST\u003dTested via running ld.so (the glibc dynamic linker) under the sandbox.\n I\u0027ll add an automated test that does this in a future change.\n\nReview URL: http://codereview.chromium.org/7564032\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@165 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "a3afca84ee507c7b5b436cb905ded4f1cde5104f", "tree": "bf4cbe2bb1a8d82a4516bd8d4ee50daa8aa09312", "parents": [ "e0659151da34c846127fc6bbedd1440bda8029f1" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jul 28 23:16:35 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jul 28 23:16:35 2011" }, "message": "While the seccomp sandbox appears to work correctly when built with \"clang\",\nthe unittest was still failing. It turns out that clang\u0027s built-in assembler\nturns all short jumps into long jumps. The unittest inspects the generated\ninstructions to verify that backtraces of instrumented system calls look the\nway that we expect them to do. And of course, the signature no longer matches\nif the assembler outputs a different sequence of bytes than what we tried to\ntell it.\n\nThis changelist makes the unittest more tolerant of different instruction\nstreams.\n\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d70871\nTEST\u003dBuild with clang, then run \"make test\"\nReview URL: http://codereview.chromium.org/7533008\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@164 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e0659151da34c846127fc6bbedd1440bda8029f1", "tree": "3233c0684bb31480b06ea5b9df51358f92c18911", "parents": [ "6f9e6883638cedf3122acd07440c6f1c7dac7fda" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jul 28 21:08:53 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jul 28 21:08:53 2011" }, "message": "Fix build: Add file missed in previous commit, tls_setup.h\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d13\nTEST\u003d\"make clean test\" in fresh checkout\n\nReview URL: http://codereview.chromium.org/7531007\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@163 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "6f9e6883638cedf3122acd07440c6f1c7dac7fda", "tree": "dab91b6ebc0b01de033981427e12d600910e1a9b", "parents": [ "289096fed66d4bc3e69954457c3a63ba1512c683" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Jul 27 19:57:21 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Jul 27 19:57:21 2011" }, "message": "Implement TLS initialisation system calls for i386 and x86-64\n\nThis will allow ld.so (the dynamic linker) to start up under the\nsandbox.\n\nThis is not straightforward because the set_thread_area()/arch_prctl()\nsyscalls modify a thread\u0027s state, so we cannot simply forward the\nsyscall to the trusted thread, because that would modify the wrong\nthread\u0027s state.\n\nInstead, we use the trick of using clone() to create a new thread that\npicks up where the original thread left off, but with modified thread\nstate. Furthermore, clone() provides a built-in way of setting up\nTLS.\n\nThis requires two further tricks:\n * Capture a signal frame that we can use to return into the new thread.\n * Do write() and then _exit() without using the stack inbetween,\n because the stack is used by the new thread that write() spawns.\n\nPleasantly, this can all be done without changing the trusted code.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d13\nTEST\u003dtest_tls_setup_via_arch_prctl, test_tls_setup_via_set_thread_area\n\nReview URL: http://codereview.chromium.org/4848001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@162 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "289096fed66d4bc3e69954457c3a63ba1512c683", "tree": "e10991d602db92e6cbf51b78d1fbb472b42833d8", "parents": [ "b651c4aa47dc094e930075f6e0baea947641699b" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Jul 27 19:29:04 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Jul 27 19:29:04 2011" }, "message": "Fix the makefile to work after the previous change, r160\n\nThe previous change replaced syscall_table.c with system_call_table.cc.\n\nBUG\u003dnone\nTEST\u003d\"make test\"\n\nReview URL: http://codereview.chromium.org/7514033\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@161 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "b651c4aa47dc094e930075f6e0baea947641699b", "tree": "816723c4f576f871d1feb2b4ea5be362c77c7c9d", "parents": [ "34af4bb470ee502ea3fa7c4fec53426428d4a469" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Jul 19 21:49:35 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Jul 19 21:49:35 2011" }, "message": "Finally eliminated the dirty hack that we used for populating the system\ncall table. This table needs to be in read-only memory, and it needs to\nhave all of the unused entries zero\u0027d out. We used to rely a C having\ndesignated initializers. And we also abused a gcc extension to move the\ndata structure into read-only memory.\n\nInstead, we are now explicitly managing this data structure, which allows us\nto remove our dependency on C. All code is now either C++ or assembly. This\nhad a trickle down effect of cleaning up a lot of other code and getting rid\nof a lot of \"asm\" labels for identifiers that are no longer referenced by\nanything but C++ code.\n\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d88578\nTEST\u003dmake test\nReview URL: http://codereview.chromium.org/7397023\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@160 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "34af4bb470ee502ea3fa7c4fec53426428d4a469", "tree": "a4190e8a0df6a4b2cf335dd43dcd6a7f18e30238", "parents": [ "ae569868426ffe442eeca5026e0f2593b0e98623" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Jul 18 19:16:21 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Jul 18 19:16:21 2011" }, "message": "Moved complex constructors/destructors out of header files.\n\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d88578\nReview URL: http://codereview.chromium.org/7324003\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@159 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "ae569868426ffe442eeca5026e0f2593b0e98623", "tree": "34a07311e6b5aa2dfb736888ca285ffa5d4ba548", "parents": [ "174df84989c4337a7d575154c2836c34ef4af1aa" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Jul 15 07:11:41 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Jul 15 07:11:41 2011" }, "message": "Unconditionally allow p{read,write}{,v}().\n\nTEST\u003dmake test, also run browser_tests in Chrome\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d89114\nReview URL: http://codereview.chromium.org/7387002\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@158 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "174df84989c4337a7d575154c2836c34ef4af1aa", "tree": "db479d076f58df4c87bd83447cf23236e58af50a", "parents": [ "4a406d666630ab05b44760e7af35b5ad59cd9c40" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jun 30 22:08:53 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jun 30 22:08:53 2011" }, "message": "Assortment of fixes to make the code work with (very recent) versions of\nclang. The following issues were noticed:\n\n - clang complains about unused values computed by C expressions\n\n - clang makes extensive use of SSE registers. This requires us to \n explicitly align the stack pointer in x86-32. It seems as if x86-64\n already works correctly, but we might need to revisit this assessment\n if we encounter problems.\n\n - clang doesn\u0027t implicitly do a const_cast() when it does a \n reinterpret_cast(). We now do a C-style cast instead, as that ends\n up being more readable.\n\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@157 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "4a406d666630ab05b44760e7af35b5ad59cd9c40", "tree": "f46e149b2697170a131b330f0edcfd5d019bbac3", "parents": [ "251ce2f6999cf538e4311da59fe628b4f47fe43c" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jun 09 22:34:12 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jun 09 22:34:12 2011" }, "message": "A couple of changes that make \"clang\" happier. We still make use of other\ngcc-specific features that are unsupported in \"clang\". So, don\u0027t expect the\ncode to build and/or run with \"clang\" just yet.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d15\nTEST\u003drun \"make\" and notice fewer errors than before\nReview URL: http://codereview.chromium.org/7134059\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@156 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "251ce2f6999cf538e4311da59fe628b4f47fe43c", "tree": "9375877de0486957106a57375b9e9fdf5ddacc0f", "parents": [ "e985d2c2d89a8710bce917222d552238adf5b531" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Apr 08 19:47:24 2011" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Apr 08 19:47:24 2011" }, "message": "Allow nanosleep() system call, and add a policy setting that allows\nSysV shared memory accesses to be completely unrestricted.\n\nThese changes are necessary to make the seccomp sandbox compatible\nwith some of the Chrome unittests.\n\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d66906\nTEST\u003dmake test\nReview URL: http://codereview.chromium.org/6720004\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@155 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e985d2c2d89a8710bce917222d552238adf5b531", "tree": "092754bdcfdc52d859fd9edbb39aaece046dd7cd", "parents": [ "df500bf027f9bc1365d6e2e73153d8796d9e3cc8" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jan 27 22:41:42 2011" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Jan 27 22:41:42 2011" }, "message": "Add explicit size suffix to ambiguous \"cmp\" instructions\n\nThis fixes a bug on x86-64 where the signal handler function pointer\nwould be read as 32-bit instead of 64-bit and so only the lower 32\nbits would be compared with 0 and 1 (SIG_DFL and SIG_IGN).\n\nThis also fixes warnings produced by Clang\u0027s assembler.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d14\nTEST\u003d\"make test\" (with gcc) and also build with Clang (though this\n produces various other warnings/errors)\n\nReview URL: http://codereview.chromium.org/6264021\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@154 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "df500bf027f9bc1365d6e2e73153d8796d9e3cc8", "tree": "1ab6e6b3decb067de98e3e2437870d39cbefea7a", "parents": [ "4d0453565b3964f01dd8644d83f66ad80d4ab74d" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Dec 06 21:53:05 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Dec 06 21:53:05 2010" }, "message": "Evan Martin asked for another fix in his series of changes to BranchTargets.\n\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@153 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "4d0453565b3964f01dd8644d83f66ad80d4ab74d", "tree": "1aabb57fb49cb851e71344eb01af3aaa8b65ccee", "parents": [ "4365e11fb4dedd720c2ef4ad096db9cdea9c959a" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Dec 06 19:09:46 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Dec 06 19:09:46 2010" }, "message": "Committed another iteration of http://codereview.chromium.org/5599002/ \n\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@152 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "4365e11fb4dedd720c2ef4ad096db9cdea9c959a", "tree": "108b26b507955e3b301dac44a2a661d834bb314e", "parents": [ "ad61c67860ab5ded281c4d2a281b462552c07221" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Dec 02 23:12:17 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Dec 02 23:12:17 2010" }, "message": "Committing evan\u0027s changelist: http://codereview.chromium.org/5599002/\n\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@151 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "ad61c67860ab5ded281c4d2a281b462552c07221", "tree": "100b17a4a293df67109b66d8dd468888b840d3de", "parents": [ "021c05f2efc229550c40eb7c228580b219721908" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 12 23:26:21 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Nov 12 23:26:21 2010" }, "message": "Gcc as shipped by Fedora 14 prints a bogus warning message when passing\nNULL to a templatized function. Casting NULL to \"void *\" will hopefully\nwork around this problem.\n\nN.b. we currently do not officially support compiling with anything newer\nthan gcc 4.4 and on anything other than Ubuntu. Regressions with regards to\ncompiler warnings are expected.\n\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d62916\nTEST\u003dnone: not tested on gcc 4.5.1\nReview URL: http://codereview.chromium.org/4900004\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@150 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "021c05f2efc229550c40eb7c228580b219721908", "tree": "377e26b1855f86b3b12e41e517783c707db44f3b", "parents": [ "cdb9e64bd260e5729d6227926edf719a8a8df80e" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 19:47:43 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 19:47:43 2010" }, "message": "Split sandbox.cc\u0027s asm code into .S files, part 2 of 2\n\nUpdate the code in the .S files with a symbol name and copyright\nheader, and word wrap some text.\n\nWe put the arch-specific conditionals into a .S file, as we did with\ntrusted_thread_asm.S.\n\nRemove the original copy of the code in sandbox.cc.\nRemove the throwaway extraction script.\n\nBUG\u003dnone\nTEST\u003dmake test all\n\nReview URL: http://codereview.chromium.org/4243005\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@149 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "cdb9e64bd260e5729d6227926edf719a8a8df80e", "tree": "78f63cc6130f22a6532fc62612a08072673c6321", "parents": [ "f70a40d320fb0ea0f671729994c495393f2a6813" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 19:45:56 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 19:45:56 2010" }, "message": "Split sandbox.cc\u0027s asm code into .S files, part 1 of 2\n\nWe use the same approach for splitting out inline assembly as for\ntrusted_thread.cc in r99.\n\nIn this first step we extract the i386/x86-64 assembly code from\nsandbox.cc into separate fault_handler_*.S files. This is\nsemi-automatically extracted: the asm() quotes are removed and\nregister names are converted. We include the script that performed\nthe extraction, plus changes to sandbox.cc that helped with the\nextraction.\n\nThe new files will be made functional in the next commit.\n\nBUG\u003dnone\nTEST\u003dmake test all\n\nReview URL: http://codereview.chromium.org/4325001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@148 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "f70a40d320fb0ea0f671729994c495393f2a6813", "tree": "c7a0f9d9bf8d6221c9c05088439f609afb4da047", "parents": [ "180c165e8173809b0f2b07ccb0e726a9e983cc33" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 16:45:41 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 16:45:41 2010" }, "message": "On older 32bit kernels (e.g. Ubuntu Hardy), the seccomp sandbox fails to handle\nsignals correctly. This is primarily a result of the kernel not supporting\nnon-executable data segments. But it also runs into problems because the\nformat of the signal frame is subtly different and does not appear to always\ninclude a \"magic restorer function\".\n\nThis changelist removes all dependencies on NX support from the 32bit version\nof the code. And it eliminates the code that patches the restorer function.\n\nBoth of these features were originally added to make it easier for gdb to\ndebug code that runs inside of a signal handler. But given the observed problems\nwith this approach, it does not seem worth the effort.\n\n64bit code seems unaffected by all of these problems -- presumably because\nthat architecture is a lot more recent. So, we\u0027ll not make any changes to it.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d5\nTEST\u003dmake test\nReview URL: http://codereview.chromium.org/4688002\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@147 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "180c165e8173809b0f2b07ccb0e726a9e983cc33", "tree": "e7b31761702c0d8f80e6096e4a2b51dc11e8cfbf", "parents": [ "965e062ec9bd1f89bf412b209111b4a4b94884af" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 09:06:19 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Nov 09 09:06:19 2010" }, "message": "Style: Fix recently-added tabs; convert to spaces\n\nThis fixes the tabs that I introduced accidentally in r139 because\nI forgot to set\n (set-default \u0027indent-tabs-mode nil)\nin the instance of Emacs that I was using.\n\nBUG\u003dnone\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3922004\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@146 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "965e062ec9bd1f89bf412b209111b4a4b94884af", "tree": "e3c807f54aaad78322bc71016bc7abc6ca394e15", "parents": [ "512a4cac1729d94b2956d861f7a8694598369901" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 21:21:43 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 21:21:43 2010" }, "message": "Factor out duplicated code for checking for protected memory mappings\n\nIntroduce isRegionProtected() for the common code.\n\nipc.cc contained a check for an address being in the protected area,\nbut we convert this to an address range check.\n\nAdd tests for madvise().\n\nBUG\u003dnone\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3951003\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@145 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "512a4cac1729d94b2956d861f7a8694598369901", "tree": "dce69f82f61a17c2118de8b258a0ceef14c2905c", "parents": [ "52f327ff1000587c9dfc116ec6c87c7c079f1c64" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 18:18:34 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 18:18:34 2010" }, "message": "Tidy: Remove no-op address adjustment in arguments for locked syscalls\n\nReplace \"info-\u003emem-\u003epathname - (char*)info-\u003emem + (char*)info-\u003emem-\u003eself\"\nwith \"info-\u003emem-\u003epathname\", because info-\u003emem \u003d\u003d info-\u003emem-\u003eself.\n\nPresumably this arithmetic was intended to handle a case where the\nsecure memory areas are mapped at different addresses in the trusted\nprocess and the sandboxed process, but that is not the case now.\n\nBUG\u003dnone\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3929003\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@144 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "52f327ff1000587c9dfc116ec6c87c7c079f1c64", "tree": "17f7e37abef84e3b725795ce35250cca6e5f049e", "parents": [ "87fba4e2ca6ad979af22fbd3ec9bead39db8fc8b" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 08:04:34 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 08:04:34 2010" }, "message": "Fix deadlock between recvmsg() and sendmsg() on i386\n\nChange recvmsg(), recvfrom() and recv() to use SEND_LOCKED_ASYNC on\ni386, so that the trusted process does not block waiting for them to\ncomplete.\n\nThe problem did not occur on x86-64 since the recv*() calls pass\narguments in registers there and so use SEND_UNLOCKED.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3874001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@143 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "87fba4e2ca6ad979af22fbd3ec9bead39db8fc8b", "tree": "7de33a99f0a69486f3b07019b8ddc9da4b0d0d15", "parents": [ "b50a2b4f5ffb425ba5358494e5ff594b26f9ba2b" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 07:58:30 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 07:58:30 2010" }, "message": "sendSystemCall(): Change the \"locked\" parameter from a bool to an enum\n\nChange false to SEND_UNLOCKED\nand true to SEND_LOCKED_SYNC\nand add a third option, SEND_LOCKED_ASYNC.\nThis is for blocking system calls, where the trusted process cannot\nwait for the syscall to complete because it would deadlock other\nthreads.\n\nThis change is a pure refactoring: Some syscalls will be changed to\nuse SEND_LOCKED_ASYNC in later changes.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3871001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@142 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "b50a2b4f5ffb425ba5358494e5ff594b26f9ba2b", "tree": "ae027bd194e5ddddea8dcbc3e900720f16d705f2", "parents": [ "8c38be73a42e52bbd88d6dadbc6867016710bc57" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 00:30:56 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 20 00:30:56 2010" }, "message": "Make sure that the code can be compiled both in release and debug mode.\nWe previously had an undefined reference when compiling in release mode.\n\nTEST\u003dmake clean all CPPFLAGS\u003d-DNDEBUG\nBUG\u003dnone\nReview URL: http://codereview.chromium.org/3898005\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@141 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "8c38be73a42e52bbd88d6dadbc6867016710bc57", "tree": "0ef1251ae4795e31d67a72f8835071f3e008d8a9", "parents": [ "18316a0de2175c156ae63a7dd668b75fdf483e13" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Oct 19 16:48:52 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Oct 19 16:48:52 2010" }, "message": "Factor out duplicated code for setsockopt()/getsockopt()\n\nBUG\u003dnone\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3770020\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@140 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "18316a0de2175c156ae63a7dd668b75fdf483e13", "tree": "2c433f2e875f4eaeac5ebb31b11f8e8ed5402d0e", "parents": [ "aaea8edcee631cba9c31faf78b9c28ec17eeabd4" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Oct 19 16:45:50 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Oct 19 16:45:50 2010" }, "message": "Fix setsockopt() on i386 and add tests for setsockopt()/getsockopt()\n\nprocess_socketcall() was reading the wrong message size. This could\nlead to it expecting too much data (in which case the trusted process\nwill hang), or too little (in which case it will read bad data for the\nnext syscall).\n\nAnother possibility would have been to remove \"OFF(setsockopt,\noptval), OFF(setsockopt, optlen)\" from socketCallArgInfo, since the\nsetsockopt() option value currently does not need to be validated.\n\nBUG\u003dnone\nTEST\u003dmake all test\n\nReview URL: http://codereview.chromium.org/3804009\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@139 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "aaea8edcee631cba9c31faf78b9c28ec17eeabd4", "tree": "aab1d180208c55ffab4c67e8fedcca297ee1345f", "parents": [ "b4729684a6f123d0f70ec52be785fbfec8751d99" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Oct 18 23:44:28 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Oct 18 23:44:28 2010" }, "message": "Allow fdatasync() inside of the sandbox. This is needed by SQLite.\n\nTEST\u003dmake test\nBUG\u003dhttp://code.google.com/p/chromium/issues/detail?id\u003d59420\nReview URL: http://codereview.chromium.org/3796012\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@138 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "b4729684a6f123d0f70ec52be785fbfec8751d99", "tree": "9fde6189cda721640be6b3fdf49cfb55058bae4a", "parents": [ "fc3f8ed55052af5983a321d09e10a0d51841d764" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Oct 17 18:19:44 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Oct 17 18:19:44 2010" }, "message": "Debug mode: Remove \"%gs \u003d\u003d 0\" check which is always true on x86-64\n\nThis fixes debug mode on x86-64 kernels where gettimeofday() does a\nsystem call, which has been observed running Ubuntu Lucid in a VM.\nBefore this change, the code recurses infinitely between\ngettimeofday() and Debug::syscall() and runs out of stack.\n\nThe check is incorrect because %fs and %gs are usually both 0 on\nx86-64, even when TLS is initialised. Unlike on i386, their numeric\nvalue is just a dummy value and does not act as a segment selector.\n\nInstead of assigning %gs \u003d 0 in the trusted process, disable debug\nmode there.\n\nRemove the TLS check from Debug::message() because this is called via\nint $0 during sandbox startup before TLS is set up.\n\nMake similar changes to i386 for consistency.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d4\nTEST\u003d\"make test\" in a VirtualBox VM.\n This can also be tested by changing\n ::gettimeofday(\u0026tv, NULL);\n in debug.cc to\n ::syscall(__NR_gettimeofday, \u0026tv, NULL);\n\nReview URL: http://codereview.chromium.org/3770012\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@137 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "fc3f8ed55052af5983a321d09e10a0d51841d764", "tree": "091412c57a86443891e9941e5b35f8e27959983e", "parents": [ "8091830fbca8371b263631e9a91bfcf0fa5a09a3" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Oct 17 18:02:08 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Oct 17 18:02:08 2010" }, "message": "Test runner: Set a limit on stack size to avoid accidental OOM\n\nA bug in the debug code can trigger the OOM killer when running\ntest_debugging, which tends to kill processes at random. Set a limit\non the stack size in order to prevent this happening when running\ntests. The bug will be fixed in a later change.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d4\nTEST\u003d\"make test\" fails safely on an x86-64 system where gettimeofday()\n causes a system call.\n\nReview URL: http://codereview.chromium.org/3770011\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@136 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "8091830fbca8371b263631e9a91bfcf0fa5a09a3", "tree": "825eedb0443c27adda286b17aadd55d36fc9fd1a", "parents": [ "56115cdb6cd11c1a39d070e12712c132ba777ac6" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Oct 14 16:07:00 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Oct 14 16:07:00 2010" }, "message": "Use one mutex per thread instead of a global syscall mutex\n\nThis will allow one thread to be blocked executing a locked syscall,\nsuch as sendmsg(), while another thread also executes a locked\nsyscall. However, none of the syscalls have been changed to allow\nthis yet; this will be done in a subsequent change.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dmake test all\n\nReview URL: http://codereview.chromium.org/3522010\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@135 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "56115cdb6cd11c1a39d070e12712c132ba777ac6", "tree": "09e1a1e85e6b1ca52cfdee8f51eb9400959d7329", "parents": [ "101b127d60bd05e4e2437be58c781c4cda81e942" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Oct 14 15:49:54 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Oct 14 15:49:54 2010" }, "message": "Change clone() to be an unlocked system call\n\nRemove the need to unlock syscall_mutex_ while handling clone().\n\nThis is in preparation for changing the sandbox to use one mutex per\nthread instead of one global mutex. If we kept clone()\u0027s unlocking\ncode and unlocked the parent thread\u0027s mutex, we would need to figure\nout what to do for the first thread, which has no parent. It is\nsimpler to remove the unlocking code instead.\n\nThis is safe because:\n\n * clone() does not need to be locked because the kernel does not read\n any of its arguments from memory.\n * For any clone() arguments the trusted thread reads, it checks the\n sequence number.\n * The trusted thread does not read from the secure memory area after\n its sendmsg() call, and the trusted process will not overwrite the\n secure memory area until it receives this message.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dmake test all\n\nReview URL: http://codereview.chromium.org/3613004\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@134 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "101b127d60bd05e4e2437be58c781c4cda81e942", "tree": "e21150258c6edbb42f1c533ba4615b8f5308ef29", "parents": [ "1096f786f3b0d7673e983142f91a290e17fd4608" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 06 17:20:11 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Oct 06 17:20:11 2010" }, "message": "Replace assert() with our own CHECK() macro(s). This means we no longer have\nto worry about assert() getting optimized away and the tests succeeding\nerroneously. It also gives us the ability to automatically print a little\nadditional information (such as expected vs. observed \"errno\" values).\n\nTEST\u003dmake test\nBUG\u003dnone\nReview URL: http://codereview.chromium.org/3444013\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@133 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "1096f786f3b0d7673e983142f91a290e17fd4608", "tree": "d213d506bc43fb33b3508ae40b61c6a63b6385c4", "parents": [ "14a467579514567b176a336af531f116df29dc76" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Oct 04 11:00:56 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Oct 04 11:00:56 2010" }, "message": "test_syscalls.cc: Fix use of futex() when waiting for thread\n\nFUTEX_WAIT will return EAGAIN if *tid_ptr !\u003d tid, though this is not\nmade clear on the man page. So change the code to handle the case\nwhere the thread has exited between the \"while\" check and the futex()\ncall. Otherwise, the test could be flaky.\n\nFound while working towards:\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dThis can be tested by inserting \"poll(0, 0, 500);\" before the\n futex() call. This affects test_clone and test_clone_preserves_registers.\n\nReview URL: http://codereview.chromium.org/3592005\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@132 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "14a467579514567b176a336af531f116df29dc76", "tree": "220414535f5dacf16e08d56e87b3ad5b02d98a3b", "parents": [ "8f2a57d56e06149cc2d59f0eb9ec0355868e3ebc" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Oct 03 18:08:47 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Oct 03 18:08:47 2010" }, "message": "Remove cloneFdPub from SecureMem::Args and use the global variable instead\n\nThis simplifies the code a little. The same file descriptor is used\nfor all the threads anyway.\n\nFound while working towards\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dmake test all\n\nReview URL: http://codereview.chromium.org/3618002\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@131 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "8f2a57d56e06149cc2d59f0eb9ec0355868e3ebc", "tree": "28463e7c73eb2b434c7aa47019b23e2e9a0811f9", "parents": [ "e8d89026cf8029180e413175d8861e066cfd4a75" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 22:09:36 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 22:09:36 2010" }, "message": "Always #include foo.h at the top of foo.cc\n\nThis convention should catch any header files that cannot be #included\non their own because they depend on something else being #included\nfirst.\n\nBUG\u003dnone\nTEST\u003dmake test all\n\nReview URL: http://codereview.chromium.org/3524008\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@130 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e8d89026cf8029180e413175d8861e066cfd4a75", "tree": "9a81ca2b60905a43bdbc12f0b7833e82df7186f5", "parents": [ "c8ef3573882a039b26491a8dcb56c49fcd56c00a" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 20:50:13 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 20:50:13 2010" }, "message": "Remove unused processFdPub from SecureMem::Args\n\nThe trusted thread does not use this file descriptor.\n\nFound while working towards:\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003dmake test\n\nReview URL: http://codereview.chromium.org/3599007\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@129 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "c8ef3573882a039b26491a8dcb56c49fcd56c00a", "tree": "22d185a4ca75cb741745869da7ee0e82cdffeecc", "parents": [ "2fa5feb750cb9461e6533abcc286370062506f29" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 16:10:35 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 16:10:35 2010" }, "message": "Whitespace fixes.\n\nBUG\u003dnone\nTEST\u003dnone\nReview URL: http://codereview.chromium.org/3602006\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@128 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "2fa5feb750cb9461e6533abcc286370062506f29", "tree": "f00d16a8b3d1829fe10722df83d178d4df89e2c6", "parents": [ "e686dd04a6510688d48584908d14670f2af6dd17" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 15:12:09 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 15:12:09 2010" }, "message": "Refactor the code used to communicate from the trusted process to the other\nparts of the sandbox. We are introducing a new ProcessRPCInfo object that\nencapsulates all the information needed to do this. In particular, we now\npass the actual system call number from the trusted process\u0027s mainloop to\nthe process_XXX() function. This information is read-only and thus a lot less\nlikely to accidentally be set incorrectly.\n\nThis fixes a security-relevant bug where an attacker could control the system\ncall number that we would send from the trusted process to the trusted thread.\n\nTEST\u003dmake test\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d6\nReview URL: http://codereview.chromium.org/3414016\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@127 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e686dd04a6510688d48584908d14670f2af6dd17", "tree": "84c0fba1714dab6e6a95ff347404b62629ac81b6", "parents": [ "fb8aeafe78f715be37c4fd69a035c3f0243b2847" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 15:12:01 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 15:12:01 2010" }, "message": "Make error messages look more like what the non-reference version of the code\nprints. This will be helpful whenever tests look for sandbox failure.\n\nAlso, out of general principle, make CPU registers \"unsigned long\". That\nmakes it less likely we accidentally introduce integer overflow problems.\n\nBUG\u003dnone\nTEST\u003dnone\nReview URL: http://codereview.chromium.org/3574004\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@126 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "fb8aeafe78f715be37c4fd69a035c3f0243b2847", "tree": "71fd7804bbbf26ce827afa1d519a5cdf80c65c0d", "parents": [ "090679e8ab55f109b4fbd0f2baa678a6a3d73545" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 08:37:03 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Oct 01 08:37:03 2010" }, "message": "Fix vulnerability in process_sigaction()\n\nThis fixes a bug in which the trusted process will forward an\nunchecked syscall number, received from an untrusted thread, for\nexecution by a trusted thread. Add a check for this syscall\nnumber.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d6\nTEST\u003dNone: Although we could write a test for this check, in the\n longer term we should probably refactor the message format to\n remove the duplicated syscall number.\n\nReview URL: http://codereview.chromium.org/3542001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@125 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "090679e8ab55f109b4fbd0f2baa678a6a3d73545", "tree": "cf86594dbb5bb8a51e2cb1c4c5bb1924e934adcb", "parents": [ "17c855402fad6dc6215d9a316b1f560a581ce636" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Sep 29 13:20:54 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Sep 29 13:20:54 2010" }, "message": "Fix hole that allows tampering with sendmsg() arguments\n\nEnsure that \"struct msghdr\" is stored in a page that is mapped as\nMAP_PRIVATE by reserving space in the executable/library\u0027s data\nsegment, which will be a protected mapping.\n\nBefore, the trusted thread used the stack provided by untrusted code,\nwhich could have been mapped with MAP_SHARED and so could be shared\nbetween the trusted fork()\u0027d helper process and the untrusted threads.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d3\nTEST\u003dNone: The bug involves a race condition which I haven\u0027t tried\n to exploit.\n\nReview URL: http://codereview.chromium.org/3532002\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@124 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "17c855402fad6dc6215d9a316b1f560a581ce636", "tree": "1589cb86cb407cf4153746926ded44a23e891fce", "parents": [ "3aa4435ca8d070526a7e6b6c7a8b40aa9967ee4b" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sat Sep 25 11:16:25 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sat Sep 25 11:16:25 2010" }, "message": "Trusted thread: Add error checks to all syscalls that should return zero\n\nOne reason for doing this is that a work-in-progress change I have for\nfixing http://code.google.com/p/seccompsandbox/issues/detail?id\u003d2 made\none of the mprotect() calls fail, but without making any of the tests\nfail. We should make sure that such mistakes are caught by the tests.\n\nReview URL: http://codereview.chromium.org/3384026\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@123 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "3aa4435ca8d070526a7e6b6c7a8b40aa9967ee4b", "tree": "1f6619aa854ce8d4c6b2eb0a06a40dd3631a1fe1", "parents": [ "3d3c71a76cfe0b4ca7f40f3b431c333e3c7217c3" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Sep 21 12:09:57 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Sep 21 12:09:57 2010" }, "message": "clone(): Copy registers across in untrusted code instead of trusted code\n\nCopy register values to restore into the signal stack frame early on,\nin sandbox_clone() (untrusted code). This means we don\u0027t need to\ninclude the register values in the message sent to the trusted\nprocess, and we don\u0027t need to copy them to and from the secure memory\narea.\n\nIn the trusted thread code, we no longer need to store the\nreturn-address-or-zero in %mm3 (i386) or %r15 (x86-64). The return\naddress is always in the signal stack frame, so we can remove two\nconditionals for the special case of the first thread.\n\nReview URL: http://codereview.chromium.org/3394009\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@122 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "3d3c71a76cfe0b4ca7f40f3b431c333e3c7217c3", "tree": "209160205d542ef5967549befb2e1d4a36ee9c2e", "parents": [ "ae977326b14f18dac4711255dd3788bb0baa6686" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 20 15:05:49 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 20 15:05:49 2010" }, "message": "Add test to check that clone() preserves registers\n\nThis is a bit of a hassle, because it requires an assembly code\nhelper, but it is an interesting exercise. In order to test this, we\ndump registers into global variables. I have split out some of\ntest_clone into separate functions.\n\nIt is useful because current glibc versions do not rely on most of the\nregisters being preserved (so this is otherwise untested), but glibc\ncould rely on this in future.\n\nAlso I would like to simplify the register preservation code later,\nand I want a test that ensures I don\u0027t break it.\n\nReview URL: http://codereview.chromium.org/3443010\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@121 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "ae977326b14f18dac4711255dd3788bb0baa6686", "tree": "886f7ba5d504dae7d7893f9b98256cbb58f1c9f1", "parents": [ "5a7a594a24f3bdccd104d8c3e441e18ce3dbfed1" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 16 09:57:06 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 16 09:57:06 2010" }, "message": "Add test for SysV shared memory\n\nBring reference_trusted_thread.cc more into line with the real\nimplementation in order to support this.\n\nReview URL: http://codereview.chromium.org/3404004\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@120 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "5a7a594a24f3bdccd104d8c3e441e18ce3dbfed1", "tree": "0280d6c02372ec35a673dcfb8d13bfe9ee963404", "parents": [ "8dd41968fec1de17eec184b4b9e26e446c3fbc17" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Sep 15 16:17:47 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Sep 15 16:17:47 2010" }, "message": "Because of the way how we build our test applications, we can get name\ncollisions between system headers and local headers. Renaming syscall.h to\nsyscall_entrypoint.h avoids this problems and fixes a problem building the\nsandbox as part of Chrome.\n\nTEST\u003dmake chrome\nBUG\u003dnone\n\nReview URL: http://codereview.chromium.org/3392001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@119 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "8dd41968fec1de17eec184b4b9e26e446c3fbc17", "tree": "7730adc23a218aa3ded9796eeac5ad7cc209fbad", "parents": [ "0e83ce326436189677054ddeac8a8c6d3f9df603" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 22:14:00 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 22:14:00 2010" }, "message": "clone(): Rename arguments that were only named correctly for x86-64\n\nThe meaning of arguments 4 and 5 is swapped between i386 and x86-64.\nBefore, the variables were named after the x86-64 meanings. Rename\nthem to the more generic \"arg4\" and \"arg5\" so that the names cannot be\nmisleading. The arguments are not interpreted by the sandbox anyway.\n\nReview URL: http://codereview.chromium.org/3369013\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@118 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "0e83ce326436189677054ddeac8a8c6d3f9df603", "tree": "52475032246118f75882e88e8109887d87ef0fe4", "parents": [ "31b20dd33be5e165392cbc43f6f2d3c88677d830" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 22:00:41 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 22:00:41 2010" }, "message": "reference_trusted_thread.cc: Get clone() args from argN instead of saved regs\n\nThis brings reference_trusted_thread.cc more into line with the real\nimplementation.\n\nAlso make it clearer that the clone syscall\u0027s arguments are ordered\ndifferently on i386 and x86-64.\n\nReview URL: http://codereview.chromium.org/3295029\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@117 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "31b20dd33be5e165392cbc43f6f2d3c88677d830", "tree": "b0ac57cc90ef5a6df08ef1d61d14ffd263aea5e0", "parents": [ "d62e08b9ffe1383d78c9919c5da2cf7345574132" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 21:57:51 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 21:57:51 2010" }, "message": "Use __NR_* symbols in .S files instead of hard-coded constants\n\nNow that the trusted thread code has been moved to .S files from\ninline assembly, we can use preprocessor features. Reducing the\nnumber of hard-coded constants should make the assembly code easier to\nread and maintain.\n\nBUG\u003dnone\nTEST\u003dCheck that the disassembled code has not changed\n\nReview URL: http://codereview.chromium.org/3330022\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@116 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "d62e08b9ffe1383d78c9919c5da2cf7345574132", "tree": "2d6b715350e9b33c57419d35d6eb85ff0b4ee7cb", "parents": [ "c41e81ae535cad3a4d082d01c9c43800ebe85e8c" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 19:11:59 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 13 19:11:59 2010" }, "message": "A few small changes that are needed in order to build with very recent\nreleases of gcc.\nReview URL: http://codereview.chromium.org/3338020\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@115 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "c41e81ae535cad3a4d082d01c9c43800ebe85e8c", "tree": "38267ef2b373525dee69b3a668a7dc25a0fe9994", "parents": [ "b8a7dd86dd6f229423a2eee4eed004c8b4fdc1a3" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Sep 12 22:37:55 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Sep 12 22:37:55 2010" }, "message": "reference_trusted_thread.cc: Use sigreturn to return from clone()\n\nThis brings reference_trusted_thread.cc into line with the real\nimplementation.\n\nIt also fixes a race condition, in which HandleNewThread() would read\nthe parent thread\u0027s secureMem after the parent thread could have\nexited and marked the secureMem as unreadable.\n\nReview URL: http://codereview.chromium.org/3302023\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@114 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "b8a7dd86dd6f229423a2eee4eed004c8b4fdc1a3", "tree": "cc711c508fba9d2869580fd3eb85f6a99612f5d1", "parents": [ "8949f5a2bc1143472bb86a96f8027f147e3e7f37" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Sep 12 22:32:05 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Sep 12 22:32:05 2010" }, "message": "Fix use of non-null-terminated strings in debug messages\n\nAdd explicit size argument.\n\nBUG\u003dnone\nTEST\u003dLook at \"Denying access\" messages in the output from\n \"env SECCOMP_SANDBOX_DEBUGGING\u003d1 ./run_tests_32\"\n\nReview URL: http://codereview.chromium.org/3348020\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@113 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "8949f5a2bc1143472bb86a96f8027f147e3e7f37", "tree": "7deafd89bfdcc55fc663d398831a9283257d9a6f", "parents": [ "32fc59ad8644bb7ae12e373a448f94c3e59aa090" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Sep 12 22:30:37 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Sun Sep 12 22:30:37 2010" }, "message": "Rename label 25 to \"fatal_error\" to improve readability\n\nThis is the most commonly referenced label.\n\nReview URL: http://codereview.chromium.org/3307023\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@112 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "32fc59ad8644bb7ae12e373a448f94c3e59aa090", "tree": "e81603ccc21a2f21d69e246dfa8f657ae94587b5", "parents": [ "2c8abceffc577c1852a441bd91e3ce9642faee65" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 10 16:59:26 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 10 16:59:26 2010" }, "message": "Remove some more dependency files from \"make clean\" that had previously been\nleft behind.\n\nBUG\u003dnone\nTEST\u003dnone\nReview URL: http://codereview.chromium.org/3322019\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@111 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "2c8abceffc577c1852a441bd91e3ce9642faee65", "tree": "c8c506cac34dfce98665a51dd116d415a58d8749", "parents": [ "5fd25714016db8d274ff6eecd5c27e7d1d309d12" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 10 15:42:44 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 10 15:42:44 2010" }, "message": "- push a fake return address and set a magic framepointer whenever\n we intercept system calls. This can later be used by breakpad to\n clean up the stack that it records in crash dumps.\n\n- set up a system call function pointer that can be used by\n linux_syscall_support.h when making system calls. This is needed so\n that we properly intercept and wrap system calls directly embedded in\n the application.\n\nBUG\u003d37728\nTEST\u003dmake test\nReview URL: http://codereview.chromium.org/3305013\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@110 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "5fd25714016db8d274ff6eecd5c27e7d1d309d12", "tree": "96c487a01de00ddc96a3b9e325657a569173ea04", "parents": [ "bd03d4a983e1daf83cbf8462f16bd03bd60ef0bd" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 10 15:41:56 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 10 15:41:56 2010" }, "message": "Fix newlines in string literals in the assembly code\n\nThe backslashes got converted incorrectly when I moved the assembly to\n.S files.\n\nTEST\u003dCheck the warning messages produced by\n \"env SECCOMP_SANDBOX_DEBUGGING\u003d1 ./run_tests_32\"\n\nReview URL: http://codereview.chromium.org/3357027\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@109 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "bd03d4a983e1daf83cbf8462f16bd03bd60ef0bd", "tree": "bdd2514a66d97c3ef498caaf1fb067eeecb541da", "parents": [ "dc034fe46386ae0a45382a454870730ebc616901" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 18:51:02 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 18:51:02 2010" }, "message": "Fix segfault in reference_trusted_thread.cc\u0027s __NR_exit handler\n\nThis fixes a test failure that was introduced in r104. Because\ntest_thread and test_clone contain a race condition, the failure only\noccurred on some kernel versions (Ubuntu Lucid but not Ubuntu Hardy).\nThe failure was hidden when the first thread calls __NR_exit_group\nbefore the second trusted thread\u0027s __NR_exit handler completed.\n\nThe bug was that we were reading memory (with memcpy()) that we had\nmade unreadable with mprotect()/PROT_NONE.\n\nFix by bringing reference_trusted_thread.cc into line with the real\nimplementation. Copy the register data before checking the syscall\nnumber. Also check the sequence number twice.\n\nReview URL: http://codereview.chromium.org/3358021\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@108 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "dc034fe46386ae0a45382a454870730ebc616901", "tree": "24aa1cb742d2d9f5c8017620d11a190e9dc7a005", "parents": [ "a7d7cf34855a49ebe43dcdcfb5256020069968c2" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 17:28:48 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 17:28:48 2010" }, "message": "Enable support for injecting code into \"long NOPs\". The gas assembler generates\nthese instructions when asked to align the .text segment.\n\nBUG\u003dnone\nTEST\u003dnone\nReview URL: http://codereview.chromium.org/3311020\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@107 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "a7d7cf34855a49ebe43dcdcfb5256020069968c2", "tree": "be8fbf2d18650e659f8570ba381fc4ab3f481a43", "parents": [ "5fd350df0e49d75009c6b49b3b5c01abd7000a37" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 17:27:31 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 17:27:31 2010" }, "message": "Minor fixes and cleanups:\n\n- allow file accesses when running \"make demo\"\n\n- mark a returned string as \"const\". That fixes a compiler warning on some\n compilers, telling us not to use a string after it has gone out of scope.\n\nBUG\u003dnone\nTEST\u003dmake demo\nReview URL: http://codereview.chromium.org/3298022\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@106 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "5fd350df0e49d75009c6b49b3b5c01abd7000a37", "tree": "f2e24e5ea004755ae076b1a36159b716765bdd08", "parents": [ "a7d49cd8948579d63243bfcab8053b168d1d14d2" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 17:14:47 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 09 17:14:47 2010" }, "message": "Make patchSystemCallsInFunction static. This allows it to be called without\na particular reference to a library, which is useful if we want to patch\nlocations in DSOs other than the small number of well-known system libraries.\n\nBUG\u003dnone\nTEST\u003dnone\nReview URL: http://codereview.chromium.org/3312016\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@105 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "a7d49cd8948579d63243bfcab8053b168d1d14d2", "tree": "e76ea74ff274d1d6281705e92824a58c3620a71d", "parents": [ "3883b498fe561af94a74f3a761a1f315c945bad9" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Sep 07 21:20:11 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Tue Sep 07 21:20:11 2010" }, "message": "Bring reference_trusted_thread.cc into line with real implementation\n\nOnly unlock syscall_mutex_ once the syscall has completed. The\nexception is __NR_exit, since obviously we are not running after\nexecuting this syscall.\n\nAdd missing mprotect() call in __NR_exit handler.\n\nBUG\u003dhttp://code.google.com/p/seccompsandbox/issues/detail?id\u003d2\nTEST\u003d\"make test\"\n\nReview URL: http://codereview.chromium.org/3367015\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@104 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "3883b498fe561af94a74f3a761a1f315c945bad9", "tree": "b2ebbc96bbf7d2a9814f749d2e6ebdc141bb00f5", "parents": [ "3c0785e13aaa5464777a3bf5f179980221786440" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 19:05:56 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 19:05:56 2010" }, "message": "Bring linux_syscall_support.h up-to-date and add a feature to optionally\njump to a helper function instead of invoking int0x80/syscall. The latter\nis needed when the running inside of the seccomp sandbox.\n\nTEST\u003ddepends on other changelists\nBUG\u003d37728\nReview URL: http://codereview.chromium.org/3347010\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@103 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "3c0785e13aaa5464777a3bf5f179980221786440", "tree": "61fbf2a42f5e21bb5872c9b1650cd6df57d12666", "parents": [ "6d3f586fbf0b9111838a1baa2eb33e68130beb07" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 16:08:41 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 16:08:41 2010" }, "message": "Fix test_prctl so that it does not leave behind a stopped process\n\nThe stuck process means that running tests over ssh causes ssh to hang\nwhen the tests are finished, because ssh never gets EOF from stdout.\n\nThe problem was apparently that PTRACE_KILL does not kill the\nsubprocess unless you have cleared the wait status queue for the\nsubprocess first.\n\nReview URL: http://codereview.chromium.org/3363006\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@102 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "6d3f586fbf0b9111838a1baa2eb33e68130beb07", "tree": "8007bf430b5b5752419d531b7f556ef96e67f063", "parents": [ "21c0975a4e0bc5b6ca435bf0c2996367def722b7" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 16:04:41 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 16:04:41 2010" }, "message": "Add DEPFLAGS to makefile in places missed before\n\nThis means changes to sandbox_impl.h will correctly cause\nsyscall_table.c to be rebuilt.\n\nAlso remove HEADERS references in places where a merge re-introduced them.\n\nReview URL: http://codereview.chromium.org/3290010\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@101 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "21c0975a4e0bc5b6ca435bf0c2996367def722b7", "tree": "6bfd93db57cd34c0f31c37993da702b679d89abb", "parents": [ "9ad1154b7f19dba61f73cc2f68d0794a50b6e5f8" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 09:51:48 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 09:51:48 2010" }, "message": "Split trusted_thread.cc\u0027s asm code into .S files, part 2 of 2\n\nFix up the code in the .S files to be callable as functions.\nAdd these files to the makefile.\n\nWe put the arch-specific conditionals into a .S file to avoid having\nto put this logic into multiple build systems (the makefile and Gyp).\n\nRemove the original copy of the code in trusted_thread.cc.\nRemove the throwaway extraction script.\n\nReview URL: http://codereview.chromium.org/1796007\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@100 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "9ad1154b7f19dba61f73cc2f68d0794a50b6e5f8", "tree": "92535c85d6264fc2552942b71417b6d52665fa5d", "parents": [ "e5e4a7de26180a35b13f3bc7b16eb5d0d68233ef" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 09:49:41 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 09:49:41 2010" }, "message": "Split trusted_thread.cc\u0027s asm code into .S files, part 1 of 2\n\nThis is the first step in extracting the i386/x86-64 assembly code in\ntrusted_thread.cc into separate .S files.\n\nWe add the new .S files containing semi-automatically-extracted code,\nwith the asm()-quotes removed and register names converted. These\nfiles will be made functional in the next commit. We include the\nscript that performed the extraction, as well as changes to\ntrusted_thread.cc that helped with the extraction.\n\nReview URL: http://codereview.chromium.org/1795012\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@99 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "e5e4a7de26180a35b13f3bc7b16eb5d0d68233ef", "tree": "b052a6b1b7ae61539c1f3c3ab7531a61a67acb93", "parents": [ "a1212eb16151c1163e982e82b895f4ff6862893f" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 09:38:33 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Sep 06 09:38:33 2010" }, "message": "Add a codereview.settings file\n\nThis means reviews will go to the right place by default when using\ngcl/git-cl, and reviews will be updated with a ViewVC URL on commit.\n\nReview URL: http://codereview.chromium.org/3322008\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@98 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "a1212eb16151c1163e982e82b895f4ff6862893f", "tree": "e5c54a6a7b2d36b1afc67431ef8055742d5dbbd8", "parents": [ "dc367e328a80e071e8dc991d31d734abed0960f0" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 03 16:57:53 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Sep 03 16:57:53 2010" }, "message": "Add #include dependency tracking to the makefile\n\nThis ensures that header file changes trigger recompiles. I noticed\nthat HEADERS was intended to do this but wasn\u0027t set right. Use gcc\u0027s\n-M options because they are more general: This will work if we use\n#ifdefs to choose arch-specific .S files in a later change.\n\nReview URL: http://codereview.chromium.org/3346007\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@97 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "dc367e328a80e071e8dc991d31d734abed0960f0", "tree": "8b7853499a6f12ceee01daf6b00d672b82e07b25", "parents": [ "d2106bca63387358647d99bce3a1590f150f5794" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 22:10:28 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 22:10:28 2010" }, "message": "Libc usually enforces alignment on the arguments for socket system calls. We\ndidn\u0027t used to do this. It is unclear whether the kernel requires the alignment\nbut it doesn\u0027t hurt to do so.\n\nBUG\u003d37728\nTEST\u003dnone\nReview URL: http://codereview.chromium.org/3340009\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@96 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "d2106bca63387358647d99bce3a1590f150f5794", "tree": "2e29c3fe172acaed58f0ae02b04c3ae2b467033f", "parents": [ "f109d21e0b7bd87344169d22ce0e406e2e882bd8" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 22:08:17 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 22:08:17 2010" }, "message": "Add support for prctl(PR_SETDUMPABLE) and a few other benign system calls.\n\nBUG\u003d37728\nTEST\u003drun_tests_{32,64} test_prctl\n\nReview URL: http://codereview.chromium.org/3293008\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@95 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "f109d21e0b7bd87344169d22ce0e406e2e882bd8", "tree": "1d55b119ddb0c81a60e11e53944cd87bfe85ece6", "parents": [ "7e19695cb05bd974d199a36f3bf59b2a0dd56bf9" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 21:17:12 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 21:17:12 2010" }, "message": "Add missing -m64 arguments to makefile\n\nBefore this change, doing \"make test\" on a 32-bit system fails when\nbuilding the tests rather than when running them, with the unexpected\nerror:\n\n/usr/bin/ld: i386 architecture of input file `allocator.o64\u0027 is\nincompatible with i386:x86-64 output\n\nReview URL: http://codereview.chromium.org/3342008\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@94 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "7e19695cb05bd974d199a36f3bf59b2a0dd56bf9", "tree": "1924588219cdae04ec2db518277d55fda9bf44d7", "parents": [ "ded27193ce9d46e77d6cddda36af7bedae8cae4d" ], "author": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 20:37:43 2010" }, "committer": { "name": "zodiac@gmail.com", "email": "zodiac@gmail.com@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Thu Sep 02 20:37:43 2010" }, "message": "Properly initialize segment registers. This fixes a problem with debug messages\nnot being available in x86-32 and instead causing a crash.\n\nTEST\u003drun_tests_32 test_debugging\nBUG\u003d37728\nReview URL: http://codereview.chromium.org/3344003\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@93 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "ded27193ce9d46e77d6cddda36af7bedae8cae4d", "tree": "a34384c040b3c8e22c2b118a6ca621b5fc0386af", "parents": [ "1f7d10e176e79fef6275ade0836cfe7487d8b1a9" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Sep 01 14:12:28 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Wed Sep 01 14:12:28 2010" }, "message": "Factor out duplicated syscall forwarding logic\n\nIntroduce \"struct RequestHeader\" and forwardSyscall() for sending\nsyscalls to the trusted process for execution and for receiving the\nresult.\n\nReview URL: http://codereview.chromium.org/3259007\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@92 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "1f7d10e176e79fef6275ade0836cfe7487d8b1a9", "tree": "978c30a93ea5c7869c5c87650da5152677ea305c", "parents": [ "29f8d634375bc853173ad110e11a6fc3bcb1a6db" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Aug 30 18:11:09 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Mon Aug 30 18:11:09 2010" }, "message": "Link reference_trusted_thread.cc only into the tests\n\nThis file is only for testing purposes, so we stop linking it into the\nmain seccomp-sandbox library. To avoid using an #if, we now enable\nreference_trusted_thread.cc via dependency injection.\n\nIn order for createTrustedThread() to have the same type as its\ntesting counterpart, we remove the two FD arguments and get them via\nthe existing global variables instead.\n\nReview URL: http://codereview.chromium.org/3287001\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@91 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" }, { "commit": "29f8d634375bc853173ad110e11a6fc3bcb1a6db", "tree": "3c48338efc009edf66bf7ed87ab3147a0d6731ab", "parents": [ "6830f65e1feb62f29fde32fa00668ac948e45be8" ], "author": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Aug 27 23:12:59 2010" }, "committer": { "name": "mseaborn@chromium.org", "email": "mseaborn@chromium.org@55e79e8e-603c-11de-8c10-5fe6993ea61f", "time": "Fri Aug 27 23:12:59 2010" }, "message": "Add Gyp rules for building the test suite\n\nThis is from Chromium commit r48043.\n\nAlso add a missing source file to seccomp.gyp so that the test builds.\n\nThis does not include an action for running the tests, since having\nsuch an action is not common in Chromium\u0027s Gyp build.\n\nBUG\u003dnone\nTEST\u003dseccomp_tests Gyp target\n\nReview URL: http://codereview.chromium.org/3264002\n\ngit-svn-id: http://seccompsandbox.googlecode.com/svn/trunk@90 55e79e8e-603c-11de-8c10-5fe6993ea61f\n" } ], "next": "6830f65e1feb62f29fde32fa00668ac948e45be8" }