libseccomp: add ppc support

backport ppc patches

Signed-off-by: Armin Kuster <akuster808@gmail.com>

recipes-security/libseccomp/files/0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch

@@ -0,0 +1,128 @@
+From 70c69945bf0da09baec2e109ba19b883de4d0e80 Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Fri, 26 Sep 2014 12:06:18 -0400
+Subject: [PATCH 02/11] arch: add the basic initial support for ppc64 to the
+ arch-dependent code
+
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ src/arch.c                | 21 +++++++++++++++++++++
+ src/python/libseccomp.pxd |  2 ++
+ src/python/seccomp.pyx    |  7 +++++++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/src/arch.c b/src/arch.c
+index e29b579..64fc1d1 100644
+--- a/src/arch.c
++++ b/src/arch.c
+@@ -38,6 +38,7 @@
+ #include "arch-mips.h"
+ #include "arch-mips64.h"
+ #include "arch-mips64n32.h"
++#include "arch-ppc64.h"
+ #include "system.h"
+ 
+ #define default_arg_count_max		6
+@@ -74,6 +75,12 @@ const struct arch_def *arch_def_native = &arch_def_mips64n32;
+ #elif __MIPSEL__
+ const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
+ #endif /* _MIPS_SIM_NABI32 */
++#elif __PPC64__
++#ifdef __BIG_ENDIAN__
++const struct arch_def *arch_def_native = &arch_def_ppc64;
++#else
++const struct arch_def *arch_def_native = &arch_def_ppc64le;
++#endif
+ #else
+ #error the arch code needs to know about your machine type
+ #endif /* machine type guess */
+@@ -122,6 +129,10 @@ const struct arch_def *arch_def_lookup(uint32_t token)
+ 		return &arch_def_mips64n32;
+ 	case SCMP_ARCH_MIPSEL64N32:
+ 		return &arch_def_mipsel64n32;
++	case SCMP_ARCH_PPC64:
++		return &arch_def_ppc64;
++	case SCMP_ARCH_PPC64LE:
++		return &arch_def_ppc64le;
+ 	}
+ 
+ 	return NULL;
+@@ -158,6 +169,10 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
+ 		return &arch_def_mips64n32;
+ 	else if (strcmp(arch_name, "mipsel64n32") == 0)
+ 		return &arch_def_mipsel64n32;
++	else if (strcmp(arch_name, "ppc64") == 0)
++		return &arch_def_ppc64;
++	else if (strcmp(arch_name, "ppc64le") == 0)
++		return &arch_def_ppc64le;
+ 
+ 	return NULL;
+ }
+@@ -276,6 +291,9 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
+ 	case SCMP_ARCH_MIPS64N32:
+ 	case SCMP_ARCH_MIPSEL64N32:
+ 		return mips64n32_syscall_resolve_name(name);
++	case SCMP_ARCH_PPC64:
++	case SCMP_ARCH_PPC64LE:
++		return ppc64_syscall_resolve_name(name);
+ 	}
+ 
+ 	return __NR_SCMP_ERROR;
+@@ -313,6 +331,9 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
+ 	case SCMP_ARCH_MIPS64N32:
+ 	case SCMP_ARCH_MIPSEL64N32:
+ 		return mips64n32_syscall_resolve_num(num);
++	case SCMP_ARCH_PPC64:
++	case SCMP_ARCH_PPC64LE:
++		return ppc64_syscall_resolve_num(num);
+ 	}
+ 
+ 	return NULL;
+diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
+index 2b50f3f..a546550 100644
+--- a/src/python/libseccomp.pxd
++++ b/src/python/libseccomp.pxd
+@@ -38,6 +38,8 @@ cdef extern from "seccomp.h":
+         SCMP_ARCH_MIPSEL
+         SCMP_ARCH_MIPSEL64
+         SCMP_ARCH_MIPSEL64N32
++        SCMP_ARCH_PPC64
++        SCMP_ARCH_PPC64LE
+ 
+     cdef enum scmp_filter_attr:
+         SCMP_FLTATR_ACT_DEFAULT
+diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
+index d2f7c90..f30a0b6 100644
+--- a/src/python/seccomp.pyx
++++ b/src/python/seccomp.pyx
+@@ -147,6 +147,7 @@ cdef class Arch:
+     MIPSEL - MIPS little endian O32 ABI
+     MIPSEL64 - MIPS little endian 64-bit ABI
+     MIPSEL64N32 - MIPS little endian N32 ABI
++    PPC64 - 64-bit PowerPC
+     """
+ 
+     cdef int _token
+@@ -163,6 +164,8 @@ cdef class Arch:
+     MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
+     MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
+     MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
++    PPC64 = libseccomp.SCMP_ARCH_PPC64
++    PPC64 = libseccomp.SCMP_ARCH_PPC64LE
+ 
+     def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
+         """ Initialize the architecture object.
+@@ -198,6 +201,10 @@ cdef class Arch:
+                 self._token = libseccomp.SCMP_ARCH_MIPSEL64
+             elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
+                 self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
++            elif arch == libseccomp.SCMP_ARCH_PPC64:
++                self._token = libseccomp.SCMP_ARCH_PPC64
++            elif arch == libseccomp.SCMP_ARCH_PPC64LE:
++                self._token = libseccomp.SCMP_ARCH_PPC64LE
+             else:
+                 self._token = 0;
+         elif isinstance(arch, basestring):
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0003-tools-add-ppc64-support.patch

@@ -0,0 +1,80 @@
+From 21e74cf80be3d55fdfa5600bc99f284b19f75b01 Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Fri, 26 Sep 2014 12:50:40 -0400
+Subject: [PATCH 03/11] tools: add ppc64 support
+
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ tools/scmp_arch_detect.c | 6 ++++++
+ tools/scmp_bpf_disasm.c  | 4 ++++
+ tools/scmp_bpf_sim.c     | 4 ++++
+ tools/util.c             | 6 ++++++
+ 4 files changed, 20 insertions(+)
+
+diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
+index 5a87252..d23d2ec 100644
+--- a/tools/scmp_arch_detect.c
++++ b/tools/scmp_arch_detect.c
+@@ -99,6 +99,12 @@ int main(int argc, char *argv[])
+ 		case SCMP_ARCH_MIPSEL64N32:
+ 			printf("mipsel64n32\n");
+ 			break;
++		case SCMP_ARCH_PPC64:
++			printf("ppc64\n");
++			break;
++		case SCMP_ARCH_PPC64LE:
++			printf("ppc64le\n");
++			break;
+ 		default:
+ 			printf("unknown\n");
+ 		}
+diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
+index 349b8a8..9199e17 100644
+--- a/tools/scmp_bpf_disasm.c
++++ b/tools/scmp_bpf_disasm.c
+@@ -334,6 +334,10 @@ int main(int argc, char *argv[])
+ 				arch = AUDIT_ARCH_MIPS64N32;
+ 			else if (strcmp(optarg, "mipsel64n32") == 0)
+ 				arch = AUDIT_ARCH_MIPSEL64N32;
++			else if (strcmp(optarg, "ppc64") == 0)
++				arch = AUDIT_ARCH_PPC64;
++			else if (strcmp(optarg, "ppc64le") == 0)
++				arch = AUDIT_ARCH_PPC64LE;
+ 			else
+ 				exit_usage(argv[0]);
+ 			break;
+diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
+index bb3a2e7..d3e439f 100644
+--- a/tools/scmp_bpf_sim.c
++++ b/tools/scmp_bpf_sim.c
+@@ -249,6 +249,10 @@ int main(int argc, char *argv[])
+ 				arch = AUDIT_ARCH_MIPS64N32;
+ 			else if (strcmp(optarg, "mipsel64n32") == 0)
+ 				arch = AUDIT_ARCH_MIPSEL64N32;
++			else if (strcmp(optarg, "ppc64") == 0)
++				arch = AUDIT_ARCH_PPC64;
++			else if (strcmp(optarg, "ppc64le") == 0)
++				arch = AUDIT_ARCH_PPC64LE;
+ 			else
+ 				exit_fault(EINVAL);
+ 			break;
+diff --git a/tools/util.c b/tools/util.c
+index 9b58bbb..f998009 100644
+--- a/tools/util.c
++++ b/tools/util.c
+@@ -62,6 +62,12 @@
+ #elif __MIPSEL__
+ #define ARCH_NATIVE		AUDIT_ARCH_MIPSEL64N32
+ #endif /* _MIPS_SIM_NABI32 */
++#elif __PPC64__
++#ifdef __BIG_ENDIAN__
++#define ARCH_NATIVE		AUDIT_ARCH_PPC64
++#else
++#define ARCH_NATIVE		AUDIT_ARCH_PPC64LE
++#endif
+ #else
+ #error the simulator code needs to know about your machine type
+ #endif
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0004-tests-add-ppc64-support-to-the-regression-tests.patch

@@ -0,0 +1,118 @@
+From e7deb140a59c1ca3c4eed5967ba288464f077944 Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Fri, 26 Sep 2014 13:14:12 -0400
+Subject: [PATCH 04/11] tests: add ppc64 support to the regression tests
+
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ tests/16-sim-arch_basic.c         |  3 +++
+ tests/16-sim-arch_basic.py        |  1 +
+ tests/23-sim-arch_all_le_basic.c  |  3 +++
+ tests/23-sim-arch_all_le_basic.py |  1 +
+ tests/26-sim-arch_all_be_basic.c  |  3 +++
+ tests/26-sim-arch_all_be_basic.py |  1 +
+ tests/regression                  | 10 ++++++++--
+ 7 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
+index 9771913..09df44b 100644
+--- a/tests/16-sim-arch_basic.c
++++ b/tests/16-sim-arch_basic.c
+@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
+ 	rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
+ 	if (rc != 0)
+ 		goto out;
++	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
++	if (rc != 0)
++		goto out;
+ 
+ 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
+ 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
+diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
+index 57a5ac3..d9e1939 100755
+--- a/tests/16-sim-arch_basic.py
++++ b/tests/16-sim-arch_basic.py
+@@ -39,6 +39,7 @@ def test(args):
+     f.add_arch(Arch("mipsel"))
+     f.add_arch(Arch("mipsel64"))
+     f.add_arch(Arch("mipsel64n32"))
++    f.add_arch(Arch("ppc64le"))
+     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
+diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
+index eeb8556..9f67ed6 100644
+--- a/tests/23-sim-arch_all_le_basic.c
++++ b/tests/23-sim-arch_all_le_basic.c
+@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
+ 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
+ 	if (rc != 0)
+ 		goto out;
++	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
++	if (rc != 0)
++		goto out;
+ 
+ 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
+ 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
+diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
+index 36ab139..212ff50 100755
+--- a/tests/23-sim-arch_all_le_basic.py
++++ b/tests/23-sim-arch_all_le_basic.py
+@@ -39,6 +39,7 @@ def test(args):
+     f.add_arch(Arch("mipsel"))
+     f.add_arch(Arch("mipsel64"))
+     f.add_arch(Arch("mipsel64n32"))
++    f.add_arch(Arch("ppc64le"))
+     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
+diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
+index a951b3c..1a44525 100644
+--- a/tests/26-sim-arch_all_be_basic.c
++++ b/tests/26-sim-arch_all_be_basic.c
+@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
+ 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
+ 	if (rc != 0)
+ 		goto out;
++	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
++	if (rc != 0)
++		goto out;
+ 
+ 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
+ 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
+diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
+index 1347406..cba2dea 100755
+--- a/tests/26-sim-arch_all_be_basic.py
++++ b/tests/26-sim-arch_all_be_basic.py
+@@ -33,6 +33,7 @@ def test(args):
+     f.add_arch(Arch("mips"))
+     f.add_arch(Arch("mips64"))
+     f.add_arch(Arch("mips64n32"))
++    f.add_arch(Arch("ppc64"))
+     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
+diff --git a/tests/regression b/tests/regression
+index 428bdf2..3ab6171 100755
+--- a/tests/regression
++++ b/tests/regression
+@@ -21,8 +21,14 @@
+ # along with this library; if not, see <http://www.gnu.org/licenses>.
+ #
+ 
+-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
+-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
++GLBL_ARCH_LE_SUPPORT=" \
++	x86 x86_64 x32 \
++	arm aarch64 \
++	mipsel mipsel64 mipsel64n32 \
++	ppc64le"
++GLBL_ARCH_BE_SUPPORT=" \
++	mips mips64 mips64n32 \
++	ppc64"
+ 
+ GLBL_SYS_ARCH="../tools/scmp_arch_detect"
+ GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0005-tests-add-ppc64-support-to-the-regression-live-tests.patch

@@ -0,0 +1,34 @@
+From eb47c3f501ebbf9e3b218bb2432d5bdadc04dce1 Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Tue, 10 Feb 2015 11:08:12 +0000
+Subject: [PATCH 05/11] tests: add ppc64 support to the regression live tests
+
+Otherwise The live tests will fail with
+
+"ERROR arch ppc64 not supported"
+
+Send against the working-ppc64 branch.
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+[PM: added ppc64le]
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ tests/regression | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/regression b/tests/regression
+index 3ab6171..eeb6cfb 100755
+--- a/tests/regression
++++ b/tests/regression
+@@ -673,7 +673,7 @@ function run_test_live() {
+ 
+ 	# setup the arch specific return values
+ 	case "$arch" in
+-	x86|x86_64|x32|arm|aarch64)
++	x86|x86_64|x32|arm|aarch64|ppc64|ppc64le)
+ 		rc_kill=159
+ 		rc_allow=160
+ 		rc_trap=161
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch

@@ -0,0 +1,148 @@
+From 75d3aa041dc3c8214610e44d317703c055e5e055 Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Tue, 10 Feb 2015 14:22:07 -0500
+Subject: [PATCH 06/11] ppc64: correct the ppc64 syscall table and validation
+ script
+
+We didn't correctly take into account the __powerpc64__ define when
+generating the ppc64 syscall table.  This patch also updates the
+syscall table to match Linux v3.19.
+
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ src/arch-ppc64-syscalls.c | 26 ++++++++++++++------------
+ src/arch-syscall-validate |  2 +-
+ 2 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
+index 5dfb367..1c2a1df 100644
+--- a/src/arch-ppc64-syscalls.c
++++ b/src/arch-ppc64-syscalls.c
+@@ -27,7 +27,7 @@
+ #include "arch.h"
+ #include "arch-ppc64.h"
+ 
+-/* NOTE: based on Linux 3.17-rc6+ */
++/* NOTE: based on Linux 3.19 */
+ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "_llseek", 140 },
+ 	{ "_newselect", 142 },
+@@ -45,6 +45,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "arch_prctl", __PNR_arch_prctl },
+ 	{ "bdflush", 134 },
+ 	{ "bind", 327 },
++	{ "bpf", 361 },
+ 	{ "break", 17 },
+ 	{ "brk", 45 },
+ 	{ "cachectl", __PNR_cachectl },
+@@ -80,11 +81,12 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "eventfd", 307 },
+ 	{ "eventfd2", 314 },
+ 	{ "execve", 11 },
++	{ "execveat", 362 },
+ 	{ "exit", 1 },
+ 	{ "exit_group", 234 },
+ 	{ "faccessat", 298 },
+ 	{ "fadvise64", 233 },
+-	{ "fadvise64_64", 254 },
++	{ "fadvise64_64", __PNR_fadvise64_64 },
+ 	{ "fallocate", 309 },
+ 	{ "fanotify_init", 323 },
+ 	{ "fanotify_mark", 324 },
+@@ -95,7 +97,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "fchown32", __PNR_fchown32 },
+ 	{ "fchownat", 289 },
+ 	{ "fcntl", 55 },
+-	{ "fcntl64", 204 },
++	{ "fcntl64", __PNR_fcntl64 },
+ 	{ "fdatasync", 148 },
+ 	{ "fgetxattr", 214 },
+ 	{ "finit_module", 353 },
+@@ -105,14 +107,14 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "fremovexattr", 220 },
+ 	{ "fsetxattr", 211 },
+ 	{ "fstat", 108 },
+-	{ "fstat64", 197 },
+-	{ "fstatat64", 291 },
++	{ "fstat64", __PNR_fstat64 },
++	{ "fstatat64", __PNR_fstatat64 },
+ 	{ "fstatfs", 100 },
+ 	{ "fstatfs64", 253 },
+ 	{ "fsync", 118 },
+ 	{ "ftime", 35 },
+ 	{ "ftruncate", 93 },
+-	{ "ftruncate64", 194 },
++	{ "ftruncate64", __PNR_ftruncate64 },
+ 	{ "futex", 221 },
+ 	{ "futimesat", 290 },
+ 	{ "get_kernel_syms", 130 },
+@@ -191,7 +193,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "lseek", 19 },
+ 	{ "lsetxattr", 210 },
+ 	{ "lstat", 107 },
+-	{ "lstat64", 196 },
++	{ "lstat64", __PNR_lstat64 },
+ 	{ "madvise", 205 },
+ 	{ "mbind", 259 },
+ 	{ "memfd_create", 360 },
+@@ -204,7 +206,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "mlock", 150 },
+ 	{ "mlockall", 152 },
+ 	{ "mmap", 90 },
+-	{ "mmap2", 192 },
++	{ "mmap2", __PNR_mmap2 },
+ 	{ "modify_ldt", 123 },
+ 	{ "mount", 21 },
+ 	{ "move_pages", 301 },
+@@ -228,7 +230,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "munmap", 91 },
+ 	{ "name_to_handle_at", 345 },
+ 	{ "nanosleep", 162 },
+-	{ "newfstatat", __PNR_newfstatat },
++	{ "newfstatat", 291 },
+ 	{ "nfsservctl", 168 },
+ 	{ "nice", 34 },
+ 	{ "oldfstat", 28 },
+@@ -315,7 +317,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "semtimedop", __PNR_semtimedop },
+ 	{ "send", 334 },
+ 	{ "sendfile", 186 },
+-	{ "sendfile64", 226 },
++	{ "sendfile64", __PNR_sendfile64 },
+ 	{ "sendmmsg", 349 },
+ 	{ "sendmsg", 341 },
+ 	{ "sendto", 335 },
+@@ -375,7 +377,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "spu_run", 278 },
+ 	{ "ssetmask", 69 },
+ 	{ "stat", 106 },
+-	{ "stat64", 195 },
++	{ "stat64", __PNR_stat64 },
+ 	{ "statfs", 99 },
+ 	{ "statfs64", 252 },
+ 	{ "stime", 25 },
+@@ -411,7 +413,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
+ 	{ "times", 43 },
+ 	{ "tkill", 208 },
+ 	{ "truncate", 92 },
+-	{ "truncate64", 193 },
++	{ "truncate64", __PNR_truncate64 },
+ 	{ "tuxcall", 225 },
+ 	{ "ugetrlimit", 190 },
+ 	{ "ulimit", 58 },
+diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
+index eeb4d8b..e28b206 100755
+--- a/src/arch-syscall-validate
++++ b/src/arch-syscall-validate
+@@ -311,7 +311,7 @@ function dump_lib_mips64n32() {
+ #  Dump the architecture's syscall table to stdout.
+ #
+ function dump_sys_ppc64() {
+-	gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
++	gcc -E -dM -D__powerpc64__ $1/arch/powerpc/include/uapi/asm/unistd.h | \
+ 		grep "^#define __NR_" | sort | \
+ 		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
+ }
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0007-tests-minor-fix-in-arch-syscall-check.patch

@@ -0,0 +1,29 @@
+From 894784b321e088b5a10c2fdd442e7b326daedb7f Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Wed, 11 Feb 2015 10:45:41 +0000
+Subject: [PATCH 07/11] tests: minor fix in arch-syscall-check
+
+Sent against working-ppc64.
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ src/arch-syscall-check.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
+index dadab0d..a091a6d 100644
+--- a/src/arch-syscall-check.c
++++ b/src/arch-syscall-check.c
+@@ -96,7 +96,7 @@ int main(int argc, char *argv[])
+ 		syscall_check(str_miss, sys_name, "mips64n32",
+ 			      mips64n32_syscall_iterate_name(i_mips64n32));
+ 		syscall_check(str_miss, sys_name, "ppc64",
+-			      ppc64_syscall_iterate_name(i_mips64n32));
++			      ppc64_syscall_iterate_name(i_ppc64));
+ 
+ 		/* output the results */
+ 		printf("%s: ", sys_name);
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0008-arch-add-a-ppc-syscall-table.patch

@@ -0,0 +1,782 @@
+From 25fc85ba58eba3980649e5bded51816a98cbefc0 Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Wed, 11 Feb 2015 13:23:25 +0000
+Subject: [PATCH 08/11] arch: add a ppc syscall table
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+[PM: slight reordering of ppc/ppc64 in header files and makefiles]
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ include/seccomp.h.in      |   1 +
+ src/Makefile.am           |   1 +
+ src/arch-ppc-syscalls.c   | 504 ++++++++++++++++++++++++++++++++++++++++++++++
+ src/arch-ppc.c            |  33 +++
+ src/arch-ppc.h            |  38 ++++
+ src/arch-syscall-check.c  |  13 +-
+ src/arch-syscall-dump.c   |   4 +
+ src/arch-syscall-validate |  31 ++-
+ 8 files changed, 623 insertions(+), 2 deletions(-)
+ create mode 100644 src/arch-ppc-syscalls.c
+ create mode 100644 src/arch-ppc.c
+ create mode 100644 src/arch-ppc.h
+
+diff --git a/include/seccomp.h.in b/include/seccomp.h.in
+index 42f3f1a..3af4c2b 100644
+--- a/include/seccomp.h.in
++++ b/include/seccomp.h.in
+@@ -153,6 +153,7 @@ struct scmp_arg_cmp {
+ /**
+  * The PowerPC architecture tokens
+  */
++#define SCMP_ARCH_PPC		AUDIT_ARCH_PPC
+ #define SCMP_ARCH_PPC64		AUDIT_ARCH_PPC64
+ #ifndef AUDIT_ARCH_PPC64LE
+ #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 038b2ef..54f8478 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -31,6 +31,7 @@ SOURCES_ARCH = \
+ 	arch-mips.h arch-mips.c arch-mips-syscalls.c \
+ 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
+ 	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
++	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
+ 	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c
+ 
+ SOURCES_GEN = \
+diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
+new file mode 100644
+index 0000000..32fc05a
+--- /dev/null
++++ b/src/arch-ppc-syscalls.c
+@@ -0,0 +1,504 @@
++/**
++ * Enhanced Seccomp PPC Specific Code
++ *
++ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
++ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
++ *
++ */
++
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#include <string.h>
++
++#include <seccomp.h>
++
++#include "arch.h"
++#include "arch-ppc.h"
++
++/* NOTE: based on Linux 3.19 */
++const struct arch_syscall_def ppc_syscall_table[] = { \
++	{ "_llseek", 140 },
++	{ "_newselect", 142 },
++	{ "_sysctl", 149 },
++	{ "accept", 330 },
++	{ "accept4", 344 },
++	{ "access", 33 },
++	{ "acct", 51 },
++	{ "add_key", 269 },
++	{ "adjtimex", 124 },
++	{ "afs_syscall", 137 },
++	{ "alarm", 27 },
++	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
++	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
++	{ "arch_prctl", __PNR_arch_prctl },
++	{ "bdflush", 134 },
++	{ "bind", 327 },
++	{ "bpf", 361 },
++	{ "break", 17 },
++	{ "brk", 45 },
++	{ "cachectl", __PNR_cachectl },
++	{ "cacheflush", __PNR_cacheflush },
++	{ "capget", 183 },
++	{ "capset", 184 },
++	{ "chdir", 12 },
++	{ "chmod", 15 },
++	{ "chown", 181 },
++	{ "chown32", __PNR_chown32 },
++	{ "chroot", 61 },
++	{ "clock_adjtime", 347 },
++	{ "clock_getres", 247 },
++	{ "clock_gettime", 246 },
++	{ "clock_nanosleep", 248 },
++	{ "clock_settime", 245 },
++	{ "clone", 120 },
++	{ "close", 6 },
++	{ "connect", 328 },
++	{ "creat", 8 },
++	{ "create_module", 127 },
++	{ "delete_module", 129 },
++	{ "dup", 41 },
++	{ "dup2", 63 },
++	{ "dup3", 316 },
++	{ "epoll_create", 236 },
++	{ "epoll_create1", 315 },
++	{ "epoll_ctl", 237 },
++	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
++	{ "epoll_pwait", 303 },
++	{ "epoll_wait", 238 },
++	{ "epoll_wait_old", __PNR_epoll_wait_old },
++	{ "eventfd", 307 },
++	{ "eventfd2", 314 },
++	{ "execve", 11 },
++	{ "execveat", 362 },
++	{ "exit", 1 },
++	{ "exit_group", 234 },
++	{ "faccessat", 298 },
++	{ "fadvise64", 233 },
++	{ "fadvise64_64", 254 },
++	{ "fallocate", 309 },
++	{ "fanotify_init", 323 },
++	{ "fanotify_mark", 324 },
++	{ "fchdir", 133 },
++	{ "fchmod", 94 },
++	{ "fchmodat", 297 },
++	{ "fchown", 95 },
++	{ "fchown32", __PNR_fchown32 },
++	{ "fchownat", 289 },
++	{ "fcntl", 55 },
++	{ "fcntl64", 204 },
++	{ "fdatasync", 148 },
++	{ "fgetxattr", 214 },
++	{ "finit_module", 353 },
++	{ "flistxattr", 217 },
++	{ "flock", 143 },
++	{ "fork", 2 },
++	{ "fremovexattr", 220 },
++	{ "fsetxattr", 211 },
++	{ "fstat", 108 },
++	{ "fstat64", 197 },
++	{ "fstatat64", 291 },
++	{ "fstatfs", 100 },
++	{ "fstatfs64", 253 },
++	{ "fsync", 118 },
++	{ "ftime", 35 },
++	{ "ftruncate", 93 },
++	{ "ftruncate64", 194 },
++	{ "futex", 221 },
++	{ "futimesat", 290 },
++	{ "get_kernel_syms", 130 },
++	{ "get_mempolicy", 260 },
++	{ "get_robust_list", 299 },
++	{ "get_thread_area", __PNR_get_thread_area },
++	{ "getcpu", 302 },
++	{ "getcwd", 182 },
++	{ "getdents", 141 },
++	{ "getdents64", 202 },
++	{ "getegid", 50 },
++	{ "getegid32", __PNR_getegid32 },
++	{ "geteuid", 49 },
++	{ "geteuid32", __PNR_geteuid32 },
++	{ "getgid", 47 },
++	{ "getgid32", __PNR_getgid32 },
++	{ "getgroups", 80 },
++	{ "getgroups32", __PNR_getgroups32 },
++	{ "getitimer", 105 },
++	{ "getpeername", 332 },
++	{ "getpgid", 132 },
++	{ "getpgrp", 65 },
++	{ "getpid", 20 },
++	{ "getpmsg", 187 },
++	{ "getppid", 64 },
++	{ "getpriority", 96 },
++	{ "getrandom", 359 },
++	{ "getresgid", 170 },
++	{ "getresgid32", __PNR_getresgid32 },
++	{ "getresuid", 165 },
++	{ "getresuid32", __PNR_getresuid32 },
++	{ "getrlimit", 76 },
++	{ "getrusage", 77 },
++	{ "getsid", 147 },
++	{ "getsockname", 331 },
++	{ "getsockopt", 340 },
++	{ "gettid", 207 },
++	{ "gettimeofday", 78 },
++	{ "getuid", 24 },
++	{ "getuid32", __PNR_getuid32 },
++	{ "getxattr", 212 },
++	{ "gtty", 32 },
++	{ "idle", 112 },
++	{ "init_module", 128 },
++	{ "inotify_add_watch", 276 },
++	{ "inotify_init", 275 },
++	{ "inotify_init1", 318 },
++	{ "inotify_rm_watch", 277 },
++	{ "io_cancel", 231 },
++	{ "io_destroy", 228 },
++	{ "io_getevents", 229 },
++	{ "io_setup", 227 },
++	{ "io_submit", 230 },
++	{ "ioctl", 54 },
++	{ "ioperm", 101 },
++	{ "iopl", 110 },
++	{ "ioprio_get", 274 },
++	{ "ioprio_set", 273 },
++	{ "ipc", 117 },
++	{ "kcmp", 354 },
++	{ "kexec_file_load", __PNR_kexec_file_load },
++	{ "kexec_load", 268 },
++	{ "keyctl", 271 },
++	{ "kill", 37 },
++	{ "lchown", 16 },
++	{ "lchown32", __PNR_lchown32 },
++	{ "lgetxattr", 213 },
++	{ "link", 9 },
++	{ "linkat", 294 },
++	{ "listen", 329 },
++	{ "listxattr", 215 },
++	{ "llistxattr", 216 },
++	{ "lock", 53 },
++	{ "lookup_dcookie", 235 },
++	{ "lremovexattr", 219 },
++	{ "lseek", 19 },
++	{ "lsetxattr", 210 },
++	{ "lstat", 107 },
++	{ "lstat64", 196 },
++	{ "madvise", 205 },
++	{ "mbind", 259 },
++	{ "memfd_create", 360 },
++	{ "migrate_pages", 258 },
++	{ "mincore", 206 },
++	{ "mkdir", 39 },
++	{ "mkdirat", 287 },
++	{ "mknod", 14 },
++	{ "mknodat", 288 },
++	{ "mlock", 150 },
++	{ "mlockall", 152 },
++	{ "mmap", 90 },
++	{ "mmap2", 192 },
++	{ "modify_ldt", 123 },
++	{ "mount", 21 },
++	{ "move_pages", 301 },
++	{ "mprotect", 125 },
++	{ "mpx", 56 },
++	{ "mq_getsetattr", 267 },
++	{ "mq_notify", 266 },
++	{ "mq_open", 262 },
++	{ "mq_timedreceive", 265 },
++	{ "mq_timedsend", 264 },
++	{ "mq_unlink", 263 },
++	{ "mremap", 163 },
++	{ "msgctl", __PNR_msgctl },
++	{ "msgget", __PNR_msgget },
++	{ "msgrcv", __PNR_msgrcv },
++	{ "msgsnd", __PNR_msgsnd },
++	{ "msync", 144 },
++	{ "multiplexer", 201 },
++	{ "munlock", 151 },
++	{ "munlockall", 153 },
++	{ "munmap", 91 },
++	{ "name_to_handle_at", 345 },
++	{ "nanosleep", 162 },
++	{ "newfstatat", __PNR_newfstatat },
++	{ "nfsservctl", 168 },
++	{ "nice", 34 },
++	{ "oldfstat", 28 },
++	{ "oldlstat", 84 },
++	{ "oldolduname", 59 },
++	{ "oldstat", 18 },
++	{ "olduname", 109 },
++	{ "oldwait4", __PNR_oldwait4 },
++	{ "open", 5 },
++	{ "open_by_handle_at", 346 },
++	{ "openat", 286 },
++	{ "pause", 29 },
++	{ "pciconfig_iobase", 200 },
++	{ "pciconfig_read", 198 },
++	{ "pciconfig_write", 199 },
++	{ "perf_event_open", 319 },
++	{ "personality", 136 },
++	{ "pipe", 42 },
++	{ "pipe2", 317 },
++	{ "pivot_root", 203 },
++	{ "poll", 167 },
++	{ "ppoll", 281 },
++	{ "prctl", 171 },
++	{ "pread64", 179 },
++	{ "preadv", 320 },
++	{ "prlimit64", 325 },
++	{ "process_vm_readv", 351 },
++	{ "process_vm_writev", 352 },
++	{ "prof", 44 },
++	{ "profil", 98 },
++	{ "pselect6", 280 },
++	{ "ptrace", 26 },
++	{ "putpmsg", 188 },
++	{ "pwrite64", 180 },
++	{ "pwritev", 321 },
++	{ "query_module", 166 },
++	{ "quotactl", 131 },
++	{ "read", 3 },
++	{ "readahead", 191 },
++	{ "readdir", 89 },
++	{ "readlink", 85 },
++	{ "readlinkat", 296 },
++	{ "readv", 145 },
++	{ "reboot", 88 },
++	{ "recv", 336 },
++	{ "recvfrom", 337 },
++	{ "recvmmsg", 343 },
++	{ "recvmsg", 342 },
++	{ "remap_file_pages", 239 },
++	{ "removexattr", 218 },
++	{ "rename", 38 },
++	{ "renameat", 293 },
++	{ "renameat2", 357 },
++	{ "request_key", 270 },
++	{ "restart_syscall", 0 },
++	{ "rmdir", 40 },
++	{ "rt_sigaction", 173 },
++	{ "rt_sigpending", 175 },
++	{ "rt_sigprocmask", 174 },
++	{ "rt_sigqueueinfo", 177 },
++	{ "rt_sigreturn", 172 },
++	{ "rt_sigsuspend", 178 },
++	{ "rt_sigtimedwait", 176 },
++	{ "rt_tgsigqueueinfo", 322 },
++	{ "rtas", 255 },
++	{ "sched_get_priority_max", 159 },
++	{ "sched_get_priority_min", 160 },
++	{ "sched_getaffinity", 223 },
++	{ "sched_getattr", 356 },
++	{ "sched_getparam", 155 },
++	{ "sched_getscheduler", 157 },
++	{ "sched_rr_get_interval", 161 },
++	{ "sched_setaffinity", 222 },
++	{ "sched_setattr", 355 },
++	{ "sched_setparam", 154 },
++	{ "sched_setscheduler", 156 },
++	{ "sched_yield", 158 },
++	{ "seccomp", 358 },
++	{ "security", __PNR_security },
++	{ "select", 82 },
++	{ "semctl", __PNR_semctl },
++	{ "semget", __PNR_semget },
++	{ "semop", __PNR_semop },
++	{ "semtimedop", __PNR_semtimedop },
++	{ "send", 334 },
++	{ "sendfile", 186 },
++	{ "sendfile64", 226 },
++	{ "sendmmsg", 349 },
++	{ "sendmsg", 341 },
++	{ "sendto", 335 },
++	{ "set_mempolicy", 261 },
++	{ "set_robust_list", 300 },
++	{ "set_thread_area", __PNR_set_thread_area },
++	{ "set_tid_address", 232 },
++	{ "setdomainname", 121 },
++	{ "setfsgid", 139 },
++	{ "setfsgid32", __PNR_setfsgid32 },
++	{ "setfsuid", 138 },
++	{ "setfsuid32", __PNR_setfsuid32 },
++	{ "setgid", 46 },
++	{ "setgid32", __PNR_setgid32 },
++	{ "setgroups", 81 },
++	{ "setgroups32", __PNR_setgroups32 },
++	{ "sethostname", 74 },
++	{ "setitimer", 104 },
++	{ "setns", 350 },
++	{ "setpgid", 57 },
++	{ "setpriority", 97 },
++	{ "setregid", 71 },
++	{ "setregid32", __PNR_setregid32 },
++	{ "setresgid", 169 },
++	{ "setresgid32", __PNR_setresgid32 },
++	{ "setresuid", 164 },
++	{ "setresuid32", __PNR_setresuid32 },
++	{ "setreuid", 70 },
++	{ "setreuid32", __PNR_setreuid32 },
++	{ "setrlimit", 75 },
++	{ "setsid", 66 },
++	{ "setsockopt", 339 },
++	{ "settimeofday", 79 },
++	{ "setuid", 23 },
++	{ "setuid32", __PNR_setuid32 },
++	{ "setxattr", 209 },
++	{ "sgetmask", 68 },
++	{ "shmat", __PNR_shmat },
++	{ "shmctl", __PNR_shmctl },
++	{ "shmdt", __PNR_shmdt },
++	{ "shmget", __PNR_shmget },
++	{ "shutdown", 338 },
++	{ "sigaction", 67 },
++	{ "sigaltstack", 185 },
++	{ "signal", 48 },
++	{ "signalfd", 305 },
++	{ "signalfd4", 313 },
++	{ "sigpending", 73 },
++	{ "sigprocmask", 126 },
++	{ "sigreturn", 119 },
++	{ "sigsuspend", 72 },
++	{ "socket", 326 },
++	{ "socketcall", 102 },
++	{ "socketpair", 333 },
++	{ "splice", 283 },
++	{ "spu_create", 279 },
++	{ "spu_run", 278 },
++	{ "ssetmask", 69 },
++	{ "stat", 106 },
++	{ "stat64", 195 },
++	{ "statfs", 99 },
++	{ "statfs64", 252 },
++	{ "stime", 25 },
++	{ "stty", 31 },
++	{ "subpage_prot", 310 },
++	{ "swapcontext", 249 },
++	{ "swapoff", 115 },
++	{ "swapon", 87 },
++	{ "symlink", 83 },
++	{ "symlinkat", 295 },
++	{ "sync", 36 },
++	{ "sync_file_range", __PNR_sync_file_range },
++	{ "sync_file_range2", 308 },
++	{ "syncfs", 348 },
++	{ "syscall", __PNR_syscall },
++	{ "sys_debug_setcontext", 256 },
++	{ "sysfs", 135 },
++	{ "sysinfo", 116 },
++	{ "syslog", 103 },
++	{ "sysmips", __PNR_sysmips },
++	{ "tee", 284 },
++	{ "tgkill", 250 },
++	{ "time", 13 },
++	{ "timer_create", 240 },
++	{ "timer_delete", 244 },
++	{ "timer_getoverrun", 243 },
++	{ "timer_gettime", 242 },
++	{ "timer_settime", 241 },
++	{ "timerfd", __PNR_timerfd },
++	{ "timerfd_create", 306 },
++	{ "timerfd_gettime", 312 },
++	{ "timerfd_settime", 311 },
++	{ "times", 43 },
++	{ "tkill", 208 },
++	{ "truncate", 92 },
++	{ "truncate64", 193 },
++	{ "tuxcall", 225 },
++	{ "ugetrlimit", 190 },
++	{ "ulimit", 58 },
++	{ "umask", 60 },
++	{ "umount", 22 },
++	{ "umount2", 52 },
++	{ "uname", 122 },
++	{ "unlink", 10 },
++	{ "unlinkat", 292 },
++	{ "unshare", 282 },
++	{ "uselib", 86 },
++	{ "ustat", 62 },
++	{ "utime", 30 },
++	{ "utimensat", 304 },
++	{ "utimes", 251 },
++	{ "vfork", 189 },
++	{ "vhangup", 111 },
++	{ "vm86", 113 },
++	{ "vm86old", __PNR_vm86old },
++	{ "vmsplice", 285 },
++	{ "vserver", __PNR_vserver },
++	{ "wait4", 114 },
++	{ "waitid", 272 },
++	{ "waitpid", 7 },
++	{ "write", 4 },
++	{ "writev", 146 },
++	{ NULL, __NR_SCMP_ERROR },
++};
++
++/**
++ * Resolve a syscall name to a number
++ * @param name the syscall name
++ *
++ * Resolve the given syscall name to the syscall number using the syscall table.
++ * Returns the syscall number on success, including negative pseudo syscall
++ * numbers; returns __NR_SCMP_ERROR on failure.
++ *
++ */
++int ppc_syscall_resolve_name(const char *name)
++{
++	unsigned int iter;
++	const struct arch_syscall_def *table = ppc_syscall_table;
++
++	/* XXX - plenty of room for future improvement here */
++	for (iter = 0; table[iter].name != NULL; iter++) {
++		if (strcmp(name, table[iter].name) == 0)
++			return table[iter].num;
++	}
++
++	return __NR_SCMP_ERROR;
++}
++
++/**
++ * Resolve a syscall number to a name
++ * @param num the syscall number
++ *
++ * Resolve the given syscall number to the syscall name using the syscall table.
++ * Returns a pointer to the syscall name string on success, including pseudo
++ * syscall names; returns NULL on failure.
++ *
++ */
++const char *ppc_syscall_resolve_num(int num)
++{
++	unsigned int iter;
++	const struct arch_syscall_def *table = ppc_syscall_table;
++
++	/* XXX - plenty of room for future improvement here */
++	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
++		if (num == table[iter].num)
++			return table[iter].name;
++	}
++
++	return NULL;
++}
++
++/**
++ * Iterate through the syscall table and return the syscall name
++ * @param spot the offset into the syscall table
++ *
++ * Return the syscall name at position @spot or NULL on failure.  This function
++ * should only ever be used internally by libseccomp.
++ *
++ */
++const char *ppc_syscall_iterate_name(unsigned int spot)
++{
++	/* XXX - no safety checks here */
++	return ppc_syscall_table[spot].name;
++}
+diff --git a/src/arch-ppc.c b/src/arch-ppc.c
+new file mode 100644
+index 0000000..56dbdb4
+--- /dev/null
++++ b/src/arch-ppc.c
+@@ -0,0 +1,33 @@
++/**
++ * Enhanced Seccomp PPC Specific Code
++ *
++ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
++ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
++ *
++ */
++
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#include <linux/audit.h>
++
++#include "arch.h"
++#include "arch-ppc.h"
++
++const struct arch_def arch_def_ppc = {
++	.token = SCMP_ARCH_PPC,
++	.token_bpf = AUDIT_ARCH_PPC,
++	.size = ARCH_SIZE_32,
++	.endian = ARCH_ENDIAN_BIG,
++};
+diff --git a/src/arch-ppc.h b/src/arch-ppc.h
+new file mode 100644
+index 0000000..627a168
+--- /dev/null
++++ b/src/arch-ppc.h
+@@ -0,0 +1,38 @@
++/**
++ * Enhanced Seccomp PPC Specific Code
++ *
++ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
++ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
++ *
++ */
++
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#ifndef _ARCH_PPC_H
++#define _ARCH_PPC_H
++
++#include <inttypes.h>
++
++#include "arch.h"
++#include "system.h"
++
++extern const struct arch_def arch_def_ppc;
++
++int ppc_syscall_resolve_name(const char *name);
++const char *ppc_syscall_resolve_num(int num);
++
++const char *ppc_syscall_iterate_name(unsigned int spot);
++
++#endif
+diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
+index a091a6d..8682483 100644
+--- a/src/arch-syscall-check.c
++++ b/src/arch-syscall-check.c
+@@ -34,6 +34,7 @@
+ #include "arch-mips64.h"
+ #include "arch-mips64n32.h"
+ #include "arch-ppc64.h"
++#include "arch-ppc.h"
+ 
+ /**
+  * compare the syscall values
+@@ -69,6 +70,7 @@ int main(int argc, char *argv[])
+ 	int i_mips64 = 0;
+ 	int i_mips64n32 = 0;
+ 	int i_ppc64 = 0;
++	int i_ppc = 0;
+ 	const char *sys_name;
+ 	char str_miss[256];
+ 
+@@ -97,6 +99,8 @@ int main(int argc, char *argv[])
+ 			      mips64n32_syscall_iterate_name(i_mips64n32));
+ 		syscall_check(str_miss, sys_name, "ppc64",
+ 			      ppc64_syscall_iterate_name(i_ppc64));
++		syscall_check(str_miss, sys_name, "ppc",
++			      ppc_syscall_iterate_name(i_ppc));
+ 
+ 		/* output the results */
+ 		printf("%s: ", sys_name);
+@@ -125,10 +129,12 @@ int main(int argc, char *argv[])
+ 			i_mips64n32 = -1;
+ 		if (!ppc64_syscall_iterate_name(++i_ppc64))
+ 			i_ppc64 = -1;
++		if (!ppc_syscall_iterate_name(++i_ppc))
++			i_ppc = -1;
+ 	} while (i_x86_64 >= 0 && i_x32 >= 0 &&
+ 		 i_arm >= 0 && i_aarch64 >= 0 &&
+ 		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
+-		 i_ppc64 >= 0);
++		 i_ppc64 >= 0 && i_ppc >= 0);
+ 
+ 	/* check for any leftovers */
+ 	sys_name = x86_syscall_iterate_name(i_x86 + 1);
+@@ -176,6 +182,11 @@ int main(int argc, char *argv[])
+ 		       ppc64_syscall_iterate_name(i_ppc64));
+ 		return 1;
+ 	}
++	if (i_ppc >= 0) {
++		printf("%s: ERROR, ppc has additional syscalls\n",
++		       ppc_syscall_iterate_name(i_ppc));
++		return 1;
++	}
+ 
+ 	/* if we made it here, all is good */
+ 	return 0;
+diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
+index 985a250..62992e7 100644
+--- a/src/arch-syscall-dump.c
++++ b/src/arch-syscall-dump.c
+@@ -39,6 +39,7 @@
+ #include "arch-mips64n32.h"
+ #include "arch-aarch64.h"
+ #include "arch-ppc64.h"
++#include "arch-ppc.h"
+ 
+ /**
+  * Print the usage information to stderr and exit
+@@ -116,6 +117,9 @@ int main(int argc, char *argv[])
+ 		case SCMP_ARCH_PPC64:
+ 			sys_name = ppc64_syscall_iterate_name(iter);
+ 			break;
++		case SCMP_ARCH_PPC:
++			sys_name = ppc_syscall_iterate_name(iter);
++			break;
+ 
+ 		default:
+ 			/* invalid arch */
+diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
+index e28b206..595dfef 100755
+--- a/src/arch-syscall-validate
++++ b/src/arch-syscall-validate
+@@ -326,6 +326,29 @@ function dump_lib_ppc64() {
+ }
+ 
+ #
++# Dump the ppc system syscall table
++#
++# Arguments:
++#     1    path to the kernel source
++#
++#  Dump the architecture's syscall table to stdout.
++#
++function dump_sys_ppc() {
++	gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
++		grep "^#define __NR_" | sort | \
++		sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
++}
++
++#
++# Dump the ppc library syscall table
++#
++#  Dump the library's syscall table to stdout.
++#
++function dump_lib_ppc() {
++	$LIB_SYS_DUMP -a ppc | sed -e '/[^\t]\+\t-[0-9]\+/d'
++}
++
++#
+ # Dump the system syscall table
+ #
+ # Arguments:
+@@ -363,6 +386,9 @@ function dump_sys() {
+ 	ppc64)
+ 		dump_sys_ppc64 "$2"
+ 		;;
++	ppc)
++		dump_sys_ppc "$2"
++		;;
+ 	*)
+ 		echo ""
+ 		;;
+@@ -406,6 +432,9 @@ function dump_lib() {
+ 	ppc64)
+ 		dump_lib_ppc64 "$2"
+ 		;;
++	ppc)
++		dump_lib_ppc "$2"
++		;;
+ 	*)
+ 		echo ""
+ 		;;
+@@ -442,7 +471,7 @@ shift $(($OPTIND - 1))
+ 
+ # defaults
+ if [[ $arches == "" ]]; then
+-	arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
++	arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64 ppc"
+ fi
+ 
+ # sanity checks
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch

@@ -0,0 +1,117 @@
+From c0fa35a2756a1fcedcf4d4a14688226d2a1cd86b Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Wed, 11 Feb 2015 13:23:26 +0000
+Subject: [PATCH 09/11] arch: add basic initial ppc support to the
+ arch-dependent code
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ src/arch.c                | 11 +++++++++++
+ src/python/libseccomp.pxd |  1 +
+ src/python/seccomp.pyx    |  6 +++++-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/arch.c b/src/arch.c
+index 64fc1d1..f73db6b 100644
+--- a/src/arch.c
++++ b/src/arch.c
+@@ -39,6 +39,7 @@
+ #include "arch-mips64.h"
+ #include "arch-mips64n32.h"
+ #include "arch-ppc64.h"
++#include "arch-ppc.h"
+ #include "system.h"
+ 
+ #define default_arg_count_max		6
+@@ -81,6 +82,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc64;
+ #else
+ const struct arch_def *arch_def_native = &arch_def_ppc64le;
+ #endif
++#elif __PPC__
++const struct arch_def *arch_def_native = &arch_def_ppc;
+ #else
+ #error the arch code needs to know about your machine type
+ #endif /* machine type guess */
+@@ -133,6 +136,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
+ 		return &arch_def_ppc64;
+ 	case SCMP_ARCH_PPC64LE:
+ 		return &arch_def_ppc64le;
++	case SCMP_ARCH_PPC:
++		return &arch_def_ppc;
+ 	}
+ 
+ 	return NULL;
+@@ -173,6 +178,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
+ 		return &arch_def_ppc64;
+ 	else if (strcmp(arch_name, "ppc64le") == 0)
+ 		return &arch_def_ppc64le;
++	else if (strcmp(arch_name, "ppc") == 0)
++		return &arch_def_ppc;
+ 
+ 	return NULL;
+ }
+@@ -294,6 +301,8 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
+ 	case SCMP_ARCH_PPC64:
+ 	case SCMP_ARCH_PPC64LE:
+ 		return ppc64_syscall_resolve_name(name);
++	case SCMP_ARCH_PPC:
++		return ppc_syscall_resolve_name(name);
+ 	}
+ 
+ 	return __NR_SCMP_ERROR;
+@@ -334,6 +343,8 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
+ 	case SCMP_ARCH_PPC64:
+ 	case SCMP_ARCH_PPC64LE:
+ 		return ppc64_syscall_resolve_num(num);
++	case SCMP_ARCH_PPC:
++		return ppc_syscall_resolve_num(num);
+ 	}
+ 
+ 	return NULL;
+diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
+index a546550..e9c0f6a 100644
+--- a/src/python/libseccomp.pxd
++++ b/src/python/libseccomp.pxd
+@@ -40,6 +40,7 @@ cdef extern from "seccomp.h":
+         SCMP_ARCH_MIPSEL64N32
+         SCMP_ARCH_PPC64
+         SCMP_ARCH_PPC64LE
++        SCMP_ARCH_PPC
+ 
+     cdef enum scmp_filter_attr:
+         SCMP_FLTATR_ACT_DEFAULT
+diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
+index f30a0b6..2da8c66 100644
+--- a/src/python/seccomp.pyx
++++ b/src/python/seccomp.pyx
+@@ -148,6 +148,7 @@ cdef class Arch:
+     MIPSEL64 - MIPS little endian 64-bit ABI
+     MIPSEL64N32 - MIPS little endian N32 ABI
+     PPC64 - 64-bit PowerPC
++    PPC - 32-bit PowerPC
+     """
+ 
+     cdef int _token
+@@ -165,7 +166,8 @@ cdef class Arch:
+     MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
+     MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
+     PPC64 = libseccomp.SCMP_ARCH_PPC64
+-    PPC64 = libseccomp.SCMP_ARCH_PPC64LE
++    PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
++    PPC = libseccomp.SCMP_ARCH_PPC
+ 
+     def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
+         """ Initialize the architecture object.
+@@ -205,6 +207,8 @@ cdef class Arch:
+                 self._token = libseccomp.SCMP_ARCH_PPC64
+             elif arch == libseccomp.SCMP_ARCH_PPC64LE:
+                 self._token = libseccomp.SCMP_ARCH_PPC64LE
++            elif arch == libseccomp.SCMP_ARCH_PPC:
++                self._token = libseccomp.SCMP_ARCH_PPC
+             else:
+                 self._token = 0;
+         elif isinstance(arch, basestring):
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0010-tools-add-ppc-support.patch

@@ -0,0 +1,70 @@
+From b54dafd62376f9041b4d48e800f39c588554aabc Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Wed, 11 Feb 2015 13:23:27 +0000
+Subject: [PATCH 10/11] tools: add ppc support
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ tools/scmp_arch_detect.c | 3 +++
+ tools/scmp_bpf_disasm.c  | 2 ++
+ tools/scmp_bpf_sim.c     | 2 ++
+ tools/util.c             | 2 ++
+ 4 files changed, 9 insertions(+)
+
+diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
+index d23d2ec..03644c6 100644
+--- a/tools/scmp_arch_detect.c
++++ b/tools/scmp_arch_detect.c
+@@ -105,6 +105,9 @@ int main(int argc, char *argv[])
+ 		case SCMP_ARCH_PPC64LE:
+ 			printf("ppc64le\n");
+ 			break;
++		case SCMP_ARCH_PPC:
++			printf("ppc\n");
++			break;
+ 		default:
+ 			printf("unknown\n");
+ 		}
+diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
+index 9199e17..d773469 100644
+--- a/tools/scmp_bpf_disasm.c
++++ b/tools/scmp_bpf_disasm.c
+@@ -338,6 +338,8 @@ int main(int argc, char *argv[])
+ 				arch = AUDIT_ARCH_PPC64;
+ 			else if (strcmp(optarg, "ppc64le") == 0)
+ 				arch = AUDIT_ARCH_PPC64LE;
++			else if (strcmp(optarg, "ppc") == 0)
++				arch = AUDIT_ARCH_PPC;
+ 			else
+ 				exit_usage(argv[0]);
+ 			break;
+diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
+index d3e439f..a53b4fd 100644
+--- a/tools/scmp_bpf_sim.c
++++ b/tools/scmp_bpf_sim.c
+@@ -253,6 +253,8 @@ int main(int argc, char *argv[])
+ 				arch = AUDIT_ARCH_PPC64;
+ 			else if (strcmp(optarg, "ppc64le") == 0)
+ 				arch = AUDIT_ARCH_PPC64LE;
++			else if (strcmp(optarg, "ppc") == 0)
++				arch = AUDIT_ARCH_PPC;
+ 			else
+ 				exit_fault(EINVAL);
+ 			break;
+diff --git a/tools/util.c b/tools/util.c
+index f998009..b45de3b 100644
+--- a/tools/util.c
++++ b/tools/util.c
+@@ -68,6 +68,8 @@
+ #else
+ #define ARCH_NATIVE		AUDIT_ARCH_PPC64LE
+ #endif
++#elif __PPC__
++#define ARCH_NATIVE		AUDIT_ARCH_PPC
+ #else
+ #error the simulator code needs to know about your machine type
+ #endif
+-- 
+2.3.5
+

recipes-security/libseccomp/files/0011-tests-add-ppc-support-to-the-regression-tests.patch

@@ -0,0 +1,64 @@
+From 1a68b28e8cc6680dc7a9aecd26e06112b4ff93bf Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Wed, 11 Feb 2015 13:23:28 +0000
+Subject: [PATCH 11/11] tests: add ppc support to the regression tests
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ tests/26-sim-arch_all_be_basic.c  | 3 +++
+ tests/26-sim-arch_all_be_basic.py | 1 +
+ tests/regression                  | 4 ++--
+ 3 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
+index 1a44525..91fcbea 100644
+--- a/tests/26-sim-arch_all_be_basic.c
++++ b/tests/26-sim-arch_all_be_basic.c
+@@ -55,6 +55,9 @@ int main(int argc, char *argv[])
+ 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
+ 	if (rc != 0)
+ 		goto out;
++	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
++	if (rc != 0)
++		goto out;
+ 
+ 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
+ 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
+diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
+index cba2dea..1537013 100755
+--- a/tests/26-sim-arch_all_be_basic.py
++++ b/tests/26-sim-arch_all_be_basic.py
+@@ -34,6 +34,7 @@ def test(args):
+     f.add_arch(Arch("mips64"))
+     f.add_arch(Arch("mips64n32"))
+     f.add_arch(Arch("ppc64"))
++    f.add_arch(Arch("ppc"))
+     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
+     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
+diff --git a/tests/regression b/tests/regression
+index eeb6cfb..9f0c17e 100755
+--- a/tests/regression
++++ b/tests/regression
+@@ -28,7 +28,7 @@ GLBL_ARCH_LE_SUPPORT=" \
+ 	ppc64le"
+ GLBL_ARCH_BE_SUPPORT=" \
+ 	mips mips64 mips64n32 \
+-	ppc64"
++	ppc64 ppc"
+ 
+ GLBL_SYS_ARCH="../tools/scmp_arch_detect"
+ GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
+@@ -673,7 +673,7 @@ function run_test_live() {
+ 
+ 	# setup the arch specific return values
+ 	case "$arch" in
+-	x86|x86_64|x32|arm|aarch64|ppc64|ppc64le)
++	x86|x86_64|x32|arm|aarch64|ppc64|ppc64le|ppc)
+ 		rc_kill=159
+ 		rc_allow=160
+ 		rc_trap=161
+-- 
+2.3.5
+

recipes-security/libseccomp/libseccomp_2.2.0.bb

@@ -8,7 +8,19 @@ SRCREV = "bd10aab13c7248cc0df57512617e33d6743d33a6"
 
 PV = "2.2.0+git${SRCPV}"
 
-SRC_URI = "git://github.com/seccomp/libseccomp.git;protocol=http"
+SRC_URI = "git://github.com/seccomp/libseccomp.git;protocol=http \
+        file://0001-arch-add-a-ppc64-syscall-table.patch \
+        file://0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch \
+        file://0003-tools-add-ppc64-support.patch \
+        file://0004-tests-add-ppc64-support-to-the-regression-tests.patch \
+        file://0005-tests-add-ppc64-support-to-the-regression-live-tests.patch \
+        file://0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch \
+        file://0007-tests-minor-fix-in-arch-syscall-check.patch \
+        file://0008-arch-add-a-ppc-syscall-table.patch \
+        file://0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch \
+        file://0010-tools-add-ppc-support.patch \
+        file://0011-tests-add-ppc-support-to-the-regression-tests.patch \
+        "
 
 S = "${WORKDIR}/git"
 
@@ -17,7 +29,4 @@ inherit autotools-brokensep pkgconfig
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
 
-# PowerPC is not supported in this version.
-COMPATIBLE_HOST = '(x86_64|i.86|arm|arm64|mips|mips64).*-linux'
-
 RDEPENDS_${PN} = "bash"