Ubuntu
libseccomp package

debian/changelog (+7/-0)
debian/patches/lp-1755250-add-the-statx-syscall.patch (+308/-0)
debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch (+536/-0)
debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch (+499/-0)
debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch (+106/-0)
debian/patches/series (+4/-0)

Related bugs:

Bug #1755250: backport statx syscall whitelist fix	Undecided	Invalid
Bug #1815415: please update libseccomp for newer kernel syscalls	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Andreas Hasenack	2019-02-08	Approve on 2019-02-11
xantares (community)	2019-02-08	Approve on 2019-02-09
Seth Arnold (community)	2019-02-08	Approve on 2019-02-08
Canonical Server	2019-02-08	Pending
git-ubuntu developers	2019-02-08	Pending
Review via email: mp+362906@code.launchpad.net

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2019-02-08:

Build is fine in PPA [1]
Tests are funning (not completed yet) in Bileto ticket [2]

I have added test instructions for the case to the Bugs SRU Template

For the sake of the "sec" in libseccomp I'd want a review by the security team as well this time - so adding a review slot for them.

Furthermore I polished and modified the sugegsted patch (headers) so I'd like an ack fromt he reporter as well - adding that.

[1]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3640
[2]: https://bileto.ubuntu.com/#/ticket/3640

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2019-02-08:

Tyler and I took a look at this patch and thought it looked good.

We also thought that a similar patch should be included at the same time:

https://github.com/seccomp/libseccomp/commit/c842c2f6c203ad9da37ca60219172aa0be68d26a

If we're going to go through the work of validating a new version, now would be a good time to bring these in as well.

(I don't know if that means the review result should be Approve, because there's nothing wrong here, or Needs Fixing, because we'd also like a bit more work to be done. Sorry.)

Thanks

review: Approve

Revision history for this message

xantares (xantares09) wrote on 2019-02-09:

thanks!

I also found the original commit in libseccomp:
https://github.com/seccomp/libseccomp/commit/4793ea990ea80ee26ed63e2a20723fdb417abf5b

review: Approve

~paelzer/ubuntu/+source/libseccomp:lp-1755250-add-statx updated on 2019-02-11

77e9482... by Christian Ehrhardt  on 2019-02-11

- d/p/lp-1815415-*: Add syscalls up to kernel 4.15 (LP: #1815415)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2019-02-11:

As requested by Seth/Tyler I also spawned bug 1815415 to include also the other syscalls until 4.15 as well (that is the latest in upstream libseccomp and what Bionic was released with).

I pushed this now to the branch that is on the MP here as well as the PPA that we test from.
The testcase I had from xantares still works fine for me with this new version.

I'd therefore ask Seth/Tyler for a re-review and furthermore hope they have some input on [1] to help verifying this when it becomes an SRU update in -proposed.

[1]: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1815415/comments/2

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2019-02-11:

Little benefit: as the series of changes is now complete all patches apply as-is without any backporting noise :-)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2019-02-11:

FYI - Autopkgtest sniff tests are good in [1] except the known flaky systemd tests.

[1]: https://bileto.ubuntu.com/excuses/3640/bionic.html

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-02-11:

Patches match upstream, good dep3 headers.

I just wonder about the bionic version you chose: 2.3.1-2.1ubuntu5

Shouldn't that have been 2.3.1-2.1ubuntu4.1 instead?

If yes, easy change. If no, you know what you are doing :)

preemptive +1

review: Approve

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2019-02-12:

All pre-checks and tests complete, and uploaded to the SRU review queue

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Christian Ehrhardt 

git-ubuntu developers

Ubuntu
libseccomp package

Merge ~paelzer/ubuntu/+source/libseccomp:lp-1755250-add-statx into ubuntu/+source/libseccomp:ubuntu/bionic-devel

Commit message

Description of the change

Preview Diff

Subscribers

 diff --git a/debian/changelog b/debian/changelog
 index ebc9a74..b08702c 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,10 @@
++libseccomp (2.3.1-2.1ubuntu5) bionic; urgency=medium
++
++  * d/p/lp-1755250-add-the-statx-syscall.patch: add statx support (LP: #1755250)
++  * d/p/lp-1815415-*: Add syscalls up to kernel 4.15 (LP: #1815415)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 08 Feb 2019 09:17:23 +0100
++
  libseccomp (2.3.1-2.1ubuntu4) bionic; urgency=medium
    * debian/tests/data/open.fail_filter: The libseccomp autopkgtests were
 diff --git a/debian/patches/lp-1755250-add-the-statx-syscall.patch b/debian/patches/lp-1755250-add-the-statx-syscall.patch
 new file mode 100644
 index 0000000..3bda165
 --- /dev/null
 +++ b/debian/patches/lp-1755250-add-the-statx-syscall.patch
@@ -0,0 +1,308 @@
++From 4793ea990ea80ee26ed63e2a20723fdb417abf5b Mon Sep 17 00:00:00 2001
++From: Tobias Klauser <tklauser@distanz.ch>
++Date: Fri, 20 Oct 2017 09:39:40 +0200
++Subject: [PATCH] arch: add the statx syscall
++
++Fixes #88
++
++Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
++[PM: fixed the incorrect x32 definition]
++Signed-off-by: Paul Moore <paul@paul-moore.com>
++
++Origin: upstream, https://github.com/seccomp/libseccomp/commit/4793ea990ea80ee26ed63e2a20723fdb417abf5b
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1755250
++Last-Update: 2019-02-10
++
++
++---
++ src/arch-aarch64-syscalls.c   | 3 ++-
++ src/arch-arm-syscalls.c       | 3 ++-
++ src/arch-mips-syscalls.c      | 3 ++-
++ src/arch-mips64-syscalls.c    | 3 ++-
++ src/arch-mips64n32-syscalls.c | 3 ++-
++ src/arch-parisc-syscalls.c    | 3 ++-
++ src/arch-ppc-syscalls.c       | 3 ++-
++ src/arch-ppc64-syscalls.c     | 3 ++-
++ src/arch-s390-syscalls.c      | 3 ++-
++ src/arch-s390x-syscalls.c     | 3 ++-
++ src/arch-x32-syscalls.c       | 3 ++-
++ src/arch-x86-syscalls.c       | 3 ++-
++ src/arch-x86_64-syscalls.c    | 3 ++-
++ 13 files changed, 26 insertions(+), 13 deletions(-)
++
++diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
++index d907182..157aedc 100644
++--- a/src/arch-aarch64-syscalls.c
+++++ b/src/arch-aarch64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-aarch64.h"
++
++-/* NOTE: based on Linux 4.10-rc6+ */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -392,6 +392,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", 43 },
++ 	{ "statfs64", __PNR_statfs64 },
+++	{ "statx", 291 },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
++index 6f40caa..43e2cc5 100644
++--- a/src/arch-arm-syscalls.c
+++++ b/src/arch-arm-syscalls.c
++@@ -37,7 +37,7 @@
++ #define __SCMP_NR_BASE			__SCMP_NR_OABI_SYSCALL_BASE
++ #endif
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	/* NOTE: arm_sync_file_range() and sync_file_range2() share values */
++ 	{ "_llseek", (__SCMP_NR_BASE + 140) },
++@@ -404,6 +404,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	{ "stat64", (__SCMP_NR_BASE + 195) },
++ 	{ "statfs", (__SCMP_NR_BASE + 99) },
++ 	{ "statfs64", (__SCMP_NR_BASE + 266) },
+++	{ "statx", (__SCMP_NR_BASE + 397) },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
++index e53f565..a5264c8 100644
++--- a/src/arch-mips-syscalls.c
+++++ b/src/arch-mips-syscalls.c
++@@ -30,7 +30,7 @@
++ /* O32 ABI */
++ #define __SCMP_NR_BASE		4000
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "_llseek", (__SCMP_NR_BASE + 140) },
++ 	{ "_newselect", (__SCMP_NR_BASE + 142) },
++@@ -396,6 +396,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "stat64", (__SCMP_NR_BASE + 213) },
++ 	{ "statfs", (__SCMP_NR_BASE + 99) },
++ 	{ "statfs64", (__SCMP_NR_BASE + 255) },
+++	{ "statx", (__SCMP_NR_BASE + 366) },
++ 	{ "stime", (__SCMP_NR_BASE + 25) },
++ 	{ "stty", (__SCMP_NR_BASE + 31) },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
++index 248acaf..bc16b1d 100644
++--- a/src/arch-mips64-syscalls.c
+++++ b/src/arch-mips64-syscalls.c
++@@ -30,7 +30,7 @@
++ /* 64 ABI */
++ #define __SCMP_NR_BASE	5000
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", (__SCMP_NR_BASE + 22) },
++@@ -396,6 +396,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", (__SCMP_NR_BASE + 134) },
++ 	{ "statfs64", __PNR_statfs64 },
+++	{ "statx", (__SCMP_NR_BASE + 326) },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
++index 1525f8b..fa89bc2 100644
++--- a/src/arch-mips64n32-syscalls.c
+++++ b/src/arch-mips64n32-syscalls.c
++@@ -30,7 +30,7 @@
++ /* N32 ABI */
++ #define __SCMP_NR_BASE	6000
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", (__SCMP_NR_BASE + 22) },
++@@ -396,6 +396,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", (__SCMP_NR_BASE + 134) },
++ 	{ "statfs64", (__SCMP_NR_BASE + 217) },
+++	{ "statx", (__SCMP_NR_BASE + 330) },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c
++index 153c112..7e9d9ab 100644
++--- a/src/arch-parisc-syscalls.c
+++++ b/src/arch-parisc-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-parisc.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "_llseek",	140 },
++ 	{ "_newselect",	142 },
++@@ -376,6 +376,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "stat64",	101 },
++ 	{ "statfs",	99 },
++ 	{ "statfs64",	298 },
+++	{ "statx",	349 },
++ 	{ "stime",	25 },
++ 	{ "stty",	__PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
++index c117da9..fe0cdfb 100644
++--- a/src/arch-ppc-syscalls.c
+++++ b/src/arch-ppc-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc.h"
++
++-/* NOTE: based on Linux 4.10-rc6+ */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -393,6 +393,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "stat64", 195 },
++ 	{ "statfs", 99 },
++ 	{ "statfs64", 252 },
+++	{ "statx", 383},
++ 	{ "stime", 25 },
++ 	{ "stty", 31 },
++ 	{ "subpage_prot", 310 },
++diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
++index bbd5876..dc09610 100644
++--- a/src/arch-ppc64-syscalls.c
+++++ b/src/arch-ppc64-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc64.h"
++
++-/* NOTE: based on Linux 4.10-rc6+ */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -393,6 +393,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", 99 },
++ 	{ "statfs64", 252 },
+++	{ "statx", 383},
++ 	{ "stime", 25 },
++ 	{ "stty", 31 },
++ 	{ "subpage_prot", 310 },
++diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c
++index 959b42f..8a6cecc 100644
++--- a/src/arch-s390-syscalls.c
+++++ b/src/arch-s390-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-s390.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -376,6 +376,7 @@ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "stat64", 195 },
++ 	{ "statfs", 99 },
++ 	{ "statfs64", 265 },
+++	{ "statx", 379 },
++ 	{ "stime", 25 },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c
++index f6a2759..728dfc4 100644
++--- a/src/arch-s390x-syscalls.c
+++++ b/src/arch-s390x-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-s390x.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -376,6 +376,7 @@ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", 99 },
++ 	{ "statfs64", 265 },
+++	{ "statx", 379 },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
++index 64e180a..bb3e077 100644
++--- a/src/arch-x32-syscalls.c
+++++ b/src/arch-x32-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x32.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -392,6 +392,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", (X32_SYSCALL_BIT + 137) },
++ 	{ "statfs64", __PNR_statfs64 },
+++	{ "statx", (X32_SYSCALL_BIT + 332) },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
++index 5443095..81a52a3 100644
++--- a/src/arch-x86-syscalls.c
+++++ b/src/arch-x86-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x86.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -392,6 +392,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "stat64", 195 },
++ 	{ "statfs", 99 },
++ 	{ "statfs64", 268 },
+++	{ "statx", 383 },
++ 	{ "stime", 25 },
++ 	{ "stty", 31 },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
++index 6c389b8..1da2530 100644
++--- a/src/arch-x86_64-syscalls.c
+++++ b/src/arch-x86_64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x86_64.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.14 */
++ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -392,6 +392,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "stat64", __PNR_stat64 },
++ 	{ "statfs", 137 },
++ 	{ "statfs64", __PNR_statfs64 },
+++	{ "statx", 332 },
++ 	{ "stime", __PNR_stime },
++ 	{ "stty", __PNR_stty },
++ 	{ "subpage_prot", __PNR_subpage_prot },
++--
++2.17.1
++
 diff --git a/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch b/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch
 new file mode 100644
 index 0000000..47d66ec
 --- /dev/null
 +++ b/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-4.9.patch
@@ -0,0 +1,536 @@
++From d9102f12fd39bd77151a1f630fcfc8c80f86c55c Mon Sep 17 00:00:00 2001
++From: Justin Cormack <justin.cormack@docker.com>
++Date: Mon, 26 Dec 2016 17:59:12 +0000
++Subject: [PATCH] arch: update syscalls for Linux 4.9
++
++Add support for the following syscalls added in Linux v4.9:
++
++- preadv2 and pwritev2
++- pkey_mprotect, pkey_alloc, pkey_free
++
++Signed-off-by: Justin Cormack <justin.cormack@docker.com>
++[PM: update subject line, description, and some whitespace]
++Signed-off-by: Paul Moore <paul@paul-moore.com>
++
++Origin: upstream, https://github.com/seccomp/libseccomp/commit/d9102f12fd39bd77151a1f630fcfc8c80f86c55c
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1815415
++Last-Update: 2019-02-10
++
++---
++ include/seccomp.h.in          | 15 +++++++++++++++
++ src/arch-aarch64-syscalls.c   |  7 ++++++-
++ src/arch-arm-syscalls.c       |  7 ++++++-
++ src/arch-mips-syscalls.c      |  7 ++++++-
++ src/arch-mips64-syscalls.c    |  7 ++++++-
++ src/arch-mips64n32-syscalls.c |  7 ++++++-
++ src/arch-parisc-syscalls.c    |  7 ++++++-
++ src/arch-ppc-syscalls.c       |  7 ++++++-
++ src/arch-ppc64-syscalls.c     |  7 ++++++-
++ src/arch-s390-syscalls.c      |  7 ++++++-
++ src/arch-s390x-syscalls.c     |  7 ++++++-
++ src/arch-x32-syscalls.c       |  5 +++++
++ src/arch-x86-syscalls.c       |  7 ++++++-
++ src/arch-x86_64-syscalls.c    |  7 ++++++-
++ 14 files changed, 92 insertions(+), 12 deletions(-)
++
++diff --git a/include/seccomp.h.in b/include/seccomp.h.in
++index 5b9057f..5fc687c 100644
++--- a/include/seccomp.h.in
+++++ b/include/seccomp.h.in
++@@ -1609,6 +1609,21 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
++ #define __NR_userfaultfd	__PNR_userfaultfd
++ #endif /* __NR_userfaultfd */
++
+++#define __PNR_pkey_mprotect	-10201
+++#ifndef __NR_pkey_mprotect
+++#define __NR_pkey_mprotect	__PNR_pkey_mprotect
+++#endif /* __NR_pkey_mprotect */
+++
+++#define __PNR_pkey_alloc	-10202
+++#ifndef __NR_pkey_alloc
+++#define __NR_pkey_alloc	__PNR_pkey_alloc
+++#endif /* __NR_pkey_alloc */
+++
+++#define __PNR_pkey_free		-10203
+++#ifndef __NR_pkey_free
+++#define __NR_pkey_free		__PNR_pkey_free
+++#endif /* __NR_pkey_free */
+++
++ #ifdef __cplusplus
++ }
++ #endif
++diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
++index 357f290..6c04ad5 100644
++--- a/src/arch-aarch64-syscalls.c
+++++ b/src/arch-aarch64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-aarch64.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -254,11 +254,15 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "pipe", __PNR_pipe },
++ 	{ "pipe2", 59 },
++ 	{ "pivot_root", 41 },
+++	{ "pkey_alloc", __PNR_pkey_alloc },
+++	{ "pkey_free", __PNR_pkey_free },
+++	{ "pkey_mprotect", __PNR_pkey_mprotect },
++ 	{ "poll", __PNR_poll },
++ 	{ "ppoll", 73 },
++ 	{ "prctl", 167 },
++ 	{ "pread64", 67 },
++ 	{ "preadv", 69 },
+++	{ "preadv2", 392 },
++ 	{ "prlimit64", 261 },
++ 	{ "process_vm_readv", 270 },
++ 	{ "process_vm_writev", 271 },
++@@ -269,6 +273,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "putpmsg", __PNR_putpmsg },
++ 	{ "pwrite64", 68 },
++ 	{ "pwritev", 70 },
+++	{ "pwritev2", 393 },
++ 	{ "query_module", __PNR_query_module },
++ 	{ "quotactl", 60 },
++ 	{ "read", 63 },
++diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
++index d1349a1..e7e2d31 100644
++--- a/src/arch-arm-syscalls.c
+++++ b/src/arch-arm-syscalls.c
++@@ -37,7 +37,7 @@
++ #define __SCMP_NR_BASE			__SCMP_NR_OABI_SYSCALL_BASE
++ #endif
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	/* NOTE: arm_sync_file_range() and sync_file_range2() share values */
++ 	{ "_llseek", (__SCMP_NR_BASE + 140) },
++@@ -266,11 +266,15 @@ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	{ "pipe", (__SCMP_NR_BASE + 42) },
++ 	{ "pipe2", (__SCMP_NR_BASE + 359) },
++ 	{ "pivot_root", (__SCMP_NR_BASE + 218) },
+++	{ "pkey_alloc", (__SCMP_NR_BASE + 395) },
+++	{ "pkey_free", (__SCMP_NR_BASE + 396) },
+++	{ "pkey_mprotect", (__SCMP_NR_BASE + 394) },
++ 	{ "poll", (__SCMP_NR_BASE + 168) },
++ 	{ "ppoll", (__SCMP_NR_BASE + 336) },
++ 	{ "prctl", (__SCMP_NR_BASE + 172) },
++ 	{ "pread64", (__SCMP_NR_BASE + 180) },
++ 	{ "preadv", (__SCMP_NR_BASE + 361) },
+++	{ "preadv2", (__SCMP_NR_BASE + 392) },
++ 	{ "prlimit64", (__SCMP_NR_BASE + 369) },
++ 	{ "process_vm_readv", (__SCMP_NR_BASE + 376) },
++ 	{ "process_vm_writev", (__SCMP_NR_BASE + 377) },
++@@ -281,6 +285,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	{ "putpmsg", __PNR_putpmsg },
++ 	{ "pwrite64", (__SCMP_NR_BASE + 181) },
++ 	{ "pwritev", (__SCMP_NR_BASE + 362) },
+++	{ "pwritev2", (__SCMP_NR_BASE + 393) },
++ 	{ "query_module", __PNR_query_module },
++ 	{ "quotactl", (__SCMP_NR_BASE + 131) },
++ 	{ "read", (__SCMP_NR_BASE +  3) },
++diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
++index 2cd86cd..dada5a9 100644
++--- a/src/arch-mips-syscalls.c
+++++ b/src/arch-mips-syscalls.c
++@@ -30,7 +30,7 @@
++ /* O32 ABI */
++ #define __SCMP_NR_BASE		4000
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "_llseek", (__SCMP_NR_BASE + 140) },
++ 	{ "_newselect", (__SCMP_NR_BASE + 142) },
++@@ -258,11 +258,15 @@ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "pipe", (__SCMP_NR_BASE + 42) },
++ 	{ "pipe2", (__SCMP_NR_BASE + 328) },
++ 	{ "pivot_root", (__SCMP_NR_BASE + 216) },
+++	{ "pkey_alloc", (__SCMP_NR_BASE + 364) },
+++	{ "pkey_free", (__SCMP_NR_BASE + 365) },
+++	{ "pkey_mprotect", (__SCMP_NR_BASE + 363) },
++ 	{ "poll", (__SCMP_NR_BASE + 188) },
++ 	{ "ppoll", (__SCMP_NR_BASE + 302) },
++ 	{ "prctl", (__SCMP_NR_BASE + 192) },
++ 	{ "pread64", (__SCMP_NR_BASE + 200) },
++ 	{ "preadv", (__SCMP_NR_BASE + 330) },
+++	{ "preadv2", (__SCMP_NR_BASE + 361) },
++ 	{ "prlimit64", (__SCMP_NR_BASE + 338) },
++ 	{ "process_vm_readv", (__SCMP_NR_BASE + 345) },
++ 	{ "process_vm_writev", (__SCMP_NR_BASE + 346) },
++@@ -273,6 +277,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "putpmsg", (__SCMP_NR_BASE + 209) },
++ 	{ "pwrite64", (__SCMP_NR_BASE + 201) },
++ 	{ "pwritev", (__SCMP_NR_BASE + 331) },
+++	{ "pwritev2", (__SCMP_NR_BASE + 362) },
++ 	{ "query_module", (__SCMP_NR_BASE + 187) },
++ 	{ "quotactl", (__SCMP_NR_BASE + 131) },
++ 	{ "read", (__SCMP_NR_BASE + 3) },
++diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
++index 80db447..bbf8906 100644
++--- a/src/arch-mips64-syscalls.c
+++++ b/src/arch-mips64-syscalls.c
++@@ -30,7 +30,7 @@
++ /* 64 ABI */
++ #define __SCMP_NR_BASE	5000
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", (__SCMP_NR_BASE + 22) },
++@@ -258,11 +258,15 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "pipe", (__SCMP_NR_BASE + 21) },
++ 	{ "pipe2", (__SCMP_NR_BASE + 287) },
++ 	{ "pivot_root", (__SCMP_NR_BASE + 151) },
+++	{ "pkey_alloc", (__SCMP_NR_BASE + 324) },
+++	{ "pkey_free", (__SCMP_NR_BASE + 325) },
+++	{ "pkey_mprotect", (__SCMP_NR_BASE + 323) },
++ 	{ "poll", (__SCMP_NR_BASE + 7) },
++ 	{ "ppoll", (__SCMP_NR_BASE + 261) },
++ 	{ "prctl", (__SCMP_NR_BASE + 153) },
++ 	{ "pread64", (__SCMP_NR_BASE + 16) },
++ 	{ "preadv", (__SCMP_NR_BASE + 289) },
+++	{ "preadv2", (__SCMP_NR_BASE + 321) },
++ 	{ "prlimit64", (__SCMP_NR_BASE + 297) },
++ 	{ "process_vm_readv", (__SCMP_NR_BASE + 304) },
++ 	{ "process_vm_writev", (__SCMP_NR_BASE + 305) },
++@@ -273,6 +277,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "putpmsg", (__SCMP_NR_BASE + 175) },
++ 	{ "pwrite64", (__SCMP_NR_BASE + 17) },
++ 	{ "pwritev", (__SCMP_NR_BASE + 290) },
+++	{ "pwritev2", (__SCMP_NR_BASE + 322) },
++ 	{ "query_module", (__SCMP_NR_BASE + 171) },
++ 	{ "quotactl", (__SCMP_NR_BASE + 172) },
++ 	{ "read", (__SCMP_NR_BASE + 0) },
++diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
++index 5cf03d2..3484882 100644
++--- a/src/arch-mips64n32-syscalls.c
+++++ b/src/arch-mips64n32-syscalls.c
++@@ -30,7 +30,7 @@
++ /* N32 ABI */
++ #define __SCMP_NR_BASE	6000
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", (__SCMP_NR_BASE + 22) },
++@@ -258,11 +258,15 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "pipe", (__SCMP_NR_BASE + 21) },
++ 	{ "pipe2", (__SCMP_NR_BASE + 291) },
++ 	{ "pivot_root", (__SCMP_NR_BASE + 151) },
+++	{ "pkey_alloc", (__SCMP_NR_BASE + 328) },
+++	{ "pkey_free", (__SCMP_NR_BASE + 329) },
+++	{ "pkey_mprotect", (__SCMP_NR_BASE + 327) },
++ 	{ "poll", (__SCMP_NR_BASE + 7) },
++ 	{ "ppoll", (__SCMP_NR_BASE + 265) },
++ 	{ "prctl", (__SCMP_NR_BASE + 153) },
++ 	{ "pread64", (__SCMP_NR_BASE + 16) },
++ 	{ "preadv", (__SCMP_NR_BASE + 293) },
+++	{ "preadv2", (__SCMP_NR_BASE + 325) },
++ 	{ "prlimit64", (__SCMP_NR_BASE + 302) },
++ 	{ "process_vm_readv", (__SCMP_NR_BASE + 309) },
++ 	{ "process_vm_writev", (__SCMP_NR_BASE + 310) },
++@@ -273,6 +277,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "putpmsg", (__SCMP_NR_BASE + 175) },
++ 	{ "pwrite64", (__SCMP_NR_BASE + 17) },
++ 	{ "pwritev", (__SCMP_NR_BASE + 294) },
+++	{ "pwritev2", (__SCMP_NR_BASE + 326) },
++ 	{ "query_module", (__SCMP_NR_BASE + 171) },
++ 	{ "quotactl", (__SCMP_NR_BASE + 172) },
++ 	{ "read", (__SCMP_NR_BASE + 0) },
++diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c
++index ad50820..4690577 100644
++--- a/src/arch-parisc-syscalls.c
+++++ b/src/arch-parisc-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-parisc.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "_llseek",	140 },
++ 	{ "_newselect",	142 },
++@@ -238,11 +238,15 @@ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "pipe",	42 },
++ 	{ "pipe2",	313 },
++ 	{ "pivot_root",	67 },
+++	{ "pkey_alloc",	__PNR_pkey_alloc },
+++	{ "pkey_free",	__PNR_pkey_free },
+++	{ "pkey_mprotect",	__PNR_pkey_mprotect },
++ 	{ "poll",	168 },
++ 	{ "ppoll",	274 },
++ 	{ "prctl",	172 },
++ 	{ "pread64",	108 },
++ 	{ "preadv",	315 },
+++	{ "preadv2",	347 },
++ 	{ "prlimit64",	321 },
++ 	{ "process_vm_readv",	330 },
++ 	{ "process_vm_writev",	331 },
++@@ -253,6 +257,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "putpmsg",	197 },
++ 	{ "pwrite64",	109 },
++ 	{ "pwritev",	316 },
+++	{ "pwritev2",	348 },
++ 	{ "query_module",	167 },
++ 	{ "quotactl",	131 },
++ 	{ "read",	3 },
++diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
++index 2bd8a36..26b4ff1 100644
++--- a/src/arch-ppc-syscalls.c
+++++ b/src/arch-ppc-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -255,11 +255,15 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "pipe", 42 },
++ 	{ "pipe2", 317 },
++ 	{ "pivot_root", 203 },
+++	{ "pkey_alloc", __PNR_pkey_alloc },
+++	{ "pkey_free", __PNR_pkey_free },
+++	{ "pkey_mprotect", __PNR_pkey_mprotect },
++ 	{ "poll", 167 },
++ 	{ "ppoll", 281 },
++ 	{ "prctl", 171 },
++ 	{ "pread64", 179 },
++ 	{ "preadv", 320 },
+++	{ "preadv2", 380 },
++ 	{ "prlimit64", 325 },
++ 	{ "process_vm_readv", 351 },
++ 	{ "process_vm_writev", 352 },
++@@ -270,6 +274,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "putpmsg", 188 },
++ 	{ "pwrite64", 180 },
++ 	{ "pwritev", 321 },
+++	{ "pwritev2", 381 },
++ 	{ "query_module", 166 },
++ 	{ "quotactl", 131 },
++ 	{ "read", 3 },
++diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
++index 73621a1..3ebd086 100644
++--- a/src/arch-ppc64-syscalls.c
+++++ b/src/arch-ppc64-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc64.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -255,11 +255,15 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "pipe", 42 },
++ 	{ "pipe2", 317 },
++ 	{ "pivot_root", 203 },
+++	{ "pkey_alloc", __PNR_pkey_alloc },
+++	{ "pkey_free", __PNR_pkey_free },
+++	{ "pkey_mprotect", __PNR_pkey_mprotect },
++ 	{ "poll", 167 },
++ 	{ "ppoll", 281 },
++ 	{ "prctl", 171 },
++ 	{ "pread64", 179 },
++ 	{ "preadv", 320 },
+++	{ "preadv2", 380 },
++ 	{ "prlimit64", 325 },
++ 	{ "process_vm_readv", 351 },
++ 	{ "process_vm_writev", 352 },
++@@ -270,6 +274,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "putpmsg", 188 },
++ 	{ "pwrite64", 180 },
++ 	{ "pwritev", 321 },
+++	{ "pwritev2", 381 },
++ 	{ "query_module", 166 },
++ 	{ "quotactl", 131 },
++ 	{ "read", 3 },
++diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c
++index a04673a..84253a6 100644
++--- a/src/arch-s390-syscalls.c
+++++ b/src/arch-s390-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-s390.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -238,11 +238,15 @@ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "pipe", 42 },
++ 	{ "pipe2", 325 },
++ 	{ "pivot_root", 217 },
+++	{ "pkey_alloc", __PNR_pkey_alloc },
+++	{ "pkey_free", __PNR_pkey_free },
+++	{ "pkey_mprotect", __PNR_pkey_mprotect },
++ 	{ "poll", 168 },
++ 	{ "ppoll", 302 },
++ 	{ "prctl", 172 },
++ 	{ "pread64", 180 },
++ 	{ "preadv", 328 },
+++	{ "preadv2", 376 },
++ 	{ "prlimit64", 334 },
++ 	{ "process_vm_readv", 340 },
++ 	{ "process_vm_writev", 341 },
++@@ -253,6 +257,7 @@ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "putpmsg", 189 },
++ 	{ "pwrite64", 181 },
++ 	{ "pwritev", 329 },
+++	{ "pwritev2", 377 },
++ 	{ "query_module", 167 },
++ 	{ "quotactl", 131 },
++ 	{ "read", 3 },
++diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c
++index 9825c63..cc9763d 100644
++--- a/src/arch-s390x-syscalls.c
+++++ b/src/arch-s390x-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-s390x.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -238,11 +238,15 @@ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "pipe", 42 },
++ 	{ "pipe2", 325 },
++ 	{ "pivot_root", 217 },
+++	{ "pkey_alloc", __PNR_pkey_alloc },
+++	{ "pkey_free", __PNR_pkey_free },
+++	{ "pkey_mprotect", __PNR_pkey_mprotect },
++ 	{ "poll", 168 },
++ 	{ "ppoll", 302 },
++ 	{ "prctl", 172 },
++ 	{ "pread64", 180 },
++ 	{ "preadv", 328 },
+++	{ "preadv2", 376 },
++ 	{ "prlimit64", 334 },
++ 	{ "process_vm_readv", 340 },
++ 	{ "process_vm_writev", 341 },
++@@ -253,6 +257,7 @@ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "putpmsg", 189 },
++ 	{ "pwrite64", 181 },
++ 	{ "pwritev", 329 },
+++	{ "pwritev2", 377 },
++ 	{ "query_module", 167 },
++ 	{ "quotactl", 131 },
++ 	{ "read", 3 },
++diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
++index 80dd38b..5b9970b 100644
++--- a/src/arch-x32-syscalls.c
+++++ b/src/arch-x32-syscalls.c
++@@ -254,11 +254,15 @@ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "pipe", (X32_SYSCALL_BIT + 22) },
++ 	{ "pipe2", (X32_SYSCALL_BIT + 293) },
++ 	{ "pivot_root", (X32_SYSCALL_BIT + 155) },
+++	{ "pkey_alloc", (X32_SYSCALL_BIT + 330) },
+++	{ "pkey_free", (X32_SYSCALL_BIT + 331) },
+++	{ "pkey_mprotect", (X32_SYSCALL_BIT + 329) },
++ 	{ "poll", (X32_SYSCALL_BIT + 7) },
++ 	{ "ppoll", (X32_SYSCALL_BIT + 271) },
++ 	{ "prctl", (X32_SYSCALL_BIT + 157) },
++ 	{ "pread64", (X32_SYSCALL_BIT + 17) },
++ 	{ "preadv", (X32_SYSCALL_BIT + 534) },
+++	{ "preadv2", (X32_SYSCALL_BIT + 546) },
++ 	{ "prlimit64", (X32_SYSCALL_BIT + 302) },
++ 	{ "process_vm_readv", (X32_SYSCALL_BIT + 539) },
++ 	{ "process_vm_writev", (X32_SYSCALL_BIT + 540) },
++@@ -269,6 +273,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "putpmsg", (X32_SYSCALL_BIT + 182) },
++ 	{ "pwrite64", (X32_SYSCALL_BIT + 18) },
++ 	{ "pwritev", (X32_SYSCALL_BIT + 535) },
+++	{ "pwritev2", (X32_SYSCALL_BIT + 547) },
++ 	{ "query_module", __PNR_query_module },
++ 	{ "quotactl", (X32_SYSCALL_BIT + 179) },
++ 	{ "read", (X32_SYSCALL_BIT + 0) },
++diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
++index 58e0597..00684ac 100644
++--- a/src/arch-x86-syscalls.c
+++++ b/src/arch-x86-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x86.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -254,11 +254,15 @@ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "pipe", 42 },
++ 	{ "pipe2", 331 },
++ 	{ "pivot_root", 217 },
+++	{ "pkey_alloc", 381 },
+++	{ "pkey_free", 382 },
+++	{ "pkey_mprotect", 380 },
++ 	{ "poll", 168 },
++ 	{ "ppoll", 309 },
++ 	{ "prctl", 172 },
++ 	{ "pread64", 180 },
++ 	{ "preadv", 333 },
+++	{ "preadv2", 378 },
++ 	{ "prlimit64", 340 },
++ 	{ "process_vm_readv", 347 },
++ 	{ "process_vm_writev", 348 },
++@@ -269,6 +273,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "putpmsg", 189 },
++ 	{ "pwrite64", 181 },
++ 	{ "pwritev", 334 },
+++	{ "pwritev2", 379 },
++ 	{ "query_module", 167 },
++ 	{ "quotactl", 131 },
++ 	{ "read", 3 },
++diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
++index 2dd9818..655cf5f 100644
++--- a/src/arch-x86_64-syscalls.c
+++++ b/src/arch-x86_64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x86_64.h"
++
++-/* NOTE: based on Linux 4.5-rc4 */
+++/* NOTE: based on Linux 4.9 */
++ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -254,11 +254,15 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "pipe", 22 },
++ 	{ "pipe2", 293 },
++ 	{ "pivot_root", 155 },
+++	{ "pkey_alloc", 330 },
+++	{ "pkey_free", 331 },
+++	{ "pkey_mprotect", 329 },
++ 	{ "poll", 7 },
++ 	{ "ppoll", 271 },
++ 	{ "prctl", 157 },
++ 	{ "pread64", 17 },
++ 	{ "preadv", 295 },
+++	{ "preadv2", 327 },
++ 	{ "prlimit64", 302 },
++ 	{ "process_vm_readv", 310 },
++ 	{ "process_vm_writev", 311 },
++@@ -269,6 +273,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "putpmsg", 182 },
++ 	{ "pwrite64", 18 },
++ 	{ "pwritev", 296 },
+++	{ "pwritev2", 328 },
++ 	{ "query_module", 178 },
++ 	{ "quotactl", 179 },
++ 	{ "read", 0 },
++--
++2.17.1
++
 diff --git a/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch b/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch
 new file mode 100644
 index 0000000..a7382d2
 --- /dev/null
 +++ b/debian/patches/lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch
@@ -0,0 +1,499 @@
++From c842c2f6c203ad9da37ca60219172aa0be68d26a Mon Sep 17 00:00:00 2001
++From: Paul Moore <paul@paul-moore.com>
++Date: Wed, 10 Jan 2018 12:16:28 -0500
++Subject: [PATCH] arch: update the syscalls for Linux v4.15-rc7
++
++Signed-off-by: Paul Moore <paul@paul-moore.com>
++
++Origin: upstream, https://github.com/seccomp/libseccomp/commit/c842c2f6c203ad9da37ca60219172aa0be68d26a
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1815415
++Last-Update: 2019-02-10
++
++---
++ include/seccomp.h.in          | 19 +++++++++++++++++++
++ src/arch-aarch64-syscalls.c   |  5 ++++-
++ src/arch-arm-syscalls.c       |  5 ++++-
++ src/arch-mips-syscalls.c      |  5 ++++-
++ src/arch-mips64-syscalls.c    |  5 ++++-
++ src/arch-mips64n32-syscalls.c |  5 ++++-
++ src/arch-parisc-syscalls.c    |  5 ++++-
++ src/arch-ppc-syscalls.c       |  5 ++++-
++ src/arch-ppc64-syscalls.c     |  5 ++++-
++ src/arch-s390-syscalls.c      |  5 ++++-
++ src/arch-s390x-syscalls.c     |  5 ++++-
++ src/arch-x32-syscalls.c       |  5 ++++-
++ src/arch-x86-syscalls.c       |  7 +++++--
++ src/arch-x86_64-syscalls.c    |  5 ++++-
++ 14 files changed, 72 insertions(+), 14 deletions(-)
++
++diff --git a/include/seccomp.h.in b/include/seccomp.h.in
++index 56ae73e..2a789d6 100644
++--- a/include/seccomp.h.in
+++++ b/include/seccomp.h.in
++@@ -1662,6 +1662,25 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
++ #define __NR_pkey_free		__PNR_pkey_free
++ #endif /* __NR_pkey_free */
++
+++#define __PNR_get_tls		-10204
+++#ifndef __NR_get_tls
+++#ifdef __ARM_NR_get_tls
+++#define __NR_get_tls		__ARM_NR_get_tls
+++#else
+++#define __NR_get_tls		__PNR_get_tls
+++#endif
+++#endif /* __NR_get_tls */
+++
+++#define __PNR_s390_guarded_storage	-10205
+++#ifndef __NR_s390_guarded_storage
+++#define __NR_s390_guarded_storage	__PNR_s390_guarded_storage
+++#endif /* __NR_s390_guarded_storage */
+++
+++#define __PNR_s390_sthyi	-10206
+++#ifndef __NR_s390_sthyi
+++#define __NR_s390_sthyi		__PNR_s390_sthyi
+++#endif /* __NR_s390_sthyi */
+++
++ #ifdef __cplusplus
++ }
++ #endif
++diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
++index 157aedc..406df70 100644
++--- a/src/arch-aarch64-syscalls.c
+++++ b/src/arch-aarch64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-aarch64.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -122,6 +122,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "get_mempolicy", 236 },
++ 	{ "get_robust_list", 100 },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 168 },
++ 	{ "getcwd", 17 },
++ 	{ "getdents", __PNR_getdents },
++@@ -304,9 +305,11 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 137 },
++ 	{ "rt_tgsigqueueinfo", 240 },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", 125 },
++ 	{ "sched_get_priority_min", 126 },
++ 	{ "sched_getaffinity", 123 },
++diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
++index 43e2cc5..e3fdc55 100644
++--- a/src/arch-arm-syscalls.c
+++++ b/src/arch-arm-syscalls.c
++@@ -37,7 +37,7 @@
++ #define __SCMP_NR_BASE			__SCMP_NR_OABI_SYSCALL_BASE
++ #endif
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	/* NOTE: arm_sync_file_range() and sync_file_range2() share values */
++ 	{ "_llseek", (__SCMP_NR_BASE + 140) },
++@@ -134,6 +134,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	{ "get_mempolicy", (__SCMP_NR_BASE + 320) },
++ 	{ "get_robust_list", (__SCMP_NR_BASE + 339) },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", (__SCMP_NR_BASE + (__SCMP_ARM_NR_BASE + 6)) },
++ 	{ "getcpu", (__SCMP_NR_BASE + 345) },
++ 	{ "getcwd", (__SCMP_NR_BASE + 183) },
++ 	{ "getdents", (__SCMP_NR_BASE + 141) },
++@@ -316,9 +317,11 @@ const struct arch_syscall_def arm_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 177) },
++ 	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 363) },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", (__SCMP_NR_BASE + 159) },
++ 	{ "sched_get_priority_min", (__SCMP_NR_BASE + 160) },
++ 	{ "sched_getaffinity", (__SCMP_NR_BASE + 242) },
++diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
++index a5264c8..2dee53f 100644
++--- a/src/arch-mips-syscalls.c
+++++ b/src/arch-mips-syscalls.c
++@@ -30,7 +30,7 @@
++ /* O32 ABI */
++ #define __SCMP_NR_BASE		4000
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "_llseek", (__SCMP_NR_BASE + 140) },
++ 	{ "_newselect", (__SCMP_NR_BASE + 142) },
++@@ -126,6 +126,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "get_mempolicy", (__SCMP_NR_BASE + 269) },
++ 	{ "get_robust_list", (__SCMP_NR_BASE + 310) },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", (__SCMP_NR_BASE + 312) },
++ 	{ "getcwd", (__SCMP_NR_BASE + 203) },
++ 	{ "getdents", (__SCMP_NR_BASE + 141) },
++@@ -308,9 +309,11 @@ const struct arch_syscall_def mips_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 197) },
++ 	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 332) },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", (__SCMP_NR_BASE + 163) },
++ 	{ "sched_get_priority_min", (__SCMP_NR_BASE + 164) },
++ 	{ "sched_getaffinity", (__SCMP_NR_BASE + 240) },
++diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
++index bc16b1d..97c6874 100644
++--- a/src/arch-mips64-syscalls.c
+++++ b/src/arch-mips64-syscalls.c
++@@ -30,7 +30,7 @@
++ /* 64 ABI */
++ #define __SCMP_NR_BASE	5000
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", (__SCMP_NR_BASE + 22) },
++@@ -126,6 +126,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "get_mempolicy", (__SCMP_NR_BASE + 228) },
++ 	{ "get_robust_list", (__SCMP_NR_BASE + 269) },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", (__SCMP_NR_BASE + 271) },
++ 	{ "getcwd", (__SCMP_NR_BASE + 77) },
++ 	{ "getdents", (__SCMP_NR_BASE + 76) },
++@@ -308,9 +309,11 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 126) },
++ 	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 291) },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", (__SCMP_NR_BASE + 143) },
++ 	{ "sched_get_priority_min", (__SCMP_NR_BASE + 144) },
++ 	{ "sched_getaffinity", (__SCMP_NR_BASE + 196) },
++diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
++index fa89bc2..a22d643 100644
++--- a/src/arch-mips64n32-syscalls.c
+++++ b/src/arch-mips64n32-syscalls.c
++@@ -30,7 +30,7 @@
++ /* N32 ABI */
++ #define __SCMP_NR_BASE	6000
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", (__SCMP_NR_BASE + 22) },
++@@ -126,6 +126,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "get_mempolicy", (__SCMP_NR_BASE + 232) },
++ 	{ "get_robust_list", (__SCMP_NR_BASE + 273) },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", (__SCMP_NR_BASE + 275) },
++ 	{ "getcwd", (__SCMP_NR_BASE + 77) },
++ 	{ "getdents", (__SCMP_NR_BASE + 76) },
++@@ -308,9 +309,11 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", (__SCMP_NR_BASE + 126) },
++ 	{ "rt_tgsigqueueinfo", (__SCMP_NR_BASE + 295) },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", (__SCMP_NR_BASE + 143) },
++ 	{ "sched_get_priority_min", (__SCMP_NR_BASE + 144) },
++ 	{ "sched_getaffinity", (__SCMP_NR_BASE + 196) },
++diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c
++index 7e9d9ab..e84b533 100644
++--- a/src/arch-parisc-syscalls.c
+++++ b/src/arch-parisc-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-parisc.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "_llseek",	140 },
++ 	{ "_newselect",	142 },
++@@ -106,6 +106,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "get_mempolicy",	261 },
++ 	{ "get_robust_list",	290 },
++ 	{ "get_thread_area",	214 },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu",	296 },
++ 	{ "getcwd",	110 },
++ 	{ "getdents",	141 },
++@@ -288,9 +289,11 @@ const struct arch_syscall_def parisc_syscall_table[] = { \
++ 	{ "rt_sigtimedwait",	177 },
++ 	{ "rt_tgsigqueueinfo",	317 },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max",	159 },
++ 	{ "sched_get_priority_min",	160 },
++ 	{ "sched_getaffinity",	212 },
++diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
++index fe0cdfb..7ff7fca 100644
++--- a/src/arch-ppc-syscalls.c
+++++ b/src/arch-ppc-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -123,6 +123,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "get_mempolicy", 260 },
++ 	{ "get_robust_list", 299 },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 302 },
++ 	{ "getcwd", 182 },
++ 	{ "getdents", 141 },
++@@ -305,9 +306,11 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 176 },
++ 	{ "rt_tgsigqueueinfo", 322 },
++ 	{ "rtas", 255 },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", 159 },
++ 	{ "sched_get_priority_min", 160 },
++ 	{ "sched_getaffinity", 223 },
++diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
++index dc09610..ee094bc 100644
++--- a/src/arch-ppc64-syscalls.c
+++++ b/src/arch-ppc64-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc64.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -123,6 +123,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "get_mempolicy", 260 },
++ 	{ "get_robust_list", 299 },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 302 },
++ 	{ "getcwd", 182 },
++ 	{ "getdents", 141 },
++@@ -305,9 +306,11 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 176 },
++ 	{ "rt_tgsigqueueinfo", 322 },
++ 	{ "rtas", 255 },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", 159 },
++ 	{ "sched_get_priority_min", 160 },
++ 	{ "sched_getaffinity", 223 },
++diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c
++index 8a6cecc..6024eaf 100644
++--- a/src/arch-s390-syscalls.c
+++++ b/src/arch-s390-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-s390.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -106,6 +106,7 @@ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "get_mempolicy", 269 },
++ 	{ "get_robust_list", 305 },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 311 },
++ 	{ "getcwd", 183 },
++ 	{ "getdents", 141 },
++@@ -288,9 +289,11 @@ const struct arch_syscall_def s390_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 177 },
++ 	{ "rt_tgsigqueueinfo", 330 },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", 378 },
++ 	{ "s390_pci_mmio_read", 353 },
++ 	{ "s390_pci_mmio_write", 352 },
++ 	{ "s390_runtime_instr", 342 },
+++	{ "s390_sthyi", 380 },
++ 	{ "sched_get_priority_max", 159 },
++ 	{ "sched_get_priority_min", 160 },
++ 	{ "sched_getaffinity", 240 },
++diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c
++index 728dfc4..74d1e57 100644
++--- a/src/arch-s390x-syscalls.c
+++++ b/src/arch-s390x-syscalls.c
++@@ -10,7 +10,7 @@
++ #include "arch.h"
++ #include "arch-s390x.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -106,6 +106,7 @@ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "get_mempolicy", 269 },
++ 	{ "get_robust_list", 305 },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 311 },
++ 	{ "getcwd", 183 },
++ 	{ "getdents", 141 },
++@@ -288,9 +289,11 @@ const struct arch_syscall_def s390x_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 177 },
++ 	{ "rt_tgsigqueueinfo", 330 },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", 378 },
++ 	{ "s390_pci_mmio_read", 353 },
++ 	{ "s390_pci_mmio_write", 352 },
++ 	{ "s390_runtime_instr", 342 },
+++	{ "s390_sthyi", 380 },
++ 	{ "sched_get_priority_max", 159 },
++ 	{ "sched_get_priority_min", 160 },
++ 	{ "sched_getaffinity", 240 },
++diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
++index bb3e077..8a6cd64 100644
++--- a/src/arch-x32-syscalls.c
+++++ b/src/arch-x32-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x32.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -122,6 +122,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "get_mempolicy", (X32_SYSCALL_BIT + 239) },
++ 	{ "get_robust_list", (X32_SYSCALL_BIT + 531) },
++ 	{ "get_thread_area", __PNR_get_thread_area },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", (X32_SYSCALL_BIT + 309) },
++ 	{ "getcwd", (X32_SYSCALL_BIT + 79) },
++ 	{ "getdents", (X32_SYSCALL_BIT + 78) },
++@@ -304,9 +305,11 @@ const struct arch_syscall_def x32_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
++ 	{ "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
++ 	{ "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
++ 	{ "sched_getaffinity", (X32_SYSCALL_BIT + 204) },
++diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
++index 81a52a3..abce705 100644
++--- a/src/arch-x86-syscalls.c
+++++ b/src/arch-x86-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x86.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -41,7 +41,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "alarm", 27 },
++ 	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
++ 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
++-	{ "arch_prctl", __PNR_arch_prctl },
+++	{ "arch_prctl", 384 },
++ 	{ "bdflush", 134 },
++ 	{ "bind", 361 },
++ 	{ "bpf", 357 },
++@@ -122,6 +122,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "get_mempolicy", 275 },
++ 	{ "get_robust_list", 312 },
++ 	{ "get_thread_area", 244 },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 318 },
++ 	{ "getcwd", 183 },
++ 	{ "getdents", 141 },
++@@ -304,9 +305,11 @@ const struct arch_syscall_def x86_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 177 },
++ 	{ "rt_tgsigqueueinfo", 335 },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", 159 },
++ 	{ "sched_get_priority_min", 160 },
++ 	{ "sched_getaffinity", 242 },
++diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
++index 1da2530..203dafa 100644
++--- a/src/arch-x86_64-syscalls.c
+++++ b/src/arch-x86_64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-x86_64.h"
++
++-/* NOTE: based on Linux 4.14 */
+++/* NOTE: based on Linux 4.15-rc7 */
++ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -122,6 +122,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "get_mempolicy", 239 },
++ 	{ "get_robust_list", 274 },
++ 	{ "get_thread_area", 211 },
+++	{ "get_tls", __PNR_get_tls },
++ 	{ "getcpu", 309 },
++ 	{ "getcwd", 79 },
++ 	{ "getdents", 78 },
++@@ -304,9 +305,11 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
++ 	{ "rt_sigtimedwait", 128 },
++ 	{ "rt_tgsigqueueinfo", 297 },
++ 	{ "rtas", __PNR_rtas },
+++	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
++ 	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ 	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ 	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+++	{ "s390_sthyi", __PNR_s390_sthyi },
++ 	{ "sched_get_priority_max", 146 },
++ 	{ "sched_get_priority_min", 147 },
++ 	{ "sched_getaffinity", 204 },
++--
++2.17.1
++
 diff --git a/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch b/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch
 new file mode 100644
 index 0000000..3ff3089
 --- /dev/null
 +++ b/debian/patches/lp-1815415-update-the-syscall-tables-to-4.10.patch
@@ -0,0 +1,106 @@
++From 116b3c1a2e1db53cc35b74f30c080f5265faa674 Mon Sep 17 00:00:00 2001
++From: Paul Moore <paul@paul-moore.com>
++Date: Thu, 2 Feb 2017 18:30:44 -0500
++Subject: [PATCH] arch: update the syscall tables to 4.10-rc6+
++
++Signed-off-by: Paul Moore <paul@paul-moore.com>
++
++Origin: upstream, https://github.com/seccomp/libseccomp/commit/116b3c1a2e1db53cc35b74f30c080f5265faa674
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1815415
++Last-Update: 2019-02-10
++
++---
++ src/arch-aarch64-syscalls.c | 12 ++++++------
++ src/arch-ppc-syscalls.c     |  4 ++--
++ src/arch-ppc64-syscalls.c   |  4 ++--
++ 3 files changed, 10 insertions(+), 10 deletions(-)
++
++diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
++index 84f5d60..d907182 100644
++--- a/src/arch-aarch64-syscalls.c
+++++ b/src/arch-aarch64-syscalls.c
++@@ -26,7 +26,7 @@
++ #include "arch.h"
++ #include "arch-aarch64.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.10-rc6+ */
++ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "_llseek", __PNR__llseek },
++ 	{ "_newselect", __PNR__newselect },
++@@ -254,15 +254,15 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "pipe", __PNR_pipe },
++ 	{ "pipe2", 59 },
++ 	{ "pivot_root", 41 },
++-	{ "pkey_alloc", __PNR_pkey_alloc },
++-	{ "pkey_free", __PNR_pkey_free },
++-	{ "pkey_mprotect", __PNR_pkey_mprotect },
+++	{ "pkey_alloc", 289 },
+++	{ "pkey_free", 290 },
+++	{ "pkey_mprotect", 288 },
++ 	{ "poll", __PNR_poll },
++ 	{ "ppoll", 73 },
++ 	{ "prctl", 167 },
++ 	{ "pread64", 67 },
++ 	{ "preadv", 69 },
++-	{ "preadv2", 392 },
+++	{ "preadv2", 286 },
++ 	{ "prlimit64", 261 },
++ 	{ "process_vm_readv", 270 },
++ 	{ "process_vm_writev", 271 },
++@@ -273,7 +273,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
++ 	{ "putpmsg", __PNR_putpmsg },
++ 	{ "pwrite64", 68 },
++ 	{ "pwritev", 70 },
++-	{ "pwritev2", 393 },
+++	{ "pwritev2", 287 },
++ 	{ "query_module", __PNR_query_module },
++ 	{ "quotactl", 60 },
++ 	{ "read", 63 },
++diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
++index 85570bd..c117da9 100644
++--- a/src/arch-ppc-syscalls.c
+++++ b/src/arch-ppc-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.10-rc6+ */
++ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -177,7 +177,7 @@ const struct arch_syscall_def ppc_syscall_table[] = { \
++ 	{ "ioprio_set", 273 },
++ 	{ "ipc", 117 },
++ 	{ "kcmp", 354 },
++-	{ "kexec_file_load", __PNR_kexec_file_load },
+++	{ "kexec_file_load", 382 },
++ 	{ "kexec_load", 268 },
++ 	{ "keyctl", 271 },
++ 	{ "kill", 37 },
++diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
++index 47cb56c..bbd5876 100644
++--- a/src/arch-ppc64-syscalls.c
+++++ b/src/arch-ppc64-syscalls.c
++@@ -27,7 +27,7 @@
++ #include "arch.h"
++ #include "arch-ppc64.h"
++
++-/* NOTE: based on Linux 4.9 */
+++/* NOTE: based on Linux 4.10-rc6+ */
++ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "_llseek", 140 },
++ 	{ "_newselect", 142 },
++@@ -177,7 +177,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
++ 	{ "ioprio_set", 273 },
++ 	{ "ipc", 117 },
++ 	{ "kcmp", 354 },
++-	{ "kexec_file_load", __PNR_kexec_file_load },
+++	{ "kexec_file_load", 382 },
++ 	{ "kexec_load", 268 },
++ 	{ "keyctl", 271 },
++ 	{ "kill", 37 },
++--
++2.17.1
++
 diff --git a/debian/patches/series b/debian/patches/series
 index b67edab..2458a01 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -1,2 +1,6 @@
 -parisc_support.patch
  add-log-action.patch
++lp-1815415-arch-update-syscalls-for-Linux-4.9.patch
++lp-1815415-update-the-syscall-tables-to-4.10.patch
++lp-1755250-add-the-statx-syscall.patch
++lp-1815415-arch-update-syscalls-for-Linux-v4.15.patch

Ubuntulibseccomp package

Merge ~paelzer/ubuntu/+source/libseccomp:lp-1755250-add-statx into ubuntu/+source/libseccomp:ubuntu/bionic-devel

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
libseccomp package