seccomp · glaubitz · Aug 24, 2025 · Aug 24, 2025 · drakenclimber · Sep 10, 2025
diff --git a/README.md b/README.md
@@ -48,6 +48,8 @@ The libseccomp library currently supports the architectures listed below:
 * 64-bit PowerPC little endian (ppc64le)
 * 32-bit s390 (s390)
 * 64-bit s390x (s390x)
+* 32-bit SPARC (sparc)
+* 64-bit SPARC (sparc64)
 * 64-bit RISC-V (riscv64)
 * 32-bit SuperH big endian (sheb)
 * 32-bit SuperH (sh)

diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1
@@ -36,7 +36,8 @@ The architecture to use for resolving the system call.  Valid
 .I ARCH
 values are "x86", "x86_64", "x32", "arm", "aarch64", "loongarch64", "m68k",
 "mips", "mipsel", "mips64", "mipsel64", "mips64n32", "mipsel64n32", "parisc",
-"parisc64", "ppc", "ppc64", "ppc64le", "s390", "s390x", "sheb" and "sh".
+"parisc64", "ppc", "ppc64", "ppc64le", "s390", "s390x", "sparc", "sparc64",
+"sheb" and "sh".
 .TP
 .B \-t
 If necessary, translate the system call name to the proper system call number,

diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
@@ -283,6 +283,18 @@
 #define __PNR_getpagesize			-10249
 #define __PNR_riscv_hwprobe			-10250
 #define __PNR_uretprobe				-10251
+#define __PNR_execv				-10252
+#define __PNR_getdomainname			-10253
+#define __PNR_getresgid				-10254
+#define __PNR_getresuid				-10255
+#define __PNR_kern_features			-10256
+#define __PNR_memory_ordering			-10257
+#define __PNR_perfctr				-10258
+#define __PNR_sched_get_affinity		-10259
+#define __PNR_sched_set_affinity		-10260
+#define __PNR_setresgid				-10261
+#define __PNR_setresuid				-10262
+#define __PNR_utrap_install			-10263
 
 /*
  * libseccomp syscall definitions
@@ -580,6 +592,8 @@
 
 #define __SNR_eventfd2			__NR_eventfd2
 
+#define __SNR_execv			__NR_execv
+
 #define __SNR_execve			__NR_execve
 
 #define __SNR_execveat			__NR_execveat
@@ -648,6 +662,10 @@
 
 #define __SNR_fgetxattr			__NR_fgetxattr
 
+#define __SNR_file_getattr		__NR_file_getattr
+
+#define __SNR_file_setattr		__NR_file_setattr
+
 #define __SNR_finit_module		__NR_finit_module
 
 #define __SNR_flistxattr		__NR_flistxattr
@@ -802,6 +820,8 @@
 
 #define __SNR_getdents64		__NR_getdents64
 
+#define __SNR_getdomainname		__NR_getdomainname
+
 #ifdef __NR_getegid
 #define __SNR_getegid			__NR_getegid
 #else
@@ -1036,6 +1056,8 @@
 
 #define __SNR_kcmp			__NR_kcmp
 
+#define __SNR_kern_features		__NR_kern_features
+
 #ifdef __NR_kexec_file_load
 #define __SNR_kexec_file_load		__NR_kexec_file_load
 #else
@@ -1152,6 +1174,8 @@
 #define __SNR_memfd_secret		__PNR_memfd_secret
 #endif
 
+#define __SNR_memory_ordering		__NR_memory_ordering
+
 #ifdef __NR_migrate_pages
 #define __SNR_migrate_pages		__NR_migrate_pages
 #else
@@ -1356,6 +1380,8 @@
 #define __SNR_open_tree			__PNR_open_tree
 #endif
 
+#define __SNR_open_tree_attr		__PNR_open_tree_attr
+
 #define __SNR_openat			__NR_openat
 
 #define __SNR_openat2			__NR_openat2
@@ -1386,6 +1412,8 @@
 
 #define __SNR_perf_event_open		__NR_perf_event_open
 
+#define __SNR_perfctr			__PNR_perfctr
+
 #define __SNR_personality		__NR_personality
 
 #define __SNR_pidfd_getfd		__NR_pidfd_getfd
@@ -1672,6 +1700,8 @@
 #define __SNR_s390_sthyi		__PNR_s390_sthyi
 #endif
 
+#define __SNR_sched_get_affinity	__NR_sched_get_affinity
+
 #define __SNR_sched_get_priority_max	__NR_sched_get_priority_max
 
 #define __SNR_sched_get_priority_min	__NR_sched_get_priority_min
@@ -1692,6 +1722,8 @@
 #define __SNR_sched_rr_get_interval_time64	__PNR_sched_rr_get_interval_time64
 #endif
 
+#define __SNR_sched_set_affinity	__NR_sched_set_affinity
+
 #define __SNR_sched_setaffinity		__NR_sched_setaffinity
 
 #define __SNR_sched_setattr		__NR_sched_setattr
@@ -2368,6 +2400,8 @@
 #define __SNR_utimes			__PNR_utimes
 #endif
 
+#define __SNR_utrap_install		__PNR_utrap_install
+
 #ifdef __NR_vfork
 #define __SNR_vfork			__NR_vfork
 #else

diff --git a/include/seccomp.h.in b/include/seccomp.h.in
@@ -241,6 +241,12 @@ struct scmp_arg_cmp {
 #define SCMP_ARCH_SHEB		AUDIT_ARCH_SH
 #define SCMP_ARCH_SH		AUDIT_ARCH_SHEL /* Little-endian SH is more common than big */
 
+/**
+ * The SPARC architecture tokens
+ */
+#define SCMP_ARCH_SPARC		AUDIT_ARCH_SPARC
+#define SCMP_ARCH_SPARC64	AUDIT_ARCH_SPARC64
+
 /**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -45,6 +45,8 @@ SOURCES_ALL = \
 	arch-s390.h arch-s390.c \
 	arch-s390x.h arch-s390x.c \
 	arch-sh.h arch-sh.c \
+	arch-sparc.h arch-sparc.c \
+	arch-sparc64.h arch-sparc64.c \
 	syscalls.h syscalls.c syscalls.perf.c
 
 EXTRA_DIST = \

diff --git a/src/arch-sparc.c b/src/arch-sparc.c
@@ -0,0 +1,58 @@
+/**
+ * Enhanced Seccomp sparc Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ *               2025 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *         John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ *
+ * Derived from the PPC-specific code
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <linux/audit.h>
+
+#include "db.h"
+#include "syscalls.h"
+#include "arch.h"
+#include "arch-sparc.h"
+
+/* sparc syscall numbers */
+#define __sparc_NR_socketcall		206
+#define __sparc_NR_ipc			215
+
+ARCH_DEF(sparc)
+
+const struct arch_def arch_def_sparc = {
+	.token = SCMP_ARCH_SPARC,
+	.token_bpf = AUDIT_ARCH_SPARC,
+	.size = ARCH_SIZE_32,
+	.endian = ARCH_ENDIAN_BIG,
+	.sys_socketcall = __sparc_NR_socketcall,
+	.sys_ipc = __sparc_NR_ipc,
+	.syscall_resolve_name = abi_syscall_resolve_name_munge,
+	.syscall_resolve_name_raw = sparc_syscall_resolve_name,
+	.syscall_resolve_num = abi_syscall_resolve_num_munge,
+	.syscall_resolve_num_raw = sparc_syscall_resolve_num,
+	.syscall_rewrite = abi_syscall_rewrite,
+	.rule_add = abi_rule_add,
+	.syscall_name_kver = sparc_syscall_name_kver,
+	.syscall_num_kver = sparc_syscall_num_kver,
+};
diff --git a/src/arch-sparc.h b/src/arch-sparc.h
@@ -0,0 +1,38 @@
+/**
+ * Enhanced Seccomp sparc Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ *               2025 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *         John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ *
+ * Derived from the PPC-specific code
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_SPARC_H
+#define _ARCH_SPARC_H
+
+#include "arch.h"
+
+#ifdef sparc
+#undef sparc
+#endif
+
+ARCH_DECL(sparc)
+
+#endif
diff --git a/src/arch-sparc64.c b/src/arch-sparc64.c
@@ -0,0 +1,58 @@
+/**
+ * Enhanced Seccomp sparc64 Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ *               2025 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *         John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ *
+ * Derived from the PPC-specific code
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <linux/audit.h>
+
+#include "db.h"
+#include "syscalls.h"
+#include "arch.h"
+#include "arch-sparc64.h"
+
+/* sparc64 syscall numbers */
+#define __sparc64_NR_socketcall		206
+#define __sparc64_NR_ipc		215
+
+ARCH_DEF(sparc64)
+
+const struct arch_def arch_def_sparc64 = {
+	.token = SCMP_ARCH_SPARC64,
+	.token_bpf = AUDIT_ARCH_SPARC64,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_BIG,
+	.sys_socketcall = __sparc64_NR_socketcall,
+	.sys_ipc = __sparc64_NR_ipc,
+	.syscall_resolve_name = abi_syscall_resolve_name_munge,
+	.syscall_resolve_name_raw = sparc64_syscall_resolve_name,
+	.syscall_resolve_num = abi_syscall_resolve_num_munge,
+	.syscall_resolve_num_raw = sparc64_syscall_resolve_num,
+	.syscall_rewrite = abi_syscall_rewrite,
+	.rule_add = abi_rule_add,
+	.syscall_name_kver = sparc64_syscall_name_kver,
+	.syscall_num_kver = sparc64_syscall_num_kver,
+};
diff --git a/src/arch-sparc64.h b/src/arch-sparc64.h
@@ -0,0 +1,34 @@
+/**
+ * Enhanced Seccomp sparc64 Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ *               2025 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *         John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ *
+ * Derived from the PPC-specific code
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_SPARC64_H
+#define _ARCH_SPARC64_H
+
+#include "arch.h"
+
+ARCH_DECL(sparc64)
+
+#endif
diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
@@ -48,6 +48,8 @@
 #include "arch-s390.h"
 #include "arch-s390x.h"
 #include "arch-sh.h"
+#include "arch-sparc.h"
+#include "arch-sparc64.h"
 
 /**
  * Print the usage information to stderr and exit
@@ -153,6 +155,12 @@ int main(int argc, char *argv[])
 		case SCMP_ARCH_SHEB:
 			sys = sh_syscall_iterate(iter);
 			break;
+		case SCMP_ARCH_SPARC:
+			sys = sparc_syscall_iterate(iter);
+			break;
+		case SCMP_ARCH_SPARC64:
+			sys = sparc64_syscall_iterate(iter);
+			break;
 		default:
 			/* invalid arch */
 			exit_usage(argv[0]);