diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2017-07-28 13:50:10 +0300 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2017-07-28 14:06:30 +0300 |
| commit | 9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0 (patch) | |
| tree | b060bcf0ef7da262225c2cdf3812b58e6005ecf9 /src/include/seccomp.h | |
| parent | network testing (diff) | |
| download | firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.tar.gz firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.tar.zst firejail-9a3344f9a569de5a2b619ff9ebc01cbd195ee1d0.zip | |
Improve seccomp printing
Diffstat (limited to 'src/include/seccomp.h')
| -rw-r--r-- | src/include/seccomp.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/include/seccomp.h b/src/include/seccomp.h index ced1ed2e3..b1a19a9b6 100644 --- a/src/include/seccomp.h +++ b/src/include/seccomp.h | |||
| @@ -115,6 +115,15 @@ struct seccomp_data { | |||
| 115 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \ | 115 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \ |
| 116 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 116 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
| 117 | 117 | ||
| 118 | #if defined(__x86_64__) | ||
| 119 | // handle X32 ABI | ||
| 120 | #define X32_SYSCALL_BIT 0x40000000 | ||
| 121 | #define HANDLE_X32 \ | ||
| 122 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \ | ||
| 123 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \ | ||
| 124 | RETURN_ERRNO(EPERM) | ||
| 125 | #endif | ||
| 126 | |||
| 118 | #define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ | 127 | #define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ |
| 119 | (offsetof(struct seccomp_data, nr))) | 128 | (offsetof(struct seccomp_data, nr))) |
| 120 | 129 | ||