diff options
Diffstat (limited to 'src/fseccomp/seccomp_print.c')
-rw-r--r-- | src/fseccomp/seccomp_print.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index 19fe7a545..7af95d51c 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
@@ -113,6 +113,25 @@ static int detect_filter_type(void) { | |||
113 | printf(" EXAMINE_SYSCALL\n"); | 113 | printf(" EXAMINE_SYSCALL\n"); |
114 | return sizeof(start_secondary_32) / sizeof(struct sock_filter); | 114 | return sizeof(start_secondary_32) / sizeof(struct sock_filter); |
115 | } | 115 | } |
116 | |||
117 | const struct sock_filter start_secondary_block[] = { | ||
118 | VALIDATE_ARCHITECTURE_KILL, | ||
119 | #if defined(__x86_64__) | ||
120 | EXAMINE_SYSCALL, | ||
121 | HANDLE_X32_KILL, | ||
122 | #else | ||
123 | EXAMINE_SYSCALL | ||
124 | #endif | ||
125 | }; | ||
126 | |||
127 | if (memcmp(&start_secondary_block[0], filter, sizeof(start_secondary_block)) == 0) { | ||
128 | printf(" VALIDATE_ARCHITECTURE_KILL\n"); | ||
129 | printf(" EXAMINE_SYSCALL\n"); | ||
130 | #if defined(__x86_64__) | ||
131 | printf(" HANDLE_X32_KILL\n"); | ||
132 | #endif | ||
133 | return sizeof(start_secondary_block) / sizeof(struct sock_filter); | ||
134 | } | ||
116 | 135 | ||
117 | return 0; // filter unrecognized | 136 | return 0; // filter unrecognized |
118 | } | 137 | } |