aboutsummaryrefslogtreecommitdiffstats
path: root/src/include/seccomp.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/seccomp.h')
-rw-r--r--src/include/seccomp.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index b1a19a9b6..2f2b2384d 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -105,6 +105,11 @@ struct seccomp_data {
105 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ 105 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
106 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) 106 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
107 107
108#define VALIDATE_ARCHITECTURE_KILL \
109 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
110 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
111 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
112
108#define VALIDATE_ARCHITECTURE_64 \ 113#define VALIDATE_ARCHITECTURE_64 \
109 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ 114 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
110 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 1, 0), \ 115 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 1, 0), \
@@ -122,6 +127,10 @@ struct seccomp_data {
122 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \ 127 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \
123 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \ 128 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \
124 RETURN_ERRNO(EPERM) 129 RETURN_ERRNO(EPERM)
130#define HANDLE_X32_KILL \
131 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \
132 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \
133 KILL_PROCESS
125#endif 134#endif
126 135
127#define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ 136#define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 12:04:04 +0000