aboutsummaryrefslogtreecommitdiffstats
path: root/src/include/seccomp.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/seccomp.h')
-rw-r--r--src/include/seccomp.h9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index 80a83df34..50920ce3a 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -243,7 +243,7 @@ struct seccomp_data {
243#define HANDLE_X32_KILL \ 243#define HANDLE_X32_KILL \
244 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \ 244 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), \
245 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \ 245 BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), \
246 KILL_PROCESS 246 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
247#endif 247#endif
248 248
249#define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ 249#define EXAMINE_SYSCALL BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
@@ -258,7 +258,7 @@ struct seccomp_data {
258 258
259#define BLACKLIST(syscall_nr) \ 259#define BLACKLIST(syscall_nr) \
260 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, syscall_nr, 0, 1), \ 260 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, syscall_nr, 0, 1), \
261 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) 261 KILL_OR_RETURN_ERRNO
262 262
263#define WHITELIST(syscall_nr) \ 263#define WHITELIST(syscall_nr) \
264 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, syscall_nr, 0, 1), \ 264 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, syscall_nr, 0, 1), \
@@ -274,7 +274,8 @@ struct seccomp_data {
274#define RETURN_ERRNO(nr) \ 274#define RETURN_ERRNO(nr) \
275 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO | nr) 275 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO | nr)
276 276
277#define KILL_PROCESS \ 277extern int arg_seccomp_error_action; // error action: errno or kill
278 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) 278#define KILL_OR_RETURN_ERRNO \
279 BPF_STMT(BPF_RET+BPF_K, arg_seccomp_error_action)
279 280
280#endif 281#endif
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-17 19:28:54 +0000