From 53606495188a5cc16ea67e3b65561127a98925b3 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Sat, 29 Jul 2017 19:53:27 +0300
Subject: Memory-deny-write-execute feature

Feature to block attempts to create writable and executable memory.
---
 src/fseccomp/fseccomp.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/fseccomp/fseccomp.h')

diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index 1e4881e9c..157b71011 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -48,6 +48,7 @@ void seccomp_secondary_64(const char *fname);
 void seccomp_secondary_32(const char *fname);
 
 // seccomp_file.c
+void write_to_file(int fd, const void *data, int size);
 void filter_init(int fd);
 void filter_add_whitelist(int fd, int syscall, int arg);
 void filter_add_blacklist(int fd, int syscall, int arg);
@@ -64,6 +65,8 @@ void seccomp_drop(const char *fname, char *list, int allow_debuggers);
 void seccomp_default_drop(const char *fname, char *list, int allow_debuggers);
 // whitelisted filter
 void seccomp_keep(const char *fname, char *list);
+// block writable and executable memory
+void memory_deny_write_execute(const char *fname);
 
 // seccomp_print
 void filter_print(const char *fname);
-- 
cgit v1.2.3-70-g09d2