diff options
author | Paul Moore <paul@paul-moore.com> | 2020-05-30 17:15:28 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-06-01 14:31:10 -0400 |
commit | 88afa50ff7c97876aa4fd1b450c728aa8eef4605 (patch) | |
tree | bba0a0e489c317c4eaef974178a9b1f30aff4af2 | |
parent | 1d31464c050b54e195d45d0c008995e52af1a46a (diff) | |
download | libseccomp-88afa50ff7c97876aa4fd1b450c728aa8eef4605.tar.gz |
api: force an API level update when necessary
We can't always rely on callers calling seccomp_api_get() before
using any API level gated functionality so let's force an API level
update in a few key places.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | src/api.c | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -192,6 +192,9 @@ API int seccomp_api_set(unsigned int level) /* NOTE - function header comment in include/seccomp.h */ API scmp_filter_ctx seccomp_init(uint32_t def_action) { + /* force a runtime api level detection */ + _seccomp_api_update(); + if (db_col_action_valid(NULL, def_action) < 0) return NULL; @@ -531,6 +534,9 @@ API int seccomp_rule_add_exact(scmp_filter_ctx ctx, API int seccomp_notify_alloc(struct seccomp_notif **req, struct seccomp_notif_resp **resp) { + /* force a runtime api level detection */ + _seccomp_api_update(); + return sys_notify_alloc(req, resp); } @@ -559,6 +565,9 @@ API int seccomp_notify_respond(int fd, struct seccomp_notif_resp *resp) /* NOTE - function header comment in include/seccomp.h */ API int seccomp_notify_id_valid(int fd, uint64_t id) { + /* force a runtime api level detection */ + _seccomp_api_update(); + return sys_notify_id_valid(fd, id); } @@ -567,6 +576,9 @@ API int seccomp_notify_fd(const scmp_filter_ctx ctx) { struct db_filter_col *col; + /* force a runtime api level detection */ + _seccomp_api_update(); + if (_ctx_valid(ctx)) return -EINVAL; col = (struct db_filter_col *)ctx; |