diff options
| author | Paul Moore <pmoore@redhat.com> | 2012-04-26 07:47:14 -0400 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2012-04-26 07:56:28 -0400 |
| commit | 340c43352dc0dc2e48acc2cb08cb4e5d4da995ea (patch) | |
| tree | a1359a2585f85f7222cfda9116de0c2fd1ff27bc | |
| parent | 47938254136bed475ce95c155a04bcca84218b45 (diff) | |
| download | libseccomp-340c43352dc0dc2e48acc2cb08cb4e5d4da995ea.tar.gz | |
api: rename the seccomp_gen_*() functions to seccomp_export_*()
These functions were originally intended as a debugging tool for
developers (both application and libseccomp), but recent discussions
have led me to believe that at some point in the future libseccomp
will likely support the import/export of seccomp policy. While I
hate changing the API, we haven't released libseccomp yet so we are
still free to make what changes we need and I think this rename puts
us in a better position for the future.
Signed-off-by: Paul Moore <pmoore@redhat.com>
| -rw-r--r-- | doc/Makefile | 4 | ||||
| -rw-r--r-- | doc/man/man3/seccomp_export_bpf.3 (renamed from doc/man/man3/seccomp_gen_bpf.3) | 18 | ||||
| -rw-r--r-- | doc/man/man3/seccomp_export_pfc.3 | 1 | ||||
| -rw-r--r-- | doc/man/man3/seccomp_gen_pfc.3 | 1 | ||||
| -rw-r--r-- | include/seccomp.h | 8 | ||||
| -rw-r--r-- | src/api.c | 4 | ||||
| -rw-r--r-- | tests/11-basic-errors.c | 12 | ||||
| -rw-r--r-- | tests/util.c | 4 |
8 files changed, 26 insertions, 26 deletions
diff --git a/doc/Makefile b/doc/Makefile index e164d77..118a588 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -41,8 +41,8 @@ MAN3 = \ man/man3/seccomp_rule_add.3 \ man/man3/seccomp_rule_add_exact.3 \ man/man3/seccomp_syscall_priority.3 \ - man/man3/seccomp_gen_bpf.3 \ - man/man3/seccomp_gen_pfc.3 \ + man/man3/seccomp_export_bpf.3 \ + man/man3/seccomp_export_pfc.3 \ man/man3/seccomp_attr_set.3 \ man/man3/seccomp_attr_get.3 diff --git a/doc/man/man3/seccomp_gen_bpf.3 b/doc/man/man3/seccomp_export_bpf.3 index 5edbb37..0354227 100644 --- a/doc/man/man3/seccomp_gen_bpf.3 +++ b/doc/man/man3/seccomp_export_bpf.3 @@ -1,30 +1,30 @@ -.TH "seccomp_gen_bpf" 3 "15 April 2012" "paul@paul-moore.com" "libseccomp Documentation" +.TH "seccomp_export_bpf" 3 "15 April 2012" "paul@paul-moore.com" "libseccomp Documentation" .////////////////////////////////////////////////////////////////////////////// .SH NAME .////////////////////////////////////////////////////////////////////////////// -seccomp_gen_bpf, seccomp_gen_pfc \- Output the seccomp filter +seccomp_export_bpf, seccomp_export_pfc \- Export the seccomp filter .////////////////////////////////////////////////////////////////////////////// .SH SYNOPSIS .////////////////////////////////////////////////////////////////////////////// .nf .B #include <seccomp.h> .sp -.BI "int seccomp_gen_bpf(int " fd ");" -.BI "int seccomp_gen_pfc(int " fd ");" +.BI "int seccomp_export_bpf(int " fd ");" +.BI "int seccomp_export_pfc(int " fd ");" .fi .////////////////////////////////////////////////////////////////////////////// .SH DESCRIPTION .////////////////////////////////////////////////////////////////////////////// .P The -.BR seccomp_gen_bpf () +.BR seccomp_export_bpf () and -.BR seccomp_gen_pfc () +.BR seccomp_export_pfc () functions generate and output the current seccomp filter in either BPF (Berkley Packet Filter) or PFC (Pseudo Filter Code). The output of -.BR seccomp_gen_bpf () +.BR seccomp_export_bpf () is suitable for loading into the kernel, while the output of -.BR seccomp_gen_pfc () +.BR seccomp_export_pfc () is human readable and is intended primarily as a debugging tool for developers using libseccomp. Both functions write the filter to the .I fd @@ -60,7 +60,7 @@ int main(int argc, char *argv[]) goto out; } - rc = seccomp_gen_bpf(filter_fd); + rc = seccomp_export_bpf(filter_fd); if (rc < 0) { close(filter_fd); goto out; diff --git a/doc/man/man3/seccomp_export_pfc.3 b/doc/man/man3/seccomp_export_pfc.3 new file mode 100644 index 0000000..45c49a3 --- /dev/null +++ b/doc/man/man3/seccomp_export_pfc.3 @@ -0,0 +1 @@ +.so man3/seccomp_export_bpf.3 diff --git a/doc/man/man3/seccomp_gen_pfc.3 b/doc/man/man3/seccomp_gen_pfc.3 deleted file mode 100644 index 896ffba..0000000 --- a/doc/man/man3/seccomp_gen_pfc.3 +++ /dev/null @@ -1 +0,0 @@ -.so man3/seccomp_gen_bpf.3 diff --git a/include/seccomp.h b/include/seccomp.h index a194d84..246e410 100644 --- a/include/seccomp.h +++ b/include/seccomp.h @@ -264,24 +264,24 @@ int seccomp_rule_add_exact(uint32_t action, int syscall, unsigned int arg_cnt, ...); /** - * Generate seccomp Pseudo Filter Code (PFC) + * Generate seccomp Pseudo Filter Code (PFC) and export it to a file * @param fd the destination fd * * This function generates seccomp Pseudo Filter Code (PFC) and writes it to * the given fd. Returns zero on success, negative values on failure. * */ -int seccomp_gen_pfc(int fd); +int seccomp_export_pfc(int fd); /** - * Generate seccomp Berkley Packet Filter (BPF) code + * Generate seccomp Berkley Packet Filter (BPF) code and export it to a file * @param fd the destination fd * * This function generates seccomp Berkley Packer Filter (BPF) code and writes * it to the given fd. Returns zero on success, negative values on failure. * */ -int seccomp_gen_bpf(int fd); +int seccomp_export_bpf(int fd); /* * pseudo syscall definitions @@ -259,7 +259,7 @@ int seccomp_rule_add_exact(uint32_t action, } /* NOTE - function header comment in include/seccomp.h */ -int seccomp_gen_pfc(int fd) +int seccomp_export_pfc(int fd) { if (filter == NULL) return -EFAULT; @@ -268,7 +268,7 @@ int seccomp_gen_pfc(int fd) } /* NOTE - function header comment in include/seccomp.h */ -int seccomp_gen_bpf(int fd) +int seccomp_export_bpf(int fd) { int rc; struct bpf_program *program; diff --git a/tests/11-basic-errors.c b/tests/11-basic-errors.c index b7e1562..d9af600 100644 --- a/tests/11-basic-errors.c +++ b/tests/11-basic-errors.c @@ -132,8 +132,8 @@ int main(int argc, char *argv[]) } seccomp_release(); - /* seccomp_gen_pfc errors */ - rc = seccomp_gen_pfc(STDOUT_FILENO); + /* seccomp_export_pfc errors */ + rc = seccomp_export_pfc(STDOUT_FILENO); if (rc != -EFAULT) return -1; @@ -141,14 +141,14 @@ int main(int argc, char *argv[]) if (rc != 0) return rc; else { - rc = seccomp_gen_pfc(sysconf(_SC_OPEN_MAX)-1); + rc = seccomp_export_pfc(sysconf(_SC_OPEN_MAX)-1); if (rc != EBADF) return -1; } seccomp_release(); - /* seccomp_gen_bpf errors */ - rc = seccomp_gen_bpf(STDOUT_FILENO); + /* seccomp_export_bpf errors */ + rc = seccomp_export_bpf(STDOUT_FILENO); if (rc != -EFAULT) return -1; @@ -156,7 +156,7 @@ int main(int argc, char *argv[]) if (rc != 0) return rc; else { - rc = seccomp_gen_bpf(sysconf(_SC_OPEN_MAX)-1); + rc = seccomp_export_bpf(sysconf(_SC_OPEN_MAX)-1); if (rc != -EBADF) return -1; } diff --git a/tests/util.c b/tests/util.c index 09e81e1..1294794 100644 --- a/tests/util.c +++ b/tests/util.c @@ -99,9 +99,9 @@ int util_filter_output(const struct util_options *opts) return -EFAULT; if (opts->bpf_flg) - rc = seccomp_gen_bpf(STDOUT_FILENO); + rc = seccomp_export_bpf(STDOUT_FILENO); else - rc = seccomp_gen_pfc(STDOUT_FILENO); + rc = seccomp_export_pfc(STDOUT_FILENO); return rc; } |