all: add support for new log action

Extend libseccomp to support SECCOMP_RET_LOG, which is intended to log the syscall before allowing it. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Tyler Hicks <tyhicks@canonical.com> 2017-10-18 06:16:55 +0000
committer: Paul Moore <paul@paul-moore.com> 2017-11-01 12:49:53 -0400
commit: 3b22b153c70ef00044fb309d9a9fecc12b777e98 (patch)
tree: d3350ce9a636380efb9c2f8e8149ce10a9678254 /include
parent: b61042bf4bcf216e2371c8371d6bf5449f1cf7c5 (diff)
download: libseccomp-3b22b153c70ef00044fb309d9a9fecc12b777e98.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 014a2d7..56ae73e 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -258,6 +258,10 @@ struct scmp_arg_cmp {
  */
 #define SCMP_ACT_TRACE(x)	(0x7ff00000U | ((x) & 0x0000ffffU))
 /**
+ * Allow the syscall to be executed after the action has been logged
+ */
+#define SCMP_ACT_LOG		0x7ffc0000U
+/**
  * Allow the syscall to be executed
  */
 #define SCMP_ACT_ALLOW		0x7fff0000U
@@ -292,6 +296,7 @@ const struct scmp_version *seccomp_version(void);
  *  2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
  *      uses the seccomp(2) syscall instead of the prctl(2) syscall
  *  3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
+ *      support for the SCMP_ACT_LOG action
  *
  */
 const unsigned int seccomp_api_get(void);
author	Tyler Hicks <tyhicks@canonical.com>	2017-10-18 06:16:55 +0000
committer	Paul Moore <paul@paul-moore.com>	2017-11-01 12:49:53 -0400
commit	3b22b153c70ef00044fb309d9a9fecc12b777e98 (patch)
tree	d3350ce9a636380efb9c2f8e8149ce10a9678254 /include
parent	b61042bf4bcf216e2371c8371d6bf5449f1cf7c5 (diff)
download	libseccomp-3b22b153c70ef00044fb309d9a9fecc12b777e98.tar.gz