diff options
| author | Tom Hromatka <tom.hromatka@oracle.com> | 2018-09-19 09:26:25 -0600 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2018-09-19 16:54:15 -0400 |
| commit | b2f15f3d02f302b12b9d1a37d83521e6f9e08841 (patch) | |
| tree | e9b3e4ae6b2a9dcaf68b2877c24d9b69fc1e7122 /include | |
| parent | 6646e21ed2734dca355c5b550cb45f0379330e02 (diff) | |
| download | libseccomp-b2f15f3d02f302b12b9d1a37d83521e6f9e08841.tar.gz | |
api: Add support for SCMP_ACT_KILL_PROCESS
This patch adds support for killing the entire process via
the SCMP_ACT_KILL_PROCESS action. To maintain backward
compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD.
Support for KILL_PROCESS was added into the Linux kernel in
v4.14.
This addresses GitHub Issue #96 - RFE: add support for
SECCOMP_RET_KILL_PROCESS
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: minor comment tweak in seccomp.h.in]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/seccomp.h.in | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 03973a4..ab6a638 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -244,7 +244,15 @@ struct scmp_arg_cmp { /** * Kill the process */ -#define SCMP_ACT_KILL 0x00000000U +#define SCMP_ACT_KILL_PROCESS 0x80000000U +/** + * Kill the thread + */ +#define SCMP_ACT_KILL_THREAD 0x00000000U +/** + * Kill the thread, defined for backward compatibility + */ +#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD /** * Throw a SIGSYS signal */ @@ -297,6 +305,7 @@ const struct scmp_version *seccomp_version(void); * uses the seccomp(2) syscall instead of the prctl(2) syscall * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute * support for the SCMP_ACT_LOG action + * support for the SCMP_ACT_KILL_PROCESS action * */ unsigned int seccomp_api_get(void); |