diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2017-10-18 06:16:52 +0000 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-11-01 12:48:14 -0400 |
commit | d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch) | |
tree | 0402519270e14ee916dfa31503505bc49037bdd7 /include | |
parent | 8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff) | |
download | libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz |
all: add support for new log filter flag
Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended
to cause log events for all actions taken by a filter except for
SCMP_ACT_ALLOW actions. This is done via a new filter attribute called
SCMP_FLTATR_CTL_LOG that is off by default.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/seccomp.h.in | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 350a840..014a2d7 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -64,6 +64,7 @@ enum scmp_filter_attr { SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */ SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */ SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */ + SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */ _SCMP_FLTATR_MAX, }; @@ -290,6 +291,7 @@ const struct scmp_version *seccomp_version(void); * 1 : base level * 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute * uses the seccomp(2) syscall instead of the prctl(2) syscall + * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute * */ const unsigned int seccomp_api_get(void); |