all: add support for new log filter flag

Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended to cause log events for all actions taken by a filter except for SCMP_ACT_ALLOW actions. This is done via a new filter attribute called SCMP_FLTATR_CTL_LOG that is off by default. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Tyler Hicks <tyhicks@canonical.com> 2017-10-18 06:16:52 +0000
committer: Paul Moore <paul@paul-moore.com> 2017-11-01 12:48:14 -0400
commit: d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch)
tree: 0402519270e14ee916dfa31503505bc49037bdd7 /include
parent: 8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff)
download: libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 350a840..014a2d7 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -64,6 +64,7 @@ enum scmp_filter_attr {
 	SCMP_FLTATR_CTL_NNP = 3,	/**< set NO_NEW_PRIVS on filter load */
 	SCMP_FLTATR_CTL_TSYNC = 4,	/**< sync threads on filter load */
 	SCMP_FLTATR_API_TSKIP = 5,	/**< allow rules with a -1 syscall */
+	SCMP_FLTATR_CTL_LOG = 6,	/**< log not-allowed actions */
 	_SCMP_FLTATR_MAX,
 };
 
@@ -290,6 +291,7 @@ const struct scmp_version *seccomp_version(void);
  *  1 : base level
  *  2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
  *      uses the seccomp(2) syscall instead of the prctl(2) syscall
+ *  3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
  *
  */
 const unsigned int seccomp_api_get(void);
author	Tyler Hicks <tyhicks@canonical.com>	2017-10-18 06:16:52 +0000
committer	Paul Moore <paul@paul-moore.com>	2017-11-01 12:48:14 -0400
commit	d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch)
tree	0402519270e14ee916dfa31503505bc49037bdd7 /include
parent	8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff)
download	libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz