diff options
| author | Paul Moore <paul@paul-moore.com> | 2017-02-15 19:10:35 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-02-21 17:30:47 -0500 |
| commit | dc879990774b5fe0b5d3362ae592e8a5bb615fbb (patch) | |
| tree | 126b545a209cf8b4abf92f50dd4cb6b0f0f0325e /include | |
| parent | a66f000de92c7ced17ae6615837dabafd803ae42 (diff) | |
| download | libseccomp-dc879990774b5fe0b5d3362ae592e8a5bb615fbb.tar.gz | |
all: treat syscall -1 as a valid syscall
Process tracers use a -1 syscall value to indicate that a syscall
should be skipped. This turns out to be quite an undertaking as
we need to workaround __NR_SCMP_ERROR (which also has a value of
-1). Pay special attention to the new attribute,
SCMP_FLTATR_API_TSKIP, and the documentation additions.
More information in the GitHub issue:
* https://github.com/seccomp/libseccomp/issues/80
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/seccomp.h.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in index b45de86..5843639 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -63,6 +63,7 @@ enum scmp_filter_attr { SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */ SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */ SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */ + SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */ _SCMP_FLTATR_MAX, }; |