diff options
| author | Paul Moore <paul@paul-moore.com> | 2022-07-26 18:27:26 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2022-09-21 21:55:32 -0400 |
| commit | e797591bdd6834272e2db292400f608ed9bd7fab (patch) | |
| tree | 8a827e073029e896810d1c7b518e8435a13f2ad3 /include | |
| parent | 8b9fd69572e9803af3d19633ec0e7c4af42d5941 (diff) | |
| download | libseccomp-e797591bdd6834272e2db292400f608ed9bd7fab.tar.gz | |
all: add seccomp_precompute() functionality
This patch adds a seccomp_precompute() API to precompute the seccomp
filter prior to calling seccomp_load() or similar functions. Not
only does this improve the performance of seccomp_load(), it ensures
that seccomp_load() is async-signal-safe if no additional changes
have been made since the filter was precomputed.
Python bindings, test, and manpage updates are included in this
patch.
One minor side effect of this change is that seccomp_export_bpf_mem()
now always return the length of the filter in the "len" function
parameter, even in cases where the passed buffer is too small.
Arguably seccomp_export_bpf_mem() should have always behaved this
way.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/seccomp.h.in | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 983fb77..6f4929b 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -830,6 +830,17 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); */ int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf, size_t *len); +/** + * Precompute the seccomp filter for future use + * @param ctx the filter context + * + * This function precomputes the seccomp filter and stores it internally for + * future use, speeding up seccomp_load() and other functions which require + * the generated filter. + * + */ +int seccomp_precompute(const scmp_filter_ctx ctx); + /* * pseudo syscall definitions */ |