all: add support for new log filter flag

Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended to cause log events for all actions taken by a filter except for SCMP_ACT_ALLOW actions. This is done via a new filter attribute called SCMP_FLTATR_CTL_LOG that is off by default. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Tyler Hicks <tyhicks@canonical.com> 2017-10-18 06:16:52 +0000
committer: Paul Moore <paul@paul-moore.com> 2017-11-01 12:48:14 -0400
commit: d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch)
tree: 0402519270e14ee916dfa31503505bc49037bdd7 /src/db.h
parent: 8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff)
download: libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/db.h b/src/db.h
index c4ad549..b82491a 100644
--- a/src/db.h
+++ b/src/db.h
@@ -139,6 +139,8 @@ struct db_filter_attr {
 	uint32_t tsync_enable;
 	/* allow rules with a -1 syscall value */
 	uint32_t api_tskip;
+	/* SECCOMP_FILTER_FLAG_LOG related attributes */
+	uint32_t log_enable;
 };
 
 struct db_filter {
author	Tyler Hicks <tyhicks@canonical.com>	2017-10-18 06:16:52 +0000
committer	Paul Moore <paul@paul-moore.com>	2017-11-01 12:48:14 -0400
commit	d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch)
tree	0402519270e14ee916dfa31503505bc49037bdd7 /src/db.h
parent	8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff)
download	libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz