diff options
author | Paul Moore <pmoore@redhat.com> | 2012-03-23 11:01:10 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2012-03-23 17:51:25 -0400 |
commit | ebb5f0c14a9bc20d8a4589dc5d27aae66e218733 (patch) | |
tree | 8002230ae28949b9e9d5e4d9dc0287a2ad814a27 /src/gen_pfc.c | |
parent | bc49c5674eb9d02ced659e20db258c8822312bc9 (diff) | |
download | libseccomp-ebb5f0c14a9bc20d8a4589dc5d27aae66e218733.tar.gz |
db: add support for "phantom" syscall entries
Phantom syscall entries are syscall entry placeholders that are
intended simply to carry the syscall priority value and are not
included in the seccomp filter until that are explicitly added via a
filter rule.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'src/gen_pfc.c')
-rw-r--r-- | src/gen_pfc.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/gen_pfc.c b/src/gen_pfc.c index 6aea254..d5bcdbf 100644 --- a/src/gen_pfc.c +++ b/src/gen_pfc.c @@ -210,8 +210,11 @@ int gen_pfc_generate(const struct db_filter *db, int fd) fprintf(fds, "#\n"); fprintf(fds, "# pseudo filter code start\n"); fprintf(fds, "#\n"); - db_list_foreach(s_iter, db->syscalls) + db_list_foreach(s_iter, db->syscalls) { + if (s_iter->valid == 0) + continue; _gen_pfc_syscall(s_iter, fds); + } fprintf(fds, "# default action\n"); _pfc_action(fds, db->def_action); fprintf(fds, "#\n"); |