diff options
| author | Tom Hromatka <tom.hromatka@oracle.com> | 2018-09-19 09:26:25 -0600 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2018-09-19 16:54:15 -0400 |
| commit | b2f15f3d02f302b12b9d1a37d83521e6f9e08841 (patch) | |
| tree | e9b3e4ae6b2a9dcaf68b2877c24d9b69fc1e7122 /src/gen_pfc.c | |
| parent | 6646e21ed2734dca355c5b550cb45f0379330e02 (diff) | |
| download | libseccomp-b2f15f3d02f302b12b9d1a37d83521e6f9e08841.tar.gz | |
api: Add support for SCMP_ACT_KILL_PROCESS
This patch adds support for killing the entire process via
the SCMP_ACT_KILL_PROCESS action. To maintain backward
compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD.
Support for KILL_PROCESS was added into the Linux kernel in
v4.14.
This addresses GitHub Issue #96 - RFE: add support for
SECCOMP_RET_KILL_PROCESS
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: minor comment tweak in seccomp.h.in]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'src/gen_pfc.c')
| -rw-r--r-- | src/gen_pfc.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/gen_pfc.c b/src/gen_pfc.c index ebde3bf..75d8507 100644 --- a/src/gen_pfc.c +++ b/src/gen_pfc.c @@ -35,6 +35,7 @@ #include "db.h" #include "gen_pfc.h" #include "helper.h" +#include "system.h" struct pfc_sys_list { struct db_sys_list *sys; @@ -117,8 +118,11 @@ static void _pfc_arg(FILE *fds, */ static void _pfc_action(FILE *fds, uint32_t action) { - switch (action & 0xffff0000) { - case SCMP_ACT_KILL: + switch (action & SECCOMP_RET_ACTION_FULL) { + case SCMP_ACT_KILL_PROCESS: + fprintf(fds, "action KILL_PROCESS;\n"); + break; + case SCMP_ACT_KILL_THREAD: fprintf(fds, "action KILL;\n"); break; case SCMP_ACT_TRAP: |