db: add support for "phantom" syscall entries

Phantom syscall entries are syscall entry placeholders that are intended simply to carry the syscall priority value and are not included in the seccomp filter until that are explicitly added via a filter rule. Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2012-03-23 11:01:10 -0400
committer: Paul Moore <pmoore@redhat.com> 2012-03-23 17:51:25 -0400
commit: ebb5f0c14a9bc20d8a4589dc5d27aae66e218733 (patch)
tree: 8002230ae28949b9e9d5e4d9dc0287a2ad814a27 /src/gen_pfc.c
parent: bc49c5674eb9d02ced659e20db258c8822312bc9 (diff)
download: libseccomp-ebb5f0c14a9bc20d8a4589dc5d27aae66e218733.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/gen_pfc.c b/src/gen_pfc.c
index 6aea254..d5bcdbf 100644
--- a/src/gen_pfc.c
+++ b/src/gen_pfc.c
@@ -210,8 +210,11 @@ int gen_pfc_generate(const struct db_filter *db, int fd)
 	fprintf(fds, "#\n");
 	fprintf(fds, "# pseudo filter code start\n");
 	fprintf(fds, "#\n");
-	db_list_foreach(s_iter, db->syscalls)
+	db_list_foreach(s_iter, db->syscalls) {
+		if (s_iter->valid == 0)
+			continue;
 		_gen_pfc_syscall(s_iter, fds);
+	}
 	fprintf(fds, "# default action\n");
 	_pfc_action(fds, db->def_action);
 	fprintf(fds, "#\n");
author	Paul Moore <pmoore@redhat.com>	2012-03-23 11:01:10 -0400
committer	Paul Moore <pmoore@redhat.com>	2012-03-23 17:51:25 -0400
commit	ebb5f0c14a9bc20d8a4589dc5d27aae66e218733 (patch)
tree	8002230ae28949b9e9d5e4d9dc0287a2ad814a27 /src/gen_pfc.c
parent	bc49c5674eb9d02ced659e20db258c8822312bc9 (diff)
download	libseccomp-ebb5f0c14a9bc20d8a4589dc5d27aae66e218733.tar.gz