all: add support for new log action

Extend libseccomp to support SECCOMP_RET_LOG, which is intended to
log the syscall before allowing it.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

3 files changed, 7 insertions, 0 deletions

diff --git a/tools/bpf.h b/tools/bpf.h
index 7679d01..b8e6d81 100644
--- a/tools/bpf.h
+++ b/tools/bpf.h
@@ -64,6 +64,7 @@ typedef struct sock_filter bpf_instr_raw;
 #define SECCOMP_RET_TRAP	0x00030000U
 #define SECCOMP_RET_ERRNO	0x00050000U
 #define SECCOMP_RET_TRACE	0x7ff00000U
+#define SECCOMP_RET_LOG		0x7ffc0000U
 #define SECCOMP_RET_ALLOW	0x7fff0000U
 
 /* bpf command classes */
diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
index 05590f4..6e5282a 100644
--- a/tools/scmp_bpf_disasm.c
+++ b/tools/scmp_bpf_disasm.c
@@ -189,6 +189,9 @@ static void bpf_decode_action(uint32_t k)
 	case SECCOMP_RET_TRACE:
 		printf("TRACE(%u)", data);
 		break;
+	case SECCOMP_RET_LOG:
+		printf("LOG");
+		break;
 	case SECCOMP_RET_ALLOW:
 		printf("ALLOW");
 		break;
diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
index 3d3204a..6e422c5 100644
--- a/tools/scmp_bpf_sim.c
+++ b/tools/scmp_bpf_sim.c
@@ -128,6 +128,9 @@ static void end_action(uint32_t action, unsigned int line)
 	case SECCOMP_RET_TRACE:
 		fprintf(stdout, "TRACE(%u)\n", data);
 		break;
+	case SECCOMP_RET_LOG:
+		fprintf(stdout, "LOG\n");
+		break;
 	case SECCOMP_RET_ALLOW:
 		fprintf(stdout, "ALLOW\n");
 		break;