diff options
-rw-r--r-- | doc/Makefile | 2 | ||||
-rw-r--r-- | doc/man/man3/seccomp_arch_add.3 | 11 | ||||
-rw-r--r-- | doc/man/man3/seccomp_arch_native.3 | 1 | ||||
-rw-r--r-- | include/seccomp.h | 8 | ||||
-rw-r--r-- | src/api.c | 6 | ||||
-rw-r--r-- | src/python/libseccomp.pxd | 1 | ||||
-rw-r--r-- | src/python/seccomp.pyx | 9 | ||||
-rw-r--r-- | tests/16-arch-basic.c | 4 | ||||
-rwxr-xr-x | tests/16-arch-basic.py | 4 |
9 files changed, 38 insertions, 8 deletions
diff --git a/doc/Makefile b/doc/Makefile index 348a04b..2c77ec9 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -47,6 +47,8 @@ MAN3 = \ man/man3/seccomp_attr_set.3 \ man/man3/seccomp_attr_get.3 \ man/man3/seccomp_arch_add.3 \ + man/man3/seccomp_arch_exist.3 \ + man/man3/seccomp_arch_native.3 \ man/man3/seccomp_arch_remove.3 \ man/man3/seccomp_merge.3 diff --git a/doc/man/man3/seccomp_arch_add.3 b/doc/man/man3/seccomp_arch_add.3 index 7315e9c..99d9cc7 100644 --- a/doc/man/man3/seccomp_arch_add.3 +++ b/doc/man/man3/seccomp_arch_add.3 @@ -1,8 +1,8 @@ -.TH "seccomp_arch_add" 3 "28 September 2012" "paul@paul-moore.com" "libseccomp Documentation" +.TH "seccomp_arch_add" 3 "26 November 2012" "paul@paul-moore.com" "libseccomp Documentation" .\" ////////////////////////////////////////////////////////////////////////// .SH NAME .\" ////////////////////////////////////////////////////////////////////////// -seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist \- Manage seccomp filter architectures +seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist, seccomp_arch_native \- Manage seccomp filter architectures .\" ////////////////////////////////////////////////////////////////////////// .SH SYNOPSIS .\" ////////////////////////////////////////////////////////////////////////// @@ -15,6 +15,7 @@ seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist \- Manage seccomp filt .B #define SCMP_ARCH_X86 .B #define SCMP_ARCH_X86_64 .sp +.BI "uint32_t seccomp_arch_native();" .BI "int seccomp_arch_exist(const scmp_filter_ctx " ctx ", uint32_t " arch_token ");" .BI "int seccomp_arch_add(scmp_filter_ctx " ctx ", uint32_t " arch_token ");" .BI "int seccomp_arch_remove(scmp_filter_ctx " ctx ", uint32_t " arch_token ");" @@ -41,7 +42,11 @@ should be the .BR SCMP_ARCH_* defined constants; with the .BR SCMP_ARCH_NATIVE -constant always referring to the native compiled architecture. +constant always referring to the native compiled architecture. The +.BR seccomp_arch_native () +function returns the system's architecture such that it will match one of the +.BR SCMP_ARCH_* +constants. .P When a seccomp filter is initialized with the call to .BR seccomp_init (3) diff --git a/doc/man/man3/seccomp_arch_native.3 b/doc/man/man3/seccomp_arch_native.3 new file mode 100644 index 0000000..f72602b --- /dev/null +++ b/doc/man/man3/seccomp_arch_native.3 @@ -0,0 +1 @@ +.so man3/seccomp_arch_add.3 diff --git a/include/seccomp.h b/include/seccomp.h index d9cf250..b09f3d3 100644 --- a/include/seccomp.h +++ b/include/seccomp.h @@ -226,6 +226,14 @@ void seccomp_release(scmp_filter_ctx ctx); int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src); /** + * Return the native architecture token + * + * This function returns the native architecture token value, e.g. SCMP_ARCH_*. + * + */ +uint32_t seccomp_arch_native(void); + +/** * Check to see if an existing architecture is present in the filter * @param ctx the filter context * @param arch_token the architecture token, e.g. SCMP_ARCH_* @@ -141,6 +141,12 @@ int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src) } /* NOTE - function header comment in include/seccomp.h */ +uint32_t seccomp_arch_native(void) +{ + return arch_def_native.token; +} + +/* NOTE - function header comment in include/seccomp.h */ int seccomp_arch_exist(const scmp_filter_ctx ctx, uint32_t arch_token) { struct db_filter_col *col = (struct db_filter_col *)ctx; diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index 4faed03..b5ca659 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -65,6 +65,7 @@ cdef extern from "seccomp.h": int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src) + uint32_t seccomp_arch_native() int seccomp_arch_exist(scmp_filter_ctx ctx, uint32_t arch_token) int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token) int seccomp_arch_remove(scmp_filter_ctx ctx, uint32_t arch_token) diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 30e28a0..45a6f53 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -99,11 +99,18 @@ cdef class Arch: X86 - 32-bit x86 X86_64 - 64-bit x86 """ - NATIVE = libseccomp.SCMP_ARCH_NATIVE X86 = libseccomp.SCMP_ARCH_X86 X86_64 = libseccomp.SCMP_ARCH_X86_64 + def system(self): + """ Return the system's architecture + + Description: + Return an integer value matching the native architecture. + """ + return libseccomp.seccomp_arch_native() + cdef class Attr: """ Python object representing the SyscallFilter attributes. diff --git a/tests/16-arch-basic.c b/tests/16-arch-basic.c index e053db2..f2d122c 100644 --- a/tests/16-arch-basic.c +++ b/tests/16-arch-basic.c @@ -40,12 +40,12 @@ int main(int argc, char *argv[]) if (ctx == NULL) goto out; - if (seccomp_arch_exist(ctx, SCMP_ARCH_X86) == -EEXIST) { + if (seccomp_arch_native() != SCMP_ARCH_X86) { rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); if (rc != 0) goto out; } - if (seccomp_arch_exist(ctx, SCMP_ARCH_X86_64) == -EEXIST) { + if (seccomp_arch_native() != SCMP_ARCH_X86_64) { rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); if (rc != 0) goto out; diff --git a/tests/16-arch-basic.py b/tests/16-arch-basic.py index eebe9a3..6103f67 100755 --- a/tests/16-arch-basic.py +++ b/tests/16-arch-basic.py @@ -30,9 +30,9 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) - if not f.exist_arch(Arch.X86): + if not Arch.system() == Arch.X86: f.add_arch(Arch.X86) - if not f.exist_arch(Arch.X86_64): + if not Arch.system() == Arch.X86_64: f.add_arch(Arch.X86_64) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) |