diff options
| -rw-r--r-- | src/system.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/system.h b/src/system.h index 7e75ac8..99fd9a3 100644 --- a/src/system.h +++ b/src/system.h @@ -61,6 +61,7 @@ struct db_filter_col; #define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ #define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ #define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ +#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */ #define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ /* Masks for the return value sections. */ @@ -117,10 +118,6 @@ typedef struct sock_filter bpf_instr_raw; #define SECCOMP_FILTER_FLAG_LOG (1UL << 1) #endif -#ifndef SECCOMP_RET_LOG -#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */ -#endif - /* SECCOMP_RET_ACTION_FULL was added in kernel v4.14. It may not be * defined on older kernels */ @@ -128,6 +125,13 @@ typedef struct sock_filter bpf_instr_raw; #define SECCOMP_RET_ACTION_FULL 0xffff0000U #endif +/* SECCOMP_RET_LOG was added in kernel v4.14. It may not be defined on + * older kernels. + */ +#ifndef SECCOMP_RET_LOG +#define SECCOMP_RET_LOG 0x7fc00000U +#endif + int sys_chk_seccomp_syscall(void); void sys_set_seccomp_syscall(bool enable); |