| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The SCMP_FLTATR_CTL_WAITKILL attribute requests that the
SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag be passed to the
seccomp(2) system call when possible, which is currently only when
the SECCOMP_FILTER_FLAG_NEW_LISTENER flag is also set.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See the manpage additions as part of this patch, but the basic idea
is that when this attribute is non-zero we make every effort to
convey the system's errno value back to the caller when something
goes wrong in libc or the kernel. It is important to note from a
support perspective that our ability to support callers who make use
of this attribute will be diminished as the libc and kernel errno
values are beyond libseccomp's control.
If the attribute is zero, the library hides all of the system
failures under -ECANCELED.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Some of this was taken from Tycho's original patch.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
| |
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended
to cause log events for all actions taken by a filter except for
SCMP_ACT_ALLOW actions. This is done via a new filter attribute called
SCMP_FLTATR_CTL_LOG that is off by default.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Employer agnostic emails make things a lot easier in the long run so
make sure the paul-moore.com address is used whenever it makes sense.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
Many, if not all, of the tests had an uninitialized use warning
relating to the use of the libseccomp context variable.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
Since we have a tool to verify the source code style/formatting, let's
put it to good use.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
This patch only renames files, it makes not changes to the content.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|