From d0e11951f6484db5d8e98591ddc0c0157b333d85 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Wed, 18 Oct 2017 06:16:52 +0000
Subject: all: add support for new log filter flag

Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended
to cause log events for all actions taken by a filter except for
SCMP_ACT_ALLOW actions. This is done via a new filter attribute called
SCMP_FLTATR_CTL_LOG that is off by default.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 include/seccomp.h.in | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 350a840..014a2d7 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -64,6 +64,7 @@ enum scmp_filter_attr {
 	SCMP_FLTATR_CTL_NNP = 3,	/**< set NO_NEW_PRIVS on filter load */
 	SCMP_FLTATR_CTL_TSYNC = 4,	/**< sync threads on filter load */
 	SCMP_FLTATR_API_TSKIP = 5,	/**< allow rules with a -1 syscall */
+	SCMP_FLTATR_CTL_LOG = 6,	/**< log not-allowed actions */
 	_SCMP_FLTATR_MAX,
 };
 
@@ -290,6 +291,7 @@ const struct scmp_version *seccomp_version(void);
  *  1 : base level
  *  2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
  *      uses the seccomp(2) syscall instead of the prctl(2) syscall
+ *  3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
  *
  */
 const unsigned int seccomp_api_get(void);
-- 
cgit v1.2.1