1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
|
/**
* Seccomp Library
*
* Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
* Author: Paul Moore <paul@paul-moore.com>
*/
/*
* This library is free software; you can redistribute it and/or modify it
* under the terms of version 2.1 of the GNU Lesser General Public License as
* published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
* for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, see <http://www.gnu.org/licenses>.
*/
#ifndef _SECCOMP_H
#define _SECCOMP_H
#include <elf.h>
#include <inttypes.h>
#include <asm/unistd.h>
#include <linux/audit.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* version information
*/
#define SCMP_VER_MAJOR @VERSION_MAJOR@
#define SCMP_VER_MINOR @VERSION_MINOR@
#define SCMP_VER_MICRO @VERSION_MICRO@
struct scmp_version {
unsigned int major;
unsigned int minor;
unsigned int micro;
};
/*
* types
*/
/**
* Filter context/handle
*/
typedef void *scmp_filter_ctx;
/**
* Filter attributes
*/
enum scmp_filter_attr {
_SCMP_FLTATR_MIN = 0,
SCMP_FLTATR_ACT_DEFAULT = 1, /**< default filter action */
SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */
SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */
SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */
SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */
SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */
_SCMP_FLTATR_MAX,
};
/**
* Comparison operators
*/
enum scmp_compare {
_SCMP_CMP_MIN = 0,
SCMP_CMP_NE = 1, /**< not equal */
SCMP_CMP_LT = 2, /**< less than */
SCMP_CMP_LE = 3, /**< less than or equal */
SCMP_CMP_EQ = 4, /**< equal */
SCMP_CMP_GE = 5, /**< greater than or equal */
SCMP_CMP_GT = 6, /**< greater than */
SCMP_CMP_MASKED_EQ = 7, /**< masked equality */
_SCMP_CMP_MAX,
};
/**
* Argument datum
*/
typedef uint64_t scmp_datum_t;
/**
* Argument / Value comparison definition
*/
struct scmp_arg_cmp {
unsigned int arg; /**< argument number, starting at 0 */
enum scmp_compare op; /**< the comparison op, e.g. SCMP_CMP_* */
scmp_datum_t datum_a;
scmp_datum_t datum_b;
};
/*
* macros/defines
*/
/**
* The native architecture token
*/
#define SCMP_ARCH_NATIVE 0
/**
* The x86 (32-bit) architecture token
*/
#define SCMP_ARCH_X86 AUDIT_ARCH_I386
/**
* The x86-64 (64-bit) architecture token
*/
#define SCMP_ARCH_X86_64 AUDIT_ARCH_X86_64
/**
* The x32 (32-bit x86_64) architecture token
*
* NOTE: this is different from the value used by the kernel because we need to
* be able to distinguish between x32 and x86_64
*/
#define SCMP_ARCH_X32 (EM_X86_64|__AUDIT_ARCH_LE)
/**
* The ARM architecture tokens
*/
#define SCMP_ARCH_ARM AUDIT_ARCH_ARM
/* AArch64 support for audit was merged in 3.17-rc1 */
#ifndef AUDIT_ARCH_AARCH64
#ifndef EM_AARCH64
#define EM_AARCH64 183
#endif /* EM_AARCH64 */
#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#endif /* AUDIT_ARCH_AARCH64 */
#define SCMP_ARCH_AARCH64 AUDIT_ARCH_AARCH64
/**
* The MIPS architecture tokens
*/
#ifndef __AUDIT_ARCH_CONVENTION_MIPS64_N32
#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
#endif
#ifndef EM_MIPS
#define EM_MIPS 8
#endif
#ifndef AUDIT_ARCH_MIPS
#define AUDIT_ARCH_MIPS (EM_MIPS)
#endif
#ifndef AUDIT_ARCH_MIPS64
#define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT)
#endif
/* MIPS64N32 support was merged in 3.15 */
#ifndef AUDIT_ARCH_MIPS64N32
#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\
__AUDIT_ARCH_CONVENTION_MIPS64_N32)
#endif
/* MIPSEL64N32 support was merged in 3.15 */
#ifndef AUDIT_ARCH_MIPSEL64N32
#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE|\
__AUDIT_ARCH_CONVENTION_MIPS64_N32)
#endif
#define SCMP_ARCH_MIPS AUDIT_ARCH_MIPS
#define SCMP_ARCH_MIPS64 AUDIT_ARCH_MIPS64
#define SCMP_ARCH_MIPS64N32 AUDIT_ARCH_MIPS64N32
#define SCMP_ARCH_MIPSEL AUDIT_ARCH_MIPSEL
#define SCMP_ARCH_MIPSEL64 AUDIT_ARCH_MIPSEL64
#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
/**
* The PowerPC architecture tokens
*/
#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
#ifndef AUDIT_ARCH_PPC64LE
#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#endif
#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
/**
* The S390 architecture tokens
*/
#define SCMP_ARCH_S390 AUDIT_ARCH_S390
#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
/**
* The PA-RISC hppa architecture tokens
*/
#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
/**
* Convert a syscall name into the associated syscall number
* @param x the syscall name
*/
#define SCMP_SYS(x) (__NR_##x)
/* Helpers for the argument comparison macros, DO NOT USE directly */
#define _SCMP_VA_NUM_ARGS(...) _SCMP_VA_NUM_ARGS_IMPL(__VA_ARGS__,2,1)
#define _SCMP_VA_NUM_ARGS_IMPL(_1,_2,N,...) N
#define _SCMP_MACRO_DISPATCHER(func, ...) \
_SCMP_MACRO_DISPATCHER_IMPL1(func, _SCMP_VA_NUM_ARGS(__VA_ARGS__))
#define _SCMP_MACRO_DISPATCHER_IMPL1(func, nargs) \
_SCMP_MACRO_DISPATCHER_IMPL2(func, nargs)
#define _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) \
func ## nargs
#define _SCMP_CMP32_1(x, y, z) \
SCMP_CMP64(x, y, (uint32_t)(z))
#define _SCMP_CMP32_2(x, y, z, q) \
SCMP_CMP64(x, y, (uint32_t)(z), (uint32_t)(q))
/**
* Specify a 64-bit argument comparison struct for use in declaring rules
* @param arg the argument number, starting at 0
* @param op the comparison operator, e.g. SCMP_CMP_*
* @param datum_a dependent on comparison
* @param datum_b dependent on comparison, optional
*/
#define SCMP_CMP64(...) ((struct scmp_arg_cmp){__VA_ARGS__})
#define SCMP_CMP SCMP_CMP64
/**
* Specify a 32-bit argument comparison struct for use in declaring rules
* @param arg the argument number, starting at 0
* @param op the comparison operator, e.g. SCMP_CMP_*
* @param datum_a dependent on comparison (32-bits)
* @param datum_b dependent on comparison, optional (32-bits)
*/
#define SCMP_CMP32(x, y, ...) \
_SCMP_MACRO_DISPATCHER(_SCMP_CMP32_, __VA_ARGS__)(x, y, __VA_ARGS__)
/**
* Specify a 64-bit argument comparison struct for argument 0
*/
#define SCMP_A0_64(...) SCMP_CMP64(0, __VA_ARGS__)
#define SCMP_A0 SCMP_A0_64
/**
* Specify a 32-bit argument comparison struct for argument 0
*/
#define SCMP_A0_32(x, ...) SCMP_CMP32(0, x, __VA_ARGS__)
/**
* Specify a 64-bit argument comparison struct for argument 1
*/
#define SCMP_A1_64(...) SCMP_CMP64(1, __VA_ARGS__)
#define SCMP_A1 SCMP_A1_64
/**
* Specify a 32-bit argument comparison struct for argument 1
*/
#define SCMP_A1_32(x, ...) SCMP_CMP32(1, x, __VA_ARGS__)
/**
* Specify a 64-bit argument comparison struct for argument 2
*/
#define SCMP_A2_64(...) SCMP_CMP64(2, __VA_ARGS__)
#define SCMP_A2 SCMP_A2_64
/**
* Specify a 32-bit argument comparison struct for argument 2
*/
#define SCMP_A2_32(x, ...) SCMP_CMP32(2, x, __VA_ARGS__)
/**
* Specify a 64-bit argument comparison struct for argument 3
*/
#define SCMP_A3_64(...) SCMP_CMP64(3, __VA_ARGS__)
#define SCMP_A3 SCMP_A3_64
/**
* Specify a 32-bit argument comparison struct for argument 3
*/
#define SCMP_A3_32(x, ...) SCMP_CMP32(3, x, __VA_ARGS__)
/**
* Specify a 64-bit argument comparison struct for argument 4
*/
#define SCMP_A4_64(...) SCMP_CMP64(4, __VA_ARGS__)
#define SCMP_A4 SCMP_A4_64
/**
* Specify a 32-bit argument comparison struct for argument 4
*/
#define SCMP_A4_32(x, ...) SCMP_CMP32(4, x, __VA_ARGS__)
/**
* Specify a 64-bit argument comparison struct for argument 5
*/
#define SCMP_A5_64(...) SCMP_CMP64(5, __VA_ARGS__)
#define SCMP_A5 SCMP_A5_64
/**
* Specify a 32-bit argument comparison struct for argument 5
*/
#define SCMP_A5_32(x, ...) SCMP_CMP32(5, x, __VA_ARGS__)
/*
* seccomp actions
*/
/**
* Kill the process
*/
#define SCMP_ACT_KILL_PROCESS 0x80000000U
/**
* Kill the thread
*/
#define SCMP_ACT_KILL_THREAD 0x00000000U
/**
* Kill the thread, defined for backward compatibility
*/
#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD
/**
* Throw a SIGSYS signal
*/
#define SCMP_ACT_TRAP 0x00030000U
/**
* Return the specified error code
*/
#define SCMP_ACT_ERRNO(x) (0x00050000U | ((x) & 0x0000ffffU))
/**
* Notify a tracing process with the specified value
*/
#define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU))
/**
* Allow the syscall to be executed after the action has been logged
*/
#define SCMP_ACT_LOG 0x7ffc0000U
/**
* Allow the syscall to be executed
*/
#define SCMP_ACT_ALLOW 0x7fff0000U
/*
* functions
*/
/**
* Query the library version information
*
* This function returns a pointer to a populated scmp_version struct, the
* caller does not need to free the structure when finished.
*
*/
const struct scmp_version *seccomp_version(void);
/**
* Query the library's level of API support
*
* This function returns an API level value indicating the current supported
* functionality. It is important to note that this level of support is
* determined at runtime and therefore can change based on the running kernel
* and system configuration (e.g. any previously loaded seccomp filters). This
* function can be called multiple times, but it only queries the system the
* first time it is called, the API level is cached and used in subsequent
* calls.
*
* The current API levels are described below:
* 0 : reserved
* 1 : base level
* 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
* uses the seccomp(2) syscall instead of the prctl(2) syscall
* 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
* support for the SCMP_ACT_LOG action
* support for the SCMP_ACT_KILL_PROCESS action
*
*/
unsigned int seccomp_api_get(void);
/**
* Set the library's level of API support
*
* This function forcibly sets the API level of the library at runtime. Valid
* API levels are discussed in the description of the seccomp_api_get()
* function. General use of this function is strongly discouraged.
*
*/
int seccomp_api_set(unsigned int level);
/**
* Initialize the filter state
* @param def_action the default filter action
*
* This function initializes the internal seccomp filter state and should
* be called before any other functions in this library to ensure the filter
* state is initialized. Returns a filter context on success, NULL on failure.
*
*/
scmp_filter_ctx seccomp_init(uint32_t def_action);
/**
* Reset the filter state
* @param ctx the filter context
* @param def_action the default filter action
*
* This function resets the given seccomp filter state and ensures the
* filter state is reinitialized. This function does not reset any seccomp
* filters already loaded into the kernel. Returns zero on success, negative
* values on failure.
*
*/
int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action);
/**
* Destroys the filter state and releases any resources
* @param ctx the filter context
*
* This functions destroys the given seccomp filter state and releases any
* resources, including memory, associated with the filter state. This
* function does not reset any seccomp filters already loaded into the kernel.
* The filter context can no longer be used after calling this function.
*
*/
void seccomp_release(scmp_filter_ctx ctx);
/**
* Merge two filters
* @param ctx_dst the destination filter context
* @param ctx_src the source filter context
*
* This function merges two filter contexts into a single filter context and
* destroys the second filter context. The two filter contexts must have the
* same attribute values and not contain any of the same architectures; if they
* do, the merge operation will fail. On success, the source filter context
* will be destroyed and should no longer be used; it is not necessary to
* call seccomp_release() on the source filter context. Returns zero on
* success, negative values on failure.
*
*/
int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src);
/**
* Resolve the architecture name to a architecture token
* @param arch_name the architecture name
*
* This function resolves the given architecture name to a token suitable for
* use with libseccomp, returns zero on failure.
*
*/
uint32_t seccomp_arch_resolve_name(const char *arch_name);
/**
* Return the native architecture token
*
* This function returns the native architecture token value, e.g. SCMP_ARCH_*.
*
*/
uint32_t seccomp_arch_native(void);
/**
* Check to see if an existing architecture is present in the filter
* @param ctx the filter context
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
*
* This function tests to see if a given architecture is included in the filter
* context. If the architecture token is SCMP_ARCH_NATIVE then the native
* architecture will be assumed. Returns zero if the architecture exists in
* the filter, -EEXIST if it is not present, and other negative values on
* failure.
*
*/
int seccomp_arch_exist(const scmp_filter_ctx ctx, uint32_t arch_token);
/**
* Adds an architecture to the filter
* @param ctx the filter context
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
*
* This function adds a new architecture to the given seccomp filter context.
* Any new rules added after this function successfully returns will be added
* to this architecture but existing rules will not be added to this
* architecture. If the architecture token is SCMP_ARCH_NATIVE then the native
* architecture will be assumed. Returns zero on success, -EEXIST if
* specified architecture is already present, other negative values on failure.
*
*/
int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token);
/**
* Removes an architecture from the filter
* @param ctx the filter context
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
*
* This function removes an architecture from the given seccomp filter context.
* If the architecture token is SCMP_ARCH_NATIVE then the native architecture
* will be assumed. Returns zero on success, negative values on failure.
*
*/
int seccomp_arch_remove(scmp_filter_ctx ctx, uint32_t arch_token);
/**
* Loads the filter into the kernel
* @param ctx the filter context
*
* This function loads the given seccomp filter context into the kernel. If
* the filter was loaded correctly, the kernel will be enforcing the filter
* when this function returns. Returns zero on success, negative values on
* error.
*
*/
int seccomp_load(const scmp_filter_ctx ctx);
/**
* Get the value of a filter attribute
* @param ctx the filter context
* @param attr the filter attribute name
* @param value the filter attribute value
*
* This function fetches the value of the given attribute name and returns it
* via @value. Returns zero on success, negative values on failure.
*
*/
int seccomp_attr_get(const scmp_filter_ctx ctx,
enum scmp_filter_attr attr, uint32_t *value);
/**
* Set the value of a filter attribute
* @param ctx the filter context
* @param attr the filter attribute name
* @param value the filter attribute value
*
* This function sets the value of the given attribute. Returns zero on
* success, negative values on failure.
*
*/
int seccomp_attr_set(scmp_filter_ctx ctx,
enum scmp_filter_attr attr, uint32_t value);
/**
* Resolve a syscall number to a name
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
* @param num the syscall number
*
* Resolve the given syscall number to the syscall name for the given
* architecture; it is up to the caller to free the returned string. Returns
* the syscall name on success, NULL on failure.
*
*/
char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num);
/**
* Resolve a syscall name to a number
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
* @param name the syscall name
*
* Resolve the given syscall name to the syscall number for the given
* architecture. Returns the syscall number on success, including negative
* pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
*
*/
int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name);
/**
* Resolve a syscall name to a number and perform any rewriting necessary
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
* @param name the syscall name
*
* Resolve the given syscall name to the syscall number for the given
* architecture and do any necessary syscall rewriting needed by the
* architecture. Returns the syscall number on success, including negative
* pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
*
*/
int seccomp_syscall_resolve_name_rewrite(uint32_t arch_token, const char *name);
/**
* Resolve a syscall name to a number
* @param name the syscall name
*
* Resolve the given syscall name to the syscall number. Returns the syscall
* number on success, including negative pseudo syscall numbers (e.g. __PNR_*);
* returns __NR_SCMP_ERROR on failure.
*
*/
int seccomp_syscall_resolve_name(const char *name);
/**
* Set the priority of a given syscall
* @param ctx the filter context
* @param syscall the syscall number
* @param priority priority value, higher value == higher priority
*
* This function sets the priority of the given syscall; this value is used
* when generating the seccomp filter code such that higher priority syscalls
* will incur less filter code overhead than the lower priority syscalls in the
* filter. Returns zero on success, negative values on failure.
*
*/
int seccomp_syscall_priority(scmp_filter_ctx ctx,
int syscall, uint8_t priority);
/**
* Add a new rule to the filter
* @param ctx the filter context
* @param action the filter action
* @param syscall the syscall number
* @param arg_cnt the number of argument filters in the argument filter chain
* @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
*
* This function adds a series of new argument/value checks to the seccomp
* filter for the given syscall; multiple argument/value checks can be
* specified and they will be chained together (AND'd together) in the filter.
* If the specified rule needs to be adjusted due to architecture specifics it
* will be adjusted without notification. Returns zero on success, negative
* values on failure.
*
*/
int seccomp_rule_add(scmp_filter_ctx ctx,
uint32_t action, int syscall, unsigned int arg_cnt, ...);
/**
* Add a new rule to the filter
* @param ctx the filter context
* @param action the filter action
* @param syscall the syscall number
* @param arg_cnt the number of elements in the arg_array parameter
* @param arg_array array of scmp_arg_cmp structs
*
* This function adds a series of new argument/value checks to the seccomp
* filter for the given syscall; multiple argument/value checks can be
* specified and they will be chained together (AND'd together) in the filter.
* If the specified rule needs to be adjusted due to architecture specifics it
* will be adjusted without notification. Returns zero on success, negative
* values on failure.
*
*/
int seccomp_rule_add_array(scmp_filter_ctx ctx,
uint32_t action, int syscall, unsigned int arg_cnt,
const struct scmp_arg_cmp *arg_array);
/**
* Add a new rule to the filter
* @param ctx the filter context
* @param action the filter action
* @param syscall the syscall number
* @param arg_cnt the number of argument filters in the argument filter chain
* @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
*
* This function adds a series of new argument/value checks to the seccomp
* filter for the given syscall; multiple argument/value checks can be
* specified and they will be chained together (AND'd together) in the filter.
* If the specified rule can not be represented on the architecture the
* function will fail. Returns zero on success, negative values on failure.
*
*/
int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
int syscall, unsigned int arg_cnt, ...);
/**
* Add a new rule to the filter
* @param ctx the filter context
* @param action the filter action
* @param syscall the syscall number
* @param arg_cnt the number of elements in the arg_array parameter
* @param arg_array array of scmp_arg_cmp structs
*
* This function adds a series of new argument/value checks to the seccomp
* filter for the given syscall; multiple argument/value checks can be
* specified and they will be chained together (AND'd together) in the filter.
* If the specified rule can not be represented on the architecture the
* function will fail. Returns zero on success, negative values on failure.
*
*/
int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
uint32_t action, int syscall,
unsigned int arg_cnt,
const struct scmp_arg_cmp *arg_array);
/**
* Generate seccomp Pseudo Filter Code (PFC) and export it to a file
* @param ctx the filter context
* @param fd the destination fd
*
* This function generates seccomp Pseudo Filter Code (PFC) and writes it to
* the given fd. Returns zero on success, negative values on failure.
*
*/
int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);
/**
* Generate seccomp Berkley Packet Filter (BPF) code and export it to a file
* @param ctx the filter context
* @param fd the destination fd
*
* This function generates seccomp Berkley Packer Filter (BPF) code and writes
* it to the given fd. Returns zero on success, negative values on failure.
*
*/
int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
/*
* pseudo syscall definitions
*/
/* NOTE - pseudo syscall values {-1..-99} are reserved */
#define __NR_SCMP_ERROR -1
#define __NR_SCMP_UNDEF -2
/* socket syscalls */
#define __PNR_socket -101
#ifndef __NR_socket
#define __NR_socket __PNR_socket
#endif /* __NR_socket */
#define __PNR_bind -102
#ifndef __NR_bind
#define __NR_bind __PNR_bind
#endif /* __NR_bind */
#define __PNR_connect -103
#ifndef __NR_connect
#define __NR_connect __PNR_connect
#endif /* __NR_connect */
#define __PNR_listen -104
#ifndef __NR_listen
#define __NR_listen __PNR_listen
#endif /* __NR_listen */
#define __PNR_accept -105
#ifndef __NR_accept
#define __NR_accept __PNR_accept
#endif /* __NR_accept */
#define __PNR_getsockname -106
#ifndef __NR_getsockname
#define __NR_getsockname __PNR_getsockname
#endif /* __NR_getsockname */
#define __PNR_getpeername -107
#ifndef __NR_getpeername
#define __NR_getpeername __PNR_getpeername
#endif /* __NR_getpeername */
#define __PNR_socketpair -108
#ifndef __NR_socketpair
#define __NR_socketpair __PNR_socketpair
#endif /* __NR_socketpair */
#define __PNR_send -109
#ifndef __NR_send
#define __NR_send __PNR_send
#endif /* __NR_send */
#define __PNR_recv -110
#ifndef __NR_recv
#define __NR_recv __PNR_recv
#endif /* __NR_recv */
#define __PNR_sendto -111
#ifndef __NR_sendto
#define __NR_sendto __PNR_sendto
#endif /* __NR_sendto */
#define __PNR_recvfrom -112
#ifndef __NR_recvfrom
#define __NR_recvfrom __PNR_recvfrom
#endif /* __NR_recvfrom */
#define __PNR_shutdown -113
#ifndef __NR_shutdown
#define __NR_shutdown __PNR_shutdown
#endif /* __NR_shutdown */
#define __PNR_setsockopt -114
#ifndef __NR_setsockopt
#define __NR_setsockopt __PNR_setsockopt
#endif /* __NR_getsockopt */
#define __PNR_getsockopt -115
#ifndef __NR_getsockopt
#define __NR_getsockopt __PNR_getsockopt
#endif /* __NR_getsockopt */
#define __PNR_sendmsg -116
#ifndef __NR_sendmsg
#define __NR_sendmsg __PNR_sendmsg
#endif /* __NR_sendmsg */
#define __PNR_recvmsg -117
#ifndef __NR_recvmsg
#define __NR_recvmsg __PNR_recvmsg
#endif /* __NR_recvmsg */
#define __PNR_accept4 -118
#ifndef __NR_accept4
#define __NR_accept4 __PNR_accept4
#endif /* __NR_accept4 */
#define __PNR_recvmmsg -119
#ifndef __NR_recvmmsg
#define __NR_recvmmsg __PNR_recvmmsg
#endif /* __NR_recvmmsg */
#define __PNR_sendmmsg -120
#ifndef __NR_sendmmsg
#define __NR_sendmmsg __PNR_sendmmsg
#endif /* __NR_sendmmsg */
/* ipc syscalls */
#define __PNR_semop -201
#ifndef __NR_semop
#define __NR_semop __PNR_semop
#endif /* __NR_semop */
#define __PNR_semget -202
#ifndef __NR_semget
#define __NR_semget __PNR_semget
#endif /* __NR_semget */
#define __PNR_semctl -203
#ifndef __NR_semctl
#define __NR_semctl __PNR_semctl
#endif /* __NR_semctl */
#define __PNR_semtimedop -204
#ifndef __NR_semtimedop
#define __NR_semtimedop __PNR_semtimedop
#endif /* __NR_semtime */
#define __PNR_msgsnd -211
#ifndef __NR_msgsnd
#define __NR_msgsnd __PNR_msgsnd
#endif /* __NR_msgsnd */
#define __PNR_msgrcv -212
#ifndef __NR_msgrcv
#define __NR_msgrcv __PNR_msgrcv
#endif /* __NR_msgrcv */
#define __PNR_msgget -213
#ifndef __NR_msgget
#define __NR_msgget __PNR_msgget
#endif /* __NR_msgget */
#define __PNR_msgctl -214
#ifndef __NR_msgctl
#define __NR_msgctl __PNR_msgctl
#endif /* __NR_msgctl */
#define __PNR_shmat -221
#ifndef __NR_shmat
#define __NR_shmat __PNR_shmat
#endif /* __NR_shmat */
#define __PNR_shmdt -222
#ifndef __NR_shmdt
#define __NR_shmdt __PNR_shmdt
#endif /* __NR_shmdt */
#define __PNR_shmget -223
#ifndef __NR_shmget
#define __NR_shmget __PNR_shmget
#endif /* __NR_shmget */
#define __PNR_shmctl -224
#ifndef __NR_shmctl
#define __NR_shmctl __PNR_shmctl
#endif /* __NR_shmctl */
/* single syscalls */
#define __PNR_arch_prctl -10001
#ifndef __NR_arch_prctl
#define __NR_arch_prctl __PNR_arch_prctl
#endif /* __NR_arch_prctl */
#define __PNR_bdflush -10002
#ifndef __NR_bdflush
#define __NR_bdflush __PNR_bdflush
#endif /* __NR_bdflush */
#define __PNR_break -10003
#ifndef __NR_break
#define __NR_break __PNR_break
#endif /* __NR_break */
#define __PNR_chown32 -10004
#ifndef __NR_chown32
#define __NR_chown32 __PNR_chown32
#endif /* __NR_chown32 */
#define __PNR_epoll_ctl_old -10005
#ifndef __NR_epoll_ctl_old
#define __NR_epoll_ctl_old __PNR_epoll_ctl_old
#endif /* __NR_epoll_ctl_old */
#define __PNR_epoll_wait_old -10006
#ifndef __NR_epoll_wait_old
#define __NR_epoll_wait_old __PNR_epoll_wait_old
#endif /* __NR_epoll_wait_old */
#define __PNR_fadvise64_64 -10007
#ifndef __NR_fadvise64_64
#define __NR_fadvise64_64 __PNR_fadvise64_64
#endif /* __NR_fadvise64_64 */
#define __PNR_fchown32 -10008
#ifndef __NR_fchown32
#define __NR_fchown32 __PNR_fchown32
#endif /* __NR_fchown32 */
#define __PNR_fcntl64 -10009
#ifndef __NR_fcntl64
#define __NR_fcntl64 __PNR_fcntl64
#endif /* __NR_fcntl64 */
#define __PNR_fstat64 -10010
#ifndef __NR_fstat64
#define __NR_fstat64 __PNR_fstat64
#endif /* __NR_fstat64 */
#define __PNR_fstatat64 -10011
#ifndef __NR_fstatat64
#define __NR_fstatat64 __PNR_fstatat64
#endif /* __NR_fstatat64 */
#define __PNR_fstatfs64 -10012
#ifndef __NR_fstatfs64
#define __NR_fstatfs64 __PNR_fstatfs64
#endif /* __NR_fstatfs64 */
#define __PNR_ftime -10013
#ifndef __NR_ftime
#define __NR_ftime __PNR_ftime
#endif /* __NR_ftime */
#define __PNR_ftruncate64 -10014
#ifndef __NR_ftruncate64
#define __NR_ftruncate64 __PNR_ftruncate64
#endif /* __NR_ftruncate64 */
#define __PNR_getegid32 -10015
#ifndef __NR_getegid32
#define __NR_getegid32 __PNR_getegid32
#endif /* __NR_getegid32 */
#define __PNR_geteuid32 -10016
#ifndef __NR_geteuid32
#define __NR_geteuid32 __PNR_geteuid32
#endif /* __NR_geteuid32 */
#define __PNR_getgid32 -10017
#ifndef __NR_getgid32
#define __NR_getgid32 __PNR_getgid32
#endif /* __NR_getgid32 */
#define __PNR_getgroups32 -10018
#ifndef __NR_getgroups32
#define __NR_getgroups32 __PNR_getgroups32
#endif /* __NR_getgroups32 */
#define __PNR_getresgid32 -10019
#ifndef __NR_getresgid32
#define __NR_getresgid32 __PNR_getresgid32
#endif /* __NR_getresgid32 */
#define __PNR_getresuid32 -10020
#ifndef __NR_getresuid32
#define __NR_getresuid32 __PNR_getresuid32
#endif /* __NR_getresuid32 */
#define __PNR_getuid32 -10021
#ifndef __NR_getuid32
#define __NR_getuid32 __PNR_getuid32
#endif /* __NR_getuid32 */
#define __PNR_gtty -10022
#ifndef __NR_gtty
#define __NR_gtty __PNR_gtty
#endif /* __NR_gtty */
#define __PNR_idle -10023
#ifndef __NR_idle
#define __NR_idle __PNR_idle
#endif /* __NR_idle */
#define __PNR_ipc -10024
#ifndef __NR_ipc
#define __NR_ipc __PNR_ipc
#endif /* __NR_ipc */
#define __PNR_lchown32 -10025
#ifndef __NR_lchown32
#define __NR_lchown32 __PNR_lchown32
#endif /* __NR_lchown32 */
#define __PNR__llseek -10026
#ifndef __NR__llseek
#define __NR__llseek __PNR__llseek
#endif /* __NR__llseek */
#define __PNR_lock -10027
#ifndef __NR_lock
#define __NR_lock __PNR_lock
#endif /* __NR_lock */
#define __PNR_lstat64 -10028
#ifndef __NR_lstat64
#define __NR_lstat64 __PNR_lstat64
#endif /* __NR_lstat64 */
#define __PNR_mmap2 -10029
#ifndef __NR_mmap2
#define __NR_mmap2 __PNR_mmap2
#endif /* __NR_mmap2 */
#define __PNR_mpx -10030
#ifndef __NR_mpx
#define __NR_mpx __PNR_mpx
#endif /* __NR_mpx */
#define __PNR_newfstatat -10031
#ifndef __NR_newfstatat
#define __NR_newfstatat __PNR_newfstatat
#endif /* __NR_newfstatat */
#define __PNR__newselect -10032
#ifndef __NR__newselect
#define __NR__newselect __PNR__newselect
#endif /* __NR__newselect */
#define __PNR_nice -10033
#ifndef __NR_nice
#define __NR_nice __PNR_nice
#endif /* __NR_nice */
#define __PNR_oldfstat -10034
#ifndef __NR_oldfstat
#define __NR_oldfstat __PNR_oldfstat
#endif /* __NR_oldfstat */
#define __PNR_oldlstat -10035
#ifndef __NR_oldlstat
#define __NR_oldlstat __PNR_oldlstat
#endif /* __NR_oldlstat */
#define __PNR_oldolduname -10036
#ifndef __NR_oldolduname
#define __NR_oldolduname __PNR_oldolduname
#endif /* __NR_oldolduname */
#define __PNR_oldstat -10037
#ifndef __NR_oldstat
#define __NR_oldstat __PNR_oldstat
#endif /* __NR_oldstat */
#define __PNR_olduname -10038
#ifndef __NR_olduname
#define __NR_olduname __PNR_olduname
#endif /* __NR_olduname */
#define __PNR_prof -10039
#ifndef __NR_prof
#define __NR_prof __PNR_prof
#endif /* __NR_prof */
#define __PNR_profil -10040
#ifndef __NR_profil
#define __NR_profil __PNR_profil
#endif /* __NR_profil */
#define __PNR_readdir -10041
#ifndef __NR_readdir
#define __NR_readdir __PNR_readdir
#endif /* __NR_readdir */
#define __PNR_security -10042
#ifndef __NR_security
#define __NR_security __PNR_security
#endif /* __NR_security */
#define __PNR_sendfile64 -10043
#ifndef __NR_sendfile64
#define __NR_sendfile64 __PNR_sendfile64
#endif /* __NR_sendfile64 */
#define __PNR_setfsgid32 -10044
#ifndef __NR_setfsgid32
#define __NR_setfsgid32 __PNR_setfsgid32
#endif /* __NR_setfsgid32 */
#define __PNR_setfsuid32 -10045
#ifndef __NR_setfsuid32
#define __NR_setfsuid32 __PNR_setfsuid32
#endif /* __NR_setfsuid32 */
#define __PNR_setgid32 -10046
#ifndef __NR_setgid32
#define __NR_setgid32 __PNR_setgid32
#endif /* __NR_setgid32 */
#define __PNR_setgroups32 -10047
#ifndef __NR_setgroups32
#define __NR_setgroups32 __PNR_setgroups32
#endif /* __NR_setgroups32 */
#define __PNR_setregid32 -10048
#ifndef __NR_setregid32
#define __NR_setregid32 __PNR_setregid32
#endif /* __NR_setregid32 */
#define __PNR_setresgid32 -10049
#ifndef __NR_setresgid32
#define __NR_setresgid32 __PNR_setresgid32
#endif /* __NR_setresgid32 */
#define __PNR_setresuid32 -10050
#ifndef __NR_setresuid32
#define __NR_setresuid32 __PNR_setresuid32
#endif /* __NR_setresuid32 */
#define __PNR_setreuid32 -10051
#ifndef __NR_setreuid32
#define __NR_setreuid32 __PNR_setreuid32
#endif /* __NR_setreuid32 */
#define __PNR_setuid32 -10052
#ifndef __NR_setuid32
#define __NR_setuid32 __PNR_setuid32
#endif /* __NR_setuid32 */
#define __PNR_sgetmask -10053
#ifndef __NR_sgetmask
#define __NR_sgetmask __PNR_sgetmask
#endif /* __NR_sgetmask */
#define __PNR_sigaction -10054
#ifndef __NR_sigaction
#define __NR_sigaction __PNR_sigaction
#endif /* __NR_sigaction */
#define __PNR_signal -10055
#ifndef __NR_signal
#define __NR_signal __PNR_signal
#endif /* __NR_signal */
#define __PNR_sigpending -10056
#ifndef __NR_sigpending
#define __NR_sigpending __PNR_sigpending
#endif /* __NR_sigpending */
#define __PNR_sigprocmask -10057
#ifndef __NR_sigprocmask
#define __NR_sigprocmask __PNR_sigprocmask
#endif /* __NR_sigprocmask */
#define __PNR_sigreturn -10058
#ifndef __NR_sigreturn
#define __NR_sigreturn __PNR_sigreturn
#endif /* __NR_sigreturn */
#define __PNR_sigsuspend -10059
#ifndef __NR_sigsuspend
#define __NR_sigsuspend __PNR_sigsuspend
#endif /* __NR_sigsuspend */
#define __PNR_socketcall -10060
#ifndef __NR_socketcall
#define __NR_socketcall __PNR_socketcall
#endif /* __NR_socketcall */
#define __PNR_ssetmask -10061
#ifndef __NR_ssetmask
#define __NR_ssetmask __PNR_ssetmask
#endif /* __NR_ssetmask */
#define __PNR_stat64 -10062
#ifndef __NR_stat64
#define __NR_stat64 __PNR_stat64
#endif /* __NR_stat64 */
#define __PNR_statfs64 -10063
#ifndef __NR_statfs64
#define __NR_statfs64 __PNR_statfs64
#endif /* __NR_statfs64 */
#define __PNR_stime -10064
#ifndef __NR_stime
#define __NR_stime __PNR_stime
#endif /* __NR_stime */
#define __PNR_stty -10065
#ifndef __NR_stty
#define __NR_stty __PNR_stty
#endif /* __NR_stty */
#define __PNR_truncate64 -10066
#ifndef __NR_truncate64
#define __NR_truncate64 __PNR_truncate64
#endif /* __NR_truncate64 */
#define __PNR_tuxcall -10067
#ifndef __NR_tuxcall
#define __NR_tuxcall __PNR_tuxcall
#endif /* __NR_tuxcall */
#define __PNR_ugetrlimit -10068
#ifndef __NR_ugetrlimit
#define __NR_ugetrlimit __PNR_ugetrlimit
#endif /* __NR_ugetrlimit */
#define __PNR_ulimit -10069
#ifndef __NR_ulimit
#define __NR_ulimit __PNR_ulimit
#endif /* __NR_ulimit */
#define __PNR_umount -10070
#ifndef __NR_umount
#define __NR_umount __PNR_umount
#endif /* __NR_umount */
#define __PNR_vm86 -10071
#ifndef __NR_vm86
#define __NR_vm86 __PNR_vm86
#endif /* __NR_vm86 */
#define __PNR_vm86old -10072
#ifndef __NR_vm86old
#define __NR_vm86old __PNR_vm86old
#endif /* __NR_vm86old */
#define __PNR_waitpid -10073
#ifndef __NR_waitpid
#define __NR_waitpid __PNR_waitpid
#endif /* __NR_waitpid */
#define __PNR_create_module -10074
#ifndef __NR_create_module
#define __NR_create_module __PNR_create_module
#endif /* __NR_create_module */
#define __PNR_get_kernel_syms -10075
#ifndef __NR_get_kernel_syms
#define __NR_get_kernel_syms __PNR_get_kernel_syms
#endif /* __NR_get_kernel_syms */
#define __PNR_get_thread_area -10076
#ifndef __NR_get_thread_area
#define __NR_get_thread_area __PNR_get_thread_area
#endif /* __NR_get_thread_area */
#define __PNR_nfsservctl -10077
#ifndef __NR_nfsservctl
#define __NR_nfsservctl __PNR_nfsservctl
#endif /* __NR_nfsservctl */
#define __PNR_query_module -10078
#ifndef __NR_query_module
#define __NR_query_module __PNR_query_module
#endif /* __NR_query_module */
#define __PNR_set_thread_area -10079
#ifndef __NR_set_thread_area
#define __NR_set_thread_area __PNR_set_thread_area
#endif /* __NR_set_thread_area */
#define __PNR__sysctl -10080
#ifndef __NR__sysctl
#define __NR__sysctl __PNR__sysctl
#endif /* __NR__sysctl */
#define __PNR_uselib -10081
#ifndef __NR_uselib
#define __NR_uselib __PNR_uselib
#endif /* __NR_uselib */
#define __PNR_vserver -10082
#ifndef __NR_vserver
#define __NR_vserver __PNR_vserver
#endif /* __NR_vserver */
#define __PNR_arm_fadvise64_64 -10083
#ifndef __NR_arm_fadvise64_64
#define __NR_arm_fadvise64_64 __PNR_arm_fadvise64_64
#endif /* __NR_arm_fadvise64_64 */
#define __PNR_arm_sync_file_range -10084
#ifndef __NR_arm_sync_file_range
#define __NR_arm_sync_file_range __PNR_arm_sync_file_range
#endif /* __NR_arm_sync_file_range */
#define __PNR_pciconfig_iobase -10086
#ifndef __NR_pciconfig_iobase
#define __NR_pciconfig_iobase __PNR_pciconfig_iobase
#endif /* __NR_pciconfig_iobase */
#define __PNR_pciconfig_read -10087
#ifndef __NR_pciconfig_read
#define __NR_pciconfig_read __PNR_pciconfig_read
#endif /* __NR_pciconfig_read */
#define __PNR_pciconfig_write -10088
#ifndef __NR_pciconfig_write
#define __NR_pciconfig_write __PNR_pciconfig_write
#endif /* __NR_pciconfig_write */
#define __PNR_sync_file_range2 -10089
#ifndef __NR_sync_file_range2
#define __NR_sync_file_range2 __PNR_sync_file_range2
#endif /* __NR_sync_file_range2 */
#define __PNR_syscall -10090
#ifndef __NR_syscall
#define __NR_syscall __PNR_syscall
#endif /* __NR_syscall */
#define __PNR_afs_syscall -10091
#ifndef __NR_afs_syscall
#define __NR_afs_syscall __PNR_afs_syscall
#endif /* __NR_afs_syscall */
#define __PNR_fadvise64 -10092
#ifndef __NR_fadvise64
#define __NR_fadvise64 __PNR_fadvise64
#endif /* __NR_fadvise64 */
#define __PNR_getpmsg -10093
#ifndef __NR_getpmsg
#define __NR_getpmsg __PNR_getpmsg
#endif /* __NR_getpmsg */
#define __PNR_ioperm -10094
#ifndef __NR_ioperm
#define __NR_ioperm __PNR_ioperm
#endif /* __NR_ioperm */
#define __PNR_iopl -10095
#ifndef __NR_iopl
#define __NR_iopl __PNR_iopl
#endif /* __NR_iopl */
#define __PNR_migrate_pages -10097
#ifndef __NR_migrate_pages
#define __NR_migrate_pages __PNR_migrate_pages
#endif /* __NR_migrate_pages */
#define __PNR_modify_ldt -10098
#ifndef __NR_modify_ldt
#define __NR_modify_ldt __PNR_modify_ldt
#endif /* __NR_modify_ldt */
#define __PNR_putpmsg -10099
#ifndef __NR_putpmsg
#define __NR_putpmsg __PNR_putpmsg
#endif /* __NR_putpmsg */
#define __PNR_sync_file_range -10100
#ifndef __NR_sync_file_range
#define __NR_sync_file_range __PNR_sync_file_range
#endif /* __NR_sync_file_range */
#define __PNR_select -10101
#ifndef __NR_select
#define __NR_select __PNR_select
#endif /* __NR_select */
#define __PNR_vfork -10102
#ifndef __NR_vfork
#define __NR_vfork __PNR_vfork
#endif /* __NR_vfork */
#define __PNR_cachectl -10103
#ifndef __NR_cachectl
#define __NR_cachectl __PNR_cachectl
#endif /* __NR_cachectl */
#define __PNR_cacheflush -10104
#ifndef __NR_cacheflush
#ifdef __ARM_NR_cacheflush
#define __NR_cacheflush __ARM_NR_cacheflush
#else
#define __NR_cacheflush __PNR_cacheflush
#endif
#endif /* __NR_cacheflush */
#define __PNR_sysmips -10106
#ifndef __NR_sysmips
#define __NR_sysmips __PNR_sysmips
#endif /* __NR_sysmips */
#define __PNR_timerfd -10107
#ifndef __NR_timerfd
#define __NR_timerfd __PNR_timerfd
#endif /* __NR_timerfd */
#define __PNR_time -10108
#ifndef __NR_time
#define __NR_time __PNR_time
#endif /* __NR_time */
#define __PNR_getrandom -10109
#ifndef __NR_getrandom
#define __NR_getrandom __PNR_getrandom
#endif /* __NR_getrandom - NO LONGER NEEDED */
#define __PNR_memfd_create -10110
#ifndef __NR_memfd_create
#define __NR_memfd_create __PNR_memfd_create
#endif /* __NR_memfd_create - NO LONGER NEEDED */
#define __PNR_kexec_file_load -10111
#ifndef __NR_kexec_file_load
#define __NR_kexec_file_load __PNR_kexec_file_load
#endif /* __NR_kexec_file_load */
#define __PNR_sysfs -10145
#ifndef __NR_sysfs
#define __NR_sysfs __PNR_sysfs
#endif /* __NR_sysfs */
#define __PNR_oldwait4 -10146
#ifndef __NR_oldwait4
#define __NR_oldwait4 __PNR_oldwait4
#endif /* __NR_sysfs */
#define __PNR_access -10147
#ifndef __NR_access
#define __NR_access __PNR_access
#endif /* __NR_access */
#define __PNR_alarm -10148
#ifndef __NR_alarm
#define __NR_alarm __PNR_alarm
#endif /* __NR_alarm */
#define __PNR_chmod -10149
#ifndef __NR_chmod
#define __NR_chmod __PNR_chmod
#endif /* __NR_chmod */
#define __PNR_chown -10150
#ifndef __NR_chown
#define __NR_chown __PNR_chown
#endif /* __NR_chown */
#define __PNR_creat -10151
#ifndef __NR_creat
#define __NR_creat __PNR_creat
#endif /* __NR_creat */
#define __PNR_dup2 -10152
#ifndef __NR_dup2
#define __NR_dup2 __PNR_dup2
#endif /* __NR_dup2 */
#define __PNR_epoll_create -10153
#ifndef __NR_epoll_create
#define __NR_epoll_create __PNR_epoll_create
#endif /* __NR_epoll_create */
#define __PNR_epoll_wait -10154
#ifndef __NR_epoll_wait
#define __NR_epoll_wait __PNR_epoll_wait
#endif /* __NR_epoll_wait */
#define __PNR_eventfd -10155
#ifndef __NR_eventfd
#define __NR_eventfd __PNR_eventfd
#endif /* __NR_eventfd */
#define __PNR_fork -10156
#ifndef __NR_fork
#define __NR_fork __PNR_fork
#endif /* __NR_fork */
#define __PNR_futimesat -10157
#ifndef __NR_futimesat
#define __NR_futimesat __PNR_futimesat
#endif /* __NR_futimesat */
#define __PNR_getdents -10158
#ifndef __NR_getdents
#define __NR_getdents __PNR_getdents
#endif /* __NR_getdents */
#define __PNR_getpgrp -10159
#ifndef __NR_getpgrp
#define __NR_getpgrp __PNR_getpgrp
#endif /* __NR_getpgrp */
#define __PNR_inotify_init -10160
#ifndef __NR_inotify_init
#define __NR_inotify_init __PNR_inotify_init
#endif /* __NR_inotify_init */
#define __PNR_lchown -10161
#ifndef __NR_lchown
#define __NR_lchown __PNR_lchown
#endif /* __NR_lchown */
#define __PNR_link -10162
#ifndef __NR_link
#define __NR_link __PNR_link
#endif /* __NR_link */
#define __PNR_lstat -10163
#ifndef __NR_lstat
#define __NR_lstat __PNR_lstat
#endif /* __NR_lstat */
#define __PNR_mkdir -10164
#ifndef __NR_mkdir
#define __NR_mkdir __PNR_mkdir
#endif /* __NR_mkdir */
#define __PNR_mknod -10165
#ifndef __NR_mknod
#define __NR_mknod __PNR_mknod
#endif /* __NR_mknod */
#define __PNR_open -10166
#ifndef __NR_open
#define __NR_open __PNR_open
#endif /* __NR_open */
#define __PNR_pause -10167
#ifndef __NR_pause
#define __NR_pause __PNR_pause
#endif /* __NR_pause */
#define __PNR_pipe -10168
#ifndef __NR_pipe
#define __NR_pipe __PNR_pipe
#endif /* __NR_pipe */
#define __PNR_poll -10169
#ifndef __NR_poll
#define __NR_poll __PNR_poll
#endif /* __NR_poll */
#define __PNR_readlink -10170
#ifndef __NR_readlink
#define __NR_readlink __PNR_readlink
#endif /* __NR_readlink */
#define __PNR_rename -10171
#ifndef __NR_rename
#define __NR_rename __PNR_rename
#endif /* __NR_rename */
#define __PNR_rmdir -10172
#ifndef __NR_rmdir
#define __NR_rmdir __PNR_rmdir
#endif /* __NR_rmdir */
#define __PNR_signalfd -10173
#ifndef __NR_signalfd
#define __NR_signalfd __PNR_signalfd
#endif /* __NR_signalfd */
#define __PNR_stat -10174
#ifndef __NR_stat
#define __NR_stat __PNR_stat
#endif /* __NR_stat */
#define __PNR_symlink -10175
#ifndef __NR_symlink
#define __NR_symlink __PNR_symlink
#endif /* __NR_symlink */
#define __PNR_unlink -10176
#ifndef __NR_unlink
#define __NR_unlink __PNR_unlink
#endif /* __NR_unlink */
#define __PNR_ustat -10177
#ifndef __NR_ustat
#define __NR_ustat __PNR_ustat
#endif /* __NR_ustat */
#define __PNR_utime -10178
#ifndef __NR_utime
#define __NR_utime __PNR_utime
#endif /* __NR_utime */
#define __PNR_utimes -10179
#ifndef __NR_utimes
#define __NR_utimes __PNR_utimes
#endif /* __NR_utimes */
#define __PNR_getrlimit -10180
#ifndef __NR_getrlimit
#define __NR_getrlimit __PNR_getrlimit
#endif /* __NR_utimes */
#define __PNR_mmap -10181
#ifndef __NR_mmap
#define __NR_mmap __PNR_mmap
#endif /* __NR_utimes */
#define __PNR_breakpoint -10182
#ifndef __NR_breakpoint
#ifdef __ARM_NR_breakpoint
#define __NR_breakpoint __ARM_NR_breakpoint
#else
#define __NR_breakpoint __PNR_breakpoint
#endif
#endif /* __NR_breakpoint */
#define __PNR_set_tls -10183
#ifndef __NR_set_tls
#ifdef __ARM_NR_set_tls
#define __NR_set_tls __ARM_NR_set_tls
#else
#define __NR_set_tls __PNR_set_tls
#endif
#endif /* __NR_set_tls */
#define __PNR_usr26 -10184
#ifndef __NR_usr26
#ifdef __ARM_NR_usr26
#define __NR_usr26 __ARM_NR_usr26
#else
#define __NR_usr26 __PNR_usr26
#endif
#endif /* __NR_usr26 */
#define __PNR_usr32 -10185
#ifndef __NR_usr32
#ifdef __ARM_NR_usr32
#define __NR_usr32 __ARM_NR_usr32
#else
#define __NR_usr32 __PNR_usr32
#endif
#endif /* __NR_usr32 */
#define __PNR_multiplexer -10186
#ifndef __NR_multiplexer
#define __NR_multiplexer __PNR_multiplexer
#endif /* __NR_multiplexer */
#define __PNR_rtas -10187
#ifndef __NR_rtas
#define __NR_rtas __PNR_rtas
#endif /* __NR_rtas */
#define __PNR_spu_create -10188
#ifndef __NR_spu_create
#define __NR_spu_create __PNR_spu_create
#endif /* __NR_spu_create */
#define __PNR_spu_run -10189
#ifndef __NR_spu_run
#define __NR_spu_run __PNR_spu_run
#endif /* __NR_spu_run */
#define __PNR_swapcontext -10190
#ifndef __NR_swapcontext
#define __NR_swapcontext __PNR_swapcontext
#endif /* __NR_swapcontext */
#define __PNR_sys_debug_setcontext -10191
#ifndef __NR_sys_debug_setcontext
#define __NR_sys_debug_setcontext __PNR_sys_debug_setcontext
#endif /* __NR_sys_debug_setcontext */
#define __PNR_switch_endian -10191
#ifndef __NR_switch_endian
#define __NR_switch_endian __PNR_switch_endian
#endif /* __NR_switch_endian */
#define __PNR_get_mempolicy -10192
#ifndef __NR_get_mempolicy
#define __NR_get_mempolicy __PNR_get_mempolicy
#endif /* __NR_get_mempolicy */
#define __PNR_move_pages -10193
#ifndef __NR_move_pages
#define __NR_move_pages __PNR_move_pages
#endif /* __NR_move_pages */
#define __PNR_mbind -10194
#ifndef __NR_mbind
#define __NR_mbind __PNR_mbind
#endif /* __NR_mbind */
#define __PNR_set_mempolicy -10195
#ifndef __NR_set_mempolicy
#define __NR_set_mempolicy __PNR_set_mempolicy
#endif /* __NR_set_mempolicy */
#define __PNR_s390_runtime_instr -10196
#ifndef __NR_s390_runtime_instr
#define __NR_s390_runtime_instr __PNR_s390_runtime_instr
#endif /* __NR_s390_runtime_instr */
#define __PNR_s390_pci_mmio_read -10197
#ifndef __NR_s390_pci_mmio_read
#define __NR_s390_pci_mmio_read __PNR_s390_pci_mmio_read
#endif /* __NR_s390_pci_mmio_read */
#define __PNR_s390_pci_mmio_write -10198
#ifndef __NR_s390_pci_mmio_write
#define __NR_s390_pci_mmio_write __PNR_s390_pci_mmio_write
#endif /* __NR_s390_pci_mmio_write */
#define __PNR_membarrier -10199
#ifndef __NR_membarrier
#define __NR_membarrier __PNR_membarrier
#endif /* __NR_membarrier */
#define __PNR_userfaultfd -10200
#ifndef __NR_userfaultfd
#define __NR_userfaultfd __PNR_userfaultfd
#endif /* __NR_userfaultfd */
#define __PNR_pkey_mprotect -10201
#ifndef __NR_pkey_mprotect
#define __NR_pkey_mprotect __PNR_pkey_mprotect
#endif /* __NR_pkey_mprotect */
#define __PNR_pkey_alloc -10202
#ifndef __NR_pkey_alloc
#define __NR_pkey_alloc __PNR_pkey_alloc
#endif /* __NR_pkey_alloc */
#define __PNR_pkey_free -10203
#ifndef __NR_pkey_free
#define __NR_pkey_free __PNR_pkey_free
#endif /* __NR_pkey_free */
#define __PNR_get_tls -10204
#ifndef __NR_get_tls
#ifdef __ARM_NR_get_tls
#define __NR_get_tls __ARM_NR_get_tls
#else
#define __NR_get_tls __PNR_get_tls
#endif
#endif /* __NR_get_tls */
#define __PNR_s390_guarded_storage -10205
#ifndef __NR_s390_guarded_storage
#define __NR_s390_guarded_storage __PNR_s390_guarded_storage
#endif /* __NR_s390_guarded_storage */
#define __PNR_s390_sthyi -10206
#ifndef __NR_s390_sthyi
#define __NR_s390_sthyi __PNR_s390_sthyi
#endif /* __NR_s390_sthyi */
#define __PNR_subpage_prot -10207
#ifndef __NR_subpage_prot
#define __NR_subpage_prot __PNR_subpage_prot
#endif /* __NR_subpage_prot */
#define __PNR_statx -10208
#ifndef __NR_statx
#define __NR_statx __PNR_statx
#endif /* __NR_statx */
#define __PNR_io_pgetevents -10209
#ifndef __NR_io_pgetevents
#define __NR_io_pgetevents __PNR_io_pgetevents
#endif /* __NR_io_pgetevents */
#define __PNR_rseq -10210
#ifndef __NR_rseq
#define __NR_rseq __PNR_rseq
#endif /* __NR_rseq */
#ifdef __cplusplus
}
#endif
#endif
|