diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2017-11-11 21:35:49 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2017-11-11 21:54:12 +0900 |
| commit | 8cfa775f4f116c5f56a140da268ea7b6072534e6 (patch) | |
| tree | 7f88d52404e713e03c872c49a7c908fbbec479b3 /src/shared/seccomp-util.h | |
| parent | 473d2ec39cc9f43c7918c4587c8984ec9235455f (diff) | |
| download | systemd-8cfa775f4f116c5f56a140da268ea7b6072534e6.tar.gz | |
core: add support to specify errno in SystemCallFilter=
This makes each system call in SystemCallFilter= blacklist optionally
takes errno name or number after a colon. The errno takes precedence
over the one given by SystemCallErrorNumber=.
C.f. #7173.
Closes #7169.
Diffstat (limited to 'src/shared/seccomp-util.h')
| -rw-r--r-- | src/shared/seccomp-util.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 6dfa465ef3..a3c360cdb3 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -73,12 +73,12 @@ extern const SyscallFilterSet syscall_filter_sets[]; const SyscallFilterSet *syscall_filter_set_find(const char *name); -int seccomp_filter_set_add(Set *s, bool b, const SyscallFilterSet *set); +int seccomp_filter_set_add(Hashmap *s, bool b, const SyscallFilterSet *set); int seccomp_add_syscall_filter_item(scmp_filter_ctx *ctx, const char *name, uint32_t action, char **exclude); int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilterSet *set, uint32_t action); -int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Set* set, uint32_t action); +int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, uint32_t action); int seccomp_restrict_archs(Set *archs); int seccomp_restrict_namespaces(unsigned long retain); |