From 005bfaf11876e261de6b99d597b69f664b53e7c5 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Wed, 5 Aug 2020 16:31:26 +0300
Subject: exec: Add kill action to system call filters

Define explicit action "kill" for SystemCallErrorNumber=.

In addition to errno code, allow specifying "kill" as action for
SystemCallFilter=.

---
v7: seccomp_parse_errno_or_action() returns -EINVAL if !HAVE_SECCOMP
v6: use streq_ptr(), let errno_to_name() handle bad values, kill processes,
 init syscall_errno
v5: actually use seccomp_errno_or_action_to_string(), don't fail bus unit
parsing without seccomp
v4: fix build without seccomp
v3: drop log action
v2: action -> number
---
 src/basic/parse-util.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/basic/parse-util.h')

diff --git a/src/basic/parse-util.h b/src/basic/parse-util.h
index 9a516ce5f6..2cee65c49a 100644
--- a/src/basic/parse-util.h
+++ b/src/basic/parse-util.h
@@ -19,7 +19,9 @@ int parse_mtu(int family, const char *s, uint32_t *ret);
 int parse_size(const char *t, uint64_t base, uint64_t *size);
 int parse_range(const char *t, unsigned *lower, unsigned *upper);
 int parse_errno(const char *t);
+#if HAVE_SECCOMP
 int parse_syscall_and_errno(const char *in, char **name, int *error);
+#endif
 
 #define SAFE_ATO_REFUSE_PLUS_MINUS (1U << 30)
 #define SAFE_ATO_REFUSE_LEADING_ZERO (1U << 29)
-- 
cgit v1.2.1