5efbf2d187
This adds the new "seccomp" syscall with both an "operation" and "flags" parameter for future expansion. The third argument is a pointer value, used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). In addition to the TSYNC flag later in this patch series, there is a non-zero chance that this syscall could be used for configuring a fixed argument area for seccomp-tracer-aware processes to pass syscall arguments in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" for this syscall. Additionally, this syscall uses operation, flags, and user pointer for arguments because strictly passing arguments via a user pointer would mean seccomp itself would be unable to trivially filter the seccomp syscall itself. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net> Git-commit: e985fd474debedb269fba27006eda50d0b6f07ef Git-repo: https://android.googlesource.com/kernel/common.git [imaund@codeaurora.org: The values assigned to seccomp are already in use by sched_setattr and sched_getattr. Instead, use the next available values.] Signed-off-by: Ian Maund <imaund@codeaurora.org> |
||
---|---|---|
.. | ||
alpha | ||
arc | ||
arm | ||
arm64 | ||
avr32 | ||
blackfin | ||
c6x | ||
cris | ||
frv | ||
h8300 | ||
hexagon | ||
ia64 | ||
m32r | ||
m68k | ||
metag | ||
microblaze | ||
mips | ||
mn10300 | ||
openrisc | ||
parisc | ||
powerpc | ||
s390 | ||
score | ||
sh | ||
sparc | ||
tile | ||
um | ||
unicore32 | ||
x86 | ||
xtensa | ||
.gitignore | ||
Kconfig |