mirror of
https://github.com/torvalds/linux.git
synced 2026-06-08 06:25:52 +02:00
e985fd474d
This adds the new "seccomp" syscall with both an "operation" and "flags" parameter for future expansion. The third argument is a pointer value, used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). In addition to the TSYNC flag later in this patch series, there is a non-zero chance that this syscall could be used for configuring a fixed argument area for seccomp-tracer-aware processes to pass syscall arguments in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" for this syscall. Additionally, this syscall uses operation, flags, and user pointer for arguments because strictly passing arguments via a user pointer would mean seccomp itself would be unable to trivially filter the seccomp syscall itself. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net> Conflicts: arch/x86/syscalls/syscall_32.tbl arch/x86/syscalls/syscall_64.tbl include/uapi/asm-generic/unistd.h kernel/seccomp.c And fixup of unistd32.h to truly enable sys_secomp. Change-Id: I95bea02382c52007d22e5e9dc563c7d055c2c83f |
||
|---|---|---|
| .. | ||
| alpha | ||
| arc | ||
| arm | ||
| arm64 | ||
| avr32 | ||
| blackfin | ||
| c6x | ||
| cris | ||
| frv | ||
| h8300 | ||
| hexagon | ||
| ia64 | ||
| m32r | ||
| m68k | ||
| metag | ||
| microblaze | ||
| mips | ||
| mn10300 | ||
| openrisc | ||
| parisc | ||
| powerpc | ||
| s390 | ||
| score | ||
| sh | ||
| sparc | ||
| tile | ||
| um | ||
| unicore32 | ||
| x86 | ||
| xtensa | ||
| .gitignore | ||
| Kconfig | ||