xlat: add SECCOMP_FILTER_FLAG_SPEC_ALLOW

author Eugene Syromyatnikov <evgsyr@gmail.com>

Wed, 23 May 2018 10:24:05 +0000 (12:24 +0200)

committer Dmitry V. Levin <ldv@altlinux.org>

Fri, 25 May 2018 09:15:03 +0000 (09:15 +0000)
author Eugene Syromyatnikov <evgsyr@gmail.com>
Wed, 23 May 2018 10:24:05 +0000 (12:24 +0200)
committer Dmitry V. Levin <ldv@altlinux.org>
Fri, 25 May 2018 09:15:03 +0000 (09:15 +0000)
diff --git a/tests/seccomp-filter-v.c b/tests/seccomp-filter-v.c

index 34ab3b58f562f8272b5212bfb915f2b5b8407aa7..07420cb0ab99e5c71fe94f0e98fa1178f079b3dc 100644 (file)
--- a/tests/seccomp-filter-v.c
+++ b/tests/seccomp-filter-v.c
@@ -136,7 +136,8 @@ main(void)
         prog->filter = big_filter;
         prog->len = BPF_MAXINSNS + 1;
         tprintf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=[",
-               "SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|0xfffffffc",
+               "SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|"
+               "SECCOMP_FILTER_FLAG_SPEC_ALLOW|0xfffffff8",
                 prog->len);
         for (i = 0; i < BPF_MAXINSNS; ++i) {
                 if (i)
diff --git a/tests/seccomp-filter.c b/tests/seccomp-filter.c

index 7bc76560af6af0532c54f969e99510e8a3d401ae..e1568f80b39aafb54cde958cfe1c234928590e76 100644 (file)
--- a/tests/seccomp-filter.c
+++ b/tests/seccomp-filter.c
@@ -56,12 +56,13 @@ main(void)
         rc = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -1, prog);
         printf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=%p})"
                " = %ld %s (%m)\n",
-              "SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|0xfffffffc",
+              "SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|"
+              "SECCOMP_FILTER_FLAG_SPEC_ALLOW|0xfffffff8",
                prog->len, prog->filter, rc, errno2name());
  
-       rc = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -4L, efault);
+       rc = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -8L, efault);
         printf("seccomp(SECCOMP_SET_MODE_FILTER, %s, %p) = %ld %s (%m)\n",
-              "0xfffffffc /* SECCOMP_FILTER_FLAG_??? */",
+              "0xfffffff8 /* SECCOMP_FILTER_FLAG_??? */",
                efault, rc, errno2name());
  
         puts("+++ exited with 0 +++");
diff --git a/xlat/seccomp_filter_flags.in b/xlat/seccomp_filter_flags.in

index 439f3813e3b5c7ce2d005038ec8c9d7f82d27aa6..be2dab877398d082efa07dfa724d11ecb9372e8e 100644 (file)
--- a/xlat/seccomp_filter_flags.in
+++ b/xlat/seccomp_filter_flags.in
@@ -1,2 +1,3 @@
  SECCOMP_FILTER_FLAG_TSYNC 1
  SECCOMP_FILTER_FLAG_LOG 2
+SECCOMP_FILTER_FLAG_SPEC_ALLOW 4
author	Eugene Syromyatnikov <evgsyr@gmail.com>
	Wed, 23 May 2018 10:24:05 +0000 (12:24 +0200)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Fri, 25 May 2018 09:15:03 +0000 (09:15 +0000)
tests/seccomp-filter-v.c		patch \| blob \| history
tests/seccomp-filter.c		patch \| blob \| history
xlat/seccomp_filter_flags.in		patch \| blob \| history