diff options
| author | Will Drewry <wad@chromium.org> | 2012-04-12 16:48:01 -0500 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2012-04-14 11:13:21 +1000 |
| commit | bb6ea4301a1109afdacaee576fedbfcd7152fc86 (patch) | |
| tree | 5412219057d8e0ec2a30d0a1ad4f6b7dd398c754 /include | |
| parent | a0727e8ce513fe6890416da960181ceb10fbfae6 (diff) | |
| download | linux-stable-bb6ea4301a1109afdacaee576fedbfcd7152fc86.tar.gz linux-stable-bb6ea4301a1109afdacaee576fedbfcd7152fc86.tar.bz2 linux-stable-bb6ea4301a1109afdacaee576fedbfcd7152fc86.zip | |
seccomp: Add SECCOMP_RET_TRAP
Adds a new return value to seccomp filters that triggers a SIGSYS to be
delivered with the new SYS_SECCOMP si_code.
This allows in-process system call emulation, including just specifying
an errno or cleanly dumping core, rather than just dying.
Suggested-by: Markus Gutschke <markus@chromium.org>
Suggested-by: Julien Tinnes <jln@chromium.org>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
v18: - acked-by, rebase
- don't mention secure_computing_int() anymore
v15: - use audit_seccomp/skip
- pad out error spacing; clean up switch (indan@nul.nu)
v14: - n/a
v13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - rebase on to linux-next
v11: - clarify the comment (indan@nul.nu)
- s/sigtrap/sigsys
v10: - use SIGSYS, syscall_get_arch, updates arch/Kconfig
note suggested-by (though original suggestion had other behaviors)
v9: - changes to SIGILL
v8: - clean up based on changes to dependent patches
v7: - introduction
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/asm-generic/siginfo.h | 2 | ||||
| -rw-r--r-- | include/linux/seccomp.h | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/include/asm-generic/siginfo.h b/include/asm-generic/siginfo.h index 31306f55eb02..af5d0350f84c 100644 --- a/include/asm-generic/siginfo.h +++ b/include/asm-generic/siginfo.h @@ -93,7 +93,7 @@ typedef struct siginfo { /* SIGSYS */ struct { - void __user *_call_addr; /* calling insn */ + void __user *_call_addr; /* calling user insn */ int _syscall; /* triggering system call number */ unsigned int _arch; /* AUDIT_ARCH_* of syscall */ } _sigsys; diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index b4ce2c816e06..317ccb78cf40 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -19,6 +19,7 @@ * selects the least permissive choice. */ #define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ +#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ #define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ #define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ |