diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2017-08-11 04:33:53 +0000 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-08-14 13:46:44 -0700 |
| commit | d612b1fd8010d0d67b5287fe146b8b55bcbb8655 (patch) | |
| tree | cadcaeebf71ffa28aced54e9fc8b7c0ee42cc6d3 /samples/livepatch | |
| parent | 8e5f1ad116df6b0de65eac458d5e7c318d1c05af (diff) | |
| download | linux-stable-d612b1fd8010d0d67b5287fe146b8b55bcbb8655.tar.gz linux-stable-d612b1fd8010d0d67b5287fe146b8b55bcbb8655.tar.bz2 linux-stable-d612b1fd8010d0d67b5287fe146b8b55bcbb8655.zip | |
seccomp: Operation for checking if an action is available
Userspace code that needs to check if the kernel supports a given action
may not be able to use the /proc/sys/kernel/seccomp/actions_avail
sysctl. The process may be running in a sandbox and, therefore,
sufficient filesystem access may not be available. This patch adds an
operation to the seccomp(2) syscall that allows userspace code to ask
the kernel if a given action is available.
If the action is supported by the kernel, 0 is returned. If the action
is not supported by the kernel, -1 is returned with errno set to
-EOPNOTSUPP. If this check is attempted on a kernel that doesn't support
this new operation, -1 is returned with errno set to -EINVAL meaning
that userspace code will have the ability to differentiate between the
two error cases.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'samples/livepatch')
0 files changed, 0 insertions, 0 deletions