diff options
author | Will Drewry <wad@chromium.org> | 2012-02-09 12:01:37 -0600 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2012-06-20 12:33:04 -0600 |
commit | 959540e0ae69fddc4c3e410c26b38eabf40d9778 (patch) | |
tree | 87601a109795e2c83f55696e3898608b28c523cb /include | |
parent | d8f0f1a89b239953877671f6b84c3851935d100f (diff) |
UBUNTU: SAUCE: SECCOMP: seccomp: Add SECCOMP_RET_TRAP
Adds a new return value to seccomp filters that triggers a SIGSYS to be
delivered with the new SYS_SECCOMP si_code.
This allows in-process system call emulation, including just specifying
an errno or cleanly dumping core, rather than just dying.
v15: - use audit_seccomp/skip
- pad out error spacing; clean up switch (indan@nul.nu)
v14: - n/a
v13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - rebase on to linux-next
v11: - clarify the comment (indan@nul.nu)
- s/sigtrap/sigsys
v10: - use SIGSYS, syscall_get_arch, updates arch/Kconfig
note suggested-by (though original suggestion had other behaviors)
v9: - changes to SIGILL
v8: - clean up based on changes to dependent patches
v7: - introduction
Suggested-by: Markus Gutschke <markus@chromium.org>
Suggested-by: Julien Tinnes <jln@chromium.org>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/asm-generic/siginfo.h | 2 | ||||
-rw-r--r-- | include/linux/seccomp.h | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/include/asm-generic/siginfo.h b/include/asm-generic/siginfo.h index d2c7f2953c2..8ed67779fc0 100644 --- a/include/asm-generic/siginfo.h +++ b/include/asm-generic/siginfo.h @@ -101,7 +101,7 @@ typedef struct siginfo { /* SIGSYS */ struct { - void __user *_call_addr; /* calling insn */ + void __user *_call_addr; /* calling user insn */ int _syscall; /* triggering system call number */ unsigned int _arch; /* AUDIT_ARCH_* of syscall */ } _sigsys; diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 12bb2e31ed1..a5078fb30a8 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -19,6 +19,7 @@ * selects the least permissive choice. */ #define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ +#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ #define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ #define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ |