SECCOMP-BPF: Added support for greylisting of system calls.

sandbox/linux/seccomp-bpf/errorcode.h

Index: sandbox/linux/seccomp-bpf/errorcode.h
diff --git a/sandbox/linux/seccomp-bpf/errorcode.h b/sandbox/linux/seccomp-bpf/errorcode.h
index 2b941eea033065d43788d88525f12a5f205ea8b8..d2661dbd066eb399369e24d4db050c332ee0fb90 100644
--- a/sandbox/linux/seccomp-bpf/errorcode.h
+++ b/sandbox/linux/seccomp-bpf/errorcode.h
@@ -94,7 +94,7 @@ class ErrorCode {
   // If we are wrapping a callback, we must assign a unique id. This id is
   // how the kernel tells us which one of our different SECCOMP_RET_TRAP
   // cases has been triggered.
-  ErrorCode(TrapFnc fnc, const void *aux, uint16_t id);
+  ErrorCode(TrapFnc fnc, const void *aux, bool safe, uint16_t id);
 
   // Some system calls require inspection of arguments. This constructor
   // allows us to specify additional constraints.
@@ -108,6 +108,7 @@ class ErrorCode {
     struct {
       TrapFnc fnc_;              // Callback function and arg, if trap was
       void    *aux_;             //   triggered by the kernel's BPF filter.
+      bool    safe_;             // Keep sandbox active while calling fnc_()
     };
 
     // Fields needed when inspecting additional arguments.