Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(358)

Side by Side Diff: sandbox/linux/seccomp-bpf/linux_seccomp.h

Issue 494743003: sandbox: Add support for the new seccomp() system call in kernel 3.17. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
7 7
8 // The Seccomp2 kernel ABI is not part of older versions of glibc. 8 // The Seccomp2 kernel ABI is not part of older versions of glibc.
9 // As we can't break compilation with these versions of the library, 9 // As we can't break compilation with these versions of the library,
10 // we explicitly define all missing symbols. 10 // we explicitly define all missing symbols.
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
90 90
91 // In order to build will older tool chains, we currently have to avoid 91 // In order to build will older tool chains, we currently have to avoid
92 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on 92 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on
93 // our own definitions of the seccomp kernel ABI. 93 // our own definitions of the seccomp kernel ABI.
94 #ifndef SECCOMP_MODE_FILTER 94 #ifndef SECCOMP_MODE_FILTER
95 #define SECCOMP_MODE_DISABLED 0 95 #define SECCOMP_MODE_DISABLED 0
96 #define SECCOMP_MODE_STRICT 1 96 #define SECCOMP_MODE_STRICT 1
97 #define SECCOMP_MODE_FILTER 2 // User user-supplied filter 97 #define SECCOMP_MODE_FILTER 2 // User user-supplied filter
98 #endif 98 #endif
99 99
100 #ifndef SECCOMP_SET_MODE_STRICT
101 #define SECCOMP_SET_MODE_STRICT 0
102 #endif
103 #ifndef SECCOMP_SET_MODE_FILTER
104 #define SECCOMP_SET_MODE_FILTER 1
105 #endif
106 #ifndef SECCOMP_FILTER_FLAG_TSYNC
107 #define SECCOMP_FILTER_FLAG_TSYNC 1
108 #endif
109
100 #ifndef SECCOMP_RET_KILL 110 #ifndef SECCOMP_RET_KILL
101 // Return values supported for BPF filter programs. Please note that the 111 // Return values supported for BPF filter programs. Please note that the
102 // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only 112 // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only
103 // ever be used internally, and would result in the kernel killing our process. 113 // ever be used internally, and would result in the kernel killing our process.
104 #define SECCOMP_RET_KILL 0x00000000U // Kill the task immediately 114 #define SECCOMP_RET_KILL 0x00000000U // Kill the task immediately
105 #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value 115 #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value
106 #define SECCOMP_RET_TRAP 0x00030000U // Disallow and force a SIGSYS 116 #define SECCOMP_RET_TRAP 0x00030000U // Disallow and force a SIGSYS
107 #define SECCOMP_RET_ERRNO 0x00050000U // Returns an errno 117 #define SECCOMP_RET_ERRNO 0x00050000U // Returns an errno
108 #define SECCOMP_RET_TRACE 0x7ff00000U // Pass to a tracer or disallow 118 #define SECCOMP_RET_TRACE 0x7ff00000U // Pass to a tracer or disallow
109 #define SECCOMP_RET_ALLOW 0x7fff0000U // Allow 119 #define SECCOMP_RET_ALLOW 0x7fff0000U // Allow
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after
404 #define SECCOMP_PT_PARM3(_regs) (_regs).regs[2] 414 #define SECCOMP_PT_PARM3(_regs) (_regs).regs[2]
405 #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3] 415 #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3]
406 #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4] 416 #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4]
407 #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5] 417 #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5]
408 #else 418 #else
409 #error Unsupported target platform 419 #error Unsupported target platform
410 420
411 #endif 421 #endif
412 422
413 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 423 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698