summaryrefslogtreecommitdiff
path: root/arch/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2014-06-25 16:08:24 -0700
committerKees Cook <keescook@chromium.org>2014-07-18 12:13:37 -0700
commit48dc92b9fc3926844257316e75ba11eb5c742b2c (patch)
tree2f35355b95a7c1473fd8d361b4f15a9f368999b4 /arch/Kconfig
parent3b23dd12846215eff4afb073366b80c0c4d7543e (diff)
downloadlwn-48dc92b9fc3926844257316e75ba11eb5c742b2c.tar.gz
lwn-48dc92b9fc3926844257316e75ba11eb5c742b2c.zip
seccomp: add "seccomp" syscall
This adds the new "seccomp" syscall with both an "operation" and "flags" parameter for future expansion. The third argument is a pointer value, used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). In addition to the TSYNC flag later in this patch series, there is a non-zero chance that this syscall could be used for configuring a fixed argument area for seccomp-tracer-aware processes to pass syscall arguments in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" for this syscall. Additionally, this syscall uses operation, flags, and user pointer for arguments because strictly passing arguments via a user pointer would mean seccomp itself would be unable to trivially filter the seccomp syscall itself. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'arch/Kconfig')
-rw-r--r--arch/Kconfig1
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 97ff872c7acc..0eae9df35b88 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -321,6 +321,7 @@ config HAVE_ARCH_SECCOMP_FILTER
- secure_computing is called from a ptrace_event()-safe context
- secure_computing return value is checked and a return value of -1
results in the system call being skipped immediately.
+ - seccomp syscall wired up
config SECCOMP_FILTER
def_bool y