Update sandbox/linux from upstream

sandbox/linux/bpf_dsl/bpf_dsl.h

Index: sandbox/linux/bpf_dsl/bpf_dsl.h
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.h b/sandbox/linux/bpf_dsl/bpf_dsl.h
index 365e9b5466a1e5d1462afd4a1ab61d0b9f2bb8bc..913ab9cbdbbf6b7adce6cee50653aa9ff6403faf 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl.h
+++ b/sandbox/linux/bpf_dsl/bpf_dsl.h
@@ -55,7 +55,7 @@
 //
 // More generally, the DSL currently supports the following grammar:
 //
-//   result = Allow() | Error(errno) | Kill(msg) | Trace(aux)
+//   result = Allow() | Error(errno) | Kill() | Trace(aux)
 //          | Trap(trap_func, aux) | UnsafeTrap(trap_func, aux)
 //          | If(bool, result)[.ElseIf(bool, result)].Else(result)
 //          | Switch(arg)[.Case(val, result)].Default(result)
@@ -89,8 +89,8 @@ SANDBOX_EXPORT ResultExpr Allow();
 // side effects.
 SANDBOX_EXPORT ResultExpr Error(int err);
 
-// Kill specifies a result to kill the program and print an error message.
-SANDBOX_EXPORT ResultExpr Kill(const char* msg);
+// Kill specifies a result to kill the process (task) immediately.
+SANDBOX_EXPORT ResultExpr Kill();
 
 // Trace specifies a result to notify a tracing process via the
 // PTRACE_EVENT_SECCOMP event and allow it to change or skip the system call.
@@ -278,6 +278,10 @@ Arg<T>::Arg(int num)
 // see http://www.parashift.com/c++-faq-lite/template-friends.html.
 template <typename T>
 BoolExpr Arg<T>::EqualTo(T val) const {
+  if (sizeof(T) == 4) {
+    // Prevent sign-extension of negative int32_t values.
+    return internal::ArgEq(num_, sizeof(T), mask_, static_cast<uint32_t>(val));
+  }
   return internal::ArgEq(num_, sizeof(T), mask_, static_cast<uint64_t>(val));
 }