Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/linux_seccomp.h

Issue 494743003: sandbox: Add support for the new seccomp() system call in kernel 3.17. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
7 7
8 // The Seccomp2 kernel ABI is not part of older versions of glibc. 8 // The Seccomp2 kernel ABI is not part of older versions of glibc.
9 // As we can't break compilation with these versions of the library, 9 // As we can't break compilation with these versions of the library,
10 // we explicitly define all missing symbols. 10 // we explicitly define all missing symbols.
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
84 84
85 // In order to build will older tool chains, we currently have to avoid 85 // In order to build will older tool chains, we currently have to avoid
86 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on 86 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on
87 // our own definitions of the seccomp kernel ABI. 87 // our own definitions of the seccomp kernel ABI.
88 #ifndef SECCOMP_MODE_FILTER 88 #ifndef SECCOMP_MODE_FILTER
89 #define SECCOMP_MODE_DISABLED 0 89 #define SECCOMP_MODE_DISABLED 0
90 #define SECCOMP_MODE_STRICT 1 90 #define SECCOMP_MODE_STRICT 1
91 #define SECCOMP_MODE_FILTER 2 // User user-supplied filter 91 #define SECCOMP_MODE_FILTER 2 // User user-supplied filter
92 #endif 92 #endif
93 93
94 #ifndef SECCOMP_SET_MODE_STRICT
95 #define SECCOMP_SET_MODE_STRICT 0
96 #endif
97 #ifndef SECCOMP_SET_MODE_FILTER
98 #define SECCOMP_SET_MODE_FILTER 1
99 #endif
100 #ifndef SECCOMP_FILTER_FLAG_TSYNC
101 #define SECCOMP_FILTER_FLAG_TSYNC 1
102 #endif
103
94 #ifndef SECCOMP_RET_KILL 104 #ifndef SECCOMP_RET_KILL
95 // Return values supported for BPF filter programs. Please note that the 105 // Return values supported for BPF filter programs. Please note that the
96 // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only 106 // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only
97 // ever be used internally, and would result in the kernel killing our process. 107 // ever be used internally, and would result in the kernel killing our process.
98 #define SECCOMP_RET_KILL 0x00000000U // Kill the task immediately 108 #define SECCOMP_RET_KILL 0x00000000U // Kill the task immediately
99 #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value 109 #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value
100 #define SECCOMP_RET_TRAP 0x00030000U // Disallow and force a SIGSYS 110 #define SECCOMP_RET_TRAP 0x00030000U // Disallow and force a SIGSYS
101 #define SECCOMP_RET_ERRNO 0x00050000U // Returns an errno 111 #define SECCOMP_RET_ERRNO 0x00050000U // Returns an errno
102 #define SECCOMP_RET_TRACE 0x7ff00000U // Pass to a tracer or disallow 112 #define SECCOMP_RET_TRACE 0x7ff00000U // Pass to a tracer or disallow
103 #define SECCOMP_RET_ALLOW 0x7fff0000U // Allow 113 #define SECCOMP_RET_ALLOW 0x7fff0000U // Allow
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after
353 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_a1 363 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_a1
354 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_a2 364 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_a2
355 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_a3 365 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_a3
356 366
357 #else 367 #else
358 #error Unsupported target platform 368 #error Unsupported target platform
359 369
360 #endif 370 #endif
361 371
362 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 372 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698