diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2017-08-11 07:33:53 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-08-14 23:46:44 +0300 |
commit | d612b1fd8010d0d67b5287fe146b8b55bcbb8655 (patch) | |
tree | cadcaeebf71ffa28aced54e9fc8b7c0ee42cc6d3 /include/linux/stddef.h | |
parent | 8e5f1ad116df6b0de65eac458d5e7c318d1c05af (diff) | |
download | linux-d612b1fd8010d0d67b5287fe146b8b55bcbb8655.tar.xz |
seccomp: Operation for checking if an action is available
Userspace code that needs to check if the kernel supports a given action
may not be able to use the /proc/sys/kernel/seccomp/actions_avail
sysctl. The process may be running in a sandbox and, therefore,
sufficient filesystem access may not be available. This patch adds an
operation to the seccomp(2) syscall that allows userspace code to ask
the kernel if a given action is available.
If the action is supported by the kernel, 0 is returned. If the action
is not supported by the kernel, -1 is returned with errno set to
-EOPNOTSUPP. If this check is attempted on a kernel that doesn't support
this new operation, -1 is returned with errno set to -EINVAL meaning
that userspace code will have the ability to differentiate between the
two error cases.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include/linux/stddef.h')
0 files changed, 0 insertions, 0 deletions