Update SECCOMP_* constants

* xlat/seccomp_filter_flags.in: Add SECCOMP_FILTER_FLAG_LOG introduced by kernel commit v4.14-rc2~15^2~6. * xlat/seccomp_ops.in: Add SECCOMP_GET_ACTION_AVAIL introduced by kernel commit v4.14-rc2~15^2~9. * xlat/seccomp_ret_action.in: Add SECCOMP_RET_LOG introduced by kernel commit v4.14-rc2~15^2~5. * NEWS: Mention this. * tests/seccomp-filter.c (main): Update expected output. * tests/seccomp-filter-v.c (main): Likewise.
2017-11-01 01:50:59 +00:00 · 2017-11-01 01:50:59 +00:00 · 3ed59f89fd
commit 3ed59f89fd
parent 2ce8a26a9a
6 changed files with 11 additions and 5 deletions
--- a/3
+++ b/3
@ -4,7 +4,8 @@ Noteworthy changes in release ?.?? (????-??-??)
 * Improvements
  * Implemented decoding of NETLINK_NETFILTER netlink message types and flags.
  * Updated lists of ARPHRD_*, BPF_*, ETH_P_*, LOOP_*, MADV_*,
-    MEMBARRIER_CMD_*, MFD_*, SO_*, SOL_*, TCP_*, and UFFD_FEATURE_* constants.
+    MEMBARRIER_CMD_*, MFD_*, SECCOMP_*, SO_*, SOL_*, TCP_*, and UFFD_FEATURE_*
+    constants.
  * Updated lists of ioctl commands from Linux 4.14.

 * Bug fixes
--- a/tests/seccomp-filter-v.c
+++ b/tests/seccomp-filter-v.c
@ -136,7 +136,8 @@ main(void)
 	prog->filter = big_filter;
 	prog->len = BPF_MAXINSNS + 1;
 	tprintf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=[",
-		"SECCOMP_FILTER_FLAG_TSYNC|0xfffffffe", prog->len);
+		"SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|0xfffffffc",
+		prog->len);
 	for (i = 0; i < BPF_MAXINSNS; ++i) {
 		if (i)
 			tprintf(", ");
--- a/tests/seccomp-filter.c
+++ b/tests/seccomp-filter.c
@ -55,12 +55,13 @@ main(void)
 	prog->len = N;
 	rc = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -1, prog);
 	printf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=%p})"
-	       " = %ld %s (%m)\n", "SECCOMP_FILTER_FLAG_TSYNC|0xfffffffe",
+	       " = %ld %s (%m)\n",
+	       "SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|0xfffffffc",
 	       prog->len, prog->filter, rc, errno2name());

-	rc = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -2L, efault);
+	rc = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -4L, efault);
 	printf("seccomp(SECCOMP_SET_MODE_FILTER, %s, %p) = %ld %s (%m)\n",
-	       "0xfffffffe /* SECCOMP_FILTER_FLAG_??? */",
+	       "0xfffffffc /* SECCOMP_FILTER_FLAG_??? */",
 	       efault, rc, errno2name());

 	puts("+++ exited with 0 +++");
--- a/xlat/seccomp_filter_flags.in
+++ b/xlat/seccomp_filter_flags.in
@ -1 +1,2 @@
 SECCOMP_FILTER_FLAG_TSYNC 1
+SECCOMP_FILTER_FLAG_LOG 2
--- a/xlat/seccomp_ops.in
+++ b/xlat/seccomp_ops.in
@ -1,2 +1,3 @@
 SECCOMP_SET_MODE_STRICT 0
 SECCOMP_SET_MODE_FILTER 1
+SECCOMP_GET_ACTION_AVAIL 2
--- a/xlat/seccomp_ret_action.in
+++ b/xlat/seccomp_ret_action.in
@ -2,4 +2,5 @@ SECCOMP_RET_KILL	0
 SECCOMP_RET_TRAP	0x00030000U
 SECCOMP_RET_ERRNO	0x00050000U
 SECCOMP_RET_TRACE	0x7ff00000U
+SECCOMP_RET_LOG		0x7ffc0000U
 SECCOMP_RET_ALLOW	0x7fff0000U