Add SECCOMP_RET_KILL_PROCESS decoding support

* bpf_seccomp_filter.c [!SECCOMP_RET_ACTION]: Remove. [!SECCOMP_RET_ACTION_FULL] (SECCOMP_RET_ACTION_FULL): Define. (print_seccomp_filter_k): Use SECCOMP_RET_ACTION_FULL instead of SECCOMP_RET_ACTION. * xlat/seccomp_ret_action.in: Add SECCOMP_RET_KILL_PROCESS introduced by linux kernel commit v4.14-rc2~15^2~3.
2017-11-01 02:05:41 +00:00 · 2017-11-01 02:05:41 +00:00 · 745c53410f
commit 745c53410f
parent 01d45b6c2b
2 changed files with 4 additions and 3 deletions
--- a/bpf_seccomp_filter.c
+++ b/bpf_seccomp_filter.c
@ -35,8 +35,8 @@
 #ifdef HAVE_LINUX_SECCOMP_H
 # include <linux/seccomp.h>
 #endif
-#ifndef SECCOMP_RET_ACTION
-# define SECCOMP_RET_ACTION 0x7fff0000U
+#ifndef SECCOMP_RET_ACTION_FULL
+# define SECCOMP_RET_ACTION_FULL 0xffff0000U
 #endif
 #include "xlat/seccomp_ret_action.h"

@ -44,7 +44,7 @@ static bool
 print_seccomp_filter_k(const struct bpf_filter_block *const fp)
 {
 	if (BPF_CLASS(fp->code) == BPF_RET) {
-		unsigned int action = SECCOMP_RET_ACTION & fp->k;
+		unsigned int action = SECCOMP_RET_ACTION_FULL & fp->k;
 		unsigned int data = fp->k & ~action;

 		printxval(seccomp_ret_action, action, "SECCOMP_RET_???");
--- a/xlat/seccomp_ret_action.in
+++ b/xlat/seccomp_ret_action.in
@ -1,3 +1,4 @@
+SECCOMP_RET_KILL_PROCESS 0x80000000U
 SECCOMP_RET_KILL_THREAD	0
 SECCOMP_RET_TRAP	0x00030000U
 SECCOMP_RET_ERRNO	0x00050000U