diff options
author | Will Drewry <wad@chromium.org> | 2012-02-09 11:28:23 -0600 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2012-06-20 14:22:55 -0600 |
commit | 3e3ddaf2ae97a39fa6249c9d27dcf139c5f04ae7 (patch) | |
tree | b9ff91c8f9a178189ed1c6133a05bccc8c514143 /samples/Makefile | |
parent | 16205e7adc764e11965e748ff4fbf3d667e27b00 (diff) |
UBUNTU: SAUCE: SECCOMP: x86: Enable HAVE_ARCH_SECCOMP_FILTER
Enable support for seccomp filter on x86:
- asm/tracehook.h exists
- syscall_get_arguments() works
- syscall_rollback() works
- ptrace_report_syscall() works
- secure_computing() return value is honored (see below)
This also adds support for honoring the return
value from secure_computing().
SECCOMP_RET_TRACE and SECCOMP_RET_TRAP may result in seccomp needing to
skip a system call without killing the process. This is done by
returning a non-zero (-1) value from secure_computing. This change
makes x86 respect that return value.
To ensure that minimal kernel code is exposed, a non-zero return value
results in an immediate return to user space (with an invalid syscall
number).
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'samples/Makefile')
0 files changed, 0 insertions, 0 deletions