git.proxmox.com Git - mirror_libseccomp.git/commit

author	Paul Moore <paul@paul-moore.com>
	Thu, 2 May 2019 23:29:59 +0000 (19:29 -0400)
committer	Paul Moore <paul@paul-moore.com>
	Thu, 2 May 2019 23:29:59 +0000 (19:29 -0400)
commit	dead12bc788b259b148cc4d93b970ef0bd602b1a
tree	6fb37315e502e3c257ac6784afd802e0e2d1650d	tree
parent	d390edad9a8540c2e2dd0b12732cc8dd3fe1cc69	commit \| diff

api: implement user notification in libseccomp

This patch is heavily based on an earlier patchset by Tycho
Andersen. I took Tycho's patch and incorporated the requested changes
from the review, fixed some corner case bugs, and simplified the API
a bit.

Kernel 5.0 includes the new user notification return code. Here's all the
infrastructure to handle that.

The idea behind the user notification return code is that the filter stops
the syscall, and forwards it to a "listener fd" that is created when
installing a filter. Then then some userspace task can listen and process
events accordingly by taking some (or no) action in userspace, and then
returning a value from the command.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Paul Moore <paul@paul-moore.com>

doc/man/man3/seccomp_api_get.3		diff \| blob \| blame \| history
doc/man/man3/seccomp_notify_alloc.3	[new file with mode: 0644]	blob
doc/man/man3/seccomp_notify_fd.3	[new file with mode: 0644]	blob
doc/man/man3/seccomp_notify_free.3	[new file with mode: 0644]	blob
doc/man/man3/seccomp_notify_id_valid.3	[new file with mode: 0644]	blob
doc/man/man3/seccomp_notify_receive.3	[new file with mode: 0644]	blob
doc/man/man3/seccomp_notify_respond.3	[new file with mode: 0644]	blob
include/seccomp.h.in		diff \| blob \| blame \| history
src/api.c		diff \| blob \| blame \| history
src/db.c		diff \| blob \| blame \| history
src/db.h		diff \| blob \| blame \| history
src/system.c		diff \| blob \| blame \| history
src/system.h		diff \| blob \| blame \| history