Skip to content
Commit bb6ea430 authored by Will Drewry's avatar Will Drewry Committed by James Morris
Browse files

seccomp: Add SECCOMP_RET_TRAP 



Adds a new return value to seccomp filters that triggers a SIGSYS to be
delivered with the new SYS_SECCOMP si_code.

This allows in-process system call emulation, including just specifying
an errno or cleanly dumping core, rather than just dying.

Suggested-by: default avatarMarkus Gutschke <markus@chromium.org>
Suggested-by: default avatarJulien Tinnes <jln@chromium.org>
Signed-off-by: default avatarWill Drewry <wad@chromium.org>
Acked-by: default avatarEric Paris <eparis@redhat.com>

v18: - acked-by, rebase
     - don't mention secure_computing_int() anymore
v15: - use audit_seccomp/skip
     - pad out error spacing; clean up switch (indan@nul.nu)
v14: - n/a
v13: - rebase on to 88ebdda6
v12: - rebase on to linux-next
v11: - clarify the comment (indan@nul.nu)
     - s/sigtrap/sigsys
v10: - use SIGSYS, syscall_get_arch, updates arch/Kconfig
       note suggested-by (though original suggestion had other behaviors)
v9:  - changes to SIGILL
v8:  - clean up based on changes to dependent patches
v7:  - introduction
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
parent a0727e8c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment