summaryrefslogtreecommitdiffstats
path: root/arch/x86/syscalls/syscall_64.tbl
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2014-06-26 01:08:24 +0200
committerKees Cook <keescook@chromium.org>2014-07-18 21:13:37 +0200
commit48dc92b9fc3926844257316e75ba11eb5c742b2c (patch)
tree2f35355b95a7c1473fd8d361b4f15a9f368999b4 /arch/x86/syscalls/syscall_64.tbl
parentseccomp: split mode setting routines (diff)
downloadlinux-48dc92b9fc3926844257316e75ba11eb5c742b2c.tar.xz
linux-48dc92b9fc3926844257316e75ba11eb5c742b2c.zip
seccomp: add "seccomp" syscall
This adds the new "seccomp" syscall with both an "operation" and "flags" parameter for future expansion. The third argument is a pointer value, used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). In addition to the TSYNC flag later in this patch series, there is a non-zero chance that this syscall could be used for configuring a fixed argument area for seccomp-tracer-aware processes to pass syscall arguments in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" for this syscall. Additionally, this syscall uses operation, flags, and user pointer for arguments because strictly passing arguments via a user pointer would mean seccomp itself would be unable to trivially filter the seccomp syscall itself. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'arch/x86/syscalls/syscall_64.tbl')
-rw-r--r--arch/x86/syscalls/syscall_64.tbl1
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl
index ec255a1646d2..16272a6c12b7 100644
--- a/arch/x86/syscalls/syscall_64.tbl
+++ b/arch/x86/syscalls/syscall_64.tbl
@@ -323,6 +323,7 @@
314 common sched_setattr sys_sched_setattr
315 common sched_getattr sys_sched_getattr
316 common renameat2 sys_renameat2
+317 common seccomp sys_seccomp
#
# x32-specific system call numbers start at 512 to avoid cache impact