summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-08-11 22:01:39 +0200
committerKees Cook <keescook@chromium.org>2017-08-14 22:46:49 +0200
commit4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945 (patch)
tree28419965980aa84fd98bf361b52f9390fd24f534 /include
parentseccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD (diff)
downloadlinux-4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945.tar.xz
linux-4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945.zip
seccomp: Introduce SECCOMP_RET_KILL_PROCESS
This introduces the BPF return value for SECCOMP_RET_KILL_PROCESS to kill an entire process. This cannot yet be reached by seccomp, but it changes the default-kill behavior (for unknown return values) from kill-thread to kill-process. Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include')
-rw-r--r--include/uapi/linux/seccomp.h18
1 files changed, 10 insertions, 8 deletions
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index 5a03f699eb17..7e77c92df78a 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -22,18 +22,20 @@
/*
* All BPF programs must return a 32-bit value.
* The bottom 16-bits are for optional return data.
- * The upper 16-bits are ordered from least permissive values to most.
+ * The upper 16-bits are ordered from least permissive values to most,
+ * as a signed value (so 0x8000000 is negative).
*
* The ordering ensures that a min_t() over composed return values always
* selects the least permissive choice.
*/
-#define SECCOMP_RET_KILL_THREAD 0x00000000U /* kill the thread */
-#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD
-#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */
-#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */
-#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */
-#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */
-#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */
+#define SECCOMP_RET_KILL_PROCESS 0x80000000U /* kill the process */
+#define SECCOMP_RET_KILL_THREAD 0x00000000U /* kill the thread */
+#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD
+#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */
+#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */
+#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */
+#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */
+#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */
/* Masks for the return value sections. */
#define SECCOMP_RET_ACTION 0x7fff0000U