Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6849243b authored Aug 16, 2017 by Kees Cook

samples: Unrename SECCOMP_RET_KILL



Since samples can still be built before header installs, avoid the
cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next.

Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Kees Cook <keescook@chromium.org>

parent f3e1821d

samples/seccomp/bpf-direct.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -129,7 +129,7 @@ static int install_filter(void)
		/* Check that read is only using stdin. */
		BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)),
		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDIN_FILENO, 4, 0),
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD),
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),

		/* Check that write is only using stdout */
		BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)),
		@@ -139,7 +139,7 @@ static int install_filter(void)

		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP),
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD),
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
		};
		struct sock_fprog prog = {
		.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),

samples/seccomp/bpf-helper.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -44,7 +44,7 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t count);
		#define ALLOW \
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
		#define DENY \
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
		BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
		#define JUMP(labels, label) \
		BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \
		JUMP_JT, JUMP_JF)