Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d78ab02c authored by Kees Cook's avatar Kees Cook
Browse files

seccomp: create internal mode-setting function 



In preparation for having other callers of the seccomp mode setting
logic, split the prctl entry point away from the core logic that performs
seccomp mode setting.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarOleg Nesterov <oleg@redhat.com>
Reviewed-by: default avatarAndy Lutomirski <luto@amacapital.net>
parent c04f9d61

kernel/seccomp.c

+14 −2
Original line number Diff line number Diff line
@@ -473,7 +473,7 @@ long prctl_get_seccomp(void) 
}



/**

 * prctl_set_seccomp: configures current->seccomp.mode

 * seccomp_set_mode: internal function for setting seccomp mode

 * @seccomp_mode: requested mode to use

 * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER

 *
@@ -486,7 +486,7 @@ long prctl_get_seccomp(void) 
 *

 * Returns 0 on success or -EINVAL on failure.

 */

long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)

static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)

{

	long ret = -EINVAL;
@@ -517,3 +517,15 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) 
out:

	return ret;

}



/**

 * prctl_set_seccomp: configures current->seccomp.mode

 * @seccomp_mode: requested mode to use

 * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER

 *

 * Returns 0 on success or -EINVAL on failure.

 */

long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)

{

	return seccomp_set_mode(seccomp_mode, filter);

}