diff options
| author | Ronny Chevalier <chevalier.ronny@gmail.com> | 2014-02-12 01:29:54 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-02-12 18:30:36 +0100 |
| commit | c0467cf387548dc98c0254f63553d862b35a84e5 (patch) | |
| tree | 6ea69e522b79a81e5d7f1685ddbe50675ec0137c /src/core/execute.h | |
| parent | c6f7b693fedfd822febc219868fc810c32d458c5 (diff) | |
syscallfilter: port to libseccomp
Diffstat (limited to 'src/core/execute.h')
| -rw-r--r-- | src/core/execute.h | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/core/execute.h b/src/core/execute.h index be811a97c1..b2d70d7d86 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -33,6 +33,11 @@ typedef struct ExecRuntime ExecRuntime; #include <stdbool.h> #include <stdio.h> #include <sched.h> +#ifdef HAVE_SECCOMP +#include <seccomp.h> + +#include "set.h" +#endif #include "list.h" #include "util.h" @@ -162,7 +167,12 @@ struct ExecContext { * don't enter a trigger loop. */ bool same_pgrp; - uint32_t *syscall_filter; +#ifdef HAVE_SECCOMP + scmp_filter_ctx syscall_filter; + Set *filtered_syscalls; + uint32_t syscall_filter_default_action; +#endif + char *syscall_filter_string; bool oom_score_adjust_set:1; bool nice_set:1; |