diff options
author | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2016-06-01 09:56:01 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-06-01 11:56:01 +0200 |
commit | 201c1cc22a41df1f4ef7706bde41e2536bef433f (patch) | |
tree | 452460094ba15a3feea15a2cc202b68673a20c8f /src/shared/seccomp-util.h | |
parent | ce3eb7790ca20be6b429d23b26d2d8bd25f71ef9 (diff) |
core: add pre-defined syscall groups to SystemCallFilter= (#3053) (#3157)
Implement sets of system calls to help constructing system call
filters. A set starts with '@' to distinguish from a system call.
Closes: #3053, #3157
Diffstat (limited to 'src/shared/seccomp-util.h')
-rw-r--r-- | src/shared/seccomp-util.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 4ed2afc1b2..be33eecb85 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -26,3 +26,10 @@ const char* seccomp_arch_to_string(uint32_t c); int seccomp_arch_from_string(const char *n, uint32_t *ret); int seccomp_add_secondary_archs(scmp_filter_ctx *c); + +typedef struct SystemCallFilterSet { + const char *set_name; + const char *value; +} SystemCallFilterSet; + +extern const SystemCallFilterSet syscall_filter_sets[]; |