diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2020-04-18 17:09:59 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-04-19 10:26:57 +0200 |
| commit | 91db3ed8ce2dc73444bcd649f8003cbe96fcb227 (patch) | |
| tree | 08013bd813d8f038060db3cef25fa02eb7eb53e5 /sys/linux/seccomp.txt | |
| parent | 273e386b718deddf0859d1ed99e2699a9d3e2e5d (diff) | |
prog: add ignore_return and breaks_returns call attribtues
We had these hard-coded for fuchsia and linux accordingly.
Replace with call attributes.
Diffstat (limited to 'sys/linux/seccomp.txt')
| -rw-r--r-- | sys/linux/seccomp.txt | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/sys/linux/seccomp.txt b/sys/linux/seccomp.txt index e56332dab..3d071eb46 100644 --- a/sys/linux/seccomp.txt +++ b/sys/linux/seccomp.txt @@ -7,15 +7,17 @@ include <asm/ioctls.h> resource fd_seccomp[fd] resource seccomp_id[int64] -seccomp$SECCOMP_SET_MODE_STRICT(op const[SECCOMP_SET_MODE_STRICT], flags const[0], arg const[0]) -seccomp$SECCOMP_SET_MODE_FILTER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags], arg ptr[in, sock_fprog]) -seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags_listener], arg ptr[in, sock_fprog]) fd_seccomp -seccomp$SECCOMP_GET_ACTION_AVAIL(op const[SECCOMP_GET_ACTION_AVAIL], flags const[0], arg ptr[in, int32]) -seccomp$SECCOMP_GET_NOTIF_SIZES(op const[SECCOMP_GET_NOTIF_SIZES], flags const[0], arg ptr[out, seccomp_notif_sizes]) - -ioctl$SECCOMP_IOCTL_NOTIF_RECV(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_RECV], arg ptr[out, seccomp_notif]) -ioctl$SECCOMP_IOCTL_NOTIF_SEND(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_SEND], arg ptr[in, seccomp_notif_resp]) -ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_ID_VALID], arg ptr[in, seccomp_id]) +# Only some commands break return values. +# When/if we have stricter enforcement of arguments, we may remove some of breaks_returns attributes. +seccomp$SECCOMP_SET_MODE_STRICT(op const[SECCOMP_SET_MODE_STRICT], flags const[0], arg const[0]) (breaks_returns) +seccomp$SECCOMP_SET_MODE_FILTER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags], arg ptr[in, sock_fprog]) (breaks_returns) +seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags_listener], arg ptr[in, sock_fprog]) fd_seccomp (breaks_returns) +seccomp$SECCOMP_GET_ACTION_AVAIL(op const[SECCOMP_GET_ACTION_AVAIL], flags const[0], arg ptr[in, int32]) (breaks_returns) +seccomp$SECCOMP_GET_NOTIF_SIZES(op const[SECCOMP_GET_NOTIF_SIZES], flags const[0], arg ptr[out, seccomp_notif_sizes]) (breaks_returns) + +ioctl$SECCOMP_IOCTL_NOTIF_RECV(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_RECV], arg ptr[out, seccomp_notif]) (breaks_returns) +ioctl$SECCOMP_IOCTL_NOTIF_SEND(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_SEND], arg ptr[in, seccomp_notif_resp]) (breaks_returns) +ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_ID_VALID], arg ptr[in, seccomp_id]) (breaks_returns) seccomp_notif_sizes { seccomp_notif int16 |