unix: add seccomp mode constants

Add the SECCOMP_MODE_DISABLED, SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER constants to be used with the PR_SET_SECCOMP prctl. See http://man7.org/linux/man-pages/man2/prctl.2.html Change-Id: Iacd1ffaeced4ae95e780a09038d35b763778a3d3 Reviewed-on: https://go-review.googlesource.com/46691Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

unix: add seccomp mode constants
Add the SECCOMP_MODE_DISABLED, SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER constants to be used with the PR_SET_SECCOMP prctl. See http://man7.org/linux/man-pages/man2/prctl.2.html Change-Id: Iacd1ffaeced4ae95e780a09038d35b763778a3d3 Reviewed-on: https://go-review.googlesource.com/46691Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
50298aa7 · Tobias Klauser · Brad Fitzpatrick · 8d3b82dc · 50298aa7 · 50298aa7
Commit 50298aa7 authored Jun 26, 2017 by Tobias Klauser Committed by Brad Fitzpatrick Jun 26, 2017
12 changed files
--- a/unix/mkerrors.sh
+++ b/unix/mkerrors.sh
@@ -171,6 +171,7 @@ struct ltchars {
 #include <linux/rtnetlink.h>
 #include <linux/ptrace.h>
 #include <linux/sched.h>
+#include <linux/seccomp.h>
 #include <linux/wait.h>
 #include <linux/icmpv6.h>
 #include <linux/serial.h>
@@ -403,6 +404,7 @@ ccflags="$@"
 		$2 ~ /^GRND_/ ||
 		$2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ ||
 		$2 ~ /^KEYCTL_/ ||
+		$2 ~ /^SECCOMP_MODE_/ ||
 		$2 ~ /^SPLICE_/ ||
 		$2 ~ /^(VM|VMADDR)_/ ||
 		$2 ~ /^XATTR_(CREATE|REPLACE)/ ||

--- a/unix/zerrors_linux_386.go
+++ b/unix/zerrors_linux_386.go
@@ -1393,6 +1393,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_amd64.go
+++ b/unix/zerrors_linux_amd64.go
@@ -1394,6 +1394,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_arm.go
+++ b/unix/zerrors_linux_arm.go
@@ -1398,6 +1398,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_arm64.go
+++ b/unix/zerrors_linux_arm64.go
@@ -1383,6 +1383,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_mips.go
+++ b/unix/zerrors_linux_mips.go
@@ -1395,6 +1395,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_mips64.go
+++ b/unix/zerrors_linux_mips64.go
@@ -1395,6 +1395,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_mips64le.go
+++ b/unix/zerrors_linux_mips64le.go
@@ -1395,6 +1395,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_mipsle.go
+++ b/unix/zerrors_linux_mipsle.go
@@ -1395,6 +1395,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_ppc64.go
+++ b/unix/zerrors_linux_ppc64.go
@@ -1451,6 +1451,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_ppc64le.go
+++ b/unix/zerrors_linux_ppc64le.go
@@ -1451,6 +1451,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1

--- a/unix/zerrors_linux_s390x.go
+++ b/unix/zerrors_linux_s390x.go
@@ -1455,6 +1455,9 @@ const (
 	SCM_TIMESTAMPING_OPT_STATS           = 0x36
 	SCM_TIMESTAMPNS                      = 0x23
 	SCM_WIFI_STATUS                      = 0x29
+	SECCOMP_MODE_DISABLED                = 0x0
+	SECCOMP_MODE_FILTER                  = 0x2
+	SECCOMP_MODE_STRICT                  = 0x1
 	SHUT_RD                              = 0x0
 	SHUT_RDWR                            = 0x2
 	SHUT_WR                              = 0x1