seccomp: add "seccomp" syscall

This adds the new "seccomp" syscall with both an "operation" and "flags" parameter for future expansion. The third argument is a pointer value, used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). In addition to the TSYNC flag later in this patch series, there is a non-zero chance that this syscall could be used for configuring a fixed argument area for seccomp-tracer-aware processes to pass syscall arguments in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" for this syscall. Additionally, this syscall uses operation, flags, and user pointer for arguments because strictly passing arguments via a user pointer would mean seccomp itself would be unable to trivially filter the seccomp syscall itself. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net>
author: Kees Cook <keescook@chromium.org> 2014-06-25 19:08:24 -0400
committer: Kees Cook <keescook@chromium.org> 2014-07-18 15:13:37 -0400
commit: 48dc92b9fc3926844257316e75ba11eb5c742b2c (patch)
tree: 2f35355b95a7c1473fd8d361b4f15a9f368999b4 /include
parent: 3b23dd12846215eff4afb073366b80c0c4d7543e (diff)
3 files changed, 9 insertions, 1 deletions
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index b0881a0ed322..1713977ee26f 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -866,4 +866,6 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
 asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
                         unsigned long idx1, unsigned long idx2);
 asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags);
+asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
+                            const char __user *uargs);
 #endif
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
index 333640608087..65acbf0e2867 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
@@ -699,9 +699,11 @@ __SYSCALL(__NR_sched_setattr, sys_sched_setattr)
 __SYSCALL(__NR_sched_getattr, sys_sched_getattr)
 #define __NR_renameat2 276
 __SYSCALL(__NR_renameat2, sys_renameat2)
+#define __NR_seccomp 277
+__SYSCALL(__NR_seccomp, sys_seccomp)
 #undef __NR_syscalls
-#define __NR_syscalls 277
+#define __NR_syscalls 278
 /*
 * All syscalls below here should go away really,
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index ac2dc9f72973..b258878ba754 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -10,6 +10,10 @@
 #define SECCOMP_MODE_STRICT     1 /* uses hard-coded filter. */
 #define SECCOMP_MODE_FILTER     2 /* uses user-supplied filter. */
+/* Valid operations for seccomp syscall. */
+#define SECCOMP_SET_MODE_STRICT 0
+#define SECCOMP_SET_MODE_FILTER 1
 /*
 * All BPF programs must return a 32-bit value.
 * The bottom 16-bits are for optional return data.
author	Kees Cook <keescook@chromium.org>	2014-06-25 19:08:24 -0400
committer	Kees Cook <keescook@chromium.org>	2014-07-18 15:13:37 -0400
commit	48dc92b9fc3926844257316e75ba11eb5c742b2c (patch)
tree	2f35355b95a7c1473fd8d361b4f15a9f368999b4 /include
parent	3b23dd12846215eff4afb073366b80c0c4d7543e (diff)