From 1d9d02feeee89e9132034d504c9a45eeaf618a3d Mon Sep 17 00:00:00 2001 From: Andrea Arcangeli Date: Sun, 15 Jul 2007 23:41:32 -0700 Subject: move seccomp from /proc to a prctl This reduces the memory footprint and it enforces that only the current task can enable seccomp on itself (this is a requirement for a strightforward [modulo preempt ;) ] TIF_NOTSC implementation). Signed-off-by: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/prctl.h | 4 ++++ include/linux/seccomp.h | 15 +++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/linux/prctl.h b/include/linux/prctl.h index 52a9be41250d..e2eff9079fe9 100644 --- a/include/linux/prctl.h +++ b/include/linux/prctl.h @@ -59,4 +59,8 @@ # define PR_ENDIAN_LITTLE 1 /* True little endian mode */ # define PR_ENDIAN_PPC_LITTLE 2 /* "PowerPC" pseudo little endian */ +/* Get/set process seccomp mode */ +#define PR_GET_SECCOMP 21 +#define PR_SET_SECCOMP 22 + #endif /* _LINUX_PRCTL_H */ diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 3e8b1cf54303..d708974dbfe3 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -4,8 +4,6 @@ #ifdef CONFIG_SECCOMP -#define NR_SECCOMP_MODES 1 - #include #include @@ -23,6 +21,9 @@ static inline int has_secure_computing(struct thread_info *ti) return unlikely(test_ti_thread_flag(ti, TIF_SECCOMP)); } +extern long prctl_get_seccomp(void); +extern long prctl_set_seccomp(unsigned long); + #else /* CONFIG_SECCOMP */ typedef struct { } seccomp_t; @@ -34,6 +35,16 @@ static inline int has_secure_computing(struct thread_info *ti) return 0; } +static inline long prctl_get_seccomp(void) +{ + return -EINVAL; +} + +static inline long prctl_set_seccomp(unsigned long arg2) +{ + return -EINVAL; +} + #endif /* CONFIG_SECCOMP */ #endif /* _LINUX_SECCOMP_H */ -- cgit v1.2.2