---

---

---

01: #ifndef _LINUX_SECCOMP_H
02: #define _LINUX_SECCOMP_H
03: 
04: 
05: #include <linux/types.h>
06: 
07: 
08: /* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */
09: #define SECCOMP_MODE_DISABLED   0 /* seccomp is not in use. */
10: #define SECCOMP_MODE_STRICT     1 /* uses hard-coded filter. */
11: #define SECCOMP_MODE_FILTER     2 /* uses user-supplied filter. */
12: 
13: /*
14:  * All BPF programs must return a 32-bit value.
15:  * The bottom 16-bits are for optional return data.
16:  * The upper 16-bits are ordered from least permissive values to most.
17:  *
18:  * The ordering ensures that a min_t() over composed return values always
19:  * selects the least permissive choice.
20:  */
21: #define SECCOMP_RET_KILL        0x00000000U /* kill the task immediately */
22: #define SECCOMP_RET_TRAP        0x00030000U /* disallow and force a SIGSYS */
23: #define SECCOMP_RET_ERRNO       0x00050000U /* returns an errno */
24: #define SECCOMP_RET_TRACE       0x7ff00000U /* pass to a tracer or disallow */
25: #define SECCOMP_RET_ALLOW       0x7fff0000U /* allow */
26: 
27: /* Masks for the return value sections. */
28: #define SECCOMP_RET_ACTION      0xffff0000U
29: #define SECCOMP_RET_DATA        0x0000ffffU
30: 
31: /**
32:  * struct seccomp_data - the format the BPF program executes over.
33:  * @nr: the system call number
34:  * @arch: indicates system call convention as an AUDIT_ARCH_* value
35:  *        as defined in <linux/audit.h>.
36:  * @instruction_pointer: at the time of the system call.
37:  * @args: up to 6 system call arguments always stored as 64-bit values
38:  *        regardless of the architecture.
39:  */
40: struct seccomp_data {
41:         int nr;
42:         __u32 arch;
43:         __u64 instruction_pointer;
44:         __u64 args[6];
45: };
46: 
47: #endif /* _LINUX_SECCOMP_H */
48: 

---

---

---