diff options
author | Andrea Arcangeli <andrea@cpushare.com> | 2007-07-15 23:41:32 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-16 09:05:50 -0700 |
commit | 1d9d02feeee89e9132034d504c9a45eeaf618a3d (patch) | |
tree | a4324cce8acd77cace3b1d4cf3a1e61783707e5c /include | |
parent | be0ef957c9eed4ebae873ee3fbcfb9dfde486dec (diff) | |
download | linux-1d9d02feeee89e9132034d504c9a45eeaf618a3d.tar.bz2 |
move seccomp from /proc to a prctl
This reduces the memory footprint and it enforces that only the current
task can enable seccomp on itself (this is a requirement for a
strightforward [modulo preempt ;) ] TIF_NOTSC implementation).
Signed-off-by: Andrea Arcangeli <andrea@cpushare.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/prctl.h | 4 | ||||
-rw-r--r-- | include/linux/seccomp.h | 15 |
2 files changed, 17 insertions, 2 deletions
diff --git a/include/linux/prctl.h b/include/linux/prctl.h index 52a9be41250d..e2eff9079fe9 100644 --- a/include/linux/prctl.h +++ b/include/linux/prctl.h @@ -59,4 +59,8 @@ # define PR_ENDIAN_LITTLE 1 /* True little endian mode */ # define PR_ENDIAN_PPC_LITTLE 2 /* "PowerPC" pseudo little endian */ +/* Get/set process seccomp mode */ +#define PR_GET_SECCOMP 21 +#define PR_SET_SECCOMP 22 + #endif /* _LINUX_PRCTL_H */ diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 3e8b1cf54303..d708974dbfe3 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -4,8 +4,6 @@ #ifdef CONFIG_SECCOMP -#define NR_SECCOMP_MODES 1 - #include <linux/thread_info.h> #include <asm/seccomp.h> @@ -23,6 +21,9 @@ static inline int has_secure_computing(struct thread_info *ti) return unlikely(test_ti_thread_flag(ti, TIF_SECCOMP)); } +extern long prctl_get_seccomp(void); +extern long prctl_set_seccomp(unsigned long); + #else /* CONFIG_SECCOMP */ typedef struct { } seccomp_t; @@ -34,6 +35,16 @@ static inline int has_secure_computing(struct thread_info *ti) return 0; } +static inline long prctl_get_seccomp(void) +{ + return -EINVAL; +} + +static inline long prctl_set_seccomp(unsigned long arg2) +{ + return -EINVAL; +} + #endif /* CONFIG_SECCOMP */ #endif /* _LINUX_SECCOMP_H */ |