syscall_resolve_name
syscall_resolve_name_arch
syscall_resolve_name_rewrite
- syscall_resolve_num_arch/ ],
+ syscall_resolve_num_arch
+ version/ ],
macros => [
qw/SCMP_ACT_ALLOW
SCMP_FLTATR_ACT_DEFAULT
SCMP_FLTATR_CTL_NNP
SCMP_FLTATR_CTL_TSYNC
+ SCMP_FLTATR_API_TSKIP
SCMP_VER_MAJOR
SCMP_VER_MICRO
SCMP_VER_MINOR
__NR_query_module
__NR_readdir
__NR_readlink
-s __NR_recv
+ __NR_recv
__NR_recvfrom
__NR_recvmmsg
__NR_recvmsg
__PNR_vm86
__PNR_vm86old
__PNR_vserver
- __PNR_waitpid/]
+ __PNR_waitpid
+
+ __PNR_pkey_mprotect __NR_pkey_mprotect __PNR_pkey_alloc
+ __NR_pkey_alloc __PNR_pkey_free __NR_pkey_free
+
+ __PNR_get_tls __NR_get_tls __PNR_s390_guarded_storage
+ __NR_s390_guarded_storage __PNR_s390_sthyi __NR_s390_sthyi/]
);
$EXPORT_TAGS{all} = [@{$EXPORT_TAGS{functions}}, @{$EXPORT_TAGS{macros}}];
our $VERSION;
BEGIN{
- $VERSION = '0.001';
+ $VERSION = '0.003';
}
sub AUTOLOAD {
=over
-=item I<$ctx> = Linux::Seccomp->B<new>(I<$def_action>>)
+=item I<$ctx> = Linux::Seccomp->B<new>(I<$def_action>)
Creates a new C<Linux::Seccomp> filter, with the default action for
unhandled syscalls being I<$def_action>. Possible values for
=over
=item SCMP_CMP_NE
+
=item '!='
+
=item 'ne'
Matches when the argument value is not equal to I<$datum_a>.
=item SCMP_CMP_LT
+
=item '<'
+
=item 'lt'
Matches when the argument value is less than I<$datum_a>.
=item SCMP_CMP_LE
+
=item '<='
+
=item 'le'
Matches when the argument value is less than or equal to I<$datum_a>.
=item SCMP_CMP_EQ
+
=item '=='
+
=item 'eq'
Matches when the argument value is equal to I<$datum_a>.
=item SCMP_CMP_GE
+
=item '>='
+
=item 'ge'
Matches when the argument value is greater than or equal to I<$datum_a>.
=item SCMP_CMP_GT
+
=item '>'
+
=item 'gt'
Matches when the argument value is greater than I<$datum_a>.
=item SCMP_CMP_MASKED_EQ
+
=item '=~'
+
=item 'me'
Matches when the argument value masked with I<$datum_a> is equal to I<$datum_b> masked with I<$datum_a>.
Returns true if the given architecture is in the filter, false
otherwise.
-See L<seccomp_arch_add(3).
+See L<seccomp_arch_add(3)>.
=item I<$ctx>->B<arch_remove>(I<$arch_token>)
Removes an architecture from the filter.
-See L<seccomp_arch_add(3).
+See L<seccomp_arch_add(3)>.
=item I<$ctx>->B<attr_get>(I<$attr>)
Specifies whether the kernel should synchronize the filters accross
all threads when B<load> is called. Defaults to 0 (off).
+=item SCMP_FLTATR_API_TSKIP
+
+Specifies whether rules for the system call -1 should be allowed. This
+value can be used by tracer programs to skip specific system call
+invocations, see L<seccomp(2)> for more information. Defaults to 0
+(off).
+
=back
See L<seccomp_attr_get(3)>.
SCMP_FLTATR_ACT_DEFAULT
SCMP_FLTATR_CTL_NNP
SCMP_FLTATR_CTL_TSYNC
+ SCMP_FLTATR_API_TSKIP
SCMP_VER_MAJOR
SCMP_VER_MICRO
SCMP_VER_MINOR