X-Git-Url: http://git.ieval.ro/?a=blobdiff_plain;f=lib%2FLinux%2FSeccomp.pm;h=7d11d6cc666245829aea386e2e5ba8baacc4cbfe;hb=d99bffd5b7dd9ad64c3ba3c75fa30d2b4d476fe6;hp=e4143eee4c33da9974823257562e931aab4a9345;hpb=bcf524c10c0ad85fcef711acffc3251bb8472352;p=linux-seccomp.git diff --git a/lib/Linux/Seccomp.pm b/lib/Linux/Seccomp.pm index e4143ee..7d11d6c 100644 --- a/lib/Linux/Seccomp.pm +++ b/lib/Linux/Seccomp.pm @@ -17,7 +17,8 @@ our %EXPORT_TAGS = ( syscall_resolve_name syscall_resolve_name_arch syscall_resolve_name_rewrite - syscall_resolve_num_arch/ ], + syscall_resolve_num_arch + version/ ], macros => [ qw/SCMP_ACT_ALLOW @@ -53,6 +54,7 @@ our %EXPORT_TAGS = ( SCMP_FLTATR_ACT_DEFAULT SCMP_FLTATR_CTL_NNP SCMP_FLTATR_CTL_TSYNC + SCMP_FLTATR_API_TSKIP SCMP_VER_MAJOR SCMP_VER_MICRO SCMP_VER_MINOR @@ -172,7 +174,7 @@ our %EXPORT_TAGS = ( __NR_query_module __NR_readdir __NR_readlink -s __NR_recv + __NR_recv __NR_recvfrom __NR_recvmmsg __NR_recvmsg @@ -457,7 +459,13 @@ s __NR_recv __PNR_vm86 __PNR_vm86old __PNR_vserver - __PNR_waitpid/] + __PNR_waitpid + + __PNR_pkey_mprotect __NR_pkey_mprotect __PNR_pkey_alloc + __NR_pkey_alloc __PNR_pkey_free __NR_pkey_free + + __PNR_get_tls __NR_get_tls __PNR_s390_guarded_storage + __NR_s390_guarded_storage __PNR_s390_sthyi __NR_s390_sthyi/] ); $EXPORT_TAGS{all} = [@{$EXPORT_TAGS{functions}}, @{$EXPORT_TAGS{macros}}]; @@ -466,7 +474,7 @@ our @EXPORT = @{$EXPORT_TAGS{macros}}; our $VERSION; BEGIN{ - $VERSION = '0.001'; + $VERSION = '0.003'; } sub AUTOLOAD { @@ -587,7 +595,7 @@ Most methods die on error. =over -=item I<$ctx> = Linux::Seccomp->B(I<$def_action>>) +=item I<$ctx> = Linux::Seccomp->B(I<$def_action>) Creates a new C filter, with the default action for unhandled syscalls being I<$def_action>. Possible values for @@ -649,43 +657,57 @@ we are comparing. I<$op> is as follows: =over =item SCMP_CMP_NE + =item '!=' + =item 'ne' Matches when the argument value is not equal to I<$datum_a>. =item SCMP_CMP_LT + =item '<' + =item 'lt' Matches when the argument value is less than I<$datum_a>. =item SCMP_CMP_LE + =item '<=' + =item 'le' Matches when the argument value is less than or equal to I<$datum_a>. =item SCMP_CMP_EQ + =item '==' + =item 'eq' Matches when the argument value is equal to I<$datum_a>. =item SCMP_CMP_GE + =item '>=' + =item 'ge' Matches when the argument value is greater than or equal to I<$datum_a>. =item SCMP_CMP_GT + =item '>' + =item 'gt' Matches when the argument value is greater than I<$datum_a>. =item SCMP_CMP_MASKED_EQ + =item '=~' + =item 'me' Matches when the argument value masked with I<$datum_a> is equal to I<$datum_b> masked with I<$datum_a>. @@ -704,12 +726,12 @@ See L. Returns true if the given architecture is in the filter, false otherwise. -See L. =item I<$ctx>->B(I<$arch_token>) Removes an architecture from the filter. -See L. =item I<$ctx>->B(I<$attr>) @@ -738,6 +760,13 @@ will fail). Specifies whether the kernel should synchronize the filters accross all threads when B is called. Defaults to 0 (off). +=item SCMP_FLTATR_API_TSKIP + +Specifies whether rules for the system call -1 should be allowed. This +value can be used by tracer programs to skip specific system call +invocations, see L for more information. Defaults to 0 +(off). + =back See L. @@ -846,6 +875,7 @@ Here is a list of all of them: SCMP_FLTATR_ACT_DEFAULT SCMP_FLTATR_CTL_NNP SCMP_FLTATR_CTL_TSYNC + SCMP_FLTATR_API_TSKIP SCMP_VER_MAJOR SCMP_VER_MICRO SCMP_VER_MINOR