X-Git-Url: http://git.ieval.ro/?p=linux-seccomp.git;a=blobdiff_plain;f=lib%2FLinux%2FSeccomp.pm;h=3d0126238d18ad4a810ea3e40b43d440ddbd2e17;hp=d081885c445ef97c8450317012d4f950e233c098;hb=7f46b372447515b6387e06d3f891a17d5472b028;hpb=ccd15039babaf807f884538ef8e0716510d4a307 diff --git a/lib/Linux/Seccomp.pm b/lib/Linux/Seccomp.pm index d081885..3d01262 100644 --- a/lib/Linux/Seccomp.pm +++ b/lib/Linux/Seccomp.pm @@ -17,7 +17,8 @@ our %EXPORT_TAGS = ( syscall_resolve_name syscall_resolve_name_arch syscall_resolve_name_rewrite - syscall_resolve_num_arch/ ], + syscall_resolve_num_arch + version/ ], macros => [ qw/SCMP_ACT_ALLOW @@ -53,6 +54,7 @@ our %EXPORT_TAGS = ( SCMP_FLTATR_ACT_DEFAULT SCMP_FLTATR_CTL_NNP SCMP_FLTATR_CTL_TSYNC + SCMP_FLTATR_API_TSKIP SCMP_VER_MAJOR SCMP_VER_MICRO SCMP_VER_MINOR @@ -457,7 +459,13 @@ our %EXPORT_TAGS = ( __PNR_vm86 __PNR_vm86old __PNR_vserver - __PNR_waitpid/] + __PNR_waitpid + + __PNR_pkey_mprotect __NR_pkey_mprotect __PNR_pkey_alloc + __NR_pkey_alloc __PNR_pkey_free __NR_pkey_free + + __PNR_get_tls __NR_get_tls __PNR_s390_guarded_storage + __NR_s390_guarded_storage __PNR_s390_sthyi __NR_s390_sthyi/] ); $EXPORT_TAGS{all} = [@{$EXPORT_TAGS{functions}}, @{$EXPORT_TAGS{macros}}]; @@ -466,7 +474,7 @@ our @EXPORT = @{$EXPORT_TAGS{macros}}; our $VERSION; BEGIN{ - $VERSION = '0.001'; + $VERSION = '0.002001'; } sub AUTOLOAD { @@ -587,7 +595,7 @@ Most methods die on error. =over -=item I<$ctx> = Linux::Seccomp->B(I<$def_action>>) +=item I<$ctx> = Linux::Seccomp->B(I<$def_action>) Creates a new C filter, with the default action for unhandled syscalls being I<$def_action>. Possible values for @@ -649,43 +657,57 @@ we are comparing. I<$op> is as follows: =over =item SCMP_CMP_NE + =item '!=' + =item 'ne' Matches when the argument value is not equal to I<$datum_a>. =item SCMP_CMP_LT + =item '<' + =item 'lt' Matches when the argument value is less than I<$datum_a>. =item SCMP_CMP_LE + =item '<=' + =item 'le' Matches when the argument value is less than or equal to I<$datum_a>. =item SCMP_CMP_EQ + =item '==' + =item 'eq' Matches when the argument value is equal to I<$datum_a>. =item SCMP_CMP_GE + =item '>=' + =item 'ge' Matches when the argument value is greater than or equal to I<$datum_a>. =item SCMP_CMP_GT + =item '>' + =item 'gt' Matches when the argument value is greater than I<$datum_a>. =item SCMP_CMP_MASKED_EQ + =item '=~' + =item 'me' Matches when the argument value masked with I<$datum_a> is equal to I<$datum_b> masked with I<$datum_a>. @@ -704,12 +726,12 @@ See L. Returns true if the given architecture is in the filter, false otherwise. -See L. =item I<$ctx>->B(I<$arch_token>) Removes an architecture from the filter. -See L. =item I<$ctx>->B(I<$attr>) @@ -738,6 +760,13 @@ will fail). Specifies whether the kernel should synchronize the filters accross all threads when B is called. Defaults to 0 (off). +=item SCMP_FLTATR_API_TSKIP + +Specifies whether rules for the system call -1 should be allowed. This +value can be used by tracer programs to skip specific system call +invocations, see L for more information. Defaults to 0 +(off). + =back See L. @@ -846,6 +875,7 @@ Here is a list of all of them: SCMP_FLTATR_ACT_DEFAULT SCMP_FLTATR_CTL_NNP SCMP_FLTATR_CTL_TSYNC + SCMP_FLTATR_API_TSKIP SCMP_VER_MAJOR SCMP_VER_MICRO SCMP_VER_MINOR