|
|
@@ -1497,15 +1497,15 @@ TEST_F(TRACE_syscall, syscall_dropped)
|
|
|
#define SECCOMP_SET_MODE_FILTER 1
|
|
|
#endif
|
|
|
|
|
|
-#ifndef SECCOMP_FLAG_FILTER_TSYNC
|
|
|
-#define SECCOMP_FLAG_FILTER_TSYNC 1
|
|
|
+#ifndef SECCOMP_FILTER_FLAG_TSYNC
|
|
|
+#define SECCOMP_FILTER_FLAG_TSYNC 1
|
|
|
#endif
|
|
|
|
|
|
#ifndef seccomp
|
|
|
-int seccomp(unsigned int op, unsigned int flags, struct sock_fprog *filter)
|
|
|
+int seccomp(unsigned int op, unsigned int flags, void *args)
|
|
|
{
|
|
|
errno = 0;
|
|
|
- return syscall(__NR_seccomp, op, flags, filter);
|
|
|
+ return syscall(__NR_seccomp, op, flags, args);
|
|
|
}
|
|
|
#endif
|
|
|
|
|
|
@@ -1613,7 +1613,7 @@ TEST(TSYNC_first)
|
|
|
TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
|
|
|
}
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&prog);
|
|
|
ASSERT_NE(ENOSYS, errno) {
|
|
|
TH_LOG("Kernel does not support seccomp syscall!");
|
|
|
@@ -1831,7 +1831,7 @@ TEST_F(TSYNC, two_siblings_with_ancestor)
|
|
|
self->sibling_count++;
|
|
|
}
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&self->apply_prog);
|
|
|
ASSERT_EQ(0, ret) {
|
|
|
TH_LOG("Could install filter on all threads!");
|
|
|
@@ -1892,7 +1892,7 @@ TEST_F(TSYNC, two_siblings_with_no_filter)
|
|
|
TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
|
|
|
}
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&self->apply_prog);
|
|
|
ASSERT_NE(ENOSYS, errno) {
|
|
|
TH_LOG("Kernel does not support seccomp syscall!");
|
|
|
@@ -1940,7 +1940,7 @@ TEST_F(TSYNC, two_siblings_with_one_divergence)
|
|
|
self->sibling_count++;
|
|
|
}
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&self->apply_prog);
|
|
|
ASSERT_EQ(self->sibling[0].system_tid, ret) {
|
|
|
TH_LOG("Did not fail on diverged sibling.");
|
|
|
@@ -1992,7 +1992,7 @@ TEST_F(TSYNC, two_siblings_not_under_filter)
|
|
|
TH_LOG("Kernel does not support SECCOMP_SET_MODE_FILTER!");
|
|
|
}
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&self->apply_prog);
|
|
|
ASSERT_EQ(ret, self->sibling[0].system_tid) {
|
|
|
TH_LOG("Did not fail on diverged sibling.");
|
|
|
@@ -2021,7 +2021,7 @@ TEST_F(TSYNC, two_siblings_not_under_filter)
|
|
|
/* Switch to the remaining sibling */
|
|
|
sib = !sib;
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&self->apply_prog);
|
|
|
ASSERT_EQ(0, ret) {
|
|
|
TH_LOG("Expected the remaining sibling to sync");
|
|
|
@@ -2044,7 +2044,7 @@ TEST_F(TSYNC, two_siblings_not_under_filter)
|
|
|
while (!kill(self->sibling[sib].system_tid, 0))
|
|
|
sleep(0.1);
|
|
|
|
|
|
- ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FLAG_FILTER_TSYNC,
|
|
|
+ ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
|
|
|
&self->apply_prog);
|
|
|
ASSERT_EQ(0, ret); /* just us chickens */
|
|
|
}
|
Linus Torvalds