aha/include/linux/seccomp.h
Andrea Arcangeli 1d9d02feee move seccomp from /proc to a prctl
This reduces the memory footprint and it enforces that only the current
task can enable seccomp on itself (this is a requirement for a
strightforward [modulo preempt ;) ] TIF_NOTSC implementation).

Signed-off-by: Andrea Arcangeli <andrea@cpushare.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 09:05:50 -07:00

50 lines
990 B
C

#ifndef _LINUX_SECCOMP_H
#define _LINUX_SECCOMP_H
#ifdef CONFIG_SECCOMP
#include <linux/thread_info.h>
#include <asm/seccomp.h>
typedef struct { int mode; } seccomp_t;
extern void __secure_computing(int);
static inline void secure_computing(int this_syscall)
{
if (unlikely(test_thread_flag(TIF_SECCOMP)))
__secure_computing(this_syscall);
}
static inline int has_secure_computing(struct thread_info *ti)
{
return unlikely(test_ti_thread_flag(ti, TIF_SECCOMP));
}
extern long prctl_get_seccomp(void);
extern long prctl_set_seccomp(unsigned long);
#else /* CONFIG_SECCOMP */
typedef struct { } seccomp_t;
#define secure_computing(x) do { } while (0)
/* static inline to preserve typechecking */
static inline int has_secure_computing(struct thread_info *ti)
{
return 0;
}
static inline long prctl_get_seccomp(void)
{
return -EINVAL;
}
static inline long prctl_set_seccomp(unsigned long arg2)
{
return -EINVAL;
}
#endif /* CONFIG_SECCOMP */
#endif /* _LINUX_SECCOMP_H */