Lines Matching refs:seccomp
5 * Test code for seccomp bpf.
30 #include <linux/seccomp.h>
141 # warning "seccomp syscall number unknown for this architecture"
196 /* Flags for seccomp notification fd ioctl. */
269 #ifndef seccomp
270 int seccomp(unsigned int op, unsigned int flags, void *args)
766 /* This is a thread task to die via seccomp filter violation. */
820 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0,
829 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog_thread));
981 * 580c57f10768 ("seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO").
1544 /* Check if this is a seccomp event. */
2084 FIXTURE_VARIANT_ADD(TRACE_syscall, seccomp) {
2256 ret = seccomp(-1, 0, &prog);
2258 TH_LOG("Kernel does not support seccomp syscall!");
2265 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL);
2269 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog);
2275 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog);
2279 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL);
2284 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog);
2307 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog);
2309 TH_LOG("Kernel does not support seccomp syscall!");
2321 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL);
2362 ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
2364 TH_LOG("Kernel does not support seccomp syscall!");
2387 ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
2398 ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
2410 ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
2434 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
2437 TH_LOG("Kernel does not support seccomp syscall!");
2614 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog);
2616 TH_LOG("Kernel does not support seccomp syscall!");
2654 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog);
2656 TH_LOG("Kernel does not support seccomp syscall!");
2669 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
2730 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
2733 TH_LOG("Kernel does not support seccomp syscall!");
2762 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog);
2764 TH_LOG("Kernel does not support seccomp syscall!");
2778 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
2807 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog);
2809 TH_LOG("Kernel does not support seccomp syscall!");
2825 ret = seccomp(SECCOMP_SET_MODE_FILTER, flags, &self->apply_prog);
2858 * Sibling 0 will have its own seccomp policy
2859 * and Sibling 1 will not be under seccomp at
2860 * all. Sibling 1 will enter seccomp and 0
2872 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog);
2874 TH_LOG("Kernel does not support seccomp syscall!");
2880 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
2909 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
2932 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
3053 /* Verify signal delivery came from child (seccomp-triggered). */
3140 ret = seccomp(SECCOMP_SET_MODE_STRICT, SECCOMP_FILTER_FLAG_LOG,
3143 TH_LOG("Kernel does not support seccomp syscall!");
3153 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &allow_prog);
3157 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_LOG,
3165 ret = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_LOG,
3183 ret = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &actions[0]);
3185 TH_LOG("Kernel does not support seccomp syscall!");
3193 ret = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &actions[i]);
3201 ret = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &unknown_action);
3234 EXPECT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER,
3236 EXPECT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog));
3290 return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog);
3332 EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
3333 EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
3334 EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
3335 EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
3738 ASSERT_EQ(seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes), 0);
3868 * The seccomp filter has become unused so we should be notified once
3954 * The seccomp filter has become unused so we should be notified once