Seccomp: headers diff between 2.0.0 and 2.1.0 versions

	seccomp.h	seccomp.h

	skipping to change at line 25	skipping to change at line 25
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public Lic ense	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public Lic ense
	* for more details.	* for more details.
	*	*
	* You should have received a copy of the GNU Lesser General Public License	* You should have received a copy of the GNU Lesser General Public License
	* along with this library; if not, see <http://www.gnu.org/licenses>.	* along with this library; if not, see <http://www.gnu.org/licenses>.
	*/	*/

	#ifndef _SECCOMP_H	#ifndef _SECCOMP_H
	#define _SECCOMP_H	#define _SECCOMP_H


		#include <elf.h>
	#include <inttypes.h>	#include <inttypes.h>
	#include <asm/unistd.h>	#include <asm/unistd.h>
	#include <linux/audit.h>	#include <linux/audit.h>

	#ifdef __cplusplus	#ifdef __cplusplus
	extern "C" {	extern "C" {
	#endif	#endif

	/*	/*

		* version information
		*/

		#define SCMP_VER_MAJOR 2
		#define SCMP_VER_MINOR 1
		#define SCMP_VER_MICRO 0

		/*
	* types	* types
	*/	*/

	/**	/**
	* Filter context/handle	* Filter context/handle
	*/	*/
	typedef void * scmp_filter_ctx;	typedef void * scmp_filter_ctx;

	/**	/**
	* Filter attributes	* Filter attributes

	skipping to change at line 103	skipping to change at line 112
	* The x86 (32-bit) architecture token	* The x86 (32-bit) architecture token
	*/	*/
	#define SCMP_ARCH_X86 AUDIT_ARCH_I386	#define SCMP_ARCH_X86 AUDIT_ARCH_I386

	/**	/**
	* The x86-64 (64-bit) architecture token	* The x86-64 (64-bit) architecture token
	*/	*/
	#define SCMP_ARCH_X86_64 AUDIT_ARCH_X86_64	#define SCMP_ARCH_X86_64 AUDIT_ARCH_X86_64

	/**	/**

		* The x32 (32-bit x86_64) architecture token
		*
		* NOTE: this is different from the value used by the kernel because we nee
		d to
		* be able to distinguish between x32 and x86_64
		*/
		#define SCMP_ARCH_X32 (EM_X86_64\|__AUDIT_ARCH_LE)

		/**
		* The ARM architecture token
		*/
		#define SCMP_ARCH_ARM AUDIT_ARCH_ARM

		/**
	* Convert a syscall name into the associated syscall number	* Convert a syscall name into the associated syscall number
	* @param x the syscall name	* @param x the syscall name
	*/	*/
	#define SCMP_SYS(x) (__NR_##x)	#define SCMP_SYS(x) (__NR_##x)

	/**	/**
	* Specify an argument comparison struct for use in declaring rules	* Specify an argument comparison struct for use in declaring rules
	* @param arg the argument number, starting at 0	* @param arg the argument number, starting at 0
	* @param op the comparison operator, e.g. SCMP_CMP_*	* @param op the comparison operator, e.g. SCMP_CMP_*
	* @param datum_a dependent on comparison	* @param datum_a dependent on comparison

	skipping to change at line 389	skipping to change at line 411
	*	*
	*/	*/
	int seccomp_rule_add(scmp_filter_ctx ctx,	int seccomp_rule_add(scmp_filter_ctx ctx,
	uint32_t action, int syscall, unsigned int arg_cnt, ... );	uint32_t action, int syscall, unsigned int arg_cnt, ... );

	/**	/**
	* Add a new rule to the filter	* Add a new rule to the filter
	* @param ctx the filter context	* @param ctx the filter context
	* @param action the filter action	* @param action the filter action
	* @param syscall the syscall number	* @param syscall the syscall number

		* @param arg_cnt the number of elements in the arg_array parameter
		* @param arg_array array of scmp_arg_cmp structs
		*
		* This function adds a series of new argument/value checks to the seccomp
		* filter for the given syscall; multiple argument/value checks can be
		* specified and they will be chained together (AND'd together) in the filt
		er.
		* If the specified rule needs to be adjusted due to architecture specifics
		it
		* will be adjusted without notification. Returns zero on success, negativ
		e
		* values on failure.
		*
		*/
		int seccomp_rule_add_array(scmp_filter_ctx ctx,
		uint32_t action, int syscall, unsigned int arg_cn
		t,
		const struct scmp_arg_cmp *arg_array);

		/**
		* Add a new rule to the filter
		* @param ctx the filter context
		* @param action the filter action
		* @param syscall the syscall number
	* @param arg_cnt the number of argument filters in the argument filter cha in	* @param arg_cnt the number of argument filters in the argument filter cha in
	* @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)	* @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
	*	*
	* This function adds a series of new argument/value checks to the seccomp	* This function adds a series of new argument/value checks to the seccomp
	* filter for the given syscall; multiple argument/value checks can be	* filter for the given syscall; multiple argument/value checks can be
	* specified and they will be chained together (AND'd together) in the filt er.	* specified and they will be chained together (AND'd together) in the filt er.
	* If the specified rule can not be represented on the architecture the	* If the specified rule can not be represented on the architecture the
	* function will fail. Returns zero on success, negative values on failure .	* function will fail. Returns zero on success, negative values on failure .
	*	*
	*/	*/
	int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,	int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
	int syscall, unsigned int arg_cnt, ...);	int syscall, unsigned int arg_cnt, ...);

	/**	/**

		* Add a new rule to the filter
		* @param ctx the filter context
		* @param action the filter action
		* @param syscall the syscall number
		* @param arg_cnt the number of elements in the arg_array parameter
		* @param arg_array array of scmp_arg_cmp structs
		*
		* This function adds a series of new argument/value checks to the seccomp
		* filter for the given syscall; multiple argument/value checks can be
		* specified and they will be chained together (AND'd together) in the filt
		er.
		* If the specified rule can not be represented on the architecture the
		* function will fail. Returns zero on success, negative values on failure
		.
		*
		*/
		int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
		uint32_t action, int syscall,
		unsigned int arg_cnt,
		const struct scmp_arg_cmp *arg_array);

		/**
	* Generate seccomp Pseudo Filter Code (PFC) and export it to a file	* Generate seccomp Pseudo Filter Code (PFC) and export it to a file
	* @param ctx the filter context	* @param ctx the filter context
	* @param fd the destination fd	* @param fd the destination fd
	*	*
	* This function generates seccomp Pseudo Filter Code (PFC) and writes it t o	* This function generates seccomp Pseudo Filter Code (PFC) and writes it t o
	* the given fd. Returns zero on success, negative values on failure.	* the given fd. Returns zero on success, negative values on failure.
	*	*
	*/	*/
	int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);	int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);


	skipping to change at line 962	skipping to change at line 1024
	#define __PNR_vm86old -10072	#define __PNR_vm86old -10072
	#ifndef __NR_vm86old	#ifndef __NR_vm86old
	#define __NR_vm86old __PNR_vm86old	#define __NR_vm86old __PNR_vm86old
	#endif /* __NR_vm86old */	#endif /* __NR_vm86old */

	#define __PNR_waitpid -10073	#define __PNR_waitpid -10073
	#ifndef __NR_waitpid	#ifndef __NR_waitpid
	#define __NR_waitpid __PNR_waitpid	#define __NR_waitpid __PNR_waitpid
	#endif /* __NR_waitpid */	#endif /* __NR_waitpid */


		#define __PNR_create_module -10074
		#ifndef __NR_create_module
		#define __NR_create_module __PNR_create_module
		#endif /* __NR_create_module */

		#define __PNR_get_kernel_syms -10075
		#ifndef __NR_get_kernel_syms
		#define __NR_get_kernel_syms __PNR_get_kernel_syms
		#endif /* __NR_get_kernel_syms */

		#define __PNR_get_thread_area -10076
		#ifndef __NR_get_thread_area
		#define __NR_get_thread_area __PNR_get_thread_area
		#endif /* __NR_get_thread_area */

		#define __PNR_nfsservctl -10077
		#ifndef __NR_nfsservctl
		#define __NR_nfsservctl __PNR_nfsservctl
		#endif /* __NR_nfsservctl */

		#define __PNR_query_module -10078
		#ifndef __NR_query_module
		#define __NR_query_module __PNR_query_module
		#endif /* __NR_query_module */

		#define __PNR_set_thread_area -10079
		#ifndef __NR_set_thread_area
		#define __NR_set_thread_area __PNR_set_thread_area
		#endif /* __NR_set_thread_area */

		#define __PNR__sysctl -10080
		#ifndef __NR__sysctl
		#define __NR__sysctl __PNR__sysctl
		#endif /* __NR__sysctl */

		#define __PNR_uselib -10081
		#ifndef __NR_uselib
		#define __NR_uselib __PNR_uselib
		#endif /* __NR_uselib */

		#define __PNR_vserver -10082
		#ifndef __NR_vserver
		#define __NR_vserver __PNR_vserver
		#endif /* __NR_vserver */

		#define __PNR_arm_fadvise64_64 -10083
		#ifndef __NR_arm_fadvise64_64
		#define __NR_arm_fadvise64_64 __PNR_arm_fadvise64_64
		#endif /* __NR_arm_fadvise64_64 */

		#define __PNR_arm_sync_file_range -10084
		#ifndef __NR_arm_sync_file_range
		#define __NR_arm_sync_file_range __PNR_arm_sync_file_range
		#endif /* __NR_arm_sync_file_range */

		#define __PNR_finit_module -10085
		#ifndef __NR_finit_module
		#define __NR_finit_module __PNR_finit_module
		#endif /* __NR_finit_module */

		#define __PNR_pciconfig_iobase -10086
		#ifndef __NR_pciconfig_iobase
		#define __NR_pciconfig_iobase __PNR_pciconfig_iobase
		#endif /* __NR_pciconfig_iobase */

		#define __PNR_pciconfig_read -10087
		#ifndef __NR_pciconfig_read
		#define __NR_pciconfig_read __PNR_pciconfig_read
		#endif /* __NR_pciconfig_read */

		#define __PNR_pciconfig_write -10088
		#ifndef __NR_pciconfig_write
		#define __NR_pciconfig_write __PNR_pciconfig_write
		#endif /* __NR_pciconfig_write */

		#define __PNR_sync_file_range2 -10089
		#ifndef __NR_sync_file_range2
		#define __NR_sync_file_range2 __PNR_sync_file_range2
		#endif /* __NR_sync_file_range2 */

		#define __PNR_syscall -10090
		#ifndef __NR_syscall
		#define __NR_syscall __PNR_syscall
		#endif /* __NR_syscall */

		#define __PNR_afs_syscall -10091
		#ifndef __NR_afs_syscall
		#define __NR_afs_syscall __PNR_afs_syscall
		#endif /* __NR_afs_syscall */

		#define __PNR_fadvise64 -10092
		#ifndef __NR_fadvise64
		#define __NR_fadvise64 __PNR_fadvise64
		#endif /* __NR_fadvise64 */

		#define __PNR_getpmsg -10093
		#ifndef __NR_getpmsg
		#define __NR_getpmsg __PNR_getpmsg
		#endif /* __NR_getpmsg */

		#define __PNR_ioperm -10094
		#ifndef __NR_ioperm
		#define __NR_ioperm __PNR_ioperm
		#endif /* __NR_ioperm */

		#define __PNR_iopl -10095
		#ifndef __NR_iopl
		#define __NR_iopl __PNR_iopl
		#endif /* __NR_iopl */

		#define __PNR_kcmp -10096
		#ifndef __NR_kcmp
		#define __NR_kcmp __PNR_kcmp
		#endif /* __NR_kcmp */

		#define __PNR_migrate_pages -10097
		#ifndef __NR_migrate_pages
		#define __NR_migrate_pages __PNR_migrate_pages
		#endif /* __NR_migrate_pages */

		#define __PNR_modify_ldt -10098
		#ifndef __NR_modify_ldt
		#define __NR_modify_ldt __PNR_modify_ldt
		#endif /* __NR_modify_ldt */

		#define __PNR_putpmsg -10099
		#ifndef __NR_putpmsg
		#define __NR_putpmsg __PNR_putpmsg
		#endif /* __NR_putpmsg */

		#define __PNR_sync_file_range -10100
		#ifndef __NR_sync_file_range
		#define __NR_sync_file_range __PNR_sync_file_range
		#endif /* __NR_sync_file_range */

	#ifdef __cplusplus	#ifdef __cplusplus
	}	}
	#endif	#endif

	#endif	#endif

End of changes. 6 change blocks.
	0 lines changed or deleted	204 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/