conf: add lxc.seccomp.notify.cookie

[mirror_lxc.git] / src / lxc / lxcseccomp.h

diff --git a/src/lxc/lxcseccomp.h b/src/lxc/lxcseccomp.h
index aafe09f127320d5670f16e4fcfcbc21538a69347..f81943672465ead23f275c28d709631e4604ce7a 100644 (file)
--- a/src/lxc/lxcseccomp.h
+++ b/src/lxc/lxcseccomp.h
@@ -32,7 +32,7 @@
 #include <linux/seccomp.h>
 #include <seccomp.h>
 #endif
-#if HAVE_DECL_SECCOMP_NOTIF_GET_FD
+#if HAVE_DECL_SECCOMP_NOTIFY_FD
 #include <sys/socket.h>
 #include <sys/un.h>
 #endif
@@ -45,9 +45,23 @@ struct lxc_conf;
 struct lxc_epoll_descr;
 struct lxc_handler;
 
+#ifndef SECCOMP_FILTER_FLAG_NEW_LISTENER
+#define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3)
+#endif
+
 #ifdef HAVE_SECCOMP
 
-#if HAVE_DECL_SECCOMP_NOTIF_GET_FD
+
+#if HAVE_DECL_SECCOMP_NOTIFY_FD
+
+struct seccomp_notify_proxy_msg {
+       uint32_t version;
+       struct seccomp_notif req;
+       struct seccomp_notif_resp resp;
+       pid_t monitor_pid;
+       pid_t init_pid;
+};
+
 struct seccomp_notify {
        bool wants_supervision;
        int notify_fd;
@@ -55,11 +69,12 @@ struct seccomp_notify {
        struct sockaddr_un proxy_addr;
        struct seccomp_notif *req_buf;
        struct seccomp_notif_resp *rsp_buf;
+       char *cookie;
 };
 
 #define HAVE_SECCOMP_NOTIFY 1
 
-#endif /* HAVE_DECL_SECCOMP_NOTIF_GET_FD */
+#endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */
 
 struct lxc_seccomp {
        char *seccomp;
@@ -68,9 +83,9 @@ struct lxc_seccomp {
        scmp_filter_ctx seccomp_ctx;
 #endif /* HAVE_SCMP_FILTER_CTX */
 
-#if HAVE_DECL_SECCOMP_NOTIF_GET_FD
+#if HAVE_DECL_SECCOMP_NOTIFY_FD
        struct seccomp_notify notifier;
-#endif /* HAVE_DECL_SECCOMP_NOTIF_GET_FD */
+#endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */
 };
 
 extern int lxc_seccomp_load(struct lxc_conf *conf);
@@ -79,9 +94,9 @@ extern void lxc_seccomp_free(struct lxc_seccomp *seccomp);
 extern int seccomp_notify_handler(int fd, uint32_t events, void *data,
                                  struct lxc_epoll_descr *descr);
 extern void seccomp_conf_init(struct lxc_conf *conf);
-extern int lxc_seccomp_setup_notifier(struct lxc_seccomp *seccomp,
-                                     struct lxc_epoll_descr *descr,
-                                     struct lxc_handler *handler);
+extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
+                                  struct lxc_epoll_descr *descr,
+                                  struct lxc_handler *handler);
 extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp,
                                        int socket_fd);
 extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp,
@@ -90,7 +105,7 @@ extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath,
                                    struct lxc_seccomp *seccomp);
 static inline int lxc_seccomp_get_notify_fd(struct lxc_seccomp *seccomp)
 {
-#if HAVE_DECL_SECCOMP_NOTIF_GET_FD
+#if HAVE_DECL_SECCOMP_NOTIFY_FD
        return seccomp->notifier.notify_fd;
 #else
        errno = ENOSYS;
@@ -129,9 +144,9 @@ static inline void seccomp_conf_init(struct lxc_conf *conf)
 {
 }
 
-static inline int lxc_seccomp_setup_notifier(struct lxc_seccomp *seccomp,
-                                            struct lxc_epoll_descr *descr,
-                                            struct lxc_handler *handler)
+static inline int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
+                                         struct lxc_epoll_descr *descr,
+                                         struct lxc_handler *handler)
 {
        return 0;
 }