In C we add seccomp_arch_native(void), in Python we add Arch.system().
Both functions return an architecture token value.
Signed-off-by: Paul Moore <pmoore@redhat.com>
man/man3/seccomp_attr_set.3 \
man/man3/seccomp_attr_get.3 \
man/man3/seccomp_arch_add.3 \
+ man/man3/seccomp_arch_exist.3 \
+ man/man3/seccomp_arch_native.3 \
man/man3/seccomp_arch_remove.3 \
man/man3/seccomp_merge.3
-.TH "seccomp_arch_add" 3 "28 September 2012" "paul@paul-moore.com" "libseccomp Documentation"
+.TH "seccomp_arch_add" 3 "26 November 2012" "paul@paul-moore.com" "libseccomp Documentation"
.\" //////////////////////////////////////////////////////////////////////////
.SH NAME
.\" //////////////////////////////////////////////////////////////////////////
-seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist \- Manage seccomp filter architectures
+seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist, seccomp_arch_native \- Manage seccomp filter architectures
.\" //////////////////////////////////////////////////////////////////////////
.SH SYNOPSIS
.\" //////////////////////////////////////////////////////////////////////////
.B #define SCMP_ARCH_X86
.B #define SCMP_ARCH_X86_64
.sp
+.BI "uint32_t seccomp_arch_native();"
.BI "int seccomp_arch_exist(const scmp_filter_ctx " ctx ", uint32_t " arch_token ");"
.BI "int seccomp_arch_add(scmp_filter_ctx " ctx ", uint32_t " arch_token ");"
.BI "int seccomp_arch_remove(scmp_filter_ctx " ctx ", uint32_t " arch_token ");"
.BR SCMP_ARCH_*
defined constants; with the
.BR SCMP_ARCH_NATIVE
-constant always referring to the native compiled architecture.
+constant always referring to the native compiled architecture. The
+.BR seccomp_arch_native ()
+function returns the system's architecture such that it will match one of the
+.BR SCMP_ARCH_*
+constants.
.P
When a seccomp filter is initialized with the call to
.BR seccomp_init (3)
--- /dev/null
+.so man3/seccomp_arch_add.3
*/
int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src);
+/**
+ * Return the native architecture token
+ *
+ * This function returns the native architecture token value, e.g. SCMP_ARCH_*.
+ *
+ */
+uint32_t seccomp_arch_native(void);
+
/**
* Check to see if an existing architecture is present in the filter
* @param ctx the filter context
return db_col_merge(col_dst, col_src);
}
+/* NOTE - function header comment in include/seccomp.h */
+uint32_t seccomp_arch_native(void)
+{
+ return arch_def_native.token;
+}
+
/* NOTE - function header comment in include/seccomp.h */
int seccomp_arch_exist(const scmp_filter_ctx ctx, uint32_t arch_token)
{
int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src)
+ uint32_t seccomp_arch_native()
int seccomp_arch_exist(scmp_filter_ctx ctx, uint32_t arch_token)
int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token)
int seccomp_arch_remove(scmp_filter_ctx ctx, uint32_t arch_token)
X86 - 32-bit x86
X86_64 - 64-bit x86
"""
-
NATIVE = libseccomp.SCMP_ARCH_NATIVE
X86 = libseccomp.SCMP_ARCH_X86
X86_64 = libseccomp.SCMP_ARCH_X86_64
+ def system(self):
+ """ Return the system's architecture
+
+ Description:
+ Return an integer value matching the native architecture.
+ """
+ return libseccomp.seccomp_arch_native()
+
cdef class Attr:
""" Python object representing the SyscallFilter attributes.
if (ctx == NULL)
goto out;
- if (seccomp_arch_exist(ctx, SCMP_ARCH_X86) == -EEXIST) {
+ if (seccomp_arch_native() != SCMP_ARCH_X86) {
rc = seccomp_arch_add(ctx, SCMP_ARCH_X86);
if (rc != 0)
goto out;
}
- if (seccomp_arch_exist(ctx, SCMP_ARCH_X86_64) == -EEXIST) {
+ if (seccomp_arch_native() != SCMP_ARCH_X86_64) {
rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64);
if (rc != 0)
goto out;
def test(args):
f = SyscallFilter(KILL)
- if not f.exist_arch(Arch.X86):
+ if not Arch.system() == Arch.X86:
f.add_arch(Arch.X86)
- if not f.exist_arch(Arch.X86_64):
+ if not Arch.system() == Arch.X86_64:
f.add_arch(Arch.X86_64)
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout))