api: rename SCMP_FLTATR_SPEC_ALLOW to SCMP_FLTATR_CTL_SSB

Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/doc/man/man3/seccomp_api_get.3 b/doc/man/man3/seccomp_api_get.3
index ac3c2ff88d0c134dc4215cbf89059273895b6062..d358c6d750b65faaaa713406488169408ba05ee7 100644 (file)
--- a/doc/man/man3/seccomp_api_get.3
+++ b/doc/man/man3/seccomp_api_get.3
@@ -52,7 +52,7 @@ syscall to load the seccomp filter into the kernel.
 The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are supported.
 .TP
 .B 4
-The SCMP_FLTATR_SPEC_ALLOW filter attribute is supported.
+The SCMP_FLTATR_CTL_SSB filter attribute is supported.
 .\" //////////////////////////////////////////////////////////////////////////
 .SH RETURN VALUE
 .\" //////////////////////////////////////////////////////////////////////////

diff --git a/doc/man/man3/seccomp_attr_set.3 b/doc/man/man3/seccomp_attr_set.3
index 113200430a7bf93aa36a4922474f9226ba87e6e0..c66668de8770d17d04910bc459d276780ae187a1 100644 (file)
--- a/doc/man/man3/seccomp_attr_set.3
+++ b/doc/man/man3/seccomp_attr_set.3
@@ -95,7 +95,7 @@ action. Defaults to off (
 .I value
 == 0).
 .TP
-.B SCMP_FLTATR_SPEC_ALLOW
+.B SCMP_FLTATR_CTL_SSB
 A flag to disable Speculative Store Bypass mitigations for this filter.
 Defaults to off (
 .I value

diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index eaa56740b831d74da97bdc8ecb1e0e2aafc88dfb..e698e687e629c84981a08c7c9d5263e578ad79e7 100644 (file)
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -65,7 +65,7 @@ enum scmp_filter_attr {
        SCMP_FLTATR_CTL_TSYNC = 4,      /**< sync threads on filter load */
        SCMP_FLTATR_API_TSKIP = 5,      /**< allow rules with a -1 syscall */
        SCMP_FLTATR_CTL_LOG = 6,        /**< log not-allowed actions */
-       SCMP_FLTATR_SPEC_ALLOW = 7, /**< disable SSB mitigation */
+       SCMP_FLTATR_CTL_SSB = 7,        /**< disable SSB mitigation */
        _SCMP_FLTATR_MAX,
 };
 
@@ -368,7 +368,7 @@ const struct scmp_version *seccomp_version(void);
  *  3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
  *      support for the SCMP_ACT_LOG action
  *      support for the SCMP_ACT_KILL_PROCESS action
- *  4 : support for the SCMP_FLTATR_SPEC_ALLOW filter attrbute
+ *  4 : support for the SCMP_FLTATR_CTL_SSB filter attrbute
  *
  */
 unsigned int seccomp_api_get(void);

diff --git a/src/db.c b/src/db.c
index 064f343a363ea1be2f09cd6d0a80ebd8ecfa8893..94e6007eb8b5cacf8b7fa78d131485a3ef61dcf1 100644 (file)
--- a/src/db.c
+++ b/src/db.c
@@ -1280,7 +1280,7 @@ int db_col_attr_get(const struct db_filter_col *col,
        case SCMP_FLTATR_CTL_LOG:
                *value = col->attr.log_enable;
                break;
-       case SCMP_FLTATR_SPEC_ALLOW:
+       case SCMP_FLTATR_CTL_SSB:
                *value = col->attr.spec_allow;
                break;
        default:
@@ -1344,7 +1344,7 @@ int db_col_attr_set(struct db_filter_col *col,
                        rc = -EOPNOTSUPP;
                }
                break;
-       case SCMP_FLTATR_SPEC_ALLOW:
+       case SCMP_FLTATR_CTL_SSB:
                rc = sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_SPEC_ALLOW);
                if (rc == 1) {
                        /* supported */

diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index 1293208a5bdd2e3e17129b7b3036e2ef3cf30e4b..bccc81e65a4f4e1e18af53f80044e1a789dce0a3 100644 (file)
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -58,7 +58,7 @@ cdef extern from "seccomp.h":
         SCMP_FLTATR_CTL_TSYNC
         SCMP_FLTATR_API_TSKIP
         SCMP_FLTATR_CTL_LOG
-        SCMP_FLTATR_SPEC_ALLOW
+        SCMP_FLTATR_CTL_SSB
 
     cdef enum scmp_compare:
         SCMP_CMP_NE

diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index 27211ad6c756f3132ab099c5baea5d13508efbf7..04554668f6f2d55ed4ef92a495867cb651acbb89 100644 (file)
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -308,7 +308,7 @@ cdef class Attr:
     CTL_TSYNC = libseccomp.SCMP_FLTATR_CTL_TSYNC
     API_TSKIP = libseccomp.SCMP_FLTATR_API_TSKIP
     CTL_LOG = libseccomp.SCMP_FLTATR_CTL_LOG
-    SPEC_ALLOW = libseccomp.SCMP_FLTATR_SPEC_ALLOW
+    CTL_SSB = libseccomp.SCMP_FLTATR_CTL_SSB
 
 cdef class Arg:
     """ Python object representing a SyscallFilter syscall argument.

diff --git a/tests/13-basic-attrs.c b/tests/13-basic-attrs.c
index 29ef3210e6541dc379c6f37740337e4354590200..28147bd7cd898d43fd355783dc52cf1630c3a016 100644 (file)
--- a/tests/13-basic-attrs.c
+++ b/tests/13-basic-attrs.c
@@ -109,12 +109,10 @@ int main(int argc, char *argv[])
        }
 
 
-       rc = seccomp_attr_set(ctx, SCMP_FLTATR_SPEC_ALLOW, 1);
-       if (rc == -EOPNOTSUPP)
-               goto out;
-       else if (rc != 0)
+       rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_SSB, 1);
+       if (rc != 0)
                goto out;
-       rc = seccomp_attr_get(ctx, SCMP_FLTATR_SPEC_ALLOW, &val);
+       rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_SSB, &val);
        if (rc != 0)
                goto out;
        if (val != 1) {

diff --git a/tests/13-basic-attrs.py b/tests/13-basic-attrs.py
index 7ee5df79d507705caf862599b1d6533ae2c66756..6d65ca7e36f14572207be30f2489cedb279041fa 100755 (executable)
--- a/tests/13-basic-attrs.py
+++ b/tests/13-basic-attrs.py
@@ -52,8 +52,8 @@ def test():
     f.set_attr(Attr.CTL_LOG, 1)
     if f.get_attr(Attr.CTL_LOG) != 1:
         raise RuntimeError("Failed getting Attr.CTL_LOG")
-    f.set_attr(Attr.SPEC_ALLOW, 1)
-    if f.get_attr(Attr.SPEC_ALLOW) != 1:
+    f.set_attr(Attr.CTL_SSB, 1)
+    if f.get_attr(Attr.CTL_SSB) != 1:
         raise RuntimeError("Failed getting Attr.SPEC_ALLOW")
 
 test()