The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are supported.
.TP
.B 4
-The SCMP_FLTATR_SPEC_ALLOW filter attribute is supported.
+The SCMP_FLTATR_CTL_SSB filter attribute is supported.
.\" //////////////////////////////////////////////////////////////////////////
.SH RETURN VALUE
.\" //////////////////////////////////////////////////////////////////////////
.I value
== 0).
.TP
-.B SCMP_FLTATR_SPEC_ALLOW
+.B SCMP_FLTATR_CTL_SSB
A flag to disable Speculative Store Bypass mitigations for this filter.
Defaults to off (
.I value
SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */
SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */
SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */
- SCMP_FLTATR_SPEC_ALLOW = 7, /**< disable SSB mitigation */
+ SCMP_FLTATR_CTL_SSB = 7, /**< disable SSB mitigation */
_SCMP_FLTATR_MAX,
};
* 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
* support for the SCMP_ACT_LOG action
* support for the SCMP_ACT_KILL_PROCESS action
- * 4 : support for the SCMP_FLTATR_SPEC_ALLOW filter attrbute
+ * 4 : support for the SCMP_FLTATR_CTL_SSB filter attrbute
*
*/
unsigned int seccomp_api_get(void);
case SCMP_FLTATR_CTL_LOG:
*value = col->attr.log_enable;
break;
- case SCMP_FLTATR_SPEC_ALLOW:
+ case SCMP_FLTATR_CTL_SSB:
*value = col->attr.spec_allow;
break;
default:
rc = -EOPNOTSUPP;
}
break;
- case SCMP_FLTATR_SPEC_ALLOW:
+ case SCMP_FLTATR_CTL_SSB:
rc = sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_SPEC_ALLOW);
if (rc == 1) {
/* supported */
SCMP_FLTATR_CTL_TSYNC
SCMP_FLTATR_API_TSKIP
SCMP_FLTATR_CTL_LOG
- SCMP_FLTATR_SPEC_ALLOW
+ SCMP_FLTATR_CTL_SSB
cdef enum scmp_compare:
SCMP_CMP_NE
CTL_TSYNC = libseccomp.SCMP_FLTATR_CTL_TSYNC
API_TSKIP = libseccomp.SCMP_FLTATR_API_TSKIP
CTL_LOG = libseccomp.SCMP_FLTATR_CTL_LOG
- SPEC_ALLOW = libseccomp.SCMP_FLTATR_SPEC_ALLOW
+ CTL_SSB = libseccomp.SCMP_FLTATR_CTL_SSB
cdef class Arg:
""" Python object representing a SyscallFilter syscall argument.
}
- rc = seccomp_attr_set(ctx, SCMP_FLTATR_SPEC_ALLOW, 1);
- if (rc == -EOPNOTSUPP)
- goto out;
- else if (rc != 0)
+ rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_SSB, 1);
+ if (rc != 0)
goto out;
- rc = seccomp_attr_get(ctx, SCMP_FLTATR_SPEC_ALLOW, &val);
+ rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_SSB, &val);
if (rc != 0)
goto out;
if (val != 1) {
f.set_attr(Attr.CTL_LOG, 1)
if f.get_attr(Attr.CTL_LOG) != 1:
raise RuntimeError("Failed getting Attr.CTL_LOG")
- f.set_attr(Attr.SPEC_ALLOW, 1)
- if f.get_attr(Attr.SPEC_ALLOW) != 1:
+ f.set_attr(Attr.CTL_SSB, 1)
+ if f.get_attr(Attr.CTL_SSB) != 1:
raise RuntimeError("Failed getting Attr.SPEC_ALLOW")
test()