seccomp: add SECCOMP_RET_ERRNO

[linux-block.git] / include / linux / seccomp.h

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 86bb68fc7683ecc93786d0d9c4b49d8dc13f9cc8..b4ce2c816e0679fd2013922e36f84e24e93f4d29 100644 (file)
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -12,13 +12,14 @@
 
 /*
  * All BPF programs must return a 32-bit value.
- * The bottom 16-bits are reserved for future use.
+ * The bottom 16-bits are for optional return data.
  * The upper 16-bits are ordered from least permissive values to most.
  *
  * The ordering ensures that a min_t() over composed return values always
  * selects the least permissive choice.
  */
 #define SECCOMP_RET_KILL       0x00000000U /* kill the task immediately */
+#define SECCOMP_RET_ERRNO      0x00050000U /* returns an errno */
 #define SECCOMP_RET_ALLOW      0x7fff0000U /* allow */
 
 /* Masks for the return value sections. */
@@ -64,11 +65,12 @@ struct seccomp {
        struct seccomp_filter *filter;
 };
 
-extern void __secure_computing(int);
-static inline void secure_computing(int this_syscall)
+extern int __secure_computing(int);
+static inline int secure_computing(int this_syscall)
 {
        if (unlikely(test_thread_flag(TIF_SECCOMP)))
-               __secure_computing(this_syscall);
+               return  __secure_computing(this_syscall);
+       return 0;
 }
 
 extern long prctl_get_seccomp(void);