From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Fri, 2 Feb 2024 14:28:30 +0000 (+0100)
Subject: include: introduce seccomp.h
X-Git-Tag: v2.42-start~524^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd1786d372bb76bac426018cef656f136e2d435f;p=thirdparty%2Futil-linux.git

include: introduce seccomp.h

It will be used by setpriv in a future commit.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
---

diff --git a/include/Makemodule.am b/include/Makemodule.am
index c08e24c2da..50a8546128 100644
--- a/include/Makemodule.am
+++ b/include/Makemodule.am
@@ -64,6 +64,7 @@ dist_noinst_HEADERS += \
 	include/pt-sun.h \
 	include/randutils.h \
 	include/rpmatch.h \
+	include/seccomp.h \
 	include/sha1.h \
 	include/sha256.h \
 	include/shells.h \
diff --git a/include/seccomp.h b/include/seccomp.h
new file mode 100644
index 0000000000..2b211439e0
--- /dev/null
+++ b/include/seccomp.h
@@ -0,0 +1,24 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2024 Thomas WeiÃschuh <thomas@t-8ch.de>
+ */
+
+#ifndef UL_SECCOMP_H
+#define UL_SECCOMP_H
+
+#include <linux/filter.h>
+#include <linux/seccomp.h>
+#include <sys/prctl.h>
+
+static int ul_set_seccomp_filter_spec_allow(const struct sock_fprog *prog)
+{
+#if defined(__NR_seccomp) && defined(SECCOMP_SET_MODE_FILTER) && defined(SECCOMP_FILTER_FLAG_SPEC_ALLOW)
+	if (!syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_SPEC_ALLOW, prog))
+		return 0;
+#endif
+
+	return prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, prog);
+}
+
+#endif /* UL_SECCOMP_H */
diff --git a/misc-utils/enosys.c b/misc-utils/enosys.c
index 22096dfe0b..b806c7054b 100644
--- a/misc-utils/enosys.c
+++ b/misc-utils/enosys.c
@@ -21,8 +21,6 @@
 #include <getopt.h>
 
 #include <linux/unistd.h>
-#include <linux/filter.h>
-#include <linux/seccomp.h>
 #include <linux/audit.h>
 #include <sys/prctl.h>
 #include <sys/syscall.h>
@@ -36,6 +34,7 @@
 #include "list.h"
 #include "xalloc.h"
 #include "strutils.h"
+#include "seccomp.h"
 
 #define IS_LITTLE_ENDIAN (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
 
@@ -45,16 +44,6 @@
 #define syscall_arg_lower32(n) (_syscall_arg(n) + 4 * !IS_LITTLE_ENDIAN)
 #define syscall_arg_upper32(n) (_syscall_arg(n) + 4 * IS_LITTLE_ENDIAN)
 
-static int set_seccomp_filter(const void *prog)
-{
-#if defined(__NR_seccomp) && defined(SECCOMP_SET_MODE_FILTER) && defined(SECCOMP_FILTER_FLAG_SPEC_ALLOW)
-	if (!syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_SPEC_ALLOW, prog))
-		return 0;
-#endif
-
-	return prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, prog);
-}
-
 struct syscall {
 	const char *const name;
 	long number;
@@ -258,7 +247,7 @@ int main(int argc, char **argv)
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
 		err_nosys(EXIT_FAILURE, _("Could not run prctl(PR_SET_NO_NEW_PRIVS)"));
 
-	if (set_seccomp_filter(&prog))
+	if (ul_set_seccomp_filter_spec_allow(&prog))
 		err_nosys(EXIT_FAILURE, _("Could not seccomp filter"));
 
 	if (execvp(argv[optind], argv + optind))