seccomp-util: enforce group ordering

So far we asked via a comment that @default should stay the first group
and @known the last group in the list. Let's enforce that statically, in
code, too.

diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 4f5b0249ad7f2638fad9c3e23c429f6c63570231..5fd135d5972fba1538eb692ee8aa789c77d839cc 100644 (file)
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -57,9 +57,12 @@ enum {
         SYSCALL_FILTER_SET_SYSTEM_SERVICE,
         SYSCALL_FILTER_SET_TIMER,
         SYSCALL_FILTER_SET_KNOWN,
-        _SYSCALL_FILTER_SET_MAX
+        _SYSCALL_FILTER_SET_MAX,
 };
 
+assert_cc(SYSCALL_FILTER_SET_DEFAULT == 0);
+assert_cc(SYSCALL_FILTER_SET_KNOWN == _SYSCALL_FILTER_SET_MAX-1);
+
 extern const SyscallFilterSet syscall_filter_sets[];
 
 const SyscallFilterSet *syscall_filter_set_find(const char *name);