From b6907ecc46491e0ea66f6210dc3f11e6bb31b12b Mon Sep 17 00:00:00 2001 From: Harry Stern Date: Sun, 3 Mar 2024 23:15:03 -0500 Subject: [PATCH] Use libc seccomp constants Use libc constants now that rust-lang/libc/pull/3343 is merged and released. SECCOMP_RET_MASK does not exist anymore and appears to have not existed for a while. SECCOMP_RET_DATA is exactly the same mask value, and the usage here is in line with the man page. Completes #60 Signed-off-by: Harry Stern --- src/backend/bpf.rs | 13 +------------ src/backend/mod.rs | 14 ++++++++------ src/lib.rs | 6 +----- 3 files changed, 10 insertions(+), 23 deletions(-) diff --git a/src/backend/bpf.rs b/src/backend/bpf.rs index a29422a..aef397a 100644 --- a/src/backend/bpf.rs +++ b/src/backend/bpf.rs @@ -75,7 +75,7 @@ pub(crate) fn build_arch_validation_sequence(target_arch: TargetArch) -> Vec for u32 { fn from(action: SeccompAction) -> Self { match action { SeccompAction::Allow => SECCOMP_RET_ALLOW, - SeccompAction::Errno(x) => SECCOMP_RET_ERRNO | (x & SECCOMP_RET_MASK), + SeccompAction::Errno(x) => SECCOMP_RET_ERRNO | (x & SECCOMP_RET_DATA), SeccompAction::KillThread => SECCOMP_RET_KILL_THREAD, SeccompAction::KillProcess => SECCOMP_RET_KILL_PROCESS, SeccompAction::Log => SECCOMP_RET_LOG, - SeccompAction::Trace(x) => SECCOMP_RET_TRACE | (x & SECCOMP_RET_MASK), + SeccompAction::Trace(x) => SECCOMP_RET_TRACE | (x & SECCOMP_RET_DATA), SeccompAction::Trap => SECCOMP_RET_TRAP, } } diff --git a/src/lib.rs b/src/lib.rs index 2e93b78..10f3a79 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -208,10 +208,6 @@ pub use backend::{ SeccompCmpOp, SeccompCondition, SeccompFilter, SeccompRule, TargetArch, }; -// Until https://github.com/rust-lang/libc/issues/3342 is fixed, define locally -// From -const SECCOMP_SET_MODE_FILTER: libc::c_int = 1; - // BPF structure definition for filter array. // See /usr/include/linux/filter.h . #[repr(C)] @@ -361,7 +357,7 @@ fn apply_filter_with_flags(bpf_filter: BpfProgramRef, flags: libc::c_ulong) -> R let rc = unsafe { libc::syscall( libc::SYS_seccomp, - SECCOMP_SET_MODE_FILTER, + libc::SECCOMP_SET_MODE_FILTER, flags, bpf_prog_ptr, )