Lines Matching +full:current +full:- +full:mode
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright 2004-2005 Andrea Arcangeli <andrea@cpushare.com>
10 * This defines a simple but solid secure-computing facility.
12 * Mode 1 uses a fixed list of allowed system calls.
13 * Mode 2 allows user-defined system call filters in the form
103 * struct seccomp_kaddfd - container for seccomp_addfd ioctl messages
106 * @fd: The fd number to install it at. If the fd number is -1, it means the
129 * struct notification - container for seccomp userspace notifications. Since
131 * structure is fairly large, we store the notification-specific stuff in a
136 * filter->notify_lock.
147 * struct seccomp_filter - container for seccomp BPF programs
156 * and once for the dependent filter (tracked in filter->prev).
166 * @notify_lock: A lock for all notification-related accesses.
170 * pointer. For any task, it appears to be a singly-linked list starting
171 * with current->seccomp.filter, the most recently attached or inherited filter.
201 * to safely fetch "current", so just use "task" everywhere below. in populate_seccomp_data()
203 struct task_struct *task = current; in populate_seccomp_data()
207 sd->nr = syscall_get_nr(task, regs); in populate_seccomp_data()
208 sd->arch = syscall_get_arch(task); in populate_seccomp_data()
210 sd->args[0] = args[0]; in populate_seccomp_data()
211 sd->args[1] = args[1]; in populate_seccomp_data()
212 sd->args[2] = args[2]; in populate_seccomp_data()
213 sd->args[3] = args[3]; in populate_seccomp_data()
214 sd->args[4] = args[4]; in populate_seccomp_data()
215 sd->args[5] = args[5]; in populate_seccomp_data()
216 sd->instruction_pointer = KSTK_EIP(task); in populate_seccomp_data()
220 * seccomp_check_filter - verify seccomp filter code
229 * Returns 0 if the rule set is legal or -EINVAL if not.
236 u16 code = ftest->code; in seccomp_check_filter()
237 u32 k = ftest->k; in seccomp_check_filter()
241 ftest->code = BPF_LDX | BPF_W | BPF_ABS; in seccomp_check_filter()
242 /* 32-bit aligned and not out of bounds. */ in seccomp_check_filter()
244 return -EINVAL; in seccomp_check_filter()
247 ftest->code = BPF_LD | BPF_IMM; in seccomp_check_filter()
248 ftest->k = sizeof(struct seccomp_data); in seccomp_check_filter()
251 ftest->code = BPF_LDX | BPF_IMM; in seccomp_check_filter()
252 ftest->k = sizeof(struct seccomp_data); in seccomp_check_filter()
295 return -EINVAL; in seccomp_check_filter()
302 * seccomp_run_filters - evaluates all seccomp filters against @sd
315 /* Make sure cross-thread synced filter points somewhere sane. */ in seccomp_run_filters()
317 READ_ONCE(current->seccomp.filter); in seccomp_run_filters()
327 for (; f; f = f->prev) { in seccomp_run_filters()
328 u32 cur_ret = bpf_prog_run_pin_on_cpu(f->prog, sd); in seccomp_run_filters()
341 assert_spin_locked(¤t->sighand->siglock); in seccomp_may_assign_mode()
343 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) in seccomp_may_assign_mode()
355 assert_spin_locked(&task->sighand->siglock); in seccomp_assign_mode()
357 task->seccomp.mode = seccomp_mode; in seccomp_assign_mode()
359 * Make sure TIF_SECCOMP cannot be set before the mode (and in seccomp_assign_mode()
377 for (; child; child = child->prev) in is_ancestor()
388 * Returns 0 on success, -ve on error, or the pid of a thread which was
389 * either not in the correct seccomp mode or did not have an ancestral
396 BUG_ON(!mutex_is_locked(¤t->signal->cred_guard_mutex)); in seccomp_can_sync_threads()
397 assert_spin_locked(¤t->sighand->siglock); in seccomp_can_sync_threads()
400 caller = current; in seccomp_can_sync_threads()
404 /* Skip current, since it is initiating the sync. */ in seccomp_can_sync_threads()
408 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED || in seccomp_can_sync_threads()
409 (thread->seccomp.mode == SECCOMP_MODE_FILTER && in seccomp_can_sync_threads()
410 is_ancestor(thread->seccomp.filter, in seccomp_can_sync_threads()
411 caller->seccomp.filter))) in seccomp_can_sync_threads()
416 /* If the pid cannot be resolved, then return -ESRCH */ in seccomp_can_sync_threads()
418 failed = -ESRCH; in seccomp_can_sync_threads()
428 bpf_prog_destroy(filter->prog); in seccomp_filter_free()
435 while (orig && refcount_dec_and_test(&orig->users)) { in __seccomp_filter_orphan()
436 if (waitqueue_active(&orig->wqh)) in __seccomp_filter_orphan()
437 wake_up_poll(&orig->wqh, EPOLLHUP); in __seccomp_filter_orphan()
438 orig = orig->prev; in __seccomp_filter_orphan()
444 /* Clean up single-reference branches iteratively. */ in __put_seccomp_filter()
445 while (orig && refcount_dec_and_test(&orig->refs)) { in __put_seccomp_filter()
447 orig = orig->prev; in __put_seccomp_filter()
461 * seccomp_filter_release - Detach the task from its filter tree,
471 struct seccomp_filter *orig = tsk->seccomp.filter; in seccomp_filter_release()
474 tsk->seccomp.filter = NULL; in seccomp_filter_release()
479 * seccomp_sync_threads: sets all threads to use current's filter
490 BUG_ON(!mutex_is_locked(¤t->signal->cred_guard_mutex)); in seccomp_sync_threads()
491 assert_spin_locked(¤t->sighand->siglock); in seccomp_sync_threads()
494 caller = current; in seccomp_sync_threads()
496 /* Skip current, since it needs no changes. */ in seccomp_sync_threads()
505 * current's path will hold a reference. (This also in seccomp_sync_threads()
508 __seccomp_filter_release(thread->seccomp.filter); in seccomp_sync_threads()
511 smp_store_release(&thread->seccomp.filter, in seccomp_sync_threads()
512 caller->seccomp.filter); in seccomp_sync_threads()
513 atomic_set(&thread->seccomp.filter_count, in seccomp_sync_threads()
514 atomic_read(&thread->seccomp.filter_count)); in seccomp_sync_threads()
527 * As threads are considered to be trust-realm in seccomp_sync_threads()
531 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) in seccomp_sync_threads()
549 if (fprog->len == 0 || fprog->len > BPF_MAXINSNS) in seccomp_prepare_filter()
550 return ERR_PTR(-EINVAL); in seccomp_prepare_filter()
552 BUG_ON(INT_MAX / fprog->len < sizeof(struct sock_filter)); in seccomp_prepare_filter()
560 if (!task_no_new_privs(current) && in seccomp_prepare_filter()
562 return ERR_PTR(-EACCES); in seccomp_prepare_filter()
567 return ERR_PTR(-ENOMEM); in seccomp_prepare_filter()
569 mutex_init(&sfilter->notify_lock); in seccomp_prepare_filter()
570 ret = bpf_prog_create_from_user(&sfilter->prog, fprog, in seccomp_prepare_filter()
577 refcount_set(&sfilter->refs, 1); in seccomp_prepare_filter()
578 refcount_set(&sfilter->users, 1); in seccomp_prepare_filter()
579 init_waitqueue_head(&sfilter->wqh); in seccomp_prepare_filter()
585 * seccomp_prepare_user_filter - prepares a user-supplied sock_fprog
588 * Returns 0 on success and non-zero otherwise.
594 struct seccomp_filter *filter = ERR_PTR(-EFAULT); in seccomp_prepare_user_filter()
615 * @filter: seccomp filter to add to the current process
617 * Caller must be holding current->sighand->siglock lock.
619 * Returns 0 on success, -ve on error, or
620 * - in TSYNC mode: the pid of a thread which was either not in the correct
621 * seccomp mode or did not have an ancestral seccomp filter
622 * - in NEW_LISTENER mode: the fd of the new listener
630 assert_spin_locked(¤t->sighand->siglock); in seccomp_attach_filter()
633 total_insns = filter->prog->len; in seccomp_attach_filter()
634 for (walker = current->seccomp.filter; walker; walker = walker->prev) in seccomp_attach_filter()
635 total_insns += walker->prog->len + 4; /* 4 instr penalty */ in seccomp_attach_filter()
637 return -ENOMEM; in seccomp_attach_filter()
646 return -ESRCH; in seccomp_attach_filter()
654 filter->log = true; in seccomp_attach_filter()
660 filter->prev = current->seccomp.filter; in seccomp_attach_filter()
661 current->seccomp.filter = filter; in seccomp_attach_filter()
662 atomic_inc(¤t->seccomp.filter_count); in seccomp_attach_filter()
673 refcount_inc(&filter->refs); in __get_seccomp_filter()
676 /* get_seccomp_filter - increments the reference count of the filter on @tsk */
679 struct seccomp_filter *orig = tsk->seccomp.filter; in get_seccomp_filter()
683 refcount_inc(&orig->users); in get_seccomp_filter()
689 info->si_signo = SIGSYS; in seccomp_init_siginfo()
690 info->si_code = SYS_SECCOMP; in seccomp_init_siginfo()
691 info->si_call_addr = (void __user *)KSTK_EIP(current); in seccomp_init_siginfo()
692 info->si_errno = reason; in seccomp_init_siginfo()
693 info->si_arch = syscall_get_arch(current); in seccomp_init_siginfo()
694 info->si_syscall = syscall; in seccomp_init_siginfo()
698 * seccomp_send_sigsys - signals the task to allow in-process syscall emulation
700 * @reason: filter-supplied reason code to send to userland (via si_errno)
774 * Secure computing mode 1 allows only read/write/exit/sigreturn.
780 -1, /* negative terminated */
793 } while (*++allowed_syscalls != -1); in __secure_computing_strict()
805 int mode = current->seccomp.mode; in secure_computing_strict() local
808 unlikely(current->ptrace & PT_SUSPEND_SECCOMP)) in secure_computing_strict()
811 if (mode == SECCOMP_MODE_DISABLED) in secure_computing_strict()
813 else if (mode == SECCOMP_MODE_STRICT) in secure_computing_strict()
827 lockdep_assert_held(&filter->notify_lock); in seccomp_next_notify_id()
828 return filter->notif->next_id++; in seccomp_next_notify_id()
837 list_del_init(&addfd->list); in seccomp_handle_addfd()
838 addfd->ret = receive_fd_replace(addfd->fd, addfd->file, addfd->flags); in seccomp_handle_addfd()
839 complete(&addfd->completion); in seccomp_handle_addfd()
852 mutex_lock(&match->notify_lock); in seccomp_do_user_notification()
853 err = -ENOSYS; in seccomp_do_user_notification()
854 if (!match->notif) in seccomp_do_user_notification()
857 n.task = current; in seccomp_do_user_notification()
862 list_add(&n.list, &match->notif->notifications); in seccomp_do_user_notification()
865 up(&match->notif->request); in seccomp_do_user_notification()
866 wake_up_poll(&match->wqh, EPOLLIN | EPOLLRDNORM); in seccomp_do_user_notification()
867 mutex_unlock(&match->notify_lock); in seccomp_do_user_notification()
874 mutex_lock(&match->notify_lock); in seccomp_do_user_notification()
881 mutex_unlock(&match->notify_lock); in seccomp_do_user_notification()
892 addfd->ret = -ESRCH; in seccomp_do_user_notification()
893 list_del_init(&addfd->list); in seccomp_do_user_notification()
894 complete(&addfd->completion); in seccomp_do_user_notification()
900 * re-acquire the lock, so only delete from the list if the in seccomp_do_user_notification()
907 if (match->notif) in seccomp_do_user_notification()
910 mutex_unlock(&match->notify_lock); in seccomp_do_user_notification()
916 syscall_set_return_value(current, current_pt_regs(), in seccomp_do_user_notification()
918 return -1; in seccomp_do_user_notification()
930 * Make sure that any changes to mode from another thread have in __seccomp_filter()
946 /* Set low-order bits as an errno, capped at MAX_ERRNO. */ in __seccomp_filter()
949 syscall_set_return_value(current, current_pt_regs(), in __seccomp_filter()
950 -data, 0); in __seccomp_filter()
955 syscall_rollback(current, current_pt_regs()); in __seccomp_filter()
966 if (!ptrace_event_enabled(current, PTRACE_EVENT_SECCOMP)) { in __seccomp_filter()
967 syscall_set_return_value(current, in __seccomp_filter()
969 -ENOSYS, 0); in __seccomp_filter()
985 if (fatal_signal_pending(current)) in __seccomp_filter()
988 this_syscall = syscall_get_nr(current, current_pt_regs()); in __seccomp_filter()
999 return -1; in __seccomp_filter()
1027 get_nr_threads(current) == 1) { in __seccomp_filter()
1031 syscall_rollback(current, current_pt_regs()); in __seccomp_filter()
1045 seccomp_log(this_syscall, 0, action, match ? match->log : false); in __seccomp_filter()
1046 return -1; in __seccomp_filter()
1058 int mode = current->seccomp.mode; in __secure_computing() local
1062 unlikely(current->ptrace & PT_SUSPEND_SECCOMP)) in __secure_computing()
1065 this_syscall = sd ? sd->nr : in __secure_computing()
1066 syscall_get_nr(current, current_pt_regs()); in __secure_computing()
1068 switch (mode) { in __secure_computing()
1082 return current->seccomp.mode; in prctl_get_seccomp()
1088 * Once current->seccomp.mode is non-zero, it may not be changed.
1090 * Returns 0 on success or -EINVAL on failure.
1095 long ret = -EINVAL; in seccomp_set_mode_strict()
1097 spin_lock_irq(¤t->sighand->siglock); in seccomp_set_mode_strict()
1105 seccomp_assign_mode(current, seccomp_mode, 0); in seccomp_set_mode_strict()
1109 spin_unlock_irq(¤t->sighand->siglock); in seccomp_set_mode_strict()
1117 kfree(filter->notif); in seccomp_notify_free()
1118 filter->notif = NULL; in seccomp_notify_free()
1128 mutex_lock(&filter->notify_lock); in seccomp_notify_detach()
1134 list_for_each_entry(knotif, &filter->notif->notifications, list) { in seccomp_notify_detach()
1135 if (knotif->state == SECCOMP_NOTIFY_REPLIED) in seccomp_notify_detach()
1138 knotif->state = SECCOMP_NOTIFY_REPLIED; in seccomp_notify_detach()
1139 knotif->error = -ENOSYS; in seccomp_notify_detach()
1140 knotif->val = 0; in seccomp_notify_detach()
1147 complete(&knotif->ready); in seccomp_notify_detach()
1151 mutex_unlock(&filter->notify_lock); in seccomp_notify_detach()
1156 struct seccomp_filter *filter = file->private_data; in seccomp_notify_release()
1169 lockdep_assert_held(&filter->notify_lock); in find_notification()
1171 list_for_each_entry(cur, &filter->notif->notifications, list) { in find_notification()
1172 if (cur->id == id) in find_notification()
1192 return -EINVAL; in seccomp_notify_recv()
1196 ret = down_interruptible(&filter->notif->request); in seccomp_notify_recv()
1200 mutex_lock(&filter->notify_lock); in seccomp_notify_recv()
1201 list_for_each_entry(cur, &filter->notif->notifications, list) { in seccomp_notify_recv()
1202 if (cur->state == SECCOMP_NOTIFY_INIT) { in seccomp_notify_recv()
1214 ret = -ENOENT; in seccomp_notify_recv()
1218 unotif.id = knotif->id; in seccomp_notify_recv()
1219 unotif.pid = task_pid_vnr(knotif->task); in seccomp_notify_recv()
1220 unotif.data = *(knotif->data); in seccomp_notify_recv()
1222 knotif->state = SECCOMP_NOTIFY_SENT; in seccomp_notify_recv()
1223 wake_up_poll(&filter->wqh, EPOLLOUT | EPOLLWRNORM); in seccomp_notify_recv()
1226 mutex_unlock(&filter->notify_lock); in seccomp_notify_recv()
1229 ret = -EFAULT; in seccomp_notify_recv()
1237 mutex_lock(&filter->notify_lock); in seccomp_notify_recv()
1240 knotif->state = SECCOMP_NOTIFY_INIT; in seccomp_notify_recv()
1241 up(&filter->notif->request); in seccomp_notify_recv()
1243 mutex_unlock(&filter->notify_lock); in seccomp_notify_recv()
1257 return -EFAULT; in seccomp_notify_send()
1260 return -EINVAL; in seccomp_notify_send()
1264 return -EINVAL; in seccomp_notify_send()
1266 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_send()
1272 ret = -ENOENT; in seccomp_notify_send()
1277 if (knotif->state != SECCOMP_NOTIFY_SENT) { in seccomp_notify_send()
1278 ret = -EINPROGRESS; in seccomp_notify_send()
1283 knotif->state = SECCOMP_NOTIFY_REPLIED; in seccomp_notify_send()
1284 knotif->error = resp.error; in seccomp_notify_send()
1285 knotif->val = resp.val; in seccomp_notify_send()
1286 knotif->flags = resp.flags; in seccomp_notify_send()
1287 complete(&knotif->ready); in seccomp_notify_send()
1289 mutex_unlock(&filter->notify_lock); in seccomp_notify_send()
1301 return -EFAULT; in seccomp_notify_id_valid()
1303 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_id_valid()
1308 if (knotif && knotif->state == SECCOMP_NOTIFY_SENT) in seccomp_notify_id_valid()
1311 ret = -ENOENT; in seccomp_notify_id_valid()
1313 mutex_unlock(&filter->notify_lock); in seccomp_notify_id_valid()
1330 return -EINVAL; in seccomp_notify_addfd()
1337 return -EINVAL; in seccomp_notify_addfd()
1340 return -EINVAL; in seccomp_notify_addfd()
1343 return -EINVAL; in seccomp_notify_addfd()
1347 return -EBADF; in seccomp_notify_addfd()
1351 addfd.newfd : -1; in seccomp_notify_addfd()
1354 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_addfd()
1360 ret = -ENOENT; in seccomp_notify_addfd()
1369 if (knotif->state != SECCOMP_NOTIFY_SENT) { in seccomp_notify_addfd()
1370 ret = -EINPROGRESS; in seccomp_notify_addfd()
1374 list_add(&kaddfd.list, &knotif->addfd); in seccomp_notify_addfd()
1375 complete(&knotif->ready); in seccomp_notify_addfd()
1376 mutex_unlock(&filter->notify_lock); in seccomp_notify_addfd()
1392 mutex_lock(&filter->notify_lock); in seccomp_notify_addfd()
1406 mutex_unlock(&filter->notify_lock); in seccomp_notify_addfd()
1416 struct seccomp_filter *filter = file->private_data; in seccomp_notify_ioctl()
1419 /* Fixed-size ioctls */ in seccomp_notify_ioctl()
1436 return -EINVAL; in seccomp_notify_ioctl()
1443 struct seccomp_filter *filter = file->private_data; in seccomp_notify_poll()
1447 poll_wait(file, &filter->wqh, poll_tab); in seccomp_notify_poll()
1449 if (mutex_lock_interruptible(&filter->notify_lock) < 0) in seccomp_notify_poll()
1452 list_for_each_entry(cur, &filter->notif->notifications, list) { in seccomp_notify_poll()
1453 if (cur->state == SECCOMP_NOTIFY_INIT) in seccomp_notify_poll()
1455 if (cur->state == SECCOMP_NOTIFY_SENT) in seccomp_notify_poll()
1461 mutex_unlock(&filter->notify_lock); in seccomp_notify_poll()
1463 if (refcount_read(&filter->users) == 0) in seccomp_notify_poll()
1480 ret = ERR_PTR(-ENOMEM); in init_listener()
1481 filter->notif = kzalloc(sizeof(*(filter->notif)), GFP_KERNEL); in init_listener()
1482 if (!filter->notif) in init_listener()
1485 sema_init(&filter->notif->request, 0); in init_listener()
1486 filter->notif->next_id = get_random_u64(); in init_listener()
1487 INIT_LIST_HEAD(&filter->notif->notifications); in init_listener()
1507 * This only has to be tested for the current process, even in the TSYNC case,
1510 * we use current->seccomp.filter.
1517 lockdep_assert_held(¤t->sighand->siglock); in has_duplicate_listener()
1519 if (!new_child->notif) in has_duplicate_listener()
1521 for (cur = current->seccomp.filter; cur; cur = cur->prev) { in has_duplicate_listener()
1522 if (cur->notif) in has_duplicate_listener()
1538 * Once current->seccomp.mode is non-zero, it may not be changed.
1540 * Returns 0 on success or -EINVAL on failure.
1547 long ret = -EINVAL; in seccomp_set_mode_filter()
1548 int listener = -1; in seccomp_set_mode_filter()
1553 return -EINVAL; in seccomp_set_mode_filter()
1565 return -EINVAL; in seccomp_set_mode_filter()
1592 mutex_lock_killable(¤t->signal->cred_guard_mutex)) in seccomp_set_mode_filter()
1595 spin_lock_irq(¤t->sighand->siglock); in seccomp_set_mode_filter()
1601 ret = -EBUSY; in seccomp_set_mode_filter()
1611 seccomp_assign_mode(current, seccomp_mode, flags); in seccomp_set_mode_filter()
1613 spin_unlock_irq(¤t->sighand->siglock); in seccomp_set_mode_filter()
1615 mutex_unlock(¤t->signal->cred_guard_mutex); in seccomp_set_mode_filter()
1619 listener_f->private_data = NULL; in seccomp_set_mode_filter()
1636 return -EINVAL; in seccomp_set_mode_filter()
1645 return -EFAULT; in seccomp_get_action_avail()
1658 return -EOPNOTSUPP; in seccomp_get_action_avail()
1673 return -EFAULT; in seccomp_get_notif_sizes()
1685 return -EINVAL; in do_seccomp()
1691 return -EINVAL; in do_seccomp()
1696 return -EINVAL; in do_seccomp()
1700 return -EINVAL; in do_seccomp()
1711 * prctl_set_seccomp: configures current->seccomp.mode
1712 * @seccomp_mode: requested mode to use
1715 * Returns 0 on success or -EINVAL on failure.
1726 * Setting strict mode through prctl always ignored filter, in prctl_set_seccomp()
1737 return -EINVAL; in prctl_set_seccomp()
1755 spin_lock_irq(&task->sighand->siglock); in get_nth_filter()
1757 if (task->seccomp.mode != SECCOMP_MODE_FILTER) { in get_nth_filter()
1758 spin_unlock_irq(&task->sighand->siglock); in get_nth_filter()
1759 return ERR_PTR(-EINVAL); in get_nth_filter()
1762 orig = task->seccomp.filter; in get_nth_filter()
1764 spin_unlock_irq(&task->sighand->siglock); in get_nth_filter()
1767 for (filter = orig; filter; filter = filter->prev) in get_nth_filter()
1771 filter = ERR_PTR(-ENOENT); in get_nth_filter()
1775 count -= filter_off; in get_nth_filter()
1776 for (filter = orig; filter && count > 1; filter = filter->prev) in get_nth_filter()
1777 count--; in get_nth_filter()
1780 filter = ERR_PTR(-ENOENT); in get_nth_filter()
1799 current->seccomp.mode != SECCOMP_MODE_DISABLED) { in seccomp_get_filter()
1800 return -EACCES; in seccomp_get_filter()
1807 fprog = filter->prog->orig_prog; in seccomp_get_filter()
1809 /* This must be a new non-cBPF filter, since we save in seccomp_get_filter()
1813 ret = -EMEDIUMTYPE; in seccomp_get_filter()
1817 ret = fprog->len; in seccomp_get_filter()
1821 if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) in seccomp_get_filter()
1822 ret = -EFAULT; in seccomp_get_filter()
1837 current->seccomp.mode != SECCOMP_MODE_DISABLED) { in seccomp_get_metadata()
1838 return -EACCES; in seccomp_get_metadata()
1844 return -EINVAL; in seccomp_get_metadata()
1847 return -EFAULT; in seccomp_get_metadata()
1853 if (filter->log) in seccomp_get_metadata()
1858 ret = -EFAULT; in seccomp_get_metadata()
1911 for (cur = seccomp_log_names; cur->name && size; cur++) { in seccomp_names_from_actions_logged()
1914 if (!(actions_logged & cur->log)) in seccomp_names_from_actions_logged()
1923 size -= ret; in seccomp_names_from_actions_logged()
1927 ret = strscpy(names, cur->name, size); in seccomp_names_from_actions_logged()
1932 size -= ret; in seccomp_names_from_actions_logged()
1943 for (cur = seccomp_log_names; cur->name; cur++) { in seccomp_action_logged_from_name()
1944 if (!strcmp(cur->name, name)) { in seccomp_action_logged_from_name()
1945 *action_logged = cur->log; in seccomp_action_logged_from_name()
1980 return -EINVAL; in read_actions_logged()
1996 return -EPERM; in write_actions_logged()
2008 return -EINVAL; in write_actions_logged()
2011 return -EINVAL; in write_actions_logged()
2079 .mode = 0444,
2084 .mode = 0644,