summaryrefslogtreecommitdiff
path: root/net/unix/af_unix.h
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2025-05-21 17:04:29 +0200
committerThomas Gleixner <tglx@linutronix.de>2025-06-13 18:36:39 +0200
commita2fc422ed75748eef2985454e97847fb22f873c2 (patch)
tree811388d91b3d50b1b65b3b7230174de8a36448ce /net/unix/af_unix.h
parentb89732c8c8357487185f260a723a060b3476144e (diff)
syscall_user_dispatch: Add PR_SYS_DISPATCH_INCLUSIVE_ON
There are two possible scenarios for syscall filtering: - having a trusted/allowed range of PCs, and intercepting everything else - or the opposite: a single untrusted/intercepted range and allowing everything else (this is relevant for any kind of sandboxing scenario, or monitoring behavior of a single library) The current API only allows the former use case due to allowed range wrap-around check. Add PR_SYS_DISPATCH_INCLUSIVE_ON that enables the second use case. Add PR_SYS_DISPATCH_EXCLUSIVE_ON alias for PR_SYS_DISPATCH_ON to make it clear how it's different from the new PR_SYS_DISPATCH_INCLUSIVE_ON. Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/all/97947cc8e205ff49675826d7b0327ef2e2c66eea.1747839857.git.dvyukov@google.com
Diffstat (limited to 'net/unix/af_unix.h')
0 files changed, 0 insertions, 0 deletions