On Saturday, February 09, 2013 04:22:08 AM [email protected] wrote:
> From: Vitaly _Vi Shukela <[email protected]>
>
> ---
> include/seccomp.h.in | 9 +++++++++
> src/api.c | 16 ++++++++++++++++
> 2 files changed, 25 insertions(+)
As discussed in another thread, I'm more in favor of passing a struct array
than I am in passing a va_list. I see the variable argument nature of the
seccomp_rule_add*() functions as a necessary evil to simplify the API and not
something I want to further by adding a va_list API.
> diff --git a/include/seccomp.h.in b/include/seccomp.h.in
> index b21205c..055f806 100644
> --- a/include/seccomp.h.in
> +++ b/include/seccomp.h.in
> @@ -25,6 +25,7 @@
> #include <inttypes.h>
> #include <asm/unistd.h>
> #include <linux/audit.h>
> +#include <stdarg.h>
>
> #ifdef __cplusplus
> extern "C" {
> @@ -389,6 +390,10 @@ int seccomp_syscall_priority(scmp_filter_ctx ctx,
> int seccomp_rule_add(scmp_filter_ctx ctx,
> uint32_t action, int syscall, unsigned int arg_cnt, ...);
>
> +/** va_list analogue of seccomp_rule_add */
> +int vseccomp_rule_add(scmp_filter_ctx ctx,
> + uint32_t action, int syscall, unsigned int arg_cnt, va_list
> arg_list); +
> /**
> * Add a new rule to the filter
> * @param ctx the filter context
> @@ -407,6 +412,10 @@ int seccomp_rule_add(scmp_filter_ctx ctx,
> int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
> int syscall, unsigned int arg_cnt, ...);
>
> +/** va_list analogue of seccomp_rule_add_exact */
> +int vseccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
> + int syscall, unsigned int arg_cnt, va_list arg_list);
> +
> /**
> * Generate seccomp Pseudo Filter Code (PFC) and export it to a file
> * @param ctx the filter context
> diff --git a/src/api.c b/src/api.c
> index 5072afc..f0de914 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -477,6 +477,14 @@ int seccomp_rule_add(scmp_filter_ctx ctx,
> }
>
> /* NOTE - function header comment in include/seccomp.h */
> +int vseccomp_rule_add(scmp_filter_ctx ctx,
> + uint32_t action, int syscall, unsigned int arg_cnt, va_list
> arg_list) +{
> + return _seccomp_rule_add((struct db_filter_col *)ctx,
> + 0, action, syscall, arg_cnt, arg_list);
> +}
> +
> +/* NOTE - function header comment in include/seccomp.h */
> int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
> int syscall, unsigned int arg_cnt, ...)
> {
> @@ -492,6 +500,14 @@ int seccomp_rule_add_exact(scmp_filter_ctx ctx,
> uint32_t action, }
>
> /* NOTE - function header comment in include/seccomp.h */
> +int vseccomp_rule_add_exact(scmp_filter_ctx ctx,
> + uint32_t action, int syscall, unsigned int arg_cnt, va_list
> arg_list) +{
> + return _seccomp_rule_add((struct db_filter_col *)ctx,
> + 1, action, syscall, arg_cnt, arg_list);
> +}
> +
> +/* NOTE - function header comment in include/seccomp.h */
> int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd)
> {
> if (_ctx_valid(ctx))
--
paul moore
security and virtualization @ redhat
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
