On Thursday, March 21, 2013 08:51:35 PM [email protected] wrote:
> From: Vitaly _Vi Shukela <[email protected]>
Same things as before 1) I need you to okay a sign-off and 2) watch your
whitespace, alignment, etc.
More comments inline ...
> diff --git a/doc/man/man3/seccomp_rule_add.3
> b/doc/man/man3/seccomp_rule_add.3 index eeb61dc..38278e0 100644
> --- a/doc/man/man3/seccomp_rule_add.3
> +++ b/doc/man/man3/seccomp_rule_add.3
> @@ -27,6 +27,13 @@ seccomp_rule_add, seccomp_rule_add_exact \- Add a seccomp
> filter rule .BI "int seccomp_rule_add_exact(scmp_filter_ctx " ctx ",
> uint32_t " action "," .BI " int " syscall ",
> unsigned int " arg_cnt ", " ... ");" .sp
> +.BI "int seccomp_rule_add_array(scmp_filter_ctx " ctx ","
> +.BI " uint32_t " action ", int " syscall ", unsigned int "
> arg_cnt ", "
> +.BI " const struct scmp_arg_cmp *"arg_array ");"
> +.BI "int seccomp_rule_add_array_exact(scmp_filter_ctx " ctx ","
> +.BI " uint32_t " action ", int " syscall ", unsigned int "
> arg_cnt ","
> +.BI " const struct scmp_arg_cmp *"arg_array ");"
Wrong function name.
> //////////////////////////////////////////////////////////////////////////
> @@ -49,6 +56,14 @@ filter ruleset,
> .BR seccomp_rule_add ()
> does guarantee the same behavior regardless of the architecture.
> .P
> +There are also array versions:
> +.BR seccomp_rule_add_array ()
> +and
> +.BR seccomp_rule_add_array_exact ().
> +These functions are the same as seccomp_rule_add and seccomp_rule_add_exact
> +respectively, but take array of scmp_filter_ctx structs instead being
> variadic.
> +Use SCMP_A{0-5} and SCMP_CMP macros (see below) to fill in such
> array.
> +.P
I'm going to tweak this heavily so that it better integrates with the text in
the first paragraph.
> The newly added filter rule does not take effect until the entire filter is
> loaded into the kernel using
> .BR seccomp_load (3).
> @@ -59,9 +74,9 @@ and
> .BR SCMP_A{0-5} ()
> macros generate a scmp_arg_cmp structure for use in
> .BR seccomp_rule_add ()
> -and
> -.BR seccomp_rule_add_exact ().
> -The
> +,
> +.BR seccomp_rule_add_exact ()
> +and their array versions. The
I'm going to tweak this as well.
We also need to update the "Return Value" section as well.
> @@ -236,7 +251,13 @@ int main(int argc, char *argv[])
> goto out;
>
> rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
> - SCMP_CMP(0, SCMP_CMP_EQ, fd));
> + SCMP_CMP(0, SCMP_CMP_EQ, fd));
> + if (rc < 0)
> + goto out;
> +
> + struct scmp_arg_cmp comparations[] = { SCMP_A0(SCMP_CMP_EQ, 2) };
Let's move this up to the top of the function ...
> + rc = seccomp_rule_add_array(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
> + comparations);
> if (rc < 0)
> goto out;
>
> diff --git a/doc/man/man3/seccomp_rule_add_array.3
> b/doc/man/man3/seccomp_rule_add_array.3 new file mode 100644
> index 0000000..53714e7
> --- /dev/null
> +++ b/doc/man/man3/seccomp_rule_add_array.3
> @@ -0,0 +1 @@
> +.so man3/seccomp_rule_add.3
> diff --git a/doc/man/man3/seccomp_rule_add_exact_array.3
> b/doc/man/man3/seccomp_rule_add_exact_array.3 new file mode 100644
> index 0000000..53714e7
> --- /dev/null
> +++ b/doc/man/man3/seccomp_rule_add_exact_array.3
> @@ -0,0 +1 @@
> +.so man3/seccomp_rule_add.3
--
paul moore
security and virtualization @ redhat
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
