=== added file 'init/seccomp_filter.h'
--- init/seccomp_filter.h	1970-01-01 00:00:00 +0000
+++ init/seccomp_filter.h	2013-02-19 23:36:38 +0000
@@ -0,0 +1,41 @@
+/* seccomp addon for upstart
+ *
+ * Author: David Gaarenstroom <david.gaarenstroom@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef INIT_SECCOMP_FILTER_H
+#define INIT_SECCOMP_FILTER_H
+
+#define SEPARATORS	" \t\n"
+
+/**
+ * install_seccomp_filter:
+ * @rcount: rule count
+ * @rules: series of @seperators terminated rule strings
+ * @invert: invert rule-handling (disable specified rules, enable unlisted)
+ * @nnp: set PR_SET_NO_NEW_PRIVS
+ * @separators: rule separator characters
+ * 
+ * Install a custom seccomp filter, based on the set of rules given.
+ *
+ * If @invert is 0, any syscall explicitly listed without a policy is allowed
+ * and syscalls not listed at all are denied. Otherwise, listed syscalls are
+ * denied by default and syscalls not listed are allowed.
+ *
+ * Returns: 0 if installing the seccomp filter succeeded or 1 if it failed at any point.
+ */
+int install_seccomp_filter(int rcount, const char *rules, int invert, int nnp,
+			   const char *separators);
+#endif /* INIT_SECCOMP_FILTER_H */