2 * linux/kernel/seccomp.c
4 * Copyright 2004-2005 Andrea Arcangeli <andrea@cpushare.com>
6 * This defines a simple but solid secure-computing mode.
9 #include <linux/seccomp.h>
10 #include <linux/sched.h>
12 /* #define SECCOMP_DEBUG 1 */
15 * Secure computing mode 1 allows only read/write/exit/sigreturn.
16 * To be fully secure this must be combined with rlimit
17 * to limit the stack allocations too.
19 static int mode1_syscalls
[] = {
20 __NR_seccomp_read
, __NR_seccomp_write
, __NR_seccomp_exit
, __NR_seccomp_sigreturn
,
21 0, /* null terminated */
25 static int mode1_syscalls_32
[] = {
26 __NR_seccomp_read_32
, __NR_seccomp_write_32
, __NR_seccomp_exit_32
, __NR_seccomp_sigreturn_32
,
27 0, /* null terminated */
31 void __secure_computing(int this_syscall
)
33 int mode
= current
->seccomp
.mode
;
38 syscall
= mode1_syscalls
;
40 if (test_thread_flag(TIF_32BIT
))
41 syscall
= mode1_syscalls_32
;
44 if (*syscall
== this_syscall
)