Hi all, Here's v5 of the seccomp user set. Major changes from v4 include: * switching to ioctl vs read/write * adding a way to query whether a notification id is valid * added a sample program that shows a complete usage of the API w/ notes about various TOCTOUs as well as a bunch of smaller fixes. See individual patch notes for details. Thanks, Tycho Tycho Andersen (5): seccomp: add a return code to trap to userspace seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE seccomp: add a way to get a listener fd from ptrace seccomp: add support for passing fds via USER_NOTIF samples: add an example of seccomp user trap Documentation/ioctl/ioctl-number.txt | 1 + .../userspace-api/seccomp_filter.rst | 80 +++ arch/Kconfig | 9 + include/linux/seccomp.h | 18 +- include/uapi/linux/ptrace.h | 2 + include/uapi/linux/seccomp.h | 36 +- kernel/ptrace.c | 4 + kernel/seccomp.c | 538 +++++++++++++++- samples/seccomp/.gitignore | 1 + samples/seccomp/Makefile | 9 +- samples/seccomp/user-trap.c | 312 ++++++++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 587 +++++++++++++++++- 12 files changed, 1584 insertions(+), 13 deletions(-) create mode 100644 samples/seccomp/user-trap.c -- 2.17.1
