In the next commit we'll use this same mnemonic to get a listener for the nth filter, so we need it available outside of CHECKPOINT_RESTORE in the USER_NOTIFICATION case as well. v2: new in v2 v3: no changes v4: no changes v5: switch to CHECKPOINT_RESTORE || USER_NOTIFICATION to avoid warning when only CONFIG_SECCOMP_FILTER is enabled. Signed-off-by: Tycho Andersen <tycho@xxxxxxxx> CC: Kees Cook <keescook@xxxxxxxxxxxx> CC: Andy Lutomirski <luto@xxxxxxxxxxxxxx> CC: Oleg Nesterov <oleg@xxxxxxxxxx> CC: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> CC: "Serge E. Hallyn" <serge@xxxxxxxxxx> CC: Christian Brauner <christian.brauner@xxxxxxxxxx> CC: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> CC: Akihiro Suda <suda.akihiro@xxxxxxxxxxxxx> --- kernel/seccomp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index a09eb5c05f68..ed786655186d 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1188,7 +1188,8 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) return do_seccomp(op, 0, uargs); } -#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE) +#if defined(CONFIG_CHECKPOINT_RESTORE) || \ + defined(CONFIG_SECCOMP_USER_NOTIFICATION) static struct seccomp_filter *get_nth_filter(struct task_struct *task, unsigned long filter_off) { @@ -1235,6 +1236,7 @@ static struct seccomp_filter *get_nth_filter(struct task_struct *task, return filter; } +#if defined(CONFIG_CHECKPOINT_RESTORE) long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, void __user *data) { @@ -1307,7 +1309,8 @@ long seccomp_get_metadata(struct task_struct *task, __put_seccomp_filter(filter); return ret; } -#endif +#endif /* CONFIG_CHECKPOINT_RESTORE */ +#endif /* CONFIG_SECCOMP_FILTER */ #ifdef CONFIG_SYSCTL -- 2.17.1 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers