In the next commit we'll use this same mnemonic to get a listener for the nth filter, so we need it available outside of CHECKPOINT_RESTORE. This is slightly looser than necessary, because it really could be CHECKPOINT_RESTORE || USER_NOTIFICATION, but it's declared static and this complicates the code less, so hopefully it's ok.
Signed-off-by: Tycho Andersen <[email protected]> CC: Kees Cook <[email protected]> CC: Andy Lutomirski <[email protected]> CC: Oleg Nesterov <[email protected]> CC: Eric W. Biederman <[email protected]> CC: "Serge E. Hallyn" <[email protected]> CC: Christian Brauner <[email protected]> CC: Tyler Hicks <[email protected]> CC: Akihiro Suda <[email protected]> v2: new in v2 --- kernel/seccomp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index a169a62cb78a..f136eca93f2f 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1180,7 +1180,7 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) return do_seccomp(op, 0, uargs); } -#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE) +#if defined(CONFIG_SECCOMP_FILTER) static struct seccomp_filter *get_nth_filter(struct task_struct *task, unsigned long filter_off) { @@ -1227,6 +1227,7 @@ static struct seccomp_filter *get_nth_filter(struct task_struct *task, return filter; } +#if defined(CONFIG_CHECKPOINT_RESTORE) long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, void __user *data) { @@ -1299,7 +1300,8 @@ long seccomp_get_metadata(struct task_struct *task, __put_seccomp_filter(filter); return ret; } -#endif +#endif /* CONFIG_CHECKPOINT_RESTORE */ +#endif /* CONFIG_SECCOMP_FILTER */ #ifdef CONFIG_SYSCTL -- 2.17.0
