summaryrefslogtreecommitdiff
path: root/include/linux/seccomp.h
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-05-03 14:56:12 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-05-22 16:58:01 +0200
commitab677c2addbb128f334c4906f27a0285a67d2180 (patch)
tree011f4d9ebba6bf311693ea6c641d99d1c6d14323 /include/linux/seccomp.h
parentc71def81cd07e1bd74da468ae6abe1ce62e3157b (diff)
seccomp: Add filter flag to opt-out of SSB mitigation
commit 00a02d0c502a06d15e07b857f8ff921e3e402675 upstream If a seccomp user is not interested in Speculative Store Bypass mitigation by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when adding filters. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/seccomp.h')
-rw-r--r--include/linux/seccomp.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index ecc296c137cd..50c460a956f1 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -3,7 +3,8 @@
#include <uapi/linux/seccomp.h>
-#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC)
+#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \
+ SECCOMP_FILTER_FLAG_SPEC_ALLOW)
#ifdef CONFIG_SECCOMP
generated by cgit v1.2.3 (git 2.0.4) at 2024-09-26 21:25:22 +0000