summaryrefslogtreecommitdiff
path: root/include/linux/seccomp.h
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-05-03 14:56:12 -0700
committerThomas Gleixner <tglx@linutronix.de>2018-05-05 00:51:44 +0200
commit00a02d0c502a06d15e07b857f8ff921e3e402675 (patch)
treed1f2bd8ff6733e43840a199d11e455790d7c21c8 /include/linux/seccomp.h
parentb849a812f7eb92e96d1c8239b06581b2cfd8b275 (diff)
seccomp: Add filter flag to opt-out of SSB mitigation
If a seccomp user is not interested in Speculative Store Bypass mitigation by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when adding filters. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'include/linux/seccomp.h')
-rw-r--r--include/linux/seccomp.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index c723a5c4e3ff..e5320f6c8654 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -4,8 +4,9 @@
#include <uapi/linux/seccomp.h>
-#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \
- SECCOMP_FILTER_FLAG_LOG)
+#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \
+ SECCOMP_FILTER_FLAG_LOG | \
+ SECCOMP_FILTER_FLAG_SPEC_ALLOW)
#ifdef CONFIG_SECCOMP