Minijail: add logging for seccomp filter failures.
BUG=chromium-os:33361
TEST=unit tests
TEST=security_Minijail0, security_Minijail_seccomp, platform_CrosDisksArchive
Change-Id: I16cdb8fbcf1cb13f2dee5521f97fb8d0bdbdf93b
Reviewed-on: https://gerrit.chromium.org/gerrit/29053
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/bpf.h b/bpf.h
index 04ece14..5b41b55 100644
--- a/bpf.h
+++ b/bpf.h
@@ -59,7 +59,7 @@
#define ARCH_NR AUDIT_ARCH_X86_64
#elif defined(__arm__)
/*
- * <linux/audit.h> includes <linux/elf-em.h>, which does not include EM_ARM.
+ * <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM.
* <linux/elf.h> only includes <asm/elf.h> if we're in the kernel.
*/
# ifndef EM_ARM
@@ -147,6 +147,9 @@
#define set_bpf_ret_kill(_block) \
set_bpf_stmt((_block), BPF_RET+BPF_K, SECCOMP_RET_KILL)
+#define set_bpf_ret_trap(_block) \
+ set_bpf_stmt((_block), BPF_RET+BPF_K, SECCOMP_RET_TRAP)
+
#define set_bpf_ret_errno(_block, _errno) \
set_bpf_stmt((_block), BPF_RET+BPF_K, \
SECCOMP_RET_ERRNO | ((_errno) & SECCOMP_RET_DATA))