1*a6e1420cSKent Overstreet /* SPDX-License-Identifier: GPL-2.0 */ 2*a6e1420cSKent Overstreet #ifndef _LINUX_SECCOMP_TYPES_H 3*a6e1420cSKent Overstreet #define _LINUX_SECCOMP_TYPES_H 4*a6e1420cSKent Overstreet 5*a6e1420cSKent Overstreet #include <linux/types.h> 6*a6e1420cSKent Overstreet 7*a6e1420cSKent Overstreet #ifdef CONFIG_SECCOMP 8*a6e1420cSKent Overstreet 9*a6e1420cSKent Overstreet struct seccomp_filter; 10*a6e1420cSKent Overstreet /** 11*a6e1420cSKent Overstreet * struct seccomp - the state of a seccomp'ed process 12*a6e1420cSKent Overstreet * 13*a6e1420cSKent Overstreet * @mode: indicates one of the valid values above for controlled 14*a6e1420cSKent Overstreet * system calls available to a process. 15*a6e1420cSKent Overstreet * @filter_count: number of seccomp filters 16*a6e1420cSKent Overstreet * @filter: must always point to a valid seccomp-filter or NULL as it is 17*a6e1420cSKent Overstreet * accessed without locking during system call entry. 18*a6e1420cSKent Overstreet * 19*a6e1420cSKent Overstreet * @filter must only be accessed from the context of current as there 20*a6e1420cSKent Overstreet * is no read locking. 21*a6e1420cSKent Overstreet */ 22*a6e1420cSKent Overstreet struct seccomp { 23*a6e1420cSKent Overstreet int mode; 24*a6e1420cSKent Overstreet atomic_t filter_count; 25*a6e1420cSKent Overstreet struct seccomp_filter *filter; 26*a6e1420cSKent Overstreet }; 27*a6e1420cSKent Overstreet 28*a6e1420cSKent Overstreet #else 29*a6e1420cSKent Overstreet 30*a6e1420cSKent Overstreet struct seccomp { }; 31*a6e1420cSKent Overstreet struct seccomp_filter { }; 32*a6e1420cSKent Overstreet 33*a6e1420cSKent Overstreet #endif 34*a6e1420cSKent Overstreet 35*a6e1420cSKent Overstreet #endif /* _LINUX_SECCOMP_TYPES_H */ 36