From 66d5930ec77caed942404ceef4829f2c4ca431bd Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Wed, 13 Oct 2021 22:25:03 +0200
Subject: passt, pasta: Add seccomp support

List of allowed syscalls comes from comments in the form:
	#syscalls <list>

for syscalls needed both in passt and pasta mode, and:
	#syscalls:pasta <list>
	#syscalls:passt <list>

for syscalls specifically needed in pasta or passt mode only.

seccomp.sh builds a list of BPF statements from those comments,
prefixed by a binary search tree to keep lookup fast.

While at it, clean up a bit the Makefile using wildcards.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 util.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'util.c')

diff --git a/util.c b/util.c
index 4945431..e0fa5ff 100644
--- a/util.c
+++ b/util.c
@@ -332,6 +332,8 @@ void procfs_scan_listen(char *name, uint8_t *map, uint8_t *exclude)
  * @c:		Execution context
  *
  * Return: 0 on success, -1 on failure
+ *
+ * #syscalls:pasta setns
  */
 int ns_enter(struct ctx *c)
 {
-- 
cgit v1.2.3