Add support for SCMP_FLTATR_API_SYSRAWRC

Introduce (*ScmpFilter).GetRawRC and (*ScmpFilter).SetRawRC methods, together with the documentation and trivial tests. Signed-off-by: Kir Kolyshkin <[email protected]>
seccomp · Oct 12, 2021 · e3c4bfc · e3c4bfc
1 parent bbff0d8
commit e3c4bfc
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 0 deletions.
diff --git a/seccomp.go b/seccomp.go
@@ -917,6 +917,26 @@ func (f *ScmpFilter) GetOptimize() (int, error) {
 	return int(level), nil
 }
 
+// GetRawRC returns the current state of RawRC flag, or an error
+// if an issue was encountered retrieving the value.
+// See SetRawRC for more details.
+func (f *ScmpFilter) GetRawRC() (bool, error) {
+	rawrc, err := f.getFilterAttr(filterAttrRawRC)
+	if err != nil {
+		if e := checkAPI("GetRawRC", 4, 2, 5, 0); e != nil {
+			err = e
+		}
+
+		return false, err
+	}
+
+	if rawrc == 0 {
+		return false, nil
+	}
+
+	return true, nil
+}
+
 // SetBadArchAction sets the default action taken on a syscall for an
 // architecture not in the filter, or an error if an issue was encountered
 // setting the value.
@@ -1010,6 +1030,25 @@ func (f *ScmpFilter) SetOptimize(level int) error {
 	return err
 }
 
+// SetRawRC sets whether libseccomp should pass system error codes back to the
+// caller, instead of the default ECANCELED. Defaults to false.
+func (f *ScmpFilter) SetRawRC(state bool) error {
+	var toSet C.uint32_t = 0x0
+
+	if state {
+		toSet = 0x1
+	}
+
+	err := f.setFilterAttr(filterAttrRawRC, toSet)
+	if err != nil {
+		if e := checkAPI("SetRawRC", 4, 2, 5, 0); e != nil {
+			err = e
+		}
+	}
+
+	return err
+}
+
 // SetSyscallPriority sets a syscall's priority.
 // This provides a hint to the filter generator in libseccomp about the
 // importance of this syscall. High-priority syscalls are placed

diff --git a/seccomp_internal.go b/seccomp_internal.go
@@ -124,6 +124,7 @@ const uint32_t C_ACT_NOTIFY        = SCMP_ACT_NOTIFY;
 #if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5
 #define SCMP_FLTATR_CTL_SSB      _SCMP_FLTATR_MIN
 #define SCMP_FLTATR_CTL_OPTIMIZE _SCMP_FLTATR_MIN
+#define SCMP_FLTATR_API_SYSRAWRC _SCMP_FLTATR_MIN
 #endif
 
 const uint32_t C_ATTRIBUTE_DEFAULT  = (uint32_t)SCMP_FLTATR_ACT_DEFAULT;
@@ -133,6 +134,7 @@ const uint32_t C_ATTRIBUTE_TSYNC    = (uint32_t)SCMP_FLTATR_CTL_TSYNC;
 const uint32_t C_ATTRIBUTE_LOG      = (uint32_t)SCMP_FLTATR_CTL_LOG;
 const uint32_t C_ATTRIBUTE_SSB      = (uint32_t)SCMP_FLTATR_CTL_SSB;
 const uint32_t C_ATTRIBUTE_OPTIMIZE = (uint32_t)SCMP_FLTATR_CTL_OPTIMIZE;
+const uint32_t C_ATTRIBUTE_SYSRAWRC = (uint32_t)SCMP_FLTATR_API_SYSRAWRC;
 
 const int      C_CMP_NE            = (int)SCMP_CMP_NE;
 const int      C_CMP_LT            = (int)SCMP_CMP_LT;
@@ -280,6 +282,7 @@ const (
 	filterAttrLog
 	filterAttrSSB
 	filterAttrOptimize
+	filterAttrRawRC
 )
 
 const (
@@ -688,6 +691,8 @@ func (a scmpFilterAttr) toNative() uint32 {
 		return uint32(C.C_ATTRIBUTE_SSB)
 	case filterAttrOptimize:
 		return uint32(C.C_ATTRIBUTE_OPTIMIZE)
+	case filterAttrRawRC:
+		return uint32(C.C_ATTRIBUTE_SYSRAWRC)
 	default:
 		return 0x0
 	}

diff --git a/seccomp_test.go b/seccomp_test.go
@@ -491,6 +491,18 @@ func TestFilterAttributeGettersAndSetters(t *testing.T) {
 	} else if level != 2 {
 		t.Error("Optimize level was not set correctly")
 	}
+
+	err = filter.SetRawRC(true)
+	if err != nil {
+		t.Errorf("Error setting RawRC flag: %v", err)
+	}
+
+	rawrc, err := filter.GetRawRC()
+	if err != nil {
+		t.Errorf("Error getting RawRC flag: %v", err)
+	} else if rawrc != true {
+		t.Error("RawRC flag was not set correctly")
+	}
 }
 
 func TestMergeFilters(t *testing.T) {