summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 17:09:30 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 17:09:30 +0000
commit81749f1fe87e489c4e2e7408a0fae9370c3810b3 (patch)
tree2d1345a5762855b6577495d90ac134c4e92d7ff8 /include
parentInitial commit. (diff)
downloadlibseccomp-81749f1fe87e489c4e2e7408a0fae9370c3810b3.tar.xz
libseccomp-81749f1fe87e489c4e2e7408a0fae9370c3810b3.zip
Adding upstream version 2.5.5.upstream/2.5.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'include')
-rw-r--r--include/Makefile.am19
-rw-r--r--include/Makefile.in607
-rw-r--r--include/seccomp-syscalls.h2355
-rw-r--r--include/seccomp.h827
-rw-r--r--include/seccomp.h.in827
5 files changed, 4635 insertions, 0 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..d996128
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1,19 @@
+####
+# Seccomp Library Header Files
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License
+# as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+include_HEADERS = seccomp.h seccomp-syscalls.h
diff --git a/include/Makefile.in b/include/Makefile.in
new file mode 100644
index 0000000..bbd5054
--- /dev/null
+++ b/include/Makefile.in
@@ -0,0 +1,607 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+####
+# Seccomp Library Header Files
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License
+# as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \
+ $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/configure.h
+CONFIG_CLEAN_FILES = seccomp.h
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(includedir)"
+HEADERS = $(include_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/seccomp.h.in
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_CFLAGS = @AM_CFLAGS@
+AM_CPPFLAGS = @AM_CPPFLAGS@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AM_LDFLAGS = @AM_LDFLAGS@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@
+CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@
+CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@
+CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
+CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@
+CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GCOV = @GCOV@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSION_MAJOR = @VERSION_MAJOR@
+VERSION_MICRO = @VERSION_MICRO@
+VERSION_MINOR = @VERSION_MINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+cython = @cython@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+have_coverity = @have_coverity@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+include_HEADERS = seccomp.h seccomp-syscalls.h
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign include/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+seccomp.h: $(top_builddir)/config.status $(srcdir)/seccomp.h.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-includeHEADERS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool cscopelist-am ctags ctags-am distclean \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-includeHEADERS install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags tags-am uninstall uninstall-am \
+ uninstall-includeHEADERS
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
new file mode 100644
index 0000000..611c78d
--- /dev/null
+++ b/include/seccomp-syscalls.h
@@ -0,0 +1,2355 @@
+/**
+ * Seccomp Library
+ *
+ * Copyright (c) 2019 Cisco Systems <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _SECCOMP_H
+#error "do not include seccomp-syscalls.h directly, use seccomp.h instead"
+#endif
+
+/*
+ * psuedo syscall definitions
+ */
+
+/* socket syscalls */
+
+#define __PNR_socket -101
+#define __PNR_bind -102
+#define __PNR_connect -103
+#define __PNR_listen -104
+#define __PNR_accept -105
+#define __PNR_getsockname -106
+#define __PNR_getpeername -107
+#define __PNR_socketpair -108
+#define __PNR_send -109
+#define __PNR_recv -110
+#define __PNR_sendto -111
+#define __PNR_recvfrom -112
+#define __PNR_shutdown -113
+#define __PNR_setsockopt -114
+#define __PNR_getsockopt -115
+#define __PNR_sendmsg -116
+#define __PNR_recvmsg -117
+#define __PNR_accept4 -118
+#define __PNR_recvmmsg -119
+#define __PNR_sendmmsg -120
+
+/* ipc syscalls */
+
+#define __PNR_semop -201
+#define __PNR_semget -202
+#define __PNR_semctl -203
+#define __PNR_semtimedop -204
+#define __PNR_msgsnd -211
+#define __PNR_msgrcv -212
+#define __PNR_msgget -213
+#define __PNR_msgctl -214
+#define __PNR_shmat -221
+#define __PNR_shmdt -222
+#define __PNR_shmget -223
+#define __PNR_shmctl -224
+
+/* single syscalls */
+
+#define __PNR_arch_prctl -10001
+#define __PNR_bdflush -10002
+#define __PNR_break -10003
+#define __PNR_chown32 -10004
+#define __PNR_epoll_ctl_old -10005
+#define __PNR_epoll_wait_old -10006
+#define __PNR_fadvise64_64 -10007
+#define __PNR_fchown32 -10008
+#define __PNR_fcntl64 -10009
+#define __PNR_fstat64 -10010
+#define __PNR_fstatat64 -10011
+#define __PNR_fstatfs64 -10012
+#define __PNR_ftime -10013
+#define __PNR_ftruncate64 -10014
+#define __PNR_getegid32 -10015
+#define __PNR_geteuid32 -10016
+#define __PNR_getgid32 -10017
+#define __PNR_getgroups32 -10018
+#define __PNR_getresgid32 -10019
+#define __PNR_getresuid32 -10020
+#define __PNR_getuid32 -10021
+#define __PNR_gtty -10022
+#define __PNR_idle -10023
+#define __PNR_ipc -10024
+#define __PNR_lchown32 -10025
+#define __PNR__llseek -10026
+#define __PNR_lock -10027
+#define __PNR_lstat64 -10028
+#define __PNR_mmap2 -10029
+#define __PNR_mpx -10030
+#define __PNR_newfstatat -10031
+#define __PNR__newselect -10032
+#define __PNR_nice -10033
+#define __PNR_oldfstat -10034
+#define __PNR_oldlstat -10035
+#define __PNR_oldolduname -10036
+#define __PNR_oldstat -10037
+#define __PNR_olduname -10038
+#define __PNR_prof -10039
+#define __PNR_profil -10040
+#define __PNR_readdir -10041
+#define __PNR_security -10042
+#define __PNR_sendfile64 -10043
+#define __PNR_setfsgid32 -10044
+#define __PNR_setfsuid32 -10045
+#define __PNR_setgid32 -10046
+#define __PNR_setgroups32 -10047
+#define __PNR_setregid32 -10048
+#define __PNR_setresgid32 -10049
+#define __PNR_setresuid32 -10050
+#define __PNR_setreuid32 -10051
+#define __PNR_setuid32 -10052
+#define __PNR_sgetmask -10053
+#define __PNR_sigaction -10054
+#define __PNR_signal -10055
+#define __PNR_sigpending -10056
+#define __PNR_sigprocmask -10057
+#define __PNR_sigreturn -10058
+#define __PNR_sigsuspend -10059
+#define __PNR_socketcall -10060
+#define __PNR_ssetmask -10061
+#define __PNR_stat64 -10062
+#define __PNR_statfs64 -10063
+#define __PNR_stime -10064
+#define __PNR_stty -10065
+#define __PNR_truncate64 -10066
+#define __PNR_tuxcall -10067
+#define __PNR_ugetrlimit -10068
+#define __PNR_ulimit -10069
+#define __PNR_umount -10070
+#define __PNR_vm86 -10071
+#define __PNR_vm86old -10072
+#define __PNR_waitpid -10073
+#define __PNR_create_module -10074
+#define __PNR_get_kernel_syms -10075
+#define __PNR_get_thread_area -10076
+#define __PNR_nfsservctl -10077
+#define __PNR_query_module -10078
+#define __PNR_set_thread_area -10079
+#define __PNR__sysctl -10080
+#define __PNR_uselib -10081
+#define __PNR_vserver -10082
+#define __PNR_arm_fadvise64_64 -10083
+#define __PNR_arm_sync_file_range -10084
+#define __PNR_pciconfig_iobase -10086
+#define __PNR_pciconfig_read -10087
+#define __PNR_pciconfig_write -10088
+#define __PNR_sync_file_range2 -10089
+#define __PNR_syscall -10090
+#define __PNR_afs_syscall -10091
+#define __PNR_fadvise64 -10092
+#define __PNR_getpmsg -10093
+#define __PNR_ioperm -10094
+#define __PNR_iopl -10095
+#define __PNR_migrate_pages -10097
+#define __PNR_modify_ldt -10098
+#define __PNR_putpmsg -10099
+#define __PNR_sync_file_range -10100
+#define __PNR_select -10101
+#define __PNR_vfork -10102
+#define __PNR_cachectl -10103
+#define __PNR_cacheflush -10104
+#define __PNR_sysmips -10106
+#define __PNR_timerfd -10107
+#define __PNR_time -10108
+#define __PNR_getrandom -10109
+#define __PNR_memfd_create -10110
+#define __PNR_kexec_file_load -10111
+#define __PNR_sysfs -10145
+#define __PNR_oldwait4 -10146
+#define __PNR_access -10147
+#define __PNR_alarm -10148
+#define __PNR_chmod -10149
+#define __PNR_chown -10150
+#define __PNR_creat -10151
+#define __PNR_dup2 -10152
+#define __PNR_epoll_create -10153
+#define __PNR_epoll_wait -10154
+#define __PNR_eventfd -10155
+#define __PNR_fork -10156
+#define __PNR_futimesat -10157
+#define __PNR_getdents -10158
+#define __PNR_getpgrp -10159
+#define __PNR_inotify_init -10160
+#define __PNR_lchown -10161
+#define __PNR_link -10162
+#define __PNR_lstat -10163
+#define __PNR_mkdir -10164
+#define __PNR_mknod -10165
+#define __PNR_open -10166
+#define __PNR_pause -10167
+#define __PNR_pipe -10168
+#define __PNR_poll -10169
+#define __PNR_readlink -10170
+#define __PNR_rename -10171
+#define __PNR_rmdir -10172
+#define __PNR_signalfd -10173
+#define __PNR_stat -10174
+#define __PNR_symlink -10175
+#define __PNR_unlink -10176
+#define __PNR_ustat -10177
+#define __PNR_utime -10178
+#define __PNR_utimes -10179
+#define __PNR_getrlimit -10180
+#define __PNR_mmap -10181
+#define __PNR_breakpoint -10182
+#define __PNR_set_tls -10183
+#define __PNR_usr26 -10184
+#define __PNR_usr32 -10185
+#define __PNR_multiplexer -10186
+#define __PNR_rtas -10187
+#define __PNR_spu_create -10188
+#define __PNR_spu_run -10189
+#define __PNR_swapcontext -10190
+#define __PNR_sys_debug_setcontext -10191
+#define __PNR_switch_endian -10191
+#define __PNR_get_mempolicy -10192
+#define __PNR_move_pages -10193
+#define __PNR_mbind -10194
+#define __PNR_set_mempolicy -10195
+#define __PNR_s390_runtime_instr -10196
+#define __PNR_s390_pci_mmio_read -10197
+#define __PNR_s390_pci_mmio_write -10198
+#define __PNR_membarrier -10199
+#define __PNR_userfaultfd -10200
+#define __PNR_pkey_mprotect -10201
+#define __PNR_pkey_alloc -10202
+#define __PNR_pkey_free -10203
+#define __PNR_get_tls -10204
+#define __PNR_s390_guarded_storage -10205
+#define __PNR_s390_sthyi -10206
+#define __PNR_subpage_prot -10207
+#define __PNR_statx -10208
+#define __PNR_io_pgetevents -10209
+#define __PNR_rseq -10210
+#define __PNR_setrlimit -10211
+#define __PNR_clock_adjtime64 -10212
+#define __PNR_clock_getres_time64 -10213
+#define __PNR_clock_gettime64 -10214
+#define __PNR_clock_nanosleep_time64 -10215
+#define __PNR_clock_settime64 -10216
+#define __PNR_clone3 -10217
+#define __PNR_fsconfig -10218
+#define __PNR_fsmount -10219
+#define __PNR_fsopen -10220
+#define __PNR_fspick -10221
+#define __PNR_futex_time64 -10222
+#define __PNR_io_pgetevents_time64 -10223
+#define __PNR_move_mount -10224
+#define __PNR_mq_timedreceive_time64 -10225
+#define __PNR_mq_timedsend_time64 -10226
+#define __PNR_open_tree -10227
+#define __PNR_pidfd_open -10228
+#define __PNR_pidfd_send_signal -10229
+#define __PNR_ppoll_time64 -10230
+#define __PNR_pselect6_time64 -10231
+#define __PNR_recvmmsg_time64 -10232
+#define __PNR_rt_sigtimedwait_time64 -10233
+#define __PNR_sched_rr_get_interval_time64 -10234
+#define __PNR_semtimedop_time64 -10235
+#define __PNR_timer_gettime64 -10236
+#define __PNR_timer_settime64 -10237
+#define __PNR_timerfd_gettime64 -10238
+#define __PNR_timerfd_settime64 -10239
+#define __PNR_utimensat_time64 -10240
+#define __PNR_ppoll -10241
+#define __PNR_renameat -10242
+#define __PNR_riscv_flush_icache -10243
+#define __PNR_memfd_secret -10244
+#define __PNR_map_shadow_stack -10245
+
+/*
+ * libseccomp syscall definitions
+ */
+
+#ifdef __NR__llseek
+#define __SNR__llseek __NR__llseek
+#else
+#define __SNR__llseek __PNR__llseek
+#endif
+
+#ifdef __NR__newselect
+#define __SNR__newselect __NR__newselect
+#else
+#define __SNR__newselect __PNR__newselect
+#endif
+
+#ifdef __NR__sysctl
+#define __SNR__sysctl __NR__sysctl
+#else
+#define __SNR__sysctl __PNR__sysctl
+#endif
+
+#ifdef __NR_accept
+#define __SNR_accept __NR_accept
+#else
+#define __SNR_accept __PNR_accept
+#endif
+
+#ifdef __NR_accept4
+#define __SNR_accept4 __NR_accept4
+#else
+#define __SNR_accept4 __PNR_accept4
+#endif
+
+#ifdef __NR_access
+#define __SNR_access __NR_access
+#else
+#define __SNR_access __PNR_access
+#endif
+
+#define __SNR_acct __NR_acct
+
+#define __SNR_add_key __NR_add_key
+
+#define __SNR_adjtimex __NR_adjtimex
+
+#ifdef __NR_afs_syscall
+#define __SNR_afs_syscall __NR_afs_syscall
+#else
+#define __SNR_afs_syscall __PNR_afs_syscall
+#endif
+
+#ifdef __NR_alarm
+#define __SNR_alarm __NR_alarm
+#else
+#define __SNR_alarm __PNR_alarm
+#endif
+
+#ifdef __NR_arm_fadvise64_64
+#define __SNR_arm_fadvise64_64 __NR_arm_fadvise64_64
+#else
+#define __SNR_arm_fadvise64_64 __PNR_arm_fadvise64_64
+#endif
+
+#ifdef __NR_arm_sync_file_range
+#define __SNR_arm_sync_file_range __NR_arm_sync_file_range
+#else
+#define __SNR_arm_sync_file_range __PNR_arm_sync_file_range
+#endif
+
+#ifdef __NR_arch_prctl
+#define __SNR_arch_prctl __NR_arch_prctl
+#else
+#define __SNR_arch_prctl __PNR_arch_prctl
+#endif
+
+#ifdef __NR_bdflush
+#define __SNR_bdflush __NR_bdflush
+#else
+#define __SNR_bdflush __PNR_bdflush
+#endif
+
+#ifdef __NR_bind
+#define __SNR_bind __NR_bind
+#else
+#define __SNR_bind __PNR_bind
+#endif
+
+#define __SNR_bpf __NR_bpf
+
+#ifdef __NR_break
+#define __SNR_break __NR_break
+#else
+#define __SNR_break __PNR_break
+#endif
+
+#ifdef __NR_breakpoint
+#ifdef __ARM_NR_breakpoint
+#define __SNR_breakpoint __ARM_NR_breakpoint
+#else
+#define __SNR_breakpoint __NR_breakpoint
+#endif
+#else
+#define __SNR_breakpoint __PNR_breakpoint
+#endif
+
+#define __SNR_brk __NR_brk
+
+#ifdef __NR_cachectl
+#define __SNR_cachectl __NR_cachectl
+#else
+#define __SNR_cachectl __PNR_cachectl
+#endif
+
+#ifdef __NR_cacheflush
+#ifdef __ARM_NR_cacheflush
+#define __SNR_cacheflush __ARM_NR_cacheflush
+#else
+#define __SNR_cacheflush __NR_cacheflush
+#endif
+#else
+#define __SNR_cacheflush __PNR_cacheflush
+#endif
+
+#define __SNR_cachestat __NR_cachestat
+
+#define __SNR_capget __NR_capget
+
+#define __SNR_capset __NR_capset
+
+#define __SNR_chdir __NR_chdir
+
+#ifdef __NR_chmod
+#define __SNR_chmod __NR_chmod
+#else
+#define __SNR_chmod __PNR_chmod
+#endif
+
+#ifdef __NR_chown
+#define __SNR_chown __NR_chown
+#else
+#define __SNR_chown __PNR_chown
+#endif
+
+#ifdef __NR_chown32
+#define __SNR_chown32 __NR_chown32
+#else
+#define __SNR_chown32 __PNR_chown32
+#endif
+
+#define __SNR_chroot __NR_chroot
+
+#define __SNR_clock_adjtime __NR_clock_adjtime
+
+#ifdef __NR_clock_adjtime64
+#define __SNR_clock_adjtime64 __NR_clock_adjtime64
+#else
+#define __SNR_clock_adjtime64 __PNR_clock_adjtime64
+#endif
+
+#define __SNR_clock_getres __NR_clock_getres
+
+#ifdef __NR_clock_getres_time64
+#define __SNR_clock_getres_time64 __NR_clock_getres_time64
+#else
+#define __SNR_clock_getres_time64 __PNR_clock_getres_time64
+#endif
+
+#define __SNR_clock_gettime __NR_clock_gettime
+
+#ifdef __NR_clock_gettime64
+#define __SNR_clock_gettime64 __NR_clock_gettime64
+#else
+#define __SNR_clock_gettime64 __PNR_clock_gettime64
+#endif
+
+#define __SNR_clock_nanosleep __NR_clock_nanosleep
+
+#ifdef __NR_clock_nanosleep_time64
+#define __SNR_clock_nanosleep_time64 __NR_clock_nanosleep_time64
+#else
+#define __SNR_clock_nanosleep_time64 __PNR_clock_nanosleep_time64
+#endif
+
+#define __SNR_clock_settime __NR_clock_settime
+
+#ifdef __NR_clock_settime64
+#define __SNR_clock_settime64 __NR_clock_settime64
+#else
+#define __SNR_clock_settime64 __PNR_clock_settime64
+#endif
+
+#define __SNR_clone __NR_clone
+
+#ifdef __NR_clone3
+#define __SNR_clone3 __NR_clone3
+#else
+#define __SNR_clone3 __PNR_clone3
+#endif
+
+#define __SNR_close __NR_close
+
+#define __SNR_close_range __NR_close_range
+
+#ifdef __NR_connect
+#define __SNR_connect __NR_connect
+#else
+#define __SNR_connect __PNR_connect
+#endif
+
+#define __SNR_copy_file_range __NR_copy_file_range
+
+#ifdef __NR_creat
+#define __SNR_creat __NR_creat
+#else
+#define __SNR_creat __PNR_creat
+#endif
+
+#ifdef __NR_create_module
+#define __SNR_create_module __NR_create_module
+#else
+#define __SNR_create_module __PNR_create_module
+#endif
+
+#define __SNR_delete_module __NR_delete_module
+
+#ifdef __NR_dup
+#define __SNR_dup __NR_dup
+#else
+#define __SNR_dup __PNR_dup
+#endif
+
+#ifdef __NR_dup2
+#define __SNR_dup2 __NR_dup2
+#else
+#define __SNR_dup2 __PNR_dup2
+#endif
+
+#define __SNR_dup3 __NR_dup3
+
+#ifdef __NR_epoll_create
+#define __SNR_epoll_create __NR_epoll_create
+#else
+#define __SNR_epoll_create __PNR_epoll_create
+#endif
+
+#define __SNR_epoll_create1 __NR_epoll_create1
+
+#ifdef __NR_epoll_ctl
+#define __SNR_epoll_ctl __NR_epoll_ctl
+#else
+#define __SNR_epoll_ctl __PNR_epoll_ctl
+#endif
+
+#ifdef __NR_epoll_ctl_old
+#define __SNR_epoll_ctl_old __NR_epoll_ctl_old
+#else
+#define __SNR_epoll_ctl_old __PNR_epoll_ctl_old
+#endif
+
+#define __SNR_epoll_pwait __NR_epoll_pwait
+
+#define __SNR_epoll_pwait2 __NR_epoll_pwait2
+
+#ifdef __NR_epoll_wait
+#define __SNR_epoll_wait __NR_epoll_wait
+#else
+#define __SNR_epoll_wait __PNR_epoll_wait
+#endif
+
+#ifdef __NR_epoll_wait_old
+#define __SNR_epoll_wait_old __NR_epoll_wait_old
+#else
+#define __SNR_epoll_wait_old __PNR_epoll_wait_old
+#endif
+
+#ifdef __NR_eventfd
+#define __SNR_eventfd __NR_eventfd
+#else
+#define __SNR_eventfd __PNR_eventfd
+#endif
+
+#define __SNR_eventfd2 __NR_eventfd2
+
+#define __SNR_execve __NR_execve
+
+#define __SNR_execveat __NR_execveat
+
+#define __SNR_exit __NR_exit
+
+#define __SNR_exit_group __NR_exit_group
+
+#define __SNR_faccessat __NR_faccessat
+
+#define __SNR_faccessat2 __NR_faccessat2
+
+#ifdef __NR_fadvise64
+#define __SNR_fadvise64 __NR_fadvise64
+#else
+#define __SNR_fadvise64 __PNR_fadvise64
+#endif
+
+#ifdef __NR_fadvise64_64
+#define __SNR_fadvise64_64 __NR_fadvise64_64
+#else
+#define __SNR_fadvise64_64 __PNR_fadvise64_64
+#endif
+
+#define __SNR_fallocate __NR_fallocate
+
+#define __SNR_fanotify_init __NR_fanotify_init
+
+#define __SNR_fanotify_mark __NR_fanotify_mark
+
+#define __SNR_fchdir __NR_fchdir
+
+#define __SNR_fchmod __NR_fchmod
+
+#define __SNR_fchmodat __NR_fchmodat
+
+#define __SNR_fchmodat2 __NR_fchmodat2
+
+#ifdef __NR_fchown
+#define __SNR_fchown __NR_fchown
+#else
+#define __SNR_fchown __PNR_fchown
+#endif
+
+#ifdef __NR_fchown32
+#define __SNR_fchown32 __NR_fchown32
+#else
+#define __SNR_fchown32 __PNR_fchown32
+#endif
+
+#define __SNR_fchownat __NR_fchownat
+
+#ifdef __NR_fcntl
+#define __SNR_fcntl __NR_fcntl
+#else
+#define __SNR_fcntl __PNR_fcntl
+#endif
+
+#ifdef __NR_fcntl64
+#define __SNR_fcntl64 __NR_fcntl64
+#else
+#define __SNR_fcntl64 __PNR_fcntl64
+#endif
+
+#define __SNR_fdatasync __NR_fdatasync
+
+#define __SNR_fgetxattr __NR_fgetxattr
+
+#define __SNR_finit_module __NR_finit_module
+
+#define __SNR_flistxattr __NR_flistxattr
+
+#define __SNR_flock __NR_flock
+
+#ifdef __NR_fork
+#define __SNR_fork __NR_fork
+#else
+#define __SNR_fork __PNR_fork
+#endif
+
+#define __SNR_fremovexattr __NR_fremovexattr
+
+#ifdef __NR_fsconfig
+#define __SNR_fsconfig __NR_fsconfig
+#else
+#define __SNR_fsconfig __PNR_fsconfig
+#endif
+
+#define __SNR_fsetxattr __NR_fsetxattr
+
+#ifdef __NR_fsmount
+#define __SNR_fsmount __NR_fsmount
+#else
+#define __SNR_fsmount __PNR_fsmount
+#endif
+
+#ifdef __NR_fsopen
+#define __SNR_fsopen __NR_fsopen
+#else
+#define __SNR_fsopen __PNR_fsopen
+#endif
+
+#ifdef __NR_fspick
+#define __SNR_fspick __NR_fspick
+#else
+#define __SNR_fspick __PNR_fspick
+#endif
+
+#ifdef __NR_fstat
+#define __SNR_fstat __NR_fstat
+#else
+#define __SNR_fstat __PNR_fstat
+#endif
+
+#ifdef __NR_fstat64
+#define __SNR_fstat64 __NR_fstat64
+#else
+#define __SNR_fstat64 __PNR_fstat64
+#endif
+
+#ifdef __NR_fstatat64
+#define __SNR_fstatat64 __NR_fstatat64
+#else
+#define __SNR_fstatat64 __PNR_fstatat64
+#endif
+
+#ifdef __NR_fstatfs
+#define __SNR_fstatfs __NR_fstatfs
+#else
+#define __SNR_fstatfs __PNR_fstatfs
+#endif
+
+#ifdef __NR_fstatfs64
+#define __SNR_fstatfs64 __NR_fstatfs64
+#else
+#define __SNR_fstatfs64 __PNR_fstatfs64
+#endif
+
+#define __SNR_fsync __NR_fsync
+
+#ifdef __NR_ftime
+#define __SNR_ftime __NR_ftime
+#else
+#define __SNR_ftime __PNR_ftime
+#endif
+
+#ifdef __NR_ftruncate
+#define __SNR_ftruncate __NR_ftruncate
+#else
+#define __SNR_ftruncate __PNR_ftruncate
+#endif
+
+#ifdef __NR_ftruncate64
+#define __SNR_ftruncate64 __NR_ftruncate64
+#else
+#define __SNR_ftruncate64 __PNR_ftruncate64
+#endif
+
+#define __SNR_futex __NR_futex
+
+#define __SNR_futex_requeue __NR_futex_requeue
+
+#ifdef __NR_futex_time64
+#define __SNR_futex_time64 __NR_futex_time64
+#else
+#define __SNR_futex_time64 __PNR_futex_time64
+#endif
+
+#define __SNR_futex_wait __NR_futex_wait
+
+#define __SNR_futex_waitv __NR_futex_waitv
+
+#define __SNR_futex_wake __NR_futex_wake
+
+#ifdef __NR_futimesat
+#define __SNR_futimesat __NR_futimesat
+#else
+#define __SNR_futimesat __PNR_futimesat
+#endif
+
+#ifdef __NR_get_kernel_syms
+#define __SNR_get_kernel_syms __NR_get_kernel_syms
+#else
+#define __SNR_get_kernel_syms __PNR_get_kernel_syms
+#endif
+
+#ifdef __NR_get_mempolicy
+#define __SNR_get_mempolicy __NR_get_mempolicy
+#else
+#define __SNR_get_mempolicy __PNR_get_mempolicy
+#endif
+
+#define __SNR_get_robust_list __NR_get_robust_list
+
+#ifdef __NR_get_thread_area
+#define __SNR_get_thread_area __NR_get_thread_area
+#else
+#define __SNR_get_thread_area __PNR_get_thread_area
+#endif
+
+#ifdef __NR_get_tls
+#ifdef __ARM_NR_get_tls
+#define __SNR_get_tls __ARM_NR_get_tls
+#else
+#define __SNR_get_tls __NR_get_tls
+#endif
+#else
+#define __SNR_get_tls __PNR_get_tls
+#endif
+
+#define __SNR_getcpu __NR_getcpu
+
+#define __SNR_getcwd __NR_getcwd
+
+#ifdef __NR_getdents
+#define __SNR_getdents __NR_getdents
+#else
+#define __SNR_getdents __PNR_getdents
+#endif
+
+#define __SNR_getdents64 __NR_getdents64
+
+#ifdef __NR_getegid
+#define __SNR_getegid __NR_getegid
+#else
+#define __SNR_getegid __PNR_getegid
+#endif
+
+#ifdef __NR_getegid32
+#define __SNR_getegid32 __NR_getegid32
+#else
+#define __SNR_getegid32 __PNR_getegid32
+#endif
+
+#ifdef __NR_geteuid
+#define __SNR_geteuid __NR_geteuid
+#else
+#define __SNR_geteuid __PNR_geteuid
+#endif
+
+#ifdef __NR_geteuid32
+#define __SNR_geteuid32 __NR_geteuid32
+#else
+#define __SNR_geteuid32 __PNR_geteuid32
+#endif
+
+#ifdef __NR_getgid
+#define __SNR_getgid __NR_getgid
+#else
+#define __SNR_getgid __PNR_getgid
+#endif
+
+#ifdef __NR_getgid32
+#define __SNR_getgid32 __NR_getgid32
+#else
+#define __SNR_getgid32 __PNR_getgid32
+#endif
+
+#ifdef __NR_getgroups
+#define __SNR_getgroups __NR_getgroups
+#else
+#define __SNR_getgroups __PNR_getgroups
+#endif
+
+#ifdef __NR_getgroups32
+#define __SNR_getgroups32 __NR_getgroups32
+#else
+#define __SNR_getgroups32 __PNR_getgroups32
+#endif
+
+#define __SNR_getitimer __NR_getitimer
+
+#ifdef __NR_getpeername
+#define __SNR_getpeername __NR_getpeername
+#else
+#define __SNR_getpeername __PNR_getpeername
+#endif
+
+#define __SNR_getpgid __NR_getpgid
+
+#ifdef __NR_getpgrp
+#define __SNR_getpgrp __NR_getpgrp
+#else
+#define __SNR_getpgrp __PNR_getpgrp
+#endif
+
+#define __SNR_getpid __NR_getpid
+
+#ifdef __NR_getpmsg
+#define __SNR_getpmsg __NR_getpmsg
+#else
+#define __SNR_getpmsg __PNR_getpmsg
+#endif
+
+#define __SNR_getppid __NR_getppid
+
+#define __SNR_getpriority __NR_getpriority
+
+#ifdef __NR_getrandom
+#define __SNR_getrandom __NR_getrandom
+#else
+#define __SNR_getrandom __PNR_getrandom
+#endif
+
+#ifdef __NR_getresgid
+#define __SNR_getresgid __NR_getresgid
+#else
+#define __SNR_getresgid __PNR_getresgid
+#endif
+
+#ifdef __NR_getresgid32
+#define __SNR_getresgid32 __NR_getresgid32
+#else
+#define __SNR_getresgid32 __PNR_getresgid32
+#endif
+
+#ifdef __NR_getresuid
+#define __SNR_getresuid __NR_getresuid
+#else
+#define __SNR_getresuid __PNR_getresuid
+#endif
+
+#ifdef __NR_getresuid32
+#define __SNR_getresuid32 __NR_getresuid32
+#else
+#define __SNR_getresuid32 __PNR_getresuid32
+#endif
+
+#ifdef __NR_getrlimit
+#define __SNR_getrlimit __NR_getrlimit
+#else
+#define __SNR_getrlimit __PNR_getrlimit
+#endif
+
+#define __SNR_getrusage __NR_getrusage
+
+#define __SNR_getsid __NR_getsid
+
+#ifdef __NR_getsockname
+#define __SNR_getsockname __NR_getsockname
+#else
+#define __SNR_getsockname __PNR_getsockname
+#endif
+
+#ifdef __NR_getsockopt
+#define __SNR_getsockopt __NR_getsockopt
+#else
+#define __SNR_getsockopt __PNR_getsockopt
+#endif
+
+#define __SNR_gettid __NR_gettid
+
+#define __SNR_gettimeofday __NR_gettimeofday
+
+#ifdef __NR_getuid
+#define __SNR_getuid __NR_getuid
+#else
+#define __SNR_getuid __PNR_getuid
+#endif
+
+#ifdef __NR_getuid32
+#define __SNR_getuid32 __NR_getuid32
+#else
+#define __SNR_getuid32 __PNR_getuid32
+#endif
+
+#define __SNR_getxattr __NR_getxattr
+
+#ifdef __NR_gtty
+#define __SNR_gtty __NR_gtty
+#else
+#define __SNR_gtty __PNR_gtty
+#endif
+
+#ifdef __NR_idle
+#define __SNR_idle __NR_idle
+#else
+#define __SNR_idle __PNR_idle
+#endif
+
+#define __SNR_init_module __NR_init_module
+
+#define __SNR_inotify_add_watch __NR_inotify_add_watch
+
+#ifdef __NR_inotify_init
+#define __SNR_inotify_init __NR_inotify_init
+#else
+#define __SNR_inotify_init __PNR_inotify_init
+#endif
+
+#define __SNR_inotify_init1 __NR_inotify_init1
+
+#define __SNR_inotify_rm_watch __NR_inotify_rm_watch
+
+#define __SNR_io_cancel __NR_io_cancel
+
+#define __SNR_io_destroy __NR_io_destroy
+
+#define __SNR_io_getevents __NR_io_getevents
+
+#ifdef __NR_io_pgetevents
+#define __SNR_io_pgetevents __NR_io_pgetevents
+#else
+#define __SNR_io_pgetevents __PNR_io_pgetevents
+#endif
+
+#ifdef __NR_io_pgetevents_time64
+#define __SNR_io_pgetevents_time64 __NR_io_pgetevents_time64
+#else
+#define __SNR_io_pgetevents_time64 __PNR_io_pgetevents_time64
+#endif
+
+#define __SNR_io_setup __NR_io_setup
+
+#define __SNR_io_submit __NR_io_submit
+
+#define __SNR_io_uring_setup __NR_io_uring_setup
+
+#define __SNR_io_uring_enter __NR_io_uring_enter
+
+#define __SNR_io_uring_register __NR_io_uring_register
+
+#define __SNR_ioctl __NR_ioctl
+
+#ifdef __NR_ioperm
+#define __SNR_ioperm __NR_ioperm
+#else
+#define __SNR_ioperm __PNR_ioperm
+#endif
+
+#ifdef __NR_iopl
+#define __SNR_iopl __NR_iopl
+#else
+#define __SNR_iopl __PNR_iopl
+#endif
+
+#define __SNR_ioprio_get __NR_ioprio_get
+
+#define __SNR_ioprio_set __NR_ioprio_set
+
+#ifdef __NR_ipc
+#define __SNR_ipc __NR_ipc
+#else
+#define __SNR_ipc __PNR_ipc
+#endif
+
+#define __SNR_kcmp __NR_kcmp
+
+#ifdef __NR_kexec_file_load
+#define __SNR_kexec_file_load __NR_kexec_file_load
+#else
+#define __SNR_kexec_file_load __PNR_kexec_file_load
+#endif
+
+#define __SNR_kexec_load __NR_kexec_load
+
+#define __SNR_keyctl __NR_keyctl
+
+#define __SNR_kill __NR_kill
+
+#define __SNR_landlock_add_rule __NR_landlock_add_rule
+#define __SNR_landlock_create_ruleset __NR_landlock_create_ruleset
+#define __SNR_landlock_restrict_self __NR_landlock_restrict_self
+
+#ifdef __NR_lchown
+#define __SNR_lchown __NR_lchown
+#else
+#define __SNR_lchown __PNR_lchown
+#endif
+
+#ifdef __NR_lchown32
+#define __SNR_lchown32 __NR_lchown32
+#else
+#define __SNR_lchown32 __PNR_lchown32
+#endif
+
+#define __SNR_lgetxattr __NR_lgetxattr
+
+#ifdef __NR_link
+#define __SNR_link __NR_link
+#else
+#define __SNR_link __PNR_link
+#endif
+
+#define __SNR_linkat __NR_linkat
+
+#ifdef __NR_listen
+#define __SNR_listen __NR_listen
+#else
+#define __SNR_listen __PNR_listen
+#endif
+
+#define __SNR_listxattr __NR_listxattr
+
+#define __SNR_llistxattr __NR_llistxattr
+
+#ifdef __NR_lock
+#define __SNR_lock __NR_lock
+#else
+#define __SNR_lock __PNR_lock
+#endif
+
+#define __SNR_lookup_dcookie __NR_lookup_dcookie
+
+#define __SNR_lremovexattr __NR_lremovexattr
+
+#define __SNR_lseek __NR_lseek
+
+#define __SNR_lsetxattr __NR_lsetxattr
+
+#ifdef __NR_lstat
+#define __SNR_lstat __NR_lstat
+#else
+#define __SNR_lstat __PNR_lstat
+#endif
+
+#ifdef __NR_lstat64
+#define __SNR_lstat64 __NR_lstat64
+#else
+#define __SNR_lstat64 __PNR_lstat64
+#endif
+
+#define __SNR_madvise __NR_madvise
+
+#ifdef __NR_map_shadow_stack
+#define __SNR_map_shadow_stack __NR_map_shadow_stack
+#else
+#define __SNR_map_shadow_stack __PNR_map_shadow_stack
+#endif
+
+#ifdef __NR_mbind
+#define __SNR_mbind __NR_mbind
+#else
+#define __SNR_mbind __PNR_mbind
+#endif
+
+#ifdef __NR_membarrier
+#define __SNR_membarrier __NR_membarrier
+#else
+#define __SNR_membarrier __PNR_membarrier
+#endif
+
+#ifdef __NR_memfd_create
+#define __SNR_memfd_create __NR_memfd_create
+#else
+#define __SNR_memfd_create __PNR_memfd_create
+#endif
+
+#ifdef __NR_memfd_secret
+#define __SNR_memfd_secret __NR_memfd_secret
+#else
+#define __SNR_memfd_secret __PNR_memfd_secret
+#endif
+
+#ifdef __NR_migrate_pages
+#define __SNR_migrate_pages __NR_migrate_pages
+#else
+#define __SNR_migrate_pages __PNR_migrate_pages
+#endif
+
+#define __SNR_mincore __NR_mincore
+
+#ifdef __NR_mkdir
+#define __SNR_mkdir __NR_mkdir
+#else
+#define __SNR_mkdir __PNR_mkdir
+#endif
+
+#define __SNR_mkdirat __NR_mkdirat
+
+#ifdef __NR_mknod
+#define __SNR_mknod __NR_mknod
+#else
+#define __SNR_mknod __PNR_mknod
+#endif
+
+#define __SNR_mknodat __NR_mknodat
+
+#define __SNR_mlock __NR_mlock
+
+#define __SNR_mlock2 __NR_mlock2
+
+#define __SNR_mlockall __NR_mlockall
+
+#ifdef __NR_mmap
+#define __SNR_mmap __NR_mmap
+#else
+#define __SNR_mmap __PNR_mmap
+#endif
+
+#ifdef __NR_mmap2
+#define __SNR_mmap2 __NR_mmap2
+#else
+#define __SNR_mmap2 __PNR_mmap2
+#endif
+
+#ifdef __NR_modify_ldt
+#define __SNR_modify_ldt __NR_modify_ldt
+#else
+#define __SNR_modify_ldt __PNR_modify_ldt
+#endif
+
+#define __SNR_mount __NR_mount
+
+#define __SNR_mount_setattr __NR_mount_setattr
+
+#ifdef __NR_move_mount
+#define __SNR_move_mount __NR_move_mount
+#else
+#define __SNR_move_mount __PNR_move_mount
+#endif
+
+#ifdef __NR_move_pages
+#define __SNR_move_pages __NR_move_pages
+#else
+#define __SNR_move_pages __PNR_move_pages
+#endif
+
+#define __SNR_mprotect __NR_mprotect
+
+#ifdef __NR_mpx
+#define __SNR_mpx __NR_mpx
+#else
+#define __SNR_mpx __PNR_mpx
+#endif
+
+#define __SNR_mq_getsetattr __NR_mq_getsetattr
+
+#define __SNR_mq_notify __NR_mq_notify
+
+#define __SNR_mq_open __NR_mq_open
+
+#define __SNR_mq_timedreceive __NR_mq_timedreceive
+
+#ifdef __NR_mq_timedreceive_time64
+#define __SNR_mq_timedreceive_time64 __NR_mq_timedreceive_time64
+#else
+#define __SNR_mq_timedreceive_time64 __PNR_mq_timedreceive_time64
+#endif
+
+#define __SNR_mq_timedsend __NR_mq_timedsend
+
+#ifdef __NR_mq_timedsend_time64
+#define __SNR_mq_timedsend_time64 __NR_mq_timedsend_time64
+#else
+#define __SNR_mq_timedsend_time64 __PNR_mq_timedsend_time64
+#endif
+
+#define __SNR_mq_unlink __NR_mq_unlink
+
+#define __SNR_mremap __NR_mremap
+
+#ifdef __NR_msgctl
+#define __SNR_msgctl __NR_msgctl
+#else
+#define __SNR_msgctl __PNR_msgctl
+#endif
+
+#ifdef __NR_msgget
+#define __SNR_msgget __NR_msgget
+#else
+#define __SNR_msgget __PNR_msgget
+#endif
+
+#ifdef __NR_msgrcv
+#define __SNR_msgrcv __NR_msgrcv
+#else
+#define __SNR_msgrcv __PNR_msgrcv
+#endif
+
+#ifdef __NR_msgsnd
+#define __SNR_msgsnd __NR_msgsnd
+#else
+#define __SNR_msgsnd __PNR_msgsnd
+#endif
+
+#define __SNR_msync __NR_msync
+
+#ifdef __NR_multiplexer
+#define __SNR_multiplexer __NR_multiplexer
+#else
+#define __SNR_multiplexer __PNR_multiplexer
+#endif
+
+#define __SNR_munlock __NR_munlock
+
+#define __SNR_munlockall __NR_munlockall
+
+#define __SNR_munmap __NR_munmap
+
+#define __SNR_name_to_handle_at __NR_name_to_handle_at
+
+#define __SNR_nanosleep __NR_nanosleep
+
+#ifdef __NR_newfstatat
+#define __SNR_newfstatat __NR_newfstatat
+#else
+#define __SNR_newfstatat __PNR_newfstatat
+#endif
+
+#ifdef __NR_nfsservctl
+#define __SNR_nfsservctl __NR_nfsservctl
+#else
+#define __SNR_nfsservctl __PNR_nfsservctl
+#endif
+
+#ifdef __NR_nice
+#define __SNR_nice __NR_nice
+#else
+#define __SNR_nice __PNR_nice
+#endif
+
+#ifdef __NR_oldfstat
+#define __SNR_oldfstat __NR_oldfstat
+#else
+#define __SNR_oldfstat __PNR_oldfstat
+#endif
+
+#ifdef __NR_oldlstat
+#define __SNR_oldlstat __NR_oldlstat
+#else
+#define __SNR_oldlstat __PNR_oldlstat
+#endif
+
+#ifdef __NR_oldolduname
+#define __SNR_oldolduname __NR_oldolduname
+#else
+#define __SNR_oldolduname __PNR_oldolduname
+#endif
+
+#ifdef __NR_oldstat
+#define __SNR_oldstat __NR_oldstat
+#else
+#define __SNR_oldstat __PNR_oldstat
+#endif
+
+#ifdef __NR_olduname
+#define __SNR_olduname __NR_olduname
+#else
+#define __SNR_olduname __PNR_olduname
+#endif
+
+#ifdef __NR_open
+#define __SNR_open __NR_open
+#else
+#define __SNR_open __PNR_open
+#endif
+
+#define __SNR_open_by_handle_at __NR_open_by_handle_at
+
+#ifdef __NR_open_tree
+#define __SNR_open_tree __NR_open_tree
+#else
+#define __SNR_open_tree __PNR_open_tree
+#endif
+
+#define __SNR_openat __NR_openat
+
+#define __SNR_openat2 __NR_openat2
+
+#ifdef __NR_pause
+#define __SNR_pause __NR_pause
+#else
+#define __SNR_pause __PNR_pause
+#endif
+
+#ifdef __NR_pciconfig_iobase
+#define __SNR_pciconfig_iobase __NR_pciconfig_iobase
+#else
+#define __SNR_pciconfig_iobase __PNR_pciconfig_iobase
+#endif
+
+#ifdef __NR_pciconfig_read
+#define __SNR_pciconfig_read __NR_pciconfig_read
+#else
+#define __SNR_pciconfig_read __PNR_pciconfig_read
+#endif
+
+#ifdef __NR_pciconfig_write
+#define __SNR_pciconfig_write __NR_pciconfig_write
+#else
+#define __SNR_pciconfig_write __PNR_pciconfig_write
+#endif
+
+#define __SNR_perf_event_open __NR_perf_event_open
+
+#define __SNR_personality __NR_personality
+
+#define __SNR_pidfd_getfd __NR_pidfd_getfd
+
+#ifdef __NR_pidfd_open
+#define __SNR_pidfd_open __NR_pidfd_open
+#else
+#define __SNR_pidfd_open __PNR_pidfd_open
+#endif
+
+#ifdef __NR_pidfd_send_signal
+#define __SNR_pidfd_send_signal __NR_pidfd_send_signal
+#else
+#define __SNR_pidfd_send_signal __PNR_pidfd_send_signal
+#endif
+
+#ifdef __NR_pipe
+#define __SNR_pipe __NR_pipe
+#else
+#define __SNR_pipe __PNR_pipe
+#endif
+
+#define __SNR_pipe2 __NR_pipe2
+
+#define __SNR_pivot_root __NR_pivot_root
+
+#ifdef __NR_pkey_alloc
+#define __SNR_pkey_alloc __NR_pkey_alloc
+#else
+#define __SNR_pkey_alloc __PNR_pkey_alloc
+#endif
+
+#ifdef __NR_pkey_free
+#define __SNR_pkey_free __NR_pkey_free
+#else
+#define __SNR_pkey_free __PNR_pkey_free
+#endif
+
+#ifdef __NR_pkey_mprotect
+#define __SNR_pkey_mprotect __NR_pkey_mprotect
+#else
+#define __SNR_pkey_mprotect __PNR_pkey_mprotect
+#endif
+
+#ifdef __NR_poll
+#define __SNR_poll __NR_poll
+#else
+#define __SNR_poll __PNR_poll
+#endif
+
+#ifdef __NR_ppoll
+#define __SNR_ppoll __NR_ppoll
+#else
+#define __SNR_ppoll __PNR_ppoll
+#endif
+
+#ifdef __NR_ppoll_time64
+#define __SNR_ppoll_time64 __NR_ppoll_time64
+#else
+#define __SNR_ppoll_time64 __PNR_ppoll_time64
+#endif
+
+#define __SNR_prctl __NR_prctl
+
+#define __SNR_pread64 __NR_pread64
+
+#define __SNR_preadv __NR_preadv
+
+#define __SNR_preadv2 __NR_preadv2
+
+#define __SNR_prlimit64 __NR_prlimit64
+
+#define __SNR_process_madvise __NR_process_madvise
+
+#define __SNR_process_mrelease __NR_process_mrelease
+
+#define __SNR_process_vm_readv __NR_process_vm_readv
+
+#define __SNR_process_vm_writev __NR_process_vm_writev
+
+#ifdef __NR_prof
+#define __SNR_prof __NR_prof
+#else
+#define __SNR_prof __PNR_prof
+#endif
+
+#ifdef __NR_profil
+#define __SNR_profil __NR_profil
+#else
+#define __SNR_profil __PNR_profil
+#endif
+
+#define __SNR_pselect6 __NR_pselect6
+
+#ifdef __NR_pselect6_time64
+#define __SNR_pselect6_time64 __NR_pselect6_time64
+#else
+#define __SNR_pselect6_time64 __PNR_pselect6_time64
+#endif
+
+#define __SNR_ptrace __NR_ptrace
+
+#ifdef __NR_putpmsg
+#define __SNR_putpmsg __NR_putpmsg
+#else
+#define __SNR_putpmsg __PNR_putpmsg
+#endif
+
+#define __SNR_pwrite64 __NR_pwrite64
+
+#define __SNR_pwritev __NR_pwritev
+
+#define __SNR_pwritev2 __NR_pwritev2
+
+#ifdef __NR_query_module
+#define __SNR_query_module __NR_query_module
+#else
+#define __SNR_query_module __PNR_query_module
+#endif
+
+#define __SNR_quotactl __NR_quotactl
+
+#define __SNR_quotactl_fd __NR_quotactl_fd
+
+#ifdef __NR_read
+#define __SNR_read __NR_read
+#else
+#define __SNR_read __PNR_read
+#endif
+
+#define __SNR_readahead __NR_readahead
+
+#ifdef __NR_readdir
+#define __SNR_readdir __NR_readdir
+#else
+#define __SNR_readdir __PNR_readdir
+#endif
+
+#ifdef __NR_readlink
+#define __SNR_readlink __NR_readlink
+#else
+#define __SNR_readlink __PNR_readlink
+#endif
+
+#define __SNR_readlinkat __NR_readlinkat
+
+#define __SNR_readv __NR_readv
+
+#define __SNR_reboot __NR_reboot
+
+#ifdef __NR_recv
+#define __SNR_recv __NR_recv
+#else
+#define __SNR_recv __PNR_recv
+#endif
+
+#ifdef __NR_recvfrom
+#define __SNR_recvfrom __NR_recvfrom
+#else
+#define __SNR_recvfrom __PNR_recvfrom
+#endif
+
+#ifdef __NR_recvmmsg
+#define __SNR_recvmmsg __NR_recvmmsg
+#else
+#define __SNR_recvmmsg __PNR_recvmmsg
+#endif
+
+#ifdef __NR_recvmmsg_time64
+#define __SNR_recvmmsg_time64 __NR_recvmmsg_time64
+#else
+#define __SNR_recvmmsg_time64 __PNR_recvmmsg_time64
+#endif
+
+#ifdef __NR_recvmsg
+#define __SNR_recvmsg __NR_recvmsg
+#else
+#define __SNR_recvmsg __PNR_recvmsg
+#endif
+
+#define __SNR_remap_file_pages __NR_remap_file_pages
+
+#define __SNR_removexattr __NR_removexattr
+
+#ifdef __NR_rename
+#define __SNR_rename __NR_rename
+#else
+#define __SNR_rename __PNR_rename
+#endif
+
+#ifdef __NR_renameat
+#define __SNR_renameat __NR_renameat
+#else
+#define __SNR_renameat __PNR_renameat
+#endif
+
+#define __SNR_renameat2 __NR_renameat2
+
+#define __SNR_request_key __NR_request_key
+
+#define __SNR_restart_syscall __NR_restart_syscall
+
+#ifdef __NR_riscv_flush_icache
+#define __SNR_riscv_flush_icache __NR_riscv_flush_icache
+#else
+#define __SNR_riscv_flush_icache __PNR_riscv_flush_icache
+#endif
+
+#ifdef __NR_rmdir
+#define __SNR_rmdir __NR_rmdir
+#else
+#define __SNR_rmdir __PNR_rmdir
+#endif
+
+#ifdef __NR_rseq
+#define __SNR_rseq __NR_rseq
+#else
+#define __SNR_rseq __PNR_rseq
+#endif
+
+#define __SNR_rt_sigaction __NR_rt_sigaction
+
+#define __SNR_rt_sigpending __NR_rt_sigpending
+
+#define __SNR_rt_sigprocmask __NR_rt_sigprocmask
+
+#define __SNR_rt_sigqueueinfo __NR_rt_sigqueueinfo
+
+#define __SNR_rt_sigreturn __NR_rt_sigreturn
+
+#define __SNR_rt_sigsuspend __NR_rt_sigsuspend
+
+#define __SNR_rt_sigtimedwait __NR_rt_sigtimedwait
+
+#ifdef __NR_rt_sigtimedwait_time64
+#define __SNR_rt_sigtimedwait_time64 __NR_rt_sigtimedwait_time64
+#else
+#define __SNR_rt_sigtimedwait_time64 __PNR_rt_sigtimedwait_time64
+#endif
+
+#define __SNR_rt_tgsigqueueinfo __NR_rt_tgsigqueueinfo
+
+#ifdef __NR_rtas
+#define __SNR_rtas __NR_rtas
+#else
+#define __SNR_rtas __PNR_rtas
+#endif
+
+#ifdef __NR_s390_guarded_storage
+#define __SNR_s390_guarded_storage __NR_s390_guarded_storage
+#else
+#define __SNR_s390_guarded_storage __PNR_s390_guarded_storage
+#endif
+
+#ifdef __NR_s390_pci_mmio_read
+#define __SNR_s390_pci_mmio_read __NR_s390_pci_mmio_read
+#else
+#define __SNR_s390_pci_mmio_read __PNR_s390_pci_mmio_read
+#endif
+
+#ifdef __NR_s390_pci_mmio_write
+#define __SNR_s390_pci_mmio_write __NR_s390_pci_mmio_write
+#else
+#define __SNR_s390_pci_mmio_write __PNR_s390_pci_mmio_write
+#endif
+
+#ifdef __NR_s390_runtime_instr
+#define __SNR_s390_runtime_instr __NR_s390_runtime_instr
+#else
+#define __SNR_s390_runtime_instr __PNR_s390_runtime_instr
+#endif
+
+#ifdef __NR_s390_sthyi
+#define __SNR_s390_sthyi __NR_s390_sthyi
+#else
+#define __SNR_s390_sthyi __PNR_s390_sthyi
+#endif
+
+#define __SNR_sched_get_priority_max __NR_sched_get_priority_max
+
+#define __SNR_sched_get_priority_min __NR_sched_get_priority_min
+
+#define __SNR_sched_getaffinity __NR_sched_getaffinity
+
+#define __SNR_sched_getattr __NR_sched_getattr
+
+#define __SNR_sched_getparam __NR_sched_getparam
+
+#define __SNR_sched_getscheduler __NR_sched_getscheduler
+
+#define __SNR_sched_rr_get_interval __NR_sched_rr_get_interval
+
+#ifdef __NR_sched_rr_get_interval_time64
+#define __SNR_sched_rr_get_interval_time64 __NR_sched_rr_get_interval_time64
+#else
+#define __SNR_sched_rr_get_interval_time64 __PNR_sched_rr_get_interval_time64
+#endif
+
+#define __SNR_sched_setaffinity __NR_sched_setaffinity
+
+#define __SNR_sched_setattr __NR_sched_setattr
+
+#define __SNR_sched_setparam __NR_sched_setparam
+
+#define __SNR_sched_setscheduler __NR_sched_setscheduler
+
+#define __SNR_sched_yield __NR_sched_yield
+
+#define __SNR_seccomp __NR_seccomp
+
+#ifdef __NR_security
+#define __SNR_security __NR_security
+#else
+#define __SNR_security __PNR_security
+#endif
+
+#ifdef __NR_select
+#define __SNR_select __NR_select
+#else
+#define __SNR_select __PNR_select
+#endif
+
+#ifdef __NR_semctl
+#define __SNR_semctl __NR_semctl
+#else
+#define __SNR_semctl __PNR_semctl
+#endif
+
+#ifdef __NR_semget
+#define __SNR_semget __NR_semget
+#else
+#define __SNR_semget __PNR_semget
+#endif
+
+#ifdef __NR_semop
+#define __SNR_semop __NR_semop
+#else
+#define __SNR_semop __PNR_semop
+#endif
+
+#ifdef __NR_semtimedop
+#define __SNR_semtimedop __NR_semtimedop
+#else
+#define __SNR_semtimedop __PNR_semtimedop
+#endif
+
+#ifdef __NR_semtimedop_time64
+#define __SNR_semtimedop_time64 __NR_semtimedop_time64
+#else
+#define __SNR_semtimedop_time64 __PNR_semtimedop_time64
+#endif
+
+#ifdef __NR_send
+#define __SNR_send __NR_send
+#else
+#define __SNR_send __PNR_send
+#endif
+
+#ifdef __NR_sendfile
+#define __SNR_sendfile __NR_sendfile
+#else
+#define __SNR_sendfile __PNR_sendfile
+#endif
+
+#ifdef __NR_sendfile64
+#define __SNR_sendfile64 __NR_sendfile64
+#else
+#define __SNR_sendfile64 __PNR_sendfile64
+#endif
+
+#ifdef __NR_sendmmsg
+#define __SNR_sendmmsg __NR_sendmmsg
+#else
+#define __SNR_sendmmsg __PNR_sendmmsg
+#endif
+
+#ifdef __NR_sendmsg
+#define __SNR_sendmsg __NR_sendmsg
+#else
+#define __SNR_sendmsg __PNR_sendmsg
+#endif
+
+#ifdef __NR_sendto
+#define __SNR_sendto __NR_sendto
+#else
+#define __SNR_sendto __PNR_sendto
+#endif
+
+#ifdef __NR_set_mempolicy
+#define __SNR_set_mempolicy __NR_set_mempolicy
+#else
+#define __SNR_set_mempolicy __PNR_set_mempolicy
+#endif
+
+#define __SNR_set_mempolicy_home_node __NR_set_mempolicy_home_node
+
+#define __SNR_set_robust_list __NR_set_robust_list
+
+#ifdef __NR_set_thread_area
+#define __SNR_set_thread_area __NR_set_thread_area
+#else
+#define __SNR_set_thread_area __PNR_set_thread_area
+#endif
+
+#define __SNR_set_tid_address __NR_set_tid_address
+
+#ifdef __NR_set_tls
+#ifdef __ARM_NR_set_tls
+#define __SNR_set_tls __ARM_NR_set_tls
+#else
+#define __SNR_set_tls __NR_set_tls
+#endif
+#else
+#define __SNR_set_tls __PNR_set_tls
+#endif
+
+#define __SNR_setdomainname __NR_setdomainname
+
+#ifdef __NR_setfsgid
+#define __SNR_setfsgid __NR_setfsgid
+#else
+#define __SNR_setfsgid __PNR_setfsgid
+#endif
+
+#ifdef __NR_setfsgid32
+#define __SNR_setfsgid32 __NR_setfsgid32
+#else
+#define __SNR_setfsgid32 __PNR_setfsgid32
+#endif
+
+#ifdef __NR_setfsuid
+#define __SNR_setfsuid __NR_setfsuid
+#else
+#define __SNR_setfsuid __PNR_setfsuid
+#endif
+
+#ifdef __NR_setfsuid32
+#define __SNR_setfsuid32 __NR_setfsuid32
+#else
+#define __SNR_setfsuid32 __PNR_setfsuid32
+#endif
+
+#ifdef __NR_setgid
+#define __SNR_setgid __NR_setgid
+#else
+#define __SNR_setgid __PNR_setgid
+#endif
+
+#ifdef __NR_setgid32
+#define __SNR_setgid32 __NR_setgid32
+#else
+#define __SNR_setgid32 __PNR_setgid32
+#endif
+
+#ifdef __NR_setgroups
+#define __SNR_setgroups __NR_setgroups
+#else
+#define __SNR_setgroups __PNR_setgroups
+#endif
+
+#ifdef __NR_setgroups32
+#define __SNR_setgroups32 __NR_setgroups32
+#else
+#define __SNR_setgroups32 __PNR_setgroups32
+#endif
+
+#define __SNR_sethostname __NR_sethostname
+
+#define __SNR_setitimer __NR_setitimer
+
+#define __SNR_setns __NR_setns
+
+#define __SNR_setpgid __NR_setpgid
+
+#define __SNR_setpriority __NR_setpriority
+
+#ifdef __NR_setregid
+#define __SNR_setregid __NR_setregid
+#else
+#define __SNR_setregid __PNR_setregid
+#endif
+
+#ifdef __NR_setregid32
+#define __SNR_setregid32 __NR_setregid32
+#else
+#define __SNR_setregid32 __PNR_setregid32
+#endif
+
+#ifdef __NR_setresgid
+#define __SNR_setresgid __NR_setresgid
+#else
+#define __SNR_setresgid __PNR_setresgid
+#endif
+
+#ifdef __NR_setresgid32
+#define __SNR_setresgid32 __NR_setresgid32
+#else
+#define __SNR_setresgid32 __PNR_setresgid32
+#endif
+
+#ifdef __NR_setresuid
+#define __SNR_setresuid __NR_setresuid
+#else
+#define __SNR_setresuid __PNR_setresuid
+#endif
+
+#ifdef __NR_setresuid32
+#define __SNR_setresuid32 __NR_setresuid32
+#else
+#define __SNR_setresuid32 __PNR_setresuid32
+#endif
+
+#ifdef __NR_setreuid
+#define __SNR_setreuid __NR_setreuid
+#else
+#define __SNR_setreuid __PNR_setreuid
+#endif
+
+#ifdef __NR_setreuid32
+#define __SNR_setreuid32 __NR_setreuid32
+#else
+#define __SNR_setreuid32 __PNR_setreuid32
+#endif
+
+#ifdef __NR_setrlimit
+#define __SNR_setrlimit __NR_setrlimit
+#else
+#define __SNR_setrlimit __PNR_setrlimit
+#endif
+
+#define __SNR_setsid __NR_setsid
+
+#ifdef __NR_setsockopt
+#define __SNR_setsockopt __NR_setsockopt
+#else
+#define __SNR_setsockopt __PNR_setsockopt
+#endif
+
+#define __SNR_settimeofday __NR_settimeofday
+
+#ifdef __NR_setuid
+#define __SNR_setuid __NR_setuid
+#else
+#define __SNR_setuid __PNR_setuid
+#endif
+
+#ifdef __NR_setuid32
+#define __SNR_setuid32 __NR_setuid32
+#else
+#define __SNR_setuid32 __PNR_setuid32
+#endif
+
+#define __SNR_setxattr __NR_setxattr
+
+#ifdef __NR_sgetmask
+#define __SNR_sgetmask __NR_sgetmask
+#else
+#define __SNR_sgetmask __PNR_sgetmask
+#endif
+
+#ifdef __NR_shmat
+#define __SNR_shmat __NR_shmat
+#else
+#define __SNR_shmat __PNR_shmat
+#endif
+
+#ifdef __NR_shmctl
+#define __SNR_shmctl __NR_shmctl
+#else
+#define __SNR_shmctl __PNR_shmctl
+#endif
+
+#ifdef __NR_shmdt
+#define __SNR_shmdt __NR_shmdt
+#else
+#define __SNR_shmdt __PNR_shmdt
+#endif
+
+#ifdef __NR_shmget
+#define __SNR_shmget __NR_shmget
+#else
+#define __SNR_shmget __PNR_shmget
+#endif
+
+#ifdef __NR_shutdown
+#define __SNR_shutdown __NR_shutdown
+#else
+#define __SNR_shutdown __PNR_shutdown
+#endif
+
+#ifdef __NR_sigaction
+#define __SNR_sigaction __NR_sigaction
+#else
+#define __SNR_sigaction __PNR_sigaction
+#endif
+
+#define __SNR_sigaltstack __NR_sigaltstack
+
+#ifdef __NR_signal
+#define __SNR_signal __NR_signal
+#else
+#define __SNR_signal __PNR_signal
+#endif
+
+#ifdef __NR_signalfd
+#define __SNR_signalfd __NR_signalfd
+#else
+#define __SNR_signalfd __PNR_signalfd
+#endif
+
+#define __SNR_signalfd4 __NR_signalfd4
+
+#ifdef __NR_sigpending
+#define __SNR_sigpending __NR_sigpending
+#else
+#define __SNR_sigpending __PNR_sigpending
+#endif
+
+#ifdef __NR_sigprocmask
+#define __SNR_sigprocmask __NR_sigprocmask
+#else
+#define __SNR_sigprocmask __PNR_sigprocmask
+#endif
+
+#ifdef __NR_sigreturn
+#define __SNR_sigreturn __NR_sigreturn
+#else
+#define __SNR_sigreturn __PNR_sigreturn
+#endif
+
+#ifdef __NR_sigsuspend
+#define __SNR_sigsuspend __NR_sigsuspend
+#else
+#define __SNR_sigsuspend __PNR_sigsuspend
+#endif
+
+#ifdef __NR_socket
+#define __SNR_socket __NR_socket
+#else
+#define __SNR_socket __PNR_socket
+#endif
+
+#ifdef __NR_socketcall
+#define __SNR_socketcall __NR_socketcall
+#else
+#define __SNR_socketcall __PNR_socketcall
+#endif
+
+#ifdef __NR_socketpair
+#define __SNR_socketpair __NR_socketpair
+#else
+#define __SNR_socketpair __PNR_socketpair
+#endif
+
+#define __SNR_splice __NR_splice
+
+#ifdef __NR_spu_create
+#define __SNR_spu_create __NR_spu_create
+#else
+#define __SNR_spu_create __PNR_spu_create
+#endif
+
+#ifdef __NR_spu_run
+#define __SNR_spu_run __NR_spu_run
+#else
+#define __SNR_spu_run __PNR_spu_run
+#endif
+
+#ifdef __NR_ssetmask
+#define __SNR_ssetmask __NR_ssetmask
+#else
+#define __SNR_ssetmask __PNR_ssetmask
+#endif
+
+#ifdef __NR_stat
+#define __SNR_stat __NR_stat
+#else
+#define __SNR_stat __PNR_stat
+#endif
+
+#ifdef __NR_stat64
+#define __SNR_stat64 __NR_stat64
+#else
+#define __SNR_stat64 __PNR_stat64
+#endif
+
+#ifdef __NR_statfs
+#define __SNR_statfs __NR_statfs
+#else
+#define __SNR_statfs __PNR_statfs
+#endif
+
+#ifdef __NR_statfs64
+#define __SNR_statfs64 __NR_statfs64
+#else
+#define __SNR_statfs64 __PNR_statfs64
+#endif
+
+#ifdef __NR_statx
+#define __SNR_statx __NR_statx
+#else
+#define __SNR_statx __PNR_statx
+#endif
+
+#ifdef __NR_stime
+#define __SNR_stime __NR_stime
+#else
+#define __SNR_stime __PNR_stime
+#endif
+
+#ifdef __NR_stty
+#define __SNR_stty __NR_stty
+#else
+#define __SNR_stty __PNR_stty
+#endif
+
+#ifdef __NR_subpage_prot
+#define __SNR_subpage_prot __NR_subpage_prot
+#else
+#define __SNR_subpage_prot __PNR_subpage_prot
+#endif
+
+#ifdef __NR_swapcontext
+#define __SNR_swapcontext __NR_swapcontext
+#else
+#define __SNR_swapcontext __PNR_swapcontext
+#endif
+
+#define __SNR_swapoff __NR_swapoff
+
+#define __SNR_swapon __NR_swapon
+
+#ifdef __NR_switch_endian
+#define __SNR_switch_endian __NR_switch_endian
+#else
+#define __SNR_switch_endian __PNR_switch_endian
+#endif
+
+#ifdef __NR_symlink
+#define __SNR_symlink __NR_symlink
+#else
+#define __SNR_symlink __PNR_symlink
+#endif
+
+#define __SNR_symlinkat __NR_symlinkat
+
+#ifdef __NR_sync
+#define __SNR_sync __NR_sync
+#else
+#define __SNR_sync __PNR_sync
+#endif
+
+#ifdef __NR_sync_file_range
+#define __SNR_sync_file_range __NR_sync_file_range
+#else
+#define __SNR_sync_file_range __PNR_sync_file_range
+#endif
+
+#ifdef __NR_sync_file_range2
+#define __SNR_sync_file_range2 __NR_sync_file_range2
+#else
+#define __SNR_sync_file_range2 __PNR_sync_file_range2
+#endif
+
+#define __SNR_syncfs __NR_syncfs
+
+#ifdef __NR_syscall
+#define __SNR_syscall __NR_syscall
+#else
+#define __SNR_syscall __PNR_syscall
+#endif
+
+#ifdef __NR_sys_debug_setcontext
+#define __SNR_sys_debug_setcontext __NR_sys_debug_setcontext
+#else
+#define __SNR_sys_debug_setcontext __PNR_sys_debug_setcontext
+#endif
+
+#ifdef __NR_sysfs
+#define __SNR_sysfs __NR_sysfs
+#else
+#define __SNR_sysfs __PNR_sysfs
+#endif
+
+#define __SNR_sysinfo __NR_sysinfo
+
+#define __SNR_syslog __NR_syslog
+
+#ifdef __NR_sysmips
+#define __SNR_sysmips __NR_sysmips
+#else
+#define __SNR_sysmips __PNR_sysmips
+#endif
+
+#define __SNR_tee __NR_tee
+
+#define __SNR_tgkill __NR_tgkill
+
+#ifdef __NR_time
+#define __SNR_time __NR_time
+#else
+#define __SNR_time __PNR_time
+#endif
+
+#define __SNR_timer_create __NR_timer_create
+
+#define __SNR_timer_delete __NR_timer_delete
+
+#define __SNR_timer_getoverrun __NR_timer_getoverrun
+
+#define __SNR_timer_gettime __NR_timer_gettime
+
+#ifdef __NR_timer_gettime64
+#define __SNR_timer_gettime64 __NR_timer_gettime64
+#else
+#define __SNR_timer_gettime64 __PNR_timer_gettime64
+#endif
+
+#define __SNR_timer_settime __NR_timer_settime
+
+#ifdef __NR_timer_settime64
+#define __SNR_timer_settime64 __NR_timer_settime64
+#else
+#define __SNR_timer_settime64 __PNR_timer_settime64
+#endif
+
+#ifdef __NR_timerfd
+#define __SNR_timerfd __NR_timerfd
+#else
+#define __SNR_timerfd __PNR_timerfd
+#endif
+
+#define __SNR_timerfd_create __NR_timerfd_create
+
+#define __SNR_timerfd_gettime __NR_timerfd_gettime
+
+#ifdef __NR_timerfd_gettime64
+#define __SNR_timerfd_gettime64 __NR_timerfd_gettime64
+#else
+#define __SNR_timerfd_gettime64 __PNR_timerfd_gettime64
+#endif
+
+#define __SNR_timerfd_settime __NR_timerfd_settime
+
+#ifdef __NR_timerfd_settime64
+#define __SNR_timerfd_settime64 __NR_timerfd_settime64
+#else
+#define __SNR_timerfd_settime64 __PNR_timerfd_settime64
+#endif
+
+#define __SNR_times __NR_times
+
+#define __SNR_tkill __NR_tkill
+
+#ifdef __NR_truncate
+#define __SNR_truncate __NR_truncate
+#else
+#define __SNR_truncate __PNR_truncate
+#endif
+
+#ifdef __NR_truncate64
+#define __SNR_truncate64 __NR_truncate64
+#else
+#define __SNR_truncate64 __PNR_truncate64
+#endif
+
+#ifdef __NR_tuxcall
+#define __SNR_tuxcall __NR_tuxcall
+#else
+#define __SNR_tuxcall __PNR_tuxcall
+#endif
+
+#ifdef __NR_ugetrlimit
+#define __SNR_ugetrlimit __NR_ugetrlimit
+#else
+#define __SNR_ugetrlimit __PNR_ugetrlimit
+#endif
+
+#ifdef __NR_ulimit
+#define __SNR_ulimit __NR_ulimit
+#else
+#define __SNR_ulimit __PNR_ulimit
+#endif
+
+#define __SNR_umask __NR_umask
+
+#ifdef __NR_umount
+#define __SNR_umount __NR_umount
+#else
+#define __SNR_umount __PNR_umount
+#endif
+
+#define __SNR_umount2 __NR_umount2
+
+#define __SNR_uname __NR_uname
+
+#ifdef __NR_unlink
+#define __SNR_unlink __NR_unlink
+#else
+#define __SNR_unlink __PNR_unlink
+#endif
+
+#define __SNR_unlinkat __NR_unlinkat
+
+#define __SNR_unshare __NR_unshare
+
+#ifdef __NR_uselib
+#define __SNR_uselib __NR_uselib
+#else
+#define __SNR_uselib __PNR_uselib
+#endif
+
+#ifdef __NR_userfaultfd
+#define __SNR_userfaultfd __NR_userfaultfd
+#else
+#define __SNR_userfaultfd __PNR_userfaultfd
+#endif
+
+#ifdef __NR_usr26
+#ifdef __ARM_NR_usr26
+#define __SNR_usr26 __NR_usr26
+#else
+#define __SNR_usr26 __NR_usr26
+#endif
+#else
+#define __SNR_usr26 __PNR_usr26
+#endif
+
+#ifdef __NR_usr32
+#ifdef __ARM_NR_usr32
+#define __SNR_usr32 __NR_usr32
+#else
+#define __SNR_usr32 __NR_usr32
+#endif
+#else
+#define __SNR_usr32 __PNR_usr32
+#endif
+
+#ifdef __NR_ustat
+#define __SNR_ustat __NR_ustat
+#else
+#define __SNR_ustat __PNR_ustat
+#endif
+
+#ifdef __NR_utime
+#define __SNR_utime __NR_utime
+#else
+#define __SNR_utime __PNR_utime
+#endif
+
+#define __SNR_utimensat __NR_utimensat
+
+#ifdef __NR_utimensat_time64
+#define __SNR_utimensat_time64 __NR_utimensat_time64
+#else
+#define __SNR_utimensat_time64 __PNR_utimensat_time64
+#endif
+
+#ifdef __NR_utimes
+#define __SNR_utimes __NR_utimes
+#else
+#define __SNR_utimes __PNR_utimes
+#endif
+
+#ifdef __NR_vfork
+#define __SNR_vfork __NR_vfork
+#else
+#define __SNR_vfork __PNR_vfork
+#endif
+
+#define __SNR_vhangup __NR_vhangup
+
+#ifdef __NR_vm86
+#define __SNR_vm86 __NR_vm86
+#else
+#define __SNR_vm86 __PNR_vm86
+#endif
+
+#ifdef __NR_vm86old
+#define __SNR_vm86old __NR_vm86old
+#else
+#define __SNR_vm86old __PNR_vm86old
+#endif
+
+#define __SNR_vmsplice __NR_vmsplice
+
+#ifdef __NR_vserver
+#define __SNR_vserver __NR_vserver
+#else
+#define __SNR_vserver __PNR_vserver
+#endif
+
+#define __SNR_wait4 __NR_wait4
+
+#define __SNR_waitid __NR_waitid
+
+#ifdef __NR_waitpid
+#define __SNR_waitpid __NR_waitpid
+#else
+#define __SNR_waitpid __PNR_waitpid
+#endif
+
+#define __SNR_write __NR_write
+
+#define __SNR_writev __NR_writev
diff --git a/include/seccomp.h b/include/seccomp.h
new file mode 100644
index 0000000..d407a51
--- /dev/null
+++ b/include/seccomp.h
@@ -0,0 +1,827 @@
+/**
+ * Seccomp Library
+ *
+ * Copyright (c) 2019 Cisco Systems <pmoore2@cisco.com>
+ * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _SECCOMP_H
+#define _SECCOMP_H
+
+#include <elf.h>
+#include <inttypes.h>
+#include <asm/unistd.h>
+#include <linux/audit.h>
+#include <linux/types.h>
+#include <linux/seccomp.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * version information
+ */
+
+#define SCMP_VER_MAJOR 2
+#define SCMP_VER_MINOR 5
+#define SCMP_VER_MICRO 5
+
+struct scmp_version {
+ unsigned int major;
+ unsigned int minor;
+ unsigned int micro;
+};
+
+/*
+ * types
+ */
+
+/**
+ * Filter context/handle
+ */
+typedef void *scmp_filter_ctx;
+
+/**
+ * Filter attributes
+ */
+enum scmp_filter_attr {
+ _SCMP_FLTATR_MIN = 0,
+ SCMP_FLTATR_ACT_DEFAULT = 1, /**< default filter action */
+ SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */
+ SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */
+ SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */
+ SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */
+ SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */
+ SCMP_FLTATR_CTL_SSB = 7, /**< disable SSB mitigation */
+ SCMP_FLTATR_CTL_OPTIMIZE = 8, /**< filter optimization level:
+ * 0 - currently unused
+ * 1 - rules weighted by priority and
+ * complexity (DEFAULT)
+ * 2 - binary tree sorted by syscall
+ * number
+ */
+ SCMP_FLTATR_API_SYSRAWRC = 9, /**< return the system return codes */
+ _SCMP_FLTATR_MAX,
+};
+
+/**
+ * Comparison operators
+ */
+enum scmp_compare {
+ _SCMP_CMP_MIN = 0,
+ SCMP_CMP_NE = 1, /**< not equal */
+ SCMP_CMP_LT = 2, /**< less than */
+ SCMP_CMP_LE = 3, /**< less than or equal */
+ SCMP_CMP_EQ = 4, /**< equal */
+ SCMP_CMP_GE = 5, /**< greater than or equal */
+ SCMP_CMP_GT = 6, /**< greater than */
+ SCMP_CMP_MASKED_EQ = 7, /**< masked equality */
+ _SCMP_CMP_MAX,
+};
+
+/**
+ * Argument datum
+ */
+typedef uint64_t scmp_datum_t;
+
+/**
+ * Argument / Value comparison definition
+ */
+struct scmp_arg_cmp {
+ unsigned int arg; /**< argument number, starting at 0 */
+ enum scmp_compare op; /**< the comparison op, e.g. SCMP_CMP_* */
+ scmp_datum_t datum_a;
+ scmp_datum_t datum_b;
+};
+
+/*
+ * macros/defines
+ */
+
+/**
+ * The native architecture token
+ */
+#define SCMP_ARCH_NATIVE 0
+
+/**
+ * The x86 (32-bit) architecture token
+ */
+#define SCMP_ARCH_X86 AUDIT_ARCH_I386
+
+/**
+ * The x86-64 (64-bit) architecture token
+ */
+#define SCMP_ARCH_X86_64 AUDIT_ARCH_X86_64
+
+/**
+ * The x32 (32-bit x86_64) architecture token
+ *
+ * NOTE: this is different from the value used by the kernel because we need to
+ * be able to distinguish between x32 and x86_64
+ */
+#define SCMP_ARCH_X32 (EM_X86_64|__AUDIT_ARCH_LE)
+
+/**
+ * The ARM architecture tokens
+ */
+#define SCMP_ARCH_ARM AUDIT_ARCH_ARM
+/* AArch64 support for audit was merged in 3.17-rc1 */
+#ifndef AUDIT_ARCH_AARCH64
+#ifndef EM_AARCH64
+#define EM_AARCH64 183
+#endif /* EM_AARCH64 */
+#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif /* AUDIT_ARCH_AARCH64 */
+#define SCMP_ARCH_AARCH64 AUDIT_ARCH_AARCH64
+
+/**
+ * The MIPS architecture tokens
+ */
+#ifndef __AUDIT_ARCH_CONVENTION_MIPS64_N32
+#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
+#endif
+#ifndef EM_MIPS
+#define EM_MIPS 8
+#endif
+#ifndef AUDIT_ARCH_MIPS
+#define AUDIT_ARCH_MIPS (EM_MIPS)
+#endif
+#ifndef AUDIT_ARCH_MIPS64
+#define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT)
+#endif
+/* MIPS64N32 support was merged in 3.15 */
+#ifndef AUDIT_ARCH_MIPS64N32
+#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\
+ __AUDIT_ARCH_CONVENTION_MIPS64_N32)
+#endif
+/* MIPSEL64N32 support was merged in 3.15 */
+#ifndef AUDIT_ARCH_MIPSEL64N32
+#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE|\
+ __AUDIT_ARCH_CONVENTION_MIPS64_N32)
+#endif
+#define SCMP_ARCH_MIPS AUDIT_ARCH_MIPS
+#define SCMP_ARCH_MIPS64 AUDIT_ARCH_MIPS64
+#define SCMP_ARCH_MIPS64N32 AUDIT_ARCH_MIPS64N32
+#define SCMP_ARCH_MIPSEL AUDIT_ARCH_MIPSEL
+#define SCMP_ARCH_MIPSEL64 AUDIT_ARCH_MIPSEL64
+#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
+
+/**
+ * The PowerPC architecture tokens
+ */
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
+
+/**
+ * The S390 architecture tokens
+ */
+#define SCMP_ARCH_S390 AUDIT_ARCH_S390
+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
+
+/**
+ * The PA-RISC hppa architecture tokens
+ */
+#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
+#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
+
+/**
+ * The RISC-V architecture tokens
+ */
+/* RISC-V support for audit was merged in 5.0-rc1 */
+#ifndef AUDIT_ARCH_RISCV64
+#ifndef EM_RISCV
+#define EM_RISCV 243
+#endif /* EM_RISCV */
+#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif /* AUDIT_ARCH_RISCV64 */
+#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
+
+/**
+ * Convert a syscall name into the associated syscall number
+ * @param x the syscall name
+ */
+#define SCMP_SYS(x) (__SNR_##x)
+
+/* Helpers for the argument comparison macros, DO NOT USE directly */
+#define _SCMP_VA_NUM_ARGS(...) _SCMP_VA_NUM_ARGS_IMPL(__VA_ARGS__,2,1)
+#define _SCMP_VA_NUM_ARGS_IMPL(_1,_2,N,...) N
+#define _SCMP_MACRO_DISPATCHER(func, ...) \
+ _SCMP_MACRO_DISPATCHER_IMPL1(func, _SCMP_VA_NUM_ARGS(__VA_ARGS__))
+#define _SCMP_MACRO_DISPATCHER_IMPL1(func, nargs) \
+ _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs)
+#define _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) \
+ func ## nargs
+#define _SCMP_CMP32_1(x, y, z) \
+ SCMP_CMP64(x, y, (uint32_t)(z))
+#define _SCMP_CMP32_2(x, y, z, q) \
+ SCMP_CMP64(x, y, (uint32_t)(z), (uint32_t)(q))
+
+/**
+ * Specify a 64-bit argument comparison struct for use in declaring rules
+ * @param arg the argument number, starting at 0
+ * @param op the comparison operator, e.g. SCMP_CMP_*
+ * @param datum_a dependent on comparison
+ * @param datum_b dependent on comparison, optional
+ */
+#define SCMP_CMP64(...) ((struct scmp_arg_cmp){__VA_ARGS__})
+#define SCMP_CMP SCMP_CMP64
+
+/**
+ * Specify a 32-bit argument comparison struct for use in declaring rules
+ * @param arg the argument number, starting at 0
+ * @param op the comparison operator, e.g. SCMP_CMP_*
+ * @param datum_a dependent on comparison (32-bits)
+ * @param datum_b dependent on comparison, optional (32-bits)
+ */
+#define SCMP_CMP32(x, y, ...) \
+ _SCMP_MACRO_DISPATCHER(_SCMP_CMP32_, __VA_ARGS__)(x, y, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 0
+ */
+#define SCMP_A0_64(...) SCMP_CMP64(0, __VA_ARGS__)
+#define SCMP_A0 SCMP_A0_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 0
+ */
+#define SCMP_A0_32(x, ...) SCMP_CMP32(0, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 1
+ */
+#define SCMP_A1_64(...) SCMP_CMP64(1, __VA_ARGS__)
+#define SCMP_A1 SCMP_A1_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 1
+ */
+#define SCMP_A1_32(x, ...) SCMP_CMP32(1, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 2
+ */
+#define SCMP_A2_64(...) SCMP_CMP64(2, __VA_ARGS__)
+#define SCMP_A2 SCMP_A2_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 2
+ */
+#define SCMP_A2_32(x, ...) SCMP_CMP32(2, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 3
+ */
+#define SCMP_A3_64(...) SCMP_CMP64(3, __VA_ARGS__)
+#define SCMP_A3 SCMP_A3_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 3
+ */
+#define SCMP_A3_32(x, ...) SCMP_CMP32(3, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 4
+ */
+#define SCMP_A4_64(...) SCMP_CMP64(4, __VA_ARGS__)
+#define SCMP_A4 SCMP_A4_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 4
+ */
+#define SCMP_A4_32(x, ...) SCMP_CMP32(4, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 5
+ */
+#define SCMP_A5_64(...) SCMP_CMP64(5, __VA_ARGS__)
+#define SCMP_A5 SCMP_A5_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 5
+ */
+#define SCMP_A5_32(x, ...) SCMP_CMP32(5, x, __VA_ARGS__)
+
+/*
+ * seccomp actions
+ */
+
+/**
+ * Kill the process
+ */
+#define SCMP_ACT_KILL_PROCESS 0x80000000U
+/**
+ * Kill the thread
+ */
+#define SCMP_ACT_KILL_THREAD 0x00000000U
+/**
+ * Kill the thread, defined for backward compatibility
+ */
+#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD
+/**
+ * Throw a SIGSYS signal
+ */
+#define SCMP_ACT_TRAP 0x00030000U
+/**
+ * Notifies userspace
+ */
+#define SCMP_ACT_NOTIFY 0x7fc00000U
+/**
+ * Return the specified error code
+ */
+#define SCMP_ACT_ERRNO(x) (0x00050000U | ((x) & 0x0000ffffU))
+/**
+ * Notify a tracing process with the specified value
+ */
+#define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU))
+/**
+ * Allow the syscall to be executed after the action has been logged
+ */
+#define SCMP_ACT_LOG 0x7ffc0000U
+/**
+ * Allow the syscall to be executed
+ */
+#define SCMP_ACT_ALLOW 0x7fff0000U
+
+/* SECCOMP_RET_USER_NOTIF was added in kernel v5.0. */
+#ifndef SECCOMP_RET_USER_NOTIF
+#define SECCOMP_RET_USER_NOTIF 0x7fc00000U
+
+struct seccomp_notif {
+ __u64 id;
+ __u32 pid;
+ __u32 flags;
+ struct seccomp_data data;
+};
+
+struct seccomp_notif_resp {
+ __u64 id;
+ __s64 val;
+ __s32 error;
+ __u32 flags;
+};
+#endif
+
+/*
+ * functions
+ */
+
+/**
+ * Query the library version information
+ *
+ * This function returns a pointer to a populated scmp_version struct, the
+ * caller does not need to free the structure when finished.
+ *
+ */
+const struct scmp_version *seccomp_version(void);
+
+/**
+ * Query the library's level of API support
+ *
+ * This function returns an API level value indicating the current supported
+ * functionality. It is important to note that this level of support is
+ * determined at runtime and therefore can change based on the running kernel
+ * and system configuration (e.g. any previously loaded seccomp filters). This
+ * function can be called multiple times, but it only queries the system the
+ * first time it is called, the API level is cached and used in subsequent
+ * calls.
+ *
+ * The current API levels are described below:
+ * 0 : reserved
+ * 1 : base level
+ * 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
+ * uses the seccomp(2) syscall instead of the prctl(2) syscall
+ * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
+ * support for the SCMP_ACT_LOG action
+ * support for the SCMP_ACT_KILL_PROCESS action
+ * 4 : support for the SCMP_FLTATR_CTL_SSB filter attrbute
+ * 5 : support for the SCMP_ACT_NOTIFY action and notify APIs
+ * 6 : support the simultaneous use of SCMP_FLTATR_CTL_TSYNC and notify APIs
+ *
+ */
+unsigned int seccomp_api_get(void);
+
+/**
+ * Set the library's level of API support
+ *
+ * This function forcibly sets the API level of the library at runtime. Valid
+ * API levels are discussed in the description of the seccomp_api_get()
+ * function. General use of this function is strongly discouraged.
+ *
+ */
+int seccomp_api_set(unsigned int level);
+
+/**
+ * Initialize the filter state
+ * @param def_action the default filter action
+ *
+ * This function initializes the internal seccomp filter state and should
+ * be called before any other functions in this library to ensure the filter
+ * state is initialized. Returns a filter context on success, NULL on failure.
+ *
+ */
+scmp_filter_ctx seccomp_init(uint32_t def_action);
+
+/**
+ * Reset the filter state
+ * @param ctx the filter context
+ * @param def_action the default filter action
+ *
+ * This function resets the given seccomp filter state and ensures the
+ * filter state is reinitialized. This function does not reset any seccomp
+ * filters already loaded into the kernel. Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action);
+
+/**
+ * Destroys the filter state and releases any resources
+ * @param ctx the filter context
+ *
+ * This functions destroys the given seccomp filter state and releases any
+ * resources, including memory, associated with the filter state. This
+ * function does not reset any seccomp filters already loaded into the kernel.
+ * The filter context can no longer be used after calling this function.
+ *
+ */
+void seccomp_release(scmp_filter_ctx ctx);
+
+/**
+ * Merge two filters
+ * @param ctx_dst the destination filter context
+ * @param ctx_src the source filter context
+ *
+ * This function merges two filter contexts into a single filter context and
+ * destroys the second filter context. The two filter contexts must have the
+ * same attribute values and not contain any of the same architectures; if they
+ * do, the merge operation will fail. On success, the source filter context
+ * will be destroyed and should no longer be used; it is not necessary to
+ * call seccomp_release() on the source filter context. Returns zero on
+ * success, negative values on failure.
+ *
+ */
+int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src);
+
+/**
+ * Resolve the architecture name to a architecture token
+ * @param arch_name the architecture name
+ *
+ * This function resolves the given architecture name to a token suitable for
+ * use with libseccomp, returns zero on failure.
+ *
+ */
+uint32_t seccomp_arch_resolve_name(const char *arch_name);
+
+/**
+ * Return the native architecture token
+ *
+ * This function returns the native architecture token value, e.g. SCMP_ARCH_*.
+ *
+ */
+uint32_t seccomp_arch_native(void);
+
+/**
+ * Check to see if an existing architecture is present in the filter
+ * @param ctx the filter context
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ *
+ * This function tests to see if a given architecture is included in the filter
+ * context. If the architecture token is SCMP_ARCH_NATIVE then the native
+ * architecture will be assumed. Returns zero if the architecture exists in
+ * the filter, -EEXIST if it is not present, and other negative values on
+ * failure.
+ *
+ */
+int seccomp_arch_exist(const scmp_filter_ctx ctx, uint32_t arch_token);
+
+/**
+ * Adds an architecture to the filter
+ * @param ctx the filter context
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ *
+ * This function adds a new architecture to the given seccomp filter context.
+ * Any new rules added after this function successfully returns will be added
+ * to this architecture but existing rules will not be added to this
+ * architecture. If the architecture token is SCMP_ARCH_NATIVE then the native
+ * architecture will be assumed. Returns zero on success, -EEXIST if
+ * specified architecture is already present, other negative values on failure.
+ *
+ */
+int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token);
+
+/**
+ * Removes an architecture from the filter
+ * @param ctx the filter context
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ *
+ * This function removes an architecture from the given seccomp filter context.
+ * If the architecture token is SCMP_ARCH_NATIVE then the native architecture
+ * will be assumed. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_arch_remove(scmp_filter_ctx ctx, uint32_t arch_token);
+
+/**
+ * Loads the filter into the kernel
+ * @param ctx the filter context
+ *
+ * This function loads the given seccomp filter context into the kernel. If
+ * the filter was loaded correctly, the kernel will be enforcing the filter
+ * when this function returns. Returns zero on success, negative values on
+ * error.
+ *
+ */
+int seccomp_load(const scmp_filter_ctx ctx);
+
+/**
+ * Get the value of a filter attribute
+ * @param ctx the filter context
+ * @param attr the filter attribute name
+ * @param value the filter attribute value
+ *
+ * This function fetches the value of the given attribute name and returns it
+ * via @value. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_attr_get(const scmp_filter_ctx ctx,
+ enum scmp_filter_attr attr, uint32_t *value);
+
+/**
+ * Set the value of a filter attribute
+ * @param ctx the filter context
+ * @param attr the filter attribute name
+ * @param value the filter attribute value
+ *
+ * This function sets the value of the given attribute. Returns zero on
+ * success, negative values on failure.
+ *
+ */
+int seccomp_attr_set(scmp_filter_ctx ctx,
+ enum scmp_filter_attr attr, uint32_t value);
+
+/**
+ * Resolve a syscall number to a name
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name for the given
+ * architecture; it is up to the caller to free the returned string. Returns
+ * the syscall name on success, NULL on failure.
+ *
+ */
+char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num);
+
+/**
+ * Resolve a syscall name to a number
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number for the given
+ * architecture. Returns the syscall number on success, including negative
+ * pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name);
+
+/**
+ * Resolve a syscall name to a number and perform any rewriting necessary
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number for the given
+ * architecture and do any necessary syscall rewriting needed by the
+ * architecture. Returns the syscall number on success, including negative
+ * pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int seccomp_syscall_resolve_name_rewrite(uint32_t arch_token, const char *name);
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number. Returns the syscall
+ * number on success, including negative pseudo syscall numbers (e.g. __PNR_*);
+ * returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int seccomp_syscall_resolve_name(const char *name);
+
+/**
+ * Set the priority of a given syscall
+ * @param ctx the filter context
+ * @param syscall the syscall number
+ * @param priority priority value, higher value == higher priority
+ *
+ * This function sets the priority of the given syscall; this value is used
+ * when generating the seccomp filter code such that higher priority syscalls
+ * will incur less filter code overhead than the lower priority syscalls in the
+ * filter. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_syscall_priority(scmp_filter_ctx ctx,
+ int syscall, uint8_t priority);
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of argument filters in the argument filter chain
+ * @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule needs to be adjusted due to architecture specifics it
+ * will be adjusted without notification. Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int seccomp_rule_add(scmp_filter_ctx ctx,
+ uint32_t action, int syscall, unsigned int arg_cnt, ...);
+
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of elements in the arg_array parameter
+ * @param arg_array array of scmp_arg_cmp structs
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule needs to be adjusted due to architecture specifics it
+ * will be adjusted without notification. Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int seccomp_rule_add_array(scmp_filter_ctx ctx,
+ uint32_t action, int syscall, unsigned int arg_cnt,
+ const struct scmp_arg_cmp *arg_array);
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of argument filters in the argument filter chain
+ * @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule can not be represented on the architecture the
+ * function will fail. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
+ int syscall, unsigned int arg_cnt, ...);
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of elements in the arg_array parameter
+ * @param arg_array array of scmp_arg_cmp structs
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule can not be represented on the architecture the
+ * function will fail. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
+ uint32_t action, int syscall,
+ unsigned int arg_cnt,
+ const struct scmp_arg_cmp *arg_array);
+
+/**
+ * Allocate a pair of notification request/response structures
+ * @param req the request location
+ * @param resp the response location
+ *
+ * This function allocates a pair of request/response structure by computing
+ * the correct sized based on the currently running kernel. It returns zero on
+ * success, and negative values on failure.
+ *
+ */
+int seccomp_notify_alloc(struct seccomp_notif **req,
+ struct seccomp_notif_resp **resp);
+
+/**
+ * Free a pair of notification request/response structures.
+ * @param req the request location
+ * @param resp the response location
+ */
+void seccomp_notify_free(struct seccomp_notif *req,
+ struct seccomp_notif_resp *resp);
+
+/**
+ * Receive a notification from a seccomp notification fd
+ * @param fd the notification fd
+ * @param req the request buffer to save into
+ *
+ * Blocks waiting for a notification on this fd. This function is thread safe
+ * (synchronization is performed in the kernel). Returns zero on success,
+ * negative values on error.
+ *
+ */
+int seccomp_notify_receive(int fd, struct seccomp_notif *req);
+
+/**
+ * Send a notification response to a seccomp notification fd
+ * @param fd the notification fd
+ * @param resp the response buffer to use
+ *
+ * Sends a notification response on this fd. This function is thread safe
+ * (synchronization is performed in the kernel). Returns zero on success,
+ * negative values on error.
+ *
+ */
+int seccomp_notify_respond(int fd, struct seccomp_notif_resp *resp);
+
+/**
+ * Check if a notification id is still valid
+ * @param fd the notification fd
+ * @param id the id to test
+ *
+ * Checks to see if a notification id is still valid. Returns 0 on success, and
+ * negative values on failure.
+ *
+ */
+int seccomp_notify_id_valid(int fd, uint64_t id);
+
+/**
+ * Return the notification fd from a filter that has already been loaded
+ * @param ctx the filter context
+ *
+ * This returns the listener fd that was generated when the seccomp policy was
+ * loaded. This is only valid after seccomp_load() with a filter that makes
+ * use of SCMP_ACT_NOTIFY.
+ *
+ */
+int seccomp_notify_fd(const scmp_filter_ctx ctx);
+
+/**
+ * Generate seccomp Pseudo Filter Code (PFC) and export it to a file
+ * @param ctx the filter context
+ * @param fd the destination fd
+ *
+ * This function generates seccomp Pseudo Filter Code (PFC) and writes it to
+ * the given fd. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);
+
+/**
+ * Generate seccomp Berkley Packet Filter (BPF) code and export it to a file
+ * @param ctx the filter context
+ * @param fd the destination fd
+ *
+ * This function generates seccomp Berkley Packer Filter (BPF) code and writes
+ * it to the given fd. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
+
+/*
+ * pseudo syscall definitions
+ */
+
+/* NOTE - pseudo syscall values {-1..-99} are reserved */
+#define __NR_SCMP_ERROR -1
+#define __NR_SCMP_UNDEF -2
+
+#include <seccomp-syscalls.h>
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
new file mode 100644
index 0000000..ef4c6e4
--- /dev/null
+++ b/include/seccomp.h.in
@@ -0,0 +1,827 @@
+/**
+ * Seccomp Library
+ *
+ * Copyright (c) 2019 Cisco Systems <pmoore2@cisco.com>
+ * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _SECCOMP_H
+#define _SECCOMP_H
+
+#include <elf.h>
+#include <inttypes.h>
+#include <asm/unistd.h>
+#include <linux/audit.h>
+#include <linux/types.h>
+#include <linux/seccomp.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * version information
+ */
+
+#define SCMP_VER_MAJOR @VERSION_MAJOR@
+#define SCMP_VER_MINOR @VERSION_MINOR@
+#define SCMP_VER_MICRO @VERSION_MICRO@
+
+struct scmp_version {
+ unsigned int major;
+ unsigned int minor;
+ unsigned int micro;
+};
+
+/*
+ * types
+ */
+
+/**
+ * Filter context/handle
+ */
+typedef void *scmp_filter_ctx;
+
+/**
+ * Filter attributes
+ */
+enum scmp_filter_attr {
+ _SCMP_FLTATR_MIN = 0,
+ SCMP_FLTATR_ACT_DEFAULT = 1, /**< default filter action */
+ SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */
+ SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */
+ SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */
+ SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */
+ SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */
+ SCMP_FLTATR_CTL_SSB = 7, /**< disable SSB mitigation */
+ SCMP_FLTATR_CTL_OPTIMIZE = 8, /**< filter optimization level:
+ * 0 - currently unused
+ * 1 - rules weighted by priority and
+ * complexity (DEFAULT)
+ * 2 - binary tree sorted by syscall
+ * number
+ */
+ SCMP_FLTATR_API_SYSRAWRC = 9, /**< return the system return codes */
+ _SCMP_FLTATR_MAX,
+};
+
+/**
+ * Comparison operators
+ */
+enum scmp_compare {
+ _SCMP_CMP_MIN = 0,
+ SCMP_CMP_NE = 1, /**< not equal */
+ SCMP_CMP_LT = 2, /**< less than */
+ SCMP_CMP_LE = 3, /**< less than or equal */
+ SCMP_CMP_EQ = 4, /**< equal */
+ SCMP_CMP_GE = 5, /**< greater than or equal */
+ SCMP_CMP_GT = 6, /**< greater than */
+ SCMP_CMP_MASKED_EQ = 7, /**< masked equality */
+ _SCMP_CMP_MAX,
+};
+
+/**
+ * Argument datum
+ */
+typedef uint64_t scmp_datum_t;
+
+/**
+ * Argument / Value comparison definition
+ */
+struct scmp_arg_cmp {
+ unsigned int arg; /**< argument number, starting at 0 */
+ enum scmp_compare op; /**< the comparison op, e.g. SCMP_CMP_* */
+ scmp_datum_t datum_a;
+ scmp_datum_t datum_b;
+};
+
+/*
+ * macros/defines
+ */
+
+/**
+ * The native architecture token
+ */
+#define SCMP_ARCH_NATIVE 0
+
+/**
+ * The x86 (32-bit) architecture token
+ */
+#define SCMP_ARCH_X86 AUDIT_ARCH_I386
+
+/**
+ * The x86-64 (64-bit) architecture token
+ */
+#define SCMP_ARCH_X86_64 AUDIT_ARCH_X86_64
+
+/**
+ * The x32 (32-bit x86_64) architecture token
+ *
+ * NOTE: this is different from the value used by the kernel because we need to
+ * be able to distinguish between x32 and x86_64
+ */
+#define SCMP_ARCH_X32 (EM_X86_64|__AUDIT_ARCH_LE)
+
+/**
+ * The ARM architecture tokens
+ */
+#define SCMP_ARCH_ARM AUDIT_ARCH_ARM
+/* AArch64 support for audit was merged in 3.17-rc1 */
+#ifndef AUDIT_ARCH_AARCH64
+#ifndef EM_AARCH64
+#define EM_AARCH64 183
+#endif /* EM_AARCH64 */
+#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif /* AUDIT_ARCH_AARCH64 */
+#define SCMP_ARCH_AARCH64 AUDIT_ARCH_AARCH64
+
+/**
+ * The MIPS architecture tokens
+ */
+#ifndef __AUDIT_ARCH_CONVENTION_MIPS64_N32
+#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
+#endif
+#ifndef EM_MIPS
+#define EM_MIPS 8
+#endif
+#ifndef AUDIT_ARCH_MIPS
+#define AUDIT_ARCH_MIPS (EM_MIPS)
+#endif
+#ifndef AUDIT_ARCH_MIPS64
+#define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT)
+#endif
+/* MIPS64N32 support was merged in 3.15 */
+#ifndef AUDIT_ARCH_MIPS64N32
+#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\
+ __AUDIT_ARCH_CONVENTION_MIPS64_N32)
+#endif
+/* MIPSEL64N32 support was merged in 3.15 */
+#ifndef AUDIT_ARCH_MIPSEL64N32
+#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE|\
+ __AUDIT_ARCH_CONVENTION_MIPS64_N32)
+#endif
+#define SCMP_ARCH_MIPS AUDIT_ARCH_MIPS
+#define SCMP_ARCH_MIPS64 AUDIT_ARCH_MIPS64
+#define SCMP_ARCH_MIPS64N32 AUDIT_ARCH_MIPS64N32
+#define SCMP_ARCH_MIPSEL AUDIT_ARCH_MIPSEL
+#define SCMP_ARCH_MIPSEL64 AUDIT_ARCH_MIPSEL64
+#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
+
+/**
+ * The PowerPC architecture tokens
+ */
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
+
+/**
+ * The S390 architecture tokens
+ */
+#define SCMP_ARCH_S390 AUDIT_ARCH_S390
+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
+
+/**
+ * The PA-RISC hppa architecture tokens
+ */
+#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
+#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
+
+/**
+ * The RISC-V architecture tokens
+ */
+/* RISC-V support for audit was merged in 5.0-rc1 */
+#ifndef AUDIT_ARCH_RISCV64
+#ifndef EM_RISCV
+#define EM_RISCV 243
+#endif /* EM_RISCV */
+#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif /* AUDIT_ARCH_RISCV64 */
+#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
+
+/**
+ * Convert a syscall name into the associated syscall number
+ * @param x the syscall name
+ */
+#define SCMP_SYS(x) (__SNR_##x)
+
+/* Helpers for the argument comparison macros, DO NOT USE directly */
+#define _SCMP_VA_NUM_ARGS(...) _SCMP_VA_NUM_ARGS_IMPL(__VA_ARGS__,2,1)
+#define _SCMP_VA_NUM_ARGS_IMPL(_1,_2,N,...) N
+#define _SCMP_MACRO_DISPATCHER(func, ...) \
+ _SCMP_MACRO_DISPATCHER_IMPL1(func, _SCMP_VA_NUM_ARGS(__VA_ARGS__))
+#define _SCMP_MACRO_DISPATCHER_IMPL1(func, nargs) \
+ _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs)
+#define _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) \
+ func ## nargs
+#define _SCMP_CMP32_1(x, y, z) \
+ SCMP_CMP64(x, y, (uint32_t)(z))
+#define _SCMP_CMP32_2(x, y, z, q) \
+ SCMP_CMP64(x, y, (uint32_t)(z), (uint32_t)(q))
+
+/**
+ * Specify a 64-bit argument comparison struct for use in declaring rules
+ * @param arg the argument number, starting at 0
+ * @param op the comparison operator, e.g. SCMP_CMP_*
+ * @param datum_a dependent on comparison
+ * @param datum_b dependent on comparison, optional
+ */
+#define SCMP_CMP64(...) ((struct scmp_arg_cmp){__VA_ARGS__})
+#define SCMP_CMP SCMP_CMP64
+
+/**
+ * Specify a 32-bit argument comparison struct for use in declaring rules
+ * @param arg the argument number, starting at 0
+ * @param op the comparison operator, e.g. SCMP_CMP_*
+ * @param datum_a dependent on comparison (32-bits)
+ * @param datum_b dependent on comparison, optional (32-bits)
+ */
+#define SCMP_CMP32(x, y, ...) \
+ _SCMP_MACRO_DISPATCHER(_SCMP_CMP32_, __VA_ARGS__)(x, y, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 0
+ */
+#define SCMP_A0_64(...) SCMP_CMP64(0, __VA_ARGS__)
+#define SCMP_A0 SCMP_A0_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 0
+ */
+#define SCMP_A0_32(x, ...) SCMP_CMP32(0, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 1
+ */
+#define SCMP_A1_64(...) SCMP_CMP64(1, __VA_ARGS__)
+#define SCMP_A1 SCMP_A1_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 1
+ */
+#define SCMP_A1_32(x, ...) SCMP_CMP32(1, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 2
+ */
+#define SCMP_A2_64(...) SCMP_CMP64(2, __VA_ARGS__)
+#define SCMP_A2 SCMP_A2_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 2
+ */
+#define SCMP_A2_32(x, ...) SCMP_CMP32(2, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 3
+ */
+#define SCMP_A3_64(...) SCMP_CMP64(3, __VA_ARGS__)
+#define SCMP_A3 SCMP_A3_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 3
+ */
+#define SCMP_A3_32(x, ...) SCMP_CMP32(3, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 4
+ */
+#define SCMP_A4_64(...) SCMP_CMP64(4, __VA_ARGS__)
+#define SCMP_A4 SCMP_A4_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 4
+ */
+#define SCMP_A4_32(x, ...) SCMP_CMP32(4, x, __VA_ARGS__)
+
+/**
+ * Specify a 64-bit argument comparison struct for argument 5
+ */
+#define SCMP_A5_64(...) SCMP_CMP64(5, __VA_ARGS__)
+#define SCMP_A5 SCMP_A5_64
+
+/**
+ * Specify a 32-bit argument comparison struct for argument 5
+ */
+#define SCMP_A5_32(x, ...) SCMP_CMP32(5, x, __VA_ARGS__)
+
+/*
+ * seccomp actions
+ */
+
+/**
+ * Kill the process
+ */
+#define SCMP_ACT_KILL_PROCESS 0x80000000U
+/**
+ * Kill the thread
+ */
+#define SCMP_ACT_KILL_THREAD 0x00000000U
+/**
+ * Kill the thread, defined for backward compatibility
+ */
+#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD
+/**
+ * Throw a SIGSYS signal
+ */
+#define SCMP_ACT_TRAP 0x00030000U
+/**
+ * Notifies userspace
+ */
+#define SCMP_ACT_NOTIFY 0x7fc00000U
+/**
+ * Return the specified error code
+ */
+#define SCMP_ACT_ERRNO(x) (0x00050000U | ((x) & 0x0000ffffU))
+/**
+ * Notify a tracing process with the specified value
+ */
+#define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU))
+/**
+ * Allow the syscall to be executed after the action has been logged
+ */
+#define SCMP_ACT_LOG 0x7ffc0000U
+/**
+ * Allow the syscall to be executed
+ */
+#define SCMP_ACT_ALLOW 0x7fff0000U
+
+/* SECCOMP_RET_USER_NOTIF was added in kernel v5.0. */
+#ifndef SECCOMP_RET_USER_NOTIF
+#define SECCOMP_RET_USER_NOTIF 0x7fc00000U
+
+struct seccomp_notif {
+ __u64 id;
+ __u32 pid;
+ __u32 flags;
+ struct seccomp_data data;
+};
+
+struct seccomp_notif_resp {
+ __u64 id;
+ __s64 val;
+ __s32 error;
+ __u32 flags;
+};
+#endif
+
+/*
+ * functions
+ */
+
+/**
+ * Query the library version information
+ *
+ * This function returns a pointer to a populated scmp_version struct, the
+ * caller does not need to free the structure when finished.
+ *
+ */
+const struct scmp_version *seccomp_version(void);
+
+/**
+ * Query the library's level of API support
+ *
+ * This function returns an API level value indicating the current supported
+ * functionality. It is important to note that this level of support is
+ * determined at runtime and therefore can change based on the running kernel
+ * and system configuration (e.g. any previously loaded seccomp filters). This
+ * function can be called multiple times, but it only queries the system the
+ * first time it is called, the API level is cached and used in subsequent
+ * calls.
+ *
+ * The current API levels are described below:
+ * 0 : reserved
+ * 1 : base level
+ * 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
+ * uses the seccomp(2) syscall instead of the prctl(2) syscall
+ * 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
+ * support for the SCMP_ACT_LOG action
+ * support for the SCMP_ACT_KILL_PROCESS action
+ * 4 : support for the SCMP_FLTATR_CTL_SSB filter attrbute
+ * 5 : support for the SCMP_ACT_NOTIFY action and notify APIs
+ * 6 : support the simultaneous use of SCMP_FLTATR_CTL_TSYNC and notify APIs
+ *
+ */
+unsigned int seccomp_api_get(void);
+
+/**
+ * Set the library's level of API support
+ *
+ * This function forcibly sets the API level of the library at runtime. Valid
+ * API levels are discussed in the description of the seccomp_api_get()
+ * function. General use of this function is strongly discouraged.
+ *
+ */
+int seccomp_api_set(unsigned int level);
+
+/**
+ * Initialize the filter state
+ * @param def_action the default filter action
+ *
+ * This function initializes the internal seccomp filter state and should
+ * be called before any other functions in this library to ensure the filter
+ * state is initialized. Returns a filter context on success, NULL on failure.
+ *
+ */
+scmp_filter_ctx seccomp_init(uint32_t def_action);
+
+/**
+ * Reset the filter state
+ * @param ctx the filter context
+ * @param def_action the default filter action
+ *
+ * This function resets the given seccomp filter state and ensures the
+ * filter state is reinitialized. This function does not reset any seccomp
+ * filters already loaded into the kernel. Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action);
+
+/**
+ * Destroys the filter state and releases any resources
+ * @param ctx the filter context
+ *
+ * This functions destroys the given seccomp filter state and releases any
+ * resources, including memory, associated with the filter state. This
+ * function does not reset any seccomp filters already loaded into the kernel.
+ * The filter context can no longer be used after calling this function.
+ *
+ */
+void seccomp_release(scmp_filter_ctx ctx);
+
+/**
+ * Merge two filters
+ * @param ctx_dst the destination filter context
+ * @param ctx_src the source filter context
+ *
+ * This function merges two filter contexts into a single filter context and
+ * destroys the second filter context. The two filter contexts must have the
+ * same attribute values and not contain any of the same architectures; if they
+ * do, the merge operation will fail. On success, the source filter context
+ * will be destroyed and should no longer be used; it is not necessary to
+ * call seccomp_release() on the source filter context. Returns zero on
+ * success, negative values on failure.
+ *
+ */
+int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src);
+
+/**
+ * Resolve the architecture name to a architecture token
+ * @param arch_name the architecture name
+ *
+ * This function resolves the given architecture name to a token suitable for
+ * use with libseccomp, returns zero on failure.
+ *
+ */
+uint32_t seccomp_arch_resolve_name(const char *arch_name);
+
+/**
+ * Return the native architecture token
+ *
+ * This function returns the native architecture token value, e.g. SCMP_ARCH_*.
+ *
+ */
+uint32_t seccomp_arch_native(void);
+
+/**
+ * Check to see if an existing architecture is present in the filter
+ * @param ctx the filter context
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ *
+ * This function tests to see if a given architecture is included in the filter
+ * context. If the architecture token is SCMP_ARCH_NATIVE then the native
+ * architecture will be assumed. Returns zero if the architecture exists in
+ * the filter, -EEXIST if it is not present, and other negative values on
+ * failure.
+ *
+ */
+int seccomp_arch_exist(const scmp_filter_ctx ctx, uint32_t arch_token);
+
+/**
+ * Adds an architecture to the filter
+ * @param ctx the filter context
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ *
+ * This function adds a new architecture to the given seccomp filter context.
+ * Any new rules added after this function successfully returns will be added
+ * to this architecture but existing rules will not be added to this
+ * architecture. If the architecture token is SCMP_ARCH_NATIVE then the native
+ * architecture will be assumed. Returns zero on success, -EEXIST if
+ * specified architecture is already present, other negative values on failure.
+ *
+ */
+int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token);
+
+/**
+ * Removes an architecture from the filter
+ * @param ctx the filter context
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ *
+ * This function removes an architecture from the given seccomp filter context.
+ * If the architecture token is SCMP_ARCH_NATIVE then the native architecture
+ * will be assumed. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_arch_remove(scmp_filter_ctx ctx, uint32_t arch_token);
+
+/**
+ * Loads the filter into the kernel
+ * @param ctx the filter context
+ *
+ * This function loads the given seccomp filter context into the kernel. If
+ * the filter was loaded correctly, the kernel will be enforcing the filter
+ * when this function returns. Returns zero on success, negative values on
+ * error.
+ *
+ */
+int seccomp_load(const scmp_filter_ctx ctx);
+
+/**
+ * Get the value of a filter attribute
+ * @param ctx the filter context
+ * @param attr the filter attribute name
+ * @param value the filter attribute value
+ *
+ * This function fetches the value of the given attribute name and returns it
+ * via @value. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_attr_get(const scmp_filter_ctx ctx,
+ enum scmp_filter_attr attr, uint32_t *value);
+
+/**
+ * Set the value of a filter attribute
+ * @param ctx the filter context
+ * @param attr the filter attribute name
+ * @param value the filter attribute value
+ *
+ * This function sets the value of the given attribute. Returns zero on
+ * success, negative values on failure.
+ *
+ */
+int seccomp_attr_set(scmp_filter_ctx ctx,
+ enum scmp_filter_attr attr, uint32_t value);
+
+/**
+ * Resolve a syscall number to a name
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name for the given
+ * architecture; it is up to the caller to free the returned string. Returns
+ * the syscall name on success, NULL on failure.
+ *
+ */
+char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num);
+
+/**
+ * Resolve a syscall name to a number
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number for the given
+ * architecture. Returns the syscall number on success, including negative
+ * pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name);
+
+/**
+ * Resolve a syscall name to a number and perform any rewriting necessary
+ * @param arch_token the architecture token, e.g. SCMP_ARCH_*
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number for the given
+ * architecture and do any necessary syscall rewriting needed by the
+ * architecture. Returns the syscall number on success, including negative
+ * pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int seccomp_syscall_resolve_name_rewrite(uint32_t arch_token, const char *name);
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number. Returns the syscall
+ * number on success, including negative pseudo syscall numbers (e.g. __PNR_*);
+ * returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int seccomp_syscall_resolve_name(const char *name);
+
+/**
+ * Set the priority of a given syscall
+ * @param ctx the filter context
+ * @param syscall the syscall number
+ * @param priority priority value, higher value == higher priority
+ *
+ * This function sets the priority of the given syscall; this value is used
+ * when generating the seccomp filter code such that higher priority syscalls
+ * will incur less filter code overhead than the lower priority syscalls in the
+ * filter. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_syscall_priority(scmp_filter_ctx ctx,
+ int syscall, uint8_t priority);
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of argument filters in the argument filter chain
+ * @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule needs to be adjusted due to architecture specifics it
+ * will be adjusted without notification. Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int seccomp_rule_add(scmp_filter_ctx ctx,
+ uint32_t action, int syscall, unsigned int arg_cnt, ...);
+
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of elements in the arg_array parameter
+ * @param arg_array array of scmp_arg_cmp structs
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule needs to be adjusted due to architecture specifics it
+ * will be adjusted without notification. Returns zero on success, negative
+ * values on failure.
+ *
+ */
+int seccomp_rule_add_array(scmp_filter_ctx ctx,
+ uint32_t action, int syscall, unsigned int arg_cnt,
+ const struct scmp_arg_cmp *arg_array);
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of argument filters in the argument filter chain
+ * @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule can not be represented on the architecture the
+ * function will fail. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
+ int syscall, unsigned int arg_cnt, ...);
+
+/**
+ * Add a new rule to the filter
+ * @param ctx the filter context
+ * @param action the filter action
+ * @param syscall the syscall number
+ * @param arg_cnt the number of elements in the arg_array parameter
+ * @param arg_array array of scmp_arg_cmp structs
+ *
+ * This function adds a series of new argument/value checks to the seccomp
+ * filter for the given syscall; multiple argument/value checks can be
+ * specified and they will be chained together (AND'd together) in the filter.
+ * If the specified rule can not be represented on the architecture the
+ * function will fail. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
+ uint32_t action, int syscall,
+ unsigned int arg_cnt,
+ const struct scmp_arg_cmp *arg_array);
+
+/**
+ * Allocate a pair of notification request/response structures
+ * @param req the request location
+ * @param resp the response location
+ *
+ * This function allocates a pair of request/response structure by computing
+ * the correct sized based on the currently running kernel. It returns zero on
+ * success, and negative values on failure.
+ *
+ */
+int seccomp_notify_alloc(struct seccomp_notif **req,
+ struct seccomp_notif_resp **resp);
+
+/**
+ * Free a pair of notification request/response structures.
+ * @param req the request location
+ * @param resp the response location
+ */
+void seccomp_notify_free(struct seccomp_notif *req,
+ struct seccomp_notif_resp *resp);
+
+/**
+ * Receive a notification from a seccomp notification fd
+ * @param fd the notification fd
+ * @param req the request buffer to save into
+ *
+ * Blocks waiting for a notification on this fd. This function is thread safe
+ * (synchronization is performed in the kernel). Returns zero on success,
+ * negative values on error.
+ *
+ */
+int seccomp_notify_receive(int fd, struct seccomp_notif *req);
+
+/**
+ * Send a notification response to a seccomp notification fd
+ * @param fd the notification fd
+ * @param resp the response buffer to use
+ *
+ * Sends a notification response on this fd. This function is thread safe
+ * (synchronization is performed in the kernel). Returns zero on success,
+ * negative values on error.
+ *
+ */
+int seccomp_notify_respond(int fd, struct seccomp_notif_resp *resp);
+
+/**
+ * Check if a notification id is still valid
+ * @param fd the notification fd
+ * @param id the id to test
+ *
+ * Checks to see if a notification id is still valid. Returns 0 on success, and
+ * negative values on failure.
+ *
+ */
+int seccomp_notify_id_valid(int fd, uint64_t id);
+
+/**
+ * Return the notification fd from a filter that has already been loaded
+ * @param ctx the filter context
+ *
+ * This returns the listener fd that was generated when the seccomp policy was
+ * loaded. This is only valid after seccomp_load() with a filter that makes
+ * use of SCMP_ACT_NOTIFY.
+ *
+ */
+int seccomp_notify_fd(const scmp_filter_ctx ctx);
+
+/**
+ * Generate seccomp Pseudo Filter Code (PFC) and export it to a file
+ * @param ctx the filter context
+ * @param fd the destination fd
+ *
+ * This function generates seccomp Pseudo Filter Code (PFC) and writes it to
+ * the given fd. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);
+
+/**
+ * Generate seccomp Berkley Packet Filter (BPF) code and export it to a file
+ * @param ctx the filter context
+ * @param fd the destination fd
+ *
+ * This function generates seccomp Berkley Packer Filter (BPF) code and writes
+ * it to the given fd. Returns zero on success, negative values on failure.
+ *
+ */
+int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
+
+/*
+ * pseudo syscall definitions
+ */
+
+/* NOTE - pseudo syscall values {-1..-99} are reserved */
+#define __NR_SCMP_ERROR -1
+#define __NR_SCMP_UNDEF -2
+
+#include <seccomp-syscalls.h>
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif