Add support for logging seccomp violations on arm.

On ARM EABI, the syscall number can be read from register r7.
2020-09-16 22:53:11 +02:00 · 2020-09-16 22:53:11 +02:00 · 7290944bf3
parent 9deb2e71bf
commit 7290944bf3
1 changed files with 6 additions and 0 deletions
--- a/src/seccomp.c
+++ b/src/seccomp.c
@ -427,7 +427,11 @@ seccomp_register_violation(pid_t pid)
 	int				idx;
 	struct kore_worker		*kw;
 	struct iovec			iov;
+#if defined(__arm__)
+	struct pt_regs			regs;
+#else
 	struct user_regs_struct		regs;
+#endif
 	long				sysnr;
 	const char			*name;

@ -441,6 +445,8 @@ seccomp_register_violation(pid_t pid)
 	sysnr = regs.orig_rax;
 #elif SECCOMP_AUDIT_ARCH == AUDIT_ARCH_AARCH64
 	sysnr = regs.regs[8];
+#elif SECCOMP_AUDIT_ARCH == AUDIT_ARCH_ARM
+	sysnr = regs.uregs[7];
 #else
 #error "platform not supported"
 #endif