seccomp: swap hard-coded zeros to defined name

For clarity, if CONFIG_SECCOMP isn't defined, seccomp_mode() is returning
"disabled". This makes that more clear, along with another 0-use, and
results in no operational change.

Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index a19ddacdac30ae8d180c8b3358b18564bfbff564..f4265039a94c8f655a6a2d340bfbda547eb97704 100644 (file)
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -78,7 +78,7 @@ static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
 
 static inline int seccomp_mode(struct seccomp *s)
 {
-       return 0;
+       return SECCOMP_MODE_DISABLED;
 }
 #endif /* CONFIG_SECCOMP */
 

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 645e42d6fa4d2e7ecfaf555255283b760d9a15d7..383bd6caca815d3dcdf96a6715d6c195fbe14b48 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -594,7 +594,7 @@ void secure_computing_strict(int this_syscall)
            unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
                return;
 
-       if (mode == 0)
+       if (mode == SECCOMP_MODE_DISABLED)
                return;
        else if (mode == SECCOMP_MODE_STRICT)
                __secure_computing_strict(this_syscall);