logikal/cent6.log

## cent6.log
[vagrant@seccomp-centos-6-chef-12-kitchen ~]$ cat /etc/redhat-release
CentOS release 6.8 (Final)
[vagrant@seccomp-centos-6-chef-12-kitchen ~]$ uname -a
Linux seccomp-centos-6-chef-12-kitchen.vagrantup.com 2.6.32-642.4.2.el6.x86_64 #1 SMP Tue Aug 23 19:58:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[vagrant@seccomp-centos-6-chef-12-kitchen ~]$ gcc -H -fsyntax-only test.c
. /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stdbool.h
. /usr/include/stdio.h
.. /usr/include/features.h
... /usr/include/sys/cdefs.h
.... /usr/include/bits/wordsize.h
... /usr/include/gnu/stubs.h
.... /usr/include/bits/wordsize.h
.... /usr/include/gnu/stubs-64.h
.. /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stddef.h
.. /usr/include/bits/types.h
... /usr/include/bits/wordsize.h
... /usr/include/bits/typesizes.h
.. /usr/include/libio.h
... /usr/include/_G_config.h
.... /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stddef.h
.... /usr/include/wchar.h
... /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stdarg.h
.. /usr/include/bits/stdio_lim.h
.. /usr/include/bits/sys_errlist.h
test.c:3:27: error: linux/seccomp.h: No such file or directory
Multiple include guards may be useful for:
/usr/include/bits/stdio_lim.h
/usr/include/bits/sys_errlist.h
/usr/include/bits/typesizes.h
/usr/include/gnu/stubs-64.h
/usr/include/gnu/stubs.h
/usr/include/wchar.h

## cent7.log
[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ uname -a
Linux seccomp-centos-7-chef-12-kitchen.vagrantup.com 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ gcc -H -fsyntax-only test.c
. /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stdbool.h
. /usr/include/stdio.h
.. /usr/include/features.h
... /usr/include/sys/cdefs.h
.... /usr/include/bits/wordsize.h
... /usr/include/gnu/stubs.h
.... /usr/include/gnu/stubs-64.h
.. /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stddef.h
.. /usr/include/bits/types.h
... /usr/include/bits/wordsize.h
... /usr/include/bits/typesizes.h
.. /usr/include/libio.h
... /usr/include/_G_config.h
.... /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stddef.h
.... /usr/include/wchar.h
... /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stdarg.h
.. /usr/include/bits/stdio_lim.h
.. /usr/include/bits/sys_errlist.h
. /usr/include/linux/seccomp.h
.. /usr/include/linux/types.h
... /usr/include/asm/types.h
.... /usr/include/asm-generic/types.h
..... /usr/include/asm-generic/int-ll64.h
...... /usr/include/asm/bitsperlong.h
....... /usr/include/asm-generic/bitsperlong.h
... /usr/include/linux/posix_types.h
.... /usr/include/linux/stddef.h
.... /usr/include/asm/posix_types.h
..... /usr/include/asm/posix_types_64.h
...... /usr/include/asm-generic/posix_types.h
Multiple include guards may be useful for:
/usr/include/asm/posix_types.h
/usr/include/bits/stdio_lim.h
/usr/include/bits/sys_errlist.h
/usr/include/bits/typesizes.h
/usr/include/gnu/stubs-64.h
/usr/include/gnu/stubs.h
/usr/include/linux/stddef.h
/usr/include/wchar.h
[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ gcc seccomp.c
[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ ./a.out
seccomp available
seccomp filter available

## seccomp.c
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/prctl.h>
#include <linux/seccomp.h>

int main(void)
{
        int ret;

        ret = prctl(PR_GET_SECCOMP, 0, 0, 0, 0);
        if (ret < 0) {
                switch (errno) {
                case ENOSYS:
                        printf("seccomp not available: pre-2.6.23\n");
                        return 0;
                case EINVAL:
                        printf("seccomp not available: not built in\n");
                        return 0;
                default:
                        fprintf(stderr, "unknown PR_GET_SECCOMP error: %s\n",
                                strerror(errno));
                        return 1;
                }
        }
        printf("seccomp available\n");

        ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
        if (ret < 0) {
                switch (errno) {
                case EINVAL:
                        printf("seccomp filter not available\n");
                        return 0;

                case EFAULT:
                        printf("seccomp filter available\n");
                        return 0;

                default:
                        fprintf(stderr, "unknown PR_SET_SECCOMP error: %s\n",
                                strerror(errno));
                        return 1;
                }
        }
        printf("PR_SET_SECCOMP unexpectedly succeeded?!\n");
        return 1;
}

## test.c
#include <stdbool.h>
#include <stdio.h>
#include <linux/seccomp.h>
	[vagrant@seccomp-centos-6-chef-12-kitchen ~]$ cat /etc/redhat-release
	CentOS release 6.8 (Final)
	[vagrant@seccomp-centos-6-chef-12-kitchen ~]$ uname -a
	Linux seccomp-centos-6-chef-12-kitchen.vagrantup.com 2.6.32-642.4.2.el6.x86_64 #1 SMP Tue Aug 23 19:58:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

	[vagrant@seccomp-centos-6-chef-12-kitchen ~]$ gcc -H -fsyntax-only test.c
	. /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stdbool.h
	. /usr/include/stdio.h
	.. /usr/include/features.h
	... /usr/include/sys/cdefs.h
	.... /usr/include/bits/wordsize.h
	... /usr/include/gnu/stubs.h
	.... /usr/include/bits/wordsize.h
	.... /usr/include/gnu/stubs-64.h
	.. /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stddef.h
	.. /usr/include/bits/types.h
	... /usr/include/bits/wordsize.h
	... /usr/include/bits/typesizes.h
	.. /usr/include/libio.h
	... /usr/include/_G_config.h
	.... /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stddef.h
	.... /usr/include/wchar.h
	... /usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/stdarg.h
	.. /usr/include/bits/stdio_lim.h
	.. /usr/include/bits/sys_errlist.h
	test.c:3:27: error: linux/seccomp.h: No such file or directory
	Multiple include guards may be useful for:
	/usr/include/bits/stdio_lim.h
	/usr/include/bits/sys_errlist.h
	/usr/include/bits/typesizes.h
	/usr/include/gnu/stubs-64.h
	/usr/include/gnu/stubs.h
	/usr/include/wchar.h
	[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ cat /etc/redhat-release
	CentOS Linux release 7.3.1611 (Core)
	[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ uname -a
	Linux seccomp-centos-7-chef-12-kitchen.vagrantup.com 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
	[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ gcc -H -fsyntax-only test.c
	. /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stdbool.h
	. /usr/include/stdio.h
	.. /usr/include/features.h
	... /usr/include/sys/cdefs.h
	.... /usr/include/bits/wordsize.h
	... /usr/include/gnu/stubs.h
	.... /usr/include/gnu/stubs-64.h
	.. /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stddef.h
	.. /usr/include/bits/types.h
	... /usr/include/bits/wordsize.h
	... /usr/include/bits/typesizes.h
	.. /usr/include/libio.h
	... /usr/include/_G_config.h
	.... /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stddef.h
	.... /usr/include/wchar.h
	... /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include/stdarg.h
	.. /usr/include/bits/stdio_lim.h
	.. /usr/include/bits/sys_errlist.h
	. /usr/include/linux/seccomp.h
	.. /usr/include/linux/types.h
	... /usr/include/asm/types.h
	.... /usr/include/asm-generic/types.h
	..... /usr/include/asm-generic/int-ll64.h
	...... /usr/include/asm/bitsperlong.h
	....... /usr/include/asm-generic/bitsperlong.h
	... /usr/include/linux/posix_types.h
	.... /usr/include/linux/stddef.h
	.... /usr/include/asm/posix_types.h
	..... /usr/include/asm/posix_types_64.h
	...... /usr/include/asm-generic/posix_types.h
	Multiple include guards may be useful for:
	/usr/include/asm/posix_types.h
	/usr/include/bits/stdio_lim.h
	/usr/include/bits/sys_errlist.h
	/usr/include/bits/typesizes.h
	/usr/include/gnu/stubs-64.h
	/usr/include/gnu/stubs.h
	/usr/include/linux/stddef.h
	/usr/include/wchar.h
	[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ gcc seccomp.c
	[vagrant@seccomp-centos-7-chef-12-kitchen ~]$ ./a.out
	seccomp available
	seccomp filter available
	#include <stdio.h>
	#include <stdlib.h>
	#include <errno.h>
	#include <string.h>
	#include <sys/prctl.h>
	#include <linux/seccomp.h>

	int main(void)
	{
	int ret;

	ret = prctl(PR_GET_SECCOMP, 0, 0, 0, 0);
	if (ret < 0) {
	switch (errno) {
	case ENOSYS:
	printf("seccomp not available: pre-2.6.23\n");
	return 0;
	case EINVAL:
	printf("seccomp not available: not built in\n");
	return 0;
	default:
	fprintf(stderr, "unknown PR_GET_SECCOMP error: %s\n",
	strerror(errno));
	return 1;
	}
	}
	printf("seccomp available\n");

	ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
	if (ret < 0) {
	switch (errno) {
	case EINVAL:
	printf("seccomp filter not available\n");
	return 0;

	case EFAULT:
	printf("seccomp filter available\n");
	return 0;

	default:
	fprintf(stderr, "unknown PR_SET_SECCOMP error: %s\n",
	strerror(errno));
	return 1;
	}
	}
	printf("PR_SET_SECCOMP unexpectedly succeeded?!\n");
	return 1;
	}
	#include <stdbool.h>
	#include <stdio.h>
	#include <linux/seccomp.h>