Use libc values for seccomp constants

Now that rust-lang/libc/pull/3343 is merged and released, switch to
using libc's constants.

SECCOMP_RET_MASK does not exist anymore and appears to have not existed
for a while. SECCOMP_RET_DATA is exactly the same mask value, and the
usage here is in line with the man page.

Fixes rust-vmm#60

Author: boustrophedon

src/backend/bpf.rs

@@ -114,14 +114,14 @@ pub const BPF_K: u16 = 0x00;
 
 // Return codes for BPF programs.
 // See /usr/include/linux/seccomp.h .
-pub const SECCOMP_RET_ALLOW: u32 = 0x7fff_0000;
-pub const SECCOMP_RET_ERRNO: u32 = 0x0005_0000;
-pub const SECCOMP_RET_KILL_THREAD: u32 = 0x0000_0000;
-pub const SECCOMP_RET_KILL_PROCESS: u32 = 0x8000_0000;
-pub const SECCOMP_RET_LOG: u32 = 0x7ffc_0000;
-pub const SECCOMP_RET_TRACE: u32 = 0x7ff0_0000;
-pub const SECCOMP_RET_TRAP: u32 = 0x0003_0000;
-pub const SECCOMP_RET_MASK: u32 = 0x0000_ffff;
+pub use libc::SECCOMP_RET_ALLOW;
+pub use libc::SECCOMP_RET_ERRNO;
+pub use libc::SECCOMP_RET_KILL_THREAD;
+pub use libc::SECCOMP_RET_KILL_PROCESS;
+pub use libc::SECCOMP_RET_LOG;
+pub use libc::SECCOMP_RET_TRACE;
+pub use libc::SECCOMP_RET_TRAP;
+pub use libc::SECCOMP_RET_DATA;
 
 // Architecture identifier for x86_64 LE.
 // See /usr/include/linux/audit.h .

src/backend/mod.rs

@@ -22,7 +22,7 @@ use std::fmt::Display;
 use bpf::{
     ARG_NUMBER_MAX, AUDIT_ARCH_AARCH64, AUDIT_ARCH_X86_64, BPF_MAX_LEN, SECCOMP_RET_ALLOW,
     SECCOMP_RET_ERRNO, SECCOMP_RET_KILL_PROCESS, SECCOMP_RET_KILL_THREAD, SECCOMP_RET_LOG,
-    SECCOMP_RET_MASK, SECCOMP_RET_TRACE, SECCOMP_RET_TRAP,
+    SECCOMP_RET_DATA, SECCOMP_RET_TRACE, SECCOMP_RET_TRAP,
 };
 
 pub use bpf::{sock_filter, BpfProgram, BpfProgramRef};
@@ -173,11 +173,11 @@ impl From<SeccompAction> for u32 {
     fn from(action: SeccompAction) -> Self {
         match action {
             SeccompAction::Allow => SECCOMP_RET_ALLOW,
-            SeccompAction::Errno(x) => SECCOMP_RET_ERRNO | (x & SECCOMP_RET_MASK),
+            SeccompAction::Errno(x) => SECCOMP_RET_ERRNO | (x & SECCOMP_RET_DATA),
             SeccompAction::KillThread => SECCOMP_RET_KILL_THREAD,
             SeccompAction::KillProcess => SECCOMP_RET_KILL_PROCESS,
             SeccompAction::Log => SECCOMP_RET_LOG,
-            SeccompAction::Trace(x) => SECCOMP_RET_TRACE | (x & SECCOMP_RET_MASK),
+            SeccompAction::Trace(x) => SECCOMP_RET_TRACE | (x & SECCOMP_RET_DATA),
             SeccompAction::Trap => SECCOMP_RET_TRAP,
         }
     }

src/lib.rs

@@ -208,10 +208,6 @@ pub use backend::{
     SeccompCmpOp, SeccompCondition, SeccompFilter, SeccompRule, TargetArch,
 };
 
-// Until https://github.com/rust-lang/libc/issues/3342 is fixed, define locally
-// From <linux/seccomp.h>
-const SECCOMP_SET_MODE_FILTER: libc::c_int = 1;
-
 // BPF structure definition for filter array.
 // See /usr/include/linux/filter.h .
 #[repr(C)]
@@ -361,7 +357,7 @@ fn apply_filter_with_flags(bpf_filter: BpfProgramRef, flags: libc::c_ulong) -> R
     let rc = unsafe {
         libc::syscall(
             libc::SYS_seccomp,
-            SECCOMP_SET_MODE_FILTER,
+            libc::SECCOMP_SET_MODE_FILTER,
             flags,
             bpf_prog_ptr,
         )