Define ActKillThread equal to ActKill

tonistiigi · pcmoore · commit c35397d0ea8f · 2022-05-01T22:18:15.000-04:00
These constants are equal in libseccomp but Go definitions
were defined separately. This resulted in dead code that
never executed due to identical case statements in switch.
Go can usually detect these error cases and refuses to build
but for some reason this detection doesn’t work with cgo+gcc.
Clang detects the equal constants correctly and therefore
libseccomp-golang builds with clang broke after ActKillThread
was added.

In order to fix the clang build only removal of the
switch case is needed. But I assumed that the setter/getter
logic is supposed to work for ActKillThread as well
and only way to ensure that is to set them equal like they
are in C.

Signed-off-by: Tonis Tiigi &lt;tonistiigi@gmail.com&gt;
Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
Acked-by: Tom Hromatka &lt;tom.hromatka@oracle.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/seccomp.go b/seccomp.go
@@ -202,14 +202,14 @@ const (
 	// This action is only usable when libseccomp API level 3 or higher is
 	// supported.
 	ActLog
-	// ActKillThread kills the thread that violated the rule. It is the same as ActKill.
-	// All other threads from the same thread group will continue to execute.
-	ActKillThread
 	// ActKillProcess kills the process that violated the rule.
 	// All threads in the thread group are also terminated.
 	// This action is only usable when libseccomp API level 3 or higher is
 	// supported.
 	ActKillProcess
+	// ActKillThread kills the thread that violated the rule. It is the same as ActKill.
+	// All other threads from the same thread group will continue to execute.
+	ActKillThread = ActKill
 )
 
 const (
@@ -385,7 +385,7 @@ func (a ScmpCompareOp) String() string {
 // String returns a string representation of a seccomp match action
 func (a ScmpAction) String() string {
 	switch a & 0xFFFF {
-	case ActKill, ActKillThread:
+	case ActKillThread:
 		return "Action: Kill thread"
 	case ActKillProcess:
 		return "Action: Kill process"
diff --git a/seccomp_internal.go b/seccomp_internal.go
@@ -629,8 +629,6 @@ func (a ScmpCompareOp) toNative() C.int {
 func actionFromNative(a C.uint32_t) (ScmpAction, error) {
 	aTmp := a & 0xFFFF
 	switch a & 0xFFFF0000 {
-	case C.C_ACT_KILL:
-		return ActKill, nil
 	case C.C_ACT_KILL_PROCESS:
 		return ActKillProcess, nil
 	case C.C_ACT_KILL_THREAD:
@@ -655,8 +653,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) {
 // Only use with sanitized actions, no error handling
 func (a ScmpAction) toNative() C.uint32_t {
 	switch a & 0xFFFF {
-	case ActKill:
-		return C.C_ACT_KILL
 	case ActKillProcess:
 		return C.C_ACT_KILL_PROCESS
 	case ActKillThread:
