all: Promote kernel version enum to a public header file

drakenclimber · pcmoore · commit 1d106780df1d · 2025-10-08T13:31:08.000-04:00
Promote the scmp_kver enumeration to a public header file via a new
header, seccomp-kvers.h.

Add enumerations for all kernel versions from 3.0 to 6.17.

Signed-off-by: Tom Hromatka &lt;tom.hromatka@oracle.com&gt;
[PM: added v6.17 enum]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/include/Makefile.am b/include/Makefile.am
@@ -16,4 +16,4 @@
 # along with this library; if not, see <http://www.gnu.org/licenses>.
 #
 
-include_HEADERS = seccomp.h seccomp-syscalls.h
+include_HEADERS = seccomp.h seccomp-syscalls.h seccomp-kvers.h
diff --git a/include/seccomp-kvers.h b/include/seccomp-kvers.h
@@ -0,0 +1,112 @@
+/**
+ * Seccomp Library
+ *
+ * Copyright (c) 2025 Oracle and/or its affiliates.
+ * Author: Tom Hromatka <tom.hromatka@oracle.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _SECCOMP_H
+#error "do not include seccomp-kvers.h directly, use seccomp.h instead"
+#endif
+
+/**
+ * Kernel versions
+ */
+enum scmp_kver {
+	__SCMP_KV_NULL = 0,
+	SCMP_KV_UNDEF = 1,
+	SCMP_KV_3_0 = 2,
+	SCMP_KV_3_1 = 3,
+	SCMP_KV_3_2 = 4,
+	SCMP_KV_3_3 = 5,
+	SCMP_KV_3_4 = 6,
+	SCMP_KV_3_5 = 7,
+	SCMP_KV_3_6 = 8,
+	SCMP_KV_3_7 = 9,
+	SCMP_KV_3_8 = 10,
+	SCMP_KV_3_9 = 11,
+	SCMP_KV_3_10 = 12,
+	SCMP_KV_3_11 = 13,
+	SCMP_KV_3_12 = 14,
+	SCMP_KV_3_13 = 15,
+	SCMP_KV_3_14 = 16,
+	SCMP_KV_3_15 = 17,
+	SCMP_KV_3_16 = 18,
+	SCMP_KV_3_17 = 19,
+	SCMP_KV_3_18 = 20,
+	SCMP_KV_3_19 = 21,
+	SCMP_KV_4_0 = 22,
+	SCMP_KV_4_1 = 23,
+	SCMP_KV_4_2 = 24,
+	SCMP_KV_4_3 = 25,
+	SCMP_KV_4_4 = 26,
+	SCMP_KV_4_5 = 27,
+	SCMP_KV_4_6 = 28,
+	SCMP_KV_4_7 = 29,
+	SCMP_KV_4_8 = 30,
+	SCMP_KV_4_9 = 31,
+	SCMP_KV_4_10 = 32,
+	SCMP_KV_4_11 = 33,
+	SCMP_KV_4_12 = 34,
+	SCMP_KV_4_13 = 35,
+	SCMP_KV_4_14 = 36,
+	SCMP_KV_4_15 = 37,
+	SCMP_KV_4_16 = 38,
+	SCMP_KV_4_17 = 39,
+	SCMP_KV_4_18 = 40,
+	SCMP_KV_4_19 = 41,
+	SCMP_KV_4_20 = 42,
+	SCMP_KV_5_0 = 43,
+	SCMP_KV_5_1 = 44,
+	SCMP_KV_5_2 = 45,
+	SCMP_KV_5_3 = 46,
+	SCMP_KV_5_4 = 47,
+	SCMP_KV_5_5 = 48,
+	SCMP_KV_5_6 = 49,
+	SCMP_KV_5_7 = 50,
+	SCMP_KV_5_8 = 51,
+	SCMP_KV_5_9 = 52,
+	SCMP_KV_5_10 = 53,
+	SCMP_KV_5_11 = 54,
+	SCMP_KV_5_12 = 55,
+	SCMP_KV_5_13 = 56,
+	SCMP_KV_5_14 = 57,
+	SCMP_KV_5_15 = 58,
+	SCMP_KV_5_16 = 59,
+	SCMP_KV_5_17 = 60,
+	SCMP_KV_5_18 = 61,
+	SCMP_KV_5_19 = 62,
+	SCMP_KV_6_0 = 63,
+	SCMP_KV_6_1 = 64,
+	SCMP_KV_6_2 = 65,
+	SCMP_KV_6_3 = 66,
+	SCMP_KV_6_4 = 67,
+	SCMP_KV_6_5 = 68,
+	SCMP_KV_6_6 = 69,
+	SCMP_KV_6_7 = 70,
+	SCMP_KV_6_8 = 71,
+	SCMP_KV_6_9 = 72,
+	SCMP_KV_6_10 = 73,
+	SCMP_KV_6_11 = 74,
+	SCMP_KV_6_12 = 75,
+	SCMP_KV_6_13 = 76,
+	SCMP_KV_6_14 = 77,
+	SCMP_KV_6_15 = 78,
+	SCMP_KV_6_16 = 79,
+	SCMP_KV_6_17 = 80,
+	__SCMP_KV_MAX,
+};
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
@@ -898,6 +898,7 @@ int seccomp_precompute(const scmp_filter_ctx ctx);
 #define __NR_SCMP_UNDEF		-2
 
 #include <seccomp-syscalls.h>
+#include <seccomp-kvers.h>
 
 #ifdef __cplusplus
 }
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
@@ -86,6 +86,88 @@ cdef extern from "seccomp.h":
     unsigned int SCMP_ACT_ERRNO(int errno)
     unsigned int SCMP_ACT_TRACE(int value)
 
+    cdef enum scmp_kver:
+        SCMP_KV_UNDEF
+        SCMP_KV_3_0
+        SCMP_KV_3_1
+        SCMP_KV_3_2
+        SCMP_KV_3_3
+        SCMP_KV_3_4
+        SCMP_KV_3_5
+        SCMP_KV_3_6
+        SCMP_KV_3_7
+        SCMP_KV_3_8
+        SCMP_KV_3_9
+        SCMP_KV_3_10
+        SCMP_KV_3_11
+        SCMP_KV_3_12
+        SCMP_KV_3_13
+        SCMP_KV_3_14
+        SCMP_KV_3_15
+        SCMP_KV_3_16
+        SCMP_KV_3_17
+        SCMP_KV_3_18
+        SCMP_KV_3_19
+        SCMP_KV_4_0
+        SCMP_KV_4_1
+        SCMP_KV_4_2
+        SCMP_KV_4_3
+        SCMP_KV_4_4
+        SCMP_KV_4_5
+        SCMP_KV_4_6
+        SCMP_KV_4_7
+        SCMP_KV_4_8
+        SCMP_KV_4_9
+        SCMP_KV_4_10
+        SCMP_KV_4_11
+        SCMP_KV_4_12
+        SCMP_KV_4_13
+        SCMP_KV_4_14
+        SCMP_KV_4_15
+        SCMP_KV_4_16
+        SCMP_KV_4_17
+        SCMP_KV_4_18
+        SCMP_KV_4_19
+        SCMP_KV_4_20
+        SCMP_KV_5_0
+        SCMP_KV_5_1
+        SCMP_KV_5_2
+        SCMP_KV_5_3
+        SCMP_KV_5_4
+        SCMP_KV_5_5
+        SCMP_KV_5_6
+        SCMP_KV_5_7
+        SCMP_KV_5_8
+        SCMP_KV_5_9
+        SCMP_KV_5_10
+        SCMP_KV_5_11
+        SCMP_KV_5_12
+        SCMP_KV_5_13
+        SCMP_KV_5_14
+        SCMP_KV_5_15
+        SCMP_KV_5_16
+        SCMP_KV_5_17
+        SCMP_KV_5_18
+        SCMP_KV_5_19
+        SCMP_KV_6_0
+        SCMP_KV_6_1
+        SCMP_KV_6_2
+        SCMP_KV_6_3
+        SCMP_KV_6_4
+        SCMP_KV_6_5
+        SCMP_KV_6_6
+        SCMP_KV_6_7
+        SCMP_KV_6_8
+        SCMP_KV_6_9
+        SCMP_KV_6_10
+        SCMP_KV_6_11
+        SCMP_KV_6_12
+        SCMP_KV_6_13
+        SCMP_KV_6_14
+        SCMP_KV_6_15
+        SCMP_KV_6_16
+        SCMP_KV_6_17
+
     ctypedef uint64_t scmp_datum_t
 
     cdef struct scmp_arg_cmp:
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
@@ -1119,5 +1119,88 @@ cdef class SyscallFilter:
         if rc != 0:
             raise RuntimeError(str.format("Library error (errno = {0})", rc))
 
+cdef class Kver:
+    """ Python object representing the Kernel Version enumeration. """
+    UNDEF = libseccomp.SCMP_KV_UNDEF
+    v3_0 = libseccomp.SCMP_KV_3_0
+    v3_1 = libseccomp.SCMP_KV_3_1
+    v3_2 = libseccomp.SCMP_KV_3_2
+    v3_3 = libseccomp.SCMP_KV_3_3
+    v3_4 = libseccomp.SCMP_KV_3_4
+    v3_5 = libseccomp.SCMP_KV_3_5
+    v3_6 = libseccomp.SCMP_KV_3_6
+    v3_7 = libseccomp.SCMP_KV_3_7
+    v3_8 = libseccomp.SCMP_KV_3_8
+    v3_9 = libseccomp.SCMP_KV_3_9
+    v3_10 = libseccomp.SCMP_KV_3_10
+    v3_11 = libseccomp.SCMP_KV_3_11
+    v3_12 = libseccomp.SCMP_KV_3_12
+    v3_13 = libseccomp.SCMP_KV_3_13
+    v3_14 = libseccomp.SCMP_KV_3_14
+    v3_15 = libseccomp.SCMP_KV_3_15
+    v3_16 = libseccomp.SCMP_KV_3_16
+    v3_17 = libseccomp.SCMP_KV_3_17
+    v3_18 = libseccomp.SCMP_KV_3_18
+    v3_19 = libseccomp.SCMP_KV_3_19
+    v4_0 = libseccomp.SCMP_KV_4_0
+    v4_1 = libseccomp.SCMP_KV_4_1
+    v4_2 = libseccomp.SCMP_KV_4_2
+    v4_3 = libseccomp.SCMP_KV_4_3
+    v4_4 = libseccomp.SCMP_KV_4_4
+    v4_5 = libseccomp.SCMP_KV_4_5
+    v4_6 = libseccomp.SCMP_KV_4_6
+    v4_7 = libseccomp.SCMP_KV_4_7
+    v4_8 = libseccomp.SCMP_KV_4_8
+    v4_9 = libseccomp.SCMP_KV_4_9
+    v4_10 = libseccomp.SCMP_KV_4_10
+    v4_11 = libseccomp.SCMP_KV_4_11
+    v4_12 = libseccomp.SCMP_KV_4_12
+    v4_13 = libseccomp.SCMP_KV_4_13
+    v4_14 = libseccomp.SCMP_KV_4_14
+    v4_15 = libseccomp.SCMP_KV_4_15
+    v4_16 = libseccomp.SCMP_KV_4_16
+    v4_17 = libseccomp.SCMP_KV_4_17
+    v4_18 = libseccomp.SCMP_KV_4_18
+    v4_19 = libseccomp.SCMP_KV_4_19
+    v4_20 = libseccomp.SCMP_KV_4_20
+    v5_0 = libseccomp.SCMP_KV_5_0
+    v5_1 = libseccomp.SCMP_KV_5_1
+    v5_2 = libseccomp.SCMP_KV_5_2
+    v5_3 = libseccomp.SCMP_KV_5_3
+    v5_4 = libseccomp.SCMP_KV_5_4
+    v5_5 = libseccomp.SCMP_KV_5_5
+    v5_6 = libseccomp.SCMP_KV_5_6
+    v5_7 = libseccomp.SCMP_KV_5_7
+    v5_8 = libseccomp.SCMP_KV_5_8
+    v5_9 = libseccomp.SCMP_KV_5_9
+    v5_10 = libseccomp.SCMP_KV_5_10
+    v5_11 = libseccomp.SCMP_KV_5_11
+    v5_12 = libseccomp.SCMP_KV_5_12
+    v5_13 = libseccomp.SCMP_KV_5_13
+    v5_14 = libseccomp.SCMP_KV_5_14
+    v5_15 = libseccomp.SCMP_KV_5_15
+    v5_16 = libseccomp.SCMP_KV_5_16
+    v5_17 = libseccomp.SCMP_KV_5_17
+    v5_18 = libseccomp.SCMP_KV_5_18
+    v5_19 = libseccomp.SCMP_KV_5_19
+    v6_0 = libseccomp.SCMP_KV_6_0
+    v6_1 = libseccomp.SCMP_KV_6_1
+    v6_2 = libseccomp.SCMP_KV_6_2
+    v6_3 = libseccomp.SCMP_KV_6_3
+    v6_4 = libseccomp.SCMP_KV_6_4
+    v6_5 = libseccomp.SCMP_KV_6_5
+    v6_6 = libseccomp.SCMP_KV_6_6
+    v6_7 = libseccomp.SCMP_KV_6_7
+    v6_8 = libseccomp.SCMP_KV_6_8
+    v6_9 = libseccomp.SCMP_KV_6_9
+    v6_10 = libseccomp.SCMP_KV_6_10
+    v6_11 = libseccomp.SCMP_KV_6_11
+    v6_12 = libseccomp.SCMP_KV_6_12
+    v6_13 = libseccomp.SCMP_KV_6_13
+    v6_14 = libseccomp.SCMP_KV_6_14
+    v6_15 = libseccomp.SCMP_KV_6_15
+    v6_16 = libseccomp.SCMP_KV_6_16
+    v6_17 = libseccomp.SCMP_KV_6_17
+
 # kate: syntax python;
 # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/src/system.h b/src/system.h
@@ -35,14 +35,6 @@
 
 struct db_filter_col;
 
-/* NOTE: temporary location, move to include/seccomp.h.in when complete */
-enum scmp_kver {
-	__SCMP_KV_NULL = 0,
-	SCMP_KV_UNDEF = 1,
-	/* TODO: add SCMP_KV_X_YY values as the syscall table is populated */
-	__SCMP_KV_MAX,
-};
-
 #ifdef HAVE_LINUX_SECCOMP_H
 
 /* system header file */

Original file line number	Diff line number	Diff line change
`@@ -16,4 +16,4 @@`
`16`	`16`	`# along with this library; if not, see <http://www.gnu.org/licenses>.`
`17`	`17`	`#`
`18`	`18`
`19`		`-include_HEADERS = seccomp.h seccomp-syscalls.h`
	`19`	`+include_HEADERS = seccomp.h seccomp-syscalls.h seccomp-kvers.h`
Original file line number	Diff line number	Diff line change
`@@ -898,6 +898,7 @@ int seccomp_precompute(const scmp_filter_ctx ctx);`
`898`	`898`	`#define __NR_SCMP_UNDEF -2`
`899`	`899`
`900`	`900`	`#include <seccomp-syscalls.h>`
	`901`	`+#include <seccomp-kvers.h>`
`901`	`902`
`902`	`903`	`#ifdef __cplusplus`
`903`	`904`	`}`