#include <signal.h>
#include <string.h>
#include <unistd.h>
+#include <endian.h>
#include <sys/prctl.h>
#ifndef PR_SET_NO_NEW_PRIVS
#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */
#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */
#define SECCOMP_RET_LOG 0x00070000U
+#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */
#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */
#define SECCOMP_RET_ERROR(x) (SECCOMP_RET_ERRNO | ((x) & 0x0000ffffU))
#define SECCOMP_RET_LOGGER(x) (SECCOMP_RET_LOG | ((x) & 0x0000ffffU))
# define ARCH_NR AUDIT_ARCH_X86_64
#elif defined(__mips__)
# define REG_SYSCALL regs[2]
-# define ARCH_NR AUDIT_ARCH_MIPSEL
+# if __BYTE_ORDER == __LITTLE_ENDIAN
+# define ARCH_NR AUDIT_ARCH_MIPSEL
+# else
+# define ARCH_NR AUDIT_ARCH_MIPS
+# endif
#elif defined(__arm__) && (defined(__ARM_EABI__) || defined(__thumb__))
# define REG_SYSCALL regs.uregs[7]
-# define ARCH_NR AUDIT_ARCH_ARM
+# if __BYTE_ORDER == __LITTLE_ENDIAN
+# define ARCH_NR AUDIT_ARCH_ARM
+# else
+# define ARCH_NR AUDIT_ARCH_ARMEB
+# endif
#else
# warning "Platform does not support seccomp filter yet"
# define REG_SYSCALL 0