Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER.

This matches the actual prctl() call we use.

config.h.in

@@ -175,9 +175,9 @@
    don't. */
 #undef HAVE_DECL_QUAD_MIN
 
-/* Define to 1 if you have the declaration of `SECCOMP_SET_MODE_FILTER', and
+/* Define to 1 if you have the declaration of `SECCOMP_MODE_FILTER', and to 0
-   to 0 if you don't. */
+   if you don't. */
-#undef HAVE_DECL_SECCOMP_SET_MODE_FILTER
+#undef HAVE_DECL_SECCOMP_MODE_FILTER
 
 /* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
    don't. */

configure

@@ -17821,8 +17821,8 @@ fi
     *-*-linux*|*-*-k*bsd*-gnu)
 		shadow_funcs="getspnam"
 		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
-		# Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+		# Check for SECCOMP_MODE_FILTER in linux/seccomp.h
-		ac_fn_check_decl "$LINENO" "SECCOMP_SET_MODE_FILTER" "ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" "
+		ac_fn_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" "
 #include <sys/types.h>
 #include <sys/prctl.h>
 #include <asm/unistd.h>
@@ -17830,13 +17830,13 @@ fi
 #include <linux/filter.h>
 
 " "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" = xyes
+if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes
 then :
   ac_have_decl=1
 else $as_nop
   ac_have_decl=0
 fi
-printf "%s\n" "#define HAVE_DECL_SECCOMP_SET_MODE_FILTER $ac_have_decl" >>confdefs.h
+printf "%s\n" "#define HAVE_DECL_SECCOMP_MODE_FILTER $ac_have_decl" >>confdefs.h
 
 		# We call getrandom via syscall(3) in case it is not in libc
 		ac_fn_c_check_header_compile "$LINENO" "linux/random.h" "ac_cv_header_linux_random_h" "$ac_includes_default"

configure.ac

@@ -2065,8 +2065,8 @@ case "$host" in
     *-*-linux*|*-*-k*bsd*-gnu)
 		shadow_funcs="getspnam"
 		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
-		# Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+		# Check for SECCOMP_MODE_FILTER in linux/seccomp.h
-		AC_CHECK_DECLS([SECCOMP_SET_MODE_FILTER], [], [], [
+		AC_CHECK_DECLS([SECCOMP_MODE_FILTER], [], [], [
 #include <sys/types.h>
 #include <sys/prctl.h>
 #include <asm/unistd.h>

src/sudo_exec.h

@@ -95,13 +95,13 @@ union sudo_token_un {
  * On MIPS we can't change the syscall return and only support log_subcmds.
  */
 #if defined(_PATH_SUDO_INTERCEPT) && defined(__linux__)
-# if defined(HAVE_DECL_SECCOMP_SET_MODE_FILTER) && HAVE_DECL_SECCOMP_SET_MODE_FILTER
+# if defined(HAVE_DECL_SECCOMP_MODE_FILTER) && HAVE_DECL_SECCOMP_MODE_FILTER
 #  if defined(__x86_64__) || defined(__i386__) || defined(__aarch64__) || defined(__arm__) || defined(__mips__) || defined(__powerpc__) || (defined(__riscv) && __riscv_xlen == 64) || defined(__s390__)
 #   ifndef HAVE_PTRACE_INTERCEPT
 #    define HAVE_PTRACE_INTERCEPT 1
 #   endif /* HAVE_PTRACE_INTERCEPT */
 #  endif /* __amd64__ || __i386__ || __aarch64__ || __riscv || __s390__ */
-# endif /* HAVE_DECL_SECCOMP_SET_MODE_FILTER */
+# endif /* HAVE_DECL_SECCOMP_MODE_FILTER */
 #endif /* _PATH_SUDO_INTERCEPT && __linux__ */
 
 /*

src/sudo_noexec.c

@@ -25,7 +25,7 @@
 
 #include <sys/types.h>
 
-#if defined(HAVE_DECL_SECCOMP_SET_MODE_FILTER) && HAVE_DECL_SECCOMP_SET_MODE_FILTER
+#if defined(HAVE_DECL_SECCOMP_MODE_FILTER) && HAVE_DECL_SECCOMP_MODE_FILTER
 # include <sys/prctl.h>
 # include <asm/unistd.h>
 # include <linux/filter.h>
@@ -213,7 +213,7 @@ INTERPOSE(wordexp)
 /*
  * On Linux we can use a seccomp() filter to disable exec.
  */
-#if defined(HAVE_DECL_SECCOMP_SET_MODE_FILTER) && HAVE_DECL_SECCOMP_SET_MODE_FILTER
+#if defined(HAVE_DECL_SECCOMP_MODE_FILTER) && HAVE_DECL_SECCOMP_MODE_FILTER
 
 /* Older systems may not support execveat(2). */
 #ifndef __NR_execveat
@@ -248,4 +248,4 @@ noexec_ctor(void)
     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0)
 	(void)prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &exec_fprog);
 }
-#endif /* HAVE_DECL_SECCOMP_SET_MODE_FILTER */
+#endif /* HAVE_DECL_SECCOMP_MODE_FILTER */