Fix a few incompatibility issues (#517)

* kernel: Use NR_syscalls instead of SECCOMP_ARCH_NATIVE_NR
Old kernels don't has SECCOMP_ARCH_NATIVE_NR. But according to its definition,
it's equal to NR_syscalls. So use NR_syscalls instead.

* kernel: Fix wrong kernel version check
fsnotify_add_inode_mark was introduced in 4.17-rc5, not 4.12

kernel/kernel_compat.c

@@ -242,7 +242,7 @@ long ksu_copy_from_user_nofault(void *dst, const void __user *src, size_t size)
 }
 
 struct action_cache {
-    DECLARE_BITMAP(allow_native, SECCOMP_ARCH_NATIVE_NR);
+    DECLARE_BITMAP(allow_native, NR_syscalls);
 #ifdef SECCOMP_ARCH_COMPAT
     DECLARE_BITMAP(allow_compat, SECCOMP_ARCH_COMPAT_NR);
 #endif
@@ -269,7 +269,7 @@ void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr)
         return;
     }
 
-    if (nr >= 0 && nr < SECCOMP_ARCH_NATIVE_NR) {
+    if (nr >= 0 && nr < NR_syscalls) {
         clear_bit(nr, filter->cache.allow_native);
     }
 
@@ -286,7 +286,7 @@ void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr)
         return;
     }
 
-    if (nr >= 0 && nr < SECCOMP_ARCH_NATIVE_NR) {
+    if (nr >= 0 && nr < NR_syscalls) {
         set_bit(nr, filter->cache.allow_native);
     }
 

kernel/pkg_observer.c

@@ -66,7 +66,7 @@ static int add_mark_on_inode(struct inode *inode, u32 mask,
     if (!m)
         return -ENOMEM;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
     fsnotify_init_mark(m, g);
     m->mask = mask;
     ret = fsnotify_add_inode_mark(m, inode, 0);