1 /* 2 * seccomp example with syscall reporting 3 * 4 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> 5 * Authors: 6 * Kees Cook <keescook@chromium.org> 7 * Will Drewry <wad@chromium.org> 8 * 9 * Use of this source code is governed by a BSD-style license that can be 10 * found in the LICENSE file. 11 */ 12 #define _GNU_SOURCE 1 13 #include <stddef.h> 14 #include <stdlib.h> 15 #include <unistd.h> 16 17 #include <libubox/utils.h> 18 #include <libubox/blobmsg.h> 19 #include <libubox/blobmsg_json.h> 20 21 #include "log.h" 22 #include "seccomp.h" 23 #include "seccomp-oci.h" 24 25 int install_syscall_filter(const char *argv, const char *file) 26 { 27 struct blob_buf b = { 0 }; 28 struct sock_fprog *prog = NULL; 29 30 DEBUG("%s: setting up syscall filter\n", argv); 31 32 blob_buf_init(&b, 0); 33 if (!blobmsg_add_json_from_file(&b, file)) { 34 ERROR("%s: failed to load %s\n", argv, file); 35 return -1; 36 } 37 38 prog = parseOCIlinuxseccomp(b.head); 39 if (!prog) { 40 ERROR("%s: failed to parse seccomp filter rules %s\n", argv, file); 41 return -1; 42 } 43 44 return applyOCIlinuxseccomp(prog); 45 } 46
This page was automatically generated by LXR 0.3.1. • OpenWrt