• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/procd/jail/seccomp.c

  1 /*
  2  * seccomp example with syscall reporting
  3  *
  4  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
  5  * Authors:
  6  *  Kees Cook <keescook@chromium.org>
  7  *  Will Drewry <wad@chromium.org>
  8  *
  9  * Use of this source code is governed by a BSD-style license that can be
 10  * found in the LICENSE file.
 11  */
 12 #define _GNU_SOURCE 1
 13 #include <stddef.h>
 14 #include <stdlib.h>
 15 #include <unistd.h>
 16 
 17 #include <libubox/utils.h>
 18 #include <libubox/blobmsg.h>
 19 #include <libubox/blobmsg_json.h>
 20 
 21 #include "log.h"
 22 #include "seccomp.h"
 23 #include "seccomp-oci.h"
 24 
 25 int install_syscall_filter(const char *argv, const char *file)
 26 {
 27         struct blob_buf b = { 0 };
 28         struct sock_fprog *prog = NULL;
 29 
 30         DEBUG("%s: setting up syscall filter\n", argv);
 31 
 32         blob_buf_init(&b, 0);
 33         if (!blobmsg_add_json_from_file(&b, file)) {
 34                 ERROR("%s: failed to load %s\n", argv, file);
 35                 return -1;
 36         }
 37 
 38         prog = parseOCIlinuxseccomp(b.head);
 39         if (!prog) {
 40                 ERROR("%s: failed to parse seccomp filter rules %s\n", argv, file);
 41                 return -1;
 42         }
 43 
 44         return applyOCIlinuxseccomp(prog);
 45 }
 46 

This page was automatically generated by LXR 0.3.1.  •  OpenWrt