Home Explore Help
Register Sign In
OWEALs
/
procd
mirror of https://git.openwrt.org/project/procd.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
procd
/
jail
/
seccomp.c

seccomp.c 1.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445 
  1. /*
    2. 

  2.  * seccomp example with syscall reporting
    3. 

  3.  *
    4. 

  4.  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
    5. 

  5.  * Authors:
    6. 

  6.  *  Kees Cook <keescook@chromium.org>
    7. 

  7.  *  Will Drewry <wad@chromium.org>
    8. 

  8.  *
    9. 

  9.  * Use of this source code is governed by a BSD-style license that can be
    10. 

  10.  * found in the LICENSE file.
    11. 

  11.  */
    12. 

  12. #define _GNU_SOURCE 1
    13. 

  13. #include <stddef.h>
    14. 

  14. #include <stdlib.h>
    15. 

  15. #include <unistd.h>
    16. 

  16. 

  17. #include <libubox/utils.h>
    18. 

  18. #include <libubox/blobmsg.h>
    19. 

  19. #include <libubox/blobmsg_json.h>
    20. 

  20. 

  21. #include "log.h"
    22. 

  22. #include "seccomp.h"
    23. 

  23. #include "seccomp-oci.h"
    24. 

  24. 

  25. int install_syscall_filter(const char *argv, const char *file)
    26. 

  26. {
    27. 

  27. 	struct blob_buf b = { 0 };
    28. 

  28. 	struct sock_fprog *prog = NULL;
    29. 

  29. 

  30. 	DEBUG("%s: setting up syscall filter\n", argv);
    31. 

  31. 

  32. 	blob_buf_init(&b, 0);
    33. 

  33. 	if (!blobmsg_add_json_from_file(&b, file)) {
    34. 

  34. 		ERROR("%s: failed to load %s\n", argv, file);
    35. 

  35. 		return -1;
    36. 

  36. 	}
    37. 

  37. 

  38. 	prog = parseOCIlinuxseccomp(b.head);
    39. 

  39. 	if (!prog) {
    40. 

  40. 		ERROR("%s: failed to parse seccomp filter rules %s\n", argv, file);
    41. 

  41. 		return -1;
    42. 

  42. 	}
    43. 

  43. 

  44. 	return applyOCIlinuxseccomp(prog);
    45. 

  45. }
    46.