1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# Ceccomp
A tool to analyze seccomp filters like `seccomp-tools`, written in C
## Features
- :gear: Robust assembler and disassembler
- :blue_book: Complete documentation
- :1234: Various architecture support powered by libseccomp
- :globe_with_meridians: Multi-language support
- :feather: Minimum build depencies for core binary
- :paintbrush: Enhanced syntax highlighting
- :100: Informational error messages
- :shell: Powerful Zshell completion
- :no_entry_sign: Pure C without LLM-generated garbage
## Doc & Screenshots
[English Version](docs/ceccomp.adoc) | [中文文档](docs/ceccomp.zh_CN.adoc)
## Install
- Arch Linux users:
Install via AUR, build `ceccomp` package ⇒ [](https://repology.org/project/ceccomp/versions)
Or install via `archlinuxcn` repo if you have it set in you `pacman.conf`.
- Debian, Ubuntu or Kali users:
ceccomp is available with `apt` now if you are using distros below:
[](https://repology.org/project/ceccomp/versions)
[](https://repology.org/project/ceccomp/versions)
[](https://repology.org/project/ceccomp/versions)
[](https://repology.org/project/ceccomp/versions)
- NixOS users:
@tesuji helps us submit a PR at NixOS, but it's blocked as nobody cares... If you
like our software, please :+1: in NixOS/nixpkgs#462592 to help ceccomp into nixpkgs!
- Stable installation:
Clone the whole repo, then run `./configure`. Add `--without-doc` flag if you don't have `asciidoctor`,
and add `--without-i18n` flag if you don't have `gettext` package.
```sh
git clone https://github.com/dbgbgtf1/Ceccomp.git
cd Ceccomp
./configure
./configure # run this again if Makefile is not generated
make
make install # install at /usr/bin
```
- Testing installation:
Clone the whole repo, and then run `./configure --devmode`.
```sh
git clone https://github.com/dbgbgtf1/Ceccomp.git
cd Ceccomp
./configure --devmode
make
```
## Run Test
Run configure and make, then invoke `pytest test` from repo root. Trace pid case will be skipped if no
CAP_SYS_ADMIN. If you find some checks failed, please submit an issue to report your case.
To run the test, you need 2 extra packages: `pkgconf` (required by `pkg-config`) and `python-pytest`
(required by `pytest`).
## CheatSheet
<img width="2202" height="1061" alt="image" src="https://github.com/user-attachments/assets/6fc41721-89a0-4750-aa3f-219c0edf82d9" />
## Credits
- [seccomp-tools](https://github.com/david942j/seccomp-tools): The tool in Ruby inspires us to write ceccomp
- [Bootswatch](https://bootswatch.com/slate/): Provides awesome css for html doc under MIT
- [Linux kernel](https://github.com/torvalds/linux): Port some bpf checks
- [Verstable](https://github.com/JacksonAllan/Verstable): High-performance hash table implementation in C
- [a5hash](https://github.com/avaneev/a5hash): High-performance hash implementation for short strings in C
Any Issue or PR are welcome! :heart: Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details.
## License
Copyright (C) 2025-present, ceccomp contributors, distributed under GNU General Public License v3.0 or Later
|
