File: seccomp.c

package info (click to toggle)
systemtap 3.1-2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 32,860 kB
  • ctags: 12,513
  • sloc: cpp: 58,610; ansic: 58,189; exp: 37,322; sh: 10,633; xml: 7,771; perl: 2,252; python: 2,066; tcl: 1,305; makefile: 969; lisp: 105; java: 100; awk: 94; asm: 91; sed: 16
file content (52 lines) | stat: -rw-r--r-- 1,136 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
/* COVERAGE: seccomp */

#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>

#ifdef __NR_seccomp

#include <linux/seccomp.h>
#include <linux/filter.h>
#include <linux/audit.h>
#include <linux/signal.h>
#include <sys/ptrace.h>

struct sock_filter filter[] = {
    BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
};

struct sock_fprog prog = {
   .len = (unsigned short) (sizeof(filter) / sizeof(filter[0])),
   .filter = filter,
};

static inline int __seccomp(unsigned int operation, unsigned int flags, void *args)
{
    return syscall(__NR_seccomp, operation, flags, args);
}

int main()
{
    __seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog);
    //staptest// seccomp (SECCOMP_SET_MODE_FILTER, 0x0, XXXX) = NNNN

    // Limit testing

    __seccomp(-1, 0, NULL);
    //staptest// seccomp (0x[f]+, 0x0, 0x0) = -NNNN

    __seccomp(SECCOMP_SET_MODE_FILTER, -1, NULL);
    //staptest// seccomp (SECCOMP_SET_MODE_FILTER, 0x[f]+, 0x0) = -NNNN

    __seccomp(SECCOMP_SET_MODE_FILTER, 0, (void *)-1);
    //staptest// seccomp (SECCOMP_SET_MODE_FILTER, 0x0, 0x[f]+) = -NNNN

    return 0;
}
#else
int main()
{
    return 0;
}
#endif