1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
/* COVERAGE: seccomp */
#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>
#ifdef __NR_seccomp
#include <linux/seccomp.h>
#include <linux/filter.h>
#include <linux/audit.h>
#include <linux/signal.h>
#include <sys/ptrace.h>
// Some versions of <linux/seccomp.h> don't define SECCOMP_SET_MODE_FILTER.
#ifndef SECCOMP_SET_MODE_FILTER
#define SECCOMP_SET_MODE_FILTER 1
#endif
struct sock_filter filter[] = {
BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
};
struct sock_fprog prog = {
.len = (unsigned short) (sizeof(filter) / sizeof(filter[0])),
.filter = filter,
};
static inline int __seccomp(unsigned int operation, unsigned int flags, void *args)
{
return syscall(__NR_seccomp, operation, flags, args);
}
int main()
{
__seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog);
//staptest// [[[[seccomp (SECCOMP_SET_MODE_FILTER, 0x0, XXXX)!!!!ni_syscall ()]]]] = NNNN
// Limit testing
__seccomp(-1, 0, NULL);
//staptest// [[[[seccomp (0x[f]+, 0x0, 0x0)!!!!ni_syscall ()]]]] = -NNNN
__seccomp(SECCOMP_SET_MODE_FILTER, -1, NULL);
//staptest// [[[[seccomp (SECCOMP_SET_MODE_FILTER, 0x[f]+, 0x0)!!!!ni_syscall ()]]]] = -NNNN
__seccomp(SECCOMP_SET_MODE_FILTER, 0, (void *)-1);
#ifdef __s390__
//staptest// [[[[seccomp (SECCOMP_SET_MODE_FILTER, 0x0, 0x[7]?[f]+)!!!!ni_syscall ()]]]] = -NNNN
#else
//staptest// [[[[seccomp (SECCOMP_SET_MODE_FILTER, 0x0, 0x[f]+)!!!!ni_syscall ()]]]] = -NNNN
#endif
return 0;
}
#else
int main()
{
return 0;
}
#endif
|
