From 674f40d027ece13daa78ef2a7d69c79f4198368a Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Fri, 2 Dec 2022 21:22:42 +0330 Subject: update --- seccomp/seccomp_filter.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 seccomp/seccomp_filter.c (limited to 'seccomp/seccomp_filter.c') diff --git a/seccomp/seccomp_filter.c b/seccomp/seccomp_filter.c new file mode 100644 index 0000000..89ea917 --- /dev/null +++ b/seccomp/seccomp_filter.c @@ -0,0 +1,75 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void log_all_syscalls(void) { + scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_LOG); + seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + seccomp_export_bpf(ctx, 1); + seccomp_export_pfc(ctx, 2); + seccomp_release(ctx); +} + +int log_current_seccomp(void) { + int rc = -1; + scmp_filter_ctx ctx; + int filter_fd; + + ctx = seccomp_init(SCMP_ACT_KILL); + if (ctx == NULL) + goto out; + + filter_fd = open("/tmp/seccomp_filter.bpf", + O_CREAT | O_WRONLY | O_NOFOLLOW | O_TRUNC, S_IRWXU); + if (filter_fd == -1) { + rc = -errno; + goto out; + } + + rc = seccomp_export_bpf(ctx, filter_fd); + if (rc < 0) { + close(filter_fd); + goto out; + } + close(filter_fd); + + filter_fd = open("/tmp/seccomp_filter.pfc", + O_CREAT | O_WRONLY | O_NOFOLLOW | O_TRUNC, S_IRWXU); + if (filter_fd == -1) { + rc = -errno; + goto out; + } + + rc = seccomp_export_pfc(ctx, filter_fd); + if (rc < 0) { + close(filter_fd); + goto out; + } + close(filter_fd); + +out: + seccomp_release(ctx); + return -rc; +} + +int main(int argc, char **argv) { + if (argc == 3) { + if (!strcmp("--filter", argv[1])) { + if (!strcmp("current", argv[2])) { + log_current_seccomp(); + } else if (!strcmp("logging", argv[2])) { + log_all_syscalls(); + } else { + } + } + } else { + printf("going with the default filter kind which is logging.\n"); + log_all_syscalls(); + } +} -- cgit v1.2.3