Created
April 30, 2020 07:39
-
-
Save SjonHortensius/7e6197a2bf38cee2e5c67a26833b3180 to your computer and use it in GitHub Desktop.
generate a systemd service SystemCallFilter by specifying a list of syscalls, eg. from strace -c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # generate SystemCallFilter from list of syscalls | |
| # | |
| # run this script, type or paste a list of syscalls and this script will return the required @callgroups | |
| ## Sjon Hortensius, 2020 | |
| set -ue | |
| # dynamically initialize callgroups | |
| declare -A callgroup | |
| while IFS= read -r line | |
| do | |
| [[ ${#line} -eq 0 ]] && continue | |
| if [[ $line == @* ]] | |
| then | |
| group=${line:1} | |
| elif [[ $line != \ *\#* ]] | |
| then | |
| callgroup[${line## }]=$group | |
| fi | |
| done < <(systemd-analyze syscall-filter) | |
| # now read syscalls, eg. from strace -c | |
| while read -r syscall | |
| do | |
| if [[ ${callgroup[$syscall]} ]] | |
| then | |
| echo \@${callgroup[$syscall]} | |
| else | |
| echo $syscall | |
| fi | |
| done | sort -u | tr '\n' ' ' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment