dm0-/noodel.c

## noodel.c
/* cc -o noodel -lseccomp noodel.c */
#include <seccomp.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int
main (int argc, char *argv[])
{
  scmp_filter_ctx ctx;
  int rc = -1;

  if (argc < 2 || access (argv[1], X_OK) != 0)
    {
      fprintf (stderr, "%s /path/to/program [args]", argv[0]);
      return 1;
    }

  /* Initialize libseccomp to allow everything by default.  */
  ctx = seccomp_init (SCMP_ACT_ALLOW);
  if (ctx == NULL)
    goto abort;

  /* Define the set of syscall filtering rules: mask unlink.  */
  rc = seccomp_rule_add (ctx, SCMP_ACT_ERRNO (0), SCMP_SYS (unlink), 0);
  if (rc != 0)
    goto abort;

  /* Load the rules into the kernel, then release their resources here.  */
  rc = seccomp_load (ctx);
  if (rc == 0)
    seccomp_release (ctx);
  else
    goto abort;

  /* Switch to the real target process.  */
  rc = execv (argv[1], argv + 1);

 abort:
  seccomp_release (ctx);
  return -rc;
}
	/* cc -o noodel -lseccomp noodel.c */
	#include <seccomp.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <unistd.h>

	int
	main (int argc, char *argv[])
	{
	scmp_filter_ctx ctx;
	int rc = -1;

	if (argc < 2 \|\| access (argv[1], X_OK) != 0)
	{
	fprintf (stderr, "%s /path/to/program [args]", argv[0]);
	return 1;
	}

	/* Initialize libseccomp to allow everything by default. */
	ctx = seccomp_init (SCMP_ACT_ALLOW);
	if (ctx == NULL)
	goto abort;

	/* Define the set of syscall filtering rules: mask unlink. */
	rc = seccomp_rule_add (ctx, SCMP_ACT_ERRNO (0), SCMP_SYS (unlink), 0);
	if (rc != 0)
	goto abort;

	/* Load the rules into the kernel, then release their resources here. */
	rc = seccomp_load (ctx);
	if (rc == 0)
	seccomp_release (ctx);
	else
	goto abort;

	/* Switch to the real target process. */
	rc = execv (argv[1], argv + 1);

	abort:
	seccomp_release (ctx);
	return -rc;
	}