Created
September 16, 2019 18:44
-
-
Save drakenclimber/ccafe9d4bceaffa42f359370679fd6b4 to your computer and use it in GitHub Desktop.
LSS2019 seccomp/libseccomp Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> | |
| #include <seccomp.h> | |
| #include <errno.h> | |
| #include <string.h> | |
| static const char const *lss = "LSS NA 2019\n"; | |
| void call_child(void) | |
| { | |
| scmp_filter_ctx ctx; | |
| int rc; | |
| // whitelist | |
| ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM)); | |
| // blacklist | |
| //ctx = seccomp_init(SCMP_ACT_ALLOW); | |
| rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, | |
| SCMP_SYS(write), 2, | |
| SCMP_A0(SCMP_CMP_EQ, STDOUT_FILENO), | |
| SCMP_A1_64(SCMP_CMP_EQ, lss)); | |
| if (rc < 0) { | |
| fprintf(stdout, "rule add failed %d\n", | |
| rc); | |
| goto out; | |
| } | |
| rc = seccomp_load(ctx); | |
| if (rc < 0) { | |
| fprintf(stdout, "load failed %d\n", | |
| rc); | |
| goto out; | |
| } | |
| //fprintf(stdout, "hello world1\n"); | |
| //fprintf(stderr, "hello world2\n"); | |
| write(STDOUT_FILENO, lss, strlen(lss)); | |
| out: | |
| seccomp_release(ctx); | |
| } | |
| int main(void) | |
| { | |
| pid_t cpid; | |
| fprintf(stdout, "main\n"); | |
| cpid = fork(); | |
| if (cpid < 0) { | |
| fprintf(stdout, "fork failed\n"); | |
| exit(-1); | |
| } | |
| if (cpid == 0) { | |
| // we're in the child | |
| fprintf(stdout, "child\n"); | |
| call_child(); | |
| } | |
| else { | |
| fprintf(stdout, "parent\n"); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment