yvesf/main.go

## main.go
package main

/*
#include <stdio.h>
#include <signal.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>

void     (*go_handler)(int, siginfo_t *, void *);

static void mySigHandler(int signum, siginfo_t *info, void *context) {
	fprintf(stderr, "received of SIGSYS. si_syscall=%d\n", info->si_syscall);
	fflush(stderr);

	info->si_code = 0;
	go_handler(signum, info, context);
}

static void overrideSigsysHandling() {
    struct sigaction action;
    sigaction(SIGSYS, NULL, &action);

	go_handler = action.sa_sigaction;

	action.sa_sigaction = mySigHandler;

    sigaction(SIGSYS, &action, NULL);
}
*/
import "C"
import (
	"os"
	"os/signal"
	"syscall"
	"time"

	libseccomp "github.com/seccomp/libseccomp-golang"
)

func main() {
	// patch signal before it arrives at go
	C.overrideSigsysHandling()

	sigs := make(chan os.Signal, 1)
	signal.Notify(sigs, syscall.SIGSYS)
	go func() {
		s := <-sigs
		println(`got signal`, s.String())
		os.Exit(3)
	}()

	time.Sleep(time.Second)

	filter, err := libseccomp.NewFilter(libseccomp.ActAllow)
	if err != nil {
		panic(err)
	}

	err = filter.AddRule(syscall.SYS_FCHOWNAT, libseccomp.ActTrap)
	if err != nil {
		panic(err)
	}

	err = filter.Load()
	if err != nil {
		panic(err)
	}

	err = os.Chown(`/`, 0, 0)
	if err != nil {
		println(err.Error())
	}
	println(`should never reach me`)
}
	package main

	/*
	#include <stdio.h>
	#include <signal.h>
	#include <string.h>
	#include <stdlib.h>
	#include <unistd.h>

	void (go_handler)(int, siginfo_t , void *);

	static void mySigHandler(int signum, siginfo_t info, void context) {
	fprintf(stderr, "received of SIGSYS. si_syscall=%d\n", info->si_syscall);
	fflush(stderr);

	info->si_code = 0;
	go_handler(signum, info, context);
	}

	static void overrideSigsysHandling() {
	struct sigaction action;
	sigaction(SIGSYS, NULL, &action);

	go_handler = action.sa_sigaction;

	action.sa_sigaction = mySigHandler;

	sigaction(SIGSYS, &action, NULL);
	}
	*/
	import "C"
	import (
	"os"
	"os/signal"
	"syscall"
	"time"

	libseccomp "github.com/seccomp/libseccomp-golang"
	)

	func main() {
	// patch signal before it arrives at go
	C.overrideSigsysHandling()

	sigs := make(chan os.Signal, 1)
	signal.Notify(sigs, syscall.SIGSYS)
	go func() {
	s := <-sigs
	println(`got signal`, s.String())
	os.Exit(3)
	}()

	time.Sleep(time.Second)

	filter, err := libseccomp.NewFilter(libseccomp.ActAllow)
	if err != nil {
	panic(err)
	}

	err = filter.AddRule(syscall.SYS_FCHOWNAT, libseccomp.ActTrap)
	if err != nil {
	panic(err)
	}

	err = filter.Load()
	if err != nil {
	panic(err)
	}

	err = os.Chown(`/`, 0, 0)
	if err != nil {
	println(err.Error())
	}
	println(`should never reach me`)
	}