projects / linux-seccomp.git / blame
| Commit | Line | Data |
|---|---|---|
| 8befd5cc MG |
1 | .TH "seccomp_syscall_resolve_name" 3 "8 May 2014" "paul@paul-moore.com" "libseccomp Documentation" |
| 2 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 3 | .SH NAME | |
| 4 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 5 | seccomp_syscall_resolve_name \- Resolve a syscall name | |
| 6 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 7 | .SH SYNOPSIS | |
| 8 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 9 | .nf | |
| 10 | .B #include <seccomp.h> | |
| 11 | .sp | |
| 12 | .BI "int seccomp_syscall_resolve_name(const char *" name ");" | |
| 13 | .BI "int seccomp_syscall_resolve_name_arch(uint32_t " arch_token "," | |
| 14 | .BI " const char *" name ");" | |
| 15 | .BI "int seccomp_syscall_resolve_name_rewrite(uint32_t " arch_token "," | |
| 16 | .BI " const char *" name ");" | |
| 17 | .BI "char *seccomp_syscall_resolve_num_arch(uint32_t " arch_token ", int " num ");" | |
| 18 | .sp | |
| 19 | Link with \fI\-lseccomp\fP. | |
| 20 | .fi | |
| 21 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 22 | .SH DESCRIPTION | |
| 23 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 24 | .P | |
| 25 | The | |
| 26 | .BR seccomp_syscall_resolve_name() , | |
| 27 | .BR seccomp_syscall_resolve_name_arch() , | |
| 28 | and | |
| 29 | .BR seccomp_syscall_resolve_name_rewrite() | |
| 30 | functions resolve the commonly used syscall name to the syscall number used by | |
| 31 | the kernel and the rest of the libseccomp API, with | |
| 32 | .BR seccomp_syscall_resolve_name_rewrite() | |
| 33 | rewriting the syscall number for architectures that modify the syscall. The | |
| 34 | .BR seccomp_syscall_resolve_num_arch() | |
| 35 | function resolves the syscall number used by the kernel to the commonly used | |
| 36 | syscall name. | |
| 37 | .P | |
| 38 | The caller is responsible for freeing the returned string from | |
| 39 | .BR seccomp_syscall_resolve_num_arch() . | |
| 40 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 41 | .SH RETURN VALUE | |
| 42 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 43 | .P | |
| 44 | In the case of | |
| 45 | .BR seccomp_syscall_resolve_name() , | |
| 46 | .BR seccomp_syscall_resolve_name_arch() , | |
| 47 | and | |
| 48 | .BR seccomp_syscall_resolve_name_rewrite() | |
| 49 | the associated syscall number is returned, with the negative pseudo syscall | |
| 50 | number being returned in cases where the given syscall does not exist for the | |
| 51 | architecture. The value | |
| 52 | .BR __NR_SCMP_ERROR | |
| 53 | is returned in case of error. In all cases, the return value is suitable for | |
| 54 | use in any libseccomp API function which requires the syscall number, examples include | |
| 55 | .BR seccomp_rule_add () | |
| 56 | and | |
| 57 | .BR seccomp_rule_add_exact (). | |
| 58 | .P | |
| 59 | In the case of | |
| 60 | .BR seccomp_syscall_resolve_num_arch() | |
| 61 | the associated syscall name is returned and it remains the callers | |
| 62 | responsibility to free the returned string via | |
| 63 | .BR free (3). | |
| 64 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 65 | .SH EXAMPLES | |
| 66 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 67 | .nf | |
| 68 | #include <seccomp.h> | |
| 69 | ||
| 70 | int main(int argc, char *argv[]) | |
| 71 | { | |
| 72 | int rc = \-1; | |
| 73 | scmp_filter_ctx ctx; | |
| 74 | ||
| 75 | ctx = seccomp_init(SCMP_ACT_KILL); | |
| 76 | if (ctx == NULL) | |
| 77 | goto out; | |
| 78 | ||
| 79 | /* ... */ | |
| 80 | ||
| 81 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, | |
| 82 | seccomp_syscall_resolve_name("open"), 0); | |
| 83 | if (rc < 0) | |
| 84 | goto out; | |
| 85 | ||
| 86 | /* ... */ | |
| 87 | ||
| 88 | rc = seccomp_load(ctx); | |
| 89 | if (rc < 0) | |
| 90 | goto out; | |
| 91 | ||
| 92 | /* ... */ | |
| 93 | ||
| 94 | out: | |
| 95 | seccomp_release(ctx); | |
| 96 | return \-rc; | |
| 97 | } | |
| 98 | .fi | |
| 99 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 100 | .SH NOTES | |
| 101 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 102 | .P | |
| 103 | While the seccomp filter can be generated independent of the kernel, kernel | |
| 104 | support is required to load and enforce the seccomp filter generated by | |
| 105 | libseccomp. | |
| 106 | .P | |
| 107 | The libseccomp project site, with more information and the source code | |
| 108 | repository, can be found at https://github.com/seccomp/libseccomp. This tool, | |
| 109 | as well as the libseccomp library, is currently under development, please | |
| 110 | report any bugs at the project site or directly to the author. | |
| 111 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 112 | .SH AUTHOR | |
| 113 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 114 | Paul Moore <paul@paul-moore.com> | |
| 115 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 116 | .SH SEE ALSO | |
| 117 | .\" ////////////////////////////////////////////////////////////////////////// | |
| 118 | .BR seccomp_rule_add (3), | |
| 119 | .BR seccomp_rule_add_exact (3) |