Commit | Line | Data |
---|---|---|
8befd5cc MG |
1 | /** |
2 | * Seccomp Library test program | |
3 | * | |
4 | * Copyright (c) 2012 Red Hat <pmoore@redhat.com> | |
5 | * Author: Paul Moore <paul@paul-moore.com> | |
6 | */ | |
7 | ||
8 | /* | |
9 | * This library is free software; you can redistribute it and/or modify it | |
10 | * under the terms of version 2.1 of the GNU Lesser General Public License as | |
11 | * published by the Free Software Foundation. | |
12 | * | |
13 | * This library is distributed in the hope that it will be useful, but WITHOUT | |
14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
15 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License | |
16 | * for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU Lesser General Public License | |
19 | * along with this library; if not, see <http://www.gnu.org/licenses>. | |
20 | */ | |
21 | ||
22 | #include <errno.h> | |
23 | #include <unistd.h> | |
24 | ||
25 | #include <seccomp.h> | |
26 | ||
27 | #include "util.h" | |
28 | ||
29 | int main(int argc, char *argv[]) | |
30 | { | |
31 | int rc; | |
32 | struct util_options opts; | |
33 | scmp_filter_ctx ctx = NULL; | |
34 | ||
35 | rc = util_getopt(argc, argv, &opts); | |
36 | if (rc < 0) | |
37 | goto out; | |
38 | ||
39 | ctx = seccomp_init(SCMP_ACT_KILL); | |
40 | if (ctx == NULL) | |
41 | return ENOMEM; | |
42 | ||
43 | rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); | |
44 | if (rc != 0) | |
45 | goto out; | |
46 | ||
47 | rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); | |
48 | if (rc != 0) | |
49 | goto out; | |
50 | rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); | |
51 | if (rc != 0) | |
52 | goto out; | |
53 | rc = seccomp_arch_add(ctx, SCMP_ARCH_X32); | |
54 | if (rc != 0) | |
55 | goto out; | |
56 | rc = seccomp_arch_add(ctx, SCMP_ARCH_ARM); | |
57 | if (rc != 0) | |
58 | goto out; | |
59 | rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64); | |
60 | if (rc != 0) | |
61 | goto out; | |
62 | rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); | |
63 | if (rc != 0) | |
64 | goto out; | |
65 | rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64); | |
66 | if (rc != 0) | |
67 | goto out; | |
68 | rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32); | |
69 | if (rc != 0) | |
70 | goto out; | |
71 | rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); | |
72 | if (rc != 0) | |
73 | goto out; | |
74 | ||
75 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, | |
76 | SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); | |
77 | if (rc != 0) | |
78 | goto out; | |
79 | ||
80 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, | |
81 | SCMP_A0(SCMP_CMP_EQ, STDOUT_FILENO)); | |
82 | if (rc != 0) | |
83 | goto out; | |
84 | ||
85 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, | |
86 | SCMP_A0(SCMP_CMP_EQ, STDERR_FILENO)); | |
87 | if (rc != 0) | |
88 | goto out; | |
89 | ||
90 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0); | |
91 | if (rc != 0) | |
92 | goto out; | |
93 | ||
94 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0); | |
95 | if (rc != 0) | |
96 | goto out; | |
97 | ||
98 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(connect), 0); | |
99 | if (rc != 0) | |
100 | goto out; | |
101 | ||
102 | rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shutdown), 0); | |
103 | if (rc != 0) | |
104 | goto out; | |
105 | ||
106 | rc = util_filter_output(&opts, ctx); | |
107 | if (rc) | |
108 | goto out; | |
109 | ||
110 | out: | |
111 | seccomp_release(ctx); | |
112 | return (rc < 0 ? -rc : rc); | |
113 | } |