| 1 | # |
| 2 | # Seccomp Library Python Bindings |
| 3 | # |
| 4 | # Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com> |
| 5 | # Author: Paul Moore <paul@paul-moore.com> |
| 6 | # |
| 7 | |
| 8 | # |
| 9 | # This library is free software; you can redistribute it and/or modify it |
| 10 | # under the terms of version 2.1 of the GNU Lesser General Public License as |
| 11 | # published by the Free Software Foundation. |
| 12 | # |
| 13 | # This library is distributed in the hope that it will be useful, but WITHOUT |
| 14 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 15 | # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License |
| 16 | # for more details. |
| 17 | # |
| 18 | # You should have received a copy of the GNU Lesser General Public License |
| 19 | # along with this library; if not, see <http://www.gnu.org/licenses>. |
| 20 | # |
| 21 | |
| 22 | from libc.stdint cimport uint8_t, uint32_t, uint64_t |
| 23 | |
| 24 | cdef extern from "seccomp.h": |
| 25 | |
| 26 | cdef struct scmp_version: |
| 27 | unsigned int major |
| 28 | unsigned int minor |
| 29 | unsigned int micro |
| 30 | |
| 31 | ctypedef void* scmp_filter_ctx |
| 32 | |
| 33 | cdef enum: |
| 34 | SCMP_ARCH_NATIVE |
| 35 | SCMP_ARCH_X86 |
| 36 | SCMP_ARCH_X86_64 |
| 37 | SCMP_ARCH_X32 |
| 38 | SCMP_ARCH_ARM |
| 39 | SCMP_ARCH_AARCH64 |
| 40 | SCMP_ARCH_MIPS |
| 41 | SCMP_ARCH_MIPS64 |
| 42 | SCMP_ARCH_MIPS64N32 |
| 43 | SCMP_ARCH_MIPSEL |
| 44 | SCMP_ARCH_MIPSEL64 |
| 45 | SCMP_ARCH_MIPSEL64N32 |
| 46 | SCMP_ARCH_PPC |
| 47 | SCMP_ARCH_PPC64 |
| 48 | SCMP_ARCH_PPC64LE |
| 49 | SCMP_ARCH_S390 |
| 50 | SCMP_ARCH_S390X |
| 51 | |
| 52 | cdef enum scmp_filter_attr: |
| 53 | SCMP_FLTATR_ACT_DEFAULT |
| 54 | SCMP_FLTATR_ACT_BADARCH |
| 55 | SCMP_FLTATR_CTL_NNP |
| 56 | SCMP_FLTATR_CTL_TSYNC |
| 57 | |
| 58 | cdef enum scmp_compare: |
| 59 | SCMP_CMP_NE |
| 60 | SCMP_CMP_LT |
| 61 | SCMP_CMP_LE |
| 62 | SCMP_CMP_EQ |
| 63 | SCMP_CMP_GE |
| 64 | SCMP_CMP_GT |
| 65 | SCMP_CMP_MASKED_EQ |
| 66 | |
| 67 | cdef enum: |
| 68 | SCMP_ACT_KILL |
| 69 | SCMP_ACT_TRAP |
| 70 | SCMP_ACT_ALLOW |
| 71 | unsigned int SCMP_ACT_ERRNO(int errno) |
| 72 | unsigned int SCMP_ACT_TRACE(int value) |
| 73 | |
| 74 | ctypedef uint64_t scmp_datum_t |
| 75 | |
| 76 | cdef struct scmp_arg_cmp: |
| 77 | unsigned int arg |
| 78 | scmp_compare op |
| 79 | scmp_datum_t datum_a |
| 80 | scmp_datum_t datum_b |
| 81 | |
| 82 | scmp_version *seccomp_version() |
| 83 | |
| 84 | scmp_filter_ctx seccomp_init(uint32_t def_action) |
| 85 | int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action) |
| 86 | void seccomp_release(scmp_filter_ctx ctx) |
| 87 | |
| 88 | int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src) |
| 89 | |
| 90 | uint32_t seccomp_arch_resolve_name(char *arch_name) |
| 91 | uint32_t seccomp_arch_native() |
| 92 | int seccomp_arch_exist(scmp_filter_ctx ctx, int arch_token) |
| 93 | int seccomp_arch_add(scmp_filter_ctx ctx, int arch_token) |
| 94 | int seccomp_arch_remove(scmp_filter_ctx ctx, int arch_token) |
| 95 | |
| 96 | int seccomp_load(scmp_filter_ctx ctx) |
| 97 | |
| 98 | int seccomp_attr_get(scmp_filter_ctx ctx, |
| 99 | scmp_filter_attr attr, uint32_t* value) |
| 100 | int seccomp_attr_set(scmp_filter_ctx ctx, |
| 101 | scmp_filter_attr attr, uint32_t value) |
| 102 | |
| 103 | char *seccomp_syscall_resolve_num_arch(int arch_token, int num) |
| 104 | int seccomp_syscall_resolve_name_arch(int arch_token, char *name) |
| 105 | int seccomp_syscall_resolve_name_rewrite(int arch_token, char *name) |
| 106 | int seccomp_syscall_resolve_name(char *name) |
| 107 | int seccomp_syscall_priority(scmp_filter_ctx ctx, |
| 108 | int syscall, uint8_t priority) |
| 109 | |
| 110 | int seccomp_rule_add(scmp_filter_ctx ctx, uint32_t action, |
| 111 | int syscall, unsigned int arg_cnt, ...) |
| 112 | int seccomp_rule_add_array(scmp_filter_ctx ctx, |
| 113 | uint32_t action, int syscall, |
| 114 | unsigned int arg_cnt, |
| 115 | scmp_arg_cmp *arg_array) |
| 116 | int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action, |
| 117 | int syscall, unsigned int arg_cnt, ...) |
| 118 | int seccomp_rule_add_exact_array(scmp_filter_ctx ctx, |
| 119 | uint32_t action, int syscall, |
| 120 | unsigned int arg_cnt, |
| 121 | scmp_arg_cmp *arg_array) |
| 122 | |
| 123 | int seccomp_export_pfc(scmp_filter_ctx ctx, int fd) |
| 124 | int seccomp_export_bpf(scmp_filter_ctx ctx, int fd) |
| 125 | |
| 126 | # kate: syntax python; |
| 127 | # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; |