--- /dev/null
+.TH "seccomp_export_bpf" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NAME
+.\" //////////////////////////////////////////////////////////////////////////
+seccomp_export_bpf, seccomp_export_pfc \- Export the seccomp filter
+.\" //////////////////////////////////////////////////////////////////////////
+.SH SYNOPSIS
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+.B #include <seccomp.h>
+.sp
+.B typedef void * scmp_filter_ctx;
+.sp
+.BI "int seccomp_export_bpf(const scmp_filter_ctx " ctx ", int " fd ");"
+.BI "int seccomp_export_pfc(const scmp_filter_ctx " ctx ", int " fd ");"
+.sp
+Link with \fI\-lseccomp\fP.
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH DESCRIPTION
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+The
+.BR seccomp_export_bpf ()
+and
+.BR seccomp_export_pfc ()
+functions generate and output the current seccomp filter in either BPF (Berkley
+Packet Filter) or PFC (Pseudo Filter Code). The output of
+.BR seccomp_export_bpf ()
+is suitable for loading into the kernel, while the output of
+.BR seccomp_export_pfc ()
+is human readable and is intended primarily as a debugging tool for developers
+using libseccomp. Both functions write the filter to the
+.I fd
+file descriptor.
+.P
+The filter context
+.I ctx
+is the value returned by the call to
+.BR seccomp_init (3).
+.P
+While the two output formats are guaranteed to be functionally equivalent for
+the given seccomp filter configuration, the filter instructions, and their
+ordering, are not guaranteed to be the same in both the BPF and PFC formats.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH RETURN VALUE
+.\" //////////////////////////////////////////////////////////////////////////
+Returns zero on success, negative errno values on failure.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH EXAMPLES
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+ int rc = \-1;
+ scmp_filter_ctx ctx;
+ int filter_fd;
+
+ ctx = seccomp_init(SCMP_ACT_KILL);
+ if (ctx == NULL)
+ goto out;
+
+ /* ... */
+
+ filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
+ if (filter_fd == \-1) {
+ rc = \-errno;
+ goto out;
+ }
+
+ rc = seccomp_export_bpf(ctx, filter_fd);
+ if (rc < 0) {
+ close(filter_fd);
+ goto out;
+ }
+ close(filter_fd);
+
+ /* ... */
+
+out:
+ seccomp_release(ctx);
+ return \-rc;
+}
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NOTES
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+While the seccomp filter can be generated independent of the kernel, kernel
+support is required to load and enforce the seccomp filter generated by
+libseccomp.
+.P
+The libseccomp project site, with more information and the source code
+repository, can be found at https://github.com/seccomp/libseccomp. This tool,
+as well as the libseccomp library, is currently under development, please
+report any bugs at the project site or directly to the author.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH AUTHOR
+.\" //////////////////////////////////////////////////////////////////////////
+Paul Moore <paul@paul-moore.com>
+.\" //////////////////////////////////////////////////////////////////////////
+.SH SEE ALSO
+.\" //////////////////////////////////////////////////////////////////////////
+.BR seccomp_init (3),
+.BR seccomp_release (3)
+
projects / linux-seccomp.git / blobdiff