]> iEval git - linux-seccomp.git/blame - lib/Linux/Seccomp.pm
Bump version and update Changes
[linux-seccomp.git] / lib / Linux / Seccomp.pm
CommitLineData
bcf524c1
MG
1package Linux::Seccomp;
2
3use 5.014000;
4use strict;
5use warnings;
6use Carp;
7
8require Exporter;
9use AutoLoader;
10
11our @ISA = qw(Exporter);
12
13our %EXPORT_TAGS = (
14 functions => [
15 qw/arch_native
16 arch_resolve_name
17 syscall_resolve_name
18 syscall_resolve_name_arch
19 syscall_resolve_name_rewrite
e2ef1f21
MG
20 syscall_resolve_num_arch
21 version/ ],
bcf524c1
MG
22
23 macros => [
24 qw/SCMP_ACT_ALLOW
25 SCMP_ACT_ERRNO
26 SCMP_ACT_KILL
27 SCMP_ACT_TRACE
28 SCMP_ACT_TRAP
29 SCMP_ARCH_AARCH64
30 SCMP_ARCH_ARM
31 SCMP_ARCH_MIPS
32 SCMP_ARCH_MIPS64
33 SCMP_ARCH_MIPS64N32
34 SCMP_ARCH_MIPSEL
35 SCMP_ARCH_MIPSEL64
36 SCMP_ARCH_MIPSEL64N32
37 SCMP_ARCH_NATIVE
38 SCMP_ARCH_PPC
39 SCMP_ARCH_PPC64
40 SCMP_ARCH_PPC64LE
41 SCMP_ARCH_S390
42 SCMP_ARCH_S390X
43 SCMP_ARCH_X32
44 SCMP_ARCH_X86
45 SCMP_ARCH_X86_64
46 SCMP_CMP_EQ
47 SCMP_CMP_GE
48 SCMP_CMP_GT
49 SCMP_CMP_LE
50 SCMP_CMP_LT
51 SCMP_CMP_MASKED_EQ
52 SCMP_CMP_NE
53 SCMP_FLTATR_ACT_BADARCH
54 SCMP_FLTATR_ACT_DEFAULT
55 SCMP_FLTATR_CTL_NNP
56 SCMP_FLTATR_CTL_TSYNC
57 SCMP_VER_MAJOR
58 SCMP_VER_MICRO
59 SCMP_VER_MINOR
60 _SCMP_CMP_MAX
61 _SCMP_CMP_MIN
62 _SCMP_FLTATR_MAX
63 _SCMP_FLTATR_MIN
64 __NR_SCMP_ERROR
65 __NR_SCMP_UNDEF
66 __NR__llseek
67 __NR__newselect
68 __NR__sysctl
69 __NR_accept
70 __NR_accept4
71 __NR_access
72 __NR_afs_syscall
73 __NR_alarm
74 __NR_arch_prctl
75 __NR_arm_fadvise64_64
76 __NR_arm_sync_file_range
77 __NR_bdflush
78 __NR_bind
79 __NR_break
80 __NR_breakpoint
81 __NR_cachectl
82 __NR_cacheflush
83 __NR_chmod
84 __NR_chown
85 __NR_chown32
86 __NR_connect
87 __NR_creat
88 __NR_create_module
89 __NR_dup2
90 __NR_epoll_create
91 __NR_epoll_ctl_old
92 __NR_epoll_wait
93 __NR_epoll_wait_old
94 __NR_eventfd
95 __NR_fadvise64
96 __NR_fadvise64_64
97 __NR_fchown32
98 __NR_fcntl64
99 __NR_fork
100 __NR_fstat64
101 __NR_fstatat64
102 __NR_fstatfs64
103 __NR_ftime
104 __NR_ftruncate64
105 __NR_futimesat
106 __NR_get_kernel_syms
107 __NR_get_mempolicy
108 __NR_get_thread_area
109 __NR_getdents
110 __NR_getegid32
111 __NR_geteuid32
112 __NR_getgid32
113 __NR_getgroups32
114 __NR_getpeername
115 __NR_getpgrp
116 __NR_getpmsg
117 __NR_getrandom
118 __NR_getresgid32
119 __NR_getresuid32
120 __NR_getrlimit
121 __NR_getsockname
122 __NR_getsockopt
123 __NR_getuid32
124 __NR_gtty
125 __NR_idle
126 __NR_inotify_init
127 __NR_ioperm
128 __NR_iopl
129 __NR_ipc
130 __NR_kexec_file_load
131 __NR_lchown
132 __NR_lchown32
133 __NR_link
134 __NR_listen
135 __NR_lock
136 __NR_lstat
137 __NR_lstat64
138 __NR_mbind
139 __NR_membarrier
140 __NR_memfd_create
141 __NR_migrate_pages
142 __NR_mkdir
143 __NR_mknod
144 __NR_mmap
145 __NR_mmap2
146 __NR_modify_ldt
147 __NR_move_pages
148 __NR_mpx
149 __NR_msgctl
150 __NR_msgget
151 __NR_msgrcv
152 __NR_msgsnd
153 __NR_multiplexer
154 __NR_newfstatat
155 __NR_nfsservctl
156 __NR_nice
157 __NR_oldfstat
158 __NR_oldlstat
159 __NR_oldolduname
160 __NR_oldstat
161 __NR_olduname
162 __NR_oldwait4
163 __NR_open
164 __NR_pause
165 __NR_pciconfig_iobase
166 __NR_pciconfig_read
167 __NR_pciconfig_write
168 __NR_pipe
169 __NR_poll
170 __NR_prof
171 __NR_profil
172 __NR_putpmsg
173 __NR_query_module
174 __NR_readdir
175 __NR_readlink
ccd15039 176 __NR_recv
bcf524c1
MG
177 __NR_recvfrom
178 __NR_recvmmsg
179 __NR_recvmsg
180 __NR_rename
181 __NR_rmdir
182 __NR_rtas
183 __NR_s390_pci_mmio_read
184 __NR_s390_pci_mmio_write
185 __NR_s390_runtime_instr
186 __NR_security
187 __NR_select
188 __NR_semctl
189 __NR_semget
190 __NR_semop
191 __NR_semtimedop
192 __NR_send
193 __NR_sendfile64
194 __NR_sendmmsg
195 __NR_sendmsg
196 __NR_sendto
197 __NR_set_mempolicy
198 __NR_set_thread_area
199 __NR_set_tls
200 __NR_setfsgid32
201 __NR_setfsuid32
202 __NR_setgid32
203 __NR_setgroups32
204 __NR_setregid32
205 __NR_setresgid32
206 __NR_setresuid32
207 __NR_setreuid32
208 __NR_setsockopt
209 __NR_setuid32
210 __NR_sgetmask
211 __NR_shmat
212 __NR_shmctl
213 __NR_shmdt
214 __NR_shmget
215 __NR_shutdown
216 __NR_sigaction
217 __NR_signal
218 __NR_signalfd
219 __NR_sigpending
220 __NR_sigprocmask
221 __NR_sigreturn
222 __NR_sigsuspend
223 __NR_socket
224 __NR_socketcall
225 __NR_socketpair
226 __NR_spu_create
227 __NR_spu_run
228 __NR_ssetmask
229 __NR_stat
230 __NR_stat64
231 __NR_statfs64
232 __NR_stime
233 __NR_stty
234 __NR_subpage_prot
235 __NR_swapcontext
236 __NR_switch_endian
237 __NR_symlink
238 __NR_sync_file_range
239 __NR_sync_file_range2
240 __NR_sys_debug_setcontext
241 __NR_syscall
242 __NR_sysfs
243 __NR_sysmips
244 __NR_time
245 __NR_timerfd
246 __NR_truncate64
247 __NR_tuxcall
248 __NR_ugetrlimit
249 __NR_ulimit
250 __NR_umount
251 __NR_unlink
252 __NR_uselib
253 __NR_userfaultfd
254 __NR_usr26
255 __NR_usr32
256 __NR_ustat
257 __NR_utime
258 __NR_utimes
259 __NR_vfork
260 __NR_vm86
261 __NR_vm86old
262 __NR_vserver
263 __NR_waitpid
264 __PNR__llseek
265 __PNR__newselect
266 __PNR__sysctl
267 __PNR_accept
268 __PNR_accept4
269 __PNR_access
270 __PNR_afs_syscall
271 __PNR_alarm
272 __PNR_arch_prctl
273 __PNR_arm_fadvise64_64
274 __PNR_arm_sync_file_range
275 __PNR_bdflush
276 __PNR_bind
277 __PNR_break
278 __PNR_breakpoint
279 __PNR_cachectl
280 __PNR_cacheflush
281 __PNR_chmod
282 __PNR_chown
283 __PNR_chown32
284 __PNR_connect
285 __PNR_creat
286 __PNR_create_module
287 __PNR_dup2
288 __PNR_epoll_create
289 __PNR_epoll_ctl_old
290 __PNR_epoll_wait
291 __PNR_epoll_wait_old
292 __PNR_eventfd
293 __PNR_fadvise64
294 __PNR_fadvise64_64
295 __PNR_fchown32
296 __PNR_fcntl64
297 __PNR_fork
298 __PNR_fstat64
299 __PNR_fstatat64
300 __PNR_fstatfs64
301 __PNR_ftime
302 __PNR_ftruncate64
303 __PNR_futimesat
304 __PNR_get_kernel_syms
305 __PNR_get_mempolicy
306 __PNR_get_thread_area
307 __PNR_getdents
308 __PNR_getegid32
309 __PNR_geteuid32
310 __PNR_getgid32
311 __PNR_getgroups32
312 __PNR_getpeername
313 __PNR_getpgrp
314 __PNR_getpmsg
315 __PNR_getrandom
316 __PNR_getresgid32
317 __PNR_getresuid32
318 __PNR_getrlimit
319 __PNR_getsockname
320 __PNR_getsockopt
321 __PNR_getuid32
322 __PNR_gtty
323 __PNR_idle
324 __PNR_inotify_init
325 __PNR_ioperm
326 __PNR_iopl
327 __PNR_ipc
328 __PNR_kexec_file_load
329 __PNR_lchown
330 __PNR_lchown32
331 __PNR_link
332 __PNR_listen
333 __PNR_lock
334 __PNR_lstat
335 __PNR_lstat64
336 __PNR_mbind
337 __PNR_membarrier
338 __PNR_memfd_create
339 __PNR_migrate_pages
340 __PNR_mkdir
341 __PNR_mknod
342 __PNR_mmap
343 __PNR_mmap2
344 __PNR_modify_ldt
345 __PNR_move_pages
346 __PNR_mpx
347 __PNR_msgctl
348 __PNR_msgget
349 __PNR_msgrcv
350 __PNR_msgsnd
351 __PNR_multiplexer
352 __PNR_newfstatat
353 __PNR_nfsservctl
354 __PNR_nice
355 __PNR_oldfstat
356 __PNR_oldlstat
357 __PNR_oldolduname
358 __PNR_oldstat
359 __PNR_olduname
360 __PNR_oldwait4
361 __PNR_open
362 __PNR_pause
363 __PNR_pciconfig_iobase
364 __PNR_pciconfig_read
365 __PNR_pciconfig_write
366 __PNR_pipe
367 __PNR_poll
368 __PNR_prof
369 __PNR_profil
370 __PNR_putpmsg
371 __PNR_query_module
372 __PNR_readdir
373 __PNR_readlink
374 __PNR_recv
375 __PNR_recvfrom
376 __PNR_recvmmsg
377 __PNR_recvmsg
378 __PNR_rename
379 __PNR_rmdir
380 __PNR_rtas
381 __PNR_s390_pci_mmio_read
382 __PNR_s390_pci_mmio_write
383 __PNR_s390_runtime_instr
384 __PNR_security
385 __PNR_select
386 __PNR_semctl
387 __PNR_semget
388 __PNR_semop
389 __PNR_semtimedop
390 __PNR_send
391 __PNR_sendfile64
392 __PNR_sendmmsg
393 __PNR_sendmsg
394 __PNR_sendto
395 __PNR_set_mempolicy
396 __PNR_set_thread_area
397 __PNR_set_tls
398 __PNR_setfsgid32
399 __PNR_setfsuid32
400 __PNR_setgid32
401 __PNR_setgroups32
402 __PNR_setregid32
403 __PNR_setresgid32
404 __PNR_setresuid32
405 __PNR_setreuid32
406 __PNR_setsockopt
407 __PNR_setuid32
408 __PNR_sgetmask
409 __PNR_shmat
410 __PNR_shmctl
411 __PNR_shmdt
412 __PNR_shmget
413 __PNR_shutdown
414 __PNR_sigaction
415 __PNR_signal
416 __PNR_signalfd
417 __PNR_sigpending
418 __PNR_sigprocmask
419 __PNR_sigreturn
420 __PNR_sigsuspend
421 __PNR_socket
422 __PNR_socketcall
423 __PNR_socketpair
424 __PNR_spu_create
425 __PNR_spu_run
426 __PNR_ssetmask
427 __PNR_stat
428 __PNR_stat64
429 __PNR_statfs64
430 __PNR_stime
431 __PNR_stty
432 __PNR_subpage_prot
433 __PNR_swapcontext
434 __PNR_switch_endian
435 __PNR_symlink
436 __PNR_sync_file_range
437 __PNR_sync_file_range2
438 __PNR_sys_debug_setcontext
439 __PNR_syscall
440 __PNR_sysfs
441 __PNR_sysmips
442 __PNR_time
443 __PNR_timerfd
444 __PNR_truncate64
445 __PNR_tuxcall
446 __PNR_ugetrlimit
447 __PNR_ulimit
448 __PNR_umount
449 __PNR_unlink
450 __PNR_uselib
451 __PNR_userfaultfd
452 __PNR_usr26
453 __PNR_usr32
454 __PNR_ustat
455 __PNR_utime
456 __PNR_utimes
457 __PNR_vfork
458 __PNR_vm86
459 __PNR_vm86old
460 __PNR_vserver
461 __PNR_waitpid/]
462);
463
464$EXPORT_TAGS{all} = [@{$EXPORT_TAGS{functions}}, @{$EXPORT_TAGS{macros}}];
465our @EXPORT_OK = @{$EXPORT_TAGS{all}};
466our @EXPORT = @{$EXPORT_TAGS{macros}};
467
468our $VERSION;
469BEGIN{
a8d04cb2 470 $VERSION = '0.002001';
bcf524c1
MG
471}
472
473sub AUTOLOAD {
474 my $constname;
475 our $AUTOLOAD;
476 ($constname = $AUTOLOAD) =~ s/.*:://;
477 croak "&Linux::Seccomp::constant not defined" if $constname eq 'constant';
478 my ($error, $val) = constant($constname);
479 if ($error) { croak $error; }
480 {
481 no strict 'refs';
482 *$AUTOLOAD = sub { $val };
483 }
484 goto &$AUTOLOAD;
485}
486
487BEGIN {
488 require XSLoader;
489 XSLoader::load('Linux::Seccomp', $VERSION);
490}
491
492sub new {
493 my ($ign, $def_action) = @_;
494 init $def_action
495}
496
497sub DESTROY {
498 shift->release
499}
500
501my %COMPARE_OP_TBL = (
502 '!=' => SCMP_CMP_NE(),
503 ne => SCMP_CMP_NE(),
504 '<' => SCMP_CMP_LT(),
505 lt => SCMP_CMP_LT(),
506 '<=' => SCMP_CMP_LE(),
507 le => SCMP_CMP_LE(),
508 '==' => SCMP_CMP_EQ(),
509 eq => SCMP_CMP_EQ(),
510 '>=' => SCMP_CMP_GE(),
511 ge => SCMP_CMP_GE(),
512 '>' => SCMP_CMP_GT(),
513 gt => SCMP_CMP_GT(),
514 '=~' => SCMP_CMP_MASKED_EQ(),
515 me => SCMP_CMP_MASKED_EQ(),
516
517 SCMP_CMP_NE() => SCMP_CMP_NE(),
518 SCMP_CMP_LT() => SCMP_CMP_LT(),
519 SCMP_CMP_LE() => SCMP_CMP_LE(),
520 SCMP_CMP_EQ() => SCMP_CMP_EQ(),
521 SCMP_CMP_GE() => SCMP_CMP_GE(),
522 SCMP_CMP_GT() => SCMP_CMP_GT(),
523 SCMP_CMP_MASKED_EQ() => SCMP_CMP_MASKED_EQ(),
524);
525
526sub _mangle_rule_add_args {
527 my @args = map {
528 my $op = $_->[1];
529 $_->[1] = $COMPARE_OP_TBL{$op} or croak "No mapping for compare operator '$op'";
530 make_arg_cmp (@$_)
531 } @_;
532 \@args
533}
534
535sub rule_add {
536 rule_add_array (shift, shift, shift, _mangle_rule_add_args (@_));
537}
538
539sub rule_add_exact {
540 rule_add_exact_array (shift, shift, shift, _mangle_rule_add_args (@_));
541}
542
5431;
544__END__
545
546=encoding utf-8
547
548=head1 NAME
549
550Linux::Seccomp - Interface to libseccomp Linux syscall filtering library
551
552=head1 SYNOPSIS
553
554 use Linux::Seccomp ':all';
555 my $ctx = Linux::Seccomp->new(SCMP_ACT_ALLOW);
556 # Block writes to STDERR
557 $ctx->rule_add(SCMP_ACT_KILL, syscall_resolve_name('write'), [0, '==', 2]);
558 $ctx->load;
559 $| = 1;
560 print STDOUT "Hello world!\n"; # works
561 print STDERR "Goodbye world!\n"; # Killed
562 print STDOUT "Hello again world!\n"; # never reached
563
564=head1 DESCRIPTION
565
566Secure Computing (seccomp) is Linux's system call filtering mechanism.
567This system can operate in two modes: I<strict>, where only a very
568small number of system calls are allowed and the more modern I<filter>
569(or seccomp mode 2) which permits advanced filtering of system calls.
570This module is only concerned with the latter.
571
572Linux::Seccomp is a Perl interface to the
573L<libseccomp|https://github.com/seccomp/libseccomp> library which
574provides a simple way to use seccomp mode 2.
575
576It should be mentioned that this module is not production-ready at the
577moment -- work needs to be done to port the libseccomp testsuite and
578the documentation needs to be improved.
579
580Basic usage of this module is straightforward: Create a filter using
581the B<new> method, add rules to it using the B<rule_add> method
582several times, and finally load the filter into the kernel using the
583B<load> method. An example of this can be seen in the SYNOPSIS.
584
585=head1 METHODS
586
587Most methods die on error.
588
589=over
590
53e03791 591=item I<$ctx> = Linux::Seccomp->B<new>(I<$def_action>)
bcf524c1
MG
592
593Creates a new C<Linux::Seccomp> filter, with the default action for
594unhandled syscalls being I<$def_action>. Possible values for
595I<$def_action> are:
596
597=over
598
599=item SCMP_ACT_KILL
600
601The thread will be terminated by the kernel with SIGSYS when it calls
602a syscall that does not match any of the configured seccomp filter
603rules. The thread will not be able to catch the signal.
604
605=item SCMP_ACT_TRAP
606
607The thread will be sent a SIGSYS signal when it calls a syscall that
608does not match any of the configured seccomp filter rules. It may
609catch this and change its behavior accordingly. When using SA_SIGINFO
610with L<sigaction(2)>, si_code will be set to SYS_SECCOMP, si_syscall
611will be set to the syscall that failed the rules, and si_arch will be
612set to the AUDIT_ARCH for the active ABI.
613
614=item SCMP_ACT_ERRNO(I<$errno>)
615
616The thread will receive a return value of I<$errno> when it calls a
617syscall that does not match any of the configured seccomp filter
618rules.
619
620=item SCMP_ACT_TRACE(I<$msg_num>)
621
622If the thread is being traced and the tracing process specified the
623PTRACE_O_TRACESECCOMP option in the call to L<ptrace(2)>, the tracing
624process will be notified, via PTRACE_EVENT_SECCOMP, and the value
625provided in msg_num can be retrieved using the PTRACE_GETEVENTMSG
626option.
627
628=item SCMP_ACT_ALLOW
629
630The seccomp filter will have no effect on the thread calling the
631syscall if it does not match any of the configured seccomp filter
632rules.
633
634=back
635
636See L<seccomp_init(3)>.
637
638=item I<$ctx>->B<rule_add>(I<$action>, I<$syscall>, I<@args>)
639
640Adds a rule to the filter. If a system call with number I<$syscall>
641whose arguments match I<@args> is called, I<$action> will be taken.
642
643I<$action> can be any of the C<SCMP_ACT_*> macros listed above.
644
645I<@args> is a list of 0 or more constraints on the arguments to the
646syscall. Each constraint is an arrayref with 3 or 4 elements: C<[$arg,
647$op, $datum_a, $datum_b]> where I<$arg> is the index of the argument
648we are comparing. I<$op> is as follows:
649
650=over
651
652=item SCMP_CMP_NE
53e03791 653
bcf524c1 654=item '!='
53e03791 655
bcf524c1
MG
656=item 'ne'
657
658Matches when the argument value is not equal to I<$datum_a>.
659
660=item SCMP_CMP_LT
53e03791 661
bcf524c1 662=item '<'
53e03791 663
bcf524c1
MG
664=item 'lt'
665
666Matches when the argument value is less than I<$datum_a>.
667
668=item SCMP_CMP_LE
53e03791 669
bcf524c1 670=item '<='
53e03791 671
bcf524c1
MG
672=item 'le'
673
674Matches when the argument value is less than or equal to I<$datum_a>.
675
676=item SCMP_CMP_EQ
53e03791 677
bcf524c1 678=item '=='
53e03791 679
bcf524c1
MG
680=item 'eq'
681
682Matches when the argument value is equal to I<$datum_a>.
683
684=item SCMP_CMP_GE
53e03791 685
bcf524c1 686=item '>='
53e03791 687
bcf524c1
MG
688=item 'ge'
689
690Matches when the argument value is greater than or equal to I<$datum_a>.
691
692=item SCMP_CMP_GT
53e03791 693
bcf524c1 694=item '>'
53e03791 695
bcf524c1
MG
696=item 'gt'
697
698Matches when the argument value is greater than I<$datum_a>.
699
700=item SCMP_CMP_MASKED_EQ
53e03791 701
bcf524c1 702=item '=~'
53e03791 703
bcf524c1
MG
704=item 'me'
705
706Matches when the argument value masked with I<$datum_a> is equal to I<$datum_b> masked with I<$datum_a>.
707
708=back
709
710See L<seccomp_rule_add(3)>.
711
712=item I<$ctx>->B<arch_add>(I<$arch_token>)
713
714Add an architecture to the filter. The native architecture is added by
715default.
716See L<seccomp_arch_add(3)>.
717
718=item I<$ctx>->B<arch_exists>(I<$arch_token>)
719
720Returns true if the given architecture is in the filter, false
721otherwise.
53e03791 722See L<seccomp_arch_add(3)>.
bcf524c1
MG
723
724=item I<$ctx>->B<arch_remove>(I<$arch_token>)
725
726Removes an architecture from the filter.
53e03791 727See L<seccomp_arch_add(3)>.
bcf524c1
MG
728
729=item I<$ctx>->B<attr_get>(I<$attr>)
730
731Returns the value of an attribute. The attributes are:
732
733=over
734
735=item SCMP_FLTATR_ACT_DEFAULT
736
737The default filter action as specified in the call to B<new>. Read-only.
738
739=item SCMP_FLTATR_ACT_BADARCH
740
741The filter action taken when the loaded filter does not match the
742architecture of the executing application. Defaults to SCMP_ACT_KILL.
743
744=item SCMP_FLTATR_CTL_NNP
745
746Specifies whether to turn on NO_NEW_PRIVS functionality when B<load>
747is called. Defaults to 1 (on). If this flag is turned off then the
748calling process must have CAP_SYS_ADMIN (or else the call to B<load>
749will fail).
750
751=item SCMP_FLTATR_CTL_TSYNC
752
753Specifies whether the kernel should synchronize the filters accross
754all threads when B<load> is called. Defaults to 0 (off).
755
756=back
757
758See L<seccomp_attr_get(3)>.
759
760=item I<$ctx>->B<attr_set>(I<$attr>, I<$value>)
761
762Sets an attribute to the given value. The attributes are the ones from
763the list above except for SCMP_FLTATR_ACT_DEFAULT which is read-only.
764See L<seccomp_attr_get(3)>.
765
766=item I<$ctx>->B<export_bpf>(I<$fh>)
767
768Writes the BPF (Berkeley Packet Filter) representation of the filter
769to the given file handle.
770See L<seccomp_export_bpf(3)>.
771
772=item I<$ctx>->B<export_pfc>(I<$fh>)
773
774Writes the PFC (Pseudo Filter Code) representation of the filter to
775the given file handle.
776See L<seccomp_export_bpf(3)>.
777
778=item I<$ctx>->B<load>
779
780Loads the filter into the kernel.
781See L<seccomp_load(3)>.
782
783=back
784
785=head1 FUNCTIONS
786
787None exported by default. These functions die on error.
788
789=over
790
791=item B<arch_native>
792
793Returns the arch token for the native architecture.
794See L<seccomp_arch_add(3)>.
795
796=item B<arch_resolve_name>(I<$arch_name>)
797
798Returns the arch token for a named architecture.
799See L<seccomp_arch_add(3)>.
800
801=item B<syscall_resolve_name>(I<$name>)
802
803Resolves a system call name to its number for the native architecture. A negative pseudo syscall number is returned if the architecture does not have the given syscall.
804See L<seccomp_syscall_resolve_name(3)>.
805
806=item B<syscall_resolve_name_arch>(I<$arch_token>, I<$name>)
807
808Resolves a system call name to its number for a given architecture. A negative pseudo syscall number is returned if the architecture does not have the given syscall.
809See L<seccomp_syscall_resolve_name(3)>.
810
811=item B<syscall_resolve_name_rewrite>(I<$arch_token>, I<$name>)
812
813Resolves a system call name to its number for a given architecture. A negative pseudo syscall number is returned if the architecture does not have the given syscall. In contrast to the previous function, this function tries to obtain the actual syscall number in cases where the previous function would return a pseudo syscall number.
814See L<seccomp_syscall_resolve_name(3)>.
815
816=item B<syscall_resolve_num_arch>(I<$arch_token>, I<$num>)
817
818Returns the name of the system call with the given number on the given architecture.
819See L<seccomp_syscall_resolve_name(3)>.
820
821=item B<version>
822
823Returns the version of libseccomp as a three-element arrayref:
824[$major_version, $minor_version, $micro_version].
825
826=back
827
828=head1 CONSTANTS
829
830All exported by default. Most of the SCMP_ constants were seen above.
831Here is a list of all of them:
832
833 SCMP_ACT_ALLOW
834 SCMP_ACT_KILL
835 SCMP_ACT_TRAP
836 SCMP_ARCH_AARCH64
837 SCMP_ARCH_ARM
838 SCMP_ARCH_MIPS
839 SCMP_ARCH_MIPS64
840 SCMP_ARCH_MIPS64N32
841 SCMP_ARCH_MIPSEL
842 SCMP_ARCH_MIPSEL64
843 SCMP_ARCH_MIPSEL64N32
844 SCMP_ARCH_NATIVE
845 SCMP_ARCH_PPC
846 SCMP_ARCH_PPC64
847 SCMP_ARCH_PPC64LE
848 SCMP_ARCH_S390
849 SCMP_ARCH_S390X
850 SCMP_ARCH_X32
851 SCMP_ARCH_X86
852 SCMP_ARCH_X86_64
853 SCMP_CMP_EQ
854 SCMP_CMP_GE
855 SCMP_CMP_GT
856 SCMP_CMP_LE
857 SCMP_CMP_LT
858 SCMP_CMP_MASKED_EQ
859 SCMP_CMP_NE
860 SCMP_FLTATR_ACT_BADARCH
861 SCMP_FLTATR_ACT_DEFAULT
862 SCMP_FLTATR_CTL_NNP
863 SCMP_FLTATR_CTL_TSYNC
864 SCMP_VER_MAJOR
865 SCMP_VER_MICRO
866 SCMP_VER_MINOR
867
868Besides the SCMP_ constants, the module also provides a long list of
869__NR_syscall and __PNR_syscall constants that represent real and
870pseudo syscall numbers for many common system calls. A full list can
871be found in the source code of this module. See also the
872B<syscall_resolve_name> family of functions above which is more
873flexible than this set of constants.
874
875=head1 SEE ALSO
876
877L<https://github.com/seccomp/libseccomp>
878
879=head1 AUTHOR
880
881Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
882
883=head1 COPYRIGHT AND LICENSE
884
885Copyright (C) 2016 by Marius Gavrilescu
886
887This library is free software; you can redistribute it and/or modify
888it under the same terms as Perl itself, either Perl version 5.24.0 or,
889at your option, any later version of Perl 5 you may have available.
890
891
892=cut
This page took 0.095504 seconds and 4 git commands to generate.