]>
Commit | Line | Data |
---|---|---|
1 | .TH "seccomp_export_bpf" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation" | |
2 | .\" ////////////////////////////////////////////////////////////////////////// | |
3 | .SH NAME | |
4 | .\" ////////////////////////////////////////////////////////////////////////// | |
5 | seccomp_export_bpf, seccomp_export_pfc \- Export the seccomp filter | |
6 | .\" ////////////////////////////////////////////////////////////////////////// | |
7 | .SH SYNOPSIS | |
8 | .\" ////////////////////////////////////////////////////////////////////////// | |
9 | .nf | |
10 | .B #include <seccomp.h> | |
11 | .sp | |
12 | .B typedef void * scmp_filter_ctx; | |
13 | .sp | |
14 | .BI "int seccomp_export_bpf(const scmp_filter_ctx " ctx ", int " fd ");" | |
15 | .BI "int seccomp_export_pfc(const scmp_filter_ctx " ctx ", int " fd ");" | |
16 | .sp | |
17 | Link with \fI\-lseccomp\fP. | |
18 | .fi | |
19 | .\" ////////////////////////////////////////////////////////////////////////// | |
20 | .SH DESCRIPTION | |
21 | .\" ////////////////////////////////////////////////////////////////////////// | |
22 | .P | |
23 | The | |
24 | .BR seccomp_export_bpf () | |
25 | and | |
26 | .BR seccomp_export_pfc () | |
27 | functions generate and output the current seccomp filter in either BPF (Berkley | |
28 | Packet Filter) or PFC (Pseudo Filter Code). The output of | |
29 | .BR seccomp_export_bpf () | |
30 | is suitable for loading into the kernel, while the output of | |
31 | .BR seccomp_export_pfc () | |
32 | is human readable and is intended primarily as a debugging tool for developers | |
33 | using libseccomp. Both functions write the filter to the | |
34 | .I fd | |
35 | file descriptor. | |
36 | .P | |
37 | The filter context | |
38 | .I ctx | |
39 | is the value returned by the call to | |
40 | .BR seccomp_init (3). | |
41 | .P | |
42 | While the two output formats are guaranteed to be functionally equivalent for | |
43 | the given seccomp filter configuration, the filter instructions, and their | |
44 | ordering, are not guaranteed to be the same in both the BPF and PFC formats. | |
45 | .\" ////////////////////////////////////////////////////////////////////////// | |
46 | .SH RETURN VALUE | |
47 | .\" ////////////////////////////////////////////////////////////////////////// | |
48 | Returns zero on success, negative errno values on failure. | |
49 | .\" ////////////////////////////////////////////////////////////////////////// | |
50 | .SH EXAMPLES | |
51 | .\" ////////////////////////////////////////////////////////////////////////// | |
52 | .nf | |
53 | #include <seccomp.h> | |
54 | ||
55 | int main(int argc, char *argv[]) | |
56 | { | |
57 | int rc = \-1; | |
58 | scmp_filter_ctx ctx; | |
59 | int filter_fd; | |
60 | ||
61 | ctx = seccomp_init(SCMP_ACT_KILL); | |
62 | if (ctx == NULL) | |
63 | goto out; | |
64 | ||
65 | /* ... */ | |
66 | ||
67 | filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY); | |
68 | if (filter_fd == \-1) { | |
69 | rc = \-errno; | |
70 | goto out; | |
71 | } | |
72 | ||
73 | rc = seccomp_export_bpf(ctx, filter_fd); | |
74 | if (rc < 0) { | |
75 | close(filter_fd); | |
76 | goto out; | |
77 | } | |
78 | close(filter_fd); | |
79 | ||
80 | /* ... */ | |
81 | ||
82 | out: | |
83 | seccomp_release(ctx); | |
84 | return \-rc; | |
85 | } | |
86 | .fi | |
87 | .\" ////////////////////////////////////////////////////////////////////////// | |
88 | .SH NOTES | |
89 | .\" ////////////////////////////////////////////////////////////////////////// | |
90 | .P | |
91 | While the seccomp filter can be generated independent of the kernel, kernel | |
92 | support is required to load and enforce the seccomp filter generated by | |
93 | libseccomp. | |
94 | .P | |
95 | The libseccomp project site, with more information and the source code | |
96 | repository, can be found at https://github.com/seccomp/libseccomp. This tool, | |
97 | as well as the libseccomp library, is currently under development, please | |
98 | report any bugs at the project site or directly to the author. | |
99 | .\" ////////////////////////////////////////////////////////////////////////// | |
100 | .SH AUTHOR | |
101 | .\" ////////////////////////////////////////////////////////////////////////// | |
102 | Paul Moore <paul@paul-moore.com> | |
103 | .\" ////////////////////////////////////////////////////////////////////////// | |
104 | .SH SEE ALSO | |
105 | .\" ////////////////////////////////////////////////////////////////////////// | |
106 | .BR seccomp_init (3), | |
107 | .BR seccomp_release (3) | |
108 |