Commit | Line | Data |
---|---|---|
8befd5cc MG |
1 | .TH "seccomp_merge" 3 "28 September 2012" "paul@paul-moore.com" "libseccomp Documentation" |
2 | .\" ////////////////////////////////////////////////////////////////////////// | |
3 | .SH NAME | |
4 | .\" ////////////////////////////////////////////////////////////////////////// | |
5 | seccomp_merge \- Merge two seccomp filters | |
6 | .\" ////////////////////////////////////////////////////////////////////////// | |
7 | .SH SYNOPSIS | |
8 | .\" ////////////////////////////////////////////////////////////////////////// | |
9 | .nf | |
10 | .B #include <seccomp.h> | |
11 | .sp | |
12 | .B typedef void * scmp_filter_ctx; | |
13 | .sp | |
14 | .BI "int seccomp_merge(scmp_filter_ctx " dst ", scmp_filter_ctx " src ");" | |
15 | .sp | |
16 | Link with \fI\-lseccomp\fP. | |
17 | .fi | |
18 | .\" ////////////////////////////////////////////////////////////////////////// | |
19 | .SH DESCRIPTION | |
20 | .\" ////////////////////////////////////////////////////////////////////////// | |
21 | .P | |
22 | The | |
23 | .BR seccomp_merge () | |
24 | function merges the seccomp filter in | |
25 | .I src | |
26 | with the filter in | |
27 | .I dst | |
28 | and stores the resulting in the | |
29 | .I dst | |
30 | filter. If successfull, the | |
31 | .I src | |
32 | seccomp filter is released and all internal memory assocated with the filter | |
33 | is freed; there is no need to call | |
34 | .BR seccomp_release (3) | |
35 | on | |
36 | .I src | |
37 | and the caller should discard any references to the filter. | |
38 | .P | |
39 | In order to merge two seccomp filters, both filters must have the same | |
40 | attribute values and no overlapping architectures. | |
41 | .\" ////////////////////////////////////////////////////////////////////////// | |
42 | .SH RETURN VALUE | |
43 | .\" ////////////////////////////////////////////////////////////////////////// | |
44 | Returns zero on success and negative values on failure. | |
45 | .\" ////////////////////////////////////////////////////////////////////////// | |
46 | .SH EXAMPLES | |
47 | .\" ////////////////////////////////////////////////////////////////////////// | |
48 | .nf | |
49 | #include <seccomp.h> | |
50 | ||
51 | int main(int argc, char *argv[]) | |
52 | { | |
53 | int rc = \-1; | |
54 | scmp_filter_ctx ctx_32, ctx_64; | |
55 | ||
56 | ctx_32 = seccomp_init(SCMP_ACT_KILL); | |
57 | if (ctx_32 == NULL) | |
58 | goto out_all; | |
59 | ctx_64 = seccomp_init(SCMP_ACT_KILL); | |
60 | if (ctx_64 == NULL) | |
61 | goto out_all; | |
62 | ||
63 | if (seccomp_arch_exist(ctx_32, SCMP_ARCH_X86) == \-EEXIST) { | |
64 | rc = seccomp_arch_add(ctx_32, SCMP_ARCH_X86); | |
65 | if (rc != 0) | |
66 | goto out_all; | |
67 | rc = seccomp_arch_remove(ctx_32, SCMP_ARCH_NATIVE); | |
68 | if (rc != 0) | |
69 | goto out_all; | |
70 | } | |
71 | if (seccomp_arch_exist(ctx_64, SCMP_ARCH_X86_64) == \-EEXIST) { | |
72 | rc = seccomp_arch_add(ctx_64, SCMP_ARCH_X86_64); | |
73 | if (rc != 0) | |
74 | goto out_all; | |
75 | rc = seccomp_arch_remove(ctx_64, SCMP_ARCH_NATIVE); | |
76 | if (rc != 0) | |
77 | goto out_all; | |
78 | } | |
79 | ||
80 | /* ... */ | |
81 | ||
82 | rc = seccomp_merge(ctx_64, ctx_32); | |
83 | if (rc != 0) | |
84 | goto out_all; | |
85 | ||
86 | /* NOTE: the 'ctx_32' filter is no longer valid at this point */ | |
87 | ||
88 | /* ... */ | |
89 | ||
90 | out: | |
91 | seccomp_release(ctx_64); | |
92 | return \-rc; | |
93 | out_all: | |
94 | seccomp_release(ctx_32); | |
95 | goto out; | |
96 | } | |
97 | .fi | |
98 | .\" ////////////////////////////////////////////////////////////////////////// | |
99 | .SH NOTES | |
100 | .\" ////////////////////////////////////////////////////////////////////////// | |
101 | .P | |
102 | While the seccomp filter can be generated independent of the kernel, kernel | |
103 | support is required to load and enforce the seccomp filter generated by | |
104 | libseccomp. | |
105 | .P | |
106 | The libseccomp project site, with more information and the source code | |
107 | repository, can be found at https://github.com/seccomp/libseccomp. This tool, | |
108 | as well as the libseccomp library, is currently under development, please | |
109 | report any bugs at the project site or directly to the author. | |
110 | .\" ////////////////////////////////////////////////////////////////////////// | |
111 | .SH AUTHOR | |
112 | .\" ////////////////////////////////////////////////////////////////////////// | |
113 | Paul Moore <paul@paul-moore.com> | |
114 | .\" ////////////////////////////////////////////////////////////////////////// | |
115 | .SH SEE ALSO | |
116 | .\" ////////////////////////////////////////////////////////////////////////// | |
117 | .BR seccomp_init (3), | |
118 | .BR seccomp_reset (3), | |
119 | .BR seccomp_arch_add (3), | |
120 | .BR seccomp_arch_remove (3), | |
121 | .BR seccomp_attr_get (3), | |
122 | .BR seccomp_attr_set (3) |