Happy Thanksgiving Holidays,
Today, I am happy to welcome Simon Sweetman (Chubler_XL) to the Moderation Team to help provide us some important coverage from (Down Under) Australia.
Simon is a Senior Analyst Programmer/Developer at Cedar Creek Company in Brisbane, Australia and his LinkedIn... (7 Replies)
Dear All,
I am very pleased to announce that Dave Munro (gull04) is joining the Moderation Team, after being a very valuable member of UNIX.com for 15+ years.
Dave is an IT Consultant with 30 years of experience this year, has worked in many of the industry vertical market segments and has... (6 Replies)
seccomp_export_bpf(3) libseccomp Documentation seccomp_export_bpf(3)NAME
seccomp_export_bpf, seccomp_export_pfc - Export the seccomp filter
SYNOPSIS
#include <seccomp.h>
typedef void * scmp_filter_ctx;
int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);
Link with -lseccomp.
DESCRIPTION
The seccomp_export_bpf() and seccomp_export_pfc() functions generate and output the current seccomp filter in either BPF (Berkley Packet
Filter) or PFC (Pseudo Filter Code). The output of seccomp_export_bpf() is suitable for loading into the kernel, while the output of sec-
comp_export_pfc() is human readable and is intended primarily as a debugging tool for developers using libseccomp. Both functions write
the filter to the fd file descriptor.
The filter context ctx is the value returned by the call to seccomp_init(3).
While the two output formats are guaranteed to be functionally equivalent for the given seccomp filter configuration, the filter instruc-
tions, and their ordering, are not guaranteed to be the same in both the BPF and PFC formats.
RETURN VALUE
Returns zero on success, negative errno values on failure.
EXAMPLES
#include <seccomp.h>
int main(int argc, char *argv[])
{
int rc = -1;
scmp_filter_ctx ctx;
int filter_fd;
ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL)
goto out;
/* ... */
filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
if (filter_fd == -1) {
rc = -errno;
goto out;
}
rc = seccomp_export_bpf(ctx, filter_fd);
if (rc < 0) {
close(filter_fd);
goto out;
}
close(filter_fd);
/* ... */
out:
seccomp_release(ctx);
return -rc;
}
NOTES
While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter gen-
erated by libseccomp.
The libseccomp project site, with more information and the source code repository, can be found at http://libseccomp.sf.net. This library
is currently under development, please report any bugs at the project site or directly to the author.
AUTHOR
Paul Moore <paul@paul-moore.com>
SEE ALSO seccomp_init(3), seccomp_release(3)paul@paul-moore.com 25 July 2012 seccomp_export_bpf(3)