2 * seccomp example with syscall reporting
4 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
6 * Kees Cook <keescook@chromium.org>
7 * Will Drewry <wad@chromium.org>
9 * Use of this source code is governed by a BSD-style license that can be
10 * found in the LICENSE file.
17 #include <libubox/utils.h>
18 #include <libubox/blobmsg.h>
19 #include <libubox/blobmsg_json.h>
23 #include "seccomp-oci.h"
25 int install_syscall_filter(const char *argv
, const char *file
)
27 struct blob_buf b
= { 0 };
28 struct sock_fprog
*prog
= NULL
;
30 DEBUG("%s: setting up syscall filter\n", argv
);
33 if (!blobmsg_add_json_from_file(&b
, file
)) {
34 ERROR("%s: failed to load %s\n", argv
, file
);
38 prog
= parseOCIlinuxseccomp(b
.head
);
40 ERROR("%s: failed to parse seccomp filter rules %s\n", argv
, file
);
44 return applyOCIlinuxseccomp(prog
);