Reputation: 1136
load seccomp_export_bpf generated code into the kernel
http://man7.org/linux/man-pages/man3/seccomp_export_bpf.3.html how can I load the generated code into kernel? Which are possible use cases for this function?
Upvotes: 0
Views: 176
Answers (1)
Reputation: 13133
How can I load the generated code into kernel?
If you're using seccomp_export_bpf(const scmp_filter_ctx ctx, int fd), then you already have an initialized scmp_filter_ctx object, ctx, in which case, you can simply do:
int rc = seccomp_load(ctx);
No need to use seccomp_export_bpf to load the filter in the kernel.
Which are possible use cases for this function?
I'm guessing seccomp_export_bpf is mostly useful when you want to keep a copy of your filter on disk for future use. For example, you could do (from the man page example):
filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
if (filter_fd == -1) {
rc = -errno;
goto out;
}
rc = seccomp_export_bpf(ctx, filter_fd);
To then load that exported filter in the kernel you could do:
char filter[4096];
int length = read(0, filter, 4096);
if (length < 0) {
goto out;
}
struct sock_fprog bpf_prog = {
.len = length / sizeof(struct sock_filter),
.filter = filter,
};
rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &bpf_prog);
Upvotes: 3
Related Questions
- How to list all bpf program which is loaded into kernel ? (e.g. tc-bpf)
- Accessing BPF maps from kernel space
- How to use seccomp filter with ebpf?
- How to write a seccomp BPF program to filter the system call instruction pointer
- How can I attached a BPF program to a kernel function via a kprobe?
- seccomp system call priority values 65535
- how to use seccomp_release libseccomp?
- How does seccomp-bpf filter syscalls?
- How to use BPF to filter kernel function arguments?
- seccomp-bpf - how can i use bpf to filter the arguments of a system call?