| 18-basic-whitelist.c | 18-basic-whitelist.c | |||
|---|---|---|---|---|
| /** | /** | |||
| * Seccomp Library test program | * Seccomp Library test program | |||
| * | * | |||
| * Copyright (c) 2012 Red Hat <pmoore@redhat.com> | * Copyright (c) 2013 Red Hat <pmoore@redhat.com> | |||
| * Author: Paul Moore <pmoore@redhat.com> | * Author: Paul Moore <pmoore@redhat.com> | |||
| */ | */ | |||
| /* | /* | |||
| * This library is free software; you can redistribute it and/or modify it | * This library is free software; you can redistribute it and/or modify it | |||
| * under the terms of version 2.1 of the GNU Lesser General Public License as | * under the terms of version 2.1 of the GNU Lesser General Public License as | |||
| * published by the Free Software Foundation. | * published by the Free Software Foundation. | |||
| * | * | |||
| * This library is distributed in the hope that it will be useful, but WITH OUT | * This library is distributed in the hope that it will be useful, but WITH OUT | |||
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |||
| skipping to change at line 42 | skipping to change at line 42 | |||
| scmp_filter_ctx ctx; | scmp_filter_ctx ctx; | |||
| rc = util_getopt(argc, argv, &opts); | rc = util_getopt(argc, argv, &opts); | |||
| if (rc < 0) | if (rc < 0) | |||
| goto out; | goto out; | |||
| ctx = seccomp_init(SCMP_ACT_ALLOW); | ctx = seccomp_init(SCMP_ACT_ALLOW); | |||
| if (ctx == NULL) | if (ctx == NULL) | |||
| goto out; | goto out; | |||
| #if 1 | ||||
| rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 2, | ||||
| SCMP_A0(SCMP_CMP_EQ, 0), | ||||
| SCMP_A1(SCMP_CMP_EQ, 1)); | ||||
| if (rc != 0) | ||||
| goto out; | ||||
| rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, | ||||
| SCMP_A1(SCMP_CMP_MASKED_EQ, 0x00ff, 2)); | ||||
| if (rc != 0) | ||||
| goto out; | ||||
| #else | ||||
| rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(read), 1, | rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(read), 1, | |||
| SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); | SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); | |||
| if (rc != 0) | if (rc != 0) | |||
| goto out; | goto out; | |||
| rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 1, | rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 1, | |||
| SCMP_A0(SCMP_CMP_EQ, STDOUT_FILENO)); | SCMP_A0(SCMP_CMP_EQ, STDOUT_FILENO)); | |||
| if (rc != 0) | if (rc != 0) | |||
| goto out; | goto out; | |||
| skipping to change at line 78 | skipping to change at line 65 | |||
| goto out; | goto out; | |||
| rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(close), 0); | rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(close), 0); | |||
| if (rc != 0) | if (rc != 0) | |||
| goto out; | goto out; | |||
| rc = seccomp_rule_add_exact(ctx, | rc = seccomp_rule_add_exact(ctx, | |||
| SCMP_ACT_KILL, SCMP_SYS(rt_sigreturn), 0 ); | SCMP_ACT_KILL, SCMP_SYS(rt_sigreturn), 0 ); | |||
| if (rc != 0) | if (rc != 0) | |||
| goto out; | goto out; | |||
| #endif | ||||
| rc = util_filter_output(&opts, ctx); | rc = util_filter_output(&opts, ctx); | |||
| if (rc) | if (rc) | |||
| goto out; | goto out; | |||
| out: | out: | |||
| seccomp_release(ctx); | seccomp_release(ctx); | |||
| return (rc < 0 ? -rc : rc); | return (rc < 0 ? -rc : rc); | |||
| } | } | |||
| End of changes. 3 change blocks. | ||||
| 15 lines changed or deleted | 1 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||