Hello All,
I am trying to implement seccomp filtering rules to new processes created
through the execution of exec(), execle(), execve().
In the below code segment, my requirement is to apply filtering rules only
to the execution of line "execlp("ls", "-l", "-a", NULL);" Rest of the
program should not be affected by filtering rules.
Please kindly advise on how to achieve the above.
#include <stdio.h>
#include <unistd.h>
#include <seccomp.h>
int main(int argc, char *argv[]) {
scmp_filter_ctx ctx; //seccomp filter reference parameter
int rc = -1;
ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL){
printf("ERROR: Seccomp_init is not initialized\n");
goto out;
}
/* All the syscall filtering rules are defined here... */
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
//....................
//....................
rc = seccomp_load(ctx);
if (rc < 0){
printf("ERROR: Seccomp_load couldn't load successfully\n");
goto out;
}
/* --- Start of the filtered operation ---
My requirment is to apply all the seccomp filtering rules to the execution
of "execlp()".
Rest of the program should not be affected by the system call filtering
rules.
*/
execlp("ls", "-l", "-a", NULL);
/* --- End of the filtered operation --- */
out:
seccomp_release(ctx);
return 0;
}
Your experts comments on this regard would be highly appreciated.
Regards,
Batee
#include <stdio.h>
#include <unistd.h>
#include <seccomp.h>
int main(int argc, char *argv[]) {
scmp_filter_ctx ctx; //seccomp filter reference parameter
int rc = -1;
ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL){
printf("ERROR: Seccomp_init is not initialized\n");
goto out;
}
/* All the syscall filtering rules are defined here... */
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
//....................
//....................
rc = seccomp_load(ctx);
if (rc < 0){
printf("ERROR: Seccomp_load couldn't load successfully\n");
goto out;
}
/* --- Start of the filtered operation ---
My requirment is to apply all the seccomp filtering rules to the execution of "execlp()".
Rest of the program should not be affected by the system call filtering rules.
*/
execlp("ls", "-l", "-a", NULL);
/* --- End of the filtered operation --- */
out:
seccomp_release(ctx);
return 0;
}
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
