From: Vitaly _Vi Shukela <[email protected]>
---
doc/man/man3/seccomp_rule_add.3 | 29 +++++++++++++++++++++++++----
doc/man/man3/seccomp_rule_add_array.3 | 1 +
doc/man/man3/seccomp_rule_add_exact_array.3 | 1 +
3 files changed, 27 insertions(+), 4 deletions(-)
create mode 100644 doc/man/man3/seccomp_rule_add_array.3
create mode 100644 doc/man/man3/seccomp_rule_add_exact_array.3
diff --git a/doc/man/man3/seccomp_rule_add.3 b/doc/man/man3/seccomp_rule_add.3
index eeb61dc..38278e0 100644
--- a/doc/man/man3/seccomp_rule_add.3
+++ b/doc/man/man3/seccomp_rule_add.3
@@ -27,6 +27,13 @@ seccomp_rule_add, seccomp_rule_add_exact \- Add a seccomp
filter rule
.BI "int seccomp_rule_add_exact(scmp_filter_ctx " ctx ", uint32_t " action ","
.BI " int " syscall ", unsigned int " arg_cnt ", "
... ");"
.sp
+.BI "int seccomp_rule_add_array(scmp_filter_ctx " ctx ","
+.BI " uint32_t " action ", int " syscall ", unsigned int " arg_cnt
", "
+.BI " const struct scmp_arg_cmp *"arg_array ");"
+.BI "int seccomp_rule_add_array_exact(scmp_filter_ctx " ctx ","
+.BI " uint32_t " action ", int " syscall ", unsigned int " arg_cnt
","
+.BI " const struct scmp_arg_cmp *"arg_array ");"
+.sp
Link with \fI\-lseccomp\fP.
.fi
.\" //////////////////////////////////////////////////////////////////////////
@@ -49,6 +56,14 @@ filter ruleset,
.BR seccomp_rule_add ()
does guarantee the same behavior regardless of the architecture.
.P
+There are also array versions:
+.BR seccomp_rule_add_array ()
+and
+.BR seccomp_rule_add_array_exact ().
+These functions are the same as seccomp_rule_add and seccomp_rule_add_exact
+respectively, but take array of scmp_filter_ctx structs instead being variadic.
+Use SCMP_A{0-5} and SCMP_CMP macros (see below) to fill in such array.
+.P
The newly added filter rule does not take effect until the entire filter is
loaded into the kernel using
.BR seccomp_load (3).
@@ -59,9 +74,9 @@ and
.BR SCMP_A{0-5} ()
macros generate a scmp_arg_cmp structure for use in
.BR seccomp_rule_add ()
-and
-.BR seccomp_rule_add_exact ().
-The
+,
+.BR seccomp_rule_add_exact ()
+and their array versions. The
.BR SCMP_CMP ()
macro allows the caller to specify an arbitrary argument along with the
comparison operator, mask, and datum values where the
@@ -236,7 +251,13 @@ int main(int argc, char *argv[])
goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
- SCMP_CMP(0, SCMP_CMP_EQ, fd));
+ SCMP_CMP(0, SCMP_CMP_EQ, fd));
+ if (rc < 0)
+ goto out;
+
+ struct scmp_arg_cmp comparations[] = { SCMP_A0(SCMP_CMP_EQ, 2) };
+ rc = seccomp_rule_add_array(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
+ comparations);
if (rc < 0)
goto out;
diff --git a/doc/man/man3/seccomp_rule_add_array.3
b/doc/man/man3/seccomp_rule_add_array.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_array.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
diff --git a/doc/man/man3/seccomp_rule_add_exact_array.3
b/doc/man/man3/seccomp_rule_add_exact_array.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_exact_array.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
--
1.7.11.6.1.gada05e2
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
