The raw seccomp API exposes a couple ways to see (and sometimes modify or simulate) syscall numbers and arguments. For example:
TRAP: A signal frame is created. The syscall number and call site (or maybe the return address) are in the siginfo. All of the args are in the struct sigcontext. It should be possible to skip, change, or emulate the syscall by appropriate modification of the signal frame. TRACE: The information can be seen in the user_regs_struct, for example. KILL: I'm not sure. The signal number shows up in dmesg, at least. It would be nice if there was an architecture-independent API in libseccomp to interpret and/or manipulate these things. Have any of you thought about this at all? I can try to hack something up. Doing this for Python will be particularly annoying (and helpful) because Python is currently missing any support for siginfo. My immediate use is that it would be nice for my seccomp-using program to log a useful error before dying if it violates the sandbox. More generally, though, in-process syscall emulation would be useful. --Andy ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ libseccomp-discuss mailing list libseccomp-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
