diff options
author | Daniel Borkmann <dborkman@redhat.com> | 2013-06-15 16:55:29 +0200 |
---|---|---|
committer | Daniel Borkmann <dborkman@redhat.com> | 2013-06-15 16:55:29 +0200 |
commit | f5c440184fb7c02d420e3c4274e63474c74bbeff (patch) | |
tree | bab036547975be780aade1799e523f4fad1a42f9 | |
parent | f068acf8817fc41e48c053afc9b32d36c923e18b (diff) |
man: bpfc: add example of loadable x86_64 seccomp-BPF filter
Add the example in bpfc code from http://outflux.net/teach-seccomp/
to the man page, so that people can also experiment with seccomp
bpf and to demonstrate that there are no limits on bpfc when it
comes to this. Actually this code is even more efficient than the
one given in the example URL above.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
-rw-r--r-- | bpfc.8 | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -264,6 +264,24 @@ words, some small example filter programs: pass: ret #-1 drop: ret #0 .PP +.SS A loadable x86_64 seccomp-BPF filter to allow a given set of syscalls: +.PP + ld [4] /* offsetof(struct seccomp_data, arch) */ + jne #0xc000003e, bad /* AUDIT_ARCH_X86_64 */ + ld [0] /* offsetof(struct seccomp_data, nr) */ + jeq #15, good /* __NR_rt_sigreturn */ + jeq #231, good /* __NR_exit_group */ + jeq #60, good /* __NR_exit */ + jeq #0, good /* __NR_read */ + jeq #1, good /* __NR_write */ + jeq #5, good /* __NR_fstat */ + jeq #9, good /* __NR_mmap */ + jeq #14, good /* __NR_rt_sigprocmask */ + jeq #13, good /* __NR_rt_sigaction */ + jeq #35, good /* __NR_nanosleep */ + bad: ret #0 /* SECCOMP_RET_KILL */ + good: ret #0x7fff0000 /* SECCOMP_RET_ALLOW */ +.PP .SS Allow any (hardware accelerated) VLAN: .PP ld vlanp |