diff options
| -rw-r--r-- | bpfc.8 | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -264,6 +264,24 @@ words, some small example filter programs: pass: ret #-1 drop: ret #0 .PP +.SS A loadable x86_64 seccomp-BPF filter to allow a given set of syscalls: +.PP + ld [4] /* offsetof(struct seccomp_data, arch) */ + jne #0xc000003e, bad /* AUDIT_ARCH_X86_64 */ + ld [0] /* offsetof(struct seccomp_data, nr) */ + jeq #15, good /* __NR_rt_sigreturn */ + jeq #231, good /* __NR_exit_group */ + jeq #60, good /* __NR_exit */ + jeq #0, good /* __NR_read */ + jeq #1, good /* __NR_write */ + jeq #5, good /* __NR_fstat */ + jeq #9, good /* __NR_mmap */ + jeq #14, good /* __NR_rt_sigprocmask */ + jeq #13, good /* __NR_rt_sigaction */ + jeq #35, good /* __NR_nanosleep */ + bad: ret #0 /* SECCOMP_RET_KILL */ + good: ret #0x7fff0000 /* SECCOMP_RET_ALLOW */ +.PP .SS Allow any (hardware accelerated) VLAN: .PP ld vlanp |