summaryrefslogtreecommitdiff
path: root/bpfc.8
diff options
context:
space:
mode:
Diffstat (limited to 'bpfc.8')
-rw-r--r--bpfc.818
1 files changed, 18 insertions, 0 deletions
diff --git a/bpfc.8 b/bpfc.8
index a70816b..5c35d0b 100644
--- a/bpfc.8
+++ b/bpfc.8
@@ -264,6 +264,24 @@ words, some small example filter programs:
pass: ret #-1
drop: ret #0
.PP
+.SS A loadable x86_64 seccomp-BPF filter to allow a given set of syscalls:
+.PP
+ ld [4] /* offsetof(struct seccomp_data, arch) */
+ jne #0xc000003e, bad /* AUDIT_ARCH_X86_64 */
+ ld [0] /* offsetof(struct seccomp_data, nr) */
+ jeq #15, good /* __NR_rt_sigreturn */
+ jeq #231, good /* __NR_exit_group */
+ jeq #60, good /* __NR_exit */
+ jeq #0, good /* __NR_read */
+ jeq #1, good /* __NR_write */
+ jeq #5, good /* __NR_fstat */
+ jeq #9, good /* __NR_mmap */
+ jeq #14, good /* __NR_rt_sigprocmask */
+ jeq #13, good /* __NR_rt_sigaction */
+ jeq #35, good /* __NR_nanosleep */
+ bad: ret #0 /* SECCOMP_RET_KILL */
+ good: ret #0x7fff0000 /* SECCOMP_RET_ALLOW */
+.PP
.SS Allow any (hardware accelerated) VLAN:
.PP
ld vlanp