if (rc < 0)
goto out;
+ rc = seccomp_api_set(3);
+ if (rc != 0)
+ return EOPNOTSUPP;
+
ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL)
return ENOMEM;
if (rc != 0)
goto out;
+ rc = seccomp_rule_add(ctx, SCMP_ACT_LOG, SCMP_SYS(rt_sigreturn), 0);
+ if (rc != 0)
+ goto out;
+
rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(write), 0);
if (rc != 0)
goto out;
from seccomp import *
def test(args):
+ set_api(3)
+
f = SyscallFilter(KILL)
f.add_rule(ALLOW, "read")
+ f.add_rule(LOG, "rt_sigreturn")
f.add_rule(ERRNO(errno.EPERM), "write")
f.add_rule(TRAP, "close")
f.add_rule(TRACE(1234), "open")
test type: bpf-sim
-# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
-06-sim-actions all read 4 0x856B008 80 N N N ALLOW
-06-sim-actions all write 1 0x856B008 N N N N ERRNO(1)
-06-sim-actions all close 4 N N N N N TRAP
-06-sim-actions all,-aarch64 open 0x856B008 4 N N N N TRACE(1234)
-06-sim-actions x86 0-2 N N N N N N KILL
-06-sim-actions x86 7-350 N N N N N N KILL
-06-sim-actions x86_64 4-350 N N N N N N KILL
+# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
+06-sim-actions all read 4 0x856B008 80 N N N ALLOW
+06-sim-actions all write 1 0x856B008 N N N N ERRNO(1)
+06-sim-actions all close 4 N N N N N TRAP
+06-sim-actions all,-aarch64 open 0x856B008 4 N N N N TRACE(1234)
+06-sim-actions all rt_sigreturn N N N N N N LOG
+06-sim-actions x86 0-2 N N N N N N KILL
+06-sim-actions x86 7-172 N N N N N N KILL
+06-sim-actions x86 174-350 N N N N N N KILL
+06-sim-actions x86_64 4-14 N N N N N N KILL
+06-sim-actions x86_64 16-350 N N N N N N KILL
test type: bpf-sim-fuzz
projects / mirror_libseccomp.git / commitdiff