--- /dev/null
+.TH "seccomp_gen_bpf" 3 "15 April 2012" "paul@paul-moore.com" "libseccomp Documentation"
+.//////////////////////////////////////////////////////////////////////////////
+.SH NAME
+.//////////////////////////////////////////////////////////////////////////////
+seccomp_gen_bpf, seccomp_gen_pfc \- Output the seccomp filter
+.//////////////////////////////////////////////////////////////////////////////
+.SH SYNOPSIS
+.//////////////////////////////////////////////////////////////////////////////
+.nf
+.B #include <seccomp.h>
+.sp
+.BI "int seccomp_gen_bpf(int " fd ");"
+.BI "int seccomp_gen_pfc(int " fd ");"
+.fi
+.//////////////////////////////////////////////////////////////////////////////
+.SH DESCRIPTION
+.//////////////////////////////////////////////////////////////////////////////
+.P
+The
+.BR seccomp_gen_bpf ()
+and
+.BR seccomp_gen_pfc ()
+functions generate and output the current seccomp filter in either BPF (Berkley
+Packet Filter) or PFC (Pseudo Filter Code). The output of
+.BR seccomp_gen_bpf ()
+is suitable for loading into the kernel, while the output of
+.BR seccomp_gen_pfc ()
+is human readable and is intended primarily as a debugging tool for developers
+using libseccomp. Both functions write the filter to the
+.I fd
+file descriptor.
+.P
+While the two output formats are guaranteed to be functionally equivalent for
+the given seccomp filter configuration, the filter instructions, and their
+ordering, are not guaranteed to be the same in both the BPF and PFC formats.
+.//////////////////////////////////////////////////////////////////////////////
+.SH RETURN VALUE
+.//////////////////////////////////////////////////////////////////////////////
+Returns zero on success, negative errno values on failure.
+.//////////////////////////////////////////////////////////////////////////////
+.SH EXAMPLES
+.//////////////////////////////////////////////////////////////////////////////
+.nf
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ int filter_fd;
+
+ rc = seccomp_init(SCMP_ACT_KILL);
+ if (rc < 0)
+ goto out;
+
+ /* ... */
+
+ filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
+ if (filter_fd == -1) {
+ rc = -errno;
+ goto out;
+ }
+
+ rc = seccomp_gen_bpf(filter_fd);
+ if (rc < 0) {
+ close(filter_fd);
+ goto out;
+ }
+ close(filter_fd);
+
+ /* ... */
+
+out:
+ seccomp_release();
+ return -rc;
+}
+.fi
+.//////////////////////////////////////////////////////////////////////////////
+.SH NOTES
+.//////////////////////////////////////////////////////////////////////////////
+.P
+While the seccomp filter can be generated independent of the kernel, kernel
+support is required to load and enforce the seccomp filter generated by
+libseccomp.
+.P
+The libseccomp project site, with more information and the source code
+repository, can be found at http://libseccomp.sf.net. This library is currently
+under development, please report any bugs at the project site or directly to
+the author.
+.//////////////////////////////////////////////////////////////////////////////
+.SH AUTHOR
+.//////////////////////////////////////////////////////////////////////////////
+Paul Moore <paul@paul-moore.com>
+.//////////////////////////////////////////////////////////////////////////////
+.SH SEE ALSO
+.//////////////////////////////////////////////////////////////////////////////
+.BR seccomp_init (3),
+.BR seccomp_release (3)
+
projects / mirror_libseccomp.git / commitdiff