Eunomia
0.1.0
A lightweight eBPF-based CloudNative Monitor tool for Container Security and Observability
myseccomp.h
Go to the documentation of this file.
1
/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2
*
3
* Copyright (c) 2022, 郑昱笙,濮雯旭,张典典(牛校牛子队)
4
* All rights reserved.
5
*/
6
7
#ifndef SECCOMP_H
8
#define SECCOMP_H
9
10
#define _GNU_SOURCE 1
11
#include <linux/filter.h>
12
#include <linux/seccomp.h>
13
#include <malloc.h>
14
#include <signal.h>
15
#include <stdio.h>
16
#include <stdlib.h>
17
#include <string.h>
18
#include <sys/prctl.h>
19
#include <time.h>
20
#include <unistd.h>
21
22
#include <string>
23
#include <vector>
24
25
#include "
config.h
"
26
#include "
seccomp-bpf.h
"
27
#include "
syscall_helper.h
"
28
30
bool
is_not_allow
(
const
std::vector<uint32_t>& syscall_vec, uint32_t
id
);
31
33
static
int
install_syscall_filter(
const
std::vector<uint32_t>& syscall_vec);
34
35
int
get_syscall_id
(std::string
syscall_name
);
36
38
40
int
enable_seccomp_white_list
(
const
seccomp_config
&
config
);
41
42
#endif
get_syscall_id
int get_syscall_id(std::string syscall_name)
Definition:
myseccomp.cpp:75
is_not_allow
bool is_not_allow(const std::vector< uint32_t > &syscall_vec, uint32_t id)
if a system call is not in the list, it will be allowed
Definition:
myseccomp.cpp:10
syscall_name
void syscall_name(unsigned n, char *buf, size_t size)
Definition:
syscall_helpers.c:492
enable_seccomp_white_list
int enable_seccomp_white_list(const seccomp_config &config)
Enable Seccomp syscall.
Definition:
myseccomp.cpp:87
seccomp-bpf.h
seccomp_config
seccomp config
Definition:
config.h:24
config.h
config
seccomp_config config
Definition:
seccomp_test.cpp:13
syscall_helper.h
include
eunomia
myseccomp.h
Generated by
1.8.17
1.8.17 1.8.17