Eunomia  0.1.0
A lightweight eBPF-based CloudNative Monitor tool for Container Security and Observability
Classes | Macros
seccomp-bpf.h File Reference
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <errno.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <sys/prctl.h>
#include <linux/unistd.h>
#include <linux/audit.h>
#include <linux/filter.h>
Include dependency graph for seccomp-bpf.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  seccomp_data
 

Macros

#define _GNU_SOURCE   1
 
#define PR_SET_NO_NEW_PRIVS   38
 
#define SECCOMP_MODE_FILTER   2 /* uses user-supplied filter. */
 
#define SECCOMP_RET_KILL   0x00000000U /* kill the task immediately */
 
#define SECCOMP_RET_TRAP   0x00030000U /* disallow and force a SIGSYS */
 
#define SECCOMP_RET_ALLOW   0x7fff0000U /* allow */
 
#define SYS_SECCOMP   1
 
#define syscall_nr   (offsetof(struct seccomp_data, nr))
 
#define arch_nr   (offsetof(struct seccomp_data, arch))
 
#define REG_SYSCALL   0
 
#define ARCH_NR   0
 
#define VALIDATE_ARCHITECTURE
 
#define EXAMINE_SYSCALL   BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_nr)
 
#define ALLOW_SYSCALL(name)
 
#define KILL_PROCESS   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
 

Macro Definition Documentation

◆ _GNU_SOURCE

#define _GNU_SOURCE   1

◆ ALLOW_SYSCALL

#define ALLOW_SYSCALL (   name)
Value:
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)

◆ arch_nr

#define arch_nr   (offsetof(struct seccomp_data, arch))

◆ ARCH_NR

#define ARCH_NR   0

◆ EXAMINE_SYSCALL

#define EXAMINE_SYSCALL   BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_nr)

◆ KILL_PROCESS

#define KILL_PROCESS   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)

◆ PR_SET_NO_NEW_PRIVS

#define PR_SET_NO_NEW_PRIVS   38

◆ REG_SYSCALL

#define REG_SYSCALL   0

◆ SECCOMP_MODE_FILTER

#define SECCOMP_MODE_FILTER   2 /* uses user-supplied filter. */

◆ SECCOMP_RET_ALLOW

#define SECCOMP_RET_ALLOW   0x7fff0000U /* allow */

◆ SECCOMP_RET_KILL

#define SECCOMP_RET_KILL   0x00000000U /* kill the task immediately */

◆ SECCOMP_RET_TRAP

#define SECCOMP_RET_TRAP   0x00030000U /* disallow and force a SIGSYS */

◆ SYS_SECCOMP

#define SYS_SECCOMP   1

◆ syscall_nr

#define syscall_nr   (offsetof(struct seccomp_data, nr))

◆ VALIDATE_ARCHITECTURE

#define VALIDATE_ARCHITECTURE
Value:
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, arch_nr), \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
arch_nr
#define arch_nr
Definition: seccomp-bpf.h:52
ARCH_NR
#define ARCH_NR
Definition: seccomp-bpf.h:63
SECCOMP_RET_KILL
#define SECCOMP_RET_KILL
Definition: seccomp-bpf.h:37
SECCOMP_RET_ALLOW
#define SECCOMP_RET_ALLOW
Definition: seccomp-bpf.h:39