diff options
Diffstat (limited to 'filter.c')
-rw-r--r-- | filter.c | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -174,6 +174,20 @@ static unsigned int get_total_args(const struct syscall_entry table[], return n; } +unsigned int create_bpf_program_log(struct sock_filter filter[]) +{ + filter[0] = (struct sock_filter)BPF_STMT( + BPF_LD | BPF_W | BPF_ABS, + (offsetof(struct seccomp_data, arch))); + filter[1] = (struct sock_filter)BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, + SEITAN_AUDIT_ARCH, 0, 1); + filter[2] = (struct sock_filter)BPF_STMT(BPF_RET | BPF_K, + SECCOMP_RET_USER_NOTIF); + filter[3] = (struct sock_filter)BPF_STMT(BPF_RET | BPF_K, + SECCOMP_RET_ALLOW); + return 4; +} + unsigned int create_bfp_program(struct syscall_entry table[], struct sock_filter filter[], unsigned int n_syscall) @@ -258,7 +272,7 @@ static int compare_names(const void *a, const void *b) ((struct syscall_numbers *)b)->name); } -int convert_bpf(char *file, struct bpf_call *entries, int n) +int convert_bpf(char *file, struct bpf_call *entries, int n, bool log) { int nt, fd, fsize; struct syscall_entry table[N_SYSCALL]; @@ -270,7 +284,10 @@ int convert_bpf(char *file, struct bpf_call *entries, int n) qsort(entries, n, sizeof(struct bpf_call), compare_bpf_call_names); nt = construct_table(entries, n, table); - fsize = create_bfp_program(table, filter, nt); + if (log) + fsize = create_bpf_program_log(filter); + else + fsize = create_bfp_program(table, filter, nt); fd = open(file, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); |