seccomp-bpf - how can i use bpf to filter the arguments of a system call?

653 views Asked by At

I have a function f() which returns 0 or 1 - 0 for false, 1 for true. What I'd like to do is set a rule with seccomp-bpf so that the system call "fopen" is only allowed if f( --fopen's first parameter-- ) == 1.

How would I do this?

1

There are 1 answers

0
Xavier Combelle On

as far as I understand seccomp-bpf it's impossible for an arbitrary f(). If f could be translated as a BPF sequence, just apply it to the first parameter.

another alternative is to use ptrace or a combination of seccomp-buf and ptrace to finegrained limit the capabilities of fopen call

an example of such combined use is sydbox http://dev.exherbo.org/~alip/sydbox/sydbox.html