[RFC/PATCH: 3/7] Add seccomp_filter.c
David Gaarenstroom
david.gaarenstroom at gmail.com
Thu Feb 21 22:23:58 UTC 2013
This adds the seccomp_filter.c file which:
- Adds some default verification statments at the start of the Seccomp
BPF filter
- Splits the seccomp_filter value string into rules, and for each rule:
- checks if an explicit policy was added to the rule
- looks up the policy (if applicable)
- Looks up the errno given (if applicable)
- Looks up the syscall number
- Adds a Seccomp BPF filter rules accordingly
- Adds some rules at the end for the syscalls that have to be enabled
(syscalls required to be able to "exec" a process and to properly exit
it)
- Installs the BPF filter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-init-seccomp_filter_c.diff
Type: application/octet-stream
Size: 8827 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/upstart-devel/attachments/20130221/91e391a2/attachment.obj>
More information about the upstart-devel
mailing list