summaryrefslogtreecommitdiffstats
path: root/samples
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2022-02-08 05:53:34 +0100
committerKees Cook <keescook@chromium.org>2022-02-11 04:09:12 +0100
commiteed09ad261822a7bdc441ed192c6f444375e5527 (patch)
tree2a825afbd7c73595c3679e39dd43ecbaa5d9d8d3 /samples
parentseccomp: Invalidate seccomp mode to catch death failures (diff)
downloadlinux-eed09ad261822a7bdc441ed192c6f444375e5527.tar.xz
linux-eed09ad261822a7bdc441ed192c6f444375e5527.zip
samples/seccomp: Adjust sample to also provide kill option
As a quick way to test SECCOMP_RET_KILL, have a negative errno mean to kill the process. While we're in here, also swap the arch and syscall arguments so they're ordered more like how seccomp filters order them. Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'samples')
-rw-r--r--samples/seccomp/dropper.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/samples/seccomp/dropper.c b/samples/seccomp/dropper.c
index cc0648eb389e..4bca4b70f665 100644
--- a/samples/seccomp/dropper.c
+++ b/samples/seccomp/dropper.c
@@ -25,7 +25,7 @@
#include <sys/prctl.h>
#include <unistd.h>
-static int install_filter(int nr, int arch, int error)
+static int install_filter(int arch, int nr, int error)
{
struct sock_filter filter[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
@@ -42,6 +42,10 @@ static int install_filter(int nr, int arch, int error)
.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
.filter = filter,
};
+ if (error == -1) {
+ struct sock_filter kill = BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL);
+ filter[4] = kill;
+ }
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
perror("prctl(NO_NEW_PRIVS)");
return 1;
@@ -57,9 +61,10 @@ int main(int argc, char **argv)
{
if (argc < 5) {
fprintf(stderr, "Usage:\n"
- "dropper <syscall_nr> <arch> <errno> <prog> [<args>]\n"
+ "dropper <arch> <syscall_nr> <errno> <prog> [<args>]\n"
"Hint: AUDIT_ARCH_I386: 0x%X\n"
" AUDIT_ARCH_X86_64: 0x%X\n"
+ " errno == -1 means SECCOMP_RET_KILL\n"
"\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);
return 1;
}