Commit | Line | Data |
---|---|---|
06d21dc9 TM |
1 | /* seccomp.c |
2 | * | |
3 | * This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux. | |
4 | */ | |
5 | ||
6 | #include <string.h> | |
7 | #include <sys/prctl.h> | |
8 | #include <linux/seccomp.h> | |
9 | #include <sys/syscall.h> | |
10 | ||
11 | #define DISPLAY(msg) (syscall( SYS_write, 2, msg, strlen(msg) )) | |
12 | ||
13 | int main() { | |
14 | system("echo before"); | |
15 | ||
16 | if(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) == 0) | |
17 | DISPLAY("SECCOMP Enabled!\n"); else DISPLAY("SECCOMP Fail!\n"); | |
18 | //fflush(NULL); | |
19 | ||
20 | system("echo after"); | |
21 | } |