From 06d21dc9c252aa1c71cb65fa033857c380722e32 Mon Sep 17 00:00:00 2001
From: Tomas Mudrunka <tomas@mudrunka.cz>
Date: Mon, 10 Feb 2014 22:52:52 +0100
Subject: [PATCH] SECCOMP example

---
 c/seccomp.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 c/seccomp.c

diff --git a/c/seccomp.c b/c/seccomp.c
new file mode 100644
index 0000000..0b740f3
--- /dev/null
+++ b/c/seccomp.c
@@ -0,0 +1,21 @@
+/* seccomp.c
+ *
+ * This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux.
+ */
+
+#include <string.h>
+#include <sys/prctl.h>
+#include <linux/seccomp.h>
+#include <sys/syscall.h>
+
+#define DISPLAY(msg) (syscall( SYS_write, 2, msg, strlen(msg) ))
+
+int main() {
+	system("echo before");
+
+	if(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) == 0)
+		DISPLAY("SECCOMP Enabled!\n"); else DISPLAY("SECCOMP Fail!\n");
+	//fflush(NULL);
+
+	system("echo after");
+}
-- 
2.30.2