c/seccomp.c

   1 /* seccomp.c
   2  *
   3  * This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux.
   4  */
   5
   6 #include <string.h>
   7 #include <sys/prctl.h>
   8 #include <linux/seccomp.h>
   9 #include <sys/syscall.h>
  10
  11 #define DISPLAY(msg) (syscall( SYS_write, 2, msg, strlen(msg) ))
  12
  13 int main() {
  14         system("echo before");
  15
  16         if(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) == 0)
  17                 DISPLAY("SECCOMP Enabled!\n"); else DISPLAY("SECCOMP Fail!\n");
  18         //fflush(NULL);
  19
  20         system("echo after");
  21 }