From: Tomas Mudrunka <tomas@mudrunka.cz>
Date: Mon, 10 Feb 2014 21:52:52 +0000 (+0100)
Subject: SECCOMP example
X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=06d21dc9c252aa1c71cb65fa033857c380722e32;p=mirrors%2FPrograms.git

SECCOMP example
---

diff --git a/c/seccomp.c b/c/seccomp.c
new file mode 100644
index 0000000..0b740f3
--- /dev/null
+++ b/c/seccomp.c
@@ -0,0 +1,21 @@
+/* seccomp.c
+ *
+ * This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux.
+ */
+
+#include <string.h>
+#include <sys/prctl.h>
+#include <linux/seccomp.h>
+#include <sys/syscall.h>
+
+#define DISPLAY(msg) (syscall( SYS_write, 2, msg, strlen(msg) ))
+
+int main() {
+	system("echo before");
+
+	if(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) == 0)
+		DISPLAY("SECCOMP Enabled!\n"); else DISPLAY("SECCOMP Fail!\n");
+	//fflush(NULL);
+
+	system("echo after");
+}