From: Tomas Mudrunka Date: Mon, 10 Feb 2014 21:52:52 +0000 (+0100) Subject: SECCOMP example X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=06d21dc9c252aa1c71cb65fa033857c380722e32;p=mirrors%2FPrograms.git SECCOMP example --- diff --git a/c/seccomp.c b/c/seccomp.c new file mode 100644 index 0000000..0b740f3 --- /dev/null +++ b/c/seccomp.c @@ -0,0 +1,21 @@ +/* seccomp.c + * + * This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux. + */ + +#include +#include +#include +#include + +#define DISPLAY(msg) (syscall( SYS_write, 2, msg, strlen(msg) )) + +int main() { + system("echo before"); + + if(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) == 0) + DISPLAY("SECCOMP Enabled!\n"); else DISPLAY("SECCOMP Fail!\n"); + //fflush(NULL); + + system("echo after"); +}