foundations 5.6.5

A Rust service foundations library.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

/**
 * Seccomp Library test program
 *
 * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
 * Author: Paul Moore <paul@paul-moore.com>
 */

/*
 * This library is free software; you can redistribute it and/or modify it
 * under the terms of version 2.1 of the GNU Lesser General Public License as
 * published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
 * for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this library; if not, see <http://www.gnu.org/licenses>.
 */

#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <seccomp.h>
#include <signal.h>
#include <syscall.h>
#include <errno.h>
#include <stdlib.h>

#include "util.h"

#define MAGIC 0x1122334455667788UL

int main(int argc, char *argv[])
{
	int rc, fd = -1, status;
	struct seccomp_notif *req = NULL;
	struct seccomp_notif_resp *resp = NULL;
	scmp_filter_ctx ctx = NULL;
	pid_t pid = 0;

	ctx = seccomp_init(SCMP_ACT_ALLOW);
	if (ctx == NULL)
		return ENOMEM;

	rc = seccomp_rule_add(ctx, SCMP_ACT_NOTIFY, SCMP_SYS(getpid), 0, NULL);
	if (rc)
		goto out;

	rc  = seccomp_load(ctx);
	if (rc < 0)
		goto out;

	rc = seccomp_notify_fd(ctx);
	if (rc < 0)
		goto out;
	fd = rc;

	pid = fork();
	if (pid == 0)
		exit(syscall(SCMP_SYS(getpid)) != MAGIC);

	rc = seccomp_notify_alloc(&req, &resp);
	if (rc)
		goto out;

	rc = seccomp_notify_receive(fd, req);
	if (rc)
		goto out;
	if (req->data.nr != SCMP_SYS(getpid)) {
		rc = -EFAULT;
		goto out;
	}
	rc = seccomp_notify_id_valid(fd, req->id);
	if (rc)
		goto out;

	resp->id = req->id;
	resp->val = MAGIC;
	resp->error = 0;
	resp->flags = 0;
	rc = seccomp_notify_respond(fd, resp);
	if (rc)
		goto out;

	if (waitpid(pid, &status, 0) != pid) {
		rc = -EFAULT;
		goto out;
	}

	if (!WIFEXITED(status)) {
		rc = -EFAULT;
		goto out;
	}
	if (WEXITSTATUS(status)) {
		rc = -EFAULT;
		goto out;
	}

out:
	if (fd >= 0)
		close(fd);
	if (pid)
		kill(pid, SIGKILL);
	seccomp_notify_free(req, resp);
	seccomp_release(ctx);

	if (rc != 0)
		return (rc < 0 ? -rc : rc);
	return 160;
}