Crate libseccomp_sys

source · [−]

Expand description

Raw FFI bindings for libseccomp library

Structs

scmp_arg_cmp

Argument / Value comparison definition

version information

Enums

scmp_compare

Comparison operators

scmp_filter_attr

Filter attributes

Constants

SCMP_ACT_ALLOW

Allow the syscall to be executed

SCMP_ACT_ERRNO_MASK

SCMP_ACT_KILL

Kill the thread, defined for backward compatibility

SCMP_ACT_KILL_PROCESS

Kill the process

SCMP_ACT_KILL_THREAD

Kill the thread

SCMP_ACT_LOG

Allow the syscall to be executed after the action has been logged

Notifies userspace

Throw a SIGSYS signal

SCMP_ARCH_MIPSEL64N32

SCMP_ARCH_NATIVE

The native architecture token

The x32 (32-bit x86_64) architecture token

SCMP_ARCH_X86

The x86 (32-bit) architecture token

SCMP_ARCH_X86_64

The x86-64 (64-bit) architecture token

SECCOMP_ADDFD_FLAG_SEND

SECCOMP_ADDFD_FLAG_SETFD

SECCOMP_FILTER_FLAG_LOG

SECCOMP_FILTER_FLAG_NEW_LISTENER

SECCOMP_FILTER_FLAG_SPEC_ALLOW

SECCOMP_FILTER_FLAG_TSYNC

SECCOMP_FILTER_FLAG_TSYNC_ESRCH

SECCOMP_GET_ACTION_AVAIL

SECCOMP_GET_NOTIF_SIZES

SECCOMP_MODE_DISABLED

SECCOMP_MODE_FILTER

SECCOMP_MODE_STRICT

SECCOMP_RET_ACTION

SECCOMP_RET_ACTION_FULL

SECCOMP_RET_KILL_PROCESS

SECCOMP_RET_KILL_THREAD

SECCOMP_RET_LOG

SECCOMP_RET_TRACE

SECCOMP_RET_TRAP

SECCOMP_RET_USER_NOTIF

SECCOMP_SET_MODE_FILTER

SECCOMP_SET_MODE_STRICT

SECCOMP_USER_NOTIF_FLAG_CONTINUE

Tell the kernel to execute the target’s system call

__NR_SCMP_ERROR

Negative pseudo syscall number returned by some functions in case of an error

__NR_SCMP_UNDEF

Functions

SCMP_ACT_ERRNO

Return the specified error code

SCMP_ACT_TRACE

Notify a tracing process with the specified value

seccomp_api_get ^⚠

Query the library’s level of API support

seccomp_api_set ^⚠

Set the library’s level of API support

seccomp_arch_add ^⚠

Adds an architecture to the filter

seccomp_arch_exist ^⚠

Check to see if an existing architecture is present in the filter

seccomp_arch_native ^⚠

Return the native architecture token

seccomp_arch_remove ^⚠

Removes an architecture from the filter

seccomp_arch_resolve_name ^⚠

Resolve the architecture name to a architecture token

seccomp_attr_get ^⚠

Set the value of a filter attribute

seccomp_attr_set ^⚠

Set the value of a filter attribute

seccomp_export_bpf ^⚠

Generate seccomp Berkley Packet Filter (BPF) code and export it to a file

seccomp_export_pfc ^⚠

Generate seccomp Pseudo Filter Code (PFC) and export it to a file

seccomp_init ^⚠

Initialize the filter state

seccomp_load ^⚠

Loads the filter into the kernel

seccomp_merge ^⚠

Merge two filters

seccomp_notify_alloc ^⚠

Allocate a pair of notification request/response structures

seccomp_notify_fd ^⚠

Return the notification fd from a filter that has already been loaded

seccomp_notify_free ^⚠

Free a pair of notification request/response structures.

seccomp_notify_id_valid ^⚠

Check if a notification id is still valid

seccomp_notify_receive ^⚠

Send a notification response to a seccomp notification fd

seccomp_notify_respond ^⚠

Check if a notification id is still valid

seccomp_release ^⚠

Destroys the filter state and releases any resources

seccomp_reset ^⚠

Reset the filter state

seccomp_rule_add ^⚠

Add a new rule to the filter

seccomp_rule_add_array ^⚠

Add a new rule to the filter

seccomp_rule_add_exact ^⚠

Add a new rule to the filter

seccomp_rule_add_exact_array ^⚠

Add a new rule to the filter

seccomp_syscall_priority ^⚠

Set the priority of a given syscall

seccomp_syscall_resolve_name ^⚠

Resolve a syscall name to a number

seccomp_syscall_resolve_name_arch ^⚠

Resolve a syscall name to a number

seccomp_syscall_resolve_name_rewrite ^⚠

Resolve a syscall name to a number and perform any rewriting necessary

seccomp_syscall_resolve_num_arch ^⚠

Resolve a syscall number to a name

seccomp_version ^⚠

Query the library version information

Type Definitions

const_scmp_filter_ctx

Filter context/handle (*const)

scmp_datum_t

Argument datum

scmp_filter_ctx

Filter context/handle (*mut)