#include "xalloc.h"
#include "strutils.h"
#include "seccomp.h"
+#include "all-io.h"
#define IS_LITTLE_ENDIAN (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
fputs(_(" -s, --syscall syscall to block\n"), out);
fputs(_(" -i, --ioctl ioctl to block\n"), out);
fputs(_(" -l, --list list known syscalls\n"), out);
+ fputs(_(" -d, --dump dump seccomp bytecode\n"), out);
fputs(USAGE_SEPARATOR, out);
fprintf(out, USAGE_HELP_OPTIONS(25));
{
int c;
size_t i;
- bool found;
+ bool found, dump = false;
static const struct option longopts[] = {
{ "syscall", required_argument, NULL, 's' },
{ "ioctl", required_argument, NULL, 'i' },
{ "list", no_argument, NULL, 'l' },
{ "list-ioctl", no_argument, NULL, 'm' },
+ { "dump", no_argument, NULL, 'd' },
{ "version", no_argument, NULL, 'V' },
{ "help", no_argument, NULL, 'h' },
{ 0 }
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
- while ((c = getopt_long (argc, argv, "+Vhs:i:lm", longopts, NULL)) != -1) {
+ while ((c = getopt_long (argc, argv, "+Vhs:i:lmd", longopts, NULL)) != -1) {
switch (c) {
case 's':
found = 0;
for (i = 0; lt(i, ARRAY_SIZE(ioctls)); i++)
printf("%5ld %s\n", ioctls[i].number, ioctls[i].name);
return EXIT_SUCCESS;
+ case 'd':
+ dump = true;
+ break;
case 'V':
print_version(EXIT_SUCCESS);
case 'h':
}
}
- if (optind >= argc)
+ if (!dump && optind >= argc)
errtryhelp(EXIT_FAILURE);
struct sock_filter filter[BPF_MAXINSNS];
INSTR(BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW));
+ if (dump) {
+ if (write_all(STDOUT_FILENO, filter, (f - filter) * sizeof(filter[0])))
+ err(EXIT_FAILURE, _("Could not dump seccomp filter"));
+ return EXIT_SUCCESS;
+ }
+
struct sock_fprog prog = {
.len = f - filter,
.filter = filter,
projects / thirdparty / util-linux.git / commitdiff
