seccomp_release(3) libseccomp Documentation seccomp_release(3)NAME
seccomp_release - Release the seccomp filter state
SYNOPSIS
#include <seccomp.h>
typedef void * scmp_filter_ctx;
void seccomp_release(scmp_filter_ctx ctx);
Link with -lseccomp.
DESCRIPTION
Releases the seccomp filter in ctx which was first initialized by seccomp_init(3) or seccomp_reset(3) and frees any memory associated with
the given seccomp filter context. Any seccomp filters loaded into the kernel are not affected.
RETURN VALUE
Does not return a value.
EXAMPLES
#include <seccomp.h>
int main(int argc, char *argv[])
{
int rc;
scmp_filter_ctx ctx;
ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL)
return -1;
/* ... */
seccomp_release(ctx);
return 0;
}
NOTES
While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter gen-
erated by libseccomp.
The libseccomp project site, with more information and the source code repository, can be found at http://libseccomp.sf.net. This library
is currently under development, please report any bugs at the project site or directly to the author.
AUTHOR
Paul Moore <paul@paul-moore.com>
SEE ALSO seccomp_init(3), seccomp_reset(3)paul@paul-moore.com 25 July 2012 seccomp_release(3)
Check Out this Related Man Page
seccomp_init(3) libseccomp Documentation seccomp_init(3)NAME
seccomp_init, seccomp_reset - Initialize the seccomp filter state
SYNOPSIS
#include <seccomp.h>
typedef void * scmp_filter_ctx;
scmp_filter_ctx seccomp_init(uint32_t def_action);
int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action);
Link with -lseccomp.
DESCRIPTION
The seccomp_init() and seccomp_reset() functions (re)initialize the internal seccomp filter state, prepares it for use, and sets the
default action based on the def_action parameter. The seccomp_init() function must be called before any other libseccomp functions as the
rest of the library API will fail if the filter context is not initialized properly. The seccomp_reset() function releases the existing
filter context state before reinitializing it and can only be called after a call to seccomp_init() has succeeded.
When the caller is finished configuring the seccomp filter and has loaded it into the kernel, the caller should call seccomp_release(3) to
release all of the filter context state.
Valid def_action values are as follows:
SCMP_ACT_KILL
The process will be killed by the kernel when it calls a syscall that does not match any of the configured seccomp filter rules.
SCMP_ACT_TRAP
The process will throw a SIGSYS signal when it calls a syscall that does not match any of the configured seccomp filter rules.
SCMP_ACT_ERRNO(uint16_t errno)
The process will receive a return value of errno when it calls a syscall that does not match any of the configured seccomp filter
rules.
SCMP_ACT_TRACE(uint16_t msg_num)
If the process is being traced and the tracing process specified the PTRACE_O_TRACESECCOMP option in the call to ptrace(2), the
tracing process will be notified, via PTRACE_EVENT_SECCOMP , and the value provided in msg_num can be retrieved using the
PTRACE_GETEVENTMSG option.
SCMP_ACT_ALLOW
The seccomp filter will have no effect on the process calling the syscall if it does not match any of the configured seccomp filter
rules.
RETURN VALUE
The seccomp_init() function returns a filter context on success, NULL on failure. The seccomp_reset() function returns zero on success,
negative errno values on failure.
EXAMPLES
#include <seccomp.h>
int main(int argc, char *argv[])
{
int rc = -1;
scmp_filter_ctx ctx;
ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL)
goto out;
/* ... */
rc = seccomp_reset(ctx, SCMP_ACT_KILL);
if (rc < 0)
goto out;
/* ... */
out:
seccomp_release(ctx);
return -rc;
}
NOTES
While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter gen-
erated by libseccomp.
The libseccomp project site, with more information and the source code repository, can be found at http://libseccomp.sf.net. This library
is currently under development, please report any bugs at the project site or directly to the author.
AUTHOR
Paul Moore <paul@paul-moore.com>
SEE ALSO seccomp_release(3)paul@paul-moore.com 25 July 2012 seccomp_init(3)