Stability | provisional |
---|---|
Portability | non-portable (requires Linux) |
Safe Haskell | Safe |
Language | Haskell2010 |
This module provides partial bindings to libseccomp. It is very low level, modelled closely after the c library.
Missing:
- arch support
- name resolving for syscalls (we have an enum)
Simple example: The following kills all systemcalls other than opening a file for readonly:
ctx <- S.seccomp_init S.SCMP_ACT_KILL _ <- S.seccomp_rule_add_array ctx S.SCMP_ACT_KILL S.SCopen [S.ArgCmp 1 S.MASQUED_EQ 0x3 0x1] _ <- S.seccomp_load ctx S.seccomp_release ctx
For debugging it's useful to dump a text representation of the filter context to stderr (file descriptor number 2):
S.seccomp_export_pfc ctx 2
Documentation
seccomp_init :: Action -> IO (Ptr CFilterCtx) Source
seccomp_load :: Ptr CFilterCtx -> IO CInt Source
seccomp_release :: Ptr CFilterCtx -> IO () Source
ArgCmp | |
|