diff options
Diffstat (limited to 'misc-utils/enosys.c')
| -rw-r--r-- | misc-utils/enosys.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/misc-utils/enosys.c b/misc-utils/enosys.c index b806c7054b..d6a518e216 100644 --- a/misc-utils/enosys.c +++ b/misc-utils/enosys.c @@ -35,6 +35,7 @@ #include "xalloc.h" #include "strutils.h" #include "seccomp.h" +#include "all-io.h" #define IS_LITTLE_ENDIAN (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) @@ -77,6 +78,7 @@ static void __attribute__((__noreturn__)) usage(void) fputs(_(" -s, --syscall syscall to block\n"), out); fputs(_(" -i, --ioctl ioctl to block\n"), out); fputs(_(" -l, --list list known syscalls\n"), out); + fputs(_(" -d, --dump dump seccomp bytecode\n"), out); fputs(USAGE_SEPARATOR, out); fprintf(out, USAGE_HELP_OPTIONS(25)); @@ -95,12 +97,13 @@ int main(int argc, char **argv) { int c; size_t i; - bool found; + bool found, dump = false; static const struct option longopts[] = { { "syscall", required_argument, NULL, 's' }, { "ioctl", required_argument, NULL, 'i' }, { "list", no_argument, NULL, 'l' }, { "list-ioctl", no_argument, NULL, 'm' }, + { "dump", no_argument, NULL, 'd' }, { "version", no_argument, NULL, 'V' }, { "help", no_argument, NULL, 'h' }, { 0 } @@ -119,7 +122,7 @@ int main(int argc, char **argv) bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); - while ((c = getopt_long (argc, argv, "+Vhs:i:lm", longopts, NULL)) != -1) { + while ((c = getopt_long (argc, argv, "+Vhs:i:lmd", longopts, NULL)) != -1) { switch (c) { case 's': found = 0; @@ -167,6 +170,9 @@ int main(int argc, char **argv) for (i = 0; lt(i, ARRAY_SIZE(ioctls)); i++) printf("%5ld %s\n", ioctls[i].number, ioctls[i].name); return EXIT_SUCCESS; + case 'd': + dump = true; + break; case 'V': print_version(EXIT_SUCCESS); case 'h': @@ -176,7 +182,7 @@ int main(int argc, char **argv) } } - if (optind >= argc) + if (!dump && optind >= argc) errtryhelp(EXIT_FAILURE); struct sock_filter filter[BPF_MAXINSNS]; @@ -233,6 +239,12 @@ int main(int argc, char **argv) INSTR(BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW)); + if (dump) { + if (write_all(STDOUT_FILENO, filter, (f - filter) * sizeof(filter[0]))) + err(EXIT_FAILURE, _("Could not dump seccomp filter")); + return EXIT_SUCCESS; + } + struct sock_fprog prog = { .len = f - filter, .filter = filter, |