Provided by: libseccomp-dev_2.6.0-2ubuntu1_amd64 bug

NAME

       seccomp_export_bpf, seccomp_export_pfc - Export the seccomp filter

SYNOPSIS

       #include <seccomp.h>

       typedef void * scmp_filter_ctx;

       int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
       int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);
       int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf, size_t *len);

       Link with -lseccomp.

DESCRIPTION

       The  seccomp_export_bpf()  and  seccomp_export_pfc()  functions  generate  and output the current seccomp
       filter  in  either  BPF  (Berkeley  Packet  Filter)  or  PFC  (Pseudo  Filter  Code).   The   output   of
       seccomp_export_bpf() is suitable for loading into the kernel, while the output of seccomp_export_pfc() is
       human  readable  and  is  intended  primarily  as a debugging tool for developers using libseccomp.  Both
       functions write the filter to the fd file descriptor.

       The filter context ctx is the value returned by the call to seccomp_init(3).

       While the two output formats are guaranteed to be functionally equivalent for the  given  seccomp  filter
       configuration, the filter instructions, and their ordering, are not guaranteed to be the same in both the
       BPF and PFC formats.

       The seccomp_export_bpf_mem() function is largely the same as seccomp_export_bpf(), but instead of writing
       to  a  file  descriptor,  the program will be written to the buf pointer provided by the caller.  The len
       argument must be initialized with the size of the buf buffer.  If the program  was  valid,  len  will  be
       updated  with  its  size  in  bytes.   If  buf was too small to hold the program, len can be consulted to
       determine the required size.  Passing a NULL buf may also be used to query the  required  size  ahead  of
       time.

RETURN VALUE

       Return zero on success or one of the following error codes on failure:

       -ECANCELED
              There was a system failure beyond the control of the library.

       -EFAULT
              Internal libseccomp failure.

       -EINVAL
              Invalid input, either the context or architecture token is invalid.

       -ENOMEM
              The library was unable to allocate enough memory.

       -ERANGE
              The provided buffer was too small.

       If  the SCMP_FLTATR_API_SYSRAWRC filter attribute is non-zero then additional error codes may be returned
       to the caller; these additional error codes are  the  negative  errno  values  returned  by  the  system.
       Unfortunately libseccomp can make no guarantees about these return values.

EXAMPLES

       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
            int rc = -1;
            scmp_filter_ctx ctx;
            int filter_fd;

            ctx = seccomp_init(SCMP_ACT_KILL);
            if (ctx == NULL)
                 goto out;

            /* ... */

            filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
            if (filter_fd == -1) {
                 rc = -errno;
                 goto out;
            }

            rc = seccomp_export_bpf(ctx, filter_fd);
            if (rc < 0) {
                 close(filter_fd);
                 goto out;
            }
            close(filter_fd);

            /* ... */

       out:
            seccomp_release(ctx);
            return -rc;
       }

NOTES

       While  the  seccomp filter can be generated independent of the kernel, kernel support is required to load
       and enforce the seccomp filter generated by libseccomp.

       The libseccomp project site, with more information and the  source  code  repository,  can  be  found  at
       https://github.com/seccomp/libseccomp.   This tool, as well as the libseccomp library, is currently under
       development, please report any bugs at the project site or directly to the author.

AUTHOR

       Paul Moore <paul@paul-moore.com>

SEE ALSO

       seccomp_init(3), seccomp_release(3)

paul@paul-moore.com                                30 May 2020                             seccomp_export_bpf(3)