1 #include <stdio.h> 2 #include <linux/bpf.h> 3 #include <unistd.h> 4 #include <linux/filter.h> 5 #include <linux/seccomp.h> 6 #include <sys/prctl.h> 7 #include "libbpf.h" 8 #include "bpf_load.h" 9 #include <sys/resource.h> 10 11 /* install fake seccomp program to enable seccomp code path inside the kernel, 12 * so that our kprobe attached to seccomp_phase1() can be triggered 13 */ 14 static void install_accept_all_seccomp(void) 15 { 16 struct sock_filter filter[] = { 17 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), 18 }; 19 struct sock_fprog prog = { 20 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 21 .filter = filter, 22 }; 23 if (prctl(PR_SET_SECCOMP, 2, &prog)) 24 perror("prctl"); 25 } 26 27 int main(int ac, char **argv) 28 { 29 FILE *f; 30 char filename[256]; 31 struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; 32 33 snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); 34 setrlimit(RLIMIT_MEMLOCK, &r); 35 36 if (load_bpf_file(filename)) { 37 printf("%s", bpf_log_buf); 38 return 1; 39 } 40 41 install_accept_all_seccomp(); 42 43 f = popen("dd if=/dev/zero of=/dev/null count=5", "r"); 44 (void) f; 45 46 read_trace_pipe(); 47 48 return 0; 49 } 50