diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-02 14:10:07 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-02 14:10:07 -0400 |
commit | b14628560a972d9f1709a249207b6595ffe7ed09 (patch) | |
tree | 868225ffea34f09f8949ef7a13ce03e9dbf65412 /src/faudit/seccomp.c | |
parent | audit: seccomp (diff) | |
download | firejail-b14628560a972d9f1709a249207b6595ffe7ed09.tar.gz firejail-b14628560a972d9f1709a249207b6595ffe7ed09.tar.zst firejail-b14628560a972d9f1709a249207b6595ffe7ed09.zip |
audit: seccomp
Diffstat (limited to 'src/faudit/seccomp.c')
-rw-r--r-- | src/faudit/seccomp.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index a50ec1e0c..d88d6a958 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
@@ -18,7 +18,6 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "faudit.h" | 20 | #include "faudit.h" |
21 | #include <linux/capability.h> | ||
22 | 21 | ||
23 | #define MAXBUF 4098 | 22 | #define MAXBUF 4098 |
24 | static int extract_seccomp(int *val) { | 23 | static int extract_seccomp(int *val) { |
@@ -57,6 +56,45 @@ void seccomp_test(void) { | |||
57 | printf("GOOD: seccomp strict mode - only read, write, _exit, and sigreturn are allowd\n"); | 56 | printf("GOOD: seccomp strict mode - only read, write, _exit, and sigreturn are allowd\n"); |
58 | else if (seccomp_status == 2) { | 57 | else if (seccomp_status == 2) { |
59 | printf("GOOD: seccomp BPF enababled\n"); | 58 | printf("GOOD: seccomp BPF enababled\n"); |
59 | |||
60 | printf("checking syscalls: "); fflush(0); | ||
61 | printf("mount... "); fflush(0); | ||
62 | syscall_run("mount"); | ||
63 | |||
64 | printf("umount2... "); fflush(0); | ||
65 | syscall_run("umount2"); | ||
66 | |||
67 | printf("ptrace... "); fflush(0); | ||
68 | syscall_run("ptrace"); | ||
69 | |||
70 | printf("swapon... "); fflush(0); | ||
71 | syscall_run("swapon"); | ||
72 | |||
73 | printf("swapoff... "); fflush(0); | ||
74 | syscall_run("swapoff"); | ||
75 | |||
76 | printf("init_module... "); fflush(0); | ||
77 | syscall_run("init_module"); | ||
78 | |||
79 | printf("finit_module... "); fflush(0); | ||
80 | syscall_run("finit_module"); | ||
81 | |||
82 | printf("delete_module... "); fflush(0); | ||
83 | syscall_run("delete_module"); | ||
84 | |||
85 | printf("chroot... "); fflush(0); | ||
86 | syscall_run("chroot"); | ||
87 | |||
88 | printf("pivot_root... "); fflush(0); | ||
89 | syscall_run("pivot_root"); | ||
90 | |||
91 | printf("iopl... "); fflush(0); | ||
92 | syscall_run("iopl"); | ||
93 | |||
94 | printf("ioperm... "); fflush(0); | ||
95 | syscall_run("ioperm"); | ||
96 | |||
97 | printf("\n"); | ||
60 | } | 98 | } |
61 | else | 99 | else |
62 | fprintf(stderr, "Error: unrecognized seccomp mode\n"); | 100 | fprintf(stderr, "Error: unrecognized seccomp mode\n"); |