diff options
Diffstat (limited to 'src/fseccomp/main.c')
| -rw-r--r-- | src/fseccomp/main.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 82b96f476..b3161a6db 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
| @@ -23,6 +23,7 @@ int arg_quiet = 0; | |||
| 23 | static void usage(void) { | 23 | static void usage(void) { |
| 24 | printf("Usage:\n"); | 24 | printf("Usage:\n"); |
| 25 | printf("\tfseccomp debug-syscalls\n"); | 25 | printf("\tfseccomp debug-syscalls\n"); |
| 26 | printf("\tfseccomp debug-syscalls32\n"); | ||
| 26 | printf("\tfseccomp debug-errnos\n"); | 27 | printf("\tfseccomp debug-errnos\n"); |
| 27 | printf("\tfseccomp debug-protocols\n"); | 28 | printf("\tfseccomp debug-protocols\n"); |
| 28 | printf("\tfseccomp protocol build list file\n"); | 29 | printf("\tfseccomp protocol build list file\n"); |
| @@ -31,12 +32,20 @@ static void usage(void) { | |||
| 31 | printf("\tfseccomp secondary block file\n"); | 32 | printf("\tfseccomp secondary block file\n"); |
| 32 | printf("\tfseccomp default file\n"); | 33 | printf("\tfseccomp default file\n"); |
| 33 | printf("\tfseccomp default file allow-debuggers\n"); | 34 | printf("\tfseccomp default file allow-debuggers\n"); |
| 35 | printf("\tfseccomp default32 file\n"); | ||
| 36 | printf("\tfseccomp default32 file allow-debuggers\n"); | ||
| 34 | printf("\tfseccomp drop file1 file2 list\n"); | 37 | printf("\tfseccomp drop file1 file2 list\n"); |
| 35 | printf("\tfseccomp drop file1 file2 list allow-debuggers\n"); | 38 | printf("\tfseccomp drop file1 file2 list allow-debuggers\n"); |
| 39 | printf("\tfseccomp drop32 file1 file2 list\n"); | ||
| 40 | printf("\tfseccomp drop32 file1 file2 list allow-debuggers\n"); | ||
| 36 | printf("\tfseccomp default drop file1 file2 list\n"); | 41 | printf("\tfseccomp default drop file1 file2 list\n"); |
| 37 | printf("\tfseccomp default drop file1 file2 list allow-debuggers\n"); | 42 | printf("\tfseccomp default drop file1 file2 list allow-debuggers\n"); |
| 43 | printf("\tfseccomp default32 drop file1 file2 list\n"); | ||
| 44 | printf("\tfseccomp default32 drop file1 file2 list allow-debuggers\n"); | ||
| 38 | printf("\tfseccomp keep file1 file2 list\n"); | 45 | printf("\tfseccomp keep file1 file2 list\n"); |
| 46 | printf("\tfseccomp keep32 file1 file2 list\n"); | ||
| 39 | printf("\tfseccomp memory-deny-write-execute file\n"); | 47 | printf("\tfseccomp memory-deny-write-execute file\n"); |
| 48 | printf("\tfseccomp memory-deny-write-execute.32 file\n"); | ||
| 40 | } | 49 | } |
| 41 | 50 | ||
| 42 | int main(int argc, char **argv) { | 51 | int main(int argc, char **argv) { |
| @@ -64,6 +73,8 @@ printf("\n"); | |||
| 64 | } | 73 | } |
| 65 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) | 74 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) |
| 66 | syscall_print(); | 75 | syscall_print(); |
| 76 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0) | ||
| 77 | syscall_print_32(); | ||
| 67 | else if (argc == 2 && strcmp(argv[1], "debug-errnos") == 0) | 78 | else if (argc == 2 && strcmp(argv[1], "debug-errnos") == 0) |
| 68 | errno_print(); | 79 | errno_print(); |
| 69 | else if (argc == 2 && strcmp(argv[1], "debug-protocols") == 0) | 80 | else if (argc == 2 && strcmp(argv[1], "debug-protocols") == 0) |
| @@ -75,21 +86,37 @@ printf("\n"); | |||
| 75 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "block") == 0) | 86 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "block") == 0) |
| 76 | seccomp_secondary_block(argv[3]); | 87 | seccomp_secondary_block(argv[3]); |
| 77 | else if (argc == 3 && strcmp(argv[1], "default") == 0) | 88 | else if (argc == 3 && strcmp(argv[1], "default") == 0) |
| 78 | seccomp_default(argv[2], 0); | 89 | seccomp_default(argv[2], 0, true); |
| 79 | else if (argc == 4 && strcmp(argv[1], "default") == 0 && strcmp(argv[3], "allow-debuggers") == 0) | 90 | else if (argc == 4 && strcmp(argv[1], "default") == 0 && strcmp(argv[3], "allow-debuggers") == 0) |
| 80 | seccomp_default(argv[2], 1); | 91 | seccomp_default(argv[2], 1, true); |
| 92 | else if (argc == 3 && strcmp(argv[1], "default32") == 0) | ||
| 93 | seccomp_default(argv[2], 0, false); | ||
| 94 | else if (argc == 4 && strcmp(argv[1], "default32") == 0 && strcmp(argv[3], "allow-debuggers") == 0) | ||
| 95 | seccomp_default(argv[2], 1, false); | ||
| 81 | else if (argc == 5 && strcmp(argv[1], "drop") == 0) | 96 | else if (argc == 5 && strcmp(argv[1], "drop") == 0) |
| 82 | seccomp_drop(argv[2], argv[3], argv[4], 0); | 97 | seccomp_drop(argv[2], argv[3], argv[4], 0, true); |
| 83 | else if (argc == 6 && strcmp(argv[1], "drop") == 0 && strcmp(argv[5], "allow-debuggers") == 0) | 98 | else if (argc == 6 && strcmp(argv[1], "drop") == 0 && strcmp(argv[5], "allow-debuggers") == 0) |
| 84 | seccomp_drop(argv[2], argv[3], argv[4], 1); | 99 | seccomp_drop(argv[2], argv[3], argv[4], 1, true); |
| 100 | else if (argc == 5 && strcmp(argv[1], "drop32") == 0) | ||
| 101 | seccomp_drop(argv[2], argv[3], argv[4], 0, false); | ||
| 102 | else if (argc == 6 && strcmp(argv[1], "drop32") == 0 && strcmp(argv[5], "allow-debuggers") == 0) | ||
| 103 | seccomp_drop(argv[2], argv[3], argv[4], 1, false); | ||
| 85 | else if (argc == 6 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0) | 104 | else if (argc == 6 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0) |
| 86 | seccomp_default_drop(argv[3], argv[4], argv[5], 0); | 105 | seccomp_default_drop(argv[3], argv[4], argv[5], 0, true); |
| 87 | else if (argc == 7 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) | 106 | else if (argc == 7 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) |
| 88 | seccomp_default_drop(argv[3], argv[4], argv[5], 1); | 107 | seccomp_default_drop(argv[3], argv[4], argv[5], 1, true); |
| 108 | else if (argc == 6 && strcmp(argv[1], "default32") == 0 && strcmp(argv[2], "drop") == 0) | ||
| 109 | seccomp_default_drop(argv[3], argv[4], argv[5], 0, false); | ||
| 110 | else if (argc == 7 && strcmp(argv[1], "default32") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) | ||
| 111 | seccomp_default_drop(argv[3], argv[4], argv[5], 1, false); | ||
| 89 | else if (argc == 5 && strcmp(argv[1], "keep") == 0) | 112 | else if (argc == 5 && strcmp(argv[1], "keep") == 0) |
| 90 | seccomp_keep(argv[2], argv[3], argv[4]); | 113 | seccomp_keep(argv[2], argv[3], argv[4], true); |
| 114 | else if (argc == 5 && strcmp(argv[1], "keep32") == 0) | ||
| 115 | seccomp_keep(argv[2], argv[3], argv[4], false); | ||
| 91 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute") == 0) | 116 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute") == 0) |
| 92 | memory_deny_write_execute(argv[2]); | 117 | memory_deny_write_execute(argv[2]); |
| 118 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute.32") == 0) | ||
| 119 | memory_deny_write_execute_32(argv[2]); | ||
| 93 | else { | 120 | else { |
| 94 | fprintf(stderr, "Error fseccomp: invalid arguments\n"); | 121 | fprintf(stderr, "Error fseccomp: invalid arguments\n"); |
| 95 | return 1; | 122 | return 1; |