diff options
Diffstat (limited to 'src/fseccomp/main.c')
-rw-r--r-- | src/fseccomp/main.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 82b96f476..b3161a6db 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -23,6 +23,7 @@ int arg_quiet = 0; | |||
23 | static void usage(void) { | 23 | static void usage(void) { |
24 | printf("Usage:\n"); | 24 | printf("Usage:\n"); |
25 | printf("\tfseccomp debug-syscalls\n"); | 25 | printf("\tfseccomp debug-syscalls\n"); |
26 | printf("\tfseccomp debug-syscalls32\n"); | ||
26 | printf("\tfseccomp debug-errnos\n"); | 27 | printf("\tfseccomp debug-errnos\n"); |
27 | printf("\tfseccomp debug-protocols\n"); | 28 | printf("\tfseccomp debug-protocols\n"); |
28 | printf("\tfseccomp protocol build list file\n"); | 29 | printf("\tfseccomp protocol build list file\n"); |
@@ -31,12 +32,20 @@ static void usage(void) { | |||
31 | printf("\tfseccomp secondary block file\n"); | 32 | printf("\tfseccomp secondary block file\n"); |
32 | printf("\tfseccomp default file\n"); | 33 | printf("\tfseccomp default file\n"); |
33 | printf("\tfseccomp default file allow-debuggers\n"); | 34 | printf("\tfseccomp default file allow-debuggers\n"); |
35 | printf("\tfseccomp default32 file\n"); | ||
36 | printf("\tfseccomp default32 file allow-debuggers\n"); | ||
34 | printf("\tfseccomp drop file1 file2 list\n"); | 37 | printf("\tfseccomp drop file1 file2 list\n"); |
35 | printf("\tfseccomp drop file1 file2 list allow-debuggers\n"); | 38 | printf("\tfseccomp drop file1 file2 list allow-debuggers\n"); |
39 | printf("\tfseccomp drop32 file1 file2 list\n"); | ||
40 | printf("\tfseccomp drop32 file1 file2 list allow-debuggers\n"); | ||
36 | printf("\tfseccomp default drop file1 file2 list\n"); | 41 | printf("\tfseccomp default drop file1 file2 list\n"); |
37 | printf("\tfseccomp default drop file1 file2 list allow-debuggers\n"); | 42 | printf("\tfseccomp default drop file1 file2 list allow-debuggers\n"); |
43 | printf("\tfseccomp default32 drop file1 file2 list\n"); | ||
44 | printf("\tfseccomp default32 drop file1 file2 list allow-debuggers\n"); | ||
38 | printf("\tfseccomp keep file1 file2 list\n"); | 45 | printf("\tfseccomp keep file1 file2 list\n"); |
46 | printf("\tfseccomp keep32 file1 file2 list\n"); | ||
39 | printf("\tfseccomp memory-deny-write-execute file\n"); | 47 | printf("\tfseccomp memory-deny-write-execute file\n"); |
48 | printf("\tfseccomp memory-deny-write-execute.32 file\n"); | ||
40 | } | 49 | } |
41 | 50 | ||
42 | int main(int argc, char **argv) { | 51 | int main(int argc, char **argv) { |
@@ -64,6 +73,8 @@ printf("\n"); | |||
64 | } | 73 | } |
65 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) | 74 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0) |
66 | syscall_print(); | 75 | syscall_print(); |
76 | else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0) | ||
77 | syscall_print_32(); | ||
67 | else if (argc == 2 && strcmp(argv[1], "debug-errnos") == 0) | 78 | else if (argc == 2 && strcmp(argv[1], "debug-errnos") == 0) |
68 | errno_print(); | 79 | errno_print(); |
69 | else if (argc == 2 && strcmp(argv[1], "debug-protocols") == 0) | 80 | else if (argc == 2 && strcmp(argv[1], "debug-protocols") == 0) |
@@ -75,21 +86,37 @@ printf("\n"); | |||
75 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "block") == 0) | 86 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "block") == 0) |
76 | seccomp_secondary_block(argv[3]); | 87 | seccomp_secondary_block(argv[3]); |
77 | else if (argc == 3 && strcmp(argv[1], "default") == 0) | 88 | else if (argc == 3 && strcmp(argv[1], "default") == 0) |
78 | seccomp_default(argv[2], 0); | 89 | seccomp_default(argv[2], 0, true); |
79 | else if (argc == 4 && strcmp(argv[1], "default") == 0 && strcmp(argv[3], "allow-debuggers") == 0) | 90 | else if (argc == 4 && strcmp(argv[1], "default") == 0 && strcmp(argv[3], "allow-debuggers") == 0) |
80 | seccomp_default(argv[2], 1); | 91 | seccomp_default(argv[2], 1, true); |
92 | else if (argc == 3 && strcmp(argv[1], "default32") == 0) | ||
93 | seccomp_default(argv[2], 0, false); | ||
94 | else if (argc == 4 && strcmp(argv[1], "default32") == 0 && strcmp(argv[3], "allow-debuggers") == 0) | ||
95 | seccomp_default(argv[2], 1, false); | ||
81 | else if (argc == 5 && strcmp(argv[1], "drop") == 0) | 96 | else if (argc == 5 && strcmp(argv[1], "drop") == 0) |
82 | seccomp_drop(argv[2], argv[3], argv[4], 0); | 97 | seccomp_drop(argv[2], argv[3], argv[4], 0, true); |
83 | else if (argc == 6 && strcmp(argv[1], "drop") == 0 && strcmp(argv[5], "allow-debuggers") == 0) | 98 | else if (argc == 6 && strcmp(argv[1], "drop") == 0 && strcmp(argv[5], "allow-debuggers") == 0) |
84 | seccomp_drop(argv[2], argv[3], argv[4], 1); | 99 | seccomp_drop(argv[2], argv[3], argv[4], 1, true); |
100 | else if (argc == 5 && strcmp(argv[1], "drop32") == 0) | ||
101 | seccomp_drop(argv[2], argv[3], argv[4], 0, false); | ||
102 | else if (argc == 6 && strcmp(argv[1], "drop32") == 0 && strcmp(argv[5], "allow-debuggers") == 0) | ||
103 | seccomp_drop(argv[2], argv[3], argv[4], 1, false); | ||
85 | else if (argc == 6 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0) | 104 | else if (argc == 6 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0) |
86 | seccomp_default_drop(argv[3], argv[4], argv[5], 0); | 105 | seccomp_default_drop(argv[3], argv[4], argv[5], 0, true); |
87 | else if (argc == 7 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) | 106 | else if (argc == 7 && strcmp(argv[1], "default") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) |
88 | seccomp_default_drop(argv[3], argv[4], argv[5], 1); | 107 | seccomp_default_drop(argv[3], argv[4], argv[5], 1, true); |
108 | else if (argc == 6 && strcmp(argv[1], "default32") == 0 && strcmp(argv[2], "drop") == 0) | ||
109 | seccomp_default_drop(argv[3], argv[4], argv[5], 0, false); | ||
110 | else if (argc == 7 && strcmp(argv[1], "default32") == 0 && strcmp(argv[2], "drop") == 0 && strcmp(argv[6], "allow-debuggers") == 0) | ||
111 | seccomp_default_drop(argv[3], argv[4], argv[5], 1, false); | ||
89 | else if (argc == 5 && strcmp(argv[1], "keep") == 0) | 112 | else if (argc == 5 && strcmp(argv[1], "keep") == 0) |
90 | seccomp_keep(argv[2], argv[3], argv[4]); | 113 | seccomp_keep(argv[2], argv[3], argv[4], true); |
114 | else if (argc == 5 && strcmp(argv[1], "keep32") == 0) | ||
115 | seccomp_keep(argv[2], argv[3], argv[4], false); | ||
91 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute") == 0) | 116 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute") == 0) |
92 | memory_deny_write_execute(argv[2]); | 117 | memory_deny_write_execute(argv[2]); |
118 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute.32") == 0) | ||
119 | memory_deny_write_execute_32(argv[2]); | ||
93 | else { | 120 | else { |
94 | fprintf(stderr, "Error fseccomp: invalid arguments\n"); | 121 | fprintf(stderr, "Error fseccomp: invalid arguments\n"); |
95 | return 1; | 122 | return 1; |