From b14628560a972d9f1709a249207b6595ffe7ed09 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 2 Jul 2016 14:10:07 -0400
Subject: audit: seccomp

---
 src/faudit/seccomp.c | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

(limited to 'src/faudit/seccomp.c')

diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c
index a50ec1e0c..d88d6a958 100644
--- a/src/faudit/seccomp.c
+++ b/src/faudit/seccomp.c
@@ -18,7 +18,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "faudit.h"
-#include <linux/capability.h>
 
 #define MAXBUF 4098
 static int extract_seccomp(int *val) {
@@ -57,6 +56,45 @@ void seccomp_test(void) {
 		printf("GOOD: seccomp strict mode - only  read, write, _exit, and sigreturn are allowd\n");
 	else if (seccomp_status == 2) {
 		printf("GOOD: seccomp BPF enababled\n");
+
+		printf("checking syscalls: "); fflush(0);
+		printf("mount... "); fflush(0);
+		syscall_run("mount");
+
+		printf("umount2... "); fflush(0);
+		syscall_run("umount2");
+
+		printf("ptrace... "); fflush(0);
+		syscall_run("ptrace");
+		
+		printf("swapon... "); fflush(0);
+		syscall_run("swapon");
+		
+		printf("swapoff... "); fflush(0);
+		syscall_run("swapoff");
+
+		printf("init_module... "); fflush(0);
+		syscall_run("init_module");
+
+		printf("finit_module... "); fflush(0);
+		syscall_run("finit_module");
+
+		printf("delete_module... "); fflush(0);
+		syscall_run("delete_module");
+		
+		printf("chroot... "); fflush(0);
+		syscall_run("chroot");
+		
+		printf("pivot_root... "); fflush(0);
+		syscall_run("pivot_root");
+		
+		printf("iopl... "); fflush(0);
+		syscall_run("iopl");
+		
+		printf("ioperm... "); fflush(0);
+		syscall_run("ioperm");
+		
+		printf("\n");
 	}
 	else
 		fprintf(stderr, "Error: unrecognized seccomp mode\n");
-- 
cgit v1.2.3-70-g09d2