From b79e4416fe642976111a2d610a19c3e4696bb2e2 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 18 May 2021 13:49:02 -0400 Subject: jailtest -> jailcheck (#4268) --- src/jailcheck/seccomp.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 src/jailcheck/seccomp.c (limited to 'src/jailcheck/seccomp.c') diff --git a/src/jailcheck/seccomp.c b/src/jailcheck/seccomp.c new file mode 100644 index 000000000..9345eb970 --- /dev/null +++ b/src/jailcheck/seccomp.c @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2014-2021 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ +#include "jailcheck.h" +#define MAXBUF 4096 + +void seccomp_test(pid_t pid) { + char *file; + if (asprintf(&file, "/proc/%d/status", pid) == -1) + errExit("asprintf"); + + FILE *fp = fopen(file, "r"); + if (!fp) { + printf(" Error: cannot open %s\n", file); + free(file); + return; + } + + char buf[MAXBUF]; + while (fgets(buf, MAXBUF, fp)) { + if (strncmp(buf, "Seccomp:", 8) == 0) { + int val = -1; + int rv = sscanf(buf + 8, "\t%d", &val); + if (rv != 1 || val == 0) + printf(" Warning: seccomp not enabled\n"); + break; + } + } + fclose(fp); + free(file); +} -- cgit v1.2.3-54-g00ecf