I'm looking for a way to perform Hooking with seccomp or seccomp-bpf.
I want to set a rule so that when a syscall is performed (eg read) I can change the process or the answer that comes back from Syscall. And I must use seccomp.
Tnx
How can i hooking with seccomp?
308 Views Asked by Avi Feder At
1
There are 1 best solutions below
Related Questions in LINUX
- Is there some way to use printf to print a horizontal list of decrementing hex digits in NASM assembly on Linux
- Why does Hugo generate different taxonomy-related HTML on different OS's?
- Writes in io_uring do not advance the file offset
- Why `set -o pipefail` gives different output even though the pipe is not failing
- what really controls the permissions: UID or eUID?
- Compiling eBPF program in Docker fails due to missing '__u64' type
- Docker container unable to make HTTPS requests to external API
- Whow to use callback_query_handler in Python 3.10
- Create kea runtime directory at startup in Yocto image
- Problem on CPU scheduling algorithms in OS
- How to copy files into the singularity sandbox?
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
Related Questions in LINUX-KERNEL
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Facing fatal errors while running "yum update" command on CentOS 7/Cloudlinux 7
- crash utility itself crashes while decoding kdump generated from null pointer dereference in kernel module
- How to compile the Linux kernel with -O0 for more detailed debug?
- Linux support for parallel Pixel data Image sensor
- Can't upgrade to newest version of linux-image-6.5.0-26-generic
- How to protect a page so that it cannot be write in mips arch?
- How to extract the .img file into normal kernel source file in the linux?
- Storage size of struct hash_desc desc; isn't known
- How can I intercept failed file openning calls?
- struct nameidata-Linux Kernel Module
- How to modify a 'struct msghdr' in Linux Kernel Module?
- How to allocate 500MB+ physically contiguous memory in a Linux kernel module and copy data to that memory from a userspace process?
- Hyper Threading: nosmt in grub configuration
Related Questions in HOOK
- How to modify HTML in WordPress core file
- I want to use toilet to modify hook_function
- Is there a way to add a pre-hook in R?
- Vite / Rollup Static Asset Copy Hook
- Mouse hook with non-English language results in extremely laggy mouse
- Retrieve Extra parameters from Airflow Connection
- In Wordpress, I want to filter the content when a page is updated or created
- Is it possible to hook a non-configurable property like window.location.hostname, in JavaScript?
- Is there a WordPress hook that fires before post.php, from which I can get the post ID?
- Woocommerce - Hide other shipping methods if free shipping is available not working properly
- Woocommerce 8.6.1 checkout form hooks not fired
- Storing Individual Quiz Answers in LearnPress Plugin - WordPress
- runing a feature with after hooks in cucumber
- Modify redis.Cmder content in hook
- IAT hook is not working with notepad.exe on Windows
Related Questions in SECCOMP
- seccomp_unotify can't catch syscall more than once
- Yocto gitlab CI job sometimes causes touch gives Operation not permitted
- How to enable seccomp profile on a predefined Helm chart in Kubernetes
- Docker can slow down your code and distort your benchmarks
- Rewrite a Linux binary to run on Android
- Trapping System Calls with seccomp
- Is there a difference if we setup seccomp on docker daemon or directly when running?
- Logging system calls of external Process created by Java with Seccomp
- libseccomp seems to be not working as expected
- External process on Android terminates with exit code 159 (abnormal termination with SIGSYS?)
- Is non root user and Seccomp necessary on docker desktop?
- Curl error (6) on amazonlinux docker container during `yum install`, but no issues with other image
- Running Spark on EKS 1.25 in Restricted Namespace
- Enabling seccomp strict mode gets "Invalid Argument" error on Replit
- When executing a compiled C/C++ file with below code using seccomp and execve, it is exiting with status code 159 and signal 31
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I think what you want is to modify the
struct seccomp_data, however, this is a read-only struct.To bypass this restriction you can use BPF jointly with
ptrace, filter syscalls with BPF and modify them usingptrace.