DEVHIDE
Login Or Sign up

seccomp how to handle ptrace events

680 Views Asked by At

I am using seccomp filters to restrict system calls made by a process. Up to using whitelist of system calls to allow and disallow system call is understandable. I stuck on concept of ptrace events generated by seccomp rules. For example I can disallow open but I want to generate ptrace event on open system call so that I can determine whether process can open that file or not. My specific question is how to catch ptrace event generated by seccomp? Any help or reference will be a great blessing.

I googled in my humble capacity but did not find any help and running example.

c linux sandbox ptrace seccomp
Original Q&A
1

There are 1 best solutions below

0
On

You need to have a separate program which traces the inferior. This tracer shall call

    ptrace(PTRACE_SETOPTIONS, tracee_pid, 0, PTRACE_O_TRACESECCOMP);

to request notifications, and call

    waitpid(tracee_pid, &status, __WALL);

to be notified. When waitpid returns, analyze status, and retrieve notification via

    unsigned long data;
    ptrace(PTRACE_GETEVENTMSG, tracee_pid, 0, &data);

Related Questions in C

Related Questions in LINUX

Related Questions in SANDBOX

Related Questions in PTRACE

Related Questions in SECCOMP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.