Scroll to navigation

seccomp_api_get(3) libseccomp Documentation seccomp_api_get(3)

NAME

seccomp_api_get, seccomp_api_set - Manage the libseccomp API level

SYNOPSIS

#include <seccomp.h>

const unsigned int seccomp_api_get(void);
int seccomp_api_set(unsigned int level);

Link with -lseccomp.

DESCRIPTION

The seccomp_api_get() function returns an integer representing the functionality ("API level") provided by the current running kernel. It is important to note that while seccomp_api_get() can be called multiple times, the kernel is only probed the first time to see what functionality is supported, all following calls to seccomp_api_get() return a cached value.

The seccomp_api_set() function allows callers to force the API level to the provided value; however, this is almost always a bad idea and use of this function is strongly discouraged.

The different API level values are described below:

0
Reserved value, not currently used.
1
Base level support.
2
The SCMP_FLTATR_CTL_TSYNC filter attribute is supported and libseccomp uses the seccomp(2) syscall to load the seccomp filter into the kernel.
3
The SCMP_FLTATR_CTL_LOG filter attribute and the SCMP_ACT_LOG action are supported.

RETURN VALUE

The seccomp_api_get() function returns an integer representing the supported API level. The seccomp_api_set() function returns zero on success, negative values on failure.

EXAMPLES

#include <seccomp.h>
int main(int argc, char *argv[])
{
	unsigned int api;
	api = seccomp_api_get();
	switch (api) {
	case 2:
		/* ... */
	default:
		/* ... */
	}
	return 0;
err:
	return -1;
}

NOTES

While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter generated by libseccomp.

The libseccomp project site, with more information and the source code repository, can be found at https://github.com/seccomp/libseccomp. This tool, as well as the libseccomp library, is currently under development, please report any bugs at the project site or directly to the author.

AUTHOR

Paul Moore <paul@paul-moore.com>
8 October 2017 paul@paul-moore.com