Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11224 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

seccomp_export_bpf(3)	   libseccomp Documentation	 seccomp_export_bpf(3)

NAME
       seccomp_export_bpf, seccomp_export_pfc - Export the seccomp filter

SYNOPSIS
       #include <seccomp.h>

       typedef void * scmp_filter_ctx;

       int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
       int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);

       Link with -lseccomp.

DESCRIPTION
       The  seccomp_export_bpf()  and  seccomp_export_pfc() functions generate
       and output the current seccomp filter in	 either	 BPF  (Berkley	Packet
       Filter)	 or   PFC   (Pseudo   Filter   Code).	 The  output  of  sec‐
       comp_export_bpf() is suitable for loading into the  kernel,  while  the
       output  of  seccomp_export_pfc() is human readable and is intended pri‐
       marily as a debugging tool for developers using libseccomp.  Both func‐
       tions write the filter to the fd file descriptor.

       The  filter  context  ctx  is  the  value  returned by the call to sec‐
       comp_init(3).

       While the two output formats are guaranteed to be functionally  equiva‐
       lent  for  the  given seccomp filter configuration, the filter instruc‐
       tions, and their ordering, are not guaranteed to be the	same  in  both
       the BPF and PFC formats.

RETURN VALUE
       Returns zero on success, negative errno values on failure.

EXAMPLES
       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
	    int rc = -1;
	    scmp_filter_ctx ctx;
	    int filter_fd;

	    ctx = seccomp_init(SCMP_ACT_KILL);
	    if (ctx == NULL)
		 goto out;

	    /* ... */

	    filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
	    if (filter_fd == -1) {
		 rc = -errno;
		 goto out;
	    }

	    rc = seccomp_export_bpf(ctx, filter_fd);
	    if (rc < 0) {
		 close(filter_fd);
		 goto out;
	    }
	    close(filter_fd);

	    /* ... */

       out:
	    seccomp_release(ctx);
	    return -rc;
       }

NOTES
       While  the  seccomp  filter can be generated independent of the kernel,
       kernel support is required to load and enforce the seccomp filter  gen‐
       erated by libseccomp.

       The  libseccomp project site, with more information and the source code
       repository, can be found at http://libseccomp.sf.net.  This library  is
       currently under development, please report any bugs at the project site
       or directly to the author.

AUTHOR
       Paul Moore <paul@paul-moore.com>

SEE ALSO
       seccomp_init(3), seccomp_release(3)

paul@paul-moore.com		 25 July 2012		 seccomp_export_bpf(3)

Vote for polarhome