Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11224 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

seccomp_merge(3)	   libseccomp Documentation	      seccomp_merge(3)

NAME
       seccomp_merge - Merge two seccomp filters

SYNOPSIS
       #include <seccomp.h>

       typedef void * scmp_filter_ctx;

       int seccomp_merge(scmp_filter_ctx dst, scmp_filter_ctx src);

       Link with -lseccomp.

DESCRIPTION
       The  seccomp_merge() function merges the seccomp filter in src with the
       filter in dst and stores the resulting in the dst filter.  If  success‐
       full,  the src seccomp filter is released and all internal memory asso‐
       cated with the  filter  is  freed;  there  is  no  need	to  call  sec‐
       comp_release(3)	on src and the caller should discard any references to
       the filter.

       In order to merge two seccomp filters, both filters must have the  same
       attribute values and no overlapping architectures.

RETURN VALUE
       Returns zero on success and negative values on failure.

EXAMPLES
       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
	    int rc = -1;
	    scmp_filter_ctx ctx_32, ctx_64;

	    ctx_32 = seccomp_init(SCMP_ACT_KILL);
	    if (ctx_32 == NULL)
		 goto out_all;
	    ctx_64 = seccomp_init(SCMP_ACT_KILL);
	    if (ctx_64 == NULL)
		 goto out_all;

	    if (seccomp_arch_exist(ctx_32, SCMP_ARCH_X86) == -EEXIST) {
		 rc = seccomp_arch_add(ctx_32, SCMP_ARCH_X86);
		 if (rc != 0)
		      goto out_all;
		 rc = seccomp_arch_remove(ctx_32, SCMP_ARCH_NATIVE);
		 if (rc != 0)
		      goto out_all;
	    }
	    if (seccomp_arch_exist(ctx_64, SCMP_ARCH_X86_64) == -EEXIST) {
		 rc = seccomp_arch_add(ctx_64, SCMP_ARCH_X86_64);
		 if (rc != 0)
		      goto out_all;
		 rc = seccomp_arch_remove(ctx_64, SCMP_ARCH_NATIVE);
		 if (rc != 0)
		      goto out_all;
	    }

	    /* ... */

	    rc = seccomp_merge(ctx_64, ctx_32);
	    if (rc != 0)
		 goto out_all;

	    /* NOTE: the 'ctx_32' filter is no longer valid at this point */

	    /* ... */

       out:
	    seccomp_release(ctx_64);
	    return -rc;
       out_all:
	    seccomp_release(ctx_32);
	    goto out;
       }

NOTES
       While  the  seccomp  filter can be generated independent of the kernel,
       kernel support is required to load and enforce the seccomp filter  gen‐
       erated by libseccomp.

       The  libseccomp project site, with more information and the source code
       repository, can be found at http://libseccomp.sf.net.  This library  is
       currently under development, please report any bugs at the project site
       or directly to the author.

AUTHOR
       Paul Moore <paul@paul-moore.com>

SEE ALSO
       seccomp_init(3),	   seccomp_reset(3),	 seccomp_arch_add(3),	  sec‐
       comp_arch_remove(3), seccomp_attr_get(3), seccomp_attr_set(3)

paul@paul-moore.com	       28 September 2012	      seccomp_merge(3)

Vote for polarhome