Skip to content

Commit de7e7e2

Browse files
vimpostorvimpostor
committed
Remove unused function
For quite some time we only use the trapping for multiple syscalls at once, so we can remove the BPF filter for trapping just one syscall.
1 parent dab9a3a commit de7e7e2

File tree

3 files changed

+1
-26
lines changed

3 files changed

+1
-26
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ Using this method it is also incredibly cumbersome to overwrite system call argu
3838
Recent advancements in the [Seccomp Notifier](https://people.kernel.org/brauner/the-seccomp-notifier-cranking-up-the-crazy-with-bpf) API have made it possible to intercept any system call in a much more elegant way.
3939
This also offers significant speed improvements, now the performance impact is closer to running the application in a container.
4040

41-
For a more detailed explanation see the [accompanying blog posts](https://blog.mggross.com/intercepting-syscalls/).
41+
For a more detailed explanation see the [accompanying blog post](https://blog.mggross.com/intercepting-syscalls/).
4242

4343
# Rules format
4444

src/bin/seccomp/seccomp_trap.c

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -70,30 +70,6 @@ int recv_fd(int sock)
7070
return *((int *)CMSG_DATA(cmsg));
7171
}
7272

73-
int user_trap_syscall(int nr, unsigned int flags)
74-
{
75-
struct sock_filter filter[] = {
76-
// Check that architecture matches
77-
// https://www.kernel.org/doc/html/latest/userspace-api/seccomp_filter.html#pitfalls
78-
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))),
79-
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 0, 2),
80-
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, nr))),
81-
BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 0, 1),
82-
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_PROCESS),
83-
// decide wheter to allow the syscall
84-
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, nr, 0, 1),
85-
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_USER_NOTIF),
86-
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
87-
};
88-
89-
struct sock_fprog prog = {
90-
.len = (unsigned short)ARRAY_SIZE(filter),
91-
.filter = filter,
92-
};
93-
94-
return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog);
95-
}
96-
9773
int user_trap_syscalls(const int *nrs, size_t length, unsigned int flags) {
9874
struct sock_filter filter[MAX_FILTER_SIZE];
9975
int i = 0;

src/bin/seccomp/seccomp_trap.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,5 +25,4 @@
2525
int seccomp(unsigned int op, unsigned int flags, void *args);
2626
int send_fd(int sock, int fd);
2727
int recv_fd(int sock);
28-
int user_trap_syscall(int nr, unsigned int flags);
2928
int user_trap_syscalls(const int *nrs, size_t length, unsigned int flags);

0 commit comments

Comments
 (0)