1 // SPDX-License-Identifier: GPL-2.0 2 #include <stdio.h> 3 #include <linux/bpf.h> 4 #include <unistd.h> 5 #include <linux/filter.h> 6 #include <linux/seccomp.h> 7 #include <sys/prctl.h> 8 #include <bpf/bpf.h> 9 #include "bpf_load.h" 10 #include <sys/resource.h> 11 12 /* install fake seccomp program to enable seccomp code path inside the kernel, 13 * so that our kprobe attached to seccomp_phase1() can be triggered 14 */ 15 static void install_accept_all_seccomp(void) 16 { 17 struct sock_filter filter[] = { 18 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), 19 }; 20 struct sock_fprog prog = { 21 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 22 .filter = filter, 23 }; 24 if (prctl(PR_SET_SECCOMP, 2, &prog)) 25 perror("prctl"); 26 } 27 28 int main(int ac, char **argv) 29 { 30 FILE *f; 31 char filename[256]; 32 struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; 33 34 snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); 35 setrlimit(RLIMIT_MEMLOCK, &r); 36 37 if (load_bpf_file(filename)) { 38 printf("%s", bpf_log_buf); 39 return 1; 40 } 41 42 install_accept_all_seccomp(); 43 44 f = popen("dd if=/dev/zero of=/dev/null count=5", "r"); 45 (void) f; 46 47 read_trace_pipe(); 48 49 return 0; 50 } 51