0

I am writing a program that creates BPF seccomp filters. These filters are supposed to check syscalls and their arguments against predefined allowed values. The logic to check the syscall by its number works as expected. However, the logic to filter the syscall arguments does not.

For debug purposes, is it possible to dump the input data of the filter program (seccomp_data) to see what it saw when it attempted to filter the syscall?

If that is not possible, is there another way to debug a raw BPF seccomp filter?

I know that libseccomp exists but this is an independent implementation.

inorik
  • 197
  • 5
  • *"I know that libseccomp exists but this is an independent implementation."* - In this case this does not look for me like a security question but a pure coding question, i.e. off-topic. And you could likely get your answer by reading how libseccomp does it. – Steffen Ullrich Aug 02 '21 at 16:52
  • "_[...] but a pure coding question_" True, it is a debugging and thus a coding question. Just for a very security specific technology. I supposedly already do what libseccomp does but have a hard time debugging my implementation. Would a post on SO make more sense? – inorik Aug 02 '21 at 17:10

0 Answers0