Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11224 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

seccomp_attr_set(3)	   libseccomp Documentation	   seccomp_attr_set(3)

NAME
       seccomp_attr_set,   seccomp_attr_get   -	  Manage  the  seccomp	filter
       attributes

SYNOPSIS
       #include <seccomp.h>

       typedef void * scmp_filter_ctx;
       enum scmp_filter_attr;

       int seccomp_attr_set(scmp_filter_ctx ctx,
			    enum scmp_filter_attr attr, uint32_t value);
       int seccomp_attr_get(scmp_filter_ctx ctx,
			    enum scmp_filter_attr attr, uint32_t *value);

       Link with -lseccomp.

DESCRIPTION
       The seccomp_attr_set()  function	 sets  the  different  seccomp	filter
       attributes  while  the  seccomp_attr_get()  function fetches the filter
       attributes.  The seccomp filter	attributes  are	 tunable  values  that
       affect  how the library behaves when generating and loading the seccomp
       filter into the kernel.	The attributes are reset to their default val‐
       ues  whenever  the  filter  is  initialized  or	reset via seccomp_fil‐
       ter_init(3) or seccomp_filter_reset(3).

       The filter context ctx is the  value  returned  by  the	call  to  sec‐
       comp_init(3).

       Valid attr values are as follows:

       SCMP_FLTATR_ACT_DEFAULT
	      The  default  filter  action  as	specified  in the call to sec‐
	      comp_filter_init(3) or seccomp_filter_reset(3).  This  attribute
	      is read-only.

       SCMP_FLTATR_ACT_BADARCH
	      The  filter  action  taken when the loaded filter does not match
	      the architecture of the executing application.  Defaults to  the
	      SCMP_ACT_KILL action.

       SCMP_FLTATR_CTL_NNP
	      A	 flag  to  specify if the NO_NEW_PRIVS functionality should be
	      enabled before loading the seccomp filter into the  kernel.   If
	      set  to  off  ( value == 0) then loading the seccomp filter into
	      the kernel will fail if CAP_SYS_ADMIN is not set.	  Defaults  to
	      on ( value == 1).

RETURN VALUE
       Returns zero on success, negative errno values on failure.

EXAMPLES
       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
	    int rc = -1;
	    scmp_filter_ctx ctx;

	    ctx = seccomp_init(SCMP_ACT_ALLOW);
	    if (ctx == NULL)
		 goto out;

	    /* ... */

	    rc = seccomp_attr_set(ctx, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_TRAP);
	    if (rc < 0)
		 goto out;

	    /* ... */

       out:
	    seccomp_release(ctx);
	    return -rc;
       }

NOTES
       While  the  seccomp  filter can be generated independent of the kernel,
       kernel support is required to load and enforce the seccomp filter  gen‐
       erated by libseccomp.

       The  libseccomp project site, with more information and the source code
       repository, can be found at http://libseccomp.sf.net.  This library  is
       currently under development, please report any bugs at the project site
       or directly to the author.

AUTHOR
       Paul Moore <paul@paul-moore.com>

SEE ALSO
       seccomp_init(3), seccomp_reset(3), seccomp_load(3)

paul@paul-moore.com		 25 July 2012		   seccomp_attr_set(3)

Vote for polarhome