Find syscalls whitelisted by seccomp

Question

So I stumbled across a program in C that uses seccomp to filter out a few syscalls. Is there anyway, other than bruteforcing, to find out the syscalls that are actually allowed.

Thanks in advance

score 1 · Answer 1 · answered Sep 14 '16 at 08:03

1

If you can compile the C program, you can call seccomp_export_pfc function.

answered Sep 14 '16 at 08:03

Mathieu

8,840
7
32
45

score 0 · Answer 2 · answered Mar 23 '18 at 04:21

0

You can refer to Kafel, write a policy and disassemble the generated eBPF code with its dump_policy_bpf tool.

answered Mar 23 '18 at 04:21

tinytaro

380
2
8

Find syscalls whitelisted by seccomp

2 Answers2