Say I have a process with seccomp filters installed. At runtime, i would like to see all the seccomp filtered installed within this process.
How can I achieve that? Reading through seccomp man page does not seem to find the answers.
Asked
Active
Viewed 118 times
1 Answers
1
You can use ptrace(PTRACE_SECCOMP_GET_FILTER, pid, (void *)i, data) where i is the index of the filter with the must recently installed being 0, and data is an array of struct sock_filter or NULL to read the size. The return value is the number of instructions in the filter.
Timothy Baldwin
- 3,551
- 1
- 14
- 23