kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 3dcf94d1aea523d2caf2b430729128d6194cfc67
parent 0eb11794f56b5f04a973409cfd47605a0bfbc2a8
Author: Joris Vink <joris@coders.se>
Date:   Mon,  7 Oct 2019 13:44:31 +0200

Add seccomp.bpf_stmt() method to Python api.

Allows a developer to create their own statements, the bpf_jmp equivalent
may follow later if I need it.

Diffstat:
include/kore/python_methods.h | 3+++
src/python.c | 26++++++++++++++++++++++++++
2 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/include/kore/python_methods.h b/include/kore/python_methods.h @@ -151,8 +151,11 @@ static PyObject *pyseccomp_deny_flag(struct pyseccomp *, static PyObject *pyseccomp_deny_mask(struct pyseccomp *, PyObject *, PyObject *); +static PyObject *pyseccomp_bpf_stmt(struct pyseccomp *, PyObject *); + static PyMethodDef pyseccomp_methods[] = { METHOD("allow", pyseccomp_allow, METH_VARARGS), + METHOD("bpf_stmt", pyseccomp_bpf_stmt, METH_VARARGS), METHOD("allow_arg", pyseccomp_allow_arg, METH_VARARGS), METHOD("allow_flag", pyseccomp_allow_flag, METH_VARARGS), METHOD("allow_mask", pyseccomp_allow_mask, METH_VARARGS), diff --git a/src/python.c b/src/python.c @@ -530,6 +530,32 @@ pyseccomp_dealloc(struct pyseccomp *seccomp) } static PyObject * +pyseccomp_bpf_stmt(struct pyseccomp *seccomp, PyObject *args) +{ + u_int32_t k; + u_int16_t code; + size_t len, off; + struct sock_filter filter[1]; + + if (!PyArg_ParseTuple(args, "HI", &code, &k)) + return (NULL); + + filter[0].k = k; + filter[0].jt = 0; + filter[0].jf = 0; + filter[0].code = code; + + len = sizeof(struct sock_filter); + off = seccomp->elm * sizeof(struct sock_filter); + seccomp->filters = kore_realloc(seccomp->filters, off + len); + + memcpy(seccomp->filters + off, filter, len); + seccomp->elm += 1; + + Py_RETURN_NONE; +} + +static PyObject * pyseccomp_allow(struct pyseccomp *seccomp, PyObject *args) { const char *syscall;