woj-sandbox/rules/rules.h

#ifndef WOJ_SANDBOX_RULES_H
#define WOJ_SANDBOX_RULES_H

#include "../sandbox.h"
#include "../utils/list.h"

#include "seccomp.h"

#define ADD_RULE_LIST(white_list, act)                                               \
    do {                                                                             \
        int white_len = sizeof(white_list) / sizeof(white_list[0]);                  \
        for (int i = 0; i < white_len; i++) add_syscall_nr(white_list[i], ctx, act); \
    } while (0)

struct rule {
    char            *name;
    void             (*setup)(scmp_filter_ctx);
    struct list_head list;
};

void register_rule(struct rule *rule);
void setup_rule(const char *name, scmp_filter_ctx ctx, const char *exe_path);
void dump_rules(void);

#endif // WOJ_SANDBOX_RULES_H
feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`#ifndef WOJ_SANDBOX_RULES_H`
			`#define WOJ_SANDBOX_RULES_H`

feat: refactor, drop LD_PRELOAD method 2024-01-01 17:31:21 +08:00			`#include "../sandbox.h"`
feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`#include "../utils/list.h"`

			`#include "seccomp.h"`

feat: refactor, drop LD_PRELOAD method 2024-01-01 17:31:21 +08:00			`#define ADD_RULE_LIST(white_list, act) \`
			`do { \`
			`int white_len = sizeof(white_list) / sizeof(white_list[0]); \`
			`for (int i = 0; i < white_len; i++) add_syscall_nr(white_list[i], ctx, act); \`
			`} while (0)`

feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`struct rule {`
feat: pass config instead of getenv 2023-12-28 00:58:15 +08:00			`char *name;`
			`void (*setup)(scmp_filter_ctx);`
feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`struct list_head list;`
			`};`

			`void register_rule(struct rule *rule);`
feat: pass config instead of getenv 2023-12-28 00:58:15 +08:00			`void setup_rule(const char name, scmp_filter_ctx ctx, const char exe_path);`
feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`void dump_rules(void);`

			`#endif // WOJ_SANDBOX_RULES_H`