woj-sandbox/rules/lang_c_cpp.c

#include "rules.h"

#include <seccomp.h>

void setup_lang_c_cpp(scmp_filter_ctx ctx) {
    // some more syscall(s) that glibc uses
    int white[] = {
        SCMP_SYS(clone),           // 56
        SCMP_SYS(futex),           // 202
        SCMP_SYS(set_tid_address), // 218
        SCMP_SYS(set_robust_list), // 273
        SCMP_SYS(get_robust_list), // 274
        SCMP_SYS(rseq),            // 334
    };
    ADD_RULE_LIST(white, SCMP_ACT_ALLOW);
}

struct rule lang_c_rule = {
    .name  = "c",
    .setup = setup_lang_c_cpp,
};

struct rule lang_cpp_rule = {
    .name  = "cpp",
    .setup = setup_lang_c_cpp,
};

void __attribute__((constructor(101))) register_lang_c_cpp(void) {
    register_rule(&lang_c_rule);
    register_rule(&lang_cpp_rule);
}