forked from mirrors/kore
Add seccomp.bpf_stmt() method to Python api.
Allows a developer to create their own statements, the bpf_jmp equivalent may follow later if I need it.
This commit is contained in:
parent
0eb11794f5
commit
3dcf94d1ae
|
@ -151,8 +151,11 @@ static PyObject *pyseccomp_deny_flag(struct pyseccomp *,
|
|||
static PyObject *pyseccomp_deny_mask(struct pyseccomp *,
|
||||
PyObject *, PyObject *);
|
||||
|
||||
static PyObject *pyseccomp_bpf_stmt(struct pyseccomp *, PyObject *);
|
||||
|
||||
static PyMethodDef pyseccomp_methods[] = {
|
||||
METHOD("allow", pyseccomp_allow, METH_VARARGS),
|
||||
METHOD("bpf_stmt", pyseccomp_bpf_stmt, METH_VARARGS),
|
||||
METHOD("allow_arg", pyseccomp_allow_arg, METH_VARARGS),
|
||||
METHOD("allow_flag", pyseccomp_allow_flag, METH_VARARGS),
|
||||
METHOD("allow_mask", pyseccomp_allow_mask, METH_VARARGS),
|
||||
|
|
26
src/python.c
26
src/python.c
|
@ -529,6 +529,32 @@ pyseccomp_dealloc(struct pyseccomp *seccomp)
|
|||
seccomp->filters = NULL;
|
||||
}
|
||||
|
||||
static PyObject *
|
||||
pyseccomp_bpf_stmt(struct pyseccomp *seccomp, PyObject *args)
|
||||
{
|
||||
u_int32_t k;
|
||||
u_int16_t code;
|
||||
size_t len, off;
|
||||
struct sock_filter filter[1];
|
||||
|
||||
if (!PyArg_ParseTuple(args, "HI", &code, &k))
|
||||
return (NULL);
|
||||
|
||||
filter[0].k = k;
|
||||
filter[0].jt = 0;
|
||||
filter[0].jf = 0;
|
||||
filter[0].code = code;
|
||||
|
||||
len = sizeof(struct sock_filter);
|
||||
off = seccomp->elm * sizeof(struct sock_filter);
|
||||
seccomp->filters = kore_realloc(seccomp->filters, off + len);
|
||||
|
||||
memcpy(seccomp->filters + off, filter, len);
|
||||
seccomp->elm += 1;
|
||||
|
||||
Py_RETURN_NONE;
|
||||
}
|
||||
|
||||
static PyObject *
|
||||
pyseccomp_allow(struct pyseccomp *seccomp, PyObject *args)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue