http://man7.org/linux/man-pages/man3/seccomp_export_bpf.3.html how can I load the generated code into kernel? Which are possible use cases for this function?
How can I load the generated code into kernel?
If you're using seccomp_export_bpf(const scmp_filter_ctx ctx, int fd), then you already have an initialized scmp_filter_ctx object, ctx, in which case, you can simply do:
int rc = seccomp_load(ctx);
No need to use seccomp_export_bpf to load the filter in the kernel.
Which are possible use cases for this function?
I'm guessing seccomp_export_bpf is mostly useful when you want to keep a copy of your filter on disk for future use. For example, you could do (from the man page example):
filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
if (filter_fd == -1) {
rc = -errno;
goto out;
}
rc = seccomp_export_bpf(ctx, filter_fd);
To then load that exported filter in the kernel you could do:
char filter[4096];
int length = read(0, filter, 4096);
if (length < 0) {
goto out;
}
struct sock_fprog bpf_prog = {
.len = length / sizeof(struct sock_filter),
.filter = filter,
};
rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &bpf_prog);