Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <errno.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <unistd.h>
- #include <seccomp.h>
- #define seccomp_err(fun, ...) \
- do { \
- int ret = fun(__VA_ARGS__); \
- if (ret < 0) { \
- errno = -ret; \
- perror(#fun); \
- exit(1); \
- } \
- } while (0)
- int main() {
- scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW);
- if (ctx == NULL) {
- perror("seccomp_init");
- return 1;
- }
- seccomp_err(seccomp_rule_add, ctx, SCMP_ACT_KILL, SCMP_SYS(fork), 0);
- seccomp_err(seccomp_load, ctx);
- printf("And now we fork...\n");
- fork();
- printf("You should not see this because I'm dead.\n");
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment