Provided by: libseccomp-dev_2.1.1-1ubuntu1~trusty5_amd64 bug

NAME
       seccomp_export_bpf, seccomp_export_pfc - Export the seccomp filter


SYNOPSIS
       #include <seccomp.h>

       typedef void * scmp_filter_ctx;

       int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
       int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);

       Link with -lseccomp.


DESCRIPTION
       The  seccomp_export_bpf()  and  seccomp_export_pfc()  functions  generate  and output the current seccomp
       filter  in  either  BPF  (Berkley  Packet  Filter)  or  PFC  (Pseudo  Filter  Code).    The   output   of
       seccomp_export_bpf() is suitable for loading into the kernel, while the output of seccomp_export_pfc() is
       human  readable  and  is  intended  primarily  as a debugging tool for developers using libseccomp.  Both
       functions write the filter to the fd file descriptor.

       The filter context ctx is the value returned by the call to seccomp_init(3).

       While the two output formats are guaranteed to be functionally equivalent for the  given  seccomp  filter
       configuration, the filter instructions, and their ordering, are not guaranteed to be the same in both the
       BPF and PFC formats.


RETURN VALUE
       Returns zero on success, negative errno values on failure.


EXAMPLES
       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
            int rc = -1;
            scmp_filter_ctx ctx;
            int filter_fd;

            ctx = seccomp_init(SCMP_ACT_KILL);
            if (ctx == NULL)
                 goto out;

            /* ... */

            filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY);
            if (filter_fd == -1) {
                 rc = -errno;
                 goto out;
            }

            rc = seccomp_export_bpf(ctx, filter_fd);
            if (rc < 0) {
                 close(filter_fd);
                 goto out;
            }
            close(filter_fd);

            /* ... */

       out:
            seccomp_release(ctx);
            return -rc;
       }


NOTES
       While  the  seccomp filter can be generated independent of the kernel, kernel support is required to load
       and enforce the seccomp filter generated by libseccomp.

       The libseccomp project site, with more information and the  source  code  repository,  can  be  found  at
       http://libseccomp.sf.net.   This  library  is  currently under development, please report any bugs at the
       project site or directly to the author.


AUTHOR
       Paul Moore <paul@paul-moore.com>


SEE ALSO
       seccomp_init(3), seccomp_release(3)

paul@paul-moore.com                               25 July 2012                             seccomp_export_bpf(3)