1  // SPDX-FileCopyrightText: Copyright (C) 2025 Marek Küthe <m.k@mk16.de>
 2  //
 3  // SPDX-License-Identifier: GPL-3.0-or-later
 4  
 5  #ifndef SECCOMP_HPP
 6  #define SECCOMP_HPP
 7  
 8  #ifdef HAVE_SECCOMP
 9  
10      #include <system_error>
11      #include <cerrno>
12      #include <cstdint>
13      #include <seccomp.h>
14      #include <sys/syscall.h>
15  
16  class SeccompFilterContext
17  {
18      public:
19          explicit SeccompFilterContext(uint32_t def_action);
20          void rule_add(uint32_t action, int syscall) const;
21          void allow(int syscall) const;
22          void kill(int syscall) const;
23          void kill_chown() const;
24          void kill_clock() const;
25          void kill_cpu_emulation() const;
26          void kill_debug() const;
27          void kill_others() const;
28          void kill_ipc() const;
29          void kill_keyring() const;
30          void kill_memlock() const;
31          void kill_module() const;
32          void kill_mount() const;
33          void kill_obsolete() const;
34          void kill_privileged() const;
35          void kill_rawio() const;
36          void kill_reboot() const;
37          void kill_resources() const;
38          void kill_setuid() const;
39          void kill_signal() const;
40          void kill_swap() const;
41          void kill_sync() const;
42          void kill_system_service() const;
43          void load() const;
44          void reset(uint32_t def_action) const;
45          void release();
46          [[nodiscard]] bool is_useable() const noexcept;
47  
48      private:
49          scmp_filter_ctx ctx;
50  };
51  
52  #endif
53  
54  #endif