HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |RETURN VALUE |EXAMPLES |NOTES |AUTHOR |SEE ALSO |COLOPHON | |
seccomp_export_bpf(3) libseccomp Documentationseccomp_export_bpf(3)seccomp_export_bpf, seccomp_export_pfc - Export the seccomp filter
#include <seccomp.h>typedef void * scmp_filter_ctx;int seccomp_export_bpf(const scmp_filter_ctxctx, intfd);int seccomp_export_pfc(const scmp_filter_ctxctx, intfd);int seccomp_export_bpf_mem(const scmp_filter_ctxctx, void *buf, size_t *len); Link with-lseccomp.
Theseccomp_export_bpf() andseccomp_export_pfc() functions generate and output the current seccomp filter in either BPF (Berkeley Packet Filter) or PFC (Pseudo Filter Code). The output ofseccomp_export_bpf() is suitable for loading into the kernel, while the output ofseccomp_export_pfc() is human readable and is intended primarily as a debugging tool for developers using libseccomp. Both functions write the filter to thefd file descriptor. The filter contextctx is the value returned by the call toseccomp_init(3). While the two output formats are guaranteed to be functionally equivalent for the given seccomp filter configuration, the filter instructions, and their ordering, are not guaranteed to be the same in both the BPF and PFC formats. Theseccomp_export_bpf_mem() function is largely the same asseccomp_export_bpf(), but instead of writing to a file descriptor, the program will be written to thebuf pointer provided by the caller. Thelen argument must be initialized with the size of thebuf buffer. If the program was valid,len will be updated with its size in bytes. Ifbuf was too small to hold the program,len can be consulted to determine the required size. Passing a NULLbuf may also be used to query the required size ahead of time.
Return zero on success or one of the following error codes on failure:-ECANCELED There was a system failure beyond the control of the library.-EFAULT Internal libseccomp failure.-EINVAL Invalid input, either the context or architecture token is invalid.-ENOMEM The library was unable to allocate enough memory.-ERANGE The provided buffer was too small. If theSCMP_FLTATR_API_SYSRAWRC filter attribute is non-zero then additional error codes may be returned to the caller; these additional error codes are the negativeerrno values returned by the system. Unfortunately libseccomp can make no guarantees about these return values.
#include <seccomp.h> int main(int argc, char *argv[]) { int rc = -1; scmp_filter_ctx ctx; int filter_fd; ctx = seccomp_init(SCMP_ACT_KILL); if (ctx == NULL) goto out; /* ... */ filter_fd = open("/tmp/seccomp_filter.bpf", O_WRONLY); if (filter_fd == -1) { rc = -errno; goto out; } rc = seccomp_export_bpf(ctx, filter_fd); if (rc < 0) { close(filter_fd); goto out; } close(filter_fd); /* ... */ out: seccomp_release(ctx); return -rc; }While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter generated by libseccomp. The libseccomp project site, with more information and the source code repository, can be found athttps://github.com/seccomp/libseccomp. This tool, as well as the libseccomp library, is currently under development, please report any bugs at the project site or directly to the author.
Paul Moore <paul@paul-moore.com>
seccomp_init(3),seccomp_release(3)
This page is part of thelibseccomp (high-level API to the Linux Kernel's seccomp filter) project. Information about the project can be found at ⟨https://github.com/seccomp/libseccomp⟩. If you have a bug report for this manual page, see ⟨https://groups.google.com/d/forum/libseccomp⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/seccomp/libseccomp⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-05-09.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgpaul@paul-moore.com 30 May 2020seccomp_export_bpf(3)Pages that refer to this page:seccomp(2)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |