bpf: Add option for seccomp, and resolve meaning (e.g. syscall numbers)
Grazfather opened this issue · comments
Grazfather commented
bpf is 'dumb' now. It'd be nice if we could give it context hints, e.g. if the filter is a seccomp filter, in which case it can resolve things like syscall number and arg number.
0x80000000: ld [4]
0x80000008: jeq #0xc000003e,0,9
0x80000010: ld [0]
0x80000018: jeq #0x0,8,0 # read
0x80000020: jeq #0x1,7,0 # write
0x80000028: jeq #0xe7,6,0 # exit_group
0x80000030: jeq #0x11,5,0 # pread64
0x80000038: jeq #0x12,4,0 # pwrite64
0x80000040: jeq #0x13,3,0 # readv
0x80000048: jeq #0x14,2,0 # writev
0x80000050: jeq #0x3c,1,0 # exit
0x80000058: ret #0x0 # Kill
0x80000060: ret #0x7fff0000 # Allow