Class: SeccompTools::CLI::Dump

Inherits:
Base
  • Object
show all
Defined in:
lib/seccomp-tools/cli/dump.rb

Overview

Handle ‘dump’ command.

Constant Summary collapse

SUMMARY =

Summary of this command.

'Automatically dump seccomp bpf from execution file(s).'
USAGE =

Usage of this command.

"dump - #{SUMMARY}\nNOTE : This function is only available on Linux." \
"\n\nUsage: seccomp-tools dump [exec] [options]".freeze

Instance Attribute Summary

Attributes inherited from Base

#argv, #option

Instance Method Summary collapse

Constructor Details

#initializeDump

Returns a new instance of Dump.



20
21
22
23
24
25
 
# File 'lib/seccomp-tools/cli/dump.rb', line 20

def initialize(*)
  super
  option[:format] = :disasm
  option[:limit] = 1
  option[:pid] = nil
end

Instance Method Details

#handlevoid

This method returns an undefined value.

Handle options.



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/seccomp-tools/cli/dump.rb', line 67

def handle
  return Logger.error('Dump is only available on Linux.') unless Dumper::SUPPORTED
  return unless super

  block = lambda do |bpf, arch|
    case option[:format]
    when :inspect then output { "\"#{bpf.bytes.map { |b| format('\\x%02X', b) }.join}\"\n" }
    when :raw then output { bpf }
    when :disasm then output { SeccompTools::Disasm.disasm(bpf, arch:) }
    end
  end
  if option[:pid].nil?
    option[:command] = argv.shift unless argv.empty?
    SeccompTools::Dumper.dump('/bin/sh', '-c', option[:command], limit: option[:limit], &block)
  else
    begin
      SeccompTools::Dumper.dump_by_pid(option[:pid], option[:limit], &block)
    rescue Errno::EPERM, Errno::EACCES => e
      Logger.error(<<~EOS)
      #{e}
      PTRACE_SECCOMP_GET_FILTER requires CAP_SYS_ADMIN
      Try:
          sudo env "PATH=$PATH" #{(%w[seccomp-tools] + ARGV).shelljoin}
      EOS
      exit(1)
    end
  end
end

#parserOptionParser

Define option parser.

Returns:

  • (OptionParser) 


29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/seccomp-tools/cli/dump.rb', line 29

def parser
  @parser ||= OptionParser.new do |opt|
    opt.banner = usage
    opt.on('-c', '--sh-exec <command>', 'Executes the given command (via sh).',
           'Use this option if want to pass arguments or do pipe things to the execution file.',
           'e.g. use `-c "./bin > /dev/null"` to dump seccomp without being mixed with stdout.') do |command|
      option[:command] = command
    end

    opt.on('-f', '--format FORMAT', %i[disasm raw inspect],
           'Output format. FORMAT can only be one of <disasm|raw|inspect>.',
           'Default: disasm') do |f|
             option[:format] = f
           end

    opt.on('-l', '--limit LIMIT', 'Limit the number of calling "prctl(PR_SET_SECCOMP)".',
           'The target process will be killed whenever its calling times reaches LIMIT.',
           'Default: 1', Integer) do |l|
             option[:limit] = l
           end

    opt.on('-o', '--output FILE', 'Output result into FILE instead of stdout.',
           'If multiple seccomp syscalls have been invoked (see --limit),',
           'results will be written to FILE, FILE_1, FILE_2.. etc.',
           'For example, "--output out.bpf" and the output files are out.bpf, out_1.bpf, ...') do |o|
             option[:ofile] = o
           end

    opt.on('-p', '--pid PID', 'Dump installed seccomp filters of the existing process.',
           'You must have CAP_SYS_ADMIN (e.g. be root) in order to use this option.',
           Integer) do |p|
      option[:pid] = p
    end
  end
end