RFE: SCMP_CMP with instruction_pointer

[gatoWololo]

Hello!

Thank you for the amazing library.

Our current project is built on libseccomp + ptrace. We would like to selectively intercept system calls, except when called through our own function. One way to do this is by always having our system call at a known address, and having a seccomp rule which checks if instruction_pointer == OUR_ADDR.

Looking through the documentation and source code, I couldn't see a simple way. Is there a way to do this through the libseccomp API? If not, is it possible to make a call to "raw" seccomp to include this as a rule?

[pcmoore]

Hi @gatoWololo, I'm glad you are finding libseccomp helpful!

You are correct, currently it is not possible to filter based on the instruction pointer using libseccomp, but we do already have an open issue here on GitHub to track this request (#113). Please add any additional comments to that issue so we can keep all of the discussion in one place; I'm going to go ahead and close this issue.

... and yes, you can always generate your own seccomp filter using raw BPF to filter on the instruction pointer. You will lose some of the things that libseccomp does for you automatically, but you will also be able to work around this limitation.

Good luck!