This is seccomp/seccomp_functions.h, an example to accompany the book, The Linux Programming Interface.
This file is not printed in the book; it demonstrates Linux features that are not described in the book (typically features that have appeared since the book was published).
The source code file is copyright 2022, Michael Kerrisk, and is licensed under the GNU General Public License, version 3.
In the listing below, the names of Linux system calls and C library functions are hyperlinked to manual pages from the Linux man-pages project, and the names of functions implemented in the book are hyperlinked to the implementations of those functions.
/* seccomp_functions.h Header file for seccomp_functions.c */ #include <linux/seccomp.h> #include <stdbool.h> #include <stdint.h> #include <sys/types.h> int seccomp(unsigned int operation, unsigned int flags, void *args); /* Check that the notification ID provided by a SECCOMP_IOCTL_NOTIF_RECV operation is still valid. It will no longer be valid if the target process has terminated or is no longer blocked in the system call that generated the notification (because it was interrupted by a signal). This operation can be used when doing such things as accessing /proc/PID files in the target process in order to avoid TOCTOU race conditions where the PID that is returned by SECCOMP_IOCTL_NOTIF_RECV terminates and is reused by another process. */ bool cookieIsValid(int notifyFd, uint64_t id); /* Access the memory of the target process (req->pid) of a seccomp user-space notification in order to fetch the pathname referred to by the system call argument 'argNum' in 'req->data.args'. The pathname is returned in 'path', a buffer of 'len' bytes allocated by the caller. (This buffer should be sized using PATH_MAX.) Returns 0 if the pathname is successfully fetched. On error, one of the negative values below is returned. */ #define GTP_BAD_READ -1 /* Error opening/reading /proc/PID/mem */ #define GTP_ID_NOT_VALID -2 /* Cookie check failed */ #define GTP_BAD_PATH -3 /* Pathname read from target's memory is badly formed */ int getTargetPathname(struct seccomp_notif *req, int notifyFd, int argNum, char *path, size_t len); /* Allocate buffers for the seccomp user-space notification request and response structures. It is the caller's responsibility to free the buffers returned via 'req' and 'resp'. */ void allocSeccompNotifBuffers(struct seccomp_notif **req, struct seccomp_notif_resp **resp, struct seccomp_notif_sizes *sizes);
Note that, in most cases, the programs rendered in these web pages are not free standing: you'll typically also need a few other source files (mostly in the lib/ subdirectory) as well. Generally, it's easier to just download the entire source tarball and build the programs with make(1). By hovering your mouse over the various hyperlinked include files and function calls above, you can see which other source files this file depends on.