diff options
Diffstat (limited to 'tools/compile_seccomp_policy.py')
-rwxr-xr-x | tools/compile_seccomp_policy.py | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/tools/compile_seccomp_policy.py b/tools/compile_seccomp_policy.py index f3b9eea..f2b714b 100755 --- a/tools/compile_seccomp_policy.py +++ b/tools/compile_seccomp_policy.py @@ -23,6 +23,7 @@ BPF program suitable for use with Minijail in the current architecture. from __future__ import print_function import argparse +import os import sys try: @@ -36,35 +37,39 @@ except ImportError: from minijail import compiler from minijail import parser +CONSTANTS_ERR_MSG = """Could not find 'constants.json' file. +See 'generate_constants_json.py -h'.""" + def parse_args(argv): """Return the parsed CLI arguments for this tool.""" - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument( - '--optimization-strategy', - default=compiler.OptimizationStrategy.BST, - type=compiler.OptimizationStrategy, - choices=list(compiler.OptimizationStrategy)) - parser.add_argument('--include-depth-limit', default=10) - parser.add_argument('--arch-json', default='constants.json') - parser.add_argument( + arg_parser = argparse.ArgumentParser(description=__doc__) + arg_parser.add_argument('--optimization-strategy', + default=compiler.OptimizationStrategy.BST, + type=compiler.OptimizationStrategy, + choices=list(compiler.OptimizationStrategy)) + arg_parser.add_argument('--include-depth-limit', default=10) + arg_parser.add_argument('--arch-json', default='constants.json') + arg_parser.add_argument( '--default-action', type=str, help=('Use the specified default action, overriding any @default ' 'action found in the .policy files. ' - 'This allows the use of permissive actions (allow, log, trace) ' - 'since it is not valid to specify a permissive action in ' - '.policy files. This is useful for debugging.')) - parser.add_argument( + 'This allows the use of permissive actions (allow, log, trace, ' + 'user-notify) since it is not valid to specify a permissive ' + 'action in .policy files. This is useful for debugging.')) + arg_parser.add_argument( '--use-kill-process', action='store_true', help=('Use SECCOMP_RET_KILL_PROCESS instead of ' 'SECCOMP_RET_KILL_THREAD (requires Linux v4.14+).')) - parser.add_argument( - 'policy', help='The seccomp policy.', type=argparse.FileType('r')) - parser.add_argument( - 'output', help='The BPF program.', type=argparse.FileType('wb')) - return parser.parse_args(argv) + arg_parser.add_argument('policy', + help='The seccomp policy.', + type=argparse.FileType('r')) + arg_parser.add_argument('output', + help='The BPF program.', + type=argparse.FileType('wb')) + return arg_parser.parse_args(argv), arg_parser def main(argv=None): @@ -73,7 +78,10 @@ def main(argv=None): if argv is None: argv = sys.argv[1:] - opts = parse_args(argv) + opts, arg_parser = parse_args(argv) + if not os.path.exists(opts.arch_json): + arg_parser.error(CONSTANTS_ERR_MSG) + parsed_arch = arch.Arch.load_from_json(opts.arch_json) policy_compiler = compiler.PolicyCompiler(parsed_arch) if opts.use_kill_process: |