This is an example implementation of how gVisor uses Systrap to intercept and perform syscalls on behalf of a child process. In this case of gVisor, this would be the sandbox environment.
The program uses CGO to do the following:
- Start up a child process
- Apply
seccomprules & filters to the child process that trap theGetpidsyscall - Utilize the
SCMP_ACT_TRAPaction to triggerSIGSYSsignals when the syscall is made - Register a
SIGSYSsignal handler that is called when the syscall is made - Populate allocated shared memory with the syscall identifier
- The parent reads from the shared memory section to retreive the syscall identifier
- The parent performs the syscall itself
- The parent stores the results back in the shared memory section
- The child then reads the result of the syscall
The example given is the Getpid syscall and therefore will really be the pid of the parent, not the child. However this shows a very basic example of how you can utilize seccomp to catch syscalls for further processing