api: extend BPF export API to write to a memory buffer

The API to export to a fd is helpful, but for tools that want to
generate & read the BPF program, outputting to a buffer would be
much more helpful.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: rename seccomp_export_bpf_buf() to seccomp_export_bpf_mem()]
[PM: 'make check-syntax' fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>

3 files changed, 26 insertions, 0 deletions

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 1e6eecc..a21d4c8 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -28,6 +28,7 @@ dist_man3_MANS = \
 	man/man3/seccomp_attr_get.3 \
 	man/man3/seccomp_attr_set.3 \
 	man/man3/seccomp_export_bpf.3 \
+	man/man3/seccomp_export_bpf_mem.3 \
 	man/man3/seccomp_export_pfc.3 \
 	man/man3/seccomp_init.3 \
 	man/man3/seccomp_load.3 \
diff --git a/doc/man/man3/seccomp_export_bpf.3 b/doc/man/man3/seccomp_export_bpf.3
index 9ce06df..b65a9e4 100644
--- a/doc/man/man3/seccomp_export_bpf.3
+++ b/doc/man/man3/seccomp_export_bpf.3
@@ -13,6 +13,7 @@ seccomp_export_bpf, seccomp_export_pfc \- Export the seccomp filter
 .sp
 .BI "int seccomp_export_bpf(const scmp_filter_ctx " ctx ", int " fd ");"
 .BI "int seccomp_export_pfc(const scmp_filter_ctx " ctx ", int " fd ");"
+.BI "int seccomp_export_bpf_mem(const scmp_filter_ctx " ctx ", void *" buf ", size_t *" len ");"
 .sp
 Link with \fI\-lseccomp\fP.
 .fi
@@ -42,6 +43,26 @@ is the value returned by the call to
 While the two output formats are guaranteed to be functionally equivalent for
 the given seccomp filter configuration, the filter instructions, and their
 ordering, are not guaranteed to be the same in both the BPF and PFC formats.
+.P
+The
+.BR seccomp_export_bpf_mem ()
+function is largely the same as
+.BR seccomp_export_bpf (),
+but instead of writing to a file descriptor, the program will be written to the
+.I buf
+pointer provided by the caller.  The
+.I len
+argument must be initialized with the size of the
+.I buf
+buffer.  If the program was valid,
+.I len
+will be updated with its size in bytes.  If
+.I buf
+was too small to hold the program,
+.I len
+can be consulted to determine the required size.  Passing a NULL
+.I buf
+may also be used to query the required size ahead of time.
 .\" //////////////////////////////////////////////////////////////////////////
 .SH RETURN VALUE
 .\" //////////////////////////////////////////////////////////////////////////
@@ -59,6 +80,9 @@ Invalid input, either the context or architecture token is invalid.
 .TP
 .B -ENOMEM
 The library was unable to allocate enough memory.
+.TP
+.B -ERANGE
+The provided buffer was too small.
 .P
 If the \fISCMP_FLTATR_API_SYSRAWRC\fP filter attribute is non-zero then
 additional error codes may be returned to the caller; these additional error
diff --git a/doc/man/man3/seccomp_export_bpf_mem.3 b/doc/man/man3/seccomp_export_bpf_mem.3
new file mode 100644
index 0000000..45c49a3
--- /dev/null
+++ b/doc/man/man3/seccomp_export_bpf_mem.3
@@ -0,0 +1 @@
+.so man3/seccomp_export_bpf.3