in cmd/seccomp-profiler/main.go [81:164]
func main() {
flag.Parse()
binary := flag.Arg(0)
if binary == "" {
log.Fatal("no binary specified")
}
log.Println("Binary file:", binary)
archInfo, goarch, err := getBinaryArch(binary)
if err != nil {
log.Fatal(err)
}
log.Println("Detected architecture:", archInfo.Name)
hash, err := hashBinary(binary)
if err != nil {
log.Fatal(err)
}
log.Println("SHA256:", hash)
objDump, err := doObjdump(binary, hash)
if err != nil {
log.Fatal(err)
}
log.Println("Objdump File:", objDump)
syscalls, err := disasm.ExtractSyscalls(archInfo, objDump)
if err != nil {
log.Fatal(err)
}
// Deduplicate syscalls.
m := make(map[int]disasm.Syscall, len(syscalls))
for _, s := range syscalls {
m[s.Num] = s
}
var names []string
for _, s := range m {
names = append(names, s.Name)
}
log.Printf("Found %d total syscalls", len(syscalls))
log.Printf("Found %d unique syscalls", len(m))
if len(blacklist) > 0 {
var filtered []string
names, filtered = filterBlacklist(names)
log.Printf("Filtered %d blacklisted syscalls (%v)", len(m)-len(names), strings.Join(filtered, ", "))
}
if len(allowList) > 0 {
size := len(names)
var added []string
names, added = addWhitelist(archInfo, names)
log.Printf("Added %d allowed syscalls (%v)", len(names)-size, strings.Join(added, ", "))
}
sort.Strings(names)
// Open the output.
f, err := openOutput(goarch)
if err != nil {
log.Fatal(err)
}
defer f.Close()
// Write output.
switch format {
case "code":
if err = writeGoTemplate(f, goarch, names); err != nil {
log.Fatal(err)
}
case "config":
if debug {
if err = writeDebugYAML(f, syscalls); err != nil {
log.Fatal(err)
}
}
if err = writeProfileConfig(f, names); err != nil {
log.Fatal(err)
}
default:
log.Fatalf("invalid format=%v", format)
}
}