#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#include <stdio.h>
#include <string.h>
#include <sys/prctl.h>

#define on_next_syscall "on_next_syscall: 1"

int main(int argc, char** argv) {
  char filters[16384];
  int fd = (argc > 1 ? open(argv[1], O_RDONLY) : -1);
  ssize_t bytes = (fd < 0 ? -1 : read(fd, filters, sizeof(filters)));

  if (fd >= 0)
    close(fd);

  if (argc < 3) {
    fprintf(stderr, "Usage: %s /path/to/filter.file program args\n", argv[0]);
    return 1;
  }

  if (bytes < 0) {
    fprintf(stderr, "[%s] failed to read filter file.\n", argv[0]);
    return 1;
  }

  /* Append launcher-helper which allows the execve call to be allowed
   * just once.
   */
  if (sizeof(filters) - bytes < strlen(on_next_syscall)) {
    fprintf(stderr, "[%s] filter specification too large.\n", argv[0]);
    return 1;
  }
  snprintf(filters + bytes, sizeof(filters) - bytes, "%s", on_next_syscall);

  if (prctl(PR_SET_SECCOMP, 2, filters) < 0) {
    fprintf(stderr, "[%s] filter specification rejected by kernel.\n", argv[0]);
    return 1;
  }
  execvp(argv[2], &argv[2]);
  fprintf(stderr, "[%s] failed to execute program '%s'\n", argv[0], argv[2]);
  return 1;
}