package seccomp

import "github.com/dotcloud/docker/profiles/seccomp"

Index ¶

• func DefaultProfile() *seccomp.Seccomp
• func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error)
• func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error)
• type Architecture
• type Filter
• type KernelVersion
• type Seccomp
• type Syscall

Functions ¶

func DefaultProfile ¶

func DefaultProfile() *seccomp.Seccomp

DefaultProfile defines the allowed syscalls for the default seccomp profile.

Deprecated: use seccomp.DefaultProfile.

func GetDefaultProfile ¶

func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error)

GetDefaultProfile returns the default seccomp profile.

Deprecated: use seccomp.GetDefaultProfile.

func LoadProfile ¶

func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error)

LoadProfile takes a json string and decodes the seccomp profile.

Deprecated: use seccomp.LoadProfile.

Types ¶

type Architecture ¶

type Architecture = seccomp.Architecture

Architecture is used to represent a specific architecture and its sub-architectures

Deprecated: use seccomp.Architecture.

type Filter ¶

type Filter = seccomp.Filter

Filter is used to conditionally apply Seccomp rules

Deprecated: use seccomp.Filter.

type KernelVersion ¶

type KernelVersion = seccomp.KernelVersion

KernelVersion holds information about the kernel.

Deprecated: use seccomp.KernelVersion.

type Seccomp ¶

type Seccomp = seccomp.Seccomp

Seccomp represents the config for a seccomp profile for syscall restriction. It is used to marshal/unmarshal the JSON profiles as accepted by docker, and extends the runtime-spec's specs.LinuxSeccomp, overriding some fields to provide the ability to define conditional rules based on the host's kernel version, architecture, and the container's capabilities.

Deprecated: use seccomp.Seccomp.

type Syscall ¶

type Syscall = seccomp.Syscall

Syscall is used to match a group of syscalls in Seccomp. It extends the runtime-spec Syscall type, adding a "Name" field for backward compatibility with older JSON representations, additional "Comment" metadata, and conditional rules ("Includes", "Excludes") used to generate a runtime-spec Seccomp profile based on the container (capabilities) and host's (arch, kernel) configuration.

Deprecated: use seccomp.Syscall.

Source Files ¶

seccomp_deprecated.go seccomp_deprecated_linux.go