package seccomp

runtime-tools – github.com/opencontainers/runtime-tools/generate/seccomp Index | Files

import "github.com/opencontainers/runtime-tools/generate/seccomp"

Index ¶

Constants
func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp
func ParseArchitectureFlag(architectureArg string, config *rspec.LinuxSeccomp) error
func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error
func ParseDefaultActionForce(action string, config *rspec.LinuxSeccomp) error
func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error
func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error
func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error
func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error
type SyscallOpts

Constants ¶

const (
	CloneNewIPC  = syscall.CLONE_NEWIPC
	CloneNewNet  = syscall.CLONE_NEWNET
	CloneNewNS   = syscall.CLONE_NEWNS
	CloneNewPID  = syscall.CLONE_NEWPID
	CloneNewUser = syscall.CLONE_NEWUSER
	CloneNewUTS  = syscall.CLONE_NEWUTS
)

System values passed through on linux

Functions ¶

func DefaultProfile ¶

func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp

DefaultProfile defines the whitelist for the default seccomp profile.

func ParseArchitectureFlag ¶

func ParseArchitectureFlag(architectureArg string, config *rspec.LinuxSeccomp) error

ParseArchitectureFlag takes the raw string passed with the --arch flag, parses it and updates the Seccomp config accordingly

func ParseDefaultAction ¶

func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error

ParseDefaultAction sets the default action of the seccomp configuration and then removes any rules that were already specified with this action

func ParseDefaultActionForce ¶

func ParseDefaultActionForce(action string, config *rspec.LinuxSeccomp) error

ParseDefaultActionForce simply sets the default action of the seccomp configuration

func ParseSyscallFlag ¶

func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error

ParseSyscallFlag takes a SyscallOpts struct and the seccomp configuration and sets the new syscall rule accordingly

func RemoveAction ¶

func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error

RemoveAction takes the argument string that was passed with the --remove flag, parses it, and updates the Seccomp config accordingly

func RemoveAllMatchingRules ¶

func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error

RemoveAllMatchingRules will remove any syscall rules that match the specified action

func RemoveAllSeccompRules ¶

func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error

RemoveAllSeccompRules removes all seccomp syscall rules

Types ¶

type SyscallOpts ¶

type SyscallOpts struct {
	Action   string
	Syscall  string
	Index    string
	Value    string
	ValueTwo string
	Operator string
}

SyscallOpts contain options for parsing syscall rules

Source Files ¶

consts.go parse_action.go parse_architecture.go parse_arguments.go parse_remove.go seccomp_default.go seccomp_default_linux.go syscall_compare.go

Version: v0.9.0 (latest)
Published: Mar 6, 2019
Platform: linux/amd64
Imports: 7 packages
Last checked: 1 week ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples