package seccomp

runtime-tools – github.com/opencontainers/runtime-tools/generate/seccomp Index | Files

import "github.com/opencontainers/runtime-tools/generate/seccomp"

Index ¶

Constants
func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp
func ParseArchitectureFlag(architectureArg string, config *rspec.LinuxSeccomp) error
func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error
func ParseDefaultActionForce(action string, config *rspec.LinuxSeccomp) error
func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error
func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error
func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error
func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error
type SyscallOpts

Constants ¶

const (
	CloneNewIPC    = 0x8000000
	CloneNewNet    = 0x40000000
	CloneNewNS     = 0x20000
	CloneNewPID    = 0x20000000
	CloneNewUser   = 0x10000000
	CloneNewUTS    = 0x4000000
	CloneNewCgroup = 0x02000000
)

These are copied from linux/amd64 syscall values, as a reference for other platforms to have access to

Functions ¶

func DefaultProfile ¶

func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp

DefaultProfile defines the whitelist for the default seccomp profile.

func ParseArchitectureFlag ¶

func ParseArchitectureFlag(architectureArg string, config *rspec.LinuxSeccomp) error

ParseArchitectureFlag takes the raw string passed with the --arch flag, parses it and updates the Seccomp config accordingly

func ParseDefaultAction ¶

func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error

ParseDefaultAction sets the default action of the seccomp configuration and then removes any rules that were already specified with this action

func ParseDefaultActionForce ¶

func ParseDefaultActionForce(action string, config *rspec.LinuxSeccomp) error

ParseDefaultActionForce simply sets the default action of the seccomp configuration

func ParseSyscallFlag ¶

func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error

ParseSyscallFlag takes a SyscallOpts struct and the seccomp configuration and sets the new syscall rule accordingly

func RemoveAction ¶

func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error

RemoveAction takes the argument string that was passed with the --remove flag, parses it, and updates the Seccomp config accordingly

func RemoveAllMatchingRules ¶

func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error

RemoveAllMatchingRules will remove any syscall rules that match the specified action

func RemoveAllSeccompRules ¶

func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error

RemoveAllSeccompRules removes all seccomp syscall rules

Types ¶

type SyscallOpts ¶

type SyscallOpts struct {
	Action   string
	Syscall  string
	Index    string
	Value    string
	ValueTwo string
	Operator string
}

SyscallOpts contain options for parsing syscall rules

Source Files ¶

consts.go parse_action.go parse_architecture.go parse_arguments.go parse_remove.go seccomp_default.go seccomp_default_unsupported.go syscall_compare.go

Version: v0.9.0 (latest)
Published: Mar 6, 2019
Platform: js/wasm
Imports: 6 packages
Last checked: 1 month ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples