package config

gvisor – gvisor.dev/gvisor/runsc/boot/filter/config Index | Files

package config

import "gvisor.dev/gvisor/runsc/boot/filter/config"

Package config defines all syscalls the sandbox is allowed to make to the host.

Index ¶

func PrecompiledPrograms() ([]precompiledseccomp.Program, error)
func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules)
func SeccompOptions(opt Options) seccomp.ProgramOptions
func Warnings(opt Options) []string
type Options

func (opt Options) ConfigKey() string
func (opt Options) Vars() precompiledseccomp.Values

Functions ¶

func PrecompiledPrograms ¶

func PrecompiledPrograms() ([]precompiledseccomp.Program, error)

PrecompiledPrograms returns the set of seccomp programs to precompile.

func Rules ¶

func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules)

Rules returns the seccomp rules and denyRules to use for the Sentry.

func SeccompOptions ¶

func SeccompOptions(opt Options) seccomp.ProgramOptions

SeccompOptions returns the seccomp program options to use for the filter.

func Warnings ¶

func Warnings(opt Options) []string

Warnings returns a set of warnings that may be useful to display to the user when the given options are used.

Types ¶

type Options ¶

type Options struct {
	Platform              platform.SeccompInfo
	HostNetwork           bool
	HostNetworkRawSockets bool
	HostFilesystem        bool
	ProfileEnable         bool
	NVProxy               bool
	NVProxyCaps           nvconf.DriverCaps
	TPUProxy              bool
	ControllerFD          uint32
	CgoEnabled            bool
	PluginNetwork         bool
}

Options are seccomp filter related options.

func (Options) ConfigKey ¶

func (opt Options) ConfigKey() string

ConfigKey returns a unique string representing this set of options. This is used for matching a set of `Options` at seccomp precompile time with the same set of `Options` at runtime. As such, it should encompass all fields that change the structure of the seccomp rules, but should not encompass fields that are only known at runtime (e.g. `ControllerFD`).

func (Options) Vars ¶

func (opt Options) Vars() precompiledseccomp.Values

Vars returns the values to use for rendering the precompiled seccomp program.

Source Files ¶

config.go config_amd64.go config_cgo.go config_main.go config_precompiled.go config_profile.go extra_filters.go extra_filters_hostinet.go

Version: v0.0.0-20250605235530-a6711d1e1dc6 (latest)
Published: Jun 5, 2025
Platform: linux/amd64
Imports: 17 packages
Last checked: 43 minutes ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples

package config

Index ¶

Functions ¶

func PrecompiledPrograms ¶

func Rules ¶

func SeccompOptions ¶

func Warnings ¶

Types ¶

type Options ¶

func (Options) ConfigKey ¶

func (Options) Vars ¶

Source Files ¶

Jump to identifier

Keyboard shortcuts