seccomp

package

v0.0.1 Latest Latest Go to latest Published: Jul 16, 2015 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/carlosedp/runc

Documentation ¶

Rendered for

Overview ¶

Package seccomp provides native seccomp ( https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt ) support for go.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrUnresolvedLabel      = errors.New("seccomp: unresolved label")
	ErrDuplicateLabel       = errors.New("seccomp: duplicate label use")
	ErrUnsupportedOperation = errors.New("seccomp: unsupported operation for argument")
)

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action int

Action is the type of action that will be taken when a syscall is performed.

const (
	Kill  Action = iota - 3 // Kill the calling process of the syscall.
	Trap                    // Trap and coredump the calling process of the syscall.
	Allow                   // Allow the syscall to be completed.
)

func Error ¶

func Error(code syscall.Errno) Action

Error returns an Action that will be used to send the calling process the specified errno when the syscall is made.

type Arg ¶

type Arg struct {
	Index uint32   // index of args which start from zero
	Op    Operator // operation, such as EQ/NE/GE/LE
	Value uint     // the value of arg
}

Arg represents an argument to the syscall with the argument's index, the operator to apply when matching, and the argument's value at that time.

type Args ¶

type Args [][]Arg

type Context ¶

type Context struct {
	// contains filtered or unexported fields
}

Context holds syscalls for the current process to limit the type of actions the calling process can make.

func New ¶

func New() *Context

New returns a new syscall context for use.

func (*Context) Add ¶

func (c *Context) Add(s *Syscall)

Add will add the specified syscall, action, and arguments to the seccomp Context.

func (*Context) Load ¶

func (c *Context) Load() error

Load will apply the Context to the calling process makeing any secccomp process changes apply after the context is loaded.

func (*Context) Remove ¶

func (c *Context) Remove(call uint32)

Remove removes the specified syscall configuration from the Context.

type Operator ¶

type Operator int

Operator that is used for argument comparison.

const (
	EqualTo Operator = iota
	NotEqualTo
	GreatherThan
	LessThan
	MaskEqualTo
)

type Syscall ¶

type Syscall struct {
	// Value is the syscall number.
	Value uint32
	// Action is the action to perform when the specified syscall is made.
	Action Action
	// Args are filters that can be specified on the arguments to the syscall.
	Args Args
}

Syscall is the specified syscall, action, and any type of arguments to filter on.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL