specs

package

v0.0.0-...-f12bd69 Latest Latest Go to latest Published: Dec 12, 2024 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mintoolkit/mint

Documentation ¶

Index ¶

type Action
type Arch
type Architecture
type Arg
type Filter
type Operator
type Seccomp
type Syscall

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action string

Action taken upon Seccomp rule match

const (
	ActKill  Action = "SCMP_ACT_KILL"
	ActTrap  Action = "SCMP_ACT_TRAP"
	ActErrno Action = "SCMP_ACT_ERRNO"
	ActTrace Action = "SCMP_ACT_TRACE"
	ActAllow Action = "SCMP_ACT_ALLOW"
)

Action types

type Arch ¶

type Arch string

Arch - architecture type Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted

const (
	ArchX86     Arch = "SCMP_ARCH_X86"
	ArchX86_64  Arch = "SCMP_ARCH_X86_64"
	ArchX32     Arch = "SCMP_ARCH_X32"
	ArchARM     Arch = "SCMP_ARCH_ARM"
	ArchAARCH64 Arch = "SCMP_ARCH_AARCH64"
)

Architecture types

type Architecture ¶

type Architecture struct {
	Arch      Arch   `json:"architecture"`
	SubArches []Arch `json:"subArchitectures"`
}

type Arg ¶

type Arg struct {
	Index    uint     `json:"index"`
	Value    uint64   `json:"value"`
	ValueTwo uint64   `json:"valueTwo,omitempty"`
	Op       Operator `json:"op"`
}

Arg used for matching specific syscall arguments in Seccomp

type Filter ¶

type Filter struct {
	Caps      []string `json:"caps,omitempty"`
	Arches    []string `json:"arches,omitempty"`
	MinKernel string   `json:"minKernel,omitempty"`
}

Filter is used to conditionally apply Seccomp rules

type Operator ¶

type Operator string

Operator used to match syscall arguments in Seccomp

const (
	OpNotEqual     Operator = "SCMP_CMP_NE"
	OpLessThan     Operator = "SCMP_CMP_LT"
	OpLessEqual    Operator = "SCMP_CMP_LE"
	OpEqualTo      Operator = "SCMP_CMP_EQ"
	OpGreaterEqual Operator = "SCMP_CMP_GE"
	OpGreaterThan  Operator = "SCMP_CMP_GT"
	OpMaskedEqual  Operator = "SCMP_CMP_MASKED_EQ"
)

Operator types

type Seccomp ¶

type Seccomp struct {
	DefaultAction Action         `json:"defaultAction"`
	Architectures []Arch         `json:"architectures,omitempty"`
	ArchMap       []Architecture `json:"archMap,omitempty"`
	Syscalls      []*Syscall     `json:"syscalls,omitempty"`
}

Seccomp represents syscall restrictions

type Syscall ¶

type Syscall struct {
	Name     string   `json:"name,omitempty"`
	Names    []string `json:"names,omitempty"`
	Action   Action   `json:"action"`
	Args     []*Arg   `json:"args,omitempty"`
	Comment  string   `json:"comment,omitempty"`
	Includes Filter   `json:"includes,omitempty"`
	Excludes Filter   `json:"excludes,omitempty"`
}

Syscall is used to match a syscall in Seccomp

Source Files ¶

View all Source files

seccomp.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL