specs

package
v0.0.0-...-e2e0ba0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2025 License: Apache-2.0 Imports: 0 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action

type Action string

Action taken upon Seccomp rule match

const (
	ActKill  Action = "SCMP_ACT_KILL"
	ActTrap  Action = "SCMP_ACT_TRAP"
	ActErrno Action = "SCMP_ACT_ERRNO"
	ActTrace Action = "SCMP_ACT_TRACE"
	ActAllow Action = "SCMP_ACT_ALLOW"
)

Action types

type Arch

type Arch string

Arch - architecture type Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted

const (
	ArchX86     Arch = "SCMP_ARCH_X86"
	ArchX86_64  Arch = "SCMP_ARCH_X86_64"
	ArchX32     Arch = "SCMP_ARCH_X32"
	ArchARM     Arch = "SCMP_ARCH_ARM"
	ArchAARCH64 Arch = "SCMP_ARCH_AARCH64"
)

Architecture types

type Architecture

type Architecture struct {
	Arch      Arch   `json:"architecture"`
	SubArches []Arch `json:"subArchitectures"`
}

type Arg

type Arg struct {
	Index    uint     `json:"index"`
	Value    uint64   `json:"value"`
	ValueTwo uint64   `json:"valueTwo,omitempty"`
	Op       Operator `json:"op"`
}

Arg used for matching specific syscall arguments in Seccomp

type Filter

type Filter struct {
	Caps      []string `json:"caps,omitempty"`
	Arches    []string `json:"arches,omitempty"`
	MinKernel string   `json:"minKernel,omitempty"`
}

Filter is used to conditionally apply Seccomp rules

type Operator

type Operator string

Operator used to match syscall arguments in Seccomp

const (
	OpNotEqual     Operator = "SCMP_CMP_NE"
	OpLessThan     Operator = "SCMP_CMP_LT"
	OpLessEqual    Operator = "SCMP_CMP_LE"
	OpEqualTo      Operator = "SCMP_CMP_EQ"
	OpGreaterEqual Operator = "SCMP_CMP_GE"
	OpGreaterThan  Operator = "SCMP_CMP_GT"
	OpMaskedEqual  Operator = "SCMP_CMP_MASKED_EQ"
)

Operator types

type Seccomp

type Seccomp struct {
	DefaultAction Action         `json:"defaultAction"`
	Architectures []Arch         `json:"architectures,omitempty"`
	ArchMap       []Architecture `json:"archMap,omitempty"`
	Syscalls      []*Syscall     `json:"syscalls,omitempty"`
}

Seccomp represents syscall restrictions

type Syscall

type Syscall struct {
	Name     string   `json:"name,omitempty"`
	Names    []string `json:"names,omitempty"`
	Action   Action   `json:"action"`
	Args     []*Arg   `json:"args,omitempty"`
	Comment  string   `json:"comment,omitempty"`
	Includes Filter   `json:"includes,omitempty"`
	Excludes Filter   `json:"excludes,omitempty"`
}

Syscall is used to match a syscall in Seccomp

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL