Documentation ¶
Overview ¶
Package config defines all syscalls the sandbox is allowed to make to the host.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PrecompiledPrograms ¶
func PrecompiledPrograms() ([]precompiledseccomp.Program, error)
PrecompiledPrograms returns the set of seccomp programs to precompile.
func Rules ¶
func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules)
Rules returns the seccomp rules and denyRules to use for the Sentry.
func SeccompOptions ¶
func SeccompOptions(opt Options) seccomp.ProgramOptions
SeccompOptions returns the seccomp program options to use for the filter.
Types ¶
type Options ¶
type Options struct { Platform platform.SeccompInfo HostNetwork bool HostNetworkRawSockets bool HostFilesystem bool ProfileEnable bool NVProxy bool NVProxyCaps nvconf.DriverCaps TPUProxy bool ControllerFD uint32 CgoEnabled bool PluginNetwork bool }
Options are seccomp filter related options.
func (Options) ConfigKey ¶
ConfigKey returns a unique string representing this set of options. This is used for matching a set of `Options` at seccomp precompile time with the same set of `Options` at runtime. As such, it should encompass all fields that change the structure of the seccomp rules, but should not encompass fields that are only known at runtime (e.g. `ControllerFD`).
func (Options) Vars ¶
func (opt Options) Vars() precompiledseccomp.Values
Vars returns the values to use for rendering the precompiled seccomp program.