config

package
v0.0.0-...-fb730ff Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2024 License: Apache-2.0, MIT Imports: 17 Imported by: 2

Documentation

Overview

Package config defines all syscalls the sandbox is allowed to make to the host.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PrecompiledPrograms

func PrecompiledPrograms() ([]precompiledseccomp.Program, error)

PrecompiledPrograms returns the set of seccomp programs to precompile.

func Rules

Rules returns the seccomp rules and denyRules to use for the Sentry.

func SeccompOptions

func SeccompOptions(opt Options) seccomp.ProgramOptions

SeccompOptions returns the seccomp program options to use for the filter.

func Warnings

func Warnings(opt Options) []string

Warnings returns a set of warnings that may be useful to display to the user when the given options are used.

Types

type Options

type Options struct {
	Platform              platform.SeccompInfo
	HostNetwork           bool
	HostNetworkRawSockets bool
	HostFilesystem        bool
	ProfileEnable         bool
	NVProxy               bool
	NVProxyCaps           nvconf.DriverCaps
	TPUProxy              bool
	ControllerFD          uint32
	CgoEnabled            bool
	PluginNetwork         bool
}

Options are seccomp filter related options.

func (Options) ConfigKey

func (opt Options) ConfigKey() string

ConfigKey returns a unique string representing this set of options. This is used for matching a set of `Options` at seccomp precompile time with the same set of `Options` at runtime. As such, it should encompass all fields that change the structure of the seccomp rules, but should not encompass fields that are only known at runtime (e.g. `ControllerFD`).

func (Options) Vars

func (opt Options) Vars() precompiledseccomp.Values

Vars returns the values to use for rendering the precompiled seccomp program.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL