recorder

Documentation

Index

• Constants
• Variables
• type Options
  • func Default() *Options
  • func FromContext(ctx *cli.Context) (*Options, error)
• type Recorder
  • func New(options *Options) *Recorder
  • func (r *Recorder) Run() error
• type Type

Constants

const (
	// FlagOutputFile is the flag for defining the output file location.
	FlagOutputFile string = cli.FlagOutputFile

	// FlagType is the flag for defining the recorder type.
	FlagType string = "type"

	// FlagBaseSyscalls are the syscalls included in every seccomp profile to
	// ensure compatibility with OCI runtimes like runc and crun.
	FlagBaseSyscalls string = "base-syscalls"

	// FlagNoBaseSyscalls can be used to indicate that no base syscalls should
	// be added at all.
	FlagNoBaseSyscalls string = "no-base-syscalls"

	// FlagNoProcStart can be used to indicate that the target process is managed
	// externally and should not be started.
	FlagNoProcStart string = "no-proc-start"
)

const (
	WaitForSigIntMessage = "Waiting for CTRL+C / SIGINT..."
)

Variables

var (
	// DefaultOutputFile defines the default output location for the recorder.
	DefaultOutputFile = cli.DefaultFile

	// DefaultBaseSyscalls are the syscalls included in every seccomp profile
	// to ensure compatibility with OCI runtimes like runc and crun.
	//
	// Please note that the syscalls may vary depending on which container
	// runtime we choose.
	DefaultBaseSyscalls = []string{
		"access",
		"arch_prctl",
		"brk",
		"capget",
		"capset",
		"chdir",
		"chmod",
		"chown",
		"clone",
		"close",
		"close_range",
		"dup2",
		"dup3",
		"epoll_create1",
		"epoll_ctl",
		"epoll_pwait",
		"execve",
		"exit_group",
		"faccessat2",
		"fchdir",
		"fchmodat",
		"fchown",
		"fchownat",
		"fcntl",
		"fstat",
		"fstatfs",
		"futex",
		"getdents64",
		"getegid",
		"geteuid",
		"getgid",
		"getpid",
		"getppid",
		"gettid",
		"getuid",
		"ioctl",
		"keyctl",
		"lseek",
		"mkdirat",
		"mknodat",
		"mmap",
		"mount",
		"mprotect",
		"munmap",
		"nanosleep",
		"newfstatat",
		"openat",
		"openat2",
		"pipe2",
		"pivot_root",
		"prctl",
		"pread64",
		"pselect6",
		"read",
		"readlink",
		"readlinkat",
		"rt_sigaction",
		"rt_sigprocmask",
		"rt_sigreturn",
		"sched_getaffinity",
		"sched_yield",
		"seccomp",
		"set_robust_list",
		"set_tid_address",
		"setgid",
		"setgroups",
		"sethostname",
		"setns",
		"setresgid",
		"setresuid",
		"setsid",
		"setuid",
		"sigaltstack",
		"statfs",
		"statx",
		"symlinkat",
		"tgkill",
		"umask",
		"umount2",
		"unlinkat",
		"unshare",
		"utimensat",
		"write",
	}
)

Types

type Options

type Options struct {
	// contains filtered or unexported fields
}

Options define all possible options for the recorder.

func Default

func Default() *Options

Default returns a default options instance.

func FromContext

func FromContext(ctx *cli.Context) (*Options, error)

FromContext can be used to create Options from an CLI context.

type Recorder

type Recorder struct {
	// contains filtered or unexported fields
}

Recorder is the main structure of this package.

func New

func New(options *Options) *Recorder

New returns a new Recorder instance.

func (*Recorder) Run

func (r *Recorder) Run() error

Run the Recorder.

type Type

type Type string

Type is the enum for all available recorder types.

const (
	// TypeApp is the type indicating that we should record all CRD profiles.
	TypeAll Type = "all"

	// TypeSeccomp is the type indicating that we should record a seccomp CRD
	// profile.
	TypeSeccomp Type = "seccomp"

	// TypeRawSeccomp is the type indicating that we should record a raw
	// seccomp JSON profile.
	TypeRawSeccomp Type = "raw-seccomp"

	// TypeApparmor is the type indicating that we should record an apparmor CRD
	// profile.
	TypeApparmor Type = "apparmor"

	// TypeRawAppArmor is the type indicating that we should record a raw
	// apparmor JSON profile.
	TypeRawAppArmor Type = "raw-apparmor"
)