seccomp

package
v1.1.8-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2016 License: Apache-2.0, Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package seccomp provides native seccomp ( https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt ) support for go.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrUnresolvedLabel      = errors.New("seccomp: unresolved label")
	ErrDuplicateLabel       = errors.New("seccomp: duplicate label use")
	ErrUnsupportedOperation = errors.New("seccomp: unsupported operation for argument")
)

Functions

This section is empty.

Types

type Action 

type Action int

Action is the type of action that will be taken when a syscall is performed. 

const (
	Kill  Action = iota - 3 // Kill the calling process of the syscall.
	Trap                    // Trap and coredump the calling process of the syscall.
	Allow                   // Allow the syscall to be completed.
)

func Error 

func Error(code syscall.Errno) Action

Error returns an Action that will be used to send the calling process the specified errno when the syscall is made.

type Arg 

type Arg struct {
	Index uint32   // index of args which start from zero
	Op    Operator // operation, such as EQ/NE/GE/LE
	Value uint     // the value of arg
}

Arg represents an argument to the syscall with the argument's index, the operator to apply when matching, and the argument's value at that time.

type Args 

type Args [][]Arg

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context holds syscalls for the current process to limit the type of actions the calling process can make.

func New 

func New() *Context

New returns a new syscall context for use.

func (*Context) Add 

func (c *Context) Add(s *Syscall)

Add will add the specified syscall, action, and arguments to the seccomp Context.

func (*Context) Load 

func (c *Context) Load() error

Load will apply the Context to the calling process makeing any secccomp process changes apply after the context is loaded.

func (*Context) Remove 

func (c *Context) Remove(call uint32)

Remove removes the specified syscall configuration from the Context.

type Operator 

type Operator int

Operator that is used for argument comparison. 

const (
	EqualTo Operator = iota
	NotEqualTo
	GreatherThan
	LessThan
	MaskEqualTo
)

type Syscall 

type Syscall struct {
	// Value is the syscall number.
	Value uint32
	// Action is the action to perform when the specified syscall is made.
	Action Action
	// Args are filters that can be specified on the arguments to the syscall.
	Args Args
}

Syscall is the specified syscall, action, and any type of arguments to filter on.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.