Documentation
¶
Index ¶
- func DefaultProfile() *seccomp.Seccompdeprecated
- func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error)deprecated
- func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error)deprecated
- type Architecturedeprecated
- type Filterdeprecated
- type KernelVersiondeprecated
- type Seccompdeprecated
- type Syscalldeprecated
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultProfile
deprecated
DefaultProfile defines the allowed syscalls for the default seccomp profile.
Deprecated: use seccomp.DefaultProfile.
func GetDefaultProfile
deprecated
func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error)
GetDefaultProfile returns the default seccomp profile.
Deprecated: use seccomp.GetDefaultProfile.
func LoadProfile
deprecated
LoadProfile takes a json string and decodes the seccomp profile.
Deprecated: use seccomp.LoadProfile.
Types ¶
type Architecture
deprecated
type Architecture = seccomp.Architecture
Architecture is used to represent a specific architecture and its sub-architectures
Deprecated: use seccomp.Architecture.
type Filter
deprecated
Filter is used to conditionally apply Seccomp rules
Deprecated: use seccomp.Filter.
type KernelVersion
deprecated
type KernelVersion = seccomp.KernelVersion
KernelVersion holds information about the kernel.
Deprecated: use seccomp.KernelVersion.
type Seccomp
deprecated
Seccomp represents the config for a seccomp profile for syscall restriction. It is used to marshal/unmarshal the JSON profiles as accepted by docker, and extends the runtime-spec's specs.LinuxSeccomp, overriding some fields to provide the ability to define conditional rules based on the host's kernel version, architecture, and the container's capabilities.
Deprecated: use seccomp.Seccomp.
type Syscall
deprecated
Syscall is used to match a group of syscalls in Seccomp. It extends the runtime-spec Syscall type, adding a "Name" field for backward compatibility with older JSON representations, additional "Comment" metadata, and conditional rules ("Includes", "Excludes") used to generate a runtime-spec Seccomp profile based on the container (capabilities) and host's (arch, kernel) configuration.
Deprecated: use seccomp.Syscall.
Source Files