seccomp

package

v1.1.6 Latest Latest Go to latest Published: Jan 27, 2016 License: Apache-2.0, Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/erikwilson/kubernetes

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package seccomp provides native seccomp ( https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt ) support for go.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrUnresolvedLabel      = errors.New("seccomp: unresolved label")
	ErrDuplicateLabel       = errors.New("seccomp: duplicate label use")
	ErrUnsupportedOperation = errors.New("seccomp: unsupported operation for argument")
)

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action int

Action is the type of action that will be taken when a syscall is performed.

const (
	Kill  Action = iota - 3 // Kill the calling process of the syscall.
	Trap                    // Trap and coredump the calling process of the syscall.
	Allow                   // Allow the syscall to be completed.
)

func Error ¶

func Error(code syscall.Errno) Action

Error returns an Action that will be used to send the calling process the specified errno when the syscall is made.

type Arg ¶

type Arg struct {
	Index uint32   // index of args which start from zero
	Op    Operator // operation, such as EQ/NE/GE/LE
	Value uint     // the value of arg
}

Arg represents an argument to the syscall with the argument's index, the operator to apply when matching, and the argument's value at that time.

type Args ¶

type Args [][]Arg

type Context ¶

type Context struct {
	// contains filtered or unexported fields
}

Context holds syscalls for the current process to limit the type of actions the calling process can make.

func New ¶

func New() *Context

New returns a new syscall context for use.

func (*Context) Add ¶

func (c *Context) Add(s *Syscall)

Add will add the specified syscall, action, and arguments to the seccomp Context.

func (*Context) Load ¶

func (c *Context) Load() error

Load will apply the Context to the calling process makeing any secccomp process changes apply after the context is loaded.

func (*Context) Remove ¶

func (c *Context) Remove(call uint32)

Remove removes the specified syscall configuration from the Context.

type Operator ¶

type Operator int

Operator that is used for argument comparison.

const (
	EqualTo Operator = iota
	NotEqualTo
	GreatherThan
	LessThan
	MaskEqualTo
)

type Syscall ¶

type Syscall struct {
	// Value is the syscall number.
	Value uint32
	// Action is the action to perform when the specified syscall is made.
	Action Action
	// Args are filters that can be specified on the arguments to the syscall.
	Args Args
}

Syscall is the specified syscall, action, and any type of arguments to filter on.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL