GO-2025-3543: WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc

seccomp

package

v1.5.0-rc.1 Latest Latest Go to latest Published: Mar 13, 2026 License: Apache-2.0 Imports: 6 Imported by: 414

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opencontainers/runc

Links

Documentation ¶

Overview ¶

Package seccomp provides runc-specific helpers for loading and managing seccomp profiles.

Index ¶

Constants
Variables
func ConvertStringToAction(in string) (configs.Action, error)
func ConvertStringToArch(in string) (string, error)
func ConvertStringToOperator(in string) (configs.Operator, error)
func FlagSupported(_ specs.LinuxSeccompFlag) error
func InitSeccomp(config *configs.Seccomp) (int, error)
func KnownActions() []string
func KnownArchs() []string
func KnownFlags() []string
func KnownOperators() []string
func SupportedFlags() []string
func Version() (uint, uint, uint)

Constants ¶

View Source

const Enabled = false

Enabled is true if seccomp support is compiled in.

Variables ¶

View Source

var ErrSeccompNotEnabled = errors.New("seccomp: config provided but seccomp not supported")

Functions ¶

func ConvertStringToAction ¶ added in v0.0.4

func ConvertStringToAction(in string) (configs.Action, error)

ConvertStringToAction converts a string into a Seccomp rule match action. Actions use the names they are assigned in Libseccomp's header. Attempting to convert a string that is not a valid action results in an error.

func ConvertStringToArch ¶ added in v0.0.5

func ConvertStringToArch(in string) (string, error)

ConvertStringToArch converts a string into a Seccomp comparison arch.

func ConvertStringToOperator ¶ added in v0.0.4

func ConvertStringToOperator(in string) (configs.Operator, error)

ConvertStringToOperator converts a string into a Seccomp comparison operator. Comparison operators use the names they are assigned by Libseccomp's header. Attempting to convert a string that is not a valid operator results in an error.

func FlagSupported ¶ added in v1.2.0

func FlagSupported(_ specs.LinuxSeccompFlag) error

FlagSupported tells if a provided seccomp flag is supported.

func InitSeccomp ¶ added in v0.0.4

func InitSeccomp(config *configs.Seccomp) (int, error)

InitSeccomp does nothing because seccomp is not supported.

func KnownActions ¶ added in v1.1.0

func KnownActions() []string

KnownActions returns the list of the known actions. Used by `runc features`.

func KnownArchs ¶ added in v1.1.0

func KnownArchs() []string

KnownArchs returns the list of the known archs. Used by `runc features`.

func KnownFlags ¶ added in v1.2.0

func KnownFlags() []string

KnownFlags returns the list of the known filter flags. Used by `runc features`.

func KnownOperators ¶ added in v1.1.0

func KnownOperators() []string

KnownOperators returns the list of the known operations. Used by `runc features`.

func SupportedFlags ¶ added in v1.2.0

func SupportedFlags() []string

SupportedFlags returns the list of the supported filter flags. This list may be a subset of one returned by KnownFlags due to some flags not supported by the current kernel and/or libseccomp. Used by `runc features`.

func Version ¶ added in v1.0.0

func Version() (uint, uint, uint)

Version returns major, minor, and micro.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
patchbpf Package patchbpf provides utilities for patching libseccomp-generated cBPF programs in order to handle unknown syscalls and ENOSYS more gracefully.	Package patchbpf provides utilities for patching libseccomp-generated cBPF programs in order to handle unknown syscalls and ENOSYS more gracefully.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL