Commit d927397
committed
seccomp.Syscall: embed runtime-spec Syscall type
This makes the type better reflect the difference with the "runtime" profile;
our local type is used to generate a runtime-spec seccomp profile and extends
the runtime-spec type with additional fields; adding a "Name" field for backward
compatibility with older JSON representations, additional "Comment" metadata,
and conditional rules ("Includes", "Excludes") used during generation to adjust
the profile based on the container (capabilities) and host's (architecture, kernel)
configuration.
This change introduces one change in the type; the "runtime-spec" type uses a
`[]LinuxSeccompArg` for the `Args` field, whereas the local type used pointers;
`[]*LinuxSeccompArg`.
In addition, the runtime-spec Syscall type brings a new `ErrnoRet` field, allowing
the profile to specify the errno code returned for the syscall, which allows
changing the default EPERM for specific syscalls.
Signed-off-by: Sebastiaan van Stijn <[email protected]>1 parent b9ad7b9 commit d927397
6 files changed
Lines changed: 609 additions & 563 deletions
File tree
- profiles/seccomp
- fixtures
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
394 | 394 | | |
395 | 395 | | |
396 | 396 | | |
397 | | - | |
398 | 397 | | |
399 | 398 | | |
400 | 399 | | |
| |||
406 | 405 | | |
407 | 406 | | |
408 | 407 | | |
409 | | - | |
410 | 408 | | |
411 | 409 | | |
412 | 410 | | |
| |||
498 | 496 | | |
499 | 497 | | |
500 | 498 | | |
501 | | - | |
502 | 499 | | |
503 | 500 | | |
504 | 501 | | |
| |||
517 | 514 | | |
518 | 515 | | |
519 | 516 | | |
520 | | - | |
521 | 517 | | |
522 | 518 | | |
523 | 519 | | |
| |||
532 | 528 | | |
533 | 529 | | |
534 | 530 | | |
535 | | - | |
536 | 531 | | |
537 | 532 | | |
538 | 533 | | |
| |||
547 | 542 | | |
548 | 543 | | |
549 | 544 | | |
550 | | - | |
551 | 545 | | |
552 | 546 | | |
553 | 547 | | |
| |||
565 | 559 | | |
566 | 560 | | |
567 | 561 | | |
568 | | - | |
569 | 562 | | |
570 | 563 | | |
571 | 564 | | |
| |||
580 | 573 | | |
581 | 574 | | |
582 | 575 | | |
583 | | - | |
584 | 576 | | |
585 | 577 | | |
586 | 578 | | |
| |||
614 | 606 | | |
615 | 607 | | |
616 | 608 | | |
617 | | - | |
618 | 609 | | |
619 | 610 | | |
620 | 611 | | |
| |||
677 | 668 | | |
678 | 669 | | |
679 | 670 | | |
680 | | - | |
681 | 671 | | |
682 | 672 | | |
683 | 673 | | |
| |||
691 | 681 | | |
692 | 682 | | |
693 | 683 | | |
694 | | - | |
695 | 684 | | |
696 | 685 | | |
697 | 686 | | |
| |||
707 | 696 | | |
708 | 697 | | |
709 | 698 | | |
710 | | - | |
711 | 699 | | |
712 | 700 | | |
713 | 701 | | |
| |||
721 | 709 | | |
722 | 710 | | |
723 | 711 | | |
724 | | - | |
725 | 712 | | |
726 | 713 | | |
727 | 714 | | |
| |||
740 | 727 | | |
741 | 728 | | |
742 | 729 | | |
743 | | - | |
744 | 730 | | |
745 | 731 | | |
746 | 732 | | |
| |||
755 | 741 | | |
756 | 742 | | |
757 | 743 | | |
758 | | - | |
759 | 744 | | |
760 | 745 | | |
761 | 746 | | |
| |||
771 | 756 | | |
772 | 757 | | |
773 | 758 | | |
774 | | - | |
775 | 759 | | |
776 | 760 | | |
777 | 761 | | |
| |||
785 | 769 | | |
786 | 770 | | |
787 | 771 | | |
788 | | - | |
789 | 772 | | |
790 | 773 | | |
791 | 774 | | |
| |||
801 | 784 | | |
802 | 785 | | |
803 | 786 | | |
804 | | - | |
805 | 787 | | |
806 | 788 | | |
807 | 789 | | |
| |||
815 | 797 | | |
816 | 798 | | |
817 | 799 | | |
818 | | - | |
819 | 800 | | |
820 | 801 | | |
821 | 802 | | |
| |||
0 commit comments