@@ -365,13 +365,6 @@ type LinuxDeviceCgroup struct {
365365 Access string `json:"access,omitempty"`
366366}
367367
368- // LinuxSeccomp represents syscall restrictions
369- type LinuxSeccomp struct {
370- DefaultAction LinuxSeccompAction `json:"defaultAction"`
371- Architectures []Arch `json:"architectures"`
372- Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
373- }
374-
375368// Solaris contains platform specific configuration for Solaris application containers.
376369type Solaris struct {
377370 // SMF FMRI which should go "online" before we start the container process.
@@ -469,6 +462,13 @@ type WindowsNetworkResources struct {
469462 EgressBandwidth * uint64 `json:"egressBandwidth,omitempty"`
470463}
471464
465+ // LinuxSeccomp represents syscall restrictions
466+ type LinuxSeccomp struct {
467+ DefaultAction LinuxSeccompAction `json:"defaultAction"`
468+ Architectures []Arch `json:"architectures,omitempty"`
469+ Syscalls []LinuxSyscall `json:"syscalls"`
470+ }
471+
472472// Arch used for additional architectures
473473type Arch string
474474
@@ -529,7 +529,19 @@ type LinuxSeccompArg struct {
529529
530530// LinuxSyscall is used to match a syscall in Seccomp
531531type LinuxSyscall struct {
532- Name string `json:"name"`
533- Action LinuxSeccompAction `json:"action"`
534- Args []LinuxSeccompArg `json:"args,omitempty"`
532+ Names []string `json:"names,omitempty"`
533+ Action Action `json:"action"`
534+ Args []LinuxSyscallArg `json:"args"`
535+ Comment string `json:"comment"`
536+ }
537+
538+ // Action taken upon Seccomp rule match
539+ type Action string
540+
541+ // LinuxSyscallArg used for matching specific syscall arguments in Seccomp
542+ type LinuxSyscallArg struct {
543+ Index uint `json:"index"`
544+ Value uint64 `json:"value"`
545+ ValueTwo uint64 `json:"valueTwo"`
546+ Op LinuxSeccompOperator `json:"op"`
535547}
0 commit comments