Skip to content

Commit dfe2722

Browse files
grantseltzergrantseltzer
committed
Change generator receivers to pointers, other fixes
Signed-off-by: Grantseltzer <[email protected]>
1 parent 22752db commit dfe2722

2 files changed

Lines changed: 29 additions & 34 deletions

File tree

cmd/ocitools/generate.go

Lines changed: 21 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,8 @@ var generateFlags = []cli.Flag{
5050
cli.StringSliceFlag{Name: "sysctl", Usage: "add sysctl settings e.g net.ipv4.forward=1"},
5151
cli.StringFlag{Name: "apparmor", Usage: "specifies the the apparmor profile for the container"},
5252
cli.BoolFlag{Name: "seccomp-only", Usage: "specifies to export just a seccomp configuration file"},
53-
cli.StringFlag{Name: "seccomp-arch", Usage: "specifies additional architectures permitted to be used for system calls"},
54-
cli.StringFlag{Name: "seccomp-default", Usage: "specifies default action to be used for system calls"},
53+
cli.StringFlag{Name: "seccomp-arch", Value: "amd64,x86,x32", Usage: "specifies additional architectures permitted to be used for system calls"},
54+
cli.StringFlag{Name: "seccomp-default", Value: "errno", Usage: "specifies default action to be used for system calls"},
5555
cli.StringFlag{Name: "seccomp-allow", Usage: "specifies syscalls to respond with allow"},
5656
cli.StringFlag{Name: "seccomp-trap", Usage: "specifies syscalls to respond with trap"},
5757
cli.StringFlag{Name: "seccomp-errno", Usage: "specifies syscalls to respond with errno"},
@@ -311,79 +311,71 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
311311
}
312312
}
313313

314-
err := addSeccomp(*g, context)
314+
err := addSeccomp(g, context)
315315
if err != nil {
316316
return err
317317
}
318318

319319
return nil
320320
}
321321

322-
func addSeccomp(g generate.Generator, context *cli.Context) error {
323-
seccompDefault := context.String("seccomp-default")
324-
seccompArch := context.String("seccomp-arch")
325-
seccompKill := context.String("seccomp-kill")
326-
seccompTrace := context.String("seccomp-trace")
327-
seccompErrno := context.String("seccomp-errno")
328-
seccompTrap := context.String("seccomp-trap")
329-
seccompAllow := context.String("seccomp-allow")
322+
func addSeccomp(g *generate.Generator, context *cli.Context) error {
330323

331324
// Set the DefaultAction of seccomp
332-
if seccompDefault == "" {
333-
seccompDefault = "errno"
334-
}
335-
325+
seccompDefault := context.String("seccomp-default")
336326
err := g.SetDefaultSeccompAction(seccompDefault)
337327
if err != nil {
338328
return err
339329
}
340330

341331
// Add the additional architectures permitted to be used for system calls
342-
if seccompArch == "" {
343-
seccompArch = "amd64,x86,x32" // Default Architectures
344-
}
345-
332+
seccompArch := context.String("seccomp-arch")
346333
architectureArgs := strings.Split(seccompArch, ",")
347334
err = g.SetSeccompArchitectures(architectureArgs)
348335
if err != nil {
349336
return err
350337
}
351338

352-
if seccompKill != "" {
339+
if context.IsSet("seccomp-kill") {
340+
seccompKill := context.String("seccomp-kill")
353341
killArgs := strings.Split(seccompKill, ",")
354-
err = g.SetSyscallActions("kill", killArgs)
342+
err := g.SetSyscallActions("kill", killArgs)
355343
if err != nil {
356344
return err
357345
}
358346
}
359347

360-
if seccompTrace != "" {
348+
if context.IsSet("seccomp-trace") {
349+
seccompTrace := context.String("seccomp-trace")
361350
traceArgs := strings.Split(seccompTrace, ",")
362-
err = g.SetSyscallActions("trace", traceArgs)
351+
err := g.SetSyscallActions("trace", traceArgs)
363352
if err != nil {
364353
return err
365354
}
366355
}
367356

368-
if seccompErrno != "" {
357+
if context.IsSet("seccomp-errno") {
358+
seccompErrno := context.String("seccomp-errno")
369359
errnoArgs := strings.Split(seccompErrno, ",")
370-
err = g.SetSyscallActions("errno", errnoArgs)
360+
err := g.SetSyscallActions("errno", errnoArgs)
371361
if err != nil {
372362
return err
373363
}
374364
}
375365

376-
if seccompTrap != "" {
366+
if context.IsSet("seccomp-trap") {
367+
seccompTrap := context.String("seccomp-trap")
377368
trapArgs := strings.Split(seccompTrap, ",")
378-
err = g.SetSyscallActions("trap", trapArgs)
369+
err := g.SetSyscallActions("trap", trapArgs)
379370
if err != nil {
380371
return err
381372
}
382373
}
383374

384-
if seccompAllow != "" {
375+
if context.IsSet("seccomp-allow") {
376+
seccompAllow := context.String("seccomp-allow")
385377
allowArgs := strings.Split(seccompAllow, ",")
386-
err = g.SetSyscallActions("allow", allowArgs)
378+
err := g.SetSyscallActions("allow", allowArgs)
387379
if err != nil {
388380
return err
389381
}

generate/generate.go

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,6 @@ func New() Generator {
143143
Type: "mount",
144144
},
145145
},
146-
Seccomp: &rspec.Seccomp{},
147146
Devices: []rspec.Device{},
148147
},
149148
}
@@ -866,21 +865,25 @@ func (g *Generator) RemoveLinuxNamespace(ns string) error {
866865
func strPtr(s string) *string { return &s }
867866

868867
// SetSyscallActions adds rules for syscalls with the specified action
869-
func (g Generator) SetSyscallActions(action string, arguments []string) error {
868+
func (g *Generator) SetSyscallActions(action string, arguments []string) error {
869+
g.initSpecLinuxSeccomp()
870870
return seccomp.ParseSyscallFlag(action, arguments, g.spec.Linux.Seccomp)
871871
}
872872

873873
// SetDefaultSeccompAction sets the default action for all syscalls not defined
874-
func (g Generator) SetDefaultSeccompAction(action string) error {
874+
func (g *Generator) SetDefaultSeccompAction(action string) error {
875+
g.initSpecLinuxSeccomp()
875876
return seccomp.ParseDefaultAction(action, g.spec.Linux.Seccomp)
876877
}
877878

878879
// SetSeccompArchitectures sets the supported seccomp architectures
879-
func (g Generator) SetSeccompArchitectures(architectures []string) error {
880+
func (g *Generator) SetSeccompArchitectures(architectures []string) error {
881+
g.initSpecLinuxSeccomp()
880882
return seccomp.ParseArchitectureFlag(architectures, g.spec.Linux.Seccomp)
881883
}
882884

883885
// RemoveSeccompRule removes rules for any specified syscalls
884-
func (g Generator) RemoveSeccompRule(arguments string) error {
886+
func (g *Generator) RemoveSeccompRule(arguments string) error {
887+
g.initSpecLinuxSeccomp()
885888
return seccomp.RemoveAction(arguments, g.spec.Linux.Seccomp)
886889
}

0 commit comments

Comments
 (0)