filter

package

v0.0.0-...-957f62e Latest Latest Go to latest Published: Nov 10, 2023 License: Apache-2.0, MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/MerlinKodo/gvisor

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.

Index ¶

func Install(opt Options) error
func Report(msg string)
func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules)
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Install ¶

func Install(opt Options) error

Install seccomp filters based on the given platform.

func Report ¶

func Report(msg string)

Report writes a warning message to the log.

func Rules ¶

func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules)

Rules returns the seccomp (rules, denyRules) to use for the Sentry.

Types ¶

type Options ¶

type Options struct {
	Platform              platform.Platform
	HostNetwork           bool
	HostNetworkRawSockets bool
	HostFilesystem        bool
	ProfileEnable         bool
	NVProxy               bool
	TPUProxy              bool
	ControllerFD          int
}

Options are seccomp filter related options.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL