seccomp

package
v0.0.0-...-677ed08 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2016 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package seccomp implements integration between snappy and ubuntu-core-launcher around seccomp.

Snappy creates so-called seccomp profiles for each application (for each snap) present in the system. Upon each execution of ubuntu-core-launcher, the profile is read and "compiled" to an eBPF program and injected into the kernel for the duration of the execution of the process.

There is no binary cache for seccomp, each time the launcher starts an application the profile is parsed and re-compiled.

The actual profiles are stored in /var/lib/snappy/seccomp/profiles. This directory is hard-coded in ubuntu-core-launcher.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Backend 

type Backend struct{}

Backend is responsible for maintaining seccomp profiles for ubuntu-core-launcher.

func (*Backend) Name 

func (b *Backend) Name() string

Name returns the name of the backend.

func (*Backend) Remove 

func (b *Backend) Remove(snapName string) error

Remove removes seccomp profiles of a given snap.

func (*Backend) Setup 

func (b *Backend) Setup(snapInfo *snap.Info, devMode bool, repo *interfaces.Repository) error

Setup creates seccomp profiles specific to a given snap. The snap can be in developer mode to make security violations non-fatal to the offending application process.

This method should be called after changing plug, slots, connections between them or application present in the snap.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.