docker: Index | Files

package seccomp

import ""


Package Files

kernel_linux.go seccomp.go seccomp_linux.go seccomp_unsupported.go

func GetDefaultProfile Uses

func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error)

GetDefaultProfile returns the default seccomp profile.

func LoadProfile Uses

func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error)

LoadProfile takes a json string and decodes the seccomp profile.

type Architecture Uses

type Architecture struct {
    Arch      specs.Arch   `json:"architecture"`
    SubArches []specs.Arch `json:"subArchitectures"`

Architecture is used to represent a specific architecture and its sub-architectures

type Filter Uses

type Filter struct {
    Caps   []string `json:"caps,omitempty"`
    Arches []string `json:"arches,omitempty"`

    // MinKernel describes the minimum kernel version the rule must be applied
    // on, in the format "<kernel version>.<major revision>" (e.g. "3.12").
    // When matching the kernel version of the host, minor revisions, and distro-
    // specific suffixes are ignored, which means that "3.12.25-gentoo", "3.12-1-amd64",
    // "3.12", and "3.12-rc5" are considered equal (kernel 3, major revision 12).
    MinKernel *KernelVersion `json:"minKernel,omitempty"`

Filter is used to conditionally apply Seccomp rules

type KernelVersion Uses

type KernelVersion struct {
    Kernel uint64 // Version of the Kernel (i.e., the "4" in "4.1.2-generic")
    Major  uint64 // Major revision of the Kernel (i.e., the "1" in "4.1.2-generic")

KernelVersion holds information about the kernel.

func (*KernelVersion) MarshalJSON Uses

func (k *KernelVersion) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Unmarshaler for KernelVersion

func (*KernelVersion) String Uses

func (k *KernelVersion) String() string

String implements fmt.Stringer for KernelVersion

func (*KernelVersion) UnmarshalJSON Uses

func (k *KernelVersion) UnmarshalJSON(version []byte) error

UnmarshalJSON implements json.Marshaler for KernelVersion

type Seccomp Uses

type Seccomp struct {
    DefaultAction specs.LinuxSeccompAction `json:"defaultAction"`
    // Architectures is kept to maintain backward compatibility with the old
    // seccomp profile.
    Architectures []specs.Arch   `json:"architectures,omitempty"`
    ArchMap       []Architecture `json:"archMap,omitempty"`
    Syscalls      []*Syscall     `json:"syscalls"`

Seccomp represents the config for a seccomp profile for syscall restriction.

func DefaultProfile Uses

func DefaultProfile() *Seccomp

DefaultProfile returns a nil pointer on unsupported systems.

type Syscall Uses

type Syscall struct {
    Name     string                   `json:"name,omitempty"`
    Names    []string                 `json:"names,omitempty"`
    Action   specs.LinuxSeccompAction `json:"action"`
    Args     []*specs.LinuxSeccompArg `json:"args"`
    Comment  string                   `json:"comment"`
    Includes Filter                   `json:"includes"`
    Excludes Filter                   `json:"excludes"`

Syscall is used to match a group of syscalls in Seccomp

Package seccomp imports 10 packages (graph) and is imported by 57 packages. Updated 2020-11-18. Refresh now. Tools for package owners.