mirror of
https://github.com/genuinetools/reg.git
synced 2024-09-17 08:01:02 -04:00
69 lines
2 KiB
Go
69 lines
2 KiB
Go
|
package types
|
||
|
|
||
|
// Seccomp represents the config for a seccomp profile for syscall restriction.
|
||
|
type Seccomp struct {
|
||
|
DefaultAction Action `json:"defaultAction"`
|
||
|
Architectures []Arch `json:"architectures"`
|
||
|
Syscalls []*Syscall `json:"syscalls"`
|
||
|
}
|
||
|
|
||
|
// Arch used for additional architectures
|
||
|
type Arch string
|
||
|
|
||
|
// Additional architectures permitted to be used for system calls
|
||
|
// By default only the native architecture of the kernel is permitted
|
||
|
const (
|
||
|
ArchX86 Arch = "SCMP_ARCH_X86"
|
||
|
ArchX86_64 Arch = "SCMP_ARCH_X86_64"
|
||
|
ArchX32 Arch = "SCMP_ARCH_X32"
|
||
|
ArchARM Arch = "SCMP_ARCH_ARM"
|
||
|
ArchAARCH64 Arch = "SCMP_ARCH_AARCH64"
|
||
|
ArchMIPS Arch = "SCMP_ARCH_MIPS"
|
||
|
ArchMIPS64 Arch = "SCMP_ARCH_MIPS64"
|
||
|
ArchMIPS64N32 Arch = "SCMP_ARCH_MIPS64N32"
|
||
|
ArchMIPSEL Arch = "SCMP_ARCH_MIPSEL"
|
||
|
ArchMIPSEL64 Arch = "SCMP_ARCH_MIPSEL64"
|
||
|
ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
|
||
|
)
|
||
|
|
||
|
// Action taken upon Seccomp rule match
|
||
|
type Action string
|
||
|
|
||
|
// Define actions for Seccomp rules
|
||
|
const (
|
||
|
ActKill Action = "SCMP_ACT_KILL"
|
||
|
ActTrap Action = "SCMP_ACT_TRAP"
|
||
|
ActErrno Action = "SCMP_ACT_ERRNO"
|
||
|
ActTrace Action = "SCMP_ACT_TRACE"
|
||
|
ActAllow Action = "SCMP_ACT_ALLOW"
|
||
|
)
|
||
|
|
||
|
// Operator used to match syscall arguments in Seccomp
|
||
|
type Operator string
|
||
|
|
||
|
// Define operators for syscall arguments in Seccomp
|
||
|
const (
|
||
|
OpNotEqual Operator = "SCMP_CMP_NE"
|
||
|
OpLessThan Operator = "SCMP_CMP_LT"
|
||
|
OpLessEqual Operator = "SCMP_CMP_LE"
|
||
|
OpEqualTo Operator = "SCMP_CMP_EQ"
|
||
|
OpGreaterEqual Operator = "SCMP_CMP_GE"
|
||
|
OpGreaterThan Operator = "SCMP_CMP_GT"
|
||
|
OpMaskedEqual Operator = "SCMP_CMP_MASKED_EQ"
|
||
|
)
|
||
|
|
||
|
// Arg used for matching specific syscall arguments in Seccomp
|
||
|
type Arg struct {
|
||
|
Index uint `json:"index"`
|
||
|
Value uint64 `json:"value"`
|
||
|
ValueTwo uint64 `json:"valueTwo"`
|
||
|
Op Operator `json:"op"`
|
||
|
}
|
||
|
|
||
|
// Syscall is used to match a syscall in Seccomp
|
||
|
type Syscall struct {
|
||
|
Name string `json:"name"`
|
||
|
Action Action `json:"action"`
|
||
|
Args []*Arg `json:"args"`
|
||
|
}
|