seccomp

package
v1.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultProfile added in v1.24.0 

func DefaultProfile() *seccomp.Seccomp

Types

type Config 

type Config struct {
	// contains filtered or unexported fields
}

Config is the global seccomp configuration type.

func New 

func New() *Config

New creates a new default seccomp configuration instance.

func (*Config) IsDisabled 

func (c *Config) IsDisabled() bool

func (*Config) LoadDefaultProfile added in v1.25.0 

func (c *Config) LoadDefaultProfile() error

LoadDefaultProfile sets the internal default profile.

func (*Config) LoadProfile 

func (c *Config) LoadProfile(profilePath string) error

LoadProfile can be used to load a seccomp profile from the provided path. This method will not fail if seccomp is disabled.

func (*Config) NotifierPath added in v1.26.0 

func (c *Config) NotifierPath() string

NotifierPath returns the currently used seccomp notifier base path.

func (*Config) Profile 

func (c *Config) Profile() *seccomp.Seccomp

Profile returns the currently loaded seccomp profile.

func (*Config) SetNotifierPath added in v1.26.0 

func (c *Config) SetNotifierPath(path string)

SetNotifierPath sets the default path for creating seccomp notifier sockets.

func (*Config) Setup added in v1.21.0 

func (c *Config) Setup(
	ctx context.Context,
	sys *imagetypes.SystemContext,
	msgChan chan Notification,
	containerID, containerName string,
	sandboxAnnotations, imageAnnotations map[string]string,
	specGenerator *generate.Generator,
	profileField *types.SecurityProfile,
) (*Notifier, string, error)

Setup can be used to setup the seccomp profile.

type Notification added in v1.26.0 

type Notification struct{}

Notification is a seccomp notification which gets sent to the CRI-O server.

func (*Notification) ContainerID added in v1.26.0 

func (*Notification) ContainerID() string

func (*Notification) Ctx added in v1.26.0 

func (*Notification) Ctx() context.Context

func (*Notification) Syscall added in v1.26.0 

func (*Notification) Syscall() string

type Notifier added in v1.26.0 

type Notifier struct{}

Notifier wraps a seccomp notifier instance for a container.

func NewNotifier added in v1.26.0 

func NewNotifier(
	ctx context.Context,
	msgChan chan Notification,
	containerID, listenerPath string,
	annotationMap map[string]string,
) (*Notifier, error)

NewNotifier starts the notifier for the provided arguments.

func (*Notifier) AddSyscall added in v1.26.0 

func (*Notifier) AddSyscall(syscall string)

func (*Notifier) Close added in v1.26.0 

func (*Notifier) Close() error

Close can be used to close the notifier listener.

func (*Notifier) OnExpired added in v1.26.0 

func (*Notifier) OnExpired(callback func())

func (*Notifier) StopContainers added in v1.26.0 

func (*Notifier) StopContainers() bool

func (*Notifier) UsedSyscalls added in v1.26.0 

func (*Notifier) UsedSyscalls() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.