...

Source file src/github.com/opencontainers/runc/libcontainer/seccomp/config.go

Documentation: github.com/opencontainers/runc/libcontainer/seccomp 

     1  package seccomp
     2  
     3  import (
     4  	"fmt"
     5  	"sort"
     6  
     7  	"github.com/opencontainers/runc/libcontainer/configs"
     8  )
     9  
    10  var operators = map[string]configs.Operator{
    11  	"SCMP_CMP_NE":        configs.NotEqualTo,
    12  	"SCMP_CMP_LT":        configs.LessThan,
    13  	"SCMP_CMP_LE":        configs.LessThanOrEqualTo,
    14  	"SCMP_CMP_EQ":        configs.EqualTo,
    15  	"SCMP_CMP_GE":        configs.GreaterThanOrEqualTo,
    16  	"SCMP_CMP_GT":        configs.GreaterThan,
    17  	"SCMP_CMP_MASKED_EQ": configs.MaskEqualTo,
    18  }
    19  
    20  // KnownOperators returns the list of the known operations.
    21  // Used by `runc features`.
    22  func KnownOperators() []string {
    23  	var res []string
    24  	for k := range operators {
    25  		res = append(res, k)
    26  	}
    27  	sort.Strings(res)
    28  	return res
    29  }
    30  
    31  var actions = map[string]configs.Action{
    32  	"SCMP_ACT_KILL":         configs.Kill,
    33  	"SCMP_ACT_ERRNO":        configs.Errno,
    34  	"SCMP_ACT_TRAP":         configs.Trap,
    35  	"SCMP_ACT_ALLOW":        configs.Allow,
    36  	"SCMP_ACT_TRACE":        configs.Trace,
    37  	"SCMP_ACT_LOG":          configs.Log,
    38  	"SCMP_ACT_NOTIFY":       configs.Notify,
    39  	"SCMP_ACT_KILL_THREAD":  configs.KillThread,
    40  	"SCMP_ACT_KILL_PROCESS": configs.KillProcess,
    41  }
    42  
    43  // KnownActions returns the list of the known actions.
    44  // Used by `runc features`.
    45  func KnownActions() []string {
    46  	var res []string
    47  	for k := range actions {
    48  		res = append(res, k)
    49  	}
    50  	sort.Strings(res)
    51  	return res
    52  }
    53  
    54  var archs = map[string]string{
    55  	"SCMP_ARCH_X86":         "x86",
    56  	"SCMP_ARCH_X86_64":      "amd64",
    57  	"SCMP_ARCH_X32":         "x32",
    58  	"SCMP_ARCH_ARM":         "arm",
    59  	"SCMP_ARCH_AARCH64":     "arm64",
    60  	"SCMP_ARCH_MIPS":        "mips",
    61  	"SCMP_ARCH_MIPS64":      "mips64",
    62  	"SCMP_ARCH_MIPS64N32":   "mips64n32",
    63  	"SCMP_ARCH_MIPSEL":      "mipsel",
    64  	"SCMP_ARCH_MIPSEL64":    "mipsel64",
    65  	"SCMP_ARCH_MIPSEL64N32": "mipsel64n32",
    66  	"SCMP_ARCH_PPC":         "ppc",
    67  	"SCMP_ARCH_PPC64":       "ppc64",
    68  	"SCMP_ARCH_PPC64LE":     "ppc64le",
    69  	"SCMP_ARCH_RISCV64":     "riscv64",
    70  	"SCMP_ARCH_S390":        "s390",
    71  	"SCMP_ARCH_S390X":       "s390x",
    72  }
    73  
    74  // KnownArchs returns the list of the known archs.
    75  // Used by `runc features`.
    76  func KnownArchs() []string {
    77  	var res []string
    78  	for k := range archs {
    79  		res = append(res, k)
    80  	}
    81  	sort.Strings(res)
    82  	return res
    83  }
    84  
    85  // ConvertStringToOperator converts a string into a Seccomp comparison operator.
    86  // Comparison operators use the names they are assigned by Libseccomp's header.
    87  // Attempting to convert a string that is not a valid operator results in an
    88  // error.
    89  func ConvertStringToOperator(in string) (configs.Operator, error) {
    90  	if op, ok := operators[in]; ok {
    91  		return op, nil
    92  	}
    93  	return 0, fmt.Errorf("string %s is not a valid operator for seccomp", in)
    94  }
    95  
    96  // ConvertStringToAction converts a string into a Seccomp rule match action.
    97  // Actions use the names they are assigned in Libseccomp's header.
    98  // Attempting to convert a string that is not a valid action results in an
    99  // error.
   100  func ConvertStringToAction(in string) (configs.Action, error) {
   101  	if act, ok := actions[in]; ok {
   102  		return act, nil
   103  	}
   104  	return 0, fmt.Errorf("string %s is not a valid action for seccomp", in)
   105  }
   106  
   107  // ConvertStringToArch converts a string into a Seccomp comparison arch.
   108  func ConvertStringToArch(in string) (string, error) {
   109  	if arch, ok := archs[in]; ok {
   110  		return arch, nil
   111  	}
   112  	return "", fmt.Errorf("string %s is not a valid arch for seccomp", in)
   113  }
   114  

View as plain text