github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/advise/seccomp/tracer/syscalls.go

github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/advise/seccomp/tracer/syscalls.go (about)

     1  //go:build !docs
     2  // +build !docs
     3  
     4  // Copyright 2019-2021 The Inspektor Gadget authors
     5  //
     6  // Licensed under the Apache License, Version 2.0 (the "License");
     7  // you may not use this file except in compliance with the License.
     8  // You may obtain a copy of the License at
     9  //
    10  //     http://www.apache.org/licenses/LICENSE-2.0
    11  //
    12  // Unless required by applicable law or agreed to in writing, software
    13  // distributed under the License is distributed on an "AS IS" BASIS,
    14  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  // See the License for the specific language governing permissions and
    16  // limitations under the License.
    17  
    18  package tracer
    19  
    20  import (
    21  	"runtime"
    22  
    23  	"github.com/opencontainers/runtime-spec/specs-go"
    24  )
    25  
    26  /* Function arches() under the Apache License, Version 2.0 by the containerd authors:
    27   * https://github.com/containerd/containerd/blob/66fec3bbbf91520a1433faa16e99e5a314a61902/contrib/seccomp/seccomp_default.go#L29
    28   */
    29  func Arches() []specs.Arch {
    30  	switch runtime.GOARCH {
    31  	case "amd64":
    32  		return []specs.Arch{specs.ArchX86_64, specs.ArchX86, specs.ArchX32}
    33  	case "arm64":
    34  		return []specs.Arch{specs.ArchARM, specs.ArchAARCH64}
    35  	case "mips64":
    36  		return []specs.Arch{specs.ArchMIPS, specs.ArchMIPS64, specs.ArchMIPS64N32}
    37  	case "mips64n32":
    38  		return []specs.Arch{specs.ArchMIPS, specs.ArchMIPS64, specs.ArchMIPS64N32}
    39  	case "mipsel64":
    40  		return []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64, specs.ArchMIPSEL64N32}
    41  	case "mipsel64n32":
    42  		return []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64, specs.ArchMIPSEL64N32}
    43  	case "s390x":
    44  		return []specs.Arch{specs.ArchS390, specs.ArchS390X}
    45  	default:
    46  		return []specs.Arch{}
    47  	}
    48  }
    49  
    50  func SyscallNamesToLinuxSeccomp(syscallNames []string) *specs.LinuxSeccomp {
    51  	syscalls := []specs.LinuxSyscall{
    52  		{
    53  			Names:  syscallNames,
    54  			Action: specs.ActAllow,
    55  			Args:   []specs.LinuxSeccompArg{},
    56  		},
    57  	}
    58  
    59  	s := &specs.LinuxSeccomp{
    60  		DefaultAction: specs.ActErrno,
    61  		Architectures: Arches(),
    62  		Syscalls:      syscalls,
    63  	}
    64  	return s
    65  }