github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/audit/seccomp/tracer/syscalls.go (about) 1 //go:build !docs 2 // +build !docs 3 4 // Copyright 2019-2022 The Inspektor Gadget authors 5 // 6 // Licensed under the Apache License, Version 2.0 (the "License"); 7 // you may not use this file except in compliance with the License. 8 // You may obtain a copy of the License at 9 // 10 // http://www.apache.org/licenses/LICENSE-2.0 11 // 12 // Unless required by applicable law or agreed to in writing, software 13 // distributed under the License is distributed on an "AS IS" BASIS, 14 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 // See the License for the specific language governing permissions and 16 // limitations under the License. 17 18 package tracer 19 20 import ( 21 "fmt" 22 23 "github.com/inspektor-gadget/inspektor-gadget/pkg/utils/syscalls" 24 ) 25 26 const ( 27 SECCOMP_RET_KILL_PROCESS = 0x80000000 28 SECCOMP_RET_KILL_THREAD = 0x00000000 29 SECCOMP_RET_KILL = SECCOMP_RET_KILL_THREAD 30 SECCOMP_RET_TRAP = 0x00030000 31 SECCOMP_RET_ERRNO = 0x00050000 32 SECCOMP_RET_USER_NOTIF = 0x7fc00000 33 SECCOMP_RET_TRACE = 0x7ff00000 34 SECCOMP_RET_LOG = 0x7ffc0000 35 SECCOMP_RET_ALLOW = 0x7fff0000 36 SECCOMP_RET_ACTION_FULL = 0xffff0000 37 ) 38 39 func syscallToName(syscall int) string { 40 name, ok := syscalls.GetSyscallNameByNumber(syscall) 41 if !ok { 42 name = fmt.Sprintf("syscall%d", syscall) 43 } 44 return name 45 } 46 47 func codeToName(code uint) string { 48 switch code & SECCOMP_RET_ACTION_FULL { 49 case SECCOMP_RET_KILL_PROCESS: 50 return "kill_process" 51 case SECCOMP_RET_KILL_THREAD: 52 return "kill_thread" 53 case SECCOMP_RET_TRAP: 54 return "trap" 55 case SECCOMP_RET_ERRNO: 56 return "errno" 57 case SECCOMP_RET_USER_NOTIF: 58 return "user_notif" 59 case SECCOMP_RET_TRACE: 60 return "trace" 61 case SECCOMP_RET_LOG: 62 return "log" 63 case SECCOMP_RET_ALLOW: 64 return "allow" 65 default: 66 return "unknown" 67 } 68 }