github.com/opencontainers/runtime-tools@v0.9.0/generate/seccomp/parse_remove.go (about) 1 package seccomp 2 3 import ( 4 "fmt" 5 "reflect" 6 "strings" 7 8 rspec "github.com/opencontainers/runtime-spec/specs-go" 9 ) 10 11 // RemoveAction takes the argument string that was passed with the --remove flag, 12 // parses it, and updates the Seccomp config accordingly 13 func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error { 14 if config == nil { 15 return fmt.Errorf("Cannot remove action from nil Seccomp pointer") 16 } 17 18 syscallsToRemove := strings.Split(arguments, ",") 19 20 for counter, syscallStruct := range config.Syscalls { 21 if reflect.DeepEqual(syscallsToRemove, syscallStruct.Names) { 22 config.Syscalls = append(config.Syscalls[:counter], config.Syscalls[counter+1:]...) 23 } 24 } 25 26 return nil 27 } 28 29 // RemoveAllSeccompRules removes all seccomp syscall rules 30 func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error { 31 if config == nil { 32 return fmt.Errorf("Cannot remove action from nil Seccomp pointer") 33 } 34 newSyscallSlice := []rspec.LinuxSyscall{} 35 config.Syscalls = newSyscallSlice 36 return nil 37 } 38 39 // RemoveAllMatchingRules will remove any syscall rules that match the specified action 40 func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error { 41 if config == nil { 42 return fmt.Errorf("Cannot remove action from nil Seccomp pointer") 43 } 44 45 for _, syscall := range config.Syscalls { 46 if reflect.DeepEqual(syscall.Action, seccompAction) { 47 RemoveAction(strings.Join(syscall.Names, ","), config) 48 } 49 } 50 51 return nil 52 }