github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/seccomp/config.go

github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/seccomp/config.go (about)

     1  package seccomp
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/opencontainers/runc/libcontainer/configs"
     7  )
     8  
     9  var operators = map[string]configs.Operator{
    10  	"SCMP_CMP_NE":        configs.NotEqualTo,
    11  	"SCMP_CMP_LT":        configs.LessThan,
    12  	"SCMP_CMP_LE":        configs.LessThanOrEqualTo,
    13  	"SCMP_CMP_EQ":        configs.EqualTo,
    14  	"SCMP_CMP_GE":        configs.GreaterThanOrEqualTo,
    15  	"SCMP_CMP_GT":        configs.GreaterThan,
    16  	"SCMP_CMP_MASKED_EQ": configs.MaskEqualTo,
    17  }
    18  
    19  var actions = map[string]configs.Action{
    20  	"SCMP_ACT_KILL":  configs.Kill,
    21  	"SCMP_ACT_ERRNO": configs.Errno,
    22  	"SCMP_ACT_TRAP":  configs.Trap,
    23  	"SCMP_ACT_ALLOW": configs.Allow,
    24  	"SCMP_ACT_TRACE": configs.Trace,
    25  }
    26  
    27  var archs = map[string]string{
    28  	"SCMP_ARCH_X86":         "x86",
    29  	"SCMP_ARCH_X86_64":      "amd64",
    30  	"SCMP_ARCH_X32":         "x32",
    31  	"SCMP_ARCH_ARM":         "arm",
    32  	"SCMP_ARCH_AARCH64":     "arm64",
    33  	"SCMP_ARCH_MIPS":        "mips",
    34  	"SCMP_ARCH_MIPS64":      "mips64",
    35  	"SCMP_ARCH_MIPS64N32":   "mips64n32",
    36  	"SCMP_ARCH_MIPSEL":      "mipsel",
    37  	"SCMP_ARCH_MIPSEL64":    "mipsel64",
    38  	"SCMP_ARCH_MIPSEL64N32": "mipsel64n32",
    39  	"SCMP_ARCH_PPC":         "ppc",
    40  	"SCMP_ARCH_PPC64":       "ppc64",
    41  	"SCMP_ARCH_PPC64LE":     "ppc64le",
    42  	"SCMP_ARCH_S390":        "s390",
    43  	"SCMP_ARCH_S390X":       "s390x",
    44  }
    45  
    46  // ConvertStringToOperator converts a string into a Seccomp comparison operator.
    47  // Comparison operators use the names they are assigned by Libseccomp's header.
    48  // Attempting to convert a string that is not a valid operator results in an
    49  // error.
    50  func ConvertStringToOperator(in string) (configs.Operator, error) {
    51  	if op, ok := operators[in]; ok == true {
    52  		return op, nil
    53  	}
    54  	return 0, fmt.Errorf("string %s is not a valid operator for seccomp", in)
    55  }
    56  
    57  // ConvertStringToAction converts a string into a Seccomp rule match action.
    58  // Actions use the names they are assigned in Libseccomp's header, though some
    59  // (notable, SCMP_ACT_TRACE) are not available in this implementation and will
    60  // return errors.
    61  // Attempting to convert a string that is not a valid action results in an
    62  // error.
    63  func ConvertStringToAction(in string) (configs.Action, error) {
    64  	if act, ok := actions[in]; ok == true {
    65  		return act, nil
    66  	}
    67  	return 0, fmt.Errorf("string %s is not a valid action for seccomp", in)
    68  }
    69  
    70  // ConvertStringToArch converts a string into a Seccomp comparison arch.
    71  func ConvertStringToArch(in string) (string, error) {
    72  	if arch, ok := archs[in]; ok == true {
    73  		return arch, nil
    74  	}
    75  	return "", fmt.Errorf("string %s is not a valid arch for seccomp", in)
    76  }