summaryrefslogtreecommitdiff
path: root/vendor/github.com/opencontainers/runtime-tools/generate/seccomp
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/opencontainers/runtime-tools/generate/seccomp')
-rw-r--r--vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go3
-rw-r--r--vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go15
-rw-r--r--vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go15
3 files changed, 31 insertions, 2 deletions
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
index 35b12cd65..5fee5a3b2 100644
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
@@ -2,7 +2,6 @@ package seccomp
import (
"runtime"
- "syscall"
"github.com/opencontainers/runtime-spec/specs-go"
rspec "github.com/opencontainers/runtime-spec/specs-go"
@@ -513,7 +512,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
Args: []rspec.LinuxSeccompArg{
{
Index: sysCloneFlagsIndex,
- Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
+ Value: CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet,
ValueTwo: 0,
Op: rspec.OpMaskedEqual,
},
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
new file mode 100644
index 000000000..311587437
--- /dev/null
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
@@ -0,0 +1,15 @@
+// +build linux
+
+package seccomp
+
+import "syscall"
+
+// System values passed through on linux
+const (
+ CloneNewIPC = syscall.CLONE_NEWIPC
+ CloneNewNet = syscall.CLONE_NEWNET
+ CloneNewNS = syscall.CLONE_NEWNS
+ CloneNewPID = syscall.CLONE_NEWPID
+ CloneNewUser = syscall.CLONE_NEWUSER
+ CloneNewUTS = syscall.CLONE_NEWUTS
+)
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go
new file mode 100644
index 000000000..589b81c16
--- /dev/null
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go
@@ -0,0 +1,15 @@
+// +build !linux
+
+package seccomp
+
+// These are copied from linux/amd64 syscall values, as a reference for other
+// platforms to have access to
+const (
+ CloneNewIPC = 0x8000000
+ CloneNewNet = 0x40000000
+ CloneNewNS = 0x20000
+ CloneNewPID = 0x20000000
+ CloneNewUser = 0x10000000
+ CloneNewUTS = 0x4000000
+ CloneNewCgroup = 0x02000000
+)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-29 15:32:12 +0000