summaryrefslogtreecommitdiff
path: root/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go')
-rw-r--r--vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go53
1 files changed, 39 insertions, 14 deletions
diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
index 4e36b27ae..0982e930f 100644
--- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
+++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
@@ -72,7 +72,17 @@ const uint32_t C_ARCH_S390X = SCMP_ARCH_S390X;
#define SCMP_ACT_LOG 0x7ffc0000U
#endif
+#ifndef SCMP_ACT_KILL_PROCESS
+#define SCMP_ACT_KILL_PROCESS 0x80000000U
+#endif
+
+#ifndef SCMP_ACT_KILL_THREAD
+#define SCMP_ACT_KILL_THREAD 0x00000000U
+#endif
+
const uint32_t C_ACT_KILL = SCMP_ACT_KILL;
+const uint32_t C_ACT_KILL_PROCESS = SCMP_ACT_KILL_PROCESS;
+const uint32_t C_ACT_KILL_THREAD = SCMP_ACT_KILL_THREAD;
const uint32_t C_ACT_TRAP = SCMP_ACT_TRAP;
const uint32_t C_ACT_ERRNO = SCMP_ACT_ERRNO(0);
const uint32_t C_ACT_TRACE = SCMP_ACT_TRACE(0);
@@ -203,7 +213,7 @@ const (
archEnd ScmpArch = ArchS390X
// Comparison boundaries to check for action validity
actionStart ScmpAction = ActKill
- actionEnd ScmpAction = ActLog
+ actionEnd ScmpAction = ActKillProcess
// Comparison boundaries to check for comparison operator validity
compareOpStart ScmpCompareOp = CompareNotEqual
compareOpEnd ScmpCompareOp = CompareMaskedEqual
@@ -236,7 +246,7 @@ func ensureSupportedVersion() error {
}
// Get the API level
-func getApi() (uint, error) {
+func getAPI() (uint, error) {
api := C.seccomp_api_get()
if api == 0 {
return 0, fmt.Errorf("API level operations are not supported")
@@ -246,9 +256,9 @@ func getApi() (uint, error) {
}
// Set the API level
-func setApi(api uint) error {
+func setAPI(api uint) error {
if retCode := C.seccomp_api_set(C.uint(api)); retCode != 0 {
- if syscall.Errno(-1*retCode) == syscall.EOPNOTSUPP {
+ if errRc(retCode) == syscall.EOPNOTSUPP {
return fmt.Errorf("API level operations are not supported")
}
@@ -265,6 +275,10 @@ func filterFinalizer(f *ScmpFilter) {
f.Release()
}
+func errRc(rc C.int) error {
+ return syscall.Errno(-1 * rc)
+}
+
// Get a raw filter attribute
func (f *ScmpFilter) getFilterAttr(attr scmpFilterAttr) (C.uint32_t, error) {
f.lock.Lock()
@@ -278,7 +292,7 @@ func (f *ScmpFilter) getFilterAttr(attr scmpFilterAttr) (C.uint32_t, error) {
retCode := C.seccomp_attr_get(f.filterCtx, attr.toNative(), &attribute)
if retCode != 0 {
- return 0x0, syscall.Errno(-1 * retCode)
+ return 0x0, errRc(retCode)
}
return attribute, nil
@@ -295,7 +309,7 @@ func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr, value C.uint32_t) error
retCode := C.seccomp_attr_set(f.filterCtx, attr.toNative(), value)
if retCode != 0 {
- return syscall.Errno(-1 * retCode)
+ return errRc(retCode)
}
return nil
@@ -316,14 +330,17 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b
retCode = C.seccomp_rule_add_array(f.filterCtx, action.toNative(), C.int(call), length, cond)
}
- if syscall.Errno(-1*retCode) == syscall.EFAULT {
- return fmt.Errorf("unrecognized syscall %#x", int32(call))
- } else if syscall.Errno(-1*retCode) == syscall.EPERM {
- return fmt.Errorf("requested action matches default action of filter")
- } else if syscall.Errno(-1*retCode) == syscall.EINVAL {
- return fmt.Errorf("two checks on same syscall argument")
- } else if retCode != 0 {
- return syscall.Errno(-1 * retCode)
+ if retCode != 0 {
+ switch e := errRc(retCode); e {
+ case syscall.EFAULT:
+ return fmt.Errorf("unrecognized syscall %#x", int32(call))
+ case syscall.EPERM:
+ return fmt.Errorf("requested action matches default action of filter")
+ case syscall.EINVAL:
+ return fmt.Errorf("two checks on same syscall argument")
+ default:
+ return e
+ }
}
return nil
@@ -517,6 +534,10 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) {
switch a & 0xFFFF0000 {
case C.C_ACT_KILL:
return ActKill, nil
+ case C.C_ACT_KILL_PROCESS:
+ return ActKillProcess, nil
+ case C.C_ACT_KILL_THREAD:
+ return ActKillThread, nil
case C.C_ACT_TRAP:
return ActTrap, nil
case C.C_ACT_ERRNO:
@@ -537,6 +558,10 @@ func (a ScmpAction) toNative() C.uint32_t {
switch a & 0xFFFF {
case ActKill:
return C.C_ACT_KILL
+ case ActKillProcess:
+ return C.C_ACT_KILL_PROCESS
+ case ActKillThread:
+ return C.C_ACT_KILL_THREAD
case ActTrap:
return C.C_ACT_TRAP
case ActErrno:
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 17:58:06 +0000