Merge pull request #398 from crosbymichael/seccomp-trace

Add seccomp trace support
This commit is contained in:
Alexander Morozov 2015-11-13 10:54:18 -08:00
commit 48fdc50d09
3 changed files with 7 additions and 2 deletions

View File

@ -33,17 +33,18 @@ type Seccomp struct {
type Action int
const (
Kill Action = iota - 4
Kill Action = iota + 1
Errno
Trap
Allow
Trace
)
// A comparison operator to be used when matching syscall arguments in Seccomp
type Operator int
const (
EqualTo Operator = iota
EqualTo Operator = iota + 1
NotEqualTo
GreaterThan
GreaterThanOrEqualTo

View File

@ -21,6 +21,7 @@ var actions = map[string]configs.Action{
"SCMP_ACT_ERRNO": configs.Errno,
"SCMP_ACT_TRAP": configs.Trap,
"SCMP_ACT_ALLOW": configs.Allow,
"SCMP_ACT_TRACE": configs.Trace,
}
var archs = map[string]string{

View File

@ -15,6 +15,7 @@ var (
actAllow = libseccomp.ActAllow
actTrap = libseccomp.ActTrap
actKill = libseccomp.ActKill
actTrace = libseccomp.ActTrace.SetReturnCode(int16(syscall.EPERM))
actErrno = libseccomp.ActErrno.SetReturnCode(int16(syscall.EPERM))
)
@ -83,6 +84,8 @@ func getAction(act configs.Action) (libseccomp.ScmpAction, error) {
return actTrap, nil
case configs.Allow:
return actAllow, nil
case configs.Trace:
return actTrace, nil
default:
return libseccomp.ActInvalid, fmt.Errorf("invalid action, cannot use in rule")
}