From bc4a30ab2033a9aca92f10b48d3aff62281d2d44 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Mon, 14 Nov 2016 14:53:13 +0800 Subject: [PATCH] update based on latest spec Signed-off-by: Ma Shimiao --- cmd/runtimetest/main.go | 8 +- generate/generate.go | 40 +- generate/seccomp/parse_action.go | 16 +- generate/seccomp/parse_architecture.go | 2 +- generate/seccomp/parse_arguments.go | 12 +- generate/seccomp/parse_remove.go | 8 +- generate/seccomp/seccomp_default.go | 730 ++++++++++++------------- generate/seccomp/syscall_compare.go | 26 +- generate/spec.go | 10 +- validate/validate.go | 8 +- 10 files changed, 430 insertions(+), 430 deletions(-) diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go index 1b0233e90..1ba7aa0f7 100644 --- a/cmd/runtimetest/main.go +++ b/cmd/runtimetest/main.go @@ -418,8 +418,8 @@ func validateOOMScoreAdj(spec *rspec.Spec) error { return nil } -func getIDMappings(path string) ([]rspec.IDMapping, error) { - var idMaps []rspec.IDMapping +func getIDMappings(path string) ([]rspec.LinuxIDMapping, error) { + var idMaps []rspec.LinuxIDMapping f, err := os.Open(path) if err != nil { return nil, err @@ -446,7 +446,7 @@ func getIDMappings(path string) ([]rspec.IDMapping, error) { if err != nil { return nil, err } - idMaps = append(idMaps, rspec.IDMapping{HostID: uint32(hostID), ContainerID: uint32(containerID), Size: uint32(mapSize)}) + idMaps = append(idMaps, rspec.LinuxIDMapping{HostID: uint32(hostID), ContainerID: uint32(containerID), Size: uint32(mapSize)}) } else { return nil, fmt.Errorf("invalid format in %v", path) } @@ -455,7 +455,7 @@ func getIDMappings(path string) ([]rspec.IDMapping, error) { return idMaps, nil } -func validateIDMappings(mappings []rspec.IDMapping, path string, property string) error { +func validateIDMappings(mappings []rspec.LinuxIDMapping, path string, property string) error { idMaps, err := getIDMappings(path) if err != nil { return fmt.Errorf("can not get items: %v", err) diff --git a/generate/generate.go b/generate/generate.go index 20bc601bb..baee73137 100644 --- a/generate/generate.go +++ b/generate/generate.go @@ -69,7 +69,7 @@ func New() Generator { "CAP_KILL", "CAP_AUDIT_WRITE", }, - Rlimits: []rspec.Rlimit{ + Rlimits: []rspec.LinuxRlimit{ { Type: "RLIMIT_NOFILE", Hard: uint64(1024), @@ -117,15 +117,15 @@ func New() Generator { }, }, Linux: &rspec.Linux{ - Resources: &rspec.Resources{ - Devices: []rspec.DeviceCgroup{ + Resources: &rspec.LinuxResources{ + Devices: []rspec.LinuxDeviceCgroup{ { Allow: false, Access: strPtr("rwm"), }, }, }, - Namespaces: []rspec.Namespace{ + Namespaces: []rspec.LinuxNamespace{ { Type: "pid", }, @@ -142,7 +142,7 @@ func New() Generator { Type: "mount", }, }, - Devices: []rspec.Device{}, + Devices: []rspec.LinuxDevice{}, }, } spec.Linux.Seccomp = seccomp.DefaultProfile(&spec) @@ -467,7 +467,7 @@ func (g *Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64) { // SetLinuxResourcesPidsLimit sets g.spec.Linux.Resources.Pids.Limit. func (g *Generator) SetLinuxResourcesPidsLimit(limit int64) { g.initSpecLinuxResourcesPids() - g.spec.Linux.Resources.Pids.Limit = &limit + g.spec.Linux.Resources.Pids.Limit = limit } // ClearLinuxSysctl clears g.spec.Linux.Sysctl. @@ -497,12 +497,12 @@ func (g *Generator) ClearLinuxUIDMappings() { if g.spec == nil || g.spec.Linux == nil { return } - g.spec.Linux.UIDMappings = []rspec.IDMapping{} + g.spec.Linux.UIDMappings = []rspec.LinuxIDMapping{} } // AddLinuxUIDMapping adds uidMap into g.spec.Linux.UIDMappings. func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32) { - idMapping := rspec.IDMapping{ + idMapping := rspec.LinuxIDMapping{ HostID: hid, ContainerID: cid, Size: size, @@ -517,12 +517,12 @@ func (g *Generator) ClearLinuxGIDMappings() { if g.spec == nil || g.spec.Linux == nil { return } - g.spec.Linux.GIDMappings = []rspec.IDMapping{} + g.spec.Linux.GIDMappings = []rspec.LinuxIDMapping{} } // AddLinuxGIDMapping adds gidMap into g.spec.Linux.GIDMappings. func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32) { - idMapping := rspec.IDMapping{ + idMapping := rspec.LinuxIDMapping{ HostID: hid, ContainerID: cid, Size: size, @@ -756,24 +756,24 @@ func (g *Generator) DropProcessCapability(c string) error { return nil } -func mapStrToNamespace(ns string, path string) (rspec.Namespace, error) { +func mapStrToNamespace(ns string, path string) (rspec.LinuxNamespace, error) { switch ns { case "network": - return rspec.Namespace{Type: rspec.NetworkNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.NetworkNamespace, Path: path}, nil case "pid": - return rspec.Namespace{Type: rspec.PIDNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.PIDNamespace, Path: path}, nil case "mount": - return rspec.Namespace{Type: rspec.MountNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.MountNamespace, Path: path}, nil case "ipc": - return rspec.Namespace{Type: rspec.IPCNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.IPCNamespace, Path: path}, nil case "uts": - return rspec.Namespace{Type: rspec.UTSNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.UTSNamespace, Path: path}, nil case "user": - return rspec.Namespace{Type: rspec.UserNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.UserNamespace, Path: path}, nil case "cgroup": - return rspec.Namespace{Type: rspec.CgroupNamespace, Path: path}, nil + return rspec.LinuxNamespace{Type: rspec.CgroupNamespace, Path: path}, nil default: - return rspec.Namespace{}, fmt.Errorf("Should not reach here!") + return rspec.LinuxNamespace{}, fmt.Errorf("Should not reach here!") } } @@ -782,7 +782,7 @@ func (g *Generator) ClearLinuxNamespaces() { if g.spec == nil || g.spec.Linux == nil { return } - g.spec.Linux.Namespaces = []rspec.Namespace{} + g.spec.Linux.Namespaces = []rspec.LinuxNamespace{} } // AddOrReplaceLinuxNamespace adds or replaces a namespace inside diff --git a/generate/seccomp/parse_action.go b/generate/seccomp/parse_action.go index 13cace24f..35179c4c8 100644 --- a/generate/seccomp/parse_action.go +++ b/generate/seccomp/parse_action.go @@ -20,7 +20,7 @@ type SyscallOpts struct { // ParseSyscallFlag takes a SyscallOpts struct and the seccomp configuration // and sets the new syscall rule accordingly -func ParseSyscallFlag(args SyscallOpts, config *rspec.Seccomp) error { +func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error { var arguments []string if args.Index != "" && args.Value != "" && args.ValueTwo != "" && args.Operator != "" { arguments = []string{args.Action, args.Syscall, args.Index, args.Value, @@ -34,7 +34,7 @@ func ParseSyscallFlag(args SyscallOpts, config *rspec.Seccomp) error { return fmt.Errorf("default action already set as %s", action) } - var newSyscall rspec.Syscall + var newSyscall rspec.LinuxSyscall numOfArgs := len(arguments) if numOfArgs == 6 || numOfArgs == 2 { argStruct, err := parseArguments(arguments[1:]) @@ -67,7 +67,7 @@ func ParseSyscallFlag(args SyscallOpts, config *rspec.Seccomp) error { return nil } -var actions = map[string]rspec.Action{ +var actions = map[string]rspec.LinuxSeccompAction{ "allow": rspec.ActAllow, "errno": rspec.ActErrno, "kill": rspec.ActKill, @@ -76,7 +76,7 @@ var actions = map[string]rspec.Action{ } // Take passed action, return the SCMP_ACT_ version of it -func parseAction(action string) (rspec.Action, error) { +func parseAction(action string) (rspec.LinuxSeccompAction, error) { a, ok := actions[action] if !ok { return "", fmt.Errorf("unrecognized action: %s", action) @@ -86,7 +86,7 @@ func parseAction(action string) (rspec.Action, error) { // ParseDefaultAction sets the default action of the seccomp configuration // and then removes any rules that were already specified with this action -func ParseDefaultAction(action string, config *rspec.Seccomp) error { +func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error { if action == "" { return nil } @@ -104,7 +104,7 @@ func ParseDefaultAction(action string, config *rspec.Seccomp) error { } // ParseDefaultActionForce simply sets the default action of the seccomp configuration -func ParseDefaultActionForce(action string, config *rspec.Seccomp) error { +func ParseDefaultActionForce(action string, config *rspec.LinuxSeccomp) error { if action == "" { return nil } @@ -117,8 +117,8 @@ func ParseDefaultActionForce(action string, config *rspec.Seccomp) error { return nil } -func newSyscallStruct(name string, action rspec.Action, args []rspec.Arg) rspec.Syscall { - syscallStruct := rspec.Syscall{ +func newSyscallStruct(name string, action rspec.LinuxSeccompAction, args []rspec.LinuxSeccompArg) rspec.LinuxSyscall { + syscallStruct := rspec.LinuxSyscall{ Name: name, Action: action, Args: args, diff --git a/generate/seccomp/parse_architecture.go b/generate/seccomp/parse_architecture.go index 9d45fabc6..fc482445e 100644 --- a/generate/seccomp/parse_architecture.go +++ b/generate/seccomp/parse_architecture.go @@ -8,7 +8,7 @@ import ( // ParseArchitectureFlag takes the raw string passed with the --arch flag, parses it // and updates the Seccomp config accordingly -func ParseArchitectureFlag(architectureArg string, config *rspec.Seccomp) error { +func ParseArchitectureFlag(architectureArg string, config *rspec.LinuxSeccomp) error { correctedArch, err := parseArch(architectureArg) if err != nil { return err diff --git a/generate/seccomp/parse_arguments.go b/generate/seccomp/parse_arguments.go index 72f0b13d8..2b4c394e6 100644 --- a/generate/seccomp/parse_arguments.go +++ b/generate/seccomp/parse_arguments.go @@ -9,8 +9,8 @@ import ( // parseArguments takes a list of arguments (delimArgs). It parses and fills out // the argument information and returns a slice of arg structs -func parseArguments(delimArgs []string) ([]rspec.Arg, error) { - nilArgSlice := []rspec.Arg{} +func parseArguments(delimArgs []string) ([]rspec.LinuxSeccompArg, error) { + nilArgSlice := []rspec.LinuxSeccompArg{} numberOfArgs := len(delimArgs) // No parameters passed with syscall @@ -40,14 +40,14 @@ func parseArguments(delimArgs []string) ([]rspec.Arg, error) { return nilArgSlice, err } - argStruct := rspec.Arg{ + argStruct := rspec.LinuxSeccompArg{ Index: uint(syscallIndex), Value: syscallValue, ValueTwo: syscallValueTwo, Op: syscallOp, } - argSlice := []rspec.Arg{} + argSlice := []rspec.LinuxSeccompArg{} argSlice = append(argSlice, argStruct) return argSlice, nil } @@ -55,8 +55,8 @@ func parseArguments(delimArgs []string) ([]rspec.Arg, error) { return nilArgSlice, fmt.Errorf("incorrect number of arguments passed with syscall: %d", numberOfArgs) } -func parseOperator(operator string) (rspec.Operator, error) { - operators := map[string]rspec.Operator{ +func parseOperator(operator string) (rspec.LinuxSeccompOperator, error) { + operators := map[string]rspec.LinuxSeccompOperator{ "NE": rspec.OpNotEqual, "LT": rspec.OpLessThan, "LE": rspec.OpLessEqual, diff --git a/generate/seccomp/parse_remove.go b/generate/seccomp/parse_remove.go index ce68e66d0..1d39cdee2 100644 --- a/generate/seccomp/parse_remove.go +++ b/generate/seccomp/parse_remove.go @@ -10,7 +10,7 @@ import ( // RemoveAction takes the argument string that was passed with the --remove flag, // parses it, and updates the Seccomp config accordingly -func RemoveAction(arguments string, config *rspec.Seccomp) error { +func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error { if config == nil { return fmt.Errorf("Cannot remove action from nil Seccomp pointer") } @@ -33,17 +33,17 @@ func RemoveAction(arguments string, config *rspec.Seccomp) error { } // RemoveAllSeccompRules removes all seccomp syscall rules -func RemoveAllSeccompRules(config *rspec.Seccomp) error { +func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error { if config == nil { return fmt.Errorf("Cannot remove action from nil Seccomp pointer") } - newSyscallSlice := []rspec.Syscall{} + newSyscallSlice := []rspec.LinuxSyscall{} config.Syscalls = newSyscallSlice return nil } // RemoveAllMatchingRules will remove any syscall rules that match the specified action -func RemoveAllMatchingRules(config *rspec.Seccomp, action string) error { +func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, action string) error { if config == nil { return fmt.Errorf("Cannot remove action from nil Seccomp pointer") } diff --git a/generate/seccomp/seccomp_default.go b/generate/seccomp/seccomp_default.go index 2e1d46870..d79323714 100644 --- a/generate/seccomp/seccomp_default.go +++ b/generate/seccomp/seccomp_default.go @@ -32,829 +32,829 @@ func arches() []rspec.Arch { } // DefaultProfile defines the whitelist for the default seccomp profile. -func DefaultProfile(rs *specs.Spec) *rspec.Seccomp { +func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp { - syscalls := []rspec.Syscall{ + syscalls := []rspec.LinuxSyscall{ { Name: "accept", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "accept4", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "access", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "alarm", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "bind", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "brk", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "capget", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "capset", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "chdir", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "chmod", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "chown", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "chown32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "clock_getres", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "clock_gettime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "clock_nanosleep", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "close", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "connect", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "copy_file_range", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "creat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "dup", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "dup2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "dup3", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_create", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_create1", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_ctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_ctl_old", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_pwait", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_wait", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "epoll_wait_old", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "eventfd", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "eventfd2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "execve", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "execveat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "exit", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "exit_group", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "faccessat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fadvise64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fadvise64_64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fallocate", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fanotify_mark", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fchdir", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fchmod", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fchmodat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fchown", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fchown32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fchownat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fcntl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fcntl64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fdatasync", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fgetxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "flistxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "flock", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fork", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fremovexattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fsetxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fstat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fstat64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fstatat64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fstatfs", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fstatfs64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fsync", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ftruncate", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ftruncate64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "futex", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "futimesat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getcpu", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getcwd", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getdents", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getdents64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getegid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getegid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "geteuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "geteuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getgid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getgroups", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getgroups32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getitimer", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getpeername", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getpgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getpgrp", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getpid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getppid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getpriority", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getrandom", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getresgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getresgid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getresuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getresuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getrlimit", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "get_robust_list", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getrusage", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getsid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getsockname", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getsockopt", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "get_thread_area", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "gettid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "gettimeofday", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "getxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "inotify_add_watch", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "inotify_init", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "inotify_init1", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "inotify_rm_watch", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "io_cancel", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ioctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "io_destroy", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "io_getevents", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ioprio_get", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ioprio_set", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "io_setup", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "io_submit", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ipc", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "kill", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lchown", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lchown32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lgetxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "link", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "linkat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "listen", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "listxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "llistxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "_llseek", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lremovexattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lseek", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lsetxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lstat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lstat64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "madvise", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "memfd_create", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mincore", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mkdir", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mkdirat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mknod", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mknodat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mlock", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mlock2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mlockall", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mmap", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mmap2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mprotect", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mq_getsetattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mq_notify", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mq_open", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mq_timedreceive", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mq_timedsend", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mq_unlink", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mremap", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "msgctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "msgget", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "msgrcv", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "msgsnd", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "msync", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "munlock", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "munlockall", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "munmap", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "nanosleep", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "newfstatat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "_newselect", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "open", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "openat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "pause", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "personality", Action: rspec.ActAllow, - Args: []rspec.Arg{ + Args: []rspec.LinuxSeccompArg{ { Index: 0, Value: 0x0, @@ -865,7 +865,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.Seccomp { { Name: "personality", Action: rspec.ActAllow, - Args: []rspec.Arg{ + Args: []rspec.LinuxSeccompArg{ { Index: 0, Value: 0x0008, @@ -876,7 +876,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.Seccomp { { Name: "personality", Action: rspec.ActAllow, - Args: []rspec.Arg{ + Args: []rspec.LinuxSeccompArg{ { Index: 0, Value: 0xffffffff, @@ -887,707 +887,707 @@ func DefaultProfile(rs *specs.Spec) *rspec.Seccomp { { Name: "pipe", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "pipe2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "poll", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ppoll", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "prctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "pread64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "preadv", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "prlimit64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "pselect6", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "pwrite64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "pwritev", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "read", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "readahead", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "readlink", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "readlinkat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "readv", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "recv", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "recvfrom", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "recvmmsg", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "recvmsg", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "remap_file_pages", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "removexattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rename", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "renameat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "renameat2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "restart_syscall", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rmdir", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigaction", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigpending", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigprocmask", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigqueueinfo", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigreturn", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigsuspend", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_sigtimedwait", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "rt_tgsigqueueinfo", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_getaffinity", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_getattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_getparam", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_get_priority_max", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_get_priority_min", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_getscheduler", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_rr_get_interval", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_setaffinity", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_setattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_setparam", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_setscheduler", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sched_yield", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "seccomp", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "select", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "semctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "semget", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "semop", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "semtimedop", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "send", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sendfile", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sendfile64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sendmmsg", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sendmsg", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sendto", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setfsgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setfsgid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setfsuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setfsuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setgid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setgroups", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setgroups32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setitimer", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setpgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setpriority", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setregid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setregid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setresgid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setresgid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setresuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setresuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setreuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setreuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setrlimit", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "set_robust_list", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setsid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setsockopt", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "set_thread_area", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "set_tid_address", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setuid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setuid32", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setxattr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "shmat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "shmctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "shmdt", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "shmget", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "shutdown", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sigaltstack", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "signalfd", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "signalfd4", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sigreturn", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "socket", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "socketcall", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "socketpair", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "splice", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "stat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "stat64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "statfs", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "statfs64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "symlink", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "symlinkat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sync", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sync_file_range", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "syncfs", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sysinfo", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "syslog", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "tee", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "tgkill", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "time", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timer_create", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timer_delete", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timerfd_create", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timerfd_gettime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timerfd_settime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timer_getoverrun", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timer_gettime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "timer_settime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "times", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "tkill", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "truncate", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "truncate64", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ugetrlimit", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "umask", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "uname", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "unlink", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "unlinkat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "utime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "utimensat", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "utimes", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "vfork", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "vmsplice", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "wait4", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "waitid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "waitpid", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "write", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "writev", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, } var sysCloneFlagsIndex uint @@ -1598,200 +1598,200 @@ func DefaultProfile(rs *specs.Spec) *rspec.Seccomp { for _, cap = range rs.Process.Capabilities { switch cap { case "CAP_DAC_READ_SEARCH": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "open_by_handle_at", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_ADMIN": capSysAdmin = true - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "bpf", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "clone", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "fanotify_init", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "lookup_dcookie", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "mount", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "name_to_handle_at", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "perf_event_open", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setdomainname", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "sethostname", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "setns", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "umount", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "umount2", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "unshare", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_BOOT": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "reboot", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_CHROOT": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "chroot", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_MODULE": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "delete_module", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "init_module", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "finit_module", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "query_module", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_PACCT": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "acct", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_PTRACE": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "kcmp", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "process_vm_readv", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "process_vm_writev", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ptrace", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_RAWIO": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "iopl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "ioperm", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_TIME": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "settimeofday", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "stime", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "adjtimex", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "CAP_SYS_TTY_CONFIG": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "vhangup", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) } } if !capSysAdmin { - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "clone", Action: rspec.ActAllow, - Args: []rspec.Arg{ + Args: []rspec.LinuxSeccompArg{ { Index: sysCloneFlagsIndex, Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET, @@ -1807,62 +1807,62 @@ func DefaultProfile(rs *specs.Spec) *rspec.Seccomp { arch := runtime.GOARCH switch arch { case "arm", "arm64": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "breakpoint", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "cacheflush", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "set_tls", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "amd64", "x32": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "arch_prctl", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) fallthrough case "x86": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "modify_ldt", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) case "s390", "s390x": - syscalls = append(syscalls, []rspec.Syscall{ + syscalls = append(syscalls, []rspec.LinuxSyscall{ { Name: "s390_pci_mmio_read", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "s390_pci_mmio_write", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, { Name: "s390_runtime_instr", Action: rspec.ActAllow, - Args: []rspec.Arg{}, + Args: []rspec.LinuxSeccompArg{}, }, }...) /* Flags parameter of the clone syscall is the 2nd on s390 */ } - return &rspec.Seccomp{ + return &rspec.LinuxSeccomp{ DefaultAction: rspec.ActErrno, Architectures: arches(), Syscalls: syscalls, diff --git a/generate/seccomp/syscall_compare.go b/generate/seccomp/syscall_compare.go index 01dc2e30c..99658cf25 100644 --- a/generate/seccomp/syscall_compare.go +++ b/generate/seccomp/syscall_compare.go @@ -11,7 +11,7 @@ import ( // Determine if a new syscall rule should be appended, overwrite an existing rule // or if no action should be taken at all -func decideCourseOfAction(newSyscall *rspec.Syscall, syscalls []rspec.Syscall) (string, error) { +func decideCourseOfAction(newSyscall *rspec.LinuxSyscall, syscalls []rspec.LinuxSyscall) (string, error) { ruleForSyscallAlreadyExists := false var sliceOfDeterminedActions []string @@ -83,16 +83,16 @@ func decideCourseOfAction(newSyscall *rspec.Syscall, syscalls []rspec.Syscall) ( return "", fmt.Errorf("Trouble determining action: %s", sliceOfDeterminedActions) } -func hasArguments(config *rspec.Syscall) bool { - nilSyscall := new(rspec.Syscall) +func hasArguments(config *rspec.LinuxSyscall) bool { + nilSyscall := new(rspec.LinuxSyscall) return !sameArgs(nilSyscall, config) } -func identical(config1, config2 *rspec.Syscall) bool { +func identical(config1, config2 *rspec.LinuxSyscall) bool { return reflect.DeepEqual(config1, config2) } -func identicalExceptAction(config1, config2 *rspec.Syscall) bool { +func identicalExceptAction(config1, config2 *rspec.LinuxSyscall) bool { samename := sameName(config1, config2) sameAction := sameAction(config1, config2) sameArgs := sameArgs(config1, config2) @@ -100,7 +100,7 @@ func identicalExceptAction(config1, config2 *rspec.Syscall) bool { return samename && !sameAction && sameArgs } -func identicalExceptArgs(config1, config2 *rspec.Syscall) bool { +func identicalExceptArgs(config1, config2 *rspec.LinuxSyscall) bool { samename := sameName(config1, config2) sameAction := sameAction(config1, config2) sameArgs := sameArgs(config1, config2) @@ -108,33 +108,33 @@ func identicalExceptArgs(config1, config2 *rspec.Syscall) bool { return samename && sameAction && !sameArgs } -func sameName(config1, config2 *rspec.Syscall) bool { +func sameName(config1, config2 *rspec.LinuxSyscall) bool { return config1.Name == config2.Name } -func sameAction(config1, config2 *rspec.Syscall) bool { +func sameAction(config1, config2 *rspec.LinuxSyscall) bool { return config1.Action == config2.Action } -func sameArgs(config1, config2 *rspec.Syscall) bool { +func sameArgs(config1, config2 *rspec.LinuxSyscall) bool { return reflect.DeepEqual(config1.Args, config2.Args) } -func bothHaveArgs(config1, config2 *rspec.Syscall) bool { +func bothHaveArgs(config1, config2 *rspec.LinuxSyscall) bool { return hasArguments(config1) && hasArguments(config2) } -func onlyOneHasArgs(config1, config2 *rspec.Syscall) bool { +func onlyOneHasArgs(config1, config2 *rspec.LinuxSyscall) bool { conf1 := hasArguments(config1) conf2 := hasArguments(config2) return (conf1 && !conf2) || (!conf1 && conf2) } -func neitherHasArgs(config1, config2 *rspec.Syscall) bool { +func neitherHasArgs(config1, config2 *rspec.LinuxSyscall) bool { return !hasArguments(config1) && !hasArguments(config2) } -func firstParamOnlyHasArgs(config1, config2 *rspec.Syscall) bool { +func firstParamOnlyHasArgs(config1, config2 *rspec.LinuxSyscall) bool { return !hasArguments(config1) && hasArguments(config2) } diff --git a/generate/spec.go b/generate/spec.go index 5711699c5..402577540 100644 --- a/generate/spec.go +++ b/generate/spec.go @@ -34,34 +34,34 @@ func (g *Generator) initSpecLinuxSysctl() { func (g *Generator) initSpecLinuxSeccomp() { g.initSpecLinux() if g.spec.Linux.Seccomp == nil { - g.spec.Linux.Seccomp = &rspec.Seccomp{} + g.spec.Linux.Seccomp = &rspec.LinuxSeccomp{} } } func (g *Generator) initSpecLinuxResources() { g.initSpecLinux() if g.spec.Linux.Resources == nil { - g.spec.Linux.Resources = &rspec.Resources{} + g.spec.Linux.Resources = &rspec.LinuxResources{} } } func (g *Generator) initSpecLinuxResourcesCPU() { g.initSpecLinuxResources() if g.spec.Linux.Resources.CPU == nil { - g.spec.Linux.Resources.CPU = &rspec.CPU{} + g.spec.Linux.Resources.CPU = &rspec.LinuxCPU{} } } func (g *Generator) initSpecLinuxResourcesMemory() { g.initSpecLinuxResources() if g.spec.Linux.Resources.Memory == nil { - g.spec.Linux.Resources.Memory = &rspec.Memory{} + g.spec.Linux.Resources.Memory = &rspec.LinuxMemory{} } } func (g *Generator) initSpecLinuxResourcesPids() { g.initSpecLinuxResources() if g.spec.Linux.Resources.Pids == nil { - g.spec.Linux.Resources.Pids = &rspec.Pids{} + g.spec.Linux.Resources.Pids = &rspec.LinuxPids{} } } diff --git a/validate/validate.go b/validate/validate.go index bce44d974..45047af54 100644 --- a/validate/validate.go +++ b/validate/validate.go @@ -487,7 +487,7 @@ func rlimitValid(rlimit string) bool { return false } -func namespaceValid(ns rspec.Namespace) bool { +func namespaceValid(ns rspec.LinuxNamespace) bool { switch ns.Type { case rspec.PIDNamespace: case rspec.NetworkNamespace: @@ -502,7 +502,7 @@ func namespaceValid(ns rspec.Namespace) bool { return true } -func deviceValid(d rspec.Device) bool { +func deviceValid(d rspec.LinuxDevice) bool { switch d.Type { case "b": case "c": @@ -523,7 +523,7 @@ func deviceValid(d rspec.Device) bool { return true } -func seccompActionValid(secc rspec.Action) bool { +func seccompActionValid(secc rspec.LinuxSeccompAction) bool { switch secc { case "": case rspec.ActKill: @@ -537,7 +537,7 @@ func seccompActionValid(secc rspec.Action) bool { return true } -func syscallValid(s rspec.Syscall) bool { +func syscallValid(s rspec.LinuxSyscall) bool { if !seccompActionValid(s.Action) { return false }