6c9628cdb1
* Rename 'vendor/src' -> 'vendor' * Ignore vendor/ instead of vendor/src/ for lint * Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able * Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able * Update Makefile to build and install from GOPATH * Update tests to locate ocid/ocic in GOPATH/bin * Search for binaries in GOPATH/bin instead of PATH * Install tools using `go get -u`, so they are updated on each run Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
68 lines
1.7 KiB
Go
68 lines
1.7 KiB
Go
package seccomp
|
|
|
|
import (
|
|
"fmt"
|
|
"reflect"
|
|
"strings"
|
|
|
|
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
|
)
|
|
|
|
// RemoveAction takes the argument string that was passed with the --remove flag,
|
|
// parses it, and updates the Seccomp config accordingly
|
|
func RemoveAction(arguments string, config *rspec.Seccomp) error {
|
|
if config == nil {
|
|
return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
|
|
}
|
|
|
|
var syscallsToRemove []string
|
|
if strings.Contains(arguments, ",") {
|
|
syscallsToRemove = strings.Split(arguments, ",")
|
|
} else {
|
|
syscallsToRemove = append(syscallsToRemove, arguments)
|
|
}
|
|
|
|
for _, syscall := range syscallsToRemove {
|
|
for counter, syscallStruct := range config.Syscalls {
|
|
if syscallStruct.Name == syscall {
|
|
config.Syscalls = append(config.Syscalls[:counter], config.Syscalls[counter+1:]...)
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// RemoveAllSeccompRules removes all seccomp syscall rules
|
|
func RemoveAllSeccompRules(config *rspec.Seccomp) error {
|
|
if config == nil {
|
|
return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
|
|
}
|
|
newSyscallSlice := []rspec.Syscall{}
|
|
config.Syscalls = newSyscallSlice
|
|
return nil
|
|
}
|
|
|
|
// RemoveAllMatchingRules will remove any syscall rules that match the specified action
|
|
func RemoveAllMatchingRules(config *rspec.Seccomp, action string) error {
|
|
if config == nil {
|
|
return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
|
|
}
|
|
|
|
seccompAction, err := parseAction(action)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
syscallsToRemove := []string{}
|
|
for _, syscall := range config.Syscalls {
|
|
if reflect.DeepEqual(syscall.Action, seccompAction) {
|
|
syscallsToRemove = append(syscallsToRemove, syscall.Name)
|
|
}
|
|
}
|
|
|
|
for i := range syscallsToRemove {
|
|
RemoveAction(syscallsToRemove[i], config)
|
|
}
|
|
|
|
return nil
|
|
}
|