ext: isolate from container/std

These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>

container/seccomp/libseccomp.go

@@ -16,6 +16,7 @@ import (
 	"unsafe"
 
 	"hakurei.app/container/std"
+	"hakurei.app/ext"
 )
 
 // ErrInvalidRules is returned for a zero-length rules slice.
@@ -219,9 +220,9 @@ const (
 
 // syscallResolveName resolves a syscall number by name via seccomp_syscall_resolve_name.
 // This function is only for testing the lookup tables and included here for convenience.
-func syscallResolveName(s string) (num std.ScmpSyscall, ok bool) {
+func syscallResolveName(s string) (num ext.SyscallNum, ok bool) {
 	v := C.CString(s)
-	num = std.ScmpSyscall(C.seccomp_syscall_resolve_name(v))
+	num = ext.SyscallNum(C.seccomp_syscall_resolve_name(v))
 	C.free(unsafe.Pointer(v))
 	ok = num != C.__NR_SCMP_ERROR
 	return

container/seccomp/presets.go

@@ -6,6 +6,7 @@ import (
 	. "syscall"
 
 	. "hakurei.app/container/std"
+	. "hakurei.app/ext"
 )
 
 func Preset(presets FilterPreset, flags ExportFlag) (rules []NativeRule) {

container/seccomp/std_test.go

@@ -6,12 +6,13 @@ import (
 	"unsafe"
 
 	"hakurei.app/container/std"
+	"hakurei.app/ext"
 )
 
 func TestSyscallResolveName(t *testing.T) {
 	t.Parallel()
 
-	for name, want := range std.Syscalls() {
+	for name, want := range ext.Syscalls() {
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 
@@ -24,8 +25,8 @@ func TestSyscallResolveName(t *testing.T) {
 }
 
 func TestRuleType(t *testing.T) {
-	assertKind[std.Uint, scmpUint](t)
-	assertKind[std.Int, scmpInt](t)
+	assertKind[ext.Uint, scmpUint](t)
+	assertKind[ext.Int, scmpInt](t)
 
 	assertSize[std.NativeRule, syscallRule](t)
 	assertKind[std.ScmpDatum, scmpDatum](t)