sandbox/seccomp: resolve rules natively

This enables loading syscall filter policies from external cross-platform config files. This also removes a significant amount of C code. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-01 20:23:33 +09:00
parent 1fb453dffe
commit 1a8840bebc
27 changed files with 709 additions and 619 deletions
--- a/sandbox/init.go
+++ b/sandbox/init.go
@@ -237,7 +237,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 		log.Fatalf("cannot capset: %v", err)
 	}

-	if err := seccomp.Load(params.Flags.seccomp(params.Seccomp)); err != nil {
+	if err := seccomp.Load(params.Flags.seccomp(params.SeccompPresets), params.SeccompFlags); err != nil {
 		log.Fatalf("cannot load syscall filter: %v", err)
 	}