sandbox/seccomp: syscall name lookup table

The script is from Go source of same name. The result is checked against libseccomp. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-26 03:48:15 +09:00
parent 863bf69ad3
commit 9a8a047908
5 changed files with 487 additions and 0 deletions
--- a/sandbox/seccomp/seccomp.go
+++ b/sandbox/seccomp/seccomp.go
@@ -13,6 +13,7 @@ import (
 	"fmt"
 	"runtime"
 	"syscall"
+	"unsafe"
 )

 // LibraryError represents a libseccomp error.
@@ -114,3 +115,11 @@ func buildFilter(fd int, opts FilterOpts) error {
 	}
 	return err
 }
+
+// only used for testing
+func syscallResolveName(s string) (trap int) {
+	v := C.CString(s)
+	trap = int(C.seccomp_syscall_resolve_name(v))
+	C.free(unsafe.Pointer(v))
+	return
+}