container/seccomp: define C struct type

This enables the test to refer to this type and check its size. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-11-05 05:04:56 +09:00 · 2025-11-05 05:04:56 +09:00 · b2b69d9f62
commit b2b69d9f62
parent becaf8b6d7
2 changed files with 16 additions and 2 deletions
--- a/container/seccomp/libseccomp.go
+++ b/container/seccomp/libseccomp.go
@ -70,7 +70,12 @@ type NativeRule struct {
 	Arg *ScmpArgCmp
 }

-type ExportFlag = C.hakurei_export_flag
+type (
+	// ExportFlag configures filter behaviour that are not implemented as rules.
+	ExportFlag = C.hakurei_export_flag
+	// syscallRule is the C equivalent of [NativeRule].
+	syscallRule = C.struct_hakurei_syscall_rule
+)

 const (
 	// AllowMultiarch allows multiarch/emulation.
@ -152,7 +157,7 @@ func makeFilter(rules []NativeRule, flags ExportFlag, p *[]byte) error {
 	res, err := C.hakurei_scmp_make_filter(
 		&ret, C.uintptr_t(allocateP),
 		arch, multiarch,
-		(*C.struct_hakurei_syscall_rule)(unsafe.Pointer(&rules[0])),
+		(*syscallRule)(unsafe.Pointer(&rules[0])),
 		C.size_t(len(rules)),
 		flags,
 	)
--- a/container/seccomp/syscall_test.go
+++ b/container/seccomp/syscall_test.go
@ -2,6 +2,7 @@ package seccomp

 import (
 	"testing"
+	"unsafe"

 	"hakurei.app/container/std"
 )
@ -20,3 +21,11 @@ func TestSyscallResolveName(t *testing.T) {
 		})
 	}
 }
+
+func TestRuleSize(t *testing.T) {
+	got := unsafe.Sizeof(NativeRule{})
+	want := unsafe.Sizeof(syscallRule{})
+	if got != want {
+		t.Fatalf("NativeRule: %d, want %d", got, want)
+	}
+}