From b2b69d9f626155fd4ba874f481d3ca1f7ae71c92 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Wed, 5 Nov 2025 05:04:56 +0900 Subject: [PATCH] container/seccomp: define C struct type This enables the test to refer to this type and check its size. Signed-off-by: Ophestra --- container/seccomp/libseccomp.go | 9 +++++++-- container/seccomp/syscall_test.go | 9 +++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/container/seccomp/libseccomp.go b/container/seccomp/libseccomp.go index c408b7b..75a69f0 100644 --- a/container/seccomp/libseccomp.go +++ b/container/seccomp/libseccomp.go @@ -70,7 +70,12 @@ type NativeRule struct { Arg *ScmpArgCmp } -type ExportFlag = C.hakurei_export_flag +type ( + // ExportFlag configures filter behaviour that are not implemented as rules. + ExportFlag = C.hakurei_export_flag + // syscallRule is the C equivalent of [NativeRule]. + syscallRule = C.struct_hakurei_syscall_rule +) const ( // AllowMultiarch allows multiarch/emulation. @@ -152,7 +157,7 @@ func makeFilter(rules []NativeRule, flags ExportFlag, p *[]byte) error { res, err := C.hakurei_scmp_make_filter( &ret, C.uintptr_t(allocateP), arch, multiarch, - (*C.struct_hakurei_syscall_rule)(unsafe.Pointer(&rules[0])), + (*syscallRule)(unsafe.Pointer(&rules[0])), C.size_t(len(rules)), flags, ) diff --git a/container/seccomp/syscall_test.go b/container/seccomp/syscall_test.go index 57a7326..10aca56 100644 --- a/container/seccomp/syscall_test.go +++ b/container/seccomp/syscall_test.go @@ -2,6 +2,7 @@ package seccomp import ( "testing" + "unsafe" "hakurei.app/container/std" ) @@ -20,3 +21,11 @@ func TestSyscallResolveName(t *testing.T) { }) } } + +func TestRuleSize(t *testing.T) { + got := unsafe.Sizeof(NativeRule{}) + want := unsafe.Sizeof(syscallRule{}) + if got != want { + t.Fatalf("NativeRule: %d, want %d", got, want) + } +}