container/seccomp: alias libseccomp types
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m14s
Test / Hakurei (push) Successful in 3m18s
Test / Hpkg (push) Successful in 4m6s
Test / Sandbox (race detector) (push) Successful in 4m20s
Test / Hakurei (race detector) (push) Successful in 5m2s
Test / Flake checks (push) Successful in 1m29s
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m14s
Test / Hakurei (push) Successful in 3m18s
Test / Hpkg (push) Successful in 4m6s
Test / Sandbox (race detector) (push) Successful in 4m20s
Test / Hakurei (race detector) (push) Successful in 5m2s
Test / Flake checks (push) Successful in 1m29s
This enables tests to refer to these types and check its size. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
becaf8b6d7
commit
b65aba9446
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -55,13 +55,12 @@ func (e *LibraryError) Is(err error) bool {
|
|||||||
|
|
||||||
type (
|
type (
|
||||||
// ScmpSyscall represents a syscall number passed to libseccomp via [NativeRule.Syscall].
|
// ScmpSyscall represents a syscall number passed to libseccomp via [NativeRule.Syscall].
|
||||||
ScmpSyscall = C.int
|
ScmpSyscall C.int
|
||||||
// ScmpErrno represents an errno value passed to libseccomp via [NativeRule.Errno].
|
// ScmpErrno represents an errno value passed to libseccomp via [NativeRule.Errno].
|
||||||
ScmpErrno = C.int
|
ScmpErrno C.int
|
||||||
)
|
|
||||||
|
|
||||||
// A NativeRule specifies an arch-specific action taken by seccomp under certain conditions.
|
// A NativeRule specifies an arch-specific action taken by seccomp under certain conditions.
|
||||||
type NativeRule struct {
|
NativeRule struct {
|
||||||
// Syscall is the arch-dependent syscall number to act against.
|
// Syscall is the arch-dependent syscall number to act against.
|
||||||
Syscall ScmpSyscall
|
Syscall ScmpSyscall
|
||||||
// Errno is the errno value to return when the condition is satisfied.
|
// Errno is the errno value to return when the condition is satisfied.
|
||||||
@ -70,6 +69,11 @@ type NativeRule struct {
|
|||||||
Arg *ScmpArgCmp
|
Arg *ScmpArgCmp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// syscallRule is equivalent to [NativeRule].
|
||||||
|
syscallRule = C.struct_hakurei_syscall_rule
|
||||||
|
)
|
||||||
|
|
||||||
|
// ExportFlag configures filter behaviour that are not implemented as rules.
|
||||||
type ExportFlag = C.hakurei_export_flag
|
type ExportFlag = C.hakurei_export_flag
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -152,7 +156,7 @@ func makeFilter(rules []NativeRule, flags ExportFlag, p *[]byte) error {
|
|||||||
res, err := C.hakurei_scmp_make_filter(
|
res, err := C.hakurei_scmp_make_filter(
|
||||||
&ret, C.uintptr_t(allocateP),
|
&ret, C.uintptr_t(allocateP),
|
||||||
arch, multiarch,
|
arch, multiarch,
|
||||||
(*C.struct_hakurei_syscall_rule)(unsafe.Pointer(&rules[0])),
|
(*syscallRule)(unsafe.Pointer(&rules[0])),
|
||||||
C.size_t(len(rules)),
|
C.size_t(len(rules)),
|
||||||
flags,
|
flags,
|
||||||
)
|
)
|
||||||
@ -203,13 +207,18 @@ const (
|
|||||||
_SCMP_CMP_MAX = C._SCMP_CMP_MAX
|
_SCMP_CMP_MAX = C._SCMP_CMP_MAX
|
||||||
)
|
)
|
||||||
|
|
||||||
// ScmpDatum is the equivalent of scmp_datum_t;
|
type (
|
||||||
// Argument datum
|
// Argument datum.
|
||||||
type ScmpDatum uint64
|
scmpDatum = C.scmp_datum_t
|
||||||
|
|
||||||
// ScmpArgCmp is the equivalent of struct scmp_arg_cmp;
|
// ScmpDatum is equivalent to scmp_datum_t.
|
||||||
// Argument / Value comparison definition
|
ScmpDatum uint64
|
||||||
type ScmpArgCmp struct {
|
|
||||||
|
// Argument / Value comparison definition.
|
||||||
|
scmpArgCmp = C.struct_scmp_arg_cmp
|
||||||
|
|
||||||
|
// ScmpArgCmp is equivalent to struct scmp_arg_cmp.
|
||||||
|
ScmpArgCmp struct {
|
||||||
// argument number, starting at 0
|
// argument number, starting at 0
|
||||||
Arg C.uint
|
Arg C.uint
|
||||||
// the comparison op, e.g. SCMP_CMP_*
|
// the comparison op, e.g. SCMP_CMP_*
|
||||||
@ -217,6 +226,7 @@ type ScmpArgCmp struct {
|
|||||||
|
|
||||||
DatumA, DatumB ScmpDatum
|
DatumA, DatumB ScmpDatum
|
||||||
}
|
}
|
||||||
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// PersonaLinux is passed in a [ScmpDatum] for filtering calls to syscall.SYS_PERSONALITY.
|
// PersonaLinux is passed in a [ScmpDatum] for filtering calls to syscall.SYS_PERSONALITY.
|
||||||
|
|||||||
@ -1,7 +1,9 @@
|
|||||||
package seccomp
|
package seccomp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
"unsafe"
|
||||||
|
|
||||||
"hakurei.app/container/std"
|
"hakurei.app/container/std"
|
||||||
)
|
)
|
||||||
@ -20,3 +22,18 @@ func TestSyscallResolveName(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestRuleSize(t *testing.T) {
|
||||||
|
assertSize[NativeRule, syscallRule](t)
|
||||||
|
assertSize[ScmpDatum, scmpDatum](t)
|
||||||
|
assertSize[ScmpArgCmp, scmpArgCmp](t)
|
||||||
|
}
|
||||||
|
|
||||||
|
// assertSize asserts that native and equivalent are of the same size.
|
||||||
|
func assertSize[native, equivalent any](t *testing.T) {
|
||||||
|
got := unsafe.Sizeof(*new(native))
|
||||||
|
want := unsafe.Sizeof(*new(equivalent))
|
||||||
|
if got != want {
|
||||||
|
t.Fatalf("%s: %d, want %d", reflect.TypeFor[native]().Name(), got, want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user