security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

container/comp: rename from bits
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 2m19s
Details
Test / Hakurei (push) Successful in 3m9s
Details
Test / Hpkg (push) Successful in 3m53s
Details
Test / Sandbox (race detector) (push) Successful in 4m2s
Details
Test / Hakurei (race detector) (push) Successful in 4m43s
Details
Test / Flake checks (push) Successful in 1m23s
Details

Browse Source 
This package will also hold syscall lookup tables for seccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-10-21 20:54:03 +09:00
parent b1a4d801be
commit e94acc424c
25 changed files with 219 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
container/seccomp/hash_amd64_test.go
View File

@@ -1,7 +1,7 @@
package seccomp_test
import (
. "hakurei.app/container/bits"
. "hakurei.app/container/comp"
. "hakurei.app/container/seccomp"
)

2
container/seccomp/hash_arm64_test.go
View File

@@ -1,7 +1,7 @@
package seccomp_test
import (
. "hakurei.app/container/bits"
. "hakurei.app/container/comp"
. "hakurei.app/container/seccomp"
)

4
container/seccomp/hash_test.go
View File

@@ -4,14 +4,14 @@ import (
"crypto/sha512"
"encoding/hex"
"hakurei.app/container/bits"
"hakurei.app/container/comp"
"hakurei.app/container/seccomp"
)
type (
bpfPreset = struct {
seccomp.ExportFlag
bits.FilterPreset
comp.FilterPreset
}
bpfLookup map[bpfPreset][sha512.Size]byte
)

2
container/seccomp/libseccomp_test.go
View File

@@ -6,7 +6,7 @@ import (
"syscall"
"testing"
. "hakurei.app/container/bits"
. "hakurei.app/container/comp"
. "hakurei.app/container/seccomp"
)

26
container/seccomp/presets.go
View File

@@ -5,32 +5,32 @@ package seccomp
import (
. "syscall"
"hakurei.app/container/bits"
"hakurei.app/container/comp"
)
func Preset(presets bits.FilterPreset, flags ExportFlag) (rules []NativeRule) {
func Preset(presets comp.FilterPreset, flags ExportFlag) (rules []NativeRule) {
allowedPersonality := PersonaLinux
if presets&bits.PresetLinux32 != 0 {
if presets&comp.PresetLinux32 != 0 {
allowedPersonality = PersonaLinux32
}
presetDevelFinal := presetDevel(ScmpDatum(allowedPersonality))
l := len(presetCommon)
if presets&bits.PresetDenyNS != 0 {
if presets&comp.PresetDenyNS != 0 {
l += len(presetNamespace)
}
if presets&bits.PresetDenyTTY != 0 {
if presets&comp.PresetDenyTTY != 0 {
l += len(presetTTY)
}
if presets&bits.PresetDenyDevel != 0 {
if presets&comp.PresetDenyDevel != 0 {
l += len(presetDevelFinal)
}
if flags&AllowMultiarch == 0 {
l += len(presetEmu)
}
if presets&bits.PresetExt != 0 {
if presets&comp.PresetExt != 0 {
l += len(presetCommonExt)
if presets&bits.PresetDenyNS != 0 {
if presets&comp.PresetDenyNS != 0 {
l += len(presetNamespaceExt)
}
if flags&AllowMultiarch == 0 {
@@ -40,21 +40,21 @@ func Preset(presets bits.FilterPreset, flags ExportFlag) (rules []NativeRule) {
rules = make([]NativeRule, 0, l)
rules = append(rules, presetCommon...)
if presets&bits.PresetDenyNS != 0 {
if presets&comp.PresetDenyNS != 0 {
rules = append(rules, presetNamespace...)
}
if presets&bits.PresetDenyTTY != 0 {
if presets&comp.PresetDenyTTY != 0 {
rules = append(rules, presetTTY...)
}
if presets&bits.PresetDenyDevel != 0 {
if presets&comp.PresetDenyDevel != 0 {
rules = append(rules, presetDevelFinal...)
}
if flags&AllowMultiarch == 0 {
rules = append(rules, presetEmu...)
}
if presets&bits.PresetExt != 0 {
if presets&comp.PresetExt != 0 {
rules = append(rules, presetCommonExt...)
if presets&bits.PresetDenyNS != 0 {
if presets&comp.PresetDenyNS != 0 {
rules = append(rules, presetNamespaceExt...)
}
if flags&AllowMultiarch == 0 {