Ophestra
1a8840bebc
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m45s
Test / Hakurei (push) Successful in 2m49s
Test / Sandbox (race detector) (push) Successful in 3m1s
Test / Planterette (push) Successful in 3m31s
Test / Hakurei (race detector) (push) Successful in 4m18s
Test / Flake checks (push) Successful in 1m6s
This enables loading syscall filter policies from external cross-platform config files. This also removes a significant amount of C code. Signed-off-by: Ophestra <cat@gensokyo.uk>
61 lines
1.1 KiB
Go
61 lines
1.1 KiB
Go
// Package seccomp provides high level wrappers around libseccomp.
|
|
package seccomp
|
|
|
|
import (
|
|
"os"
|
|
"runtime"
|
|
"sync"
|
|
)
|
|
|
|
type exporter struct {
|
|
presets FilterPreset
|
|
flags PrepareFlag
|
|
r, w *os.File
|
|
|
|
prepareOnce sync.Once
|
|
prepareErr error
|
|
closeOnce sync.Once
|
|
closeErr error
|
|
exportErr <-chan error
|
|
}
|
|
|
|
func (e *exporter) prepare() error {
|
|
e.prepareOnce.Do(func() {
|
|
if r, w, err := os.Pipe(); err != nil {
|
|
e.prepareErr = err
|
|
return
|
|
} else {
|
|
e.r, e.w = r, w
|
|
}
|
|
|
|
ec := make(chan error, 1)
|
|
go func(fd uintptr) {
|
|
ec <- preparePreset(int(fd), e.presets, e.flags)
|
|
close(ec)
|
|
_ = e.closeWrite()
|
|
runtime.KeepAlive(e.w)
|
|
}(e.w.Fd())
|
|
e.exportErr = ec
|
|
runtime.SetFinalizer(e, (*exporter).closeWrite)
|
|
})
|
|
return e.prepareErr
|
|
}
|
|
|
|
func (e *exporter) closeWrite() error {
|
|
e.closeOnce.Do(func() {
|
|
if e.w == nil {
|
|
panic("closeWrite called on invalid exporter")
|
|
}
|
|
e.closeErr = e.w.Close()
|
|
|
|
// no need for a finalizer anymore
|
|
runtime.SetFinalizer(e, nil)
|
|
})
|
|
|
|
return e.closeErr
|
|
}
|
|
|
|
func newExporter(presets FilterPreset, flags PrepareFlag) *exporter {
|
|
return &exporter{presets: presets, flags: flags}
|
|
}
|