Ophestra
c1399f5030
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m12s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 3m59s
Test / Sandbox (race detector) (push) Successful in 4m10s
Test / Hakurei (race detector) (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m28s
Seccomp lookup tables are going to be relocated here, and PNR constants. Signed-off-by: Ophestra <cat@gensokyo.uk>
33 lines
982 B
Go
33 lines
982 B
Go
// Package std contains constants from container packages without depending on cgo.
|
|
package std
|
|
|
|
const (
|
|
// BindOptional skips nonexistent host paths.
|
|
BindOptional = 1 << iota
|
|
// BindWritable mounts filesystem read-write.
|
|
BindWritable
|
|
// BindDevice allows access to devices (special files) on this filesystem.
|
|
BindDevice
|
|
// BindEnsure attempts to create the host path if it does not exist.
|
|
BindEnsure
|
|
)
|
|
|
|
// FilterPreset specifies parts of the syscall filter preset to enable.
|
|
type FilterPreset int
|
|
|
|
const (
|
|
// PresetExt are project-specific extensions.
|
|
PresetExt FilterPreset = 1 << iota
|
|
// PresetDenyNS denies namespace setup syscalls.
|
|
PresetDenyNS
|
|
// PresetDenyTTY denies faking input.
|
|
PresetDenyTTY
|
|
// PresetDenyDevel denies development-related syscalls.
|
|
PresetDenyDevel
|
|
// PresetLinux32 sets PER_LINUX32.
|
|
PresetLinux32
|
|
|
|
// PresetStrict is a strict preset useful as a default value.
|
|
PresetStrict = PresetExt | PresetDenyNS | PresetDenyTTY | PresetDenyDevel
|
|
)
|