Ophestra
e94acc424c
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 2m19s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 3m53s
Test / Sandbox (race detector) (push) Successful in 4m2s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Flake checks (push) Successful in 1m23s
This package will also hold syscall lookup tables for seccomp. Signed-off-by: Ophestra <cat@gensokyo.uk>
33 lines
984 B
Go
33 lines
984 B
Go
// Package comp contains constants from container packages without depending on cgo.
|
|
package comp
|
|
|
|
const (
|
|
// BindOptional skips nonexistent host paths.
|
|
BindOptional = 1 << iota
|
|
// BindWritable mounts filesystem read-write.
|
|
BindWritable
|
|
// BindDevice allows access to devices (special files) on this filesystem.
|
|
BindDevice
|
|
// BindEnsure attempts to create the host path if it does not exist.
|
|
BindEnsure
|
|
)
|
|
|
|
// FilterPreset specifies parts of the syscall filter preset to enable.
|
|
type FilterPreset int
|
|
|
|
const (
|
|
// PresetExt are project-specific extensions.
|
|
PresetExt FilterPreset = 1 << iota
|
|
// PresetDenyNS denies namespace setup syscalls.
|
|
PresetDenyNS
|
|
// PresetDenyTTY denies faking input.
|
|
PresetDenyTTY
|
|
// PresetDenyDevel denies development-related syscalls.
|
|
PresetDenyDevel
|
|
// PresetLinux32 sets PER_LINUX32.
|
|
PresetLinux32
|
|
|
|
// PresetStrict is a strict preset useful as a default value.
|
|
PresetStrict = PresetExt | PresetDenyNS | PresetDenyTTY | PresetDenyDevel
|
|
)
|