Ophestra
26b7afc890
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m51s
Test / Sandbox (race detector) (push) Successful in 3m3s
Test / Planterette (push) Successful in 3m37s
Test / Hakurei (race detector) (push) Successful in 4m17s
Test / Hakurei (push) Successful in 2m12s
Test / Flake checks (push) Successful in 1m12s
Export makes a lot more sense, and also matches the libseccomp function. Signed-off-by: Ophestra <cat@gensokyo.uk>
61 lines
1.1 KiB
Go
61 lines
1.1 KiB
Go
// Package seccomp provides high level wrappers around libseccomp.
|
|
package seccomp
|
|
|
|
import (
|
|
"os"
|
|
"runtime"
|
|
"sync"
|
|
)
|
|
|
|
type exporter struct {
|
|
rules []NativeRule
|
|
flags ExportFlag
|
|
r, w *os.File
|
|
|
|
prepareOnce sync.Once
|
|
prepareErr error
|
|
closeOnce sync.Once
|
|
closeErr error
|
|
exportErr <-chan error
|
|
}
|
|
|
|
func (e *exporter) prepare() error {
|
|
e.prepareOnce.Do(func() {
|
|
if r, w, err := os.Pipe(); err != nil {
|
|
e.prepareErr = err
|
|
return
|
|
} else {
|
|
e.r, e.w = r, w
|
|
}
|
|
|
|
ec := make(chan error, 1)
|
|
go func(fd uintptr) {
|
|
ec <- Export(int(fd), e.rules, e.flags)
|
|
close(ec)
|
|
_ = e.closeWrite()
|
|
runtime.KeepAlive(e.w)
|
|
}(e.w.Fd())
|
|
e.exportErr = ec
|
|
runtime.SetFinalizer(e, (*exporter).closeWrite)
|
|
})
|
|
return e.prepareErr
|
|
}
|
|
|
|
func (e *exporter) closeWrite() error {
|
|
e.closeOnce.Do(func() {
|
|
if e.w == nil {
|
|
panic("closeWrite called on invalid exporter")
|
|
}
|
|
e.closeErr = e.w.Close()
|
|
|
|
// no need for a finalizer anymore
|
|
runtime.SetFinalizer(e, nil)
|
|
})
|
|
|
|
return e.closeErr
|
|
}
|
|
|
|
func newExporter(rules []NativeRule, flags ExportFlag) *exporter {
|
|
return &exporter{rules: rules, flags: flags}
|
|
}
|