Documentation ¶
Overview ¶
Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Rules ¶
func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules)
Rules returns the seccomp (rules, denyRules) to use for the Sentry.
Types ¶
Click to show internal directories.
Click to hide internal directories.