Documentation ¶
Index ¶
- func DefaultProfile() *seccomp.Seccomp
- type Config
- func (c *Config) IsDisabled() bool
- func (c *Config) LoadDefaultProfile() error
- func (c *Config) LoadProfile(profilePath string) error
- func (c *Config) Profile() *seccomp.Seccomp
- func (c *Config) SetUseDefaultWhenEmpty(to bool)
- func (c *Config) Setup(ctx context.Context, specGenerator *generate.Generator, ...) error
- func (c *Config) UseDefaultWhenEmpty() bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultProfile ¶ added in v1.24.0
DefaultProfile is used to allow mutations from the DefaultProfile from the seccomp library. Specifically, it is used to filter `unshare` from the default profile, as it is a risky syscall for unprivileged containers to have access to.
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is the global seccomp configuration type
func (*Config) IsDisabled ¶
IsDisabled returns true if seccomp is disabled either via the missing `seccomp` buildtag or globally by the system.
func (*Config) LoadDefaultProfile ¶ added in v1.25.0
LoadDefaultProfile sets the internal default profile.
func (*Config) LoadProfile ¶
LoadProfile can be used to load a seccomp profile from the provided path. This method will not fail if seccomp is disabled.
func (*Config) SetUseDefaultWhenEmpty ¶ added in v1.24.0
SetUseDefaultWhenEmpty uses the default seccomp profile if true is passed as argument, otherwise unconfined.
func (*Config) Setup ¶ added in v1.21.0
func (c *Config) Setup( ctx context.Context, specGenerator *generate.Generator, profileField *types.SecurityProfile, profilePath string, ) error
Setup can be used to setup the seccomp profile.
func (*Config) UseDefaultWhenEmpty ¶ added in v1.19.4
Returns whether the seccomp config is set to use default profile when the profile is empty