Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var BanRet = syscall.EACCES
BanRet defines the return value for a syscall ban acction
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler interface {
CheckRead(string) ptracer.TraceAction
CheckWrite(string) ptracer.TraceAction
CheckStat(string) ptracer.TraceAction
CheckSyscall(string) ptracer.TraceAction
}
Handler defines the action when a file access encountered
type Runner ¶
type Runner struct {
// argv and env for the child process
// work path set by setcwd (current working directory for child)
Args []string
Env []string
WorkDir string
// fexecve
ExecFile uintptr
// file disriptors for new process, from 0 to len - 1
Files []uintptr
// Resource limit set by set rlimit
RLimits []rlimit.RLimit
// Res limit enforced by tracer
Limit runner.Limit
// Defines seccomp filter for the ptrace runner
// file access syscalls need to set as ActionTrace
// allowed need to set as ActionAllow
// default action should be ActionTrace / ActionKill
Seccomp seccomp.Filter
// Traced syscall handler
Handler Handler
// ShowDetails / Unsafe debug flag
ShowDetails, Unsafe bool
// Use by cgroup to add proc
SyncFunc func(pid int) error
}
Runner defines the spec to run a program safely by ptracer
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.