Merge pull request #1 from google/master

catch up
author: kevin.xu <cming.xu@gmail.com> 2020-04-27 21:51:31 +0800
committer: GitHub <noreply@github.com> 2020-04-27 21:51:31 +0800
commit: e896ca54db67524afc20b644d43c72185e72dc0e (patch)
tree: 2a16f3a62a5cafd098f1f028c621f1b655589d69 /pkg/seccomp/seccomp_rules.go
parent: 1f19624fa127d7d59cabe29593cc80b7fe6c81f8 (diff)
parent: 3c67754663f424f2ebbc0ff2a4c80e30618d5355 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/pkg/seccomp/seccomp_rules.go b/pkg/seccomp/seccomp_rules.go
index 29eec8db1..06308cd29 100644
--- a/pkg/seccomp/seccomp_rules.go
+++ b/pkg/seccomp/seccomp_rules.go
@@ -49,6 +49,9 @@ func (a AllowAny) String() (s string) {
 // AllowValue specifies a value that needs to be strictly matched.
 type AllowValue uintptr
 
+// GreaterThan specifies a value that needs to be strictly smaller.
+type GreaterThan uintptr
+
 func (a AllowValue) String() (s string) {
 	return fmt.Sprintf("%#x ", uintptr(a))
 }
@@ -59,7 +62,11 @@ func (a AllowValue) String() (s string) {
 // rule := Rule {
 //       AllowValue(linux.ARCH_GET_FS | linux.ARCH_SET_FS), // arg0
 // }
-type Rule [6]interface{}
+type Rule [7]interface{} // 6 arguments + RIP
+
+// RuleIP indicates what rules in the Rule array have to be applied to
+// instruction pointer.
+const RuleIP = 6
 
 func (r Rule) String() (s string) {
 	if len(r) == 0 {
author	kevin.xu <cming.xu@gmail.com>	2020-04-27 21:51:31 +0800
committer	GitHub <noreply@github.com>	2020-04-27 21:51:31 +0800
commit	e896ca54db67524afc20b644d43c72185e72dc0e (patch)
tree	2a16f3a62a5cafd098f1f028c621f1b655589d69 /pkg/seccomp/seccomp_rules.go
parent	1f19624fa127d7d59cabe29593cc80b7fe6c81f8 (diff)
parent	3c67754663f424f2ebbc0ff2a4c80e30618d5355 (diff)