diff options
| author | Andrei Vagin <avagin@google.com> | 2020-02-03 16:15:16 -0800 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-02-03 16:16:18 -0800 |
| commit | f37e913a358820ea98013772dd2880cc8a3c9218 (patch) | |
| tree | 2183d87c138de6d200c38cfc0ad6702828e11e3f /pkg/seccomp/seccomp_rules.go | |
| parent | 6cd7901d7d5f9639e95fff3d8927ba8856a83f91 (diff) | |
seccomp: allow to filter syscalls by instruction pointer
PiperOrigin-RevId: 293029446
Diffstat (limited to 'pkg/seccomp/seccomp_rules.go')
| -rw-r--r-- | pkg/seccomp/seccomp_rules.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/pkg/seccomp/seccomp_rules.go b/pkg/seccomp/seccomp_rules.go index 84c841d7f..06308cd29 100644 --- a/pkg/seccomp/seccomp_rules.go +++ b/pkg/seccomp/seccomp_rules.go @@ -62,7 +62,11 @@ func (a AllowValue) String() (s string) { // rule := Rule { // AllowValue(linux.ARCH_GET_FS | linux.ARCH_SET_FS), // arg0 // } -type Rule [6]interface{} +type Rule [7]interface{} // 6 arguments + RIP + +// RuleIP indicates what rules in the Rule array have to be applied to +// instruction pointer. +const RuleIP = 6 func (r Rule) String() (s string) { if len(r) == 0 { |