diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-08-13 17:59:00 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-08-13 17:59:00 -0700 |
commit | 20be1c0e6365925fc11824eed2b163c79341f66e (patch) | |
tree | 2562fe513d3a225d1f0b6719f62729f2d30c29a7 /pkg/seccomp/seccomp_test_victim_amd64.go | |
parent | 5036f135e4370c84dd4afe1c43c14275b170c364 (diff) | |
parent | cdef21c3d5406bd9db5494d2a0c7be700479df2b (diff) |
Merge pull request #3476 from zhlhahaha:1930
PiperOrigin-RevId: 326563255
Diffstat (limited to 'pkg/seccomp/seccomp_test_victim_amd64.go')
-rw-r--r-- | pkg/seccomp/seccomp_test_victim_amd64.go | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/pkg/seccomp/seccomp_test_victim_amd64.go b/pkg/seccomp/seccomp_test_victim_amd64.go new file mode 100644 index 000000000..5dfc68e25 --- /dev/null +++ b/pkg/seccomp/seccomp_test_victim_amd64.go @@ -0,0 +1,32 @@ +// Copyright 2018 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Test binary used to test that seccomp filters are properly constructed and +// indeed kill the process on violation. + +// +build amd64 + +package main + +import ( + "gvisor.dev/gvisor/pkg/seccomp" + "syscall" +) + +func arch_syscalls(syscalls seccomp.SyscallRules) { + syscalls[syscall.SYS_ARCH_PRCTL] = []seccomp.Rule{} + syscalls[syscall.SYS_EPOLL_WAIT] = []seccomp.Rule{} + syscalls[syscall.SYS_NEWFSTATAT] = []seccomp.Rule{} + syscalls[syscall.SYS_OPEN] = []seccomp.Rule{} +} |