diff options
Diffstat (limited to 'runsc')
21 files changed, 34 insertions, 32 deletions
diff --git a/runsc/boot/boot_amd64_state_autogen.go b/runsc/boot/boot_amd64_state_autogen.go index 5613ee8cf..4b7a38bb8 100755 --- a/runsc/boot/boot_amd64_state_autogen.go +++ b/runsc/boot/boot_amd64_state_autogen.go @@ -3,4 +3,3 @@ // +build amd64 package boot - diff --git a/runsc/boot/boot_arm64_state_autogen.go b/runsc/boot/boot_arm64_state_autogen.go index ba1ca06f5..b94cf6df2 100755 --- a/runsc/boot/boot_arm64_state_autogen.go +++ b/runsc/boot/boot_arm64_state_autogen.go @@ -3,4 +3,3 @@ // +build arm64 package boot - diff --git a/runsc/boot/boot_state_autogen.go b/runsc/boot/boot_state_autogen.go index aa3119e6d..23dd4b7b3 100755 --- a/runsc/boot/boot_state_autogen.go +++ b/runsc/boot/boot_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package boot - diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index f8d351c7b..c69f4c602 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -536,16 +536,3 @@ func controlServerFilters(fd int) seccomp.SyscallRules { }, } } - -// profileFilters returns extra syscalls made by runtime/pprof package. -func profileFilters() seccomp.SyscallRules { - return seccomp.SyscallRules{ - syscall.SYS_OPENAT: []seccomp.Rule{ - { - seccomp.AllowAny{}, - seccomp.AllowAny{}, - seccomp.AllowValue(syscall.O_RDONLY | syscall.O_LARGEFILE | syscall.O_CLOEXEC), - }, - }, - } -} diff --git a/runsc/boot/filter/config_profile.go b/runsc/boot/filter/config_profile.go new file mode 100755 index 000000000..194952a7b --- /dev/null +++ b/runsc/boot/filter/config_profile.go @@ -0,0 +1,34 @@ +// Copyright 2020 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package filter + +import ( + "syscall" + + "gvisor.dev/gvisor/pkg/seccomp" +) + +// profileFilters returns extra syscalls made by runtime/pprof package. +func profileFilters() seccomp.SyscallRules { + return seccomp.SyscallRules{ + syscall.SYS_OPENAT: []seccomp.Rule{ + { + seccomp.AllowAny{}, + seccomp.AllowAny{}, + seccomp.AllowValue(syscall.O_RDONLY | syscall.O_LARGEFILE | syscall.O_CLOEXEC), + }, + }, + } +} diff --git a/runsc/boot/filter/filter_amd64_state_autogen.go b/runsc/boot/filter/filter_amd64_state_autogen.go index eb004edcb..0f27e5568 100755 --- a/runsc/boot/filter/filter_amd64_state_autogen.go +++ b/runsc/boot/filter/filter_amd64_state_autogen.go @@ -3,4 +3,3 @@ // +build amd64 package filter - diff --git a/runsc/boot/filter/filter_arm64_state_autogen.go b/runsc/boot/filter/filter_arm64_state_autogen.go index 0fcdced99..e87cf5af7 100755 --- a/runsc/boot/filter/filter_arm64_state_autogen.go +++ b/runsc/boot/filter/filter_arm64_state_autogen.go @@ -3,4 +3,3 @@ // +build arm64 package filter - diff --git a/runsc/boot/filter/filter_state_autogen.go b/runsc/boot/filter/filter_state_autogen.go index b8f83d963..545d526ae 100755 --- a/runsc/boot/filter/filter_state_autogen.go +++ b/runsc/boot/filter/filter_state_autogen.go @@ -5,4 +5,3 @@ // +build race package filter - diff --git a/runsc/boot/platforms/platforms_state_autogen.go b/runsc/boot/platforms/platforms_state_autogen.go index 3e448ad5c..8676d25c1 100755 --- a/runsc/boot/platforms/platforms_state_autogen.go +++ b/runsc/boot/platforms/platforms_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package platforms - diff --git a/runsc/cgroup/cgroup_state_autogen.go b/runsc/cgroup/cgroup_state_autogen.go index 618a9f6e9..934ed169b 100755 --- a/runsc/cgroup/cgroup_state_autogen.go +++ b/runsc/cgroup/cgroup_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package cgroup - diff --git a/runsc/cmd/cmd_state_autogen.go b/runsc/cmd/cmd_state_autogen.go index a13ec32fd..de8aa267b 100755 --- a/runsc/cmd/cmd_state_autogen.go +++ b/runsc/cmd/cmd_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package cmd - diff --git a/runsc/console/console_state_autogen.go b/runsc/console/console_state_autogen.go index 38927f2c2..80521cdb7 100755 --- a/runsc/console/console_state_autogen.go +++ b/runsc/console/console_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package console - diff --git a/runsc/container/container_state_autogen.go b/runsc/container/container_state_autogen.go index 05e3e7466..5bc1c1aff 100755 --- a/runsc/container/container_state_autogen.go +++ b/runsc/container/container_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package container - diff --git a/runsc/fsgofer/filter/filter_amd64_state_autogen.go b/runsc/fsgofer/filter/filter_amd64_state_autogen.go index eb004edcb..0f27e5568 100755 --- a/runsc/fsgofer/filter/filter_amd64_state_autogen.go +++ b/runsc/fsgofer/filter/filter_amd64_state_autogen.go @@ -3,4 +3,3 @@ // +build amd64 package filter - diff --git a/runsc/fsgofer/filter/filter_arm64_state_autogen.go b/runsc/fsgofer/filter/filter_arm64_state_autogen.go index 0fcdced99..e87cf5af7 100755 --- a/runsc/fsgofer/filter/filter_arm64_state_autogen.go +++ b/runsc/fsgofer/filter/filter_arm64_state_autogen.go @@ -3,4 +3,3 @@ // +build arm64 package filter - diff --git a/runsc/fsgofer/filter/filter_state_autogen.go b/runsc/fsgofer/filter/filter_state_autogen.go index b8f83d963..545d526ae 100755 --- a/runsc/fsgofer/filter/filter_state_autogen.go +++ b/runsc/fsgofer/filter/filter_state_autogen.go @@ -5,4 +5,3 @@ // +build race package filter - diff --git a/runsc/fsgofer/fsgofer_amd64_unsafe_state_autogen.go b/runsc/fsgofer/fsgofer_amd64_unsafe_state_autogen.go index dd6a88a93..df6721aaa 100755 --- a/runsc/fsgofer/fsgofer_amd64_unsafe_state_autogen.go +++ b/runsc/fsgofer/fsgofer_amd64_unsafe_state_autogen.go @@ -3,4 +3,3 @@ // +build amd64 package fsgofer - diff --git a/runsc/fsgofer/fsgofer_arm64_unsafe_state_autogen.go b/runsc/fsgofer/fsgofer_arm64_unsafe_state_autogen.go index 7c5947311..d2a18c61c 100755 --- a/runsc/fsgofer/fsgofer_arm64_unsafe_state_autogen.go +++ b/runsc/fsgofer/fsgofer_arm64_unsafe_state_autogen.go @@ -3,4 +3,3 @@ // +build arm64 package fsgofer - diff --git a/runsc/fsgofer/fsgofer_state_autogen.go b/runsc/fsgofer/fsgofer_state_autogen.go index a820ca910..d2f978fb9 100755 --- a/runsc/fsgofer/fsgofer_state_autogen.go +++ b/runsc/fsgofer/fsgofer_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package fsgofer - diff --git a/runsc/sandbox/sandbox_state_autogen.go b/runsc/sandbox/sandbox_state_autogen.go index b2bf5d6f7..79ebc2220 100755 --- a/runsc/sandbox/sandbox_state_autogen.go +++ b/runsc/sandbox/sandbox_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package sandbox - diff --git a/runsc/specutils/specutils_state_autogen.go b/runsc/specutils/specutils_state_autogen.go index d5d04d419..11eefbaa2 100755 --- a/runsc/specutils/specutils_state_autogen.go +++ b/runsc/specutils/specutils_state_autogen.go @@ -1,4 +1,3 @@ // automatically generated by stateify. package specutils - |