libseccomp-golang
libseccomp-golang copied to clipboard
seccomp
The libseccomp golang bindings repository
Currently, this library has a number of quirks and workarounds to work with older libseccomp. Some of these were removed by https://github.com/seccomp/libseccomp-golang/commit/449387b6d401d2ca8e231ae21e10ff5ef75ac86d. Requiring libseccomp >= 2.5.0 should simplify some code....
Go runtime requires some syscalls for normal operation (like `mmap` for memory allocation). It seems like it's better to provide a list from the library rather than make developers guess....
The libseccomp golang bindings have lagged the main libseccomp release for some time now. Before the next release of the bindings we need to go through and ensure that all...
This issue is simply a placeholder/tracking issue to cover a review of the entire libseccomp-golang API prior to the v1.0 release.
Rather than using some magic number 28 (which corresponds to ENOSPC), let's use syscall.ENOSPC and convert it to int16 when needed. Fixes: 9006a281d6713ba604f36f9b5caeac23a16bbd55 Reported-by: @rata ---- _This is to address...
`GetSyscallFromName` in seccomp.go may returns negative syscall nr without error. It is not reasonable since syscall can not be negative. Test case: ``` [[Code]] callNum, err := libseccomp.GetSyscallFromName(call.Name) if err...
Add a few more missing architectures: - LOONG64 - M68K - SH and SHEB
When no more information is generated in ScmpFd, the NotifReceive function will block and will not return a value. At this time, the process corresponding to ScmpFd has exited, so...
ubuntu1~20.04 go version go1.20.6 linux/amd64 gcc version 9.4.0 ``` package lib import ( "bytes" "encoding/binary" "log" "os" "syscall" "unsafe" sg "github.com/seccomp/libseccomp-golang" ) func Seccomp(allowed_syscalls []int, allowed_not_kill_syscalls []int) error { log.Println("Starting...
