diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2021-10-13 22:25:03 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2021-10-14 13:15:46 +0200 |
| commit | 66d5930ec77caed942404ceef4829f2c4ca431bd (patch) | |
| tree | cef75db6ce37ddd50de819f1dc53dcd602b97c36 /util.c | |
| parent | f318174a9387ecd94d83ed0b9356940c60753846 (diff) | |
| download | passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.gz passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.bz2 passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.lz passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.xz passt-66d5930ec77caed942404ceef4829f2c4ca431bd.tar.zst passt-66d5930ec77caed942404ceef4829f2c4ca431bd.zip | |
passt, pasta: Add seccomp support
List of allowed syscalls comes from comments in the form:
#syscalls <list>
for syscalls needed both in passt and pasta mode, and:
#syscalls:pasta <list>
#syscalls:passt <list>
for syscalls specifically needed in pasta or passt mode only.
seccomp.sh builds a list of BPF statements from those comments,
prefixed by a binary search tree to keep lookup fast.
While at it, clean up a bit the Makefile using wildcards.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -332,6 +332,8 @@ void procfs_scan_listen(char *name, uint8_t *map, uint8_t *exclude) * @c: Execution context * * Return: 0 on success, -1 on failure + * + * #syscalls:pasta setns */ int ns_enter(struct ctx *c) { |