Add seccomp configuration params to the Oz profile specification/parser

master
dma 10 years ago
parent 7fca7e3cfc
commit a44a8ae679

@ -5,6 +5,7 @@ import (
"fmt"
"io/ioutil"
"path"
"strings"
"github.com/subgraph/oz/network"
)
@ -42,9 +43,12 @@ type Profile struct {
Environment []EnvVar
// Networking
Networking NetworkProfile
// Seccomp
Seccomp SeccompConf
}
type AudioMode string
const (
PROFILE_AUDIO_NONE AudioMode = "none"
PROFILE_AUDIO_SPEAKER AudioMode = "speaker"
@ -62,6 +66,13 @@ type XServerConf struct {
AudioMode AudioMode `json:"audio_mode"`
}
type SeccompConf struct {
Mode string
Enforce bool
Seccomp_Whitelist string
Seccomp_Blacklist string
}
type WhitelistItem struct {
Path string
ReadOnly bool `json:"read_only"`
@ -157,6 +168,8 @@ func LoadProfiles(dir string) (Profiles, error) {
for _, f := range fs {
if !f.IsDir() {
name := path.Join(dir, f.Name())
if strings.Contains(f.Name(), ".json") {
p, err := loadProfileFile(name)
if err != nil {
return nil, fmt.Errorf("error loading '%s': %v", f.Name(), err)
@ -164,6 +177,7 @@ func LoadProfiles(dir string) (Profiles, error) {
ps = append(ps, p)
}
}
}
loadedProfiles = ps
return ps, nil

Loading…
Cancel
Save