Expand description
seccomp-bpf support on recent Linux kernels.
This works in tandem with namespace in order to implement sandbox profiles. It is generally
the weaker of the two approaches, because BPF is limited, but itβs useful for reducing kernel
attack surface area and implementing coarse-grained policies.
Structs§
- sock_filter π
- sock_fprog π
Constants§
- ABS π
- ALLOW_SYSCALL π
- ARCH_NR πThe architecture number for x86-64.
- ARCH_NR_OFFSET π
- ARG_0_OFFSET π
- ARG_1_OFFSET π
- ARG_2_OFFSET π
- AUDIT_ARCH_AARCH64 πThe architecture number for ARM 64-bit.
- AUDIT_ARCH_ARM πThe architecture number for ARM.
- AUDIT_ARCH_PPC πThe architecture number for ppc.
- AUDIT_ARCH_PPC64 πThe architecture number for ppc64.
- AUDIT_ARCH_PPC64LE πThe architecture number for ppc64le.
- AUDIT_ARCH_X86 πThe architecture number for x86.
- AUDIT_ARCH_X86_64 πThe architecture number for x86-64.
- EM_386 π
- EM_AARCH64 π
- EM_ARM π
- EM_PPC π
- EM_PPC64 π
- EM_X86_64 π
- EXAMINE_ARG_0 π
- EXAMINE_ARG_1 π
- EXAMINE_ARG_2 π
- EXAMINE_SYSCALL π
- JEQ π
- JMP π
- JSET π
- K π
- KILL_PROCESS π
- LD π
- NETLINK_ROUTE π
- PR_SET_NO_NEW_PRIVS π
- PR_SET_SECCOMP π
- RET π
- SECCOMP_MODE_FILTER π
- SECCOMP_RET_ALLOW π
- SECCOMP_RET_KILL π
- SYSCALL_NR_OFFSET π
- W π
- __AUDIT_ARCH_64BIT πA flag set in the architecture number for all 64-bit architectures.
- __AUDIT_ARCH_LE πA flag set in the architecture number for all little-endian architectures.
Statics§
- Syscalls that are always allowed.
- FILTER_EPILOGUE π
- FILTER_PROLOGUE π