Module seccomp

seccomp-bpf support on recent Linux kernels.

This works in tandem with namespace in order to implement sandbox profiles. It is generally the weaker of the two approaches, because BPF is limited, but it’s useful for reducing kernel attack surface area and implementing coarse-grained policies.

Structs

• Filter
• sock_filter 🔒
• sock_fprog 🔒

Constants

• ABS 🔒
• ALLOW_SYSCALL 🔒
• ARCH_NR 🔒
  The architecture number for x86-64.
• ARCH_NR_OFFSET 🔒
• ARG_0_OFFSET 🔒
• ARG_1_OFFSET 🔒
• ARG_2_OFFSET 🔒
• AUDIT_ARCH_AARCH64 🔒
  The architecture number for ARM 64-bit.
• AUDIT_ARCH_ARM 🔒
  The architecture number for ARM.
• AUDIT_ARCH_PPC 🔒
  The architecture number for ppc.
• AUDIT_ARCH_PPC64 🔒
  The architecture number for ppc64.
• AUDIT_ARCH_PPC64LE 🔒
  The architecture number for ppc64le.
• AUDIT_ARCH_X86 🔒
  The architecture number for x86.
• AUDIT_ARCH_X86_64 🔒
  The architecture number for x86-64.
• EM_386 🔒
• EM_AARCH64 🔒
• EM_ARM 🔒
• EM_PPC 🔒
• EM_PPC64 🔒
• EM_X86_64 🔒
• EXAMINE_ARG_0 🔒
• EXAMINE_ARG_1 🔒
• EXAMINE_ARG_2 🔒
• EXAMINE_SYSCALL 🔒
• JEQ 🔒
• JMP 🔒
• JSET 🔒
• K 🔒
• KILL_PROCESS 🔒
• LD 🔒
• NETLINK_ROUTE 🔒
• PR_SET_NO_NEW_PRIVS 🔒
• PR_SET_SECCOMP 🔒
• RET 🔒
• SECCOMP_MODE_FILTER 🔒
• SECCOMP_RET_ALLOW 🔒
• SECCOMP_RET_KILL 🔒
• SYSCALL_NR_OFFSET 🔒
• VALIDATE_ARCHITECTURE_0 🔒
• VALIDATE_ARCHITECTURE_1 🔒
• VALIDATE_ARCHITECTURE_2 🔒
• W 🔒
• __AUDIT_ARCH_64BIT 🔒
  A flag set in the architecture number for all 64-bit architectures.
• __AUDIT_ARCH_LE 🔒
  A flag set in the architecture number for all little-endian architectures.

Statics

• ALLOWED_SYSCALLS
  Syscalls that are always allowed.
• ALLOWED_SYSCALLS_FOR_FILE_READ 🔒
• ALLOWED_SYSCALLS_FOR_NETWORK_OUTBOUND 🔒
• FILTER_EPILOGUE 🔒
• FILTER_PROLOGUE 🔒