func init() {
m := new(module)
sandbox := sandbox.SandboxProfile{
DefaultPolicy: seccomp.ActTrap,
Filters: []sandbox.FilterOperation{
sandbox.FilterOperation{
FilterOn: []string{
"openat",
"close",
"pread64",
"read",
"futex",
"lstat",
"sched_yield", // GO
"readlinkat",
"write",
"mmap",
"sigaltstack", // GO
"gettid", // GO
"set_robust_list", // GO
"getdents64",
"clone", // GO
// Used for pretty printing the violating syscall (rare)
"exit_group",
"rt_sigreturn",
},
Action: seccomp.ActAllow,
},
},
}
m.SandboxProfile = sandbox
modules.Register("memory", m)
}
func init() {
m := new(module)
sandbox := sandbox.SandboxProfile{
DefaultPolicy: seccomp.ActTrap,
Filters: []sandbox.FilterOperation{
sandbox.FilterOperation{
FilterOn: []string{
"select",
"futex",
"write",
"read",
"epoll_ctl",
"close",
"epoll_wait",
"mmap",
"socket",
"setsockopt",
"connect",
"getsockname",
"getpeername",
"rt_sigprocmask",
"mprotect",
"openat",
"sigaltstack",
"gettid",
"stat",
"set_robust_list",
"sched_yield",
"clone",
"epoll_create1",
// Used for pretty printing the violating syscall (rare)
"exit_group",
"rt_sigreturn",
},
Action: seccomp.ActAllow,
},
},
}
m.SandboxProfile = sandbox
modules.Register("timedrift", m)
}
// init is called by the Go runtime at startup. We use this function to
// register the module in a global array of available modules, so the
// agent knows we exist
func init() {
modules.Register("example", new(module))
}
func init() {
modules.Register("pkg", new(module))
}
func init() {
modules.Register("memory", new(module))
}
func init() {
modules.Register("scribe", new(module))
}
func init() {
modules.Register("agentdestroy", new(module))
}
func init() {
modules.Register("upgrade", new(module))
}
func init() {
modules.Register("netstat", new(module))
}
func init() {
modules.Register("timedrift", new(module))
}