func parseSeccompSyscall(s string) (rspec.Syscall, error) {
syscall := strings.Split(s, ":")
if len(syscall) != 3 {
return rspec.Syscall{}, fmt.Errorf("seccomp sysctl must consist of 3 parameters")
}
name := syscall[0]
if err := checkSeccompSyscallAction(syscall[1]); err != nil {
return rspec.Syscall{}, err
}
action := rspec.Action(syscall[1])
var Args []rspec.Arg
if strings.EqualFold(syscall[2], "") {
Args = nil
} else {
argsslice := strings.Split(syscall[2], ",")
for _, argsstru := range argsslice {
args := strings.Split(argsstru, "/")
if len(args) == 4 {
index, err := strconv.Atoi(args[0])
value, err := strconv.Atoi(args[1])
value2, err := strconv.Atoi(args[2])
if err != nil {
return rspec.Syscall{}, err
}
if err := checkSeccompSyscallArg(args[3]); err != nil {
return rspec.Syscall{}, err
}
op := rspec.Operator(args[3])
Arg := rspec.Arg{
Index: uint(index),
Value: uint64(value),
ValueTwo: uint64(value2),
Op: op,
}
Args = append(Args, Arg)
} else {
return rspec.Syscall{}, fmt.Errorf("seccomp-sysctl args error: %s", argsstru)
}
}
}
return rspec.Syscall{
Name: name,
Action: action,
Args: Args,
}, nil
}
// FIXME: this function is not used.
func parseArgs(args2parse string) ([]*rspec.Arg, error) {
var Args []*rspec.Arg
argstrslice := strings.Split(args2parse, ",")
for _, argstr := range argstrslice {
args := strings.Split(argstr, "/")
if len(args) == 4 {
index, err := strconv.Atoi(args[0])
value, err := strconv.Atoi(args[1])
value2, err := strconv.Atoi(args[2])
if err != nil {
return nil, err
}
switch args[3] {
case "":
case "SCMP_CMP_NE":
case "SCMP_CMP_LT":
case "SCMP_CMP_LE":
case "SCMP_CMP_EQ":
case "SCMP_CMP_GE":
case "SCMP_CMP_GT":
case "SCMP_CMP_MASKED_EQ":
default:
return nil, fmt.Errorf("seccomp-sysctl args must be empty or one of SCMP_CMP_NE|SCMP_CMP_LT|SCMP_CMP_LE|SCMP_CMP_EQ|SCMP_CMP_GE|SCMP_CMP_GT|SCMP_CMP_MASKED_EQ")
}
op := rspec.Operator(args[3])
Arg := rspec.Arg{
Index: uint(index),
Value: uint64(value),
ValueTwo: uint64(value2),
Op: op,
}
Args = append(Args, &Arg)
} else {
return nil, fmt.Errorf("seccomp-sysctl args error: %s", argstr)
}
}
return Args, nil
}