Golang seccomp_init2示例

编程语言: Golang

命名空间/包名称: C

方法/功能: seccomp_init2

hotexamples.com的示例: 2

Golang seccomp_init2 - 已找到2个示例。这些是从开源项目中提取的最受好评的C.seccomp_init2现实Golang示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： seccomp.go 项目： CorbinH/go-seccomp

func NewSeccomp() *seccomp {
	sc := &seccomp{}
	sc.ctx = C.seccomp_init2()
	if sc.ctx == nil {
		panic("CTX is nil")
	}
	return sc
}

示例#2

显示文件

文件： sandbox.go 项目： CorbinH/MaltaWeb

func Sandbox() {
	//fmt.Printf("Attempting to sandbox...\n")
	ctx := C.seccomp_init2()
	if ctx == nil {
		log.Fatalln("Failed to initialize seccomp!")
	}
	// DO SECCOMP STUFFS
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_read)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_write)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_close)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_gettimeofday)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_futex)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_exit_group)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_socket)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_epoll_ctl)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_mmap)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_mprotect)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_munmap)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_accept)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_fcntl)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_getsockname)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_setsockopt)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_rt_sigprocmask)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_clone)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_exit)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_bind)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_pipe)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_listen)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_restart_syscall)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_epoll_create1)

	// Likely unneeded:
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_sigaltstack)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_set_robust_list)
	C.seccomp_filter_call(ctx, C.SCMP_ACT_ALLOW, C.__NR_epoll_wait)

	moo := C.seccomp_load(ctx)
	moo = moo

	rc := C.seccomp_reset(ctx, C.SCMP_ACT_KILL)
	if rc < 0 {
		log.Fatalln("Failed to reset seccomp!")
	}
	log.Printf("Started Seccomp Sandbox.")
}