示例#1
0
func parseSeccompSyscall(s string) (rspec.Syscall, error) {
	syscall := strings.Split(s, ":")
	if len(syscall) != 3 {
		return rspec.Syscall{}, fmt.Errorf("seccomp sysctl must consist of 3 parameters")
	}
	name := syscall[0]
	if err := checkSeccompSyscallAction(syscall[1]); err != nil {
		return rspec.Syscall{}, err
	}
	action := rspec.Action(syscall[1])

	var Args []rspec.Arg
	if strings.EqualFold(syscall[2], "") {
		Args = nil
	} else {
		argsslice := strings.Split(syscall[2], ",")
		for _, argsstru := range argsslice {
			args := strings.Split(argsstru, "/")
			if len(args) == 4 {
				index, err := strconv.Atoi(args[0])
				value, err := strconv.Atoi(args[1])
				value2, err := strconv.Atoi(args[2])
				if err != nil {
					return rspec.Syscall{}, err
				}
				if err := checkSeccompSyscallArg(args[3]); err != nil {
					return rspec.Syscall{}, err
				}
				op := rspec.Operator(args[3])
				Arg := rspec.Arg{
					Index:    uint(index),
					Value:    uint64(value),
					ValueTwo: uint64(value2),
					Op:       op,
				}
				Args = append(Args, Arg)
			} else {
				return rspec.Syscall{}, fmt.Errorf("seccomp-sysctl args error: %s", argsstru)
			}
		}
	}

	return rspec.Syscall{
		Name:   name,
		Action: action,
		Args:   Args,
	}, nil
}
示例#2
0
// FIXME: this function is not used.
func parseArgs(args2parse string) ([]*rspec.Arg, error) {
	var Args []*rspec.Arg
	argstrslice := strings.Split(args2parse, ",")
	for _, argstr := range argstrslice {
		args := strings.Split(argstr, "/")
		if len(args) == 4 {
			index, err := strconv.Atoi(args[0])
			value, err := strconv.Atoi(args[1])
			value2, err := strconv.Atoi(args[2])
			if err != nil {
				return nil, err
			}
			switch args[3] {
			case "":
			case "SCMP_CMP_NE":
			case "SCMP_CMP_LT":
			case "SCMP_CMP_LE":
			case "SCMP_CMP_EQ":
			case "SCMP_CMP_GE":
			case "SCMP_CMP_GT":
			case "SCMP_CMP_MASKED_EQ":
			default:
				return nil, fmt.Errorf("seccomp-sysctl args must be empty or one of SCMP_CMP_NE|SCMP_CMP_LT|SCMP_CMP_LE|SCMP_CMP_EQ|SCMP_CMP_GE|SCMP_CMP_GT|SCMP_CMP_MASKED_EQ")
			}
			op := rspec.Operator(args[3])
			Arg := rspec.Arg{
				Index:    uint(index),
				Value:    uint64(value),
				ValueTwo: uint64(value2),
				Op:       op,
			}
			Args = append(Args, &Arg)
		} else {
			return nil, fmt.Errorf("seccomp-sysctl args error: %s", argstr)
		}
	}
	return Args, nil
}