File: seccomp.json.sh

package info (click to toggle)
golang-github-rootless-containers-bypass4netns 0.4.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 596 kB
  • sloc: sh: 1,936; python: 542; makefile: 33
file content (35 lines) | stat: -rwxr-xr-x 760 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
#!/bin/sh
# Usage:
# $ ./seccomp.json.sh >$HOME/seccomp.json
# $ nerdctl run -it --rm --security-opt seccomp=$HOME/seccomp.json alpine

# TODO: support non-x86
# TODO: inherit the default seccomp profile (https://github.com/containerd/containerd/blob/v1.6.0-rc.1/contrib/seccomp/seccomp_default.go#L52)

set -eu
cat <<EOF
{
  "defaultAction": "SCMP_ACT_ALLOW",
  "architectures": [
    "SCMP_ARCH_X86_64",
    "SCMP_ARCH_X86",
    "SCMP_ARCH_X32"
  ],
  "listenerPath": "${XDG_RUNTIME_DIR}/bypass4netns.sock",
  "syscalls": [
    {
      "names": [
        "bind",
        "close",
        "connect",
        "setsockopt",
        "fcntl",
        "_exit",
        "exit_group",
        "getpeername"
      ],
      "action": "SCMP_ACT_NOTIFY"
    }
  ]
}
EOF