Merge pull request #937 from saschagrunert/seccomp-filter-flags

Add support for seccomp filter flags
containers · Feb 23, 2022 · 468d7e6 · 468d7e6
2 parents 194ee74 + ca5e983
commit 468d7e6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/pkg/seccomp/seccomp_linux.go b/pkg/seccomp/seccomp_linux.go
@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 // SPDX-License-Identifier: Apache-2.0
@@ -120,6 +121,10 @@ func setupSeccomp(config *Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error)
  return nil, err
  }
 
+ for _, flag := range config.Flags {
+ newConfig.Flags = append(newConfig.Flags, specs.LinuxSeccompFlag(flag))
+ }
+
  if len(config.ArchMap) != 0 {
  for _, a := range config.ArchMap {
  seccompArch, ok := nativeToSeccomp[arch]

diff --git a/pkg/seccomp/types.go b/pkg/seccomp/types.go
@@ -17,6 +17,7 @@ type Seccomp struct {
  Architectures []Arch `json:"architectures,omitempty"`
  ArchMap []Architecture `json:"archMap,omitempty"`
  Syscalls []*Syscall `json:"syscalls"`
+ Flags []string `json:"flags,omitempty"`
 }
 
 // Architecture is used to represent a specific architecture