You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: config-linux.md
+63-35Lines changed: 63 additions & 35 deletions
Original file line number
Diff line number
Diff line change
@@ -498,41 +498,69 @@ For more information about Seccomp, see [Seccomp][seccomp] kernel documentation.
498
498
The actions, architectures, and operators are strings that match the definitions in seccomp.h from [libseccomp][] and are translated to corresponding values.
499
499
A valid list of constants as of libseccomp v2.3.2 is shown below.
500
500
501
-
Architecture Constants
502
-
*`SCMP_ARCH_X86`
503
-
*`SCMP_ARCH_X86_64`
504
-
*`SCMP_ARCH_X32`
505
-
*`SCMP_ARCH_ARM`
506
-
*`SCMP_ARCH_AARCH64`
507
-
*`SCMP_ARCH_MIPS`
508
-
*`SCMP_ARCH_MIPS64`
509
-
*`SCMP_ARCH_MIPS64N32`
510
-
*`SCMP_ARCH_MIPSEL`
511
-
*`SCMP_ARCH_MIPSEL64`
512
-
*`SCMP_ARCH_MIPSEL64N32`
513
-
*`SCMP_ARCH_PPC`
514
-
*`SCMP_ARCH_PPC64`
515
-
*`SCMP_ARCH_PPC64LE`
516
-
*`SCMP_ARCH_S390`
517
-
*`SCMP_ARCH_S390X`
518
-
*`SCMP_ARCH_PARISC`
519
-
*`SCMP_ARCH_PARISC64`
520
-
521
-
Action Constants:
522
-
*`SCMP_ACT_KILL`
523
-
*`SCMP_ACT_TRAP`
524
-
*`SCMP_ACT_ERRNO`
525
-
*`SCMP_ACT_TRACE`
526
-
*`SCMP_ACT_ALLOW`
527
-
528
-
Operator Constants:
529
-
*`SCMP_CMP_NE`
530
-
*`SCMP_CMP_LT`
531
-
*`SCMP_CMP_LE`
532
-
*`SCMP_CMP_EQ`
533
-
*`SCMP_CMP_GE`
534
-
*`SCMP_CMP_GT`
535
-
*`SCMP_CMP_MASKED_EQ`
501
+
**`seccomp`** (object, OPTIONAL)
502
+
503
+
The following parameters can be specified to setup seccomp:
504
+
505
+
***`defaultAction`***(string, REQUIRED)* - the default action for seccomp. Allowed values are the same as `syscalls[].action`.
506
+
507
+
***`architectures`***(array of strings, OPTIONAL)* - the architecture used for system calls.
508
+
Implementations MUST support at least the following values:
509
+
510
+
*`SCMP_ARCH_X86`
511
+
*`SCMP_ARCH_X86_64`
512
+
*`SCMP_ARCH_X32`
513
+
*`SCMP_ARCH_ARM`
514
+
*`SCMP_ARCH_AARCH64`
515
+
*`SCMP_ARCH_MIPS`
516
+
*`SCMP_ARCH_MIPS64`
517
+
*`SCMP_ARCH_MIPS64N32`
518
+
*`SCMP_ARCH_MIPSEL`
519
+
*`SCMP_ARCH_MIPSEL64`
520
+
*`SCMP_ARCH_MIPSEL64N32`
521
+
*`SCMP_ARCH_PPC`
522
+
*`SCMP_ARCH_PPC64`
523
+
*`SCMP_ARCH_PPC64LE`
524
+
*`SCMP_ARCH_S390`
525
+
*`SCMP_ARCH_S390X`
526
+
*`SCMP_ARCH_PARISC`
527
+
*`SCMP_ARCH_PARISC64`
528
+
529
+
***`syscalls`***(array of objects, REQUIRED)* - match a syscall in seccomp.
530
+
531
+
Each entry has the following structure:
532
+
533
+
***`names`***(array of strings, REQUIRED)* - the name of the syscall.
534
+
535
+
***`action`***(string, REQUIRED)* - the action for seccomp rules.
536
+
Implementations MUST support at least the following values:
537
+
538
+
*`SCMP_ACT_KILL`
539
+
*`SCMP_ACT_TRAP`
540
+
*`SCMP_ACT_ERRNO`
541
+
*`SCMP_ACT_TRACE`
542
+
*`SCMP_ACT_ALLOW`
543
+
544
+
***`args`***(array of objects, OPTIONAL)* - the specific syscall in seccomp.
545
+
546
+
Each entry has the following structure:
547
+
548
+
***`index`***(uint, REQUIRED)* - the index for syscall arguments in seccomp.
549
+
550
+
***`value`***(uint64, REQUIRED)* - the value for syscall arguments in seccomp.
551
+
552
+
***`valueTow`***(uint, REQUIRED)* - the value for syscall arguments in seccomp.
553
+
554
+
***`op`***(string, REQUIRED)* - the operator for syscall arguments in seccomp.
555
+
Implementations MUST support at least the following values:
0 commit comments