Merge pull request #26 from giuseppe/seccomp-errno

spec: allow to specify errnoRet
seccomp · May 20, 2020 · 700e2b7 · 700e2b7
2 parents f145e54 + ad046c1
commit 700e2b7
Show file tree

Hide file tree

Showing 7 changed files with 58 additions and 12 deletions.
diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.13
 require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/hashicorp/go-multierror v1.0.0 // indirect
-	github.com/opencontainers/runtime-spec v1.0.2-0.20191007145322-19e92ca81777
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2
 	github.com/opencontainers/runtime-tools v0.9.0
 	github.com/opencontainers/selinux v1.3.0 // indirect
 	github.com/seccomp/libseccomp-golang v0.9.1

diff --git a/go.sum b/go.sum
@@ -14,6 +14,8 @@ github.com/opencontainers/runtime-spec v1.0.1 h1:wY4pOY8fBdSIvs9+IDHC55thBuEulhz
 github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.2-0.20191007145322-19e92ca81777 h1:7CkKaORyxoXsM8z56r+M0wf3uCpVGVqx4CWq7oJ/4DY=
 github.com/opencontainers/runtime-spec v1.0.2-0.20191007145322-19e92ca81777/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E=
+github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU=
 github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/selinux v1.2.2 h1:Kx9J6eDG5/24A6DtUquGSpJQ+m2MUTahn4FtGEe8bFg=

diff --git a/seccomp_linux.go b/seccomp_linux.go
@@ -146,21 +146,22 @@ Loop:
 		}
 
 		if call.Name != "" {
-			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall([]string{call.Name}, call.Action, call.Args))
+			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall([]string{call.Name}, call.Action, call.Args, call.ErrnoRet))
 		}
 
 		if len(call.Names) > 0 {
-			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Names, call.Action, call.Args))
+			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Names, call.Action, call.Args, call.ErrnoRet))
 		}
 	}
 
 	return newConfig, nil
 }
 
-func createSpecsSyscall(names []string, action Action, args []*Arg) specs.LinuxSyscall {
+func createSpecsSyscall(names []string, action Action, args []*Arg, errnoRet *uint) specs.LinuxSyscall {
 	newCall := specs.LinuxSyscall{
-		Names:  names,
-		Action: specs.LinuxSeccompAction(action),
+		Names:    names,
+		Action:   specs.LinuxSeccompAction(action),
+		ErrnoRet: errnoRet,
 	}
 
 	// Loop through all the arguments of the syscall and convert them

diff --git a/types.go b/types.go
@@ -94,4 +94,5 @@ type Syscall struct {
 	Comment  string   `json:"comment"`
 	Includes Filter   `json:"includes"`
 	Excludes Filter   `json:"excludes"`
+	ErrnoRet *uint    `json:"errnoRet,omitempty"`
 }
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -6,7 +6,7 @@ github.com/hashicorp/errwrap
 github.com/hashicorp/go-multierror
 # github.com/konsorten/go-windows-terminal-sequences v1.0.1
 github.com/konsorten/go-windows-terminal-sequences
-# github.com/opencontainers/runtime-spec v1.0.2-0.20191007145322-19e92ca81777
+# github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/opencontainers/runtime-tools v0.9.0
 github.com/opencontainers/runtime-tools/error