Skip to content

Commit

Permalink
seccomp: drop unnecessary const SCMP_ACT_* defines
Browse files Browse the repository at this point in the history
These are just boilerplate and are only really useful for the two
actions which require us to set a default errno/aux value (ActErrno and
ActTrace).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
  • Loading branch information
cyphar committed Sep 9, 2021
1 parent 1e5fe26 commit 4a751b0
Showing 1 changed file with 8 additions and 13 deletions.
21 changes: 8 additions & 13 deletions libcontainer/seccomp/seccomp_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,8 @@ import (
)

var (
actAllow = libseccomp.ActAllow
actTrap = libseccomp.ActTrap
actKill = libseccomp.ActKill
actTrace = libseccomp.ActTrace.SetReturnCode(int16(unix.EPERM))
actLog = libseccomp.ActLog
actErrno = libseccomp.ActErrno.SetReturnCode(int16(unix.EPERM))
actNotify = libseccomp.ActNotify
actTrace = libseccomp.ActTrace.SetReturnCode(int16(unix.EPERM))
actErrno = libseccomp.ActErrno.SetReturnCode(int16(unix.EPERM))
)

const (
Expand Down Expand Up @@ -71,7 +66,7 @@ func InitSeccomp(config *configs.Seccomp) (int, error) {
}

// See comment on why write is not allowed. The same reason applies, as this can mean handling write too.
if defaultAction == actNotify {
if defaultAction == libseccomp.ActNotify {
return -1, errors.New("SCMP_ACT_NOTIFY cannot be used as default action")
}

Expand Down Expand Up @@ -119,25 +114,25 @@ func InitSeccomp(config *configs.Seccomp) (int, error) {
func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error) {
switch act {
case configs.Kill:
return actKill, nil
return libseccomp.ActKill, nil
case configs.Errno:
if errnoRet != nil {
return libseccomp.ActErrno.SetReturnCode(int16(*errnoRet)), nil
}
return actErrno, nil
case configs.Trap:
return actTrap, nil
return libseccomp.ActTrap, nil
case configs.Allow:
return actAllow, nil
return libseccomp.ActAllow, nil
case configs.Trace:
if errnoRet != nil {
return libseccomp.ActTrace.SetReturnCode(int16(*errnoRet)), nil
}
return actTrace, nil
case configs.Log:
return actLog, nil
return libseccomp.ActLog, nil
case configs.Notify:
return actNotify, nil
return libseccomp.ActNotify, nil
default:
return libseccomp.ActInvalid, errors.New("invalid action, cannot use in rule")
}
Expand Down

0 comments on commit 4a751b0

Please sign in to comment.