aboutgitcodelistschat:MatrixIRC
path: root/common
diff options
context:
space:
mode:
authorAlice Frosi <afrosi@redhat.com>2023-07-18 11:15:53 +0200
committerAlice Frosi <afrosi@redhat.com>2023-08-24 15:33:17 +0200
commit240eb94b44f9dc613a85911d4190df129372e9cc (patch)
tree2535780888d293b71aa5aadc70f2047f2a7f787b /common
parent3f2585770384586977483ec4c4b38fe4c3e5fc45 (diff)
downloadseitan-240eb94b44f9dc613a85911d4190df129372e9cc.tar
seitan-240eb94b44f9dc613a85911d4190df129372e9cc.tar.gz
seitan-240eb94b44f9dc613a85911d4190df129372e9cc.tar.bz2
seitan-240eb94b44f9dc613a85911d4190df129372e9cc.tar.lz
seitan-240eb94b44f9dc613a85911d4190df129372e9cc.tar.xz
seitan-240eb94b44f9dc613a85911d4190df129372e9cc.tar.zst
seitan-240eb94b44f9dc613a85911d4190df129372e9cc.zip
cooker: generate OCI seccomp profile
Generate the OCI seccomp profile instead of directly the BPF filter. The seccomp profile will be used consquently by the container runtime as input in order to generate the BPF filter. Example with mknod: $ seitan-cooker -g /tmp/gluten -p /tmp/scmp_prof.json -s seccomp.json -i demo/mknod.hjson $ seitan -s /tmp/seitan.sock -i /tmp/gluten $ podman run --cap-drop ALL --security-opt=seccomp=/tmp/scmp_prof.json \ --annotation run.oci.seccomp.receiver=/tmp/seitan.sock \ -ti fedora \ sh -c 'mknod /dev/lol c 1 7 && ls /dev/lol' /dev/lol Signed-off-by: Alice Frosi <afrosi@redhat.com>
Diffstat (limited to 'common')
-rw-r--r--common/util.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/common/util.h b/common/util.h
index b11edb6..a587665 100644
--- a/common/util.h
+++ b/common/util.h
@@ -8,6 +8,7 @@
#include <string.h>
#include <stdint.h>
+#include <stdlib.h>
#include <errno.h>
#define BIT(n) (1UL << (n))