diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2023-06-14 07:25:52 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-06-14 07:25:52 +0200 |
| commit | 00614c5e6702db8ac3f18a9e193c7a8382f16e6b (patch) | |
| tree | b8275d1060e994e18d7fbfead0244629752cb555 /cooker/example.hjson | |
| parent | 8bc937c1442d212926dadb6227b759966bc13925 (diff) | |
| download | seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.tar seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.tar.gz seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.tar.bz2 seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.tar.lz seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.tar.xz seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.tar.zst seitan-00614c5e6702db8ac3f18a9e193c7a8382f16e6b.zip | |
cooker: Support for read(), OP_STORE, field-based filters
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'cooker/example.hjson')
| -rw-r--r-- | cooker/example.hjson | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/cooker/example.hjson b/cooker/example.hjson index 458961c..c3dc657 100644 --- a/cooker/example.hjson +++ b/cooker/example.hjson @@ -20,26 +20,46 @@ }, { "match": [ /* CVE-2022-0185-style */ - { "unshare": { "flags": { "has": { "newuser": true, "newnet": false } } } } + { "unshare": { "flags": "CLONE_NEWUSER" } } ], - "block": { } + "return": { "value": 0, "error": -1 } }, { "match": [ /* passt */ - { "unshare": { "flags": { "has": [ "ipc", "mount", "uts", "pid" ] } } } + { "unshare": { "flags": { "all": [ "CLONE_NEWIPC", "CLONE_NEWNS", "CLONE_NEWUTS", "CLONE_NEWPID" ] } } } ], - "block": { } + "return": { "value": 0, "error": 0 } }, { "match": [ /* Giuseppe's example */ - { "mknodat": { "path": { "tag": "path" }, "mode": "c", "major": 1, "minor": { "value": { "in": [ 3, 5, 7, 8, 9 ] }, "tag": "minor" } } } + { "mknodat": + { "path": { "tag": "path" }, + "mode": { "tag": "mode" }, + "type": { "tag": "type" }, + "major": 1, + "minor": { "value": { "in": [ 3, 5, 7, 8, 9 ] }, "tag": "minor" } + } + }, + { "mknod": + { "path": { "tag": "path" }, + "mode": { "tag": "mode" }, + "type": { "tag": "type" }, + "major": 1, + "minor": { "value": { "in": [ 3, 5, 7, 8, 9 ] }, "tag": "minor" } + } + } ], - "call": { - "mknod": { "path": { "tag": { "get": "path" } }, "mode": "c", "major": 1, "minor": { "tag": { "get": "minor" } } }, - "ret": "x", - "context": { "user": "init", "mnt": "caller" } - }, - "return": { "tag": "x" } + "call": + { "mknod": + { "path": { "tag": { "get": "path" } }, + "mode": { "tag": { "get": "mode" } }, + "type": { "tag": { "get": "type" } }, + "major": 1, + "minor": { "tag": { "get": "minor" } } + }, + "context": { "mnt": "caller" } + }, + "return": { "value": 0 } } ] |