Apache Mesos
seccomp.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __LINUX_SECCOMP_HPP__
18 #define __LINUX_SECCOMP_HPP__
19 
20 #include <seccomp.h>
21 
23 
24 #include <process/owned.hpp>
25 
26 #include <stout/nothing.hpp>
27 #include <stout/option.hpp>
28 #include <stout/try.hpp>
29 
30 #include "linux/capabilities.hpp"
31 
32 namespace mesos {
33 namespace internal {
34 namespace seccomp {
35 
37 {
38 public:
39  // Create a Seccomp filter based on provided info.
41  const mesos::seccomp::ContainerSeccompProfile& profile,
43  capabilities = None());
44 
45  // Check if the provided architecture is a native architecture.
46  // Returns failure for unrecognized architectures.
47  static Try<bool> nativeArch(
48  const mesos::seccomp::ContainerSeccompProfile::Architecture& arch);
49 
51 
52  // Load the seccomp filter into the Linux kernel for the current process.
53  Try<Nothing> load() const;
54 
55 private:
56  explicit SeccompFilter(const scmp_filter_ctx& _ctx) : ctx(_ctx) {}
57 
58  scmp_filter_ctx ctx;
59 };
60 
61 } // namespace seccomp {
62 } // namespace internal {
63 } // namespace mesos {
64 
65 #endif // __LINUX_SECCOMP_HPP__
static Try< bool > nativeArch(const mesos::seccomp::ContainerSeccompProfile::Architecture &arch)
Definition: option.hpp:29
Definition: check.hpp:33
Definition: agent.hpp:25
static Try< process::Owned< SeccompFilter > > create(const mesos::seccomp::ContainerSeccompProfile &profile, const Option< mesos::internal::capabilities::ProcessCapabilities > &capabilities=None())
Definition: none.hpp:27
Definition: attributes.hpp:24
Definition: seccomp.hpp:36