[server] Add --seccomp-enable flag and related logic (does not work for the moment).
This commit is contained in:
Ciprian Dorin Craciun
parent
1b76778d60
commit
c2189cc03f
3 changed files with 29 additions and 1 deletions
|
|
@ -1,5 +1,11 @@
|
||||||
|
|
||||||
package server
|
package server
|
||||||
|
|
||||||
import _ "github.com/volution/kawipiko/lib/seccomp"
|
|
||||||
|
import "github.com/volution/kawipiko/lib/seccomp"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
var seccompSupported = seccomp.Supported
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -826,6 +826,7 @@ func main_0 () (error) {
|
||||||
var _profileCpu string
|
var _profileCpu string
|
||||||
var _profileMem string
|
var _profileMem string
|
||||||
var _limitMemory uint
|
var _limitMemory uint
|
||||||
|
var _seccompEnabled bool
|
||||||
|
|
||||||
var _isFirst bool
|
var _isFirst bool
|
||||||
var _isMaster bool
|
var _isMaster bool
|
||||||
|
|
@ -876,6 +877,7 @@ func main_0 () (error) {
|
||||||
_profileCpu_0 := _flags.String ("profile-cpu", "", "")
|
_profileCpu_0 := _flags.String ("profile-cpu", "", "")
|
||||||
_profileMem_0 := _flags.String ("profile-mem", "", "")
|
_profileMem_0 := _flags.String ("profile-mem", "", "")
|
||||||
_limitMemory_0 := _flags.Uint ("limit-memory", 0, "")
|
_limitMemory_0 := _flags.Uint ("limit-memory", 0, "")
|
||||||
|
_seccompEnabled_0 := _flags.Bool ("seccomp-enable", false, "")
|
||||||
|
|
||||||
FlagsParse (_flags, 0, 0)
|
FlagsParse (_flags, 0, 0)
|
||||||
|
|
||||||
|
|
@ -912,6 +914,7 @@ func main_0 () (error) {
|
||||||
_profileCpu = *_profileCpu_0
|
_profileCpu = *_profileCpu_0
|
||||||
_profileMem = *_profileMem_0
|
_profileMem = *_profileMem_0
|
||||||
_limitMemory = *_limitMemory_0
|
_limitMemory = *_limitMemory_0
|
||||||
|
_seccompEnabled = *_seccompEnabled_0
|
||||||
|
|
||||||
if _slave == 0 {
|
if _slave == 0 {
|
||||||
_isMaster = true
|
_isMaster = true
|
||||||
|
|
@ -1026,6 +1029,16 @@ func main_0 () (error) {
|
||||||
AbortError (nil, "[2781f54c] maximum memory limit is between 128 and 16384 MiB!")
|
AbortError (nil, "[2781f54c] maximum memory limit is between 128 and 16384 MiB!")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if _seccompEnabled && !seccompSupported {
|
||||||
|
AbortError (nil, "[d4d22d4e] Linux seccomp is not supported with this build!")
|
||||||
|
}
|
||||||
|
if _seccompEnabled && (_processes > 1) {
|
||||||
|
AbortError (nil, "[69c06e0c] Linux seccomp is not supported with multiple processes!")
|
||||||
|
}
|
||||||
|
if _seccompEnabled && ((_profilingCpu != "") || (_profilingMem != "")) {
|
||||||
|
AbortError (nil, "[1fb06ca1] Linux seccomp is not supported with profiling!")
|
||||||
|
}
|
||||||
|
|
||||||
if (_processes > 1) && ((_profileCpu != "") || (_profileMem != "")) {
|
if (_processes > 1) && ((_profileCpu != "") || (_profileMem != "")) {
|
||||||
AbortError (nil, "[cd18d250] multi-process and profiling are mutually exclusive!")
|
AbortError (nil, "[cd18d250] multi-process and profiling are mutually exclusive!")
|
||||||
}
|
}
|
||||||
|
|
@ -1153,6 +1166,9 @@ func main_0 () (error) {
|
||||||
if _limitMemory != 0 {
|
if _limitMemory != 0 {
|
||||||
_processArguments = append (_processArguments, "--limit-memory", fmt.Sprintf ("%d", _limitMemory))
|
_processArguments = append (_processArguments, "--limit-memory", fmt.Sprintf ("%d", _limitMemory))
|
||||||
}
|
}
|
||||||
|
if _seccompEnabled {
|
||||||
|
_processArguments = append (_processArguments, "--seccomp-enable")
|
||||||
|
}
|
||||||
if _quiet {
|
if _quiet {
|
||||||
_processArguments = append (_processArguments, "--quiet")
|
_processArguments = append (_processArguments, "--quiet")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,9 @@
|
||||||
|
|
||||||
|
|
||||||
package seccomp
|
package seccomp
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
var Supported = false
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue