diff --git a/sources/cmd/server/seccomp.go b/sources/cmd/server/seccomp.go index 3473b04..6d8da9f 100644 --- a/sources/cmd/server/seccomp.go +++ b/sources/cmd/server/seccomp.go @@ -2,8 +2,38 @@ package server +import "log" + import "github.com/volution/kawipiko/lib/seccomp" +import . "github.com/volution/kawipiko/lib/common" + + + + +func seccompApplyPhase1 () () { + log.Printf ("[ii] [d53cf86e] [seccomp.] applying Linux seccomp filter (phase 1)...\n") + if _error := seccomp.ApplyServer (); _error != nil { + AbortError (_error, "[58d1492b] failed to apply Linux seccomp filter (phase 1)!") + } +} + + +func seccompApplyPhase2 () () { + log.Printf ("[ii] [a338ddaf] [seccomp.] applying Linux seccomp filter (phase 2)...\n") + if _error := seccomp.ApplyServer (); _error != nil { + AbortError (_error, "[68283e68] failed to apply Linux seccomp filter (phase 2)!") + } +} + + +func seccompApplyPhase3 () () { + log.Printf ("[ii] [a319ff21] [seccomp.] applying Linux seccomp filter (phase 3)...\n") + if _error := seccomp.ApplyServer (); _error != nil { + AbortError (_error, "[7c5a0f44] failed to apply Linux seccomp filter (phase 3)!") + } +} + diff --git a/sources/cmd/server/server.go b/sources/cmd/server/server.go index b2dd11a..dcf6bdd 100644 --- a/sources/cmd/server/server.go +++ b/sources/cmd/server/server.go @@ -1056,6 +1056,19 @@ func main_0 () (error) { + if _seccompEnabled { + seccompApplyPhase1 () + } + + + + + // -------------------------------------------------------------------------------- + // -------------------------------------------------------------------------------- + + + + runtime.GOMAXPROCS (int (_threads)) debug.SetGCPercent (50) @@ -1397,6 +1410,15 @@ func main_0 () (error) { + if _seccompEnabled { + seccompApplyPhase2 () + } + + + + + // -------------------------------------------------------------------------------- + // -------------------------------------------------------------------------------- @@ -2077,6 +2099,19 @@ func main_0 () (error) { + if _seccompEnabled { + seccompApplyPhase3 () + } + + + + + // -------------------------------------------------------------------------------- + // -------------------------------------------------------------------------------- + + + + var _waiter sync.WaitGroup if _server.httpPlain1Server != nil {