diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2021-02-06 15:55:16 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2021-02-06 15:55:22 -0800 |
| commit | 1b1b1fb1c6cd75d69d1d178ff334e1acd4deb761 (patch) | |
| tree | 2c617e1f739e9880e2fc700995eb3851aca31353 /contrib | |
| parent | 75a5a9e4dd897890ee6be679477cb9086b45c47f (diff) | |
| download | libcap2-1b1b1fb1c6cd75d69d1d178ff334e1acd4deb761.tar.gz | |
Don't export symbols that are internal.
This is just an example, not a package or anything.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/seccomp/explore.go | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/contrib/seccomp/explore.go b/contrib/seccomp/explore.go index 37fe97b..8203d4f 100644 --- a/contrib/seccomp/explore.go +++ b/contrib/seccomp/explore.go @@ -114,46 +114,46 @@ func validateArchitecture() []SockFilter { } } -func ExamineSyscall() []SockFilter { +func examineSyscall() []SockFilter { return []SockFilter{ bpfStmt(bpfLd+bpfW+bpfAbs, syscallNr), } } -func AllowSyscall(syscallNum uint32) []SockFilter { +func allowSyscall(syscallNum uint32) []SockFilter { return []SockFilter{ bpfJump(bpfJmp+bpfJeq+bpfK, syscallNum, 0, 1), bpfStmt(bpfRet+bpfK, seccompRetAllow), } } -func DisallowSyscall(syscallNum, errno uint32) []SockFilter { +func disallowSyscall(syscallNum, errno uint32) []SockFilter { return []SockFilter{ bpfJump(bpfJmp+bpfJeq+bpfK, syscallNum, 0, 1), bpfStmt(bpfRet+bpfK, seccompRetErrno|(errno&seccompRetData)), } } -func KillProcess() []SockFilter { +func killProcess() []SockFilter { return []SockFilter{ bpfStmt(bpfRet+bpfK, seccompRetKillProcess), } } -func NotifyProcessAndDie() []SockFilter { +func notifyProcessAndDie() []SockFilter { return []SockFilter{ bpfStmt(bpfRet+bpfK, seccompRetTrap), } } -func TrapOnSyscall(syscallNum uint32) []SockFilter { +func trapOnSyscall(syscallNum uint32) []SockFilter { return []SockFilter{ bpfJump(bpfJmp+bpfJeq+bpfK, syscallNum, 0, 1), bpfStmt(bpfRet+bpfK, seccompRetTrap), } } -func AllGood() []SockFilter { +func allGood() []SockFilter { return []SockFilter{ bpfStmt(bpfRet+bpfK, seccompRetAllow), } @@ -244,20 +244,20 @@ func main() { filter = append(filter, validateArchitecture()...) // Grab the system call number. - filter = append(filter, ExamineSyscall()...) + filter = append(filter, examineSyscall()...) // List disallowed syscalls. for _, x := range []uint32{ syscall.SYS_SETUID, } { if *kill { - filter = append(filter, TrapOnSyscall(x)...) + filter = append(filter, trapOnSyscall(x)...) } else { - filter = append(filter, DisallowSyscall(x, uint32(*errno))...) + filter = append(filter, disallowSyscall(x, uint32(*errno))...) } } - filter = append(filter, AllGood()...) + filter = append(filter, allGood()...) prog := &SockFProg{ Len: uint16(len(filter)), |