gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
We have to copy both fields in the same way we did with the flags to
support them in container runtimes.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
simplify maintainance of the seccomp.json file and accept errno as
strings.
It also fixes a portability problem since errno values are arch
dependent.
The existing `DefaultErrnoRet` and `ErrnoRet` are maintained for
backward compatibility but they are obsoleted and will be removed in a
future release.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add support to specify the default errno return value.
The OCI runtime specs already have support for it, and both crun (>=
0.19) and runc (>= 1.0-rc95) have support for it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The new `BuildFilter()` API can be used by runc/libcontainer to build
a libseccomp filter from the spec. This means that they also do not need
any internal structures any more because we indirectly build it from the
internal `Seccomp` type.
The new `ValidateProfile()` API can be used by higher level consumers,
which want to ensure that a seccomp profile string can be transferred
into a libseccomp filter.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Kir Kolyshkin