Skip to content

Add support for different profile builds #93

New issue
New issue
Open
Open
Add support for different profile builds#93
Labels
enhancementNew feature or requesthelp wantedExtra attention is needed
@alegrey91

Description

@alegrey91
alegrey91
opened on Feb 23, 2025

Currently we are generating just one type of Seccomp profile with the build command.
The idea here is to provide the ability to configure your own profile based on your needs.
Eg. You might want to generate a less strict profile which can allow the logging of missing syscalls.

{
    "defaultAction": "SCMP_ACT_LOG",
    "architectures": [
        "SCMP_ARCH_X86_64",
        "SCMP_ARCH_X86",
        "SCMP_ARCH_X32"
    ],
    "syscalls": [
        {
            "names": [
                "arch_prctl",
                "sched_yield",
                "futex",
                "write",
                "mmap",
                "exit_group",
                "madvise",
                "rt_sigprocmask",
                "getpid",
                "gettid",
                "tgkill",
                "rt_sigaction",
                "read",
                "getpgrp"
            ],
            "action": "SCMP_ACT_ALLOW"
        },
        {
            "names": [
                "add_key",
                "keyctl",
                "ptrace"
            ],
            "action": "SCMP_ACT_ERRNO"
        }
    ]
}

Note that there might be more examples like the one above. For this reason I was thinking to add a flag on the build command, to allow the user of specifying the kind of profile which more fits his needs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions