vendor/src/github.com/docker/engine-api/types/seccomp.go - third_party/github.com/moby/moby - Git at Google

 package types

 // Seccomp represents the config for a seccomp profile for syscall restriction.
 type Seccomp struct {
 	DefaultAction Action     `json:"defaultAction"`
 	Architectures []Arch     `json:"architectures"`
 	Syscalls      []*Syscall `json:"syscalls"`
 }

 // Arch used for additional architectures
 type Arch string

 // Additional architectures permitted to be used for system calls
 // By default only the native architecture of the kernel is permitted
 const (
 	ArchX86         Arch = "SCMP_ARCH_X86"
 	ArchX86_64      Arch = "SCMP_ARCH_X86_64"
 	ArchX32         Arch = "SCMP_ARCH_X32"
 	ArchARM         Arch = "SCMP_ARCH_ARM"
 	ArchAARCH64     Arch = "SCMP_ARCH_AARCH64"
 	ArchMIPS        Arch = "SCMP_ARCH_MIPS"
 	ArchMIPS64      Arch = "SCMP_ARCH_MIPS64"
 	ArchMIPS64N32   Arch = "SCMP_ARCH_MIPS64N32"
 	ArchMIPSEL      Arch = "SCMP_ARCH_MIPSEL"
 	ArchMIPSEL64    Arch = "SCMP_ARCH_MIPSEL64"
 	ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
 	ArchPPC         Arch = "SCMP_ARCH_PPC"
 	ArchPPC64       Arch = "SCMP_ARCH_PPC64"
 	ArchPPC64LE     Arch = "SCMP_ARCH_PPC64LE"
 	ArchS390        Arch = "SCMP_ARCH_S390"
 	ArchS390X       Arch = "SCMP_ARCH_S390X"
 )

 // Action taken upon Seccomp rule match
 type Action string

 // Define actions for Seccomp rules
 const (
 	ActKill  Action = "SCMP_ACT_KILL"
 	ActTrap  Action = "SCMP_ACT_TRAP"
 	ActErrno Action = "SCMP_ACT_ERRNO"
 	ActTrace Action = "SCMP_ACT_TRACE"
 	ActAllow Action = "SCMP_ACT_ALLOW"
 )

 // Operator used to match syscall arguments in Seccomp
 type Operator string

 // Define operators for syscall arguments in Seccomp
 const (
 	OpNotEqual     Operator = "SCMP_CMP_NE"
 	OpLessThan     Operator = "SCMP_CMP_LT"
 	OpLessEqual    Operator = "SCMP_CMP_LE"
 	OpEqualTo      Operator = "SCMP_CMP_EQ"
 	OpGreaterEqual Operator = "SCMP_CMP_GE"
 	OpGreaterThan  Operator = "SCMP_CMP_GT"
 	OpMaskedEqual  Operator = "SCMP_CMP_MASKED_EQ"
 )

 // Arg used for matching specific syscall arguments in Seccomp
 type Arg struct {
 	Index    uint     `json:"index"`
 	Value    uint64   `json:"value"`
 	ValueTwo uint64   `json:"valueTwo"`
 	Op       Operator `json:"op"`
 }

 // Syscall is used to match a syscall in Seccomp
 type Syscall struct {
 	Name   string `json:"name"`
 	Action Action `json:"action"`
 	Args   []*Arg `json:"args"`
 }
	package types

	// Seccomp represents the config for a seccomp profile for syscall restriction.
	type Seccomp struct {
	DefaultAction Action `json:"defaultAction"`
	Architectures []Arch `json:"architectures"`
	Syscalls []*Syscall `json:"syscalls"`
	}

	// Arch used for additional architectures
	type Arch string

	// Additional architectures permitted to be used for system calls
	// By default only the native architecture of the kernel is permitted
	const (
	ArchX86 Arch = "SCMP_ARCH_X86"
	ArchX86_64 Arch = "SCMP_ARCH_X86_64"
	ArchX32 Arch = "SCMP_ARCH_X32"
	ArchARM Arch = "SCMP_ARCH_ARM"
	ArchAARCH64 Arch = "SCMP_ARCH_AARCH64"
	ArchMIPS Arch = "SCMP_ARCH_MIPS"
	ArchMIPS64 Arch = "SCMP_ARCH_MIPS64"
	ArchMIPS64N32 Arch = "SCMP_ARCH_MIPS64N32"
	ArchMIPSEL Arch = "SCMP_ARCH_MIPSEL"
	ArchMIPSEL64 Arch = "SCMP_ARCH_MIPSEL64"
	ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
	ArchPPC Arch = "SCMP_ARCH_PPC"
	ArchPPC64 Arch = "SCMP_ARCH_PPC64"
	ArchPPC64LE Arch = "SCMP_ARCH_PPC64LE"
	ArchS390 Arch = "SCMP_ARCH_S390"
	ArchS390X Arch = "SCMP_ARCH_S390X"
	)

	// Action taken upon Seccomp rule match
	type Action string

	// Define actions for Seccomp rules
	const (
	ActKill Action = "SCMP_ACT_KILL"
	ActTrap Action = "SCMP_ACT_TRAP"
	ActErrno Action = "SCMP_ACT_ERRNO"
	ActTrace Action = "SCMP_ACT_TRACE"
	ActAllow Action = "SCMP_ACT_ALLOW"
	)

	// Operator used to match syscall arguments in Seccomp
	type Operator string

	// Define operators for syscall arguments in Seccomp
	const (
	OpNotEqual Operator = "SCMP_CMP_NE"
	OpLessThan Operator = "SCMP_CMP_LT"
	OpLessEqual Operator = "SCMP_CMP_LE"
	OpEqualTo Operator = "SCMP_CMP_EQ"
	OpGreaterEqual Operator = "SCMP_CMP_GE"
	OpGreaterThan Operator = "SCMP_CMP_GT"
	OpMaskedEqual Operator = "SCMP_CMP_MASKED_EQ"
	)

	// Arg used for matching specific syscall arguments in Seccomp
	type Arg struct {
	Index uint `json:"index"`
	Value uint64 `json:"value"`
	ValueTwo uint64 `json:"valueTwo"`
	Op Operator `json:"op"`
	}

	// Syscall is used to match a syscall in Seccomp
	type Syscall struct {
	Name string `json:"name"`
	Action Action `json:"action"`
	Args []*Arg `json:"args"`
	}