use libseccomp::ScmpAction;
use serde::Deserialize;
#[derive(Deserialize, Clone, Copy, Default, Debug)]
#[serde(deny_unknown_fields)]
pub enum SeccompAction {
#[default]
#[serde(rename = "kill_process")]
KillProcess,
#[serde(rename = "log")]
Log,
}
impl SeccompAction {
fn to_scmp_action(self) -> ScmpAction {
match self {
Self::KillProcess => ScmpAction::KillProcess,
Self::Log => ScmpAction::Log,
}
}
}
#[derive(Deserialize, Default, Debug)]
#[serde(deny_unknown_fields)]
pub struct Seccomp {
pub(crate) syscalls: Vec<String>,
#[serde(default)]
pub(crate) dismatch_action: SeccompAction,
}
impl Seccomp {
pub fn new(dismatch_action: SeccompAction) -> Self {
Self {
dismatch_action,
..Default::default()
}
}
pub fn dismatch_action(&self) -> ScmpAction {
self.dismatch_action.to_scmp_action()
}
}