I’m trying to implement a simple container. I would like users to be able to specify whitelisted syscalls in a profile.json file.
Example content of profile.json file:
{ "whitelisted_syscalls": ["read", "exit", "write", "accept"], } then my application would just parse this file and enable/disable syscalls based on the content.
The problem is that seccomp_rule_add expects user to use SCMP_SYS macro. For example to allow read syscall I would normally call:
seccomp_rule_add(filter, SCMP_ACT_ALLOW, SCMP_SYS(read), 0); and SCMP_SYS(read) would be unfolded to an integer depending on an architecture.
