seccomp

Module: seccomp

Contents

Structs

• SeccompArtifactMetadata
• SeccompMaterialized - Runtime seccomp materialization outcome.

Functions

• resolve_effective_seccomp - Resolve the effective seccomp filter for a profile.

---

firma_run::seccomp::SeccompArtifactMetadata

Struct

Fields:

• policy_schema_version: u32
• policy_id: String
• policy_version: String
• sha256: String
• generated_at: String
• compiler_version: String
• target_arch: String
• default_action: String
• source_policy_refs: Vec<String>
• source_policy_sha256: String
• denied_syscalls: Vec<String>

Traits: Eq

Trait Implementations:

• Serialize
  • fn serialize<__S>(self: &Self, __serializer: __S) -> _serde::__private228::Result<<__S as >::Ok, <__S as >::Error>
• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
• Deserialize
  • fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
• Clone
  • fn clone(self: &Self) -> SeccompArtifactMetadata
• PartialEq
  • fn eq(self: &Self, other: &SeccompArtifactMetadata) -> bool

firma_run::seccomp::SeccompMaterialized

Struct

Runtime seccomp materialization outcome.

Fields:

• bpf_path: std::path::PathBuf
• metadata_path: std::path::PathBuf
• metadata: SeccompArtifactMetadata

Traits: Eq

Trait Implementations:

• Clone
  • fn clone(self: &Self) -> SeccompMaterialized
• PartialEq
  • fn eq(self: &Self, other: &SeccompMaterialized) -> bool
• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

firma_run::seccomp::resolve_effective_seccomp

Function

Resolve the effective seccomp filter for a profile.

Managed policy mode compiles a deterministic artifact and returns the generated filter path.

Errors

Returns an error when managed policy compilation, artifact write, or checksum verification fails.

fn resolve_effective_seccomp(profile: &crate::config::ResolvedProfile) -> Result<Option<SeccompMaterialized>, crate::error::RunError>