Enum oci_spec::runtime::LinuxSeccompFilterFlag
source · pub enum LinuxSeccompFilterFlag {
SeccompFilterFlagLog,
SeccompFilterFlagTsync,
SeccompFilterFlagSpecAllow,
}
Expand description
Available seccomp filter flags.
Variants§
SeccompFilterFlagLog
All filter return actions except SECCOMP_RET_ALLOW should be logged. An administrator may override this filter flag by preventing specific actions from being logged via the /proc/sys/kernel/seccomp/actions_logged file. (since Linux 4.14)
SeccompFilterFlagTsync
When adding a new filter, synchronize all other threads of the calling process to the same seccomp filter tree. A “filter tree” is the ordered list of filters attached to a thread. (Attaching identical filters in separate seccomp() calls results in different filters from this perspective.)
If any thread cannot synchronize to the same filter tree, the call will not attach the new seccomp filter, and will fail, returning the first thread ID found that cannot synchronize. Synchronization will fail if another thread in the same process is in SECCOMP_MODE_STRICT or if it has attached new seccomp filters to itself, diverging from the calling thread’s filter tree.
SeccompFilterFlagSpecAllow
Disable Speculative Store Bypass mitigation. (since Linux 4.17)
Trait Implementations§
source§impl Clone for LinuxSeccompFilterFlag
impl Clone for LinuxSeccompFilterFlag
source§fn clone(&self) -> LinuxSeccompFilterFlag
fn clone(&self) -> LinuxSeccompFilterFlag
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for LinuxSeccompFilterFlag
impl Debug for LinuxSeccompFilterFlag
source§impl<'de> Deserialize<'de> for LinuxSeccompFilterFlag
impl<'de> Deserialize<'de> for LinuxSeccompFilterFlag
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
source§impl Display for LinuxSeccompFilterFlag
impl Display for LinuxSeccompFilterFlag
source§impl FromStr for LinuxSeccompFilterFlag
impl FromStr for LinuxSeccompFilterFlag
source§impl PartialEq for LinuxSeccompFilterFlag
impl PartialEq for LinuxSeccompFilterFlag
source§impl Serialize for LinuxSeccompFilterFlag
impl Serialize for LinuxSeccompFilterFlag
source§impl TryFrom<&str> for LinuxSeccompFilterFlag
impl TryFrom<&str> for LinuxSeccompFilterFlag
impl Copy for LinuxSeccompFilterFlag
impl Eq for LinuxSeccompFilterFlag
impl StructuralPartialEq for LinuxSeccompFilterFlag
Auto Trait Implementations§
impl Freeze for LinuxSeccompFilterFlag
impl RefUnwindSafe for LinuxSeccompFilterFlag
impl Send for LinuxSeccompFilterFlag
impl Sync for LinuxSeccompFilterFlag
impl Unpin for LinuxSeccompFilterFlag
impl UnwindSafe for LinuxSeccompFilterFlag
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)