gvisor

netbird/gvisor

Fork 0

mirror of https://github.com/netbirdio/gvisor.git synced 2026-05-22 17:12:49 -07:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Etienne Perot	0a3bced479	Add tooling to compile `seccomp-bpf` programs at `bazel build` time. This adds a `precompiledseccomp` library which provides tooling to compile `seccomp-bpf` programs and generate Go source code that contains the resulting bytecode embedded into it. In turn, this bytecode can be used in Go libraries. This avoids spending time compiling and optimizing `seccomp-bpf` programs at runsc container creation time. This library also contains support for "variables", which are `uint32`s whose values are part of the seccomp filters but only known at runtime. To support this, the program is compiled twice with placeholder values for these variables, and we verify that the offsets at which these values show up in the bytecode is consistent across these two compilation attempts. PiperOrigin-RevId: 583117683	2023-11-16 12:00:44 -08:00

Etienne Perot

0a3bced479

Add tooling to compile seccomp-bpf programs at bazel build time.

This adds a `precompiledseccomp` library which provides tooling to compile
`seccomp-bpf` programs and generate Go source code that contains the
resulting bytecode embedded into it. In turn, this bytecode can be used in
Go libraries.

This avoids spending time compiling and optimizing `seccomp-bpf` programs
at runsc container creation time.

This library also contains support for "variables", which are `uint32`s whose
values are part of the seccomp filters but only known at runtime. To support
this, the program is compiled twice with placeholder values for these
variables, and we verify that the offsets at which these values show up in the
bytecode is consistent across these two compilation attempts.

PiperOrigin-RevId: 583117683

2023-11-16 12:00:44 -08:00

1 Commits