Merge pull request #1044 from pjbgf/add-seccomp-kill-process

Mrunal Patel · web-flow · commit 44341cdd36f6 · 2020-05-20T17:19:39.000-07:00
seccomp: Add support for SCMP_ACT_KILL_PROCESS
diff --git a/config-linux.md b/config-linux.md
@@ -610,6 +610,7 @@ The following parameters can be specified to set up seccomp:
         A valid list of constants as of libseccomp v2.4.0 is shown below.
 
         * `SCMP_ACT_KILL`
+        * `SCMP_ACT_KILL_PROCESS`
         * `SCMP_ACT_TRAP`
         * `SCMP_ACT_ERRNO`
         * `SCMP_ACT_TRACE`
diff --git a/schema/defs-linux.json b/schema/defs-linux.json
@@ -54,6 +54,7 @@
             "type": "string",
             "enum": [
                 "SCMP_ACT_KILL",
+                "SCMP_ACT_KILL_PROCESS",
                 "SCMP_ACT_TRAP",
                 "SCMP_ACT_ERRNO",
                 "SCMP_ACT_TRACE",
diff --git a/specs-go/config.go b/specs-go/config.go
@@ -635,12 +635,13 @@ type LinuxSeccompAction string
 
 // Define actions for Seccomp rules
 const (
-	ActKill  LinuxSeccompAction = "SCMP_ACT_KILL"
-	ActTrap  LinuxSeccompAction = "SCMP_ACT_TRAP"
-	ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO"
-	ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"
-	ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"
-	ActLog   LinuxSeccompAction = "SCMP_ACT_LOG"
+	ActKill        LinuxSeccompAction = "SCMP_ACT_KILL"
+	ActKillProcess LinuxSeccompAction = "SCMP_ACT_KILL_PROCESS"
+	ActTrap        LinuxSeccompAction = "SCMP_ACT_TRAP"
+	ActErrno       LinuxSeccompAction = "SCMP_ACT_ERRNO"
+	ActTrace       LinuxSeccompAction = "SCMP_ACT_TRACE"
+	ActAllow       LinuxSeccompAction = "SCMP_ACT_ALLOW"
+	ActLog         LinuxSeccompAction = "SCMP_ACT_LOG"
 )
 
 // LinuxSeccompOperator used to match syscall arguments in Seccomp
