monadical/greywall
Archived
14
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Lint linux files

Browse Source
This commit is contained in:
JY Tan
2025-12-25 18:23:57 -08:00
parent 08ed28f88f
commit 6159bdd38a
5 changed files with 18 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/sandbox/linux_seccomp.go
View File

@@ -133,9 +133,9 @@ func (s *SeccompFilter) writeBPFProgram(path string) error {
// BPF_JMP | BPF_JEQ | BPF_K: if A == K, jump jt else jump jf
program = append(program, bpfInstruction{
code: BPF_JMP | BPF_JEQ | BPF_K,
jt: 0, // if match, go to next instruction (block)
jf: 1, // if not match, skip the block instruction
k: uint32(num),
jt: 0, // if match, go to next instruction (block)
jf: 1, // if not match, skip the block instruction
k: uint32(num), //nolint:gosec // syscall numbers fit in uint32
})
// Return action (block with EPERM)
@@ -152,11 +152,11 @@ func (s *SeccompFilter) writeBPFProgram(path string) error {
})
// Write the program to file
f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600)
f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600) //nolint:gosec // path is controlled
if err != nil {
return err
}
defer f.Close()
defer func() { _ = f.Close() }()
for _, inst := range program {
if err := inst.writeTo(f); err != nil {