App-EvalServerAdvanced
13 results

 view release on metacpan or  search on metacpan

lib/App/EvalServerAdvanced/Seccomp.pm  view on Meta::CPAN 

package App::EvalServerAdvanced::Seccomp;
our $VERSION = '0.024';

use strict;
use warnings;

use v5.20;

use Data::Dumper;
use List::Util qw/reduce uniq/;
use Moo;
#use Linux::Clone;
#use POSIX ();
use Linux::Seccomp;
use Carp qw/croak/;
use Module::Runtime qw/check_module_name require_module module_notional_filename/;
use App::EvalServerAdvanced::Config;
use App::EvalServerAdvanced::ConstantCalc;
use App::EvalServerAdvanced::Seccomp::Profile;
use App::EvalServerAdvanced::Seccomp::Syscall;
use Function::Parameters;
use YAML::XS (); # no imports
use Path::Tiny;

has exec_map => (is => 'ro', default => sub {+{}});
has profiles => (is => 'ro', default => sub {+{}});
has constants => (is => 'ro', default => sub {App::EvalServerAdvanced::ConstantCalc->new()});

has _rules => (is => 'rw');

has _permutes => (is => 'ro', default => sub {+{}});
has _plugins => (is => 'ro', default => sub {+{}});
has _fullpermutes => (is => 'ro', lazy => 1, builder => 'calculate_permutations');
has _used_sets => (is => 'rw', default => sub {+{}});

has _rendered_profiles => (is => 'ro', default => sub {+{}});

has _finalized => (is => 'rw', default => 0); # TODO make this set once

# Define some more open modes that POSIX doesn't have for us.
my ($O_DIRECTORY, $O_CLOEXEC, $O_NOCTTY, $O_NOFOLLOW) = (00200000, 02000000, 00000400, 00400000);

method load_yaml($yaml_file) {

  # TODO sanitize file name via Path::Tiny, ensure it's either in the module location, or next to the sandbox config

  my $input = do {no warnings 'io'; local $/; open(my $fh, "<", $yaml_file) or die "Couldn't load seccomp YAML $yaml_file: $!"; <$fh>};
  my $data = do {
    local $YAML::XS::LoadBlessed = 0;
    local $YAML::XS::UseCode = 0;
    local $YAML::XS::LoadCode = 0;
    YAML::XS::Load($input);
  };

  if (my $consts = $data->{constants}) {
    for my $const_plugin (($consts->{plugins}//[])->@*) {
      $self->load_plugin("Constants::$const_plugin");
    }

    for my $const_key (keys (($consts->{values}//{})->%*)) {
      $self->constants->add_constant($const_key, $consts->{values}{$const_key})
    }
  }


  for my $profile_key (keys $data->{profiles}->%* ) {
    my $profile_data = $data->{profiles}->{$profile_key};

    my $profile_obj = App::EvalServerAdvanced::Seccomp::Profile->new(%$profile_data);



( run in 0.616 second using v1.01-cache-2.11-cpan-39bf76dae61 )