view release on metacpan or  search on metacpan

lib/App/EvalServerAdvanced/Sandbox/Internal.pm  view on Meta::CPAN

=head1 NAME

App::EvalServerAdvanced::Sandbox::Internal

=head1 SYNOPSIS

This is an internal class used as part of the plugin system for the sandbox.  This is where all the plugin roles for the sandbox end up.

=head1 CUSTOM LANGUAGE PROCESSING
When configuring the server and setting up a language, you can create a function that looks like the following:

    sub run_perl {
        my( $class, $lang, $code ) = @_;
        ...
    }

The first argument C<$class> is pretty much useless.  It will always be C<App::EvalServerAdvanced::Sandbox::Internal>,
as your subroutine is called as a dynamic method call.

In the configuration you can setup the language thusly,

lib/App/EvalServerAdvanced/Seccomp.pm  view on Meta::CPAN

}

method apply_seccomp($profile_name) {
  # TODO LOAD the rules

  my $seccomp = Linux::Seccomp->new(SCMP_ACT_KILL);

  for my $rule ($self->_rendered_profiles->{$profile_name}->@* ) {
      # TODO make this support raw syscall numbers?
      my $syscall = $rule->{syscall};
      # If it looks like it's not a raw number, try to resolve.
      $syscall = Linux::Seccomp::syscall_resolve_name($syscall) if ($syscall =~ /\D/);
      my @rules = ($rule->{rules}//[])->@*;

      my %actions = (
        ALLOW => SCMP_ACT_ALLOW,
        KILL  => SCMP_ACT_KILL,
        TRAP  => SCMP_ACT_TRAP,
      );

      my $action = $actions{$rule->{action}//""} // SCMP_ACT_ALLOW;