configs: format seccomp policies

diff --git a/configs/apache.cfg b/configs/apache.cfg
index e7162ff2ab83a9adc0f2a35cb7bd99e741f530c1..91774e6f7acd25f81073faa33859fc448fa7a37a 100644 (file)
--- a/configs/apache.cfg
+++ b/configs/apache.cfg
@@ -117,7 +117,6 @@ mount {
        is_bind: true
 }
 
-seccomp_string: "seccomp_string: "
 seccomp_string: "      POLICY example {"
 seccomp_string: "              KILL {"
 seccomp_string: "                      ptrace,"

diff --git a/configs/bash-with-fake-geteuid.cfg b/configs/bash-with-fake-geteuid.cfg
index d647a048b6a8783afa648426d20943691d3219e4..1f4cae74a7279aa434aace4073846d533c3320a6 100644 (file)
--- a/configs/bash-with-fake-geteuid.cfg
+++ b/configs/bash-with-fake-geteuid.cfg
@@ -167,13 +167,12 @@ mount {
        mandatory: false
 }
 
-seccomp_string: "POLICY example {              "
-seccomp_string:        "       ERRNO(1337) { geteuid },   "
-seccomp_string: "                              "
-seccomp_string: "              KILL { syslog },       "
-seccomp_string:        "       ERRNO(0) { ptrace }        "
-seccomp_string:        "}                             "
-seccomp_string:        "USE example DEFAULT ALLOW     "
+seccomp_string: "POLICY example {                              "
+seccomp_string:        "       ERRNO(1337) { geteuid },        "
+seccomp_string:        "       ERRNO(0) { ptrace },            "
+seccomp_string: "      KILL { syslog }                         "
+seccomp_string:        "}                                                              "
+seccomp_string:        "USE example DEFAULT ALLOW"
 
 exec_bin {
        path: "/bin/bash"

diff --git a/configs/firefox-with-cloned-net.cfg b/configs/firefox-with-cloned-net.cfg
index 39b774fffea0f5e3fb0824928a7d15fe5ff0aa11..43a5d478949fd1bc7e8e8f965653efdc2728f76f 100644 (file)
--- a/configs/firefox-with-cloned-net.cfg
+++ b/configs/firefox-with-cloned-net.cfg
@@ -151,14 +151,14 @@ mount {
        is_bind: true
 }
 
-seccomp_string: "      POLICY example {"
-seccomp_string: "              KILL {"
-seccomp_string: "                      ptrace,"
-seccomp_string: "                      process_vm_readv,"
-seccomp_string: "                      process_vm_writev"
-seccomp_string: "              }"
+seccomp_string: "POLICY example {"
+seccomp_string: "      KILL {"
+seccomp_string: "              ptrace,"
+seccomp_string: "              process_vm_readv,"
+seccomp_string: "              process_vm_writev"
 seccomp_string: "      }"
-seccomp_string: "      USE example DEFAULT ALLOW"
+seccomp_string: "}"
+seccomp_string: "USE example DEFAULT ALLOW"
 
 macvlan_iface: "enp0s31f6"
 macvlan_vs_ip: "192.168.10.223"

diff --git a/configs/firefox-with-net.cfg b/configs/firefox-with-net.cfg
index dc8f4fdecf2372370837690206988fcbfd888585..9f9bfc08b107fde5ad59f36e6ca342a00e29315e 100644 (file)
--- a/configs/firefox-with-net.cfg
+++ b/configs/firefox-with-net.cfg
@@ -137,14 +137,14 @@ mount {
        is_bind: true
 }
 
-seccomp_string: "      POLICY example {"
-seccomp_string: "              KILL {"
-seccomp_string: "                      ptrace,"
-seccomp_string: "                      process_vm_readv,"
-seccomp_string: "                      process_vm_writev"
-seccomp_string: "              }"
+seccomp_string: "POLICY example {"
+seccomp_string: "      KILL {"
+seccomp_string: "              ptrace,"
+seccomp_string: "              process_vm_readv,"
+seccomp_string: "              process_vm_writev"
 seccomp_string: "      }"
-seccomp_string: "      USE example DEFAULT ALLOW"
+seccomp_string: "}"
+seccomp_string: "USE example DEFAULT ALLOW"
 
 exec_bin {
         path: "/usr/lib/firefox/firefox"

diff --git a/configs/home-documents-with-xorg-no-net.cfg b/configs/home-documents-with-xorg-no-net.cfg
index 4363e36676134718c896bde74776dea4f2d5c2dd..a5dc2caa864e74e8b4ff76a84aa116b5e3c65e57 100644 (file)
--- a/configs/home-documents-with-xorg-no-net.cfg
+++ b/configs/home-documents-with-xorg-no-net.cfg
@@ -126,11 +126,11 @@ mount {
        is_bind: true
 }
 
-seccomp_string: "      POLICY example {"
-seccomp_string: "              KILL {"
-seccomp_string: "                      ptrace,"
-seccomp_string: "                      process_vm_readv,"
-seccomp_string: "                      process_vm_writev"
-seccomp_string: "              }"
+seccomp_string: "POLICY example {"
+seccomp_string: "      KILL {"
+seccomp_string: "              ptrace,"
+seccomp_string: "              process_vm_readv,"
+seccomp_string: "              process_vm_writev"
 seccomp_string: "      }"
-seccomp_string: "      USE example DEFAULT ALLOW"
+seccomp_string: "}"
+seccomp_string: "USE example DEFAULT ALLOW"

diff --git a/configs/imagemagick-convert.cfg b/configs/imagemagick-convert.cfg
index bd505007a48f30ede0138a9a315a900788d4f91b..cf7aaa9084407329924648a589a13c05db52c038 100644 (file)
--- a/configs/imagemagick-convert.cfg
+++ b/configs/imagemagick-convert.cfg
@@ -76,11 +76,11 @@ mount {
        mandatory: false
 }
 
-seccomp_string: "      POLICY example {"
-seccomp_string: "              KILL {"
-seccomp_string: "                      ptrace,"
-seccomp_string: "                      process_vm_readv,"
-seccomp_string: "                      process_vm_writev"
-seccomp_string: "              }"
+seccomp_string: "POLICY example {"
+seccomp_string: "      KILL {"
+seccomp_string: "              ptrace,"
+seccomp_string: "              process_vm_readv,"
+seccomp_string: "              process_vm_writev"
 seccomp_string: "      }"
-seccomp_string: "      USE example DEFAULT ALLOW"
+seccomp_string: "}"
+seccomp_string: "USE example DEFAULT ALLOW"