Compare commits

..

No commits in common. "1b4c5477a55191f74d29bc264678e041bf0f2a42" and "d150c2ecd9eb01ebfadd2447313b7f13cc7f536c" have entirely different histories.

7 changed files with 2146 additions and 2146 deletions

View File

@ -1,5 +1,5 @@
# exile.h # qssb.h (quite simple sandbox)
`exile.h` is a simple header-only library that provides an interface to isolate processes on Linux. Using Seccomp and Linux Namespaces for that purpose requires some knowledge of annoying details which this library aims to abstract away as much as possible, when reasonable. Hence, the goal is to provide a convenient way for processes to restrict themselves in order to mitigate the effect of exploits. Currently, it utilizes technologies like Seccomp, Namespaces and Landlock to this end. `qssb.h` is a simple header-only library that provides an interface to sandbox processes on Linux. Using Seccomp and Linux Namespaces for that purpose requires some knowledge of annoying details which this library aims to abstract away as much as possible, when reasonable. Hence, the goal is to provide a convenient way for processes to restrict themselves in order to mitigate the effect of exploits. Currently, it utilizes technologies like Seccomp, Namespaces and Landlock to this end.
## Status ## Status
No release yet, expiremental, API is unstable, builds will break on updates of this library. No release yet, expiremental, API is unstable, builds will break on updates of this library.
@ -48,8 +48,8 @@ the library may check against that. Execute
Contributions are very welcome. Options: Contributions are very welcome. Options:
1. Pull-Request on [github](https://github.com/quitesimpleorg/exile.h) 1. Pull-Request on [github](https://github.com/quitesimpleorg/qssb.h)
2. Mail to `exile at quitesimple.org` with instructions on where to pull the changes from. 2. Mail to `qssb at quitesimple.org` with instructions on where to pull the changes from.
3. Mailing a classic patch/diff to the same address. 3. Mailing a classic patch/diff to the same address.

1740
exile.h

File diff suppressed because it is too large Load Diff

View File

@ -47,7 +47,7 @@ for line in lines:
if genifndef: if genifndef:
ifndef[currentsyscall] = genifndef.groups(1)[0] ifndef[currentsyscall] = genifndef.groups(1)[0]
array_line = "{EXILE_SYS(%s), %s}," % (currentsyscall, '|'.join(currentgroups)) array_line = "{QSSB_SYS(%s), %s}," % (currentsyscall, '|'.join(currentgroups))
print(array_line) print(array_line)
print_ifndefs() print_ifndefs()

View File

@ -1,363 +1,363 @@
# Assign system calls to groups. In the future, may also include simple arg filtering. # Assign system calls to groups. In the future, may also include simple arg filtering.
read EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW read QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
write EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW write QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
open EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS open QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
close EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW close QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
stat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS stat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fstat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
lstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS lstat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
poll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW poll QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
lseek EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW lseek QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
mmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW mmap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
mprotect EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW mprotect QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
munmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW munmap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
brk EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW brk QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
rt_sigaction EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigaction QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
rt_sigprocmask EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigprocmask QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
rt_sigreturn EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigreturn QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
ioctl EXILE_SYSCGROUP_IOCTL,EXILE_SYSCGROUP_DEFAULT_ALLOW ioctl QSSB_SYSCGROUP_IOCTL,QSSB_SYSCGROUP_DEFAULT_ALLOW
pread64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW pread64 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
pwrite64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW pwrite64 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
readv EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW readv QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
writev EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW writev QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
access EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS access QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
pipe EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW pipe QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
select EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW select QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
sched_yield EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW sched_yield QSSB_SYSCGROUP_SCHED,QSSB_SYSCGROUP_DEFAULT_ALLOW
mremap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW mremap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
msync EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW msync QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
mincore EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW mincore QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
madvise EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW madvise QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
shmget EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW shmget QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
shmat EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW shmat QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
shmctl EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW shmctl QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
dup EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW dup QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
dup2 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW dup2 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
pause EXILE_SYSCGROUP_PAUSE,EXILE_SYSCGROUP_DEFAULT_ALLOW pause QSSB_SYSCGROUP_PAUSE,QSSB_SYSCGROUP_DEFAULT_ALLOW
nanosleep EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW nanosleep QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
getitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW getitimer QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
alarm EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW alarm QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
setitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW setitimer QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
getpid EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getpid QSSB_SYSCGROUP_PROCESS,QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
sendfile EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW sendfile QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
socket EXILE_SYSCGROUP_SOCKET socket QSSB_SYSCGROUP_SOCKET
connect EXILE_SYSCGROUP_SOCKET connect QSSB_SYSCGROUP_SOCKET
accept EXILE_SYSCGROUP_SOCKET accept QSSB_SYSCGROUP_SOCKET
sendto EXILE_SYSCGROUP_SOCKET sendto QSSB_SYSCGROUP_SOCKET
recvfrom EXILE_SYSCGROUP_SOCKET recvfrom QSSB_SYSCGROUP_SOCKET
sendmsg EXILE_SYSCGROUP_SOCKET sendmsg QSSB_SYSCGROUP_SOCKET
recvmsg EXILE_SYSCGROUP_SOCKET recvmsg QSSB_SYSCGROUP_SOCKET
shutdown EXILE_SYSCGROUP_SOCKET shutdown QSSB_SYSCGROUP_SOCKET
bind EXILE_SYSCGROUP_SOCKET bind QSSB_SYSCGROUP_SOCKET
listen EXILE_SYSCGROUP_SOCKET listen QSSB_SYSCGROUP_SOCKET
getsockname EXILE_SYSCGROUP_SOCKET getsockname QSSB_SYSCGROUP_SOCKET
getpeername EXILE_SYSCGROUP_SOCKET getpeername QSSB_SYSCGROUP_SOCKET
socketpair EXILE_SYSCGROUP_SOCKET,EXILE_SYSCGROUP_IPC socketpair QSSB_SYSCGROUP_SOCKET,QSSB_SYSCGROUP_IPC
setsockopt EXILE_SYSCGROUP_SOCKET setsockopt QSSB_SYSCGROUP_SOCKET
getsockopt EXILE_SYSCGROUP_SOCKET getsockopt QSSB_SYSCGROUP_SOCKET
clone EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW clone QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW
fork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW fork QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW
vfork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW vfork QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW
execve EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_EXEC execve QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_EXEC
exit EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_DEFAULT_ALLOW exit QSSB_SYSCGROUP_PROCESS,QSSB_SYSCGROUP_DEFAULT_ALLOW
wait4 EXILE_SYSCGROUP_EXEC wait4 QSSB_SYSCGROUP_EXEC
kill EXILE_SYSCGROUP_KILL kill QSSB_SYSCGROUP_KILL
uname EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW uname QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_DEFAULT_ALLOW
semget EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW semget QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
semop EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW semop QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
semctl EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW semctl QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
shmdt EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW shmdt QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
msgget EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW msgget QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
msgsnd EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW msgsnd QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
msgrcv EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW msgrcv QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
msgctl EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW msgctl QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
fcntl EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW fcntl QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
flock EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW flock QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
fsync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW fsync QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
fdatasync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fdatasync QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
truncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS truncate QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
ftruncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS ftruncate QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
getdents EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS getdents QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
getcwd EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS getcwd QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
chdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS chdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fchdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fchdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
rename EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS rename QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
mkdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS mkdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
rmdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS rmdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
creat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS creat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
link EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS link QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
unlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS unlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
symlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS symlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
readlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS readlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
chmod EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS chmod QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fchmod EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fchmod QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
chown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS chown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fchown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
lchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS lchown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
umask EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW umask QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW
gettimeofday EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW gettimeofday QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_DEFAULT_ALLOW
getrlimit EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW getrlimit QSSB_SYSCGROUP_RES,QSSB_SYSCGROUP_DEFAULT_ALLOW
getrusage EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW getrusage QSSB_SYSCGROUP_RES,QSSB_SYSCGROUP_DEFAULT_ALLOW
sysinfo EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW sysinfo QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_DEFAULT_ALLOW
times EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW times QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_DEFAULT_ALLOW
ptrace EXILE_SYSCGROUP_PTRACE,EXILE_SYSCGROUP_DEFAULT_ALLOW ptrace QSSB_SYSCGROUP_PTRACE,QSSB_SYSCGROUP_DEFAULT_ALLOW
getuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
syslog EXILE_SYSCGROUP_SYS syslog QSSB_SYSCGROUP_SYS
getgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
setuid EXILE_SYSCGROUP_ID setuid QSSB_SYSCGROUP_ID
setgid EXILE_SYSCGROUP_ID setgid QSSB_SYSCGROUP_ID
geteuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW geteuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
getegid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getegid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
setpgid EXILE_SYSCGROUP_ID setpgid QSSB_SYSCGROUP_ID
getppid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getppid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
getpgrp EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getpgrp QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
setsid EXILE_SYSCGROUP_ID setsid QSSB_SYSCGROUP_ID
setreuid EXILE_SYSCGROUP_ID setreuid QSSB_SYSCGROUP_ID
setregid EXILE_SYSCGROUP_ID setregid QSSB_SYSCGROUP_ID
getgroups EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getgroups QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
setgroups EXILE_SYSCGROUP_ID setgroups QSSB_SYSCGROUP_ID
setresuid EXILE_SYSCGROUP_ID setresuid QSSB_SYSCGROUP_ID
getresuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getresuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
setresgid EXILE_SYSCGROUP_ID setresgid QSSB_SYSCGROUP_ID
getresgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getresgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
getpgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getpgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
setfsuid EXILE_SYSCGROUP_ID setfsuid QSSB_SYSCGROUP_ID
setfsgid EXILE_SYSCGROUP_ID setfsgid QSSB_SYSCGROUP_ID
getsid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW getsid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
capget EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW capget QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
capset EXILE_SYSCGROUP_ID capset QSSB_SYSCGROUP_ID
rt_sigpending EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigpending QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
rt_sigtimedwait EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigtimedwait QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
rt_sigqueueinfo EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigqueueinfo QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
rt_sigsuspend EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW rt_sigsuspend QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
sigaltstack EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL sigaltstack QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_SIGNAL
utime EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_FS utime QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_FS
mknod EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_FS mknod QSSB_SYSCGROUP_DEV,QSSB_SYSCGROUP_FS
uselib EXILE_SYSCGROUP_LIB,EXILE_SYSCGROUP_DEFAULT_ALLOW uselib QSSB_SYSCGROUP_LIB,QSSB_SYSCGROUP_DEFAULT_ALLOW
personality EXILE_SYSCGROUP_PROCESS personality QSSB_SYSCGROUP_PROCESS
ustat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS ustat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS
statfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS statfs QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS
fstatfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS fstatfs QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS
sysfs EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_FS sysfs QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_FS
getpriority EXILE_SYSCGROUP_SCHED getpriority QSSB_SYSCGROUP_SCHED
setpriority EXILE_SYSCGROUP_SCHED setpriority QSSB_SYSCGROUP_SCHED
sched_setparam EXILE_SYSCGROUP_SCHED sched_setparam QSSB_SYSCGROUP_SCHED
sched_getparam EXILE_SYSCGROUP_SCHED sched_getparam QSSB_SYSCGROUP_SCHED
sched_setscheduler EXILE_SYSCGROUP_SCHED sched_setscheduler QSSB_SYSCGROUP_SCHED
sched_getscheduler EXILE_SYSCGROUP_SCHED sched_getscheduler QSSB_SYSCGROUP_SCHED
sched_get_priority_max EXILE_SYSCGROUP_SCHED sched_get_priority_max QSSB_SYSCGROUP_SCHED
sched_get_priority_min EXILE_SYSCGROUP_SCHED sched_get_priority_min QSSB_SYSCGROUP_SCHED
sched_rr_get_interval EXILE_SYSCGROUP_SCHED sched_rr_get_interval QSSB_SYSCGROUP_SCHED
mlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW mlock QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
munlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW munlock QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
mlockall EXILE_SYSCGROUP_MEMORY mlockall QSSB_SYSCGROUP_MEMORY
munlockall EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW munlockall QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
vhangup EXILE_SYSCGROUP_TTY vhangup QSSB_SYSCGROUP_TTY
modify_ldt EXILE_SYSCGROUP_PROCESS modify_ldt QSSB_SYSCGROUP_PROCESS
pivot_root EXILE_SYSCGROUP_CHROOT pivot_root QSSB_SYSCGROUP_CHROOT
_sysctl EXILE_SYSCGROUP_SYS _sysctl QSSB_SYSCGROUP_SYS
prctl EXILE_SYSCGROUP_PROCESS prctl QSSB_SYSCGROUP_PROCESS
arch_prctl EXILE_SYSCGROUP_PROCESS arch_prctl QSSB_SYSCGROUP_PROCESS
adjtimex EXILE_SYSCGROUP_CLOCK adjtimex QSSB_SYSCGROUP_CLOCK
setrlimit EXILE_SYSCGROUP_RES setrlimit QSSB_SYSCGROUP_RES
chroot EXILE_SYSCGROUP_CHROOT,EXILE_SYSCGROUP_FS chroot QSSB_SYSCGROUP_CHROOT,QSSB_SYSCGROUP_FS
sync EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW sync QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
acct EXILE_SYSCGROUP_PROCESS acct QSSB_SYSCGROUP_PROCESS
settimeofday EXILE_SYSCGROUP_TIME settimeofday QSSB_SYSCGROUP_TIME
mount EXILE_SYSCGROUP_MOUNT,EXILE_SYSCGROUP_FS mount QSSB_SYSCGROUP_MOUNT,QSSB_SYSCGROUP_FS
umount2 EXILE_SYSCGROUP_UMOUNT,EXILE_SYSCGROUP_FS umount2 QSSB_SYSCGROUP_UMOUNT,QSSB_SYSCGROUP_FS
swapon EXILE_SYSCGROUP_SWAP swapon QSSB_SYSCGROUP_SWAP
swapoff EXILE_SYSCGROUP_SWAP swapoff QSSB_SYSCGROUP_SWAP
reboot EXILE_SYSCGROUP_POWER reboot QSSB_SYSCGROUP_POWER
sethostname EXILE_SYSCGROUP_HOST sethostname QSSB_SYSCGROUP_HOST
setdomainname EXILE_SYSCGROUP_HOST setdomainname QSSB_SYSCGROUP_HOST
iopl EXILE_SYSCGROUP_IOPL iopl QSSB_SYSCGROUP_IOPL
ioperm EXILE_SYSCGROUP_IOPL ioperm QSSB_SYSCGROUP_IOPL
create_module EXILE_SYSCGROUP_KMOD create_module QSSB_SYSCGROUP_KMOD
init_module EXILE_SYSCGROUP_KMOD init_module QSSB_SYSCGROUP_KMOD
delete_module EXILE_SYSCGROUP_KMOD delete_module QSSB_SYSCGROUP_KMOD
get_kernel_syms EXILE_SYSCGROUP_KMOD get_kernel_syms QSSB_SYSCGROUP_KMOD
query_module EXILE_SYSCGROUP_KMOD query_module QSSB_SYSCGROUP_KMOD
quotactl EXILE_SYSCGROUP_QUOTA quotactl QSSB_SYSCGROUP_QUOTA
nfsservctl EXILE_SYSCGROUP_NONE nfsservctl QSSB_SYSCGROUP_NONE
getpmsg EXILE_SYSCGROUP_UNIMPLEMENTED getpmsg QSSB_SYSCGROUP_UNIMPLEMENTED
putpmsg EXILE_SYSCGROUP_UNIMPLEMENTED putpmsg QSSB_SYSCGROUP_UNIMPLEMENTED
afs_syscall EXILE_SYSCGROUP_UNIMPLEMENTED afs_syscall QSSB_SYSCGROUP_UNIMPLEMENTED
tuxcall EXILE_SYSCGROUP_UNIMPLEMENTED tuxcall QSSB_SYSCGROUP_UNIMPLEMENTED
security EXILE_SYSCGROUP_UNIMPLEMENTED security QSSB_SYSCGROUP_UNIMPLEMENTED
gettid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_THREAD gettid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_THREAD
readahead EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS readahead QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS
setxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS setxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
lsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS lsetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
fsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS fsetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
getxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS getxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
lgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS lgetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fgetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
listxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS listxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
llistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS llistxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
flistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS flistxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
removexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS removexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
lremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS lremovexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
fremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS fremovexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
tkill EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL tkill QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_SIGNAL
time EXILE_SYSCGROUP_TIME time QSSB_SYSCGROUP_TIME
futex EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_FUTEX futex QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_FUTEX
sched_setaffinity EXILE_SYSCGROUP_SCHED sched_setaffinity QSSB_SYSCGROUP_SCHED
sched_getaffinity EXILE_SYSCGROUP_SCHED sched_getaffinity QSSB_SYSCGROUP_SCHED
set_thread_area EXILE_SYSCGROUP_THREAD set_thread_area QSSB_SYSCGROUP_THREAD
io_setup EXILE_SYSCGROUP_IO io_setup QSSB_SYSCGROUP_IO
io_destroy EXILE_SYSCGROUP_IO io_destroy QSSB_SYSCGROUP_IO
io_getevents EXILE_SYSCGROUP_IO io_getevents QSSB_SYSCGROUP_IO
io_submit EXILE_SYSCGROUP_IO io_submit QSSB_SYSCGROUP_IO
io_cancel EXILE_SYSCGROUP_IO io_cancel QSSB_SYSCGROUP_IO
get_thread_area EXILE_SYSCGROUP_THREAD get_thread_area QSSB_SYSCGROUP_THREAD
lookup_dcookie EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS lookup_dcookie QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FS
epoll_create EXILE_SYSCGROUP_STDIO epoll_create QSSB_SYSCGROUP_STDIO
epoll_ctl_old EXILE_SYSCGROUP_STDIO epoll_ctl_old QSSB_SYSCGROUP_STDIO
epoll_wait_old EXILE_SYSCGROUP_STDIO epoll_wait_old QSSB_SYSCGROUP_STDIO
remap_file_pages EXILE_SYSCGROUP_NONE remap_file_pages QSSB_SYSCGROUP_NONE
getdents64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS getdents64 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FS
set_tid_address EXILE_SYSCGROUP_THREAD set_tid_address QSSB_SYSCGROUP_THREAD
restart_syscall EXILE_SYSCGROUP_SYSCALL restart_syscall QSSB_SYSCGROUP_SYSCALL
semtimedop EXILE_SYSCGROUP_SEM semtimedop QSSB_SYSCGROUP_SEM
fadvise64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD fadvise64 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FD
timer_create EXILE_SYSCGROUP_TIMER timer_create QSSB_SYSCGROUP_TIMER
timer_settime EXILE_SYSCGROUP_TIMER timer_settime QSSB_SYSCGROUP_TIMER
timer_gettime EXILE_SYSCGROUP_TIMER timer_gettime QSSB_SYSCGROUP_TIMER
timer_getoverrun EXILE_SYSCGROUP_TIMER timer_getoverrun QSSB_SYSCGROUP_TIMER
timer_delete EXILE_SYSCGROUP_TIMER timer_delete QSSB_SYSCGROUP_TIMER
clock_settime EXILE_SYSCGROUP_TIME clock_settime QSSB_SYSCGROUP_TIME
clock_gettime EXILE_SYSCGROUP_TIME clock_gettime QSSB_SYSCGROUP_TIME
clock_getres EXILE_SYSCGROUP_TIME clock_getres QSSB_SYSCGROUP_TIME
clock_nanosleep EXILE_SYSCGROUP_TIME clock_nanosleep QSSB_SYSCGROUP_TIME
exit_group EXILE_SYSCGROUP_EXIT,EXILE_SYSCGROUP_DEFAULT_ALLOW exit_group QSSB_SYSCGROUP_EXIT,QSSB_SYSCGROUP_DEFAULT_ALLOW
epoll_wait EXILE_SYSCGROUP_FD epoll_wait QSSB_SYSCGROUP_FD
epoll_ctl EXILE_SYSCGROUP_FD epoll_ctl QSSB_SYSCGROUP_FD
tgkill EXILE_SYSCGROUP_SIGNAL,EXILE_SYSCGROUP_THREAD tgkill QSSB_SYSCGROUP_SIGNAL,QSSB_SYSCGROUP_THREAD
utimes EXILE_SYSCGROUP_PATH utimes QSSB_SYSCGROUP_PATH
vserver EXILE_SYSCGROUP_UNIMPLEMENTED vserver QSSB_SYSCGROUP_UNIMPLEMENTED
mbind EXILE_SYSCGROUP_MEMORY mbind QSSB_SYSCGROUP_MEMORY
set_mempolicy EXILE_SYSCGROUP_MEMORY set_mempolicy QSSB_SYSCGROUP_MEMORY
get_mempolicy EXILE_SYSCGROUP_MEMORY get_mempolicy QSSB_SYSCGROUP_MEMORY
mq_open EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC mq_open QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
mq_unlink EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC mq_unlink QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
mq_timedsend EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC mq_timedsend QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
mq_timedreceive EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC mq_timedreceive QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
mq_notify EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC mq_notify QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
mq_getsetattr EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC mq_getsetattr QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
kexec_load EXILE_SYSCGROUP_KEXEC kexec_load QSSB_SYSCGROUP_KEXEC
waitid EXILE_SYSCGROUP_SIGNAL waitid QSSB_SYSCGROUP_SIGNAL
add_key EXILE_SYSCGROUP_KEYS add_key QSSB_SYSCGROUP_KEYS
request_key EXILE_SYSCGROUP_KEYS request_key QSSB_SYSCGROUP_KEYS
keyctl EXILE_SYSCGROUP_KEYS keyctl QSSB_SYSCGROUP_KEYS
ioprio_set EXILE_SYSCGROUP_PRIO ioprio_set QSSB_SYSCGROUP_PRIO
ioprio_get EXILE_SYSCGROUP_PRIO ioprio_get QSSB_SYSCGROUP_PRIO
inotify_init EXILE_SYSCGROUP_INOTIFY inotify_init QSSB_SYSCGROUP_INOTIFY
inotify_add_watch EXILE_SYSCGROUP_INOTIFY inotify_add_watch QSSB_SYSCGROUP_INOTIFY
inotify_rm_watch EXILE_SYSCGROUP_INOTIFY inotify_rm_watch QSSB_SYSCGROUP_INOTIFY
migrate_pages EXILE_SYSCGROUP_PROCESS migrate_pages QSSB_SYSCGROUP_PROCESS
openat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS openat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
mkdirat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS mkdirat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
mknodat EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS mknodat QSSB_SYSCGROUP_DEV,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fchownat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fchownat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
futimesat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS futimesat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
newfstatat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS newfstatat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
unlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS unlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
renameat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS renameat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
linkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS linkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
symlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS symlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
readlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS readlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
fchmodat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS fchmodat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
faccessat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS faccessat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
pselect6 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS pselect6 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
ppoll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS ppoll QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
unshare EXILE_SYSCGROUP_NS,EXILE_SYSCGROUP_FS unshare QSSB_SYSCGROUP_NS,QSSB_SYSCGROUP_FS
set_robust_list EXILE_SYSCGROUP_FUTEX set_robust_list QSSB_SYSCGROUP_FUTEX
get_robust_list EXILE_SYSCGROUP_FUTEX get_robust_list QSSB_SYSCGROUP_FUTEX
splice EXILE_SYSCGROUP_FD splice QSSB_SYSCGROUP_FD
tee EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW tee QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
sync_file_range EXILE_SYSCGROUP_FD sync_file_range QSSB_SYSCGROUP_FD
vmsplice EXILE_SYSCGROUP_FD vmsplice QSSB_SYSCGROUP_FD
move_pages EXILE_SYSCGROUP_PROCESS move_pages QSSB_SYSCGROUP_PROCESS
utimensat EXILE_SYSCGROUP_PATH utimensat QSSB_SYSCGROUP_PATH
epoll_pwait EXILE_SYSCGROUP_STDIO epoll_pwait QSSB_SYSCGROUP_STDIO
signalfd EXILE_SYSCGROUP_SIGNAL signalfd QSSB_SYSCGROUP_SIGNAL
timerfd_create EXILE_SYSCGROUP_TIMER timerfd_create QSSB_SYSCGROUP_TIMER
eventfd EXILE_SYSCGROUP_FD eventfd QSSB_SYSCGROUP_FD
fallocate EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD fallocate QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FD
timerfd_settime EXILE_SYSCGROUP_TIMER timerfd_settime QSSB_SYSCGROUP_TIMER
timerfd_gettime EXILE_SYSCGROUP_TIMER timerfd_gettime QSSB_SYSCGROUP_TIMER
accept4 EXILE_SYSCGROUP_SOCKET accept4 QSSB_SYSCGROUP_SOCKET
signalfd4 EXILE_SYSCGROUP_FD signalfd4 QSSB_SYSCGROUP_FD
eventfd2 EXILE_SYSCGROUP_FD eventfd2 QSSB_SYSCGROUP_FD
epoll_create1 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW epoll_create1 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
dup3 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW dup3 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
pipe2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW pipe2 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
inotify_init1 EXILE_SYSCGROUP_INOTIFY inotify_init1 QSSB_SYSCGROUP_INOTIFY
preadv EXILE_SYSCGROUP_STDIO preadv QSSB_SYSCGROUP_STDIO
pwritev EXILE_SYSCGROUP_STDIO pwritev QSSB_SYSCGROUP_STDIO
rt_tgsigqueueinfo EXILE_SYSCGROUP_RT rt_tgsigqueueinfo QSSB_SYSCGROUP_RT
perf_event_open EXILE_SYSCGROUP_PERF perf_event_open QSSB_SYSCGROUP_PERF
recvmmsg EXILE_SYSCGROUP_SOCKET recvmmsg QSSB_SYSCGROUP_SOCKET
fanotify_init EXILE_SYSCGROUP_FANOTIFY fanotify_init QSSB_SYSCGROUP_FANOTIFY
fanotify_mark EXILE_SYSCGROUP_FANOTIFY fanotify_mark QSSB_SYSCGROUP_FANOTIFY
prlimit64 EXILE_SYSCGROUP_RES prlimit64 QSSB_SYSCGROUP_RES
name_to_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS name_to_handle_at QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS
open_by_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS open_by_handle_at QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS
clock_adjtime EXILE_SYSCGROUP_CLOCK clock_adjtime QSSB_SYSCGROUP_CLOCK
syncfs EXILE_SYSCGROUP_FD syncfs QSSB_SYSCGROUP_FD
sendmmsg EXILE_SYSCGROUP_SOCKET sendmmsg QSSB_SYSCGROUP_SOCKET
setns EXILE_SYSCGROUP_NS setns QSSB_SYSCGROUP_NS
getcpu EXILE_SYSCGROUP_SCHED getcpu QSSB_SYSCGROUP_SCHED
#maybe IPC, but feels wrong #maybe IPC, but feels wrong
process_vm_readv EXILE_SYSCGROUP_NONE process_vm_readv QSSB_SYSCGROUP_NONE
process_vm_writev EXILE_SYSCGROUP_NONE process_vm_writev QSSB_SYSCGROUP_NONE
kcmp EXILE_SYSCGROUP_NONE kcmp QSSB_SYSCGROUP_NONE
finit_module EXILE_SYSCGROUP_KMOD finit_module QSSB_SYSCGROUP_KMOD
sched_setattr EXILE_SYSCGROUP_SCHED sched_setattr QSSB_SYSCGROUP_SCHED
sched_getattr EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW sched_getattr QSSB_SYSCGROUP_SCHED,QSSB_SYSCGROUP_DEFAULT_ALLOW
renameat2 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW renameat2 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW
seccomp EXILE_SYSCGROUP_NONE seccomp QSSB_SYSCGROUP_NONE
getrandom EXILE_SYSCGROUP_DEFAULT_ALLOW getrandom QSSB_SYSCGROUP_DEFAULT_ALLOW
memfd_create EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW memfd_create QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
kexec_file_load EXILE_SYSCGROUP_KEXEC kexec_file_load QSSB_SYSCGROUP_KEXEC
bpf EXILE_SYSCGROUP_NONE bpf QSSB_SYSCGROUP_NONE
execveat EXILE_SYSCGROUP_EXEC execveat QSSB_SYSCGROUP_EXEC
userfaultfd EXILE_SYSCGROUP_NONE userfaultfd QSSB_SYSCGROUP_NONE
membarrier EXILE_SYSCGROUP_NONE membarrier QSSB_SYSCGROUP_NONE
mlock2 EXILE_SYSCGROUP_MEMORY mlock2 QSSB_SYSCGROUP_MEMORY
copy_file_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW copy_file_range QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
preadv2 EXILE_SYSCGROUP_STDIO preadv2 QSSB_SYSCGROUP_STDIO
pwritev2 EXILE_SYSCGROUP_STDIO pwritev2 QSSB_SYSCGROUP_STDIO
#Those are newer than 5.10, wrap them in ifndef so we can compile on old systems #Those are newer than 5.10, wrap them in ifndef so we can compile on old systems
pkey_mprotect EXILE_SYSCGROUP_PKEY genifndef(329) pkey_mprotect QSSB_SYSCGROUP_PKEY genifndef(329)
pkey_alloc EXILE_SYSCGROUP_PKEY genifndef(330) pkey_alloc QSSB_SYSCGROUP_PKEY genifndef(330)
pkey_free EXILE_SYSCGROUP_PKEY genifndef(331) pkey_free QSSB_SYSCGROUP_PKEY genifndef(331)
statx EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(332) statx QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(332)
io_pgetevents EXILE_SYSCGROUP_NONE genifndef(333) io_pgetevents QSSB_SYSCGROUP_NONE genifndef(333)
rseq EXILE_SYSCGROUP_THREAD genifndef(334) rseq QSSB_SYSCGROUP_THREAD genifndef(334)
pidfd_send_signal EXILE_SYSCGROUP_PIDFD genifndef(424) pidfd_send_signal QSSB_SYSCGROUP_PIDFD genifndef(424)
io_uring_setup EXILE_SYSCGROUP_IOURING genifndef(425) io_uring_setup QSSB_SYSCGROUP_IOURING genifndef(425)
io_uring_enter EXILE_SYSCGROUP_IOURING genifndef(426) io_uring_enter QSSB_SYSCGROUP_IOURING genifndef(426)
io_uring_register EXILE_SYSCGROUP_IOURING genifndef(427) io_uring_register QSSB_SYSCGROUP_IOURING genifndef(427)
open_tree EXILE_SYSCGROUP_NEWMOUNT genifndef(428) open_tree QSSB_SYSCGROUP_NEWMOUNT genifndef(428)
move_mount EXILE_SYSCGROUP_NEWMOUNT genifndef(429) move_mount QSSB_SYSCGROUP_NEWMOUNT genifndef(429)
fsopen EXILE_SYSCGROUP_NEWMOUNT genifndef(430) fsopen QSSB_SYSCGROUP_NEWMOUNT genifndef(430)
fsconfig EXILE_SYSCGROUP_NEWMOUNT genifndef(431) fsconfig QSSB_SYSCGROUP_NEWMOUNT genifndef(431)
fsmount EXILE_SYSCGROUP_NEWMOUNT genifndef(432) fsmount QSSB_SYSCGROUP_NEWMOUNT genifndef(432)
fspick EXILE_SYSCGROUP_NEWMOUNT genifndef(433) fspick QSSB_SYSCGROUP_NEWMOUNT genifndef(433)
pidfd_open EXILE_SYSCGROUP_PIDFD genifndef(434) pidfd_open QSSB_SYSCGROUP_PIDFD genifndef(434)
clone3 EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(435) clone3 QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(435)
close_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(436) close_range QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(436)
openat2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(437) openat2 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(437)
pidfd_getfd EXILE_SYSCGROUP_PIDFD genifndef(438) pidfd_getfd QSSB_SYSCGROUP_PIDFD genifndef(438)
faccessat2 EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(439) faccessat2 QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(439)
process_madvise EXILE_SYSCGROUP_MEMORY genifndef(440) process_madvise QSSB_SYSCGROUP_MEMORY genifndef(440)
epoll_pwait2 EXILE_SYSCGROUP_STDIO genifndef(441) epoll_pwait2 QSSB_SYSCGROUP_STDIO genifndef(441)
mount_setattr EXILE_SYSCGROUP_NONE genifndef(442) mount_setattr QSSB_SYSCGROUP_NONE genifndef(442)
quotactl_fd EXILE_SYSCGROUP_QUOTA genifndef(443) quotactl_fd QSSB_SYSCGROUP_QUOTA genifndef(443)
landlock_create_ruleset EXILE_SYSCGROUP_LANDLOCK genifndef(444) landlock_create_ruleset QSSB_SYSCGROUP_LANDLOCK genifndef(444)
landlock_add_rule EXILE_SYSCGROUP_LANDLOCK genifndef(445) landlock_add_rule QSSB_SYSCGROUP_LANDLOCK genifndef(445)
landlock_restrict_self EXILE_SYSCGROUP_LANDLOCK genifndef(446) landlock_restrict_self QSSB_SYSCGROUP_LANDLOCK genifndef(446)
memfd_secret EXILE_SYSCGROUP_NONE genifndef(447) memfd_secret QSSB_SYSCGROUP_NONE genifndef(447)
process_mrelease EXILE_SYSCGROUP_NONE genifndef(448) process_mrelease QSSB_SYSCGROUP_NONE genifndef(448)

1740
qssb.h Normal file

File diff suppressed because it is too large Load Diff

80
test.c
View File

@ -1,4 +1,4 @@
#include "exile.h" #include "qssb.h"
#include <stdbool.h> #include <stdbool.h>
#include <sys/types.h> #include <sys/types.h>
#include <dirent.h> #include <dirent.h>
@ -6,12 +6,12 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/wait.h> #include <sys/wait.h>
int xexile_enable_policy(struct exile_policy *policy) int xqssb_enable_policy(struct qssb_policy *policy)
{ {
int ret = exile_enable_policy(policy); int ret = qssb_enable_policy(policy);
if(ret != 0) if(ret != 0)
{ {
fprintf(stderr, "exile_enable_policy() failed: %i\n", ret); fprintf(stderr, "qssb_enable_policy() failed: %i\n", ret);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
return 0; return 0;
@ -19,8 +19,8 @@ int xexile_enable_policy(struct exile_policy *policy)
int test_default_main() int test_default_main()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
return xexile_enable_policy(policy); return xqssb_enable_policy(policy);
} }
static int test_expected_kill(int (*f)()) static int test_expected_kill(int (*f)())
@ -86,11 +86,11 @@ static int test_successful_exit(int (*f)())
static int do_test_seccomp_blacklisted() static int do_test_seccomp_blacklisted()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid)); qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid));
exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW); qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
xexile_enable_policy(policy); xqssb_enable_policy(policy);
uid_t pid = geteuid(); uid_t pid = geteuid();
pid = getuid(); pid = getuid();
@ -106,12 +106,12 @@ int test_seccomp_blacklisted()
static int do_test_seccomp_blacklisted_call_permitted() static int do_test_seccomp_blacklisted_call_permitted()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid)); qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid));
exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW); qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
xexile_enable_policy(policy); xqssb_enable_policy(policy);
//geteuid is not blacklisted, so must succeed //geteuid is not blacklisted, so must succeed
uid_t pid = geteuid(); uid_t pid = geteuid();
return 0; return 0;
@ -125,15 +125,15 @@ int test_seccomp_blacklisted_call_permitted()
static int do_test_seccomp_x32_kill() static int do_test_seccomp_x32_kill()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid)); qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid));
exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW); qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
xexile_enable_policy(policy); xqssb_enable_policy(policy);
/* Attempt to bypass by falling back to x32 should be blocked */ /* Attempt to bypass by falling back to x32 should be blocked */
syscall(EXILE_SYS(getuid)+__X32_SYSCALL_BIT); syscall(QSSB_SYS(getuid)+__X32_SYSCALL_BIT);
return 0; return 0;
} }
@ -146,11 +146,11 @@ int test_seccomp_x32_kill()
/* Tests whether seccomp rules end with a policy matching all syscalls */ /* Tests whether seccomp rules end with a policy matching all syscalls */
int test_seccomp_require_last_matchall() int test_seccomp_require_last_matchall()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid)); qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid));
int status = exile_enable_policy(policy); int status = qssb_enable_policy(policy);
if(status == 0) if(status == 0)
{ {
printf("Failed. Should not have been enabled!"); printf("Failed. Should not have been enabled!");
@ -161,12 +161,12 @@ int test_seccomp_require_last_matchall()
static int do_test_seccomp_errno() static int do_test_seccomp_errno()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_RET_ERROR, EXILE_SYS(close)); qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_RET_ERROR, QSSB_SYS(close));
exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW); qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
xexile_enable_policy(policy); xqssb_enable_policy(policy);
uid_t id = getuid(); uid_t id = getuid();
int fd = close(0); int fd = close(0);
@ -183,12 +183,12 @@ int test_seccomp_errno()
static int test_seccomp_group() static int test_seccomp_group()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_group_syscall_policy(policy, EXILE_SYSCALL_DENY_RET_ERROR, EXILE_SYSCGROUP_SOCKET); qssb_append_group_syscall_policy(policy, QSSB_SYSCALL_DENY_RET_ERROR, QSSB_SYSCGROUP_SOCKET);
exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW); qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
xexile_enable_policy(policy); xqssb_enable_policy(policy);
int s = socket(AF_INET,SOCK_STREAM,0); int s = socket(AF_INET,SOCK_STREAM,0);
if(s != -1) if(s != -1)
@ -202,9 +202,9 @@ static int test_seccomp_group()
#if HAVE_LANDLOCK == 1 #if HAVE_LANDLOCK == 1
int test_landlock() int test_landlock()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_path_policy(policy, EXILE_FS_ALLOW_READ, "/proc/self/fd"); qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ, "/proc/self/fd");
xexile_enable_policy(policy); xqssb_enable_policy(policy);
int fd = open("/", O_RDONLY | O_CLOEXEC); int fd = open("/", O_RDONLY | O_CLOEXEC);
if(fd < 0) if(fd < 0)
@ -216,9 +216,9 @@ int test_landlock()
int test_landlock_deny_write() int test_landlock_deny_write()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
exile_append_path_policy(policy, EXILE_FS_ALLOW_READ, "/tmp/"); qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ, "/tmp/");
xexile_enable_policy(policy); xqssb_enable_policy(policy);
int fd = open("/tmp/a", O_WRONLY | O_CLOEXEC); int fd = open("/tmp/a", O_WRONLY | O_CLOEXEC);
if(fd < 0) if(fd < 0)
@ -241,9 +241,9 @@ int test_landlock_deny_write()
int test_nofs() int test_nofs()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
policy->no_fs = 1; policy->no_fs = 1;
xexile_enable_policy(policy); xqssb_enable_policy(policy);
int s = socket(AF_INET,SOCK_STREAM,0); int s = socket(AF_INET,SOCK_STREAM,0);
if(s == -1) if(s == -1)
@ -265,9 +265,9 @@ int test_nofs()
int test_no_new_fds() int test_no_new_fds()
{ {
struct exile_policy *policy = exile_init_policy(); struct qssb_policy *policy = qssb_init_policy();
policy->no_new_fds = 1; policy->no_new_fds = 1;
xexile_enable_policy(policy); xqssb_enable_policy(policy);
if(open("/tmp/test", O_CREAT | O_WRONLY) >= 0) if(open("/tmp/test", O_CREAT | O_WRONLY) >= 0)
{ {

View File

@ -74,7 +74,7 @@ if [ -z "$LOG_OUTPUT_DIR" ] ; then
LOG_OUTPUT_DIR="./logs/" LOG_OUTPUT_DIR="./logs/"
fi fi
LOG_OUTPUT_DIR_PATH="${LOG_OUTPUT_DIR}/exile_test_${GIT_ID}_${TIMESTAMP}" LOG_OUTPUT_DIR_PATH="${LOG_OUTPUT_DIR}/qssb_test_${GIT_ID}_${TIMESTAMP}"
[ -d "$LOG_OUTPUT_DIR_PATH" ] || mkdir -p "$LOG_OUTPUT_DIR_PATH" [ -d "$LOG_OUTPUT_DIR_PATH" ] || mkdir -p "$LOG_OUTPUT_DIR_PATH"
for test in $( ./test --dumptests ) ; do for test in $( ./test --dumptests ) ; do