Compare commits

..

2 Commits

Author SHA1 Message Date
1b4c5477a5 rename to exile.h
qssb.h was a preliminary name and can't be pronounced smoothly.

exile.h is more fitting and it's also short. Something exiled is essentially
something isolated, which is pretty much what this library does (isolation from
resources such as file system, network and others accessible by system calls).
2021-11-30 18:19:15 +01:00
756b0fb421 rename qssb.h to exile.h 2021-11-30 17:40:36 +01:00
7 changed files with 2146 additions and 2146 deletions

View File

@ -1,5 +1,5 @@
# qssb.h (quite simple sandbox) # exile.h
`qssb.h` is a simple header-only library that provides an interface to sandbox processes on Linux. Using Seccomp and Linux Namespaces for that purpose requires some knowledge of annoying details which this library aims to abstract away as much as possible, when reasonable. Hence, the goal is to provide a convenient way for processes to restrict themselves in order to mitigate the effect of exploits. Currently, it utilizes technologies like Seccomp, Namespaces and Landlock to this end. `exile.h` is a simple header-only library that provides an interface to isolate processes on Linux. Using Seccomp and Linux Namespaces for that purpose requires some knowledge of annoying details which this library aims to abstract away as much as possible, when reasonable. Hence, the goal is to provide a convenient way for processes to restrict themselves in order to mitigate the effect of exploits. Currently, it utilizes technologies like Seccomp, Namespaces and Landlock to this end.
## Status ## Status
No release yet, expiremental, API is unstable, builds will break on updates of this library. No release yet, expiremental, API is unstable, builds will break on updates of this library.
@ -48,8 +48,8 @@ the library may check against that. Execute
Contributions are very welcome. Options: Contributions are very welcome. Options:
1. Pull-Request on [github](https://github.com/quitesimpleorg/qssb.h) 1. Pull-Request on [github](https://github.com/quitesimpleorg/exile.h)
2. Mail to `qssb at quitesimple.org` with instructions on where to pull the changes from. 2. Mail to `exile at quitesimple.org` with instructions on where to pull the changes from.
3. Mailing a classic patch/diff to the same address. 3. Mailing a classic patch/diff to the same address.

1740
exile.h Normal file

File diff suppressed because it is too large Load Diff

View File

@ -47,7 +47,7 @@ for line in lines:
if genifndef: if genifndef:
ifndef[currentsyscall] = genifndef.groups(1)[0] ifndef[currentsyscall] = genifndef.groups(1)[0]
array_line = "{QSSB_SYS(%s), %s}," % (currentsyscall, '|'.join(currentgroups)) array_line = "{EXILE_SYS(%s), %s}," % (currentsyscall, '|'.join(currentgroups))
print(array_line) print(array_line)
print_ifndefs() print_ifndefs()

View File

@ -1,363 +1,363 @@
# Assign system calls to groups. In the future, may also include simple arg filtering. # Assign system calls to groups. In the future, may also include simple arg filtering.
read QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW read EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
write QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW write EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
open QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS open EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
close QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW close EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
stat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS stat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fstat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
lstat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS lstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
poll QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW poll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
lseek QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW lseek EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
mmap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW mmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
mprotect QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW mprotect EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
munmap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW munmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
brk QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW brk EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
rt_sigaction QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigaction EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
rt_sigprocmask QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigprocmask EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
rt_sigreturn QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigreturn EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
ioctl QSSB_SYSCGROUP_IOCTL,QSSB_SYSCGROUP_DEFAULT_ALLOW ioctl EXILE_SYSCGROUP_IOCTL,EXILE_SYSCGROUP_DEFAULT_ALLOW
pread64 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW pread64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
pwrite64 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW pwrite64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
readv QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW readv EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
writev QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW writev EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
access QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS access EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
pipe QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW pipe EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
select QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW select EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
sched_yield QSSB_SYSCGROUP_SCHED,QSSB_SYSCGROUP_DEFAULT_ALLOW sched_yield EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW
mremap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW mremap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
msync QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW msync EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
mincore QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW mincore EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
madvise QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW madvise EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
shmget QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW shmget EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
shmat QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW shmat EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
shmctl QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW shmctl EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
dup QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW dup EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
dup2 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW dup2 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
pause QSSB_SYSCGROUP_PAUSE,QSSB_SYSCGROUP_DEFAULT_ALLOW pause EXILE_SYSCGROUP_PAUSE,EXILE_SYSCGROUP_DEFAULT_ALLOW
nanosleep QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW nanosleep EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
getitimer QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW getitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
alarm QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW alarm EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
setitimer QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW setitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
getpid QSSB_SYSCGROUP_PROCESS,QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getpid EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
sendfile QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW sendfile EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
socket QSSB_SYSCGROUP_SOCKET socket EXILE_SYSCGROUP_SOCKET
connect QSSB_SYSCGROUP_SOCKET connect EXILE_SYSCGROUP_SOCKET
accept QSSB_SYSCGROUP_SOCKET accept EXILE_SYSCGROUP_SOCKET
sendto QSSB_SYSCGROUP_SOCKET sendto EXILE_SYSCGROUP_SOCKET
recvfrom QSSB_SYSCGROUP_SOCKET recvfrom EXILE_SYSCGROUP_SOCKET
sendmsg QSSB_SYSCGROUP_SOCKET sendmsg EXILE_SYSCGROUP_SOCKET
recvmsg QSSB_SYSCGROUP_SOCKET recvmsg EXILE_SYSCGROUP_SOCKET
shutdown QSSB_SYSCGROUP_SOCKET shutdown EXILE_SYSCGROUP_SOCKET
bind QSSB_SYSCGROUP_SOCKET bind EXILE_SYSCGROUP_SOCKET
listen QSSB_SYSCGROUP_SOCKET listen EXILE_SYSCGROUP_SOCKET
getsockname QSSB_SYSCGROUP_SOCKET getsockname EXILE_SYSCGROUP_SOCKET
getpeername QSSB_SYSCGROUP_SOCKET getpeername EXILE_SYSCGROUP_SOCKET
socketpair QSSB_SYSCGROUP_SOCKET,QSSB_SYSCGROUP_IPC socketpair EXILE_SYSCGROUP_SOCKET,EXILE_SYSCGROUP_IPC
setsockopt QSSB_SYSCGROUP_SOCKET setsockopt EXILE_SYSCGROUP_SOCKET
getsockopt QSSB_SYSCGROUP_SOCKET getsockopt EXILE_SYSCGROUP_SOCKET
clone QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW clone EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
fork QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW fork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
vfork QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW vfork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
execve QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_EXEC execve EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_EXEC
exit QSSB_SYSCGROUP_PROCESS,QSSB_SYSCGROUP_DEFAULT_ALLOW exit EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_DEFAULT_ALLOW
wait4 QSSB_SYSCGROUP_EXEC wait4 EXILE_SYSCGROUP_EXEC
kill QSSB_SYSCGROUP_KILL kill EXILE_SYSCGROUP_KILL
uname QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_DEFAULT_ALLOW uname EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW
semget QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW semget EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
semop QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW semop EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
semctl QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW semctl EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
shmdt QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW shmdt EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
msgget QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW msgget EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
msgsnd QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW msgsnd EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
msgrcv QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW msgrcv EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
msgctl QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW msgctl EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
fcntl QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW fcntl EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
flock QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW flock EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
fsync QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW fsync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
fdatasync QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fdatasync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
truncate QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS truncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
ftruncate QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS ftruncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
getdents QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS getdents EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
getcwd QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS getcwd EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
chdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS chdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fchdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fchdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
rename QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS rename EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
mkdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS mkdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
rmdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS rmdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
creat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS creat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
link QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS link EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
unlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS unlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
symlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS symlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
readlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS readlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
chmod QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS chmod EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fchmod QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fchmod EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
chown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS chown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fchown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
lchown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS lchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
umask QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW umask EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW
gettimeofday QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_DEFAULT_ALLOW gettimeofday EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW
getrlimit QSSB_SYSCGROUP_RES,QSSB_SYSCGROUP_DEFAULT_ALLOW getrlimit EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW
getrusage QSSB_SYSCGROUP_RES,QSSB_SYSCGROUP_DEFAULT_ALLOW getrusage EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW
sysinfo QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_DEFAULT_ALLOW sysinfo EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW
times QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_DEFAULT_ALLOW times EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW
ptrace QSSB_SYSCGROUP_PTRACE,QSSB_SYSCGROUP_DEFAULT_ALLOW ptrace EXILE_SYSCGROUP_PTRACE,EXILE_SYSCGROUP_DEFAULT_ALLOW
getuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
syslog QSSB_SYSCGROUP_SYS syslog EXILE_SYSCGROUP_SYS
getgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
setuid QSSB_SYSCGROUP_ID setuid EXILE_SYSCGROUP_ID
setgid QSSB_SYSCGROUP_ID setgid EXILE_SYSCGROUP_ID
geteuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW geteuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
getegid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getegid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
setpgid QSSB_SYSCGROUP_ID setpgid EXILE_SYSCGROUP_ID
getppid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getppid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
getpgrp QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getpgrp EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
setsid QSSB_SYSCGROUP_ID setsid EXILE_SYSCGROUP_ID
setreuid QSSB_SYSCGROUP_ID setreuid EXILE_SYSCGROUP_ID
setregid QSSB_SYSCGROUP_ID setregid EXILE_SYSCGROUP_ID
getgroups QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getgroups EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
setgroups QSSB_SYSCGROUP_ID setgroups EXILE_SYSCGROUP_ID
setresuid QSSB_SYSCGROUP_ID setresuid EXILE_SYSCGROUP_ID
getresuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getresuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
setresgid QSSB_SYSCGROUP_ID setresgid EXILE_SYSCGROUP_ID
getresgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getresgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
getpgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getpgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
setfsuid QSSB_SYSCGROUP_ID setfsuid EXILE_SYSCGROUP_ID
setfsgid QSSB_SYSCGROUP_ID setfsgid EXILE_SYSCGROUP_ID
getsid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW getsid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
capget QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW capget EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
capset QSSB_SYSCGROUP_ID capset EXILE_SYSCGROUP_ID
rt_sigpending QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigpending EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
rt_sigtimedwait QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigtimedwait EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
rt_sigqueueinfo QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigqueueinfo EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
rt_sigsuspend QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW rt_sigsuspend EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
sigaltstack QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_SIGNAL sigaltstack EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL
utime QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_FS utime EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_FS
mknod QSSB_SYSCGROUP_DEV,QSSB_SYSCGROUP_FS mknod EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_FS
uselib QSSB_SYSCGROUP_LIB,QSSB_SYSCGROUP_DEFAULT_ALLOW uselib EXILE_SYSCGROUP_LIB,EXILE_SYSCGROUP_DEFAULT_ALLOW
personality QSSB_SYSCGROUP_PROCESS personality EXILE_SYSCGROUP_PROCESS
ustat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS ustat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
statfs QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS statfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
fstatfs QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS fstatfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
sysfs QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_FS sysfs EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_FS
getpriority QSSB_SYSCGROUP_SCHED getpriority EXILE_SYSCGROUP_SCHED
setpriority QSSB_SYSCGROUP_SCHED setpriority EXILE_SYSCGROUP_SCHED
sched_setparam QSSB_SYSCGROUP_SCHED sched_setparam EXILE_SYSCGROUP_SCHED
sched_getparam QSSB_SYSCGROUP_SCHED sched_getparam EXILE_SYSCGROUP_SCHED
sched_setscheduler QSSB_SYSCGROUP_SCHED sched_setscheduler EXILE_SYSCGROUP_SCHED
sched_getscheduler QSSB_SYSCGROUP_SCHED sched_getscheduler EXILE_SYSCGROUP_SCHED
sched_get_priority_max QSSB_SYSCGROUP_SCHED sched_get_priority_max EXILE_SYSCGROUP_SCHED
sched_get_priority_min QSSB_SYSCGROUP_SCHED sched_get_priority_min EXILE_SYSCGROUP_SCHED
sched_rr_get_interval QSSB_SYSCGROUP_SCHED sched_rr_get_interval EXILE_SYSCGROUP_SCHED
mlock QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW mlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
munlock QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW munlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
mlockall QSSB_SYSCGROUP_MEMORY mlockall EXILE_SYSCGROUP_MEMORY
munlockall QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW munlockall EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
vhangup QSSB_SYSCGROUP_TTY vhangup EXILE_SYSCGROUP_TTY
modify_ldt QSSB_SYSCGROUP_PROCESS modify_ldt EXILE_SYSCGROUP_PROCESS
pivot_root QSSB_SYSCGROUP_CHROOT pivot_root EXILE_SYSCGROUP_CHROOT
_sysctl QSSB_SYSCGROUP_SYS _sysctl EXILE_SYSCGROUP_SYS
prctl QSSB_SYSCGROUP_PROCESS prctl EXILE_SYSCGROUP_PROCESS
arch_prctl QSSB_SYSCGROUP_PROCESS arch_prctl EXILE_SYSCGROUP_PROCESS
adjtimex QSSB_SYSCGROUP_CLOCK adjtimex EXILE_SYSCGROUP_CLOCK
setrlimit QSSB_SYSCGROUP_RES setrlimit EXILE_SYSCGROUP_RES
chroot QSSB_SYSCGROUP_CHROOT,QSSB_SYSCGROUP_FS chroot EXILE_SYSCGROUP_CHROOT,EXILE_SYSCGROUP_FS
sync QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW sync EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
acct QSSB_SYSCGROUP_PROCESS acct EXILE_SYSCGROUP_PROCESS
settimeofday QSSB_SYSCGROUP_TIME settimeofday EXILE_SYSCGROUP_TIME
mount QSSB_SYSCGROUP_MOUNT,QSSB_SYSCGROUP_FS mount EXILE_SYSCGROUP_MOUNT,EXILE_SYSCGROUP_FS
umount2 QSSB_SYSCGROUP_UMOUNT,QSSB_SYSCGROUP_FS umount2 EXILE_SYSCGROUP_UMOUNT,EXILE_SYSCGROUP_FS
swapon QSSB_SYSCGROUP_SWAP swapon EXILE_SYSCGROUP_SWAP
swapoff QSSB_SYSCGROUP_SWAP swapoff EXILE_SYSCGROUP_SWAP
reboot QSSB_SYSCGROUP_POWER reboot EXILE_SYSCGROUP_POWER
sethostname QSSB_SYSCGROUP_HOST sethostname EXILE_SYSCGROUP_HOST
setdomainname QSSB_SYSCGROUP_HOST setdomainname EXILE_SYSCGROUP_HOST
iopl QSSB_SYSCGROUP_IOPL iopl EXILE_SYSCGROUP_IOPL
ioperm QSSB_SYSCGROUP_IOPL ioperm EXILE_SYSCGROUP_IOPL
create_module QSSB_SYSCGROUP_KMOD create_module EXILE_SYSCGROUP_KMOD
init_module QSSB_SYSCGROUP_KMOD init_module EXILE_SYSCGROUP_KMOD
delete_module QSSB_SYSCGROUP_KMOD delete_module EXILE_SYSCGROUP_KMOD
get_kernel_syms QSSB_SYSCGROUP_KMOD get_kernel_syms EXILE_SYSCGROUP_KMOD
query_module QSSB_SYSCGROUP_KMOD query_module EXILE_SYSCGROUP_KMOD
quotactl QSSB_SYSCGROUP_QUOTA quotactl EXILE_SYSCGROUP_QUOTA
nfsservctl QSSB_SYSCGROUP_NONE nfsservctl EXILE_SYSCGROUP_NONE
getpmsg QSSB_SYSCGROUP_UNIMPLEMENTED getpmsg EXILE_SYSCGROUP_UNIMPLEMENTED
putpmsg QSSB_SYSCGROUP_UNIMPLEMENTED putpmsg EXILE_SYSCGROUP_UNIMPLEMENTED
afs_syscall QSSB_SYSCGROUP_UNIMPLEMENTED afs_syscall EXILE_SYSCGROUP_UNIMPLEMENTED
tuxcall QSSB_SYSCGROUP_UNIMPLEMENTED tuxcall EXILE_SYSCGROUP_UNIMPLEMENTED
security QSSB_SYSCGROUP_UNIMPLEMENTED security EXILE_SYSCGROUP_UNIMPLEMENTED
gettid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_THREAD gettid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_THREAD
readahead QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS readahead EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
setxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS setxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
lsetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS lsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
fsetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS fsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
getxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS getxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
lgetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS lgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fgetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
listxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS listxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
llistxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS llistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
flistxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS flistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
removexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS removexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
lremovexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS lremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
fremovexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS fremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
tkill QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_SIGNAL tkill EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL
time QSSB_SYSCGROUP_TIME time EXILE_SYSCGROUP_TIME
futex QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_FUTEX futex EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_FUTEX
sched_setaffinity QSSB_SYSCGROUP_SCHED sched_setaffinity EXILE_SYSCGROUP_SCHED
sched_getaffinity QSSB_SYSCGROUP_SCHED sched_getaffinity EXILE_SYSCGROUP_SCHED
set_thread_area QSSB_SYSCGROUP_THREAD set_thread_area EXILE_SYSCGROUP_THREAD
io_setup QSSB_SYSCGROUP_IO io_setup EXILE_SYSCGROUP_IO
io_destroy QSSB_SYSCGROUP_IO io_destroy EXILE_SYSCGROUP_IO
io_getevents QSSB_SYSCGROUP_IO io_getevents EXILE_SYSCGROUP_IO
io_submit QSSB_SYSCGROUP_IO io_submit EXILE_SYSCGROUP_IO
io_cancel QSSB_SYSCGROUP_IO io_cancel EXILE_SYSCGROUP_IO
get_thread_area QSSB_SYSCGROUP_THREAD get_thread_area EXILE_SYSCGROUP_THREAD
lookup_dcookie QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FS lookup_dcookie EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS
epoll_create QSSB_SYSCGROUP_STDIO epoll_create EXILE_SYSCGROUP_STDIO
epoll_ctl_old QSSB_SYSCGROUP_STDIO epoll_ctl_old EXILE_SYSCGROUP_STDIO
epoll_wait_old QSSB_SYSCGROUP_STDIO epoll_wait_old EXILE_SYSCGROUP_STDIO
remap_file_pages QSSB_SYSCGROUP_NONE remap_file_pages EXILE_SYSCGROUP_NONE
getdents64 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FS getdents64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS
set_tid_address QSSB_SYSCGROUP_THREAD set_tid_address EXILE_SYSCGROUP_THREAD
restart_syscall QSSB_SYSCGROUP_SYSCALL restart_syscall EXILE_SYSCGROUP_SYSCALL
semtimedop QSSB_SYSCGROUP_SEM semtimedop EXILE_SYSCGROUP_SEM
fadvise64 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FD fadvise64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD
timer_create QSSB_SYSCGROUP_TIMER timer_create EXILE_SYSCGROUP_TIMER
timer_settime QSSB_SYSCGROUP_TIMER timer_settime EXILE_SYSCGROUP_TIMER
timer_gettime QSSB_SYSCGROUP_TIMER timer_gettime EXILE_SYSCGROUP_TIMER
timer_getoverrun QSSB_SYSCGROUP_TIMER timer_getoverrun EXILE_SYSCGROUP_TIMER
timer_delete QSSB_SYSCGROUP_TIMER timer_delete EXILE_SYSCGROUP_TIMER
clock_settime QSSB_SYSCGROUP_TIME clock_settime EXILE_SYSCGROUP_TIME
clock_gettime QSSB_SYSCGROUP_TIME clock_gettime EXILE_SYSCGROUP_TIME
clock_getres QSSB_SYSCGROUP_TIME clock_getres EXILE_SYSCGROUP_TIME
clock_nanosleep QSSB_SYSCGROUP_TIME clock_nanosleep EXILE_SYSCGROUP_TIME
exit_group QSSB_SYSCGROUP_EXIT,QSSB_SYSCGROUP_DEFAULT_ALLOW exit_group EXILE_SYSCGROUP_EXIT,EXILE_SYSCGROUP_DEFAULT_ALLOW
epoll_wait QSSB_SYSCGROUP_FD epoll_wait EXILE_SYSCGROUP_FD
epoll_ctl QSSB_SYSCGROUP_FD epoll_ctl EXILE_SYSCGROUP_FD
tgkill QSSB_SYSCGROUP_SIGNAL,QSSB_SYSCGROUP_THREAD tgkill EXILE_SYSCGROUP_SIGNAL,EXILE_SYSCGROUP_THREAD
utimes QSSB_SYSCGROUP_PATH utimes EXILE_SYSCGROUP_PATH
vserver QSSB_SYSCGROUP_UNIMPLEMENTED vserver EXILE_SYSCGROUP_UNIMPLEMENTED
mbind QSSB_SYSCGROUP_MEMORY mbind EXILE_SYSCGROUP_MEMORY
set_mempolicy QSSB_SYSCGROUP_MEMORY set_mempolicy EXILE_SYSCGROUP_MEMORY
get_mempolicy QSSB_SYSCGROUP_MEMORY get_mempolicy EXILE_SYSCGROUP_MEMORY
mq_open QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC mq_open EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
mq_unlink QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC mq_unlink EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
mq_timedsend QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC mq_timedsend EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
mq_timedreceive QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC mq_timedreceive EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
mq_notify QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC mq_notify EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
mq_getsetattr QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC mq_getsetattr EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
kexec_load QSSB_SYSCGROUP_KEXEC kexec_load EXILE_SYSCGROUP_KEXEC
waitid QSSB_SYSCGROUP_SIGNAL waitid EXILE_SYSCGROUP_SIGNAL
add_key QSSB_SYSCGROUP_KEYS add_key EXILE_SYSCGROUP_KEYS
request_key QSSB_SYSCGROUP_KEYS request_key EXILE_SYSCGROUP_KEYS
keyctl QSSB_SYSCGROUP_KEYS keyctl EXILE_SYSCGROUP_KEYS
ioprio_set QSSB_SYSCGROUP_PRIO ioprio_set EXILE_SYSCGROUP_PRIO
ioprio_get QSSB_SYSCGROUP_PRIO ioprio_get EXILE_SYSCGROUP_PRIO
inotify_init QSSB_SYSCGROUP_INOTIFY inotify_init EXILE_SYSCGROUP_INOTIFY
inotify_add_watch QSSB_SYSCGROUP_INOTIFY inotify_add_watch EXILE_SYSCGROUP_INOTIFY
inotify_rm_watch QSSB_SYSCGROUP_INOTIFY inotify_rm_watch EXILE_SYSCGROUP_INOTIFY
migrate_pages QSSB_SYSCGROUP_PROCESS migrate_pages EXILE_SYSCGROUP_PROCESS
openat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS openat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
mkdirat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS mkdirat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
mknodat QSSB_SYSCGROUP_DEV,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS mknodat EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fchownat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fchownat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
futimesat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS futimesat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
newfstatat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS newfstatat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
unlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS unlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
renameat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS renameat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
linkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS linkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
symlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS symlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
readlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS readlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
fchmodat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS fchmodat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
faccessat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS faccessat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
pselect6 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS pselect6 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
ppoll QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS ppoll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
unshare QSSB_SYSCGROUP_NS,QSSB_SYSCGROUP_FS unshare EXILE_SYSCGROUP_NS,EXILE_SYSCGROUP_FS
set_robust_list QSSB_SYSCGROUP_FUTEX set_robust_list EXILE_SYSCGROUP_FUTEX
get_robust_list QSSB_SYSCGROUP_FUTEX get_robust_list EXILE_SYSCGROUP_FUTEX
splice QSSB_SYSCGROUP_FD splice EXILE_SYSCGROUP_FD
tee QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW tee EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
sync_file_range QSSB_SYSCGROUP_FD sync_file_range EXILE_SYSCGROUP_FD
vmsplice QSSB_SYSCGROUP_FD vmsplice EXILE_SYSCGROUP_FD
move_pages QSSB_SYSCGROUP_PROCESS move_pages EXILE_SYSCGROUP_PROCESS
utimensat QSSB_SYSCGROUP_PATH utimensat EXILE_SYSCGROUP_PATH
epoll_pwait QSSB_SYSCGROUP_STDIO epoll_pwait EXILE_SYSCGROUP_STDIO
signalfd QSSB_SYSCGROUP_SIGNAL signalfd EXILE_SYSCGROUP_SIGNAL
timerfd_create QSSB_SYSCGROUP_TIMER timerfd_create EXILE_SYSCGROUP_TIMER
eventfd QSSB_SYSCGROUP_FD eventfd EXILE_SYSCGROUP_FD
fallocate QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FD fallocate EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD
timerfd_settime QSSB_SYSCGROUP_TIMER timerfd_settime EXILE_SYSCGROUP_TIMER
timerfd_gettime QSSB_SYSCGROUP_TIMER timerfd_gettime EXILE_SYSCGROUP_TIMER
accept4 QSSB_SYSCGROUP_SOCKET accept4 EXILE_SYSCGROUP_SOCKET
signalfd4 QSSB_SYSCGROUP_FD signalfd4 EXILE_SYSCGROUP_FD
eventfd2 QSSB_SYSCGROUP_FD eventfd2 EXILE_SYSCGROUP_FD
epoll_create1 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW epoll_create1 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
dup3 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW dup3 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
pipe2 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW pipe2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
inotify_init1 QSSB_SYSCGROUP_INOTIFY inotify_init1 EXILE_SYSCGROUP_INOTIFY
preadv QSSB_SYSCGROUP_STDIO preadv EXILE_SYSCGROUP_STDIO
pwritev QSSB_SYSCGROUP_STDIO pwritev EXILE_SYSCGROUP_STDIO
rt_tgsigqueueinfo QSSB_SYSCGROUP_RT rt_tgsigqueueinfo EXILE_SYSCGROUP_RT
perf_event_open QSSB_SYSCGROUP_PERF perf_event_open EXILE_SYSCGROUP_PERF
recvmmsg QSSB_SYSCGROUP_SOCKET recvmmsg EXILE_SYSCGROUP_SOCKET
fanotify_init QSSB_SYSCGROUP_FANOTIFY fanotify_init EXILE_SYSCGROUP_FANOTIFY
fanotify_mark QSSB_SYSCGROUP_FANOTIFY fanotify_mark EXILE_SYSCGROUP_FANOTIFY
prlimit64 QSSB_SYSCGROUP_RES prlimit64 EXILE_SYSCGROUP_RES
name_to_handle_at QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS name_to_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
open_by_handle_at QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS open_by_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
clock_adjtime QSSB_SYSCGROUP_CLOCK clock_adjtime EXILE_SYSCGROUP_CLOCK
syncfs QSSB_SYSCGROUP_FD syncfs EXILE_SYSCGROUP_FD
sendmmsg QSSB_SYSCGROUP_SOCKET sendmmsg EXILE_SYSCGROUP_SOCKET
setns QSSB_SYSCGROUP_NS setns EXILE_SYSCGROUP_NS
getcpu QSSB_SYSCGROUP_SCHED getcpu EXILE_SYSCGROUP_SCHED
#maybe IPC, but feels wrong #maybe IPC, but feels wrong
process_vm_readv QSSB_SYSCGROUP_NONE process_vm_readv EXILE_SYSCGROUP_NONE
process_vm_writev QSSB_SYSCGROUP_NONE process_vm_writev EXILE_SYSCGROUP_NONE
kcmp QSSB_SYSCGROUP_NONE kcmp EXILE_SYSCGROUP_NONE
finit_module QSSB_SYSCGROUP_KMOD finit_module EXILE_SYSCGROUP_KMOD
sched_setattr QSSB_SYSCGROUP_SCHED sched_setattr EXILE_SYSCGROUP_SCHED
sched_getattr QSSB_SYSCGROUP_SCHED,QSSB_SYSCGROUP_DEFAULT_ALLOW sched_getattr EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW
renameat2 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW renameat2 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW
seccomp QSSB_SYSCGROUP_NONE seccomp EXILE_SYSCGROUP_NONE
getrandom QSSB_SYSCGROUP_DEFAULT_ALLOW getrandom EXILE_SYSCGROUP_DEFAULT_ALLOW
memfd_create QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW memfd_create EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
kexec_file_load QSSB_SYSCGROUP_KEXEC kexec_file_load EXILE_SYSCGROUP_KEXEC
bpf QSSB_SYSCGROUP_NONE bpf EXILE_SYSCGROUP_NONE
execveat QSSB_SYSCGROUP_EXEC execveat EXILE_SYSCGROUP_EXEC
userfaultfd QSSB_SYSCGROUP_NONE userfaultfd EXILE_SYSCGROUP_NONE
membarrier QSSB_SYSCGROUP_NONE membarrier EXILE_SYSCGROUP_NONE
mlock2 QSSB_SYSCGROUP_MEMORY mlock2 EXILE_SYSCGROUP_MEMORY
copy_file_range QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW copy_file_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
preadv2 QSSB_SYSCGROUP_STDIO preadv2 EXILE_SYSCGROUP_STDIO
pwritev2 QSSB_SYSCGROUP_STDIO pwritev2 EXILE_SYSCGROUP_STDIO
#Those are newer than 5.10, wrap them in ifndef so we can compile on old systems #Those are newer than 5.10, wrap them in ifndef so we can compile on old systems
pkey_mprotect QSSB_SYSCGROUP_PKEY genifndef(329) pkey_mprotect EXILE_SYSCGROUP_PKEY genifndef(329)
pkey_alloc QSSB_SYSCGROUP_PKEY genifndef(330) pkey_alloc EXILE_SYSCGROUP_PKEY genifndef(330)
pkey_free QSSB_SYSCGROUP_PKEY genifndef(331) pkey_free EXILE_SYSCGROUP_PKEY genifndef(331)
statx QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(332) statx EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(332)
io_pgetevents QSSB_SYSCGROUP_NONE genifndef(333) io_pgetevents EXILE_SYSCGROUP_NONE genifndef(333)
rseq QSSB_SYSCGROUP_THREAD genifndef(334) rseq EXILE_SYSCGROUP_THREAD genifndef(334)
pidfd_send_signal QSSB_SYSCGROUP_PIDFD genifndef(424) pidfd_send_signal EXILE_SYSCGROUP_PIDFD genifndef(424)
io_uring_setup QSSB_SYSCGROUP_IOURING genifndef(425) io_uring_setup EXILE_SYSCGROUP_IOURING genifndef(425)
io_uring_enter QSSB_SYSCGROUP_IOURING genifndef(426) io_uring_enter EXILE_SYSCGROUP_IOURING genifndef(426)
io_uring_register QSSB_SYSCGROUP_IOURING genifndef(427) io_uring_register EXILE_SYSCGROUP_IOURING genifndef(427)
open_tree QSSB_SYSCGROUP_NEWMOUNT genifndef(428) open_tree EXILE_SYSCGROUP_NEWMOUNT genifndef(428)
move_mount QSSB_SYSCGROUP_NEWMOUNT genifndef(429) move_mount EXILE_SYSCGROUP_NEWMOUNT genifndef(429)
fsopen QSSB_SYSCGROUP_NEWMOUNT genifndef(430) fsopen EXILE_SYSCGROUP_NEWMOUNT genifndef(430)
fsconfig QSSB_SYSCGROUP_NEWMOUNT genifndef(431) fsconfig EXILE_SYSCGROUP_NEWMOUNT genifndef(431)
fsmount QSSB_SYSCGROUP_NEWMOUNT genifndef(432) fsmount EXILE_SYSCGROUP_NEWMOUNT genifndef(432)
fspick QSSB_SYSCGROUP_NEWMOUNT genifndef(433) fspick EXILE_SYSCGROUP_NEWMOUNT genifndef(433)
pidfd_open QSSB_SYSCGROUP_PIDFD genifndef(434) pidfd_open EXILE_SYSCGROUP_PIDFD genifndef(434)
clone3 QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(435) clone3 EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(435)
close_range QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(436) close_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(436)
openat2 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(437) openat2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(437)
pidfd_getfd QSSB_SYSCGROUP_PIDFD genifndef(438) pidfd_getfd EXILE_SYSCGROUP_PIDFD genifndef(438)
faccessat2 QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(439) faccessat2 EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(439)
process_madvise QSSB_SYSCGROUP_MEMORY genifndef(440) process_madvise EXILE_SYSCGROUP_MEMORY genifndef(440)
epoll_pwait2 QSSB_SYSCGROUP_STDIO genifndef(441) epoll_pwait2 EXILE_SYSCGROUP_STDIO genifndef(441)
mount_setattr QSSB_SYSCGROUP_NONE genifndef(442) mount_setattr EXILE_SYSCGROUP_NONE genifndef(442)
quotactl_fd QSSB_SYSCGROUP_QUOTA genifndef(443) quotactl_fd EXILE_SYSCGROUP_QUOTA genifndef(443)
landlock_create_ruleset QSSB_SYSCGROUP_LANDLOCK genifndef(444) landlock_create_ruleset EXILE_SYSCGROUP_LANDLOCK genifndef(444)
landlock_add_rule QSSB_SYSCGROUP_LANDLOCK genifndef(445) landlock_add_rule EXILE_SYSCGROUP_LANDLOCK genifndef(445)
landlock_restrict_self QSSB_SYSCGROUP_LANDLOCK genifndef(446) landlock_restrict_self EXILE_SYSCGROUP_LANDLOCK genifndef(446)
memfd_secret QSSB_SYSCGROUP_NONE genifndef(447) memfd_secret EXILE_SYSCGROUP_NONE genifndef(447)
process_mrelease QSSB_SYSCGROUP_NONE genifndef(448) process_mrelease EXILE_SYSCGROUP_NONE genifndef(448)

1740
qssb.h

File diff suppressed because it is too large Load Diff

80
test.c
View File

@ -1,4 +1,4 @@
#include "qssb.h" #include "exile.h"
#include <stdbool.h> #include <stdbool.h>
#include <sys/types.h> #include <sys/types.h>
#include <dirent.h> #include <dirent.h>
@ -6,12 +6,12 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/wait.h> #include <sys/wait.h>
int xqssb_enable_policy(struct qssb_policy *policy) int xexile_enable_policy(struct exile_policy *policy)
{ {
int ret = qssb_enable_policy(policy); int ret = exile_enable_policy(policy);
if(ret != 0) if(ret != 0)
{ {
fprintf(stderr, "qssb_enable_policy() failed: %i\n", ret); fprintf(stderr, "exile_enable_policy() failed: %i\n", ret);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
return 0; return 0;
@ -19,8 +19,8 @@ int xqssb_enable_policy(struct qssb_policy *policy)
int test_default_main() int test_default_main()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
return xqssb_enable_policy(policy); return xexile_enable_policy(policy);
} }
static int test_expected_kill(int (*f)()) static int test_expected_kill(int (*f)())
@ -86,11 +86,11 @@ static int test_successful_exit(int (*f)())
static int do_test_seccomp_blacklisted() static int do_test_seccomp_blacklisted()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid)); exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid));
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW); exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW);
xqssb_enable_policy(policy); xexile_enable_policy(policy);
uid_t pid = geteuid(); uid_t pid = geteuid();
pid = getuid(); pid = getuid();
@ -106,12 +106,12 @@ int test_seccomp_blacklisted()
static int do_test_seccomp_blacklisted_call_permitted() static int do_test_seccomp_blacklisted_call_permitted()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid)); exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid));
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW); exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW);
xqssb_enable_policy(policy); xexile_enable_policy(policy);
//geteuid is not blacklisted, so must succeed //geteuid is not blacklisted, so must succeed
uid_t pid = geteuid(); uid_t pid = geteuid();
return 0; return 0;
@ -125,15 +125,15 @@ int test_seccomp_blacklisted_call_permitted()
static int do_test_seccomp_x32_kill() static int do_test_seccomp_x32_kill()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid)); exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid));
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW); exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW);
xqssb_enable_policy(policy); xexile_enable_policy(policy);
/* Attempt to bypass by falling back to x32 should be blocked */ /* Attempt to bypass by falling back to x32 should be blocked */
syscall(QSSB_SYS(getuid)+__X32_SYSCALL_BIT); syscall(EXILE_SYS(getuid)+__X32_SYSCALL_BIT);
return 0; return 0;
} }
@ -146,11 +146,11 @@ int test_seccomp_x32_kill()
/* Tests whether seccomp rules end with a policy matching all syscalls */ /* Tests whether seccomp rules end with a policy matching all syscalls */
int test_seccomp_require_last_matchall() int test_seccomp_require_last_matchall()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, QSSB_SYS(getuid)); exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_KILL_PROCESS, EXILE_SYS(getuid));
int status = qssb_enable_policy(policy); int status = exile_enable_policy(policy);
if(status == 0) if(status == 0)
{ {
printf("Failed. Should not have been enabled!"); printf("Failed. Should not have been enabled!");
@ -161,12 +161,12 @@ int test_seccomp_require_last_matchall()
static int do_test_seccomp_errno() static int do_test_seccomp_errno()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_RET_ERROR, QSSB_SYS(close)); exile_append_syscall_policy(policy, EXILE_SYSCALL_DENY_RET_ERROR, EXILE_SYS(close));
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW); exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW);
xqssb_enable_policy(policy); xexile_enable_policy(policy);
uid_t id = getuid(); uid_t id = getuid();
int fd = close(0); int fd = close(0);
@ -183,12 +183,12 @@ int test_seccomp_errno()
static int test_seccomp_group() static int test_seccomp_group()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_group_syscall_policy(policy, QSSB_SYSCALL_DENY_RET_ERROR, QSSB_SYSCGROUP_SOCKET); exile_append_group_syscall_policy(policy, EXILE_SYSCALL_DENY_RET_ERROR, EXILE_SYSCGROUP_SOCKET);
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW); exile_append_syscall_default_policy(policy, EXILE_SYSCALL_ALLOW);
xqssb_enable_policy(policy); xexile_enable_policy(policy);
int s = socket(AF_INET,SOCK_STREAM,0); int s = socket(AF_INET,SOCK_STREAM,0);
if(s != -1) if(s != -1)
@ -202,9 +202,9 @@ static int test_seccomp_group()
#if HAVE_LANDLOCK == 1 #if HAVE_LANDLOCK == 1
int test_landlock() int test_landlock()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ, "/proc/self/fd"); exile_append_path_policy(policy, EXILE_FS_ALLOW_READ, "/proc/self/fd");
xqssb_enable_policy(policy); xexile_enable_policy(policy);
int fd = open("/", O_RDONLY | O_CLOEXEC); int fd = open("/", O_RDONLY | O_CLOEXEC);
if(fd < 0) if(fd < 0)
@ -216,9 +216,9 @@ int test_landlock()
int test_landlock_deny_write() int test_landlock_deny_write()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ, "/tmp/"); exile_append_path_policy(policy, EXILE_FS_ALLOW_READ, "/tmp/");
xqssb_enable_policy(policy); xexile_enable_policy(policy);
int fd = open("/tmp/a", O_WRONLY | O_CLOEXEC); int fd = open("/tmp/a", O_WRONLY | O_CLOEXEC);
if(fd < 0) if(fd < 0)
@ -241,9 +241,9 @@ int test_landlock_deny_write()
int test_nofs() int test_nofs()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
policy->no_fs = 1; policy->no_fs = 1;
xqssb_enable_policy(policy); xexile_enable_policy(policy);
int s = socket(AF_INET,SOCK_STREAM,0); int s = socket(AF_INET,SOCK_STREAM,0);
if(s == -1) if(s == -1)
@ -265,9 +265,9 @@ int test_nofs()
int test_no_new_fds() int test_no_new_fds()
{ {
struct qssb_policy *policy = qssb_init_policy(); struct exile_policy *policy = exile_init_policy();
policy->no_new_fds = 1; policy->no_new_fds = 1;
xqssb_enable_policy(policy); xexile_enable_policy(policy);
if(open("/tmp/test", O_CREAT | O_WRONLY) >= 0) if(open("/tmp/test", O_CREAT | O_WRONLY) >= 0)
{ {

View File

@ -74,7 +74,7 @@ if [ -z "$LOG_OUTPUT_DIR" ] ; then
LOG_OUTPUT_DIR="./logs/" LOG_OUTPUT_DIR="./logs/"
fi fi
LOG_OUTPUT_DIR_PATH="${LOG_OUTPUT_DIR}/qssb_test_${GIT_ID}_${TIMESTAMP}" LOG_OUTPUT_DIR_PATH="${LOG_OUTPUT_DIR}/exile_test_${GIT_ID}_${TIMESTAMP}"
[ -d "$LOG_OUTPUT_DIR_PATH" ] || mkdir -p "$LOG_OUTPUT_DIR_PATH" [ -d "$LOG_OUTPUT_DIR_PATH" ] || mkdir -p "$LOG_OUTPUT_DIR_PATH"
for test in $( ./test --dumptests ) ; do for test in $( ./test --dumptests ) ; do