crtxcr/exile.h
1
0
Fork 0
Código Incidencias 14 Pull Requests 1 Lanzamientos Wiki Actividad

Allow adding syscalls by group names #18

Nueva incidencia
Cerrada
abierta 2021-09-06 22:35:05 +02:00 por crtxcr · 1 comentario
crtxcr comentado 2021-09-06 22:35:05 +02:00
Propietario
Copiar enlace

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr añadió la etiqueta
enhancement
 2021-09-06 22:35:05 +02:00
crtxcr comentado 2021-09-18 22:55:42 +02:00
Autoría
Propietario
Copiar enlace

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
crtxcr cerró esta incidencia 2021-11-20 19:52:05 +01:00
Inicie sesión para unirse a esta conversación.
Ninguna Rama/Etiqueta especificada
Ramas Etiquetas
Etiquetas
Limpiar etiquetas
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
wontfix
This won't be fixed
Sin etiquetas
enhancement
Milestone
No hay elementos
Sin Milestone
Asignados
Limpiar asignados
crtxcr
No asignados
1 participantes
Notificaciones
Fecha de vencimiento
Sin fecha de vencimiento.
Dependencias

No se han establecido dependencias.

Referencia: crtxcr/exile.h#18
No se ha proporcionado una descripción.
Eliminar rama "%!s() "

Eliminar una rama es permanente. Aunque la rama eliminada puede continuar existiendo durante un corto tiempo antes de que sea eliminada, en la mayoría de los casos NO PUEDE deshacerse. ¿Continuar?