crtxcr/exile.h
1
0
Fork 0
Código Incidencias 14 Pull Requests 1 Lanzamientos Wiki Actividad

Allow adding syscalls by group names #18

Nueva incidencia
Cerrada
abierta 2021-09-06 22:35:05 +02:00 por crtxcr · 1 comentario
crtxcr comentado 2021-09-06 22:35:05 +02:00
Propietario
Copiar enlace

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr añadió la etiqueta
enhancement
 2021-09-06 22:35:05 +02:00
crtxcr comentado 2021-09-18 22:55:42 +02:00
Autoría
Propietario
Copiar enlace

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
crtxcr cerró esta incidencia 2021-11-20 19:52:05 +01:00
Inicie sesión para unirse a esta conversación.
Ninguna Rama/Etiqueta especificada
Ramas Etiquetas
Etiquetas
Limpiar etiquetas   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

Sin etiquetas
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Limpiar Milestone
No hay elementos
Sin Milestone
Asignados
Limpiar asignados
No asignados
1 participantes
Notificaciones
Fecha de vencimiento
La fecha de vencimiento es inválida o está fuera de rango. Por favor utilice el formato 'aaaa-mm-dd'.

Sin fecha de vencimiento.

Dependencias

No se han establecido dependencias.

Referencia: crtxcr/exile.h#18
No se ha proporcionado una descripción.
Eliminar rama "%!s() "

Eliminar una rama es permanente. Aunque la rama eliminada puede continuar existiendo durante un corto tiempo antes de que sea eliminada, en la mayoría de los casos NO PUEDE deshacerse. ¿Continuar?